mirror of
https://github.com/hashcat/hashcat.git
synced 2024-12-27 00:48:13 +00:00
Merge pull request #2739 from thatux/pdf-edit-25400
Added attack mode 25400
This commit is contained in:
commit
97cce89bb8
444
OpenCL/m25400-pure.cl
Normal file
444
OpenCL/m25400-pure.cl
Normal file
@ -0,0 +1,444 @@
|
||||
/**
|
||||
* Author......: See docs/credits.txt
|
||||
* License.....: MIT
|
||||
*/
|
||||
|
||||
// TODO use user password as input for md5 of o_digest if no owner password is set
|
||||
// TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value
|
||||
|
||||
#ifdef KERNEL_STATIC
|
||||
#include "inc_vendor.h"
|
||||
#include "inc_types.h"
|
||||
#include "inc_platform.cl"
|
||||
#include "inc_common.cl"
|
||||
#include "inc_hash_md5.cl"
|
||||
#endif
|
||||
|
||||
#define COMPARE_S "inc_comp_single.cl"
|
||||
#define COMPARE_M "inc_comp_multi.cl"
|
||||
|
||||
CONSTANT_VK u32a padding[8] =
|
||||
{
|
||||
0x5e4ebf28,
|
||||
0x418a754e,
|
||||
0x564e0064,
|
||||
0x0801faff,
|
||||
0xb6002e2e,
|
||||
0x803e68d0,
|
||||
0xfea90c2f,
|
||||
0x7a695364
|
||||
};
|
||||
|
||||
typedef struct pdf
|
||||
{
|
||||
int V;
|
||||
int R;
|
||||
int P;
|
||||
|
||||
int enc_md;
|
||||
|
||||
u32 id_buf[8];
|
||||
u32 u_buf[32];
|
||||
u32 o_buf[32];
|
||||
|
||||
int id_len;
|
||||
int o_len;
|
||||
int u_len;
|
||||
|
||||
u32 rc4key[2];
|
||||
u32 rc4data[2];
|
||||
|
||||
} pdf_t;
|
||||
|
||||
typedef struct pdf14_tmp
|
||||
{
|
||||
u32 digest[4];
|
||||
u32 out[4];
|
||||
|
||||
} pdf14_tmp_t;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
u8 S[256];
|
||||
|
||||
u32 wtf_its_faster;
|
||||
|
||||
} RC4_KEY;
|
||||
|
||||
DECLSPEC void swap (LOCAL_AS RC4_KEY *rc4_key, const u8 i, const u8 j)
|
||||
{
|
||||
u8 tmp;
|
||||
|
||||
tmp = rc4_key->S[i];
|
||||
rc4_key->S[i] = rc4_key->S[j];
|
||||
rc4_key->S[j] = tmp;
|
||||
}
|
||||
|
||||
DECLSPEC void rc4_init_16 (LOCAL_AS RC4_KEY *rc4_key, const u32 *data)
|
||||
{
|
||||
u32 v = 0x03020100;
|
||||
u32 a = 0x04040404;
|
||||
|
||||
LOCAL_AS u32 *ptr = (LOCAL_AS u32 *) rc4_key->S;
|
||||
|
||||
#ifdef _unroll
|
||||
#pragma unroll
|
||||
#endif
|
||||
for (u32 i = 0; i < 64; i++)
|
||||
{
|
||||
*ptr++ = v; v += a;
|
||||
}
|
||||
|
||||
u32 j = 0;
|
||||
|
||||
#ifdef _unroll
|
||||
#pragma unroll
|
||||
#endif
|
||||
for (u32 i = 0; i < 16; i++)
|
||||
{
|
||||
u32 idx = i * 16;
|
||||
|
||||
u32 v;
|
||||
|
||||
v = data[0];
|
||||
|
||||
j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++;
|
||||
|
||||
v = data[1];
|
||||
|
||||
j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++;
|
||||
|
||||
v = data[2];
|
||||
|
||||
j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++;
|
||||
|
||||
v = data[3];
|
||||
|
||||
j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++;
|
||||
j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++;
|
||||
}
|
||||
}
|
||||
|
||||
DECLSPEC u8 rc4_next_16 (LOCAL_AS RC4_KEY *rc4_key, u8 i, u8 j, const u32 *in, u32 *out)
|
||||
{
|
||||
#ifdef _unroll
|
||||
#pragma unroll
|
||||
#endif
|
||||
for (u32 k = 0; k < 4; k++)
|
||||
{
|
||||
u32 xor4 = 0;
|
||||
|
||||
u8 idx;
|
||||
|
||||
i += 1;
|
||||
j += rc4_key->S[i];
|
||||
|
||||
swap (rc4_key, i, j);
|
||||
|
||||
idx = rc4_key->S[i] + rc4_key->S[j];
|
||||
|
||||
xor4 |= rc4_key->S[idx] << 0;
|
||||
|
||||
i += 1;
|
||||
j += rc4_key->S[i];
|
||||
|
||||
swap (rc4_key, i, j);
|
||||
|
||||
idx = rc4_key->S[i] + rc4_key->S[j];
|
||||
|
||||
xor4 |= rc4_key->S[idx] << 8;
|
||||
|
||||
i += 1;
|
||||
j += rc4_key->S[i];
|
||||
|
||||
swap (rc4_key, i, j);
|
||||
|
||||
idx = rc4_key->S[i] + rc4_key->S[j];
|
||||
|
||||
xor4 |= rc4_key->S[idx] << 16;
|
||||
|
||||
i += 1;
|
||||
j += rc4_key->S[i];
|
||||
|
||||
swap (rc4_key, i, j);
|
||||
|
||||
idx = rc4_key->S[i] + rc4_key->S[j];
|
||||
|
||||
xor4 |= rc4_key->S[idx] << 24;
|
||||
|
||||
out[k] = in[k] ^ xor4;
|
||||
}
|
||||
|
||||
return j;
|
||||
}
|
||||
|
||||
KERNEL_FQ void m25400_init (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t))
|
||||
{
|
||||
/**
|
||||
* base
|
||||
*/
|
||||
|
||||
const u64 gid = get_global_id (0);
|
||||
//const u64 lid = get_local_id (0);
|
||||
|
||||
if (gid >= gid_max) return;
|
||||
|
||||
u32 w0[4];
|
||||
|
||||
w0[0] = pws[gid].i[ 0];
|
||||
w0[1] = pws[gid].i[ 1];
|
||||
w0[2] = pws[gid].i[ 2];
|
||||
w0[3] = pws[gid].i[ 3];
|
||||
|
||||
u32 w1[4];
|
||||
|
||||
w1[0] = pws[gid].i[ 4];
|
||||
w1[1] = pws[gid].i[ 5];
|
||||
w1[2] = pws[gid].i[ 6];
|
||||
w1[3] = pws[gid].i[ 7];
|
||||
|
||||
const u32 pw_len = pws[gid].pw_len;
|
||||
|
||||
/**
|
||||
* shared
|
||||
*/
|
||||
|
||||
//LOCAL_AS RC4_KEY rc4_keys[64];
|
||||
//LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid];
|
||||
|
||||
u32 P = esalt_bufs[DIGESTS_OFFSET].P;
|
||||
|
||||
u32 id_buf[12];
|
||||
|
||||
id_buf[ 0] = esalt_bufs[DIGESTS_OFFSET].id_buf[0];
|
||||
id_buf[ 1] = esalt_bufs[DIGESTS_OFFSET].id_buf[1];
|
||||
id_buf[ 2] = esalt_bufs[DIGESTS_OFFSET].id_buf[2];
|
||||
id_buf[ 3] = esalt_bufs[DIGESTS_OFFSET].id_buf[3];
|
||||
|
||||
id_buf[ 4] = esalt_bufs[DIGESTS_OFFSET].id_buf[4];
|
||||
id_buf[ 5] = esalt_bufs[DIGESTS_OFFSET].id_buf[5];
|
||||
id_buf[ 6] = esalt_bufs[DIGESTS_OFFSET].id_buf[6];
|
||||
id_buf[ 7] = esalt_bufs[DIGESTS_OFFSET].id_buf[7];
|
||||
|
||||
id_buf[ 8] = 0;
|
||||
id_buf[ 9] = 0;
|
||||
id_buf[10] = 0;
|
||||
id_buf[11] = 0;
|
||||
|
||||
u32 rc4data[2];
|
||||
|
||||
rc4data[0] = padding[0];
|
||||
rc4data[1] = padding[1];
|
||||
|
||||
/**
|
||||
* main init
|
||||
*/
|
||||
|
||||
u32 w0_t[4];
|
||||
u32 w1_t[4];
|
||||
u32 w2_t[4];
|
||||
u32 w3_t[4];
|
||||
|
||||
// max length supported by pdf11 is 32
|
||||
|
||||
w0_t[0] = padding[0];
|
||||
w0_t[1] = padding[1];
|
||||
w0_t[2] = padding[2];
|
||||
w0_t[3] = padding[3];
|
||||
w1_t[0] = padding[4];
|
||||
w1_t[1] = padding[5];
|
||||
w1_t[2] = padding[6];
|
||||
w1_t[3] = padding[7];
|
||||
w2_t[0] = 0;
|
||||
w2_t[1] = 0;
|
||||
w2_t[2] = 0;
|
||||
w2_t[3] = 0;
|
||||
w3_t[0] = 0;
|
||||
w3_t[1] = 0;
|
||||
w3_t[2] = 0;
|
||||
w3_t[3] = 0;
|
||||
|
||||
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, pw_len);
|
||||
|
||||
// add password
|
||||
// truncate at 32 is wanted, not a bug!
|
||||
// add padding
|
||||
|
||||
w0_t[0] |= w0[0];
|
||||
w0_t[1] |= w0[1];
|
||||
w0_t[2] |= w0[2];
|
||||
w0_t[3] |= w0[3];
|
||||
w1_t[0] |= w1[0];
|
||||
w1_t[1] |= w1[1];
|
||||
w1_t[2] |= w1[2];
|
||||
w1_t[3] |= w1[3];
|
||||
w2_t[0] = 0x80;
|
||||
w2_t[1] = 0;
|
||||
w2_t[2] = 0;
|
||||
w2_t[3] = 0;
|
||||
w3_t[0] = 0;
|
||||
w3_t[1] = 0;
|
||||
w3_t[2] = 32 * 8;
|
||||
w3_t[3] = 0;
|
||||
|
||||
u32 digest[4];
|
||||
|
||||
digest[0] = MD5M_A;
|
||||
digest[1] = MD5M_B;
|
||||
digest[2] = MD5M_C;
|
||||
digest[3] = MD5M_D;
|
||||
|
||||
md5_transform (w0_t, w1_t, w2_t, w3_t, digest);
|
||||
|
||||
tmps[gid].digest[0] = digest[0];
|
||||
tmps[gid].digest[1] = digest[1];
|
||||
tmps[gid].digest[2] = digest[2];
|
||||
tmps[gid].digest[3] = digest[3];
|
||||
|
||||
tmps[gid].out[0] = rc4data[0];
|
||||
tmps[gid].out[1] = rc4data[1];
|
||||
tmps[gid].out[2] = 0;
|
||||
tmps[gid].out[3] = 0;
|
||||
}
|
||||
|
||||
KERNEL_FQ void m25400_loop (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t))
|
||||
{
|
||||
/**
|
||||
* base
|
||||
*/
|
||||
|
||||
const u64 gid = get_global_id (0);
|
||||
const u64 lid = get_local_id (0);
|
||||
|
||||
if (gid >= gid_max) return;
|
||||
|
||||
/**
|
||||
* shared
|
||||
*/
|
||||
|
||||
LOCAL_VK RC4_KEY rc4_keys[64];
|
||||
|
||||
LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid];
|
||||
|
||||
/**
|
||||
* loop
|
||||
*/
|
||||
|
||||
u32 digest[4];
|
||||
|
||||
digest[0] = tmps[gid].digest[0];
|
||||
digest[1] = tmps[gid].digest[1];
|
||||
digest[2] = tmps[gid].digest[2];
|
||||
digest[3] = tmps[gid].digest[3];
|
||||
|
||||
u32 out[4];
|
||||
|
||||
out[0] = tmps[gid].out[0];
|
||||
out[1] = tmps[gid].out[1];
|
||||
out[2] = tmps[gid].out[2];
|
||||
out[3] = tmps[gid].out[3];
|
||||
|
||||
for (u32 i = 0, j = loop_pos; i < loop_cnt; i++, j++)
|
||||
{
|
||||
if (j < 50)
|
||||
{
|
||||
u32 w0_t[4];
|
||||
u32 w1_t[4];
|
||||
u32 w2_t[4];
|
||||
u32 w3_t[4];
|
||||
|
||||
w0_t[0] = digest[0];
|
||||
w0_t[1] = digest[1];
|
||||
w0_t[2] = digest[2];
|
||||
w0_t[3] = digest[3];
|
||||
w1_t[0] = 0x80;
|
||||
w1_t[1] = 0;
|
||||
w1_t[2] = 0;
|
||||
w1_t[3] = 0;
|
||||
w2_t[0] = 0;
|
||||
w2_t[1] = 0;
|
||||
w2_t[2] = 0;
|
||||
w2_t[3] = 0;
|
||||
w3_t[0] = 0;
|
||||
w3_t[1] = 0;
|
||||
w3_t[2] = 16 * 8;
|
||||
w3_t[3] = 0;
|
||||
|
||||
digest[0] = MD5M_A;
|
||||
digest[1] = MD5M_B;
|
||||
digest[2] = MD5M_C;
|
||||
digest[3] = MD5M_D;
|
||||
|
||||
md5_transform (w0_t, w1_t, w2_t, w3_t, digest);
|
||||
}
|
||||
else
|
||||
{
|
||||
const u32 x = j - 50;
|
||||
|
||||
const u32 xv = x << 0
|
||||
| x << 8
|
||||
| x << 16
|
||||
| x << 24;
|
||||
|
||||
u32 tmp[4];
|
||||
|
||||
tmp[0] = digest[0] ^ xv;
|
||||
tmp[1] = digest[1] ^ xv;
|
||||
tmp[2] = digest[2] ^ xv;
|
||||
tmp[3] = digest[3] ^ xv;
|
||||
|
||||
rc4_init_16 (rc4_key, tmp);
|
||||
|
||||
rc4_next_16 (rc4_key, 0, 0, out, out);
|
||||
}
|
||||
}
|
||||
|
||||
tmps[gid].digest[0] = digest[0];
|
||||
tmps[gid].digest[1] = digest[1];
|
||||
tmps[gid].digest[2] = digest[2];
|
||||
tmps[gid].digest[3] = digest[3];
|
||||
|
||||
tmps[gid].out[0] = out[0];
|
||||
tmps[gid].out[1] = out[1];
|
||||
tmps[gid].out[2] = out[2];
|
||||
tmps[gid].out[3] = out[3];
|
||||
}
|
||||
|
||||
KERNEL_FQ void m25400_comp (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t))
|
||||
{
|
||||
/**
|
||||
* modifier
|
||||
*/
|
||||
|
||||
const u64 gid = get_global_id (0);
|
||||
|
||||
if (gid >= gid_max) return;
|
||||
|
||||
const u64 lid = get_local_id (0);
|
||||
|
||||
/**
|
||||
* digest
|
||||
*/
|
||||
|
||||
const u32 r0 = tmps[gid].out[0];
|
||||
const u32 r1 = tmps[gid].out[1];
|
||||
const u32 r2 = 0;
|
||||
const u32 r3 = 0;
|
||||
|
||||
#define il_pos 0
|
||||
|
||||
#ifdef KERNEL_STATIC
|
||||
#include COMPARE_M
|
||||
#endif
|
||||
}
|
534
src/modules/module_25400.c
Normal file
534
src/modules/module_25400.c
Normal file
@ -0,0 +1,534 @@
|
||||
/**
|
||||
* Author......: See docs/credits.txt
|
||||
* License.....: MIT
|
||||
*/
|
||||
|
||||
// TODO use user password as input for md5 of o_digest if no owner password is set
|
||||
// TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value
|
||||
|
||||
#include "common.h"
|
||||
#include "types.h"
|
||||
#include "modules.h"
|
||||
#include "bitops.h"
|
||||
#include "convert.h"
|
||||
#include "shared.h"
|
||||
#include "emu_inc_hash_md5.h"
|
||||
|
||||
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
|
||||
static const u32 DGST_POS0 = 0;
|
||||
static const u32 DGST_POS1 = 1;
|
||||
static const u32 DGST_POS2 = 2;
|
||||
static const u32 DGST_POS3 = 3;
|
||||
static const u32 DGST_SIZE = DGST_SIZE_4_4;
|
||||
static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS;
|
||||
static const char *HASH_NAME = "PDF 1.4 - 1.6 (Acrobat 5 - 8) - edit password";
|
||||
static const u64 KERN_TYPE = 25400;
|
||||
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
|
||||
| OPTI_TYPE_NOT_ITERATED;
|
||||
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE;
|
||||
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
|
||||
static const char *ST_PASS = "hashcat";
|
||||
static const char *ST_HASH = "$pdf$2*3*128*-3904*1*16*631ed33746e50fba5caf56bcc39e09c6*32*5f9d0e4f0b39835dace0d306c40cd6b700000000000000000000000000000000*32*842103b0a0dc886db9223b94afe2d7cd63389079b61986a4fcf70095ad630c24";
|
||||
|
||||
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
|
||||
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
|
||||
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
|
||||
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
|
||||
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
|
||||
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
|
||||
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
|
||||
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
|
||||
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
|
||||
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
|
||||
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
|
||||
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
|
||||
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
|
||||
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
|
||||
|
||||
typedef struct pdf
|
||||
{
|
||||
int V;
|
||||
int R;
|
||||
int P;
|
||||
|
||||
int enc_md;
|
||||
|
||||
u32 id_buf[8];
|
||||
u32 u_buf[32];
|
||||
u32 o_buf[32];
|
||||
|
||||
int id_len;
|
||||
int o_len;
|
||||
int u_len;
|
||||
|
||||
u32 rc4key[2];
|
||||
u32 rc4data[2];
|
||||
|
||||
} pdf_t;
|
||||
|
||||
typedef struct pdf14_tmp
|
||||
{
|
||||
u32 digest[4];
|
||||
u32 out[4];
|
||||
|
||||
} pdf14_tmp_t;
|
||||
|
||||
static const char *SIGNATURE_PDF = "$pdf$";
|
||||
|
||||
static void md5_complete_no_limit (u32 digest[4], const u32 *plain, const u32 plain_len)
|
||||
{
|
||||
// plain = u32 tmp_md5_buf[64] so this is compatible
|
||||
|
||||
md5_ctx_t md5_ctx;
|
||||
|
||||
md5_init (&md5_ctx);
|
||||
md5_update (&md5_ctx, plain, plain_len);
|
||||
md5_final (&md5_ctx);
|
||||
|
||||
digest[0] = md5_ctx.h[0];
|
||||
digest[1] = md5_ctx.h[1];
|
||||
digest[2] = md5_ctx.h[2];
|
||||
digest[3] = md5_ctx.h[3];
|
||||
}
|
||||
|
||||
char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param)
|
||||
{
|
||||
char *jit_build_options = NULL;
|
||||
|
||||
// Extra treatment for Apple systems
|
||||
if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE)
|
||||
{
|
||||
return jit_build_options;
|
||||
}
|
||||
|
||||
// Intel CPU
|
||||
if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU))
|
||||
{
|
||||
hc_asprintf (&jit_build_options, "-D _unroll");
|
||||
}
|
||||
|
||||
// ROCM
|
||||
if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true))
|
||||
{
|
||||
hc_asprintf (&jit_build_options, "-D _unroll");
|
||||
}
|
||||
|
||||
return jit_build_options;
|
||||
}
|
||||
|
||||
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 esalt_size = (const u64) sizeof (pdf_t);
|
||||
|
||||
return esalt_size;
|
||||
}
|
||||
|
||||
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 tmp_size = (const u64) sizeof (pdf14_tmp_t);
|
||||
|
||||
return tmp_size;
|
||||
}
|
||||
|
||||
u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u32 kernel_threads_min = 64; // RC4
|
||||
|
||||
return kernel_threads_min;
|
||||
}
|
||||
|
||||
u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u32 kernel_threads_max = 64; // RC4
|
||||
|
||||
return kernel_threads_max;
|
||||
}
|
||||
|
||||
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u32 pw_max = 32; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/
|
||||
|
||||
return pw_max;
|
||||
}
|
||||
|
||||
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
|
||||
{
|
||||
u32 *digest = (u32 *) digest_buf;
|
||||
|
||||
pdf_t *pdf = (pdf_t *) esalt_buf;
|
||||
|
||||
token_t token;
|
||||
|
||||
token.token_cnt = 12;
|
||||
|
||||
token.signatures_cnt = 1;
|
||||
token.signatures_buf[0] = SIGNATURE_PDF;
|
||||
|
||||
token.len[0] = 5;
|
||||
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_SIGNATURE;
|
||||
|
||||
token.len_min[1] = 1;
|
||||
token.len_max[1] = 1;
|
||||
token.sep[1] = '*';
|
||||
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_DIGIT;
|
||||
|
||||
token.len_min[2] = 1;
|
||||
token.len_max[2] = 1;
|
||||
token.sep[2] = '*';
|
||||
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_DIGIT;
|
||||
|
||||
token.len_min[3] = 3;
|
||||
token.len_max[3] = 3;
|
||||
token.sep[3] = '*';
|
||||
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_DIGIT;
|
||||
|
||||
token.len_min[4] = 1;
|
||||
token.len_max[4] = 6;
|
||||
token.sep[4] = '*';
|
||||
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH;
|
||||
|
||||
token.len_min[5] = 1;
|
||||
token.len_max[5] = 1;
|
||||
token.sep[5] = '*';
|
||||
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_DIGIT;
|
||||
|
||||
token.len_min[6] = 2;
|
||||
token.len_max[6] = 2;
|
||||
token.sep[6] = '*';
|
||||
token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_DIGIT;
|
||||
|
||||
token.len_min[7] = 32;
|
||||
token.len_max[7] = 64;
|
||||
token.sep[7] = '*';
|
||||
token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_HEX;
|
||||
|
||||
token.len_min[8] = 2;
|
||||
token.len_max[8] = 2;
|
||||
token.sep[8] = '*';
|
||||
token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_DIGIT;
|
||||
|
||||
token.len_min[9] = 64;
|
||||
token.len_max[9] = 64;
|
||||
token.sep[9] = '*';
|
||||
token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_HEX;
|
||||
|
||||
token.len_min[10] = 2;
|
||||
token.len_max[10] = 2;
|
||||
token.sep[10] = '*';
|
||||
token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_DIGIT;
|
||||
|
||||
token.len_min[11] = 64;
|
||||
token.len_max[11] = 64;
|
||||
token.sep[11] = '*';
|
||||
token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_HEX;
|
||||
|
||||
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
|
||||
|
||||
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
|
||||
|
||||
const u8 *V_pos = token.buf[1];
|
||||
const u8 *R_pos = token.buf[2];
|
||||
const u8 *bits_pos = token.buf[3];
|
||||
const u8 *P_pos = token.buf[4];
|
||||
const u8 *enc_md_pos = token.buf[5];
|
||||
const u8 *id_len_pos = token.buf[6];
|
||||
const u8 *id_buf_pos = token.buf[7];
|
||||
const u8 *u_len_pos = token.buf[8];
|
||||
const u8 *u_buf_pos = token.buf[9]; // user hash
|
||||
const u8 *o_len_pos = token.buf[10];
|
||||
const u8 *o_buf_pos = token.buf[11]; // owner hash
|
||||
|
||||
// validate data
|
||||
|
||||
const int V = strtol ((const char *) V_pos, NULL, 10);
|
||||
const int R = strtol ((const char *) R_pos, NULL, 10);
|
||||
const int P = strtol ((const char *) P_pos, NULL, 10);
|
||||
|
||||
int vr_ok = 0;
|
||||
|
||||
if ((V == 2) && (R == 3)) vr_ok = 1;
|
||||
if ((V == 4) && (R == 4)) vr_ok = 1;
|
||||
|
||||
if (vr_ok == 0) return (PARSER_SALT_VALUE);
|
||||
|
||||
const int id_len = strtol ((const char *) id_len_pos, NULL, 10);
|
||||
const int u_len = strtol ((const char *) u_len_pos, NULL, 10);
|
||||
const int o_len = strtol ((const char *) o_len_pos, NULL, 10);
|
||||
|
||||
if ((id_len != 16) && (id_len != 32)) return (PARSER_SALT_VALUE);
|
||||
|
||||
if (u_len != 32) return (PARSER_SALT_VALUE);
|
||||
if (o_len != 32) return (PARSER_SALT_VALUE);
|
||||
|
||||
const int bits = strtol ((const char *) bits_pos, NULL, 10);
|
||||
|
||||
if (bits != 128) return (PARSER_SALT_VALUE);
|
||||
|
||||
int enc_md = 1;
|
||||
|
||||
if (R >= 4)
|
||||
{
|
||||
enc_md = strtol ((const char *) enc_md_pos, NULL, 10);
|
||||
}
|
||||
|
||||
// copy data to esalt
|
||||
|
||||
pdf->V = V;
|
||||
pdf->R = R;
|
||||
pdf->P = P;
|
||||
|
||||
pdf->enc_md = enc_md;
|
||||
|
||||
pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0);
|
||||
pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8);
|
||||
pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16);
|
||||
pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24);
|
||||
|
||||
if (id_len == 32)
|
||||
{
|
||||
pdf->id_buf[4] = hex_to_u32 (id_buf_pos + 32);
|
||||
pdf->id_buf[5] = hex_to_u32 (id_buf_pos + 40);
|
||||
pdf->id_buf[6] = hex_to_u32 (id_buf_pos + 48);
|
||||
pdf->id_buf[7] = hex_to_u32 (id_buf_pos + 56);
|
||||
}
|
||||
|
||||
pdf->id_len = id_len;
|
||||
|
||||
pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0);
|
||||
pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8);
|
||||
pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16);
|
||||
pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24);
|
||||
pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32);
|
||||
pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40);
|
||||
pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48);
|
||||
pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56);
|
||||
pdf->u_len = u_len;
|
||||
|
||||
pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0);
|
||||
pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8);
|
||||
pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16);
|
||||
pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24);
|
||||
pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32);
|
||||
pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40);
|
||||
pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48);
|
||||
pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56);
|
||||
pdf->o_len = o_len;
|
||||
|
||||
// precompute rc4 data for later use
|
||||
|
||||
u32 padding[8] =
|
||||
{
|
||||
0x5e4ebf28,
|
||||
0x418a754e,
|
||||
0x564e0064,
|
||||
0x0801faff,
|
||||
0xb6002e2e,
|
||||
0x803e68d0,
|
||||
0xfea90c2f,
|
||||
0x7a695364
|
||||
};
|
||||
|
||||
// md5
|
||||
|
||||
u32 salt_pc_block[32] = { 0 };
|
||||
|
||||
u8 *salt_pc_ptr = (u8 *) salt_pc_block;
|
||||
|
||||
memcpy (salt_pc_ptr, padding, 32);
|
||||
memcpy (salt_pc_ptr + 32, pdf->id_buf, pdf->id_len);
|
||||
|
||||
u32 salt_pc_digest[4] = { 0 };
|
||||
|
||||
md5_complete_no_limit (salt_pc_digest, salt_pc_block, 32 + pdf->id_len);
|
||||
|
||||
pdf->rc4data[0] = salt_pc_digest[0];
|
||||
pdf->rc4data[1] = salt_pc_digest[1];
|
||||
|
||||
// we use ID for salt, maybe needs to change, we will see...
|
||||
|
||||
salt->salt_buf[0] = pdf->id_buf[0];
|
||||
salt->salt_buf[1] = pdf->id_buf[1];
|
||||
salt->salt_buf[2] = pdf->id_buf[2];
|
||||
salt->salt_buf[3] = pdf->id_buf[3];
|
||||
salt->salt_buf[4] = pdf->o_buf[0]; // switched u_buf with o_buf vs m10500
|
||||
salt->salt_buf[5] = pdf->o_buf[1];
|
||||
salt->salt_buf[6] = pdf->u_buf[0];
|
||||
salt->salt_buf[7] = pdf->u_buf[1];
|
||||
salt->salt_len = pdf->id_len + 16;
|
||||
|
||||
salt->salt_iter = (50 + 20);
|
||||
|
||||
digest[0] = pdf->o_buf[0]; // o_buf instead of u_buf vs m10500
|
||||
digest[1] = pdf->o_buf[1];
|
||||
digest[2] = 0;
|
||||
digest[3] = 0;
|
||||
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
|
||||
{
|
||||
const pdf_t *pdf = (const pdf_t *) esalt_buf;
|
||||
|
||||
int line_len = 0;
|
||||
|
||||
if (pdf->id_len == 32)
|
||||
{
|
||||
line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x",
|
||||
pdf->V,
|
||||
pdf->R,
|
||||
128,
|
||||
pdf->P,
|
||||
pdf->enc_md,
|
||||
pdf->id_len,
|
||||
byte_swap_32 (pdf->id_buf[0]),
|
||||
byte_swap_32 (pdf->id_buf[1]),
|
||||
byte_swap_32 (pdf->id_buf[2]),
|
||||
byte_swap_32 (pdf->id_buf[3]),
|
||||
byte_swap_32 (pdf->id_buf[4]),
|
||||
byte_swap_32 (pdf->id_buf[5]),
|
||||
byte_swap_32 (pdf->id_buf[6]),
|
||||
byte_swap_32 (pdf->id_buf[7]),
|
||||
pdf->u_len,
|
||||
byte_swap_32 (pdf->u_buf[0]),
|
||||
byte_swap_32 (pdf->u_buf[1]),
|
||||
byte_swap_32 (pdf->u_buf[2]),
|
||||
byte_swap_32 (pdf->u_buf[3]),
|
||||
byte_swap_32 (pdf->u_buf[4]),
|
||||
byte_swap_32 (pdf->u_buf[5]),
|
||||
byte_swap_32 (pdf->u_buf[6]),
|
||||
byte_swap_32 (pdf->u_buf[7]),
|
||||
pdf->o_len,
|
||||
byte_swap_32 (pdf->o_buf[0]),
|
||||
byte_swap_32 (pdf->o_buf[1]),
|
||||
byte_swap_32 (pdf->o_buf[2]),
|
||||
byte_swap_32 (pdf->o_buf[3]),
|
||||
byte_swap_32 (pdf->o_buf[4]),
|
||||
byte_swap_32 (pdf->o_buf[5]),
|
||||
byte_swap_32 (pdf->o_buf[6]),
|
||||
byte_swap_32 (pdf->o_buf[7])
|
||||
);
|
||||
}
|
||||
else
|
||||
{
|
||||
line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x",
|
||||
pdf->V,
|
||||
pdf->R,
|
||||
128,
|
||||
pdf->P,
|
||||
pdf->enc_md,
|
||||
pdf->id_len,
|
||||
byte_swap_32 (pdf->id_buf[0]),
|
||||
byte_swap_32 (pdf->id_buf[1]),
|
||||
byte_swap_32 (pdf->id_buf[2]),
|
||||
byte_swap_32 (pdf->id_buf[3]),
|
||||
pdf->u_len,
|
||||
byte_swap_32 (pdf->u_buf[0]),
|
||||
byte_swap_32 (pdf->u_buf[1]),
|
||||
byte_swap_32 (pdf->u_buf[2]),
|
||||
byte_swap_32 (pdf->u_buf[3]),
|
||||
byte_swap_32 (pdf->u_buf[4]),
|
||||
byte_swap_32 (pdf->u_buf[5]),
|
||||
byte_swap_32 (pdf->u_buf[6]),
|
||||
byte_swap_32 (pdf->u_buf[7]),
|
||||
pdf->o_len,
|
||||
byte_swap_32 (pdf->o_buf[0]),
|
||||
byte_swap_32 (pdf->o_buf[1]),
|
||||
byte_swap_32 (pdf->o_buf[2]),
|
||||
byte_swap_32 (pdf->o_buf[3]),
|
||||
byte_swap_32 (pdf->o_buf[4]),
|
||||
byte_swap_32 (pdf->o_buf[5]),
|
||||
byte_swap_32 (pdf->o_buf[6]),
|
||||
byte_swap_32 (pdf->o_buf[7])
|
||||
);
|
||||
}
|
||||
|
||||
return line_len;
|
||||
}
|
||||
|
||||
void module_init (module_ctx_t *module_ctx)
|
||||
{
|
||||
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
|
||||
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
|
||||
|
||||
module_ctx->module_attack_exec = module_attack_exec;
|
||||
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
|
||||
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
|
||||
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
|
||||
module_ctx->module_dgst_pos0 = module_dgst_pos0;
|
||||
module_ctx->module_dgst_pos1 = module_dgst_pos1;
|
||||
module_ctx->module_dgst_pos2 = module_dgst_pos2;
|
||||
module_ctx->module_dgst_pos3 = module_dgst_pos3;
|
||||
module_ctx->module_dgst_size = module_dgst_size;
|
||||
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_esalt_size = module_esalt_size;
|
||||
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
|
||||
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
|
||||
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode = module_hash_decode;
|
||||
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_encode = module_hash_encode;
|
||||
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_mode = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_category = module_hash_category;
|
||||
module_ctx->module_hash_name = module_hash_name;
|
||||
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
|
||||
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
|
||||
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
|
||||
module_ctx->module_hook12 = MODULE_DEFAULT;
|
||||
module_ctx->module_hook23 = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_size = MODULE_DEFAULT;
|
||||
module_ctx->module_jit_build_options = module_jit_build_options;
|
||||
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_threads_max = module_kernel_threads_max;
|
||||
module_ctx->module_kernel_threads_min = module_kernel_threads_min;
|
||||
module_ctx->module_kern_type = module_kern_type;
|
||||
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
|
||||
module_ctx->module_opti_type = module_opti_type;
|
||||
module_ctx->module_opts_type = module_opts_type;
|
||||
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
|
||||
module_ctx->module_pwdump_column = MODULE_DEFAULT;
|
||||
module_ctx->module_pw_max = module_pw_max;
|
||||
module_ctx->module_pw_min = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_max = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_min = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_type = module_salt_type;
|
||||
module_ctx->module_separator = MODULE_DEFAULT;
|
||||
module_ctx->module_st_hash = module_st_hash;
|
||||
module_ctx->module_st_pass = module_st_pass;
|
||||
module_ctx->module_tmp_size = module_tmp_size;
|
||||
module_ctx->module_unstable_warning = MODULE_DEFAULT;
|
||||
module_ctx->module_warmup_disable = MODULE_DEFAULT;
|
||||
}
|
277
tools/test_modules/m25400.pm
Normal file
277
tools/test_modules/m25400.pm
Normal file
@ -0,0 +1,277 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
##
|
||||
## Author......: See docs/credits.txt
|
||||
## License.....: MIT
|
||||
##
|
||||
|
||||
# based off m10500 but added the owner password part ($o) to be able to test the edit password
|
||||
# two TODOs still (now only works if no user password is set):
|
||||
# 1. TODO use user password as input for md5 of o_digest if no owner password is set
|
||||
# 2. TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value
|
||||
|
||||
# easy test shortcut for debugging
|
||||
# a=$(echo 1 | tools/test.pl passthrough 10500 | tail -n1); echo $a; echo 1 | ./hashcat --potfile-disable --runtime 400 --hwmon-disable -O -D 2 --backend-vector-width 4 -a 0 -m 10500 $a
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use Crypt::RC4;
|
||||
use Digest::MD5 qw (md5);
|
||||
|
||||
my $PDF_PADDING =
|
||||
[
|
||||
0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41, 0x64, 0x00, 0x4e, 0x56,
|
||||
0xff, 0xfa, 0x01, 0x08, 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
|
||||
0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a
|
||||
];
|
||||
|
||||
sub module_constraints { [[0, 15], [32, 32], [-1, -1], [-1, -1], [-1, -1]] }
|
||||
|
||||
sub pdf_compute_encryption_key_user
|
||||
{
|
||||
my $word = shift;
|
||||
my $padding = shift;
|
||||
my $id = shift;
|
||||
my $u = shift;
|
||||
my $o = shift;
|
||||
my $P = shift;
|
||||
my $V = shift;
|
||||
my $R = shift;
|
||||
my $enc = shift;
|
||||
|
||||
## start
|
||||
|
||||
my $data;
|
||||
|
||||
$data .= $word;
|
||||
|
||||
$data .= substr ($padding, 0, 32 - length $word);
|
||||
|
||||
$data .= pack ("H*", $o);
|
||||
$data .= pack ("I", $P);
|
||||
$data .= pack ("H*", $id);
|
||||
|
||||
if ($R >= 4)
|
||||
{
|
||||
if (!$enc)
|
||||
{
|
||||
$data .= pack ("I", -1);
|
||||
}
|
||||
}
|
||||
|
||||
my $res = md5 ($data);
|
||||
|
||||
if ($R >= 3)
|
||||
{
|
||||
for (my $i = 0; $i < 50; $i++)
|
||||
{
|
||||
$res = md5 ($res);
|
||||
}
|
||||
}
|
||||
|
||||
return $res;
|
||||
}
|
||||
|
||||
|
||||
sub pdf_compute_encryption_key_owner
|
||||
{
|
||||
my $word = shift;
|
||||
my $padding = shift;
|
||||
my $id = shift;
|
||||
my $u = shift;
|
||||
my $o = shift;
|
||||
my $P = shift;
|
||||
my $V = shift;
|
||||
my $R = shift;
|
||||
my $enc = shift;
|
||||
|
||||
# TODO use user password as input for md5 of o_digest if no owner password is set
|
||||
my $data;
|
||||
$data .= $word;
|
||||
$data .= substr ($padding, 0, 32 - length $word);
|
||||
my $o_digest = md5 ($data);
|
||||
|
||||
if ($R >= 3)
|
||||
{
|
||||
for (my $i = 0; $i < 50; $i++)
|
||||
{
|
||||
$o_digest = md5 ($o_digest);
|
||||
}
|
||||
}
|
||||
|
||||
#printf("\$o_digest = %s\n", unpack ("H*", $o_digest));
|
||||
|
||||
|
||||
my $o_key;
|
||||
if ($R == 2)
|
||||
{
|
||||
$o_key = substr($o_digest, 0, 8); # rc4 key is always 5 for revision 2, but for 3 or greather is dependent on the value of the encryption dictionaries length entry
|
||||
}
|
||||
else
|
||||
{
|
||||
$o_key = substr($o_digest, 0, 16); #length is always 128 bits or 16 bytes
|
||||
}
|
||||
#printf("\$o_key = %s\n", unpack ("H*", $o_key));
|
||||
|
||||
return $o_key;
|
||||
}
|
||||
|
||||
sub module_generate_hash
|
||||
{
|
||||
my $word = shift;
|
||||
my $id = shift;
|
||||
my $u = shift;
|
||||
my $o = shift;
|
||||
my $P = shift;
|
||||
my $V = shift;
|
||||
my $R = shift;
|
||||
my $enc = shift;
|
||||
|
||||
if (defined $u == 0)
|
||||
{
|
||||
$u = "0" x 64;
|
||||
}
|
||||
|
||||
my $u_save = $u;
|
||||
|
||||
if (defined $o == 0)
|
||||
{
|
||||
$o = "0" x 64;
|
||||
}
|
||||
|
||||
my $o_save = $u;
|
||||
|
||||
if (defined $R == 0)
|
||||
{
|
||||
$R = random_number (3, 4);
|
||||
}
|
||||
|
||||
if (defined $V == 0)
|
||||
{
|
||||
$V = ($R == 3) ? 2 : 4;
|
||||
}
|
||||
|
||||
if (defined $P == 0)
|
||||
{
|
||||
$P = ($R == 3) ? -4 : -1028;
|
||||
}
|
||||
|
||||
if (defined $enc == 0)
|
||||
{
|
||||
$enc = ($R == 3) ? 1 : random_number (0, 1);
|
||||
}
|
||||
|
||||
my $padding;
|
||||
|
||||
for (my $i = 0; $i < 32; $i++)
|
||||
{
|
||||
$padding .= pack ("C", $PDF_PADDING->[$i]);
|
||||
}
|
||||
|
||||
|
||||
################ USER PASSWORD #################
|
||||
my $res = pdf_compute_encryption_key_user($word, $padding, $id, $u, $o, $P, $V, $R, $enc);
|
||||
|
||||
my $digest = md5 ($padding . pack ("H*", $id));
|
||||
|
||||
my $m = Crypt::RC4->new ($res);
|
||||
$u = $m->RC4 ($digest);
|
||||
|
||||
my @ress = split "", $res;
|
||||
|
||||
#do xor of rc4 19 times
|
||||
for (my $x = 1; $x <= 19; $x++)
|
||||
{
|
||||
my @xor;
|
||||
|
||||
for (my $i = 0; $i < 16; $i++)
|
||||
{
|
||||
$xor[$i] = chr (ord ($ress[$i]) ^ $x);
|
||||
}
|
||||
|
||||
my $s = join ("", @xor);
|
||||
|
||||
my $m2 = Crypt::RC4->new ($s);
|
||||
|
||||
$u = $m2->RC4 ($u);
|
||||
}
|
||||
|
||||
|
||||
################ OWNER PASSWORD #################
|
||||
my $o_key = pdf_compute_encryption_key_owner($word, $padding, $id, $u, $o, $P, $V, $R, $enc);
|
||||
my $n = Crypt::RC4->new ($o_key);
|
||||
$o = $n->RC4(substr ($padding, 0, 32 - length "")); # TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value
|
||||
|
||||
#printf("padding_empty_str = %s\n", unpack ("H*", substr ($padding, 0, 32 - length "")));
|
||||
|
||||
my @ress2 = split "", $o_key;
|
||||
|
||||
if ($R >= 3)
|
||||
{
|
||||
#do xor of rc4 19 times
|
||||
for (my $x = 1; $x <= 19; $x++)
|
||||
{
|
||||
my @xor;
|
||||
|
||||
for (my $i = 0; $i < 16; $i++)
|
||||
{
|
||||
$xor[$i] = chr (ord ($ress2[$i]) ^ $x);
|
||||
}
|
||||
|
||||
my $s = join ("", @xor);
|
||||
|
||||
my $n2 = Crypt::RC4->new ($s);
|
||||
|
||||
$o = $n2->RC4 ($o);
|
||||
}
|
||||
}
|
||||
|
||||
#printf("\$u = %s\n", unpack ("H*", $u));
|
||||
|
||||
$u .= substr (pack ("H*", $u_save), 16, 16);
|
||||
|
||||
#printf("\$o = %s\n", unpack ("H*", $o));
|
||||
#printf("\$u = %s\n", unpack ("H*", $u));
|
||||
|
||||
my $hash = sprintf ('$pdf$%d*%d*128*%d*%d*16*%s*32*%s*32*%s', $V, $R, $P, $enc, $id, unpack ("H*", $u), unpack ("H*", $o));
|
||||
|
||||
return $hash;
|
||||
}
|
||||
|
||||
sub module_verify_hash
|
||||
{
|
||||
my $line = shift;
|
||||
|
||||
my ($hash_in, $word) = split ":", $line;
|
||||
|
||||
return unless defined $hash_in;
|
||||
return unless defined $word;
|
||||
|
||||
my @data = split /\*/, $hash_in;
|
||||
|
||||
return unless scalar @data == 11;
|
||||
|
||||
my $V = shift @data; $V = substr ($V, 5, 1);
|
||||
my $R = shift @data;
|
||||
return unless (shift @data eq '128'); # length is always 128 here
|
||||
my $P = shift @data;
|
||||
my $enc = shift @data;
|
||||
return unless (shift @data eq '16');
|
||||
my $id = shift @data;
|
||||
return unless (shift @data eq '32');
|
||||
my $u = shift @data;
|
||||
return unless (shift @data eq '32');
|
||||
my $o = shift @data;
|
||||
|
||||
return unless defined $id;
|
||||
return unless defined $word;
|
||||
|
||||
$word = pack_if_HEX_notation ($word);
|
||||
|
||||
my $new_hash = module_generate_hash ($word, $id, $u, $o, $P, $V, $R, $enc);
|
||||
|
||||
return ($new_hash, $word);
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in New Issue
Block a user