1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-12-27 00:48:13 +00:00

Merge pull request #2739 from thatux/pdf-edit-25400

Added attack mode 25400
This commit is contained in:
Jens Steube 2021-04-10 10:51:39 +02:00 committed by GitHub
commit 97cce89bb8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 1255 additions and 0 deletions

444
OpenCL/m25400-pure.cl Normal file
View File

@ -0,0 +1,444 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
// TODO use user password as input for md5 of o_digest if no owner password is set
// TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value
#ifdef KERNEL_STATIC
#include "inc_vendor.h"
#include "inc_types.h"
#include "inc_platform.cl"
#include "inc_common.cl"
#include "inc_hash_md5.cl"
#endif
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
CONSTANT_VK u32a padding[8] =
{
0x5e4ebf28,
0x418a754e,
0x564e0064,
0x0801faff,
0xb6002e2e,
0x803e68d0,
0xfea90c2f,
0x7a695364
};
typedef struct pdf
{
int V;
int R;
int P;
int enc_md;
u32 id_buf[8];
u32 u_buf[32];
u32 o_buf[32];
int id_len;
int o_len;
int u_len;
u32 rc4key[2];
u32 rc4data[2];
} pdf_t;
typedef struct pdf14_tmp
{
u32 digest[4];
u32 out[4];
} pdf14_tmp_t;
typedef struct
{
u8 S[256];
u32 wtf_its_faster;
} RC4_KEY;
DECLSPEC void swap (LOCAL_AS RC4_KEY *rc4_key, const u8 i, const u8 j)
{
u8 tmp;
tmp = rc4_key->S[i];
rc4_key->S[i] = rc4_key->S[j];
rc4_key->S[j] = tmp;
}
DECLSPEC void rc4_init_16 (LOCAL_AS RC4_KEY *rc4_key, const u32 *data)
{
u32 v = 0x03020100;
u32 a = 0x04040404;
LOCAL_AS u32 *ptr = (LOCAL_AS u32 *) rc4_key->S;
#ifdef _unroll
#pragma unroll
#endif
for (u32 i = 0; i < 64; i++)
{
*ptr++ = v; v += a;
}
u32 j = 0;
#ifdef _unroll
#pragma unroll
#endif
for (u32 i = 0; i < 16; i++)
{
u32 idx = i * 16;
u32 v;
v = data[0];
j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++;
v = data[1];
j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++;
v = data[2];
j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++;
v = data[3];
j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++;
j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++;
}
}
DECLSPEC u8 rc4_next_16 (LOCAL_AS RC4_KEY *rc4_key, u8 i, u8 j, const u32 *in, u32 *out)
{
#ifdef _unroll
#pragma unroll
#endif
for (u32 k = 0; k < 4; k++)
{
u32 xor4 = 0;
u8 idx;
i += 1;
j += rc4_key->S[i];
swap (rc4_key, i, j);
idx = rc4_key->S[i] + rc4_key->S[j];
xor4 |= rc4_key->S[idx] << 0;
i += 1;
j += rc4_key->S[i];
swap (rc4_key, i, j);
idx = rc4_key->S[i] + rc4_key->S[j];
xor4 |= rc4_key->S[idx] << 8;
i += 1;
j += rc4_key->S[i];
swap (rc4_key, i, j);
idx = rc4_key->S[i] + rc4_key->S[j];
xor4 |= rc4_key->S[idx] << 16;
i += 1;
j += rc4_key->S[i];
swap (rc4_key, i, j);
idx = rc4_key->S[i] + rc4_key->S[j];
xor4 |= rc4_key->S[idx] << 24;
out[k] = in[k] ^ xor4;
}
return j;
}
KERNEL_FQ void m25400_init (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t))
{
/**
* base
*/
const u64 gid = get_global_id (0);
//const u64 lid = get_local_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
const u32 pw_len = pws[gid].pw_len;
/**
* shared
*/
//LOCAL_AS RC4_KEY rc4_keys[64];
//LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid];
u32 P = esalt_bufs[DIGESTS_OFFSET].P;
u32 id_buf[12];
id_buf[ 0] = esalt_bufs[DIGESTS_OFFSET].id_buf[0];
id_buf[ 1] = esalt_bufs[DIGESTS_OFFSET].id_buf[1];
id_buf[ 2] = esalt_bufs[DIGESTS_OFFSET].id_buf[2];
id_buf[ 3] = esalt_bufs[DIGESTS_OFFSET].id_buf[3];
id_buf[ 4] = esalt_bufs[DIGESTS_OFFSET].id_buf[4];
id_buf[ 5] = esalt_bufs[DIGESTS_OFFSET].id_buf[5];
id_buf[ 6] = esalt_bufs[DIGESTS_OFFSET].id_buf[6];
id_buf[ 7] = esalt_bufs[DIGESTS_OFFSET].id_buf[7];
id_buf[ 8] = 0;
id_buf[ 9] = 0;
id_buf[10] = 0;
id_buf[11] = 0;
u32 rc4data[2];
rc4data[0] = padding[0];
rc4data[1] = padding[1];
/**
* main init
*/
u32 w0_t[4];
u32 w1_t[4];
u32 w2_t[4];
u32 w3_t[4];
// max length supported by pdf11 is 32
w0_t[0] = padding[0];
w0_t[1] = padding[1];
w0_t[2] = padding[2];
w0_t[3] = padding[3];
w1_t[0] = padding[4];
w1_t[1] = padding[5];
w1_t[2] = padding[6];
w1_t[3] = padding[7];
w2_t[0] = 0;
w2_t[1] = 0;
w2_t[2] = 0;
w2_t[3] = 0;
w3_t[0] = 0;
w3_t[1] = 0;
w3_t[2] = 0;
w3_t[3] = 0;
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, pw_len);
// add password
// truncate at 32 is wanted, not a bug!
// add padding
w0_t[0] |= w0[0];
w0_t[1] |= w0[1];
w0_t[2] |= w0[2];
w0_t[3] |= w0[3];
w1_t[0] |= w1[0];
w1_t[1] |= w1[1];
w1_t[2] |= w1[2];
w1_t[3] |= w1[3];
w2_t[0] = 0x80;
w2_t[1] = 0;
w2_t[2] = 0;
w2_t[3] = 0;
w3_t[0] = 0;
w3_t[1] = 0;
w3_t[2] = 32 * 8;
w3_t[3] = 0;
u32 digest[4];
digest[0] = MD5M_A;
digest[1] = MD5M_B;
digest[2] = MD5M_C;
digest[3] = MD5M_D;
md5_transform (w0_t, w1_t, w2_t, w3_t, digest);
tmps[gid].digest[0] = digest[0];
tmps[gid].digest[1] = digest[1];
tmps[gid].digest[2] = digest[2];
tmps[gid].digest[3] = digest[3];
tmps[gid].out[0] = rc4data[0];
tmps[gid].out[1] = rc4data[1];
tmps[gid].out[2] = 0;
tmps[gid].out[3] = 0;
}
KERNEL_FQ void m25400_loop (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t))
{
/**
* base
*/
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
if (gid >= gid_max) return;
/**
* shared
*/
LOCAL_VK RC4_KEY rc4_keys[64];
LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid];
/**
* loop
*/
u32 digest[4];
digest[0] = tmps[gid].digest[0];
digest[1] = tmps[gid].digest[1];
digest[2] = tmps[gid].digest[2];
digest[3] = tmps[gid].digest[3];
u32 out[4];
out[0] = tmps[gid].out[0];
out[1] = tmps[gid].out[1];
out[2] = tmps[gid].out[2];
out[3] = tmps[gid].out[3];
for (u32 i = 0, j = loop_pos; i < loop_cnt; i++, j++)
{
if (j < 50)
{
u32 w0_t[4];
u32 w1_t[4];
u32 w2_t[4];
u32 w3_t[4];
w0_t[0] = digest[0];
w0_t[1] = digest[1];
w0_t[2] = digest[2];
w0_t[3] = digest[3];
w1_t[0] = 0x80;
w1_t[1] = 0;
w1_t[2] = 0;
w1_t[3] = 0;
w2_t[0] = 0;
w2_t[1] = 0;
w2_t[2] = 0;
w2_t[3] = 0;
w3_t[0] = 0;
w3_t[1] = 0;
w3_t[2] = 16 * 8;
w3_t[3] = 0;
digest[0] = MD5M_A;
digest[1] = MD5M_B;
digest[2] = MD5M_C;
digest[3] = MD5M_D;
md5_transform (w0_t, w1_t, w2_t, w3_t, digest);
}
else
{
const u32 x = j - 50;
const u32 xv = x << 0
| x << 8
| x << 16
| x << 24;
u32 tmp[4];
tmp[0] = digest[0] ^ xv;
tmp[1] = digest[1] ^ xv;
tmp[2] = digest[2] ^ xv;
tmp[3] = digest[3] ^ xv;
rc4_init_16 (rc4_key, tmp);
rc4_next_16 (rc4_key, 0, 0, out, out);
}
}
tmps[gid].digest[0] = digest[0];
tmps[gid].digest[1] = digest[1];
tmps[gid].digest[2] = digest[2];
tmps[gid].digest[3] = digest[3];
tmps[gid].out[0] = out[0];
tmps[gid].out[1] = out[1];
tmps[gid].out[2] = out[2];
tmps[gid].out[3] = out[3];
}
KERNEL_FQ void m25400_comp (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t))
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
const u64 lid = get_local_id (0);
/**
* digest
*/
const u32 r0 = tmps[gid].out[0];
const u32 r1 = tmps[gid].out[1];
const u32 r2 = 0;
const u32 r3 = 0;
#define il_pos 0
#ifdef KERNEL_STATIC
#include COMPARE_M
#endif
}

534
src/modules/module_25400.c Normal file
View File

@ -0,0 +1,534 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
// TODO use user password as input for md5 of o_digest if no owner password is set
// TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value
#include "common.h"
#include "types.h"
#include "modules.h"
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "emu_inc_hash_md5.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 1;
static const u32 DGST_POS2 = 2;
static const u32 DGST_POS3 = 3;
static const u32 DGST_SIZE = DGST_SIZE_4_4;
static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS;
static const char *HASH_NAME = "PDF 1.4 - 1.6 (Acrobat 5 - 8) - edit password";
static const u64 KERN_TYPE = 25400;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_NOT_ITERATED;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$pdf$2*3*128*-3904*1*16*631ed33746e50fba5caf56bcc39e09c6*32*5f9d0e4f0b39835dace0d306c40cd6b700000000000000000000000000000000*32*842103b0a0dc886db9223b94afe2d7cd63389079b61986a4fcf70095ad630c24";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
typedef struct pdf
{
int V;
int R;
int P;
int enc_md;
u32 id_buf[8];
u32 u_buf[32];
u32 o_buf[32];
int id_len;
int o_len;
int u_len;
u32 rc4key[2];
u32 rc4data[2];
} pdf_t;
typedef struct pdf14_tmp
{
u32 digest[4];
u32 out[4];
} pdf14_tmp_t;
static const char *SIGNATURE_PDF = "$pdf$";
static void md5_complete_no_limit (u32 digest[4], const u32 *plain, const u32 plain_len)
{
// plain = u32 tmp_md5_buf[64] so this is compatible
md5_ctx_t md5_ctx;
md5_init (&md5_ctx);
md5_update (&md5_ctx, plain, plain_len);
md5_final (&md5_ctx);
digest[0] = md5_ctx.h[0];
digest[1] = md5_ctx.h[1];
digest[2] = md5_ctx.h[2];
digest[3] = md5_ctx.h[3];
}
char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param)
{
char *jit_build_options = NULL;
// Extra treatment for Apple systems
if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE)
{
return jit_build_options;
}
// Intel CPU
if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU))
{
hc_asprintf (&jit_build_options, "-D _unroll");
}
// ROCM
if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true))
{
hc_asprintf (&jit_build_options, "-D _unroll");
}
return jit_build_options;
}
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (pdf_t);
return esalt_size;
}
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 tmp_size = (const u64) sizeof (pdf14_tmp_t);
return tmp_size;
}
u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 kernel_threads_min = 64; // RC4
return kernel_threads_min;
}
u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 kernel_threads_max = 64; // RC4
return kernel_threads_max;
}
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_max = 32; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/
return pw_max;
}
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
{
u32 *digest = (u32 *) digest_buf;
pdf_t *pdf = (pdf_t *) esalt_buf;
token_t token;
token.token_cnt = 12;
token.signatures_cnt = 1;
token.signatures_buf[0] = SIGNATURE_PDF;
token.len[0] = 5;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
token.len_min[1] = 1;
token.len_max[1] = 1;
token.sep[1] = '*';
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.len_min[2] = 1;
token.len_max[2] = 1;
token.sep[2] = '*';
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.len_min[3] = 3;
token.len_max[3] = 3;
token.sep[3] = '*';
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.len_min[4] = 1;
token.len_max[4] = 6;
token.sep[4] = '*';
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH;
token.len_min[5] = 1;
token.len_max[5] = 1;
token.sep[5] = '*';
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.len_min[6] = 2;
token.len_max[6] = 2;
token.sep[6] = '*';
token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.len_min[7] = 32;
token.len_max[7] = 64;
token.sep[7] = '*';
token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.len_min[8] = 2;
token.len_max[8] = 2;
token.sep[8] = '*';
token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.len_min[9] = 64;
token.len_max[9] = 64;
token.sep[9] = '*';
token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.len_min[10] = 2;
token.len_max[10] = 2;
token.sep[10] = '*';
token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.len_min[11] = 64;
token.len_max[11] = 64;
token.sep[11] = '*';
token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
const u8 *V_pos = token.buf[1];
const u8 *R_pos = token.buf[2];
const u8 *bits_pos = token.buf[3];
const u8 *P_pos = token.buf[4];
const u8 *enc_md_pos = token.buf[5];
const u8 *id_len_pos = token.buf[6];
const u8 *id_buf_pos = token.buf[7];
const u8 *u_len_pos = token.buf[8];
const u8 *u_buf_pos = token.buf[9]; // user hash
const u8 *o_len_pos = token.buf[10];
const u8 *o_buf_pos = token.buf[11]; // owner hash
// validate data
const int V = strtol ((const char *) V_pos, NULL, 10);
const int R = strtol ((const char *) R_pos, NULL, 10);
const int P = strtol ((const char *) P_pos, NULL, 10);
int vr_ok = 0;
if ((V == 2) && (R == 3)) vr_ok = 1;
if ((V == 4) && (R == 4)) vr_ok = 1;
if (vr_ok == 0) return (PARSER_SALT_VALUE);
const int id_len = strtol ((const char *) id_len_pos, NULL, 10);
const int u_len = strtol ((const char *) u_len_pos, NULL, 10);
const int o_len = strtol ((const char *) o_len_pos, NULL, 10);
if ((id_len != 16) && (id_len != 32)) return (PARSER_SALT_VALUE);
if (u_len != 32) return (PARSER_SALT_VALUE);
if (o_len != 32) return (PARSER_SALT_VALUE);
const int bits = strtol ((const char *) bits_pos, NULL, 10);
if (bits != 128) return (PARSER_SALT_VALUE);
int enc_md = 1;
if (R >= 4)
{
enc_md = strtol ((const char *) enc_md_pos, NULL, 10);
}
// copy data to esalt
pdf->V = V;
pdf->R = R;
pdf->P = P;
pdf->enc_md = enc_md;
pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0);
pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8);
pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16);
pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24);
if (id_len == 32)
{
pdf->id_buf[4] = hex_to_u32 (id_buf_pos + 32);
pdf->id_buf[5] = hex_to_u32 (id_buf_pos + 40);
pdf->id_buf[6] = hex_to_u32 (id_buf_pos + 48);
pdf->id_buf[7] = hex_to_u32 (id_buf_pos + 56);
}
pdf->id_len = id_len;
pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0);
pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8);
pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16);
pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24);
pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32);
pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40);
pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48);
pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56);
pdf->u_len = u_len;
pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0);
pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8);
pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16);
pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24);
pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32);
pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40);
pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48);
pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56);
pdf->o_len = o_len;
// precompute rc4 data for later use
u32 padding[8] =
{
0x5e4ebf28,
0x418a754e,
0x564e0064,
0x0801faff,
0xb6002e2e,
0x803e68d0,
0xfea90c2f,
0x7a695364
};
// md5
u32 salt_pc_block[32] = { 0 };
u8 *salt_pc_ptr = (u8 *) salt_pc_block;
memcpy (salt_pc_ptr, padding, 32);
memcpy (salt_pc_ptr + 32, pdf->id_buf, pdf->id_len);
u32 salt_pc_digest[4] = { 0 };
md5_complete_no_limit (salt_pc_digest, salt_pc_block, 32 + pdf->id_len);
pdf->rc4data[0] = salt_pc_digest[0];
pdf->rc4data[1] = salt_pc_digest[1];
// we use ID for salt, maybe needs to change, we will see...
salt->salt_buf[0] = pdf->id_buf[0];
salt->salt_buf[1] = pdf->id_buf[1];
salt->salt_buf[2] = pdf->id_buf[2];
salt->salt_buf[3] = pdf->id_buf[3];
salt->salt_buf[4] = pdf->o_buf[0]; // switched u_buf with o_buf vs m10500
salt->salt_buf[5] = pdf->o_buf[1];
salt->salt_buf[6] = pdf->u_buf[0];
salt->salt_buf[7] = pdf->u_buf[1];
salt->salt_len = pdf->id_len + 16;
salt->salt_iter = (50 + 20);
digest[0] = pdf->o_buf[0]; // o_buf instead of u_buf vs m10500
digest[1] = pdf->o_buf[1];
digest[2] = 0;
digest[3] = 0;
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
const pdf_t *pdf = (const pdf_t *) esalt_buf;
int line_len = 0;
if (pdf->id_len == 32)
{
line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x",
pdf->V,
pdf->R,
128,
pdf->P,
pdf->enc_md,
pdf->id_len,
byte_swap_32 (pdf->id_buf[0]),
byte_swap_32 (pdf->id_buf[1]),
byte_swap_32 (pdf->id_buf[2]),
byte_swap_32 (pdf->id_buf[3]),
byte_swap_32 (pdf->id_buf[4]),
byte_swap_32 (pdf->id_buf[5]),
byte_swap_32 (pdf->id_buf[6]),
byte_swap_32 (pdf->id_buf[7]),
pdf->u_len,
byte_swap_32 (pdf->u_buf[0]),
byte_swap_32 (pdf->u_buf[1]),
byte_swap_32 (pdf->u_buf[2]),
byte_swap_32 (pdf->u_buf[3]),
byte_swap_32 (pdf->u_buf[4]),
byte_swap_32 (pdf->u_buf[5]),
byte_swap_32 (pdf->u_buf[6]),
byte_swap_32 (pdf->u_buf[7]),
pdf->o_len,
byte_swap_32 (pdf->o_buf[0]),
byte_swap_32 (pdf->o_buf[1]),
byte_swap_32 (pdf->o_buf[2]),
byte_swap_32 (pdf->o_buf[3]),
byte_swap_32 (pdf->o_buf[4]),
byte_swap_32 (pdf->o_buf[5]),
byte_swap_32 (pdf->o_buf[6]),
byte_swap_32 (pdf->o_buf[7])
);
}
else
{
line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x",
pdf->V,
pdf->R,
128,
pdf->P,
pdf->enc_md,
pdf->id_len,
byte_swap_32 (pdf->id_buf[0]),
byte_swap_32 (pdf->id_buf[1]),
byte_swap_32 (pdf->id_buf[2]),
byte_swap_32 (pdf->id_buf[3]),
pdf->u_len,
byte_swap_32 (pdf->u_buf[0]),
byte_swap_32 (pdf->u_buf[1]),
byte_swap_32 (pdf->u_buf[2]),
byte_swap_32 (pdf->u_buf[3]),
byte_swap_32 (pdf->u_buf[4]),
byte_swap_32 (pdf->u_buf[5]),
byte_swap_32 (pdf->u_buf[6]),
byte_swap_32 (pdf->u_buf[7]),
pdf->o_len,
byte_swap_32 (pdf->o_buf[0]),
byte_swap_32 (pdf->o_buf[1]),
byte_swap_32 (pdf->o_buf[2]),
byte_swap_32 (pdf->o_buf[3]),
byte_swap_32 (pdf->o_buf[4]),
byte_swap_32 (pdf->o_buf[5]),
byte_swap_32 (pdf->o_buf[6]),
byte_swap_32 (pdf->o_buf[7])
);
}
return line_len;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
module_ctx->module_dgst_pos0 = module_dgst_pos0;
module_ctx->module_dgst_pos1 = module_dgst_pos1;
module_ctx->module_dgst_pos2 = module_dgst_pos2;
module_ctx->module_dgst_pos3 = module_dgst_pos3;
module_ctx->module_dgst_size = module_dgst_size;
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
module_ctx->module_esalt_size = module_esalt_size;
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
module_ctx->module_hash_decode = module_hash_decode;
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_encode = module_hash_encode;
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
module_ctx->module_hash_mode = MODULE_DEFAULT;
module_ctx->module_hash_category = module_hash_category;
module_ctx->module_hash_name = module_hash_name;
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
module_ctx->module_hook12 = MODULE_DEFAULT;
module_ctx->module_hook23 = MODULE_DEFAULT;
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
module_ctx->module_hook_size = MODULE_DEFAULT;
module_ctx->module_jit_build_options = module_jit_build_options;
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
module_ctx->module_kernel_threads_max = module_kernel_threads_max;
module_ctx->module_kernel_threads_min = module_kernel_threads_min;
module_ctx->module_kern_type = module_kern_type;
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
module_ctx->module_opti_type = module_opti_type;
module_ctx->module_opts_type = module_opts_type;
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
module_ctx->module_potfile_disable = MODULE_DEFAULT;
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = module_pw_max;
module_ctx->module_pw_min = MODULE_DEFAULT;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;
module_ctx->module_separator = MODULE_DEFAULT;
module_ctx->module_st_hash = module_st_hash;
module_ctx->module_st_pass = module_st_pass;
module_ctx->module_tmp_size = module_tmp_size;
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}

View File

@ -0,0 +1,277 @@
#!/usr/bin/env perl
##
## Author......: See docs/credits.txt
## License.....: MIT
##
# based off m10500 but added the owner password part ($o) to be able to test the edit password
# two TODOs still (now only works if no user password is set):
# 1. TODO use user password as input for md5 of o_digest if no owner password is set
# 2. TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value
# easy test shortcut for debugging
# a=$(echo 1 | tools/test.pl passthrough 10500 | tail -n1); echo $a; echo 1 | ./hashcat --potfile-disable --runtime 400 --hwmon-disable -O -D 2 --backend-vector-width 4 -a 0 -m 10500 $a
use strict;
use warnings;
use Crypt::RC4;
use Digest::MD5 qw (md5);
my $PDF_PADDING =
[
0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41, 0x64, 0x00, 0x4e, 0x56,
0xff, 0xfa, 0x01, 0x08, 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a
];
sub module_constraints { [[0, 15], [32, 32], [-1, -1], [-1, -1], [-1, -1]] }
sub pdf_compute_encryption_key_user
{
my $word = shift;
my $padding = shift;
my $id = shift;
my $u = shift;
my $o = shift;
my $P = shift;
my $V = shift;
my $R = shift;
my $enc = shift;
## start
my $data;
$data .= $word;
$data .= substr ($padding, 0, 32 - length $word);
$data .= pack ("H*", $o);
$data .= pack ("I", $P);
$data .= pack ("H*", $id);
if ($R >= 4)
{
if (!$enc)
{
$data .= pack ("I", -1);
}
}
my $res = md5 ($data);
if ($R >= 3)
{
for (my $i = 0; $i < 50; $i++)
{
$res = md5 ($res);
}
}
return $res;
}
sub pdf_compute_encryption_key_owner
{
my $word = shift;
my $padding = shift;
my $id = shift;
my $u = shift;
my $o = shift;
my $P = shift;
my $V = shift;
my $R = shift;
my $enc = shift;
# TODO use user password as input for md5 of o_digest if no owner password is set
my $data;
$data .= $word;
$data .= substr ($padding, 0, 32 - length $word);
my $o_digest = md5 ($data);
if ($R >= 3)
{
for (my $i = 0; $i < 50; $i++)
{
$o_digest = md5 ($o_digest);
}
}
#printf("\$o_digest = %s\n", unpack ("H*", $o_digest));
my $o_key;
if ($R == 2)
{
$o_key = substr($o_digest, 0, 8); # rc4 key is always 5 for revision 2, but for 3 or greather is dependent on the value of the encryption dictionaries length entry
}
else
{
$o_key = substr($o_digest, 0, 16); #length is always 128 bits or 16 bytes
}
#printf("\$o_key = %s\n", unpack ("H*", $o_key));
return $o_key;
}
sub module_generate_hash
{
my $word = shift;
my $id = shift;
my $u = shift;
my $o = shift;
my $P = shift;
my $V = shift;
my $R = shift;
my $enc = shift;
if (defined $u == 0)
{
$u = "0" x 64;
}
my $u_save = $u;
if (defined $o == 0)
{
$o = "0" x 64;
}
my $o_save = $u;
if (defined $R == 0)
{
$R = random_number (3, 4);
}
if (defined $V == 0)
{
$V = ($R == 3) ? 2 : 4;
}
if (defined $P == 0)
{
$P = ($R == 3) ? -4 : -1028;
}
if (defined $enc == 0)
{
$enc = ($R == 3) ? 1 : random_number (0, 1);
}
my $padding;
for (my $i = 0; $i < 32; $i++)
{
$padding .= pack ("C", $PDF_PADDING->[$i]);
}
################ USER PASSWORD #################
my $res = pdf_compute_encryption_key_user($word, $padding, $id, $u, $o, $P, $V, $R, $enc);
my $digest = md5 ($padding . pack ("H*", $id));
my $m = Crypt::RC4->new ($res);
$u = $m->RC4 ($digest);
my @ress = split "", $res;
#do xor of rc4 19 times
for (my $x = 1; $x <= 19; $x++)
{
my @xor;
for (my $i = 0; $i < 16; $i++)
{
$xor[$i] = chr (ord ($ress[$i]) ^ $x);
}
my $s = join ("", @xor);
my $m2 = Crypt::RC4->new ($s);
$u = $m2->RC4 ($u);
}
################ OWNER PASSWORD #################
my $o_key = pdf_compute_encryption_key_owner($word, $padding, $id, $u, $o, $P, $V, $R, $enc);
my $n = Crypt::RC4->new ($o_key);
$o = $n->RC4(substr ($padding, 0, 32 - length "")); # TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value
#printf("padding_empty_str = %s\n", unpack ("H*", substr ($padding, 0, 32 - length "")));
my @ress2 = split "", $o_key;
if ($R >= 3)
{
#do xor of rc4 19 times
for (my $x = 1; $x <= 19; $x++)
{
my @xor;
for (my $i = 0; $i < 16; $i++)
{
$xor[$i] = chr (ord ($ress2[$i]) ^ $x);
}
my $s = join ("", @xor);
my $n2 = Crypt::RC4->new ($s);
$o = $n2->RC4 ($o);
}
}
#printf("\$u = %s\n", unpack ("H*", $u));
$u .= substr (pack ("H*", $u_save), 16, 16);
#printf("\$o = %s\n", unpack ("H*", $o));
#printf("\$u = %s\n", unpack ("H*", $u));
my $hash = sprintf ('$pdf$%d*%d*128*%d*%d*16*%s*32*%s*32*%s', $V, $R, $P, $enc, $id, unpack ("H*", $u), unpack ("H*", $o));
return $hash;
}
sub module_verify_hash
{
my $line = shift;
my ($hash_in, $word) = split ":", $line;
return unless defined $hash_in;
return unless defined $word;
my @data = split /\*/, $hash_in;
return unless scalar @data == 11;
my $V = shift @data; $V = substr ($V, 5, 1);
my $R = shift @data;
return unless (shift @data eq '128'); # length is always 128 here
my $P = shift @data;
my $enc = shift @data;
return unless (shift @data eq '16');
my $id = shift @data;
return unless (shift @data eq '32');
my $u = shift @data;
return unless (shift @data eq '32');
my $o = shift @data;
return unless defined $id;
return unless defined $word;
$word = pack_if_HEX_notation ($word);
my $new_hash = module_generate_hash ($word, $id, $u, $o, $P, $V, $R, $enc);
return ($new_hash, $word);
}
1;