From eb4e845672b8c30bead8a4f17c1de53c45d26b7e Mon Sep 17 00:00:00 2001 From: Royce Williams Date: Sat, 23 May 2020 12:35:41 -0800 Subject: [PATCH 01/12] add hashcat's default mask for external use --- masks/hashcat-default.hcmask | 1 + 1 file changed, 1 insertion(+) create mode 100644 masks/hashcat-default.hcmask diff --git a/masks/hashcat-default.hcmask b/masks/hashcat-default.hcmask new file mode 100644 index 000000000..4ab0547ca --- /dev/null +++ b/masks/hashcat-default.hcmask @@ -0,0 +1 @@ +?l?d?u,?l?d,?l?d*!$@_,?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d From abd204565958e190dc32face7955047278623978 Mon Sep 17 00:00:00 2001 From: philsmd Date: Mon, 25 May 2020 10:58:08 +0200 Subject: [PATCH 02/12] fixes #2413: documentation of rule "*" was incorrect --- docs/rules.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/rules.txt b/docs/rules.txt index 622a9bc8d..52fba68ca 100644 --- a/docs/rules.txt +++ b/docs/rules.txt @@ -28,7 +28,7 @@ #define RULE_OP_MANGLE_DUPECHAR_ALL 'q' // duplicate all chars. ex: hello -> hheelllloo #define RULE_OP_MANGLE_SWITCH_FIRST 'k' // switches the first 2 chars. ex: hello -> ehllo #define RULE_OP_MANGLE_SWITCH_LAST 'K' // switches the last 2 chars. ex: hello -> helol -#define RULE_OP_MANGLE_SWITCH_AT '*' // switches the first 2 chars after pos N. ex: hello -> hlelo +#define RULE_OP_MANGLE_SWITCH_AT '*' // switches char at pos N with char at pos M. ex: hello -> holle #define RULE_OP_MANGLE_CHR_SHIFTL 'L' // bitwise shift left char at pos N. ex: hello0 -> hello` #define RULE_OP_MANGLE_CHR_SHIFTR 'R' // bitwise shift right char at pos N. ex: hello` -> hello0 #define RULE_OP_MANGLE_CHR_INCR '+' // bytewise increase at pos N. ex: hello0 -> hello1 @@ -42,7 +42,7 @@ /* With -j or -k only */ -#define RULE_OP_MANGLE_EXTRACT_MEMORY 'X' // insert substring delimited by N and M into current word at position I +#define RULE_OP_MANGLE_EXTRACT_MEMORY 'X' // insert substring delimited by N and M into current word at pos I #define RULE_OP_MANGLE_APPEND_MEMORY '4' // insert the word saved by 'M' at the end of current word #define RULE_OP_MANGLE_PREPEND_MEMORY '6' // insert the word saved by 'M' at the beginning of current word #define RULE_OP_MEMORIZE_WORD 'M' // memorize current word @@ -52,9 +52,9 @@ #define RULE_OP_REJECT_EQUAL '_' // reject plains of length not equal to N #define RULE_OP_REJECT_CONTAIN '!' // reject plains that contain char X #define RULE_OP_REJECT_NOT_CONTAIN '/' // reject plains that do not contain char X -#define RULE_OP_REJECT_EQUAL_FIRST '(' // reject plains that do not contain char X at first position -#define RULE_OP_REJECT_EQUAL_LAST ')' // reject plains that do not contain char X at last position -#define RULE_OP_REJECT_EQUAL_AT '=' // reject plains that do not contain char X at position N +#define RULE_OP_REJECT_EQUAL_FIRST '(' // reject plains that do not contain char X at first pos +#define RULE_OP_REJECT_EQUAL_LAST ')' // reject plains that do not contain char X at last pos +#define RULE_OP_REJECT_EQUAL_AT '=' // reject plains that do not contain char X at pos N #define RULE_OP_REJECT_CONTAINS '%' // reject plains that contain char X less than N times #define RULE_OP_REJECT_MEMORY 'Q' // reject plains that match the plain saved (see M), i.e. if unchanged -#define RULE_LAST_REJECTED_SAVED_POS 'p' // position of the character last found with '/' or '%' +#define RULE_LAST_REJECTED_SAVED_POS 'p' // pos of the character last found with '/' or '%' From edfe21b902c727a1f60e03decb30154358e97f37 Mon Sep 17 00:00:00 2001 From: philsmd Date: Mon, 25 May 2020 11:08:33 +0200 Subject: [PATCH 03/12] fixes #2390: RAR3-hp cracking w/ pass > 28 (pure kernel) + tests added --- OpenCL/m12500-pure.cl | 917 ++++++++++++++++++++++++++++++----- docs/changes.txt | 1 + src/modules/module_12500.c | 23 +- tools/test_modules/m12500.pm | 405 ++++++++++++++++ 4 files changed, 1218 insertions(+), 128 deletions(-) create mode 100644 tools/test_modules/m12500.pm diff --git a/OpenCL/m12500-pure.cl b/OpenCL/m12500-pure.cl index 24b0a8f05..eefd4b30d 100644 --- a/OpenCL/m12500-pure.cl +++ b/OpenCL/m12500-pure.cl @@ -17,14 +17,6 @@ #define ROUNDS 0x40000 -#define PUTCHAR(a,p,c) ((u8 *)(a))[(p)] = (u8) (c) -#define GETCHAR(a,p) ((u8 *)(a))[(p)] - -#define PUTCHAR_BE(a,p,c) ((u8 *)(a))[(p) ^ 3] = (u8) (c) -#define GETCHAR_BE(a,p) ((u8 *)(a))[(p) ^ 3] - -#define MIN(a,b) (((a) < (b)) ? (a) : (b)) - typedef struct pbkdf2_sha1 { u32 salt_buf[64]; @@ -33,7 +25,11 @@ typedef struct pbkdf2_sha1 typedef struct rar3_tmp { - u32 dgst[17][5]; + u32 dgst[5]; + + u32 w[66]; // 256 byte pass + 8 byte salt + + u32 iv[4]; } rar3_tmp_t; @@ -138,6 +134,627 @@ DECLSPEC void memcat8c_be (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 len, co } } +// only change in this function compared to OpenCL/inc_hash_sha1.cl is that it returns +// the expanded 64 byte buffer w0_t..wf_t in t[]: + +DECLSPEC void sha1_transform_rar29 (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, u32 *t) +{ + u32 a = digest[0]; + u32 b = digest[1]; + u32 c = digest[2]; + u32 d = digest[3]; + u32 e = digest[4]; + + #ifdef IS_CPU + + u32 w0_t = w0[0]; + u32 w1_t = w0[1]; + u32 w2_t = w0[2]; + u32 w3_t = w0[3]; + u32 w4_t = w1[0]; + u32 w5_t = w1[1]; + u32 w6_t = w1[2]; + u32 w7_t = w1[3]; + u32 w8_t = w2[0]; + u32 w9_t = w2[1]; + u32 wa_t = w2[2]; + u32 wb_t = w2[3]; + u32 wc_t = w3[0]; + u32 wd_t = w3[1]; + u32 we_t = w3[2]; + u32 wf_t = w3[3]; + + #define K SHA1C00 + + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w1_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w2_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w3_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w4_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w5_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w6_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w7_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w8_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w9_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, wa_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, wb_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, wc_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, wd_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, we_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, wf_t); + w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w0_t); + w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w1_t); + w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w2_t); + w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w3_t); + + #undef K + #define K SHA1C01 + + w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w4_t); + w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w5_t); + w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w6_t); + w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w7_t); + w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w8_t); + w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w9_t); + wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wa_t); + wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, wb_t); + wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, wc_t); + wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wd_t); + we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, we_t); + wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wf_t); + w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w0_t); + w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w1_t); + w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w2_t); + w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w3_t); + w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w4_t); + w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w5_t); + w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w6_t); + w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w7_t); + + #undef K + #define K SHA1C02 + + w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w8_t); + w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w9_t); + wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, wa_t); + wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, wb_t); + wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, wc_t); + wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, wd_t); + we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, we_t); + wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, wf_t); + w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w0_t); + w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w1_t); + w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w2_t); + w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w3_t); + w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w4_t); + w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w5_t); + w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w6_t); + w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w7_t); + w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w8_t); + w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w9_t); + wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, wa_t); + wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, wb_t); + + #undef K + #define K SHA1C03 + + wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, wc_t); + wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wd_t); + we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, we_t); + wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, wf_t); + w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w0_t); + w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w1_t); + w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w2_t); + w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w3_t); + w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w4_t); + w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w5_t); + w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w6_t); + w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w7_t); + w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w8_t); + w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w9_t); + wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wa_t); + wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, wb_t); + wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wc_t); + wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, wd_t); + we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, we_t); + wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wf_t); + + t[ 0] = w0_t; + t[ 1] = w1_t; + t[ 2] = w2_t; + t[ 3] = w3_t; + t[ 4] = w4_t; + t[ 5] = w5_t; + t[ 6] = w6_t; + t[ 7] = w7_t; + t[ 8] = w8_t; + t[ 9] = w9_t; + t[10] = wa_t; + t[11] = wb_t; + t[12] = wc_t; + t[13] = wd_t; + t[14] = we_t; + t[15] = wf_t; + + #undef K + + #else + + u32 w00_t = w0[0]; + u32 w01_t = w0[1]; + u32 w02_t = w0[2]; + u32 w03_t = w0[3]; + u32 w04_t = w1[0]; + u32 w05_t = w1[1]; + u32 w06_t = w1[2]; + u32 w07_t = w1[3]; + u32 w08_t = w2[0]; + u32 w09_t = w2[1]; + u32 w0a_t = w2[2]; + u32 w0b_t = w2[3]; + u32 w0c_t = w3[0]; + u32 w0d_t = w3[1]; + u32 w0e_t = w3[2]; + u32 w0f_t = w3[3]; + u32 w10_t; + u32 w11_t; + u32 w12_t; + u32 w13_t; + u32 w14_t; + u32 w15_t; + u32 w16_t; + u32 w17_t; + u32 w18_t; + u32 w19_t; + u32 w1a_t; + u32 w1b_t; + u32 w1c_t; + u32 w1d_t; + u32 w1e_t; + u32 w1f_t; + u32 w20_t; + u32 w21_t; + u32 w22_t; + u32 w23_t; + u32 w24_t; + u32 w25_t; + u32 w26_t; + u32 w27_t; + u32 w28_t; + u32 w29_t; + u32 w2a_t; + u32 w2b_t; + u32 w2c_t; + u32 w2d_t; + u32 w2e_t; + u32 w2f_t; + u32 w30_t; + u32 w31_t; + u32 w32_t; + u32 w33_t; + u32 w34_t; + u32 w35_t; + u32 w36_t; + u32 w37_t; + u32 w38_t; + u32 w39_t; + u32 w3a_t; + u32 w3b_t; + u32 w3c_t; + u32 w3d_t; + u32 w3e_t; + u32 w3f_t; + u32 w40_t; + u32 w41_t; + u32 w42_t; + u32 w43_t; + u32 w44_t; + u32 w45_t; + u32 w46_t; + u32 w47_t; + u32 w48_t; + u32 w49_t; + u32 w4a_t; + u32 w4b_t; + u32 w4c_t; + u32 w4d_t; + u32 w4e_t; + u32 w4f_t; + + #define K SHA1C00 + + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w00_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w01_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w02_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w03_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w04_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w05_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w06_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w07_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w08_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w09_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0a_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w0b_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w0c_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w0d_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w0e_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0f_t); + w10_t = hc_rotl32_S ((w0d_t ^ w08_t ^ w02_t ^ w00_t), 1u); SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w10_t); + w11_t = hc_rotl32_S ((w0e_t ^ w09_t ^ w03_t ^ w01_t), 1u); SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w11_t); + w12_t = hc_rotl32_S ((w0f_t ^ w0a_t ^ w04_t ^ w02_t), 1u); SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w12_t); + w13_t = hc_rotl32_S ((w10_t ^ w0b_t ^ w05_t ^ w03_t), 1u); SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w13_t); + + #undef K + #define K SHA1C01 + + w14_t = hc_rotl32_S ((w11_t ^ w0c_t ^ w06_t ^ w04_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w14_t); + w15_t = hc_rotl32_S ((w12_t ^ w0d_t ^ w07_t ^ w05_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w15_t); + w16_t = hc_rotl32_S ((w13_t ^ w0e_t ^ w08_t ^ w06_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w16_t); + w17_t = hc_rotl32_S ((w14_t ^ w0f_t ^ w09_t ^ w07_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w17_t); + w18_t = hc_rotl32_S ((w15_t ^ w10_t ^ w0a_t ^ w08_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w18_t); + w19_t = hc_rotl32_S ((w16_t ^ w11_t ^ w0b_t ^ w09_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w19_t); + w1a_t = hc_rotl32_S ((w17_t ^ w12_t ^ w0c_t ^ w0a_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w1a_t); + w1b_t = hc_rotl32_S ((w18_t ^ w13_t ^ w0d_t ^ w0b_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w1b_t); + w1c_t = hc_rotl32_S ((w19_t ^ w14_t ^ w0e_t ^ w0c_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w1c_t); + w1d_t = hc_rotl32_S ((w1a_t ^ w15_t ^ w0f_t ^ w0d_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w1d_t); + w1e_t = hc_rotl32_S ((w1b_t ^ w16_t ^ w10_t ^ w0e_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w1e_t); + w1f_t = hc_rotl32_S ((w1c_t ^ w17_t ^ w11_t ^ w0f_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w1f_t); + w20_t = hc_rotl32_S ((w1a_t ^ w10_t ^ w04_t ^ w00_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w20_t); + w21_t = hc_rotl32_S ((w1b_t ^ w11_t ^ w05_t ^ w01_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w21_t); + w22_t = hc_rotl32_S ((w1c_t ^ w12_t ^ w06_t ^ w02_t), 2u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w22_t); + w23_t = hc_rotl32_S ((w1d_t ^ w13_t ^ w07_t ^ w03_t), 2u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w23_t); + w24_t = hc_rotl32_S ((w1e_t ^ w14_t ^ w08_t ^ w04_t), 2u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w24_t); + w25_t = hc_rotl32_S ((w1f_t ^ w15_t ^ w09_t ^ w05_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w25_t); + w26_t = hc_rotl32_S ((w20_t ^ w16_t ^ w0a_t ^ w06_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w26_t); + w27_t = hc_rotl32_S ((w21_t ^ w17_t ^ w0b_t ^ w07_t), 2u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w27_t); + + #undef K + #define K SHA1C02 + + w28_t = hc_rotl32_S ((w22_t ^ w18_t ^ w0c_t ^ w08_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w28_t); + w29_t = hc_rotl32_S ((w23_t ^ w19_t ^ w0d_t ^ w09_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w29_t); + w2a_t = hc_rotl32_S ((w24_t ^ w1a_t ^ w0e_t ^ w0a_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w2a_t); + w2b_t = hc_rotl32_S ((w25_t ^ w1b_t ^ w0f_t ^ w0b_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w2b_t); + w2c_t = hc_rotl32_S ((w26_t ^ w1c_t ^ w10_t ^ w0c_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w2c_t); + w2d_t = hc_rotl32_S ((w27_t ^ w1d_t ^ w11_t ^ w0d_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w2d_t); + w2e_t = hc_rotl32_S ((w28_t ^ w1e_t ^ w12_t ^ w0e_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w2e_t); + w2f_t = hc_rotl32_S ((w29_t ^ w1f_t ^ w13_t ^ w0f_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w2f_t); + w30_t = hc_rotl32_S ((w2a_t ^ w20_t ^ w14_t ^ w10_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w30_t); + w31_t = hc_rotl32_S ((w2b_t ^ w21_t ^ w15_t ^ w11_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w31_t); + w32_t = hc_rotl32_S ((w2c_t ^ w22_t ^ w16_t ^ w12_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w32_t); + w33_t = hc_rotl32_S ((w2d_t ^ w23_t ^ w17_t ^ w13_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w33_t); + w34_t = hc_rotl32_S ((w2e_t ^ w24_t ^ w18_t ^ w14_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w34_t); + w35_t = hc_rotl32_S ((w2f_t ^ w25_t ^ w19_t ^ w15_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w35_t); + w36_t = hc_rotl32_S ((w30_t ^ w26_t ^ w1a_t ^ w16_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w36_t); + w37_t = hc_rotl32_S ((w31_t ^ w27_t ^ w1b_t ^ w17_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w37_t); + w38_t = hc_rotl32_S ((w32_t ^ w28_t ^ w1c_t ^ w18_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w38_t); + w39_t = hc_rotl32_S ((w33_t ^ w29_t ^ w1d_t ^ w19_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w39_t); + w3a_t = hc_rotl32_S ((w34_t ^ w2a_t ^ w1e_t ^ w1a_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w3a_t); + w3b_t = hc_rotl32_S ((w35_t ^ w2b_t ^ w1f_t ^ w1b_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w3b_t); + + #undef K + #define K SHA1C03 + + w3c_t = hc_rotl32_S ((w36_t ^ w2c_t ^ w20_t ^ w1c_t), 2u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w3c_t); + w3d_t = hc_rotl32_S ((w37_t ^ w2d_t ^ w21_t ^ w1d_t), 2u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w3d_t); + w3e_t = hc_rotl32_S ((w38_t ^ w2e_t ^ w22_t ^ w1e_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w3e_t); + w3f_t = hc_rotl32_S ((w39_t ^ w2f_t ^ w23_t ^ w1f_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w3f_t); + w40_t = hc_rotl32_S ((w34_t ^ w20_t ^ w08_t ^ w00_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w40_t); + w41_t = hc_rotl32_S ((w35_t ^ w21_t ^ w09_t ^ w01_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w41_t); + w42_t = hc_rotl32_S ((w36_t ^ w22_t ^ w0a_t ^ w02_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w42_t); + w43_t = hc_rotl32_S ((w37_t ^ w23_t ^ w0b_t ^ w03_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w43_t); + w44_t = hc_rotl32_S ((w38_t ^ w24_t ^ w0c_t ^ w04_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w44_t); + w45_t = hc_rotl32_S ((w39_t ^ w25_t ^ w0d_t ^ w05_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w45_t); + w46_t = hc_rotl32_S ((w3a_t ^ w26_t ^ w0e_t ^ w06_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w46_t); + w47_t = hc_rotl32_S ((w3b_t ^ w27_t ^ w0f_t ^ w07_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w47_t); + w48_t = hc_rotl32_S ((w3c_t ^ w28_t ^ w10_t ^ w08_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w48_t); + w49_t = hc_rotl32_S ((w3d_t ^ w29_t ^ w11_t ^ w09_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w49_t); + w4a_t = hc_rotl32_S ((w3e_t ^ w2a_t ^ w12_t ^ w0a_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w4a_t); + w4b_t = hc_rotl32_S ((w3f_t ^ w2b_t ^ w13_t ^ w0b_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w4b_t); + w4c_t = hc_rotl32_S ((w40_t ^ w2c_t ^ w14_t ^ w0c_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w4c_t); + w4d_t = hc_rotl32_S ((w41_t ^ w2d_t ^ w15_t ^ w0d_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w4d_t); + w4e_t = hc_rotl32_S ((w42_t ^ w2e_t ^ w16_t ^ w0e_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w4e_t); + w4f_t = hc_rotl32_S ((w43_t ^ w2f_t ^ w17_t ^ w0f_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w4f_t); + + t[ 0] = w40_t; + t[ 1] = w41_t; + t[ 2] = w42_t; + t[ 3] = w43_t; + t[ 4] = w44_t; + t[ 5] = w45_t; + t[ 6] = w46_t; + t[ 7] = w47_t; + t[ 8] = w48_t; + t[ 9] = w49_t; + t[10] = w4a_t; + t[11] = w4b_t; + t[12] = w4c_t; + t[13] = w4d_t; + t[14] = w4e_t; + t[15] = w4f_t; + + #undef K + #endif + + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; +} + +// only change in this function compared to OpenCL/inc_hash_sha1.cl is that +// it calls our modified sha1_transform_rar29 () function + +DECLSPEC void sha1_update_64_rar29 (sha1_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int bytes, u32 *t) +{ + MAYBE_VOLATILE const int pos = ctx->len & 63; + + int len = 64; + + if (bytes < 64) + { + len = bytes; + } + + ctx->len += len; + + if (pos == 0) + { + ctx->w0[0] = w0[0]; + ctx->w0[1] = w0[1]; + ctx->w0[2] = w0[2]; + ctx->w0[3] = w0[3]; + ctx->w1[0] = w1[0]; + ctx->w1[1] = w1[1]; + ctx->w1[2] = w1[2]; + ctx->w1[3] = w1[3]; + ctx->w2[0] = w2[0]; + ctx->w2[1] = w2[1]; + ctx->w2[2] = w2[2]; + ctx->w2[3] = w2[3]; + ctx->w3[0] = w3[0]; + ctx->w3[1] = w3[1]; + ctx->w3[2] = w3[2]; + ctx->w3[3] = w3[3]; + + if (len == 64) + { + sha1_transform_rar29 (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, t); + + ctx->w0[0] = 0; + ctx->w0[1] = 0; + ctx->w0[2] = 0; + ctx->w0[3] = 0; + ctx->w1[0] = 0; + ctx->w1[1] = 0; + ctx->w1[2] = 0; + ctx->w1[3] = 0; + ctx->w2[0] = 0; + ctx->w2[1] = 0; + ctx->w2[2] = 0; + ctx->w2[3] = 0; + ctx->w3[0] = 0; + ctx->w3[1] = 0; + ctx->w3[2] = 0; + ctx->w3[3] = 0; + } + } + else + { + if ((pos + len) < 64) + { + switch_buffer_by_offset_be_S (w0, w1, w2, w3, pos); + + ctx->w0[0] |= w0[0]; + ctx->w0[1] |= w0[1]; + ctx->w0[2] |= w0[2]; + ctx->w0[3] |= w0[3]; + ctx->w1[0] |= w1[0]; + ctx->w1[1] |= w1[1]; + ctx->w1[2] |= w1[2]; + ctx->w1[3] |= w1[3]; + ctx->w2[0] |= w2[0]; + ctx->w2[1] |= w2[1]; + ctx->w2[2] |= w2[2]; + ctx->w2[3] |= w2[3]; + ctx->w3[0] |= w3[0]; + ctx->w3[1] |= w3[1]; + ctx->w3[2] |= w3[2]; + ctx->w3[3] |= w3[3]; + } + else + { + u32 c0[4] = { 0 }; + u32 c1[4] = { 0 }; + u32 c2[4] = { 0 }; + u32 c3[4] = { 0 }; + + switch_buffer_by_offset_carry_be_S (w0, w1, w2, w3, c0, c1, c2, c3, pos); + + ctx->w0[0] |= w0[0]; + ctx->w0[1] |= w0[1]; + ctx->w0[2] |= w0[2]; + ctx->w0[3] |= w0[3]; + ctx->w1[0] |= w1[0]; + ctx->w1[1] |= w1[1]; + ctx->w1[2] |= w1[2]; + ctx->w1[3] |= w1[3]; + ctx->w2[0] |= w2[0]; + ctx->w2[1] |= w2[1]; + ctx->w2[2] |= w2[2]; + ctx->w2[3] |= w2[3]; + ctx->w3[0] |= w3[0]; + ctx->w3[1] |= w3[1]; + ctx->w3[2] |= w3[2]; + ctx->w3[3] |= w3[3]; + + sha1_transform_rar29 (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, t); + + ctx->w0[0] = c0[0]; + ctx->w0[1] = c0[1]; + ctx->w0[2] = c0[2]; + ctx->w0[3] = c0[3]; + ctx->w1[0] = c1[0]; + ctx->w1[1] = c1[1]; + ctx->w1[2] = c1[2]; + ctx->w1[3] = c1[3]; + ctx->w2[0] = c2[0]; + ctx->w2[1] = c2[1]; + ctx->w2[2] = c2[2]; + ctx->w2[3] = c2[3]; + ctx->w3[0] = c3[0]; + ctx->w3[1] = c3[1]; + ctx->w3[2] = c3[2]; + ctx->w3[3] = c3[3]; + } + } +} + +// main change in this function compared to OpenCL/inc_hash_sha1.cl is that +// we call sha1_update_64_rar29 () and sometimes replace w[] + +DECLSPEC void sha1_update_rar29 (sha1_ctx_t *ctx, u32 *w, const int len) +{ + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + MAYBE_VOLATILE const int pos = ctx->len & 63; + + int pos1 = 0; + int pos4 = 0; + + if (len > 64) // or: if (pos1 < (len - 64)) + { + w0[0] = w[pos4 + 0]; + w0[1] = w[pos4 + 1]; + w0[2] = w[pos4 + 2]; + w0[3] = w[pos4 + 3]; + w1[0] = w[pos4 + 4]; + w1[1] = w[pos4 + 5]; + w1[2] = w[pos4 + 6]; + w1[3] = w[pos4 + 7]; + w2[0] = w[pos4 + 8]; + w2[1] = w[pos4 + 9]; + w2[2] = w[pos4 + 10]; + w2[3] = w[pos4 + 11]; + w3[0] = w[pos4 + 12]; + w3[1] = w[pos4 + 13]; + w3[2] = w[pos4 + 14]; + w3[3] = w[pos4 + 15]; + + sha1_update_64 (ctx, w0, w1, w2, w3, 64); + + pos1 += 64; + pos4 += 16; + } + + for (int diff = 64 - pos; pos1 < len; pos1 += 64, pos4 += 16, diff += 64) + { + w0[0] = w[pos4 + 0]; + w0[1] = w[pos4 + 1]; + w0[2] = w[pos4 + 2]; + w0[3] = w[pos4 + 3]; + w1[0] = w[pos4 + 4]; + w1[1] = w[pos4 + 5]; + w1[2] = w[pos4 + 6]; + w1[3] = w[pos4 + 7]; + w2[0] = w[pos4 + 8]; + w2[1] = w[pos4 + 9]; + w2[2] = w[pos4 + 10]; + w2[3] = w[pos4 + 11]; + w3[0] = w[pos4 + 12]; + w3[1] = w[pos4 + 13]; + w3[2] = w[pos4 + 14]; + w3[3] = w[pos4 + 15]; + + // only major change in this function compared to OpenCL/inc_hash_sha1.cl: + + u32 t[17] = { 0 }; + + sha1_update_64_rar29 (ctx, w0, w1, w2, w3, len - pos1, t); + + + if ((diff + 63) >= len) break; + + // replaces 64 bytes (with offset diff) of the underlying data w[] with t[]: + + // for (int i = 0; i < 16; i++) t[i] = hc_swap32_S (t[i]); + + t[ 0] = hc_swap32_S (t[ 0]); // unroll seems to be faster + t[ 1] = hc_swap32_S (t[ 1]); + t[ 2] = hc_swap32_S (t[ 2]); + t[ 3] = hc_swap32_S (t[ 3]); + t[ 4] = hc_swap32_S (t[ 4]); + t[ 5] = hc_swap32_S (t[ 5]); + t[ 6] = hc_swap32_S (t[ 6]); + t[ 7] = hc_swap32_S (t[ 7]); + t[ 8] = hc_swap32_S (t[ 8]); + t[ 9] = hc_swap32_S (t[ 9]); + t[10] = hc_swap32_S (t[10]); + t[11] = hc_swap32_S (t[11]); + t[12] = hc_swap32_S (t[12]); + t[13] = hc_swap32_S (t[13]); + t[14] = hc_swap32_S (t[14]); + t[15] = hc_swap32_S (t[15]); + + const u32 n_idx = diff >> 2; + const u32 n_off = diff & 3; + + if (n_off) + { + const u32 off_mul = n_off << 3; + const u32 off_sub = 32 - off_mul; + + t[16] = (t[15] << off_sub); + t[15] = (t[15] >> off_mul) | (t[14] << off_sub); + t[14] = (t[14] >> off_mul) | (t[13] << off_sub); + t[13] = (t[13] >> off_mul) | (t[12] << off_sub); + t[12] = (t[12] >> off_mul) | (t[11] << off_sub); + t[11] = (t[11] >> off_mul) | (t[10] << off_sub); + t[10] = (t[10] >> off_mul) | (t[ 9] << off_sub); + t[ 9] = (t[ 9] >> off_mul) | (t[ 8] << off_sub); + t[ 8] = (t[ 8] >> off_mul) | (t[ 7] << off_sub); + t[ 7] = (t[ 7] >> off_mul) | (t[ 6] << off_sub); + t[ 6] = (t[ 6] >> off_mul) | (t[ 5] << off_sub); + t[ 5] = (t[ 5] >> off_mul) | (t[ 4] << off_sub); + t[ 4] = (t[ 4] >> off_mul) | (t[ 3] << off_sub); + t[ 3] = (t[ 3] >> off_mul) | (t[ 2] << off_sub); + t[ 2] = (t[ 2] >> off_mul) | (t[ 1] << off_sub); + t[ 1] = (t[ 1] >> off_mul) | (t[ 0] << off_sub); + t[ 0] = (t[ 0] >> off_mul); + } + + w[n_idx] &= 0xffffff00 << ((3 - n_off) << 3); + + w[n_idx] |= t[0]; + + w[n_idx + 1] = t[ 1]; + w[n_idx + 2] = t[ 2]; + w[n_idx + 3] = t[ 3]; + w[n_idx + 4] = t[ 4]; + w[n_idx + 5] = t[ 5]; + w[n_idx + 6] = t[ 6]; + w[n_idx + 7] = t[ 7]; + w[n_idx + 8] = t[ 8]; + w[n_idx + 9] = t[ 9]; + w[n_idx + 10] = t[10]; + w[n_idx + 11] = t[11]; + w[n_idx + 12] = t[12]; + w[n_idx + 13] = t[13]; + w[n_idx + 14] = t[14]; + w[n_idx + 15] = t[15]; + + // the final set is only meaningful: if (n_off) + + w[n_idx + 16] &= 0xffffffff >> (n_off << 3); + + w[n_idx + 16] |= t[16]; + } +} + KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) { /** @@ -148,19 +765,82 @@ KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) if (gid >= gid_max) return; - tmps[gid].dgst[0][0] = SHA1M_A; - tmps[gid].dgst[0][1] = SHA1M_B; - tmps[gid].dgst[0][2] = SHA1M_C; - tmps[gid].dgst[0][3] = SHA1M_D; - tmps[gid].dgst[0][4] = SHA1M_E; + tmps[gid].dgst[0] = SHA1M_A; + tmps[gid].dgst[1] = SHA1M_B; + tmps[gid].dgst[2] = SHA1M_C; + tmps[gid].dgst[3] = SHA1M_D; + tmps[gid].dgst[4] = SHA1M_E; - /** - * context save - */ + // store pass and salt in tmps: - sha1_ctx_t ctx; + const u32 pw_len = pws[gid].pw_len; - sha1_init (&ctx); + // first set the utf16le pass: + + u32 w[80] = { 0 }; + + for (u32 i = 0, j = 0, k = 0; i < pw_len; i += 16, j += 4, k += 8) + { + u32 a[4]; + + a[0] = pws[gid].i[j + 0]; + a[1] = pws[gid].i[j + 1]; + a[2] = pws[gid].i[j + 2]; + a[3] = pws[gid].i[j + 3]; + + u32 b[4]; + u32 c[4]; + + make_utf16le (a, b, c); + + w[k + 0] = hc_swap32_S (b[0]); + w[k + 1] = hc_swap32_S (b[1]); + w[k + 2] = hc_swap32_S (b[2]); + w[k + 3] = hc_swap32_S (b[3]); + w[k + 4] = hc_swap32_S (c[0]); + w[k + 5] = hc_swap32_S (c[1]); + w[k + 6] = hc_swap32_S (c[2]); + w[k + 7] = hc_swap32_S (c[3]); + } + + // append salt: + + const u32 salt_idx = (pw_len * 2) / 4; + const u32 salt_off = (pw_len * 2) & 3; + + u32 salt_buf[3]; + + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); // swap needed due to -O kernel + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = 0; + + // switch buffer by offset (can only be 0 or 2 because of utf16): + + if (salt_off == 2) // or just: if (salt_off) + { + salt_buf[2] = (salt_buf[1] << 16); + salt_buf[1] = (salt_buf[1] >> 16) | (salt_buf[0] << 16); + salt_buf[0] = (salt_buf[0] >> 16); + } + + w[salt_idx] |= salt_buf[0]; + + w[salt_idx + 1] = salt_buf[1]; + w[salt_idx + 2] = salt_buf[2]; + + // store initial w[] (pass and salt) in tmps: + + for (u32 i = 0; i < 66; i++) // unroll ? + { + tmps[gid].w[i] = w[i]; + } + + // iv: + + tmps[gid].iv[0] = 0; + tmps[gid].iv[1] = 0; + tmps[gid].iv[2] = 0; + tmps[gid].iv[3] = 0; } KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) @@ -175,62 +855,106 @@ KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) const u32 pw_len = pws[gid].pw_len; - u32 w[64] = { 0 }; + const u32 salt_len = 8; - for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + const u32 pw_salt_len = (pw_len * 2) + salt_len; + + const u32 p3 = pw_salt_len + 3; + + u32 w[80] = { 0 }; // 64 byte aligned + + for (u32 i = 0; i < 66; i++) // unroll ? { - w[idx] = pws[gid].i[idx]; + w[i] = tmps[gid].w[i]; } - u32 salt_buf[16]; - - salt_buf[ 0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[ 1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[ 2] = 0; - salt_buf[ 3] = 0; - salt_buf[ 4] = 0; - salt_buf[ 5] = 0; - salt_buf[ 6] = 0; - salt_buf[ 7] = 0; - salt_buf[ 8] = 0; - salt_buf[ 9] = 0; - salt_buf[10] = 0; - salt_buf[11] = 0; - salt_buf[12] = 0; - salt_buf[13] = 0; - salt_buf[14] = 0; - salt_buf[15] = 0; - - const u32 salt_len = 8; + // update IV: const u32 init_pos = loop_pos / (ROUNDS / 16); + sha1_ctx_t ctx_iv; + + sha1_init (&ctx_iv); + + ctx_iv.h[0] = tmps[gid].dgst[0]; + ctx_iv.h[1] = tmps[gid].dgst[1]; + ctx_iv.h[2] = tmps[gid].dgst[2]; + ctx_iv.h[3] = tmps[gid].dgst[3]; + ctx_iv.h[4] = tmps[gid].dgst[4]; + + ctx_iv.len = loop_pos * p3; + + sha1_update_rar29 (&ctx_iv, w, pw_salt_len); + + memcat8c_be (ctx_iv.w0, ctx_iv.w1, ctx_iv.w2, ctx_iv.w3, ctx_iv.len, hc_swap32_S (loop_pos), ctx_iv.h); + + ctx_iv.len += 3; + + + // copy the context from ctx_iv to ctx: + sha1_ctx_t ctx; - sha1_init (&ctx); + ctx.h[0] = ctx_iv.h[0]; + ctx.h[1] = ctx_iv.h[1]; + ctx.h[2] = ctx_iv.h[2]; + ctx.h[3] = ctx_iv.h[3]; + ctx.h[4] = ctx_iv.h[4]; - ctx.h[0] = tmps[gid].dgst[init_pos][0]; - ctx.h[1] = tmps[gid].dgst[init_pos][1]; - ctx.h[2] = tmps[gid].dgst[init_pos][2]; - ctx.h[3] = tmps[gid].dgst[init_pos][3]; - ctx.h[4] = tmps[gid].dgst[init_pos][4]; + ctx.w0[0] = ctx_iv.w0[0]; + ctx.w0[1] = ctx_iv.w0[1]; + ctx.w0[2] = ctx_iv.w0[2]; + ctx.w0[3] = ctx_iv.w0[3]; - for (u32 i = 0, j = loop_pos; i < 16384; i++, j++) + ctx.w1[0] = ctx_iv.w1[0]; + ctx.w1[1] = ctx_iv.w1[1]; + ctx.w1[2] = ctx_iv.w1[2]; + ctx.w1[3] = ctx_iv.w1[3]; + + ctx.w2[0] = ctx_iv.w2[0]; + ctx.w2[1] = ctx_iv.w2[1]; + ctx.w2[2] = ctx_iv.w2[2]; + ctx.w2[3] = ctx_iv.w2[3]; + + ctx.w3[0] = ctx_iv.w3[0]; + ctx.w3[1] = ctx_iv.w3[1]; + ctx.w3[2] = ctx_iv.w3[2]; + ctx.w3[3] = ctx_iv.w3[3]; + + ctx.len = p3; // or ctx_iv.len ? + + // final () for the IV byte: + + sha1_final (&ctx_iv); + + const u32 iv_idx = init_pos / 4; + const u32 iv_off = init_pos & 3; + + tmps[gid].iv[iv_idx] |= (ctx_iv.h[4] & 0xff) << (iv_off << 3); + + // main loop: + + for (u32 i = 0, j = (loop_pos + 1); i < 16383; i++, j++) { - sha1_update_utf16le_swap (&ctx, w, pw_len); - - sha1_update_swap (&ctx, salt_buf, salt_len); + sha1_update_rar29 (&ctx, w, pw_salt_len); memcat8c_be (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.len, hc_swap32_S (j), ctx.h); ctx.len += 3; } - tmps[gid].dgst[init_pos + 1][0] = ctx.h[0]; - tmps[gid].dgst[init_pos + 1][1] = ctx.h[1]; - tmps[gid].dgst[init_pos + 1][2] = ctx.h[2]; - tmps[gid].dgst[init_pos + 1][3] = ctx.h[3]; - tmps[gid].dgst[init_pos + 1][4] = ctx.h[4]; + tmps[gid].dgst[0] = ctx.h[0]; + tmps[gid].dgst[1] = ctx.h[1]; + tmps[gid].dgst[2] = ctx.h[2]; + tmps[gid].dgst[3] = ctx.h[3]; + tmps[gid].dgst[4] = ctx.h[4]; + + // only needed if pw_len > 28: + + for (u32 i = 0; i < 66; i++) // unroll ? + { + tmps[gid].w[i] = w[i]; + } } KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) @@ -298,43 +1022,19 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) const u32 pw_len = pws[gid].pw_len; - u32 w[64] = { 0 }; - - for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) - { - w[idx] = pws[gid].i[idx]; - } - - u32 salt_buf[16]; - - salt_buf[ 0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[ 1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[ 2] = 0; - salt_buf[ 3] = 0; - salt_buf[ 4] = 0; - salt_buf[ 5] = 0; - salt_buf[ 6] = 0; - salt_buf[ 7] = 0; - salt_buf[ 8] = 0; - salt_buf[ 9] = 0; - salt_buf[10] = 0; - salt_buf[11] = 0; - salt_buf[12] = 0; - salt_buf[13] = 0; - salt_buf[14] = 0; - salt_buf[15] = 0; - const u32 salt_len = 8; - const u32 p3 = (pw_len * 2) + salt_len + 3; + const u32 pw_salt_len = (pw_len * 2) + salt_len; + + const u32 p3 = pw_salt_len + 3; u32 h[5]; - h[0] = tmps[gid].dgst[16][0]; - h[1] = tmps[gid].dgst[16][1]; - h[2] = tmps[gid].dgst[16][2]; - h[3] = tmps[gid].dgst[16][3]; - h[4] = tmps[gid].dgst[16][4]; + h[0] = tmps[gid].dgst[0]; + h[1] = tmps[gid].dgst[1]; + h[2] = tmps[gid].dgst[2]; + h[3] = tmps[gid].dgst[3]; + h[4] = tmps[gid].dgst[4]; u32 w0[4]; u32 w1[4]; @@ -382,46 +1082,13 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) AES128_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; + u32 iv[2]; - iv[0] = 0; - iv[1] = 0; - iv[2] = 0; - iv[3] = 0; - - for (int i = 0; i < 16; i++) - { - sha1_ctx_t ctx; - - sha1_init (&ctx); - - ctx.h[0] = tmps[gid].dgst[i][0]; - ctx.h[1] = tmps[gid].dgst[i][1]; - ctx.h[2] = tmps[gid].dgst[i][2]; - ctx.h[3] = tmps[gid].dgst[i][3]; - ctx.h[4] = tmps[gid].dgst[i][4]; - - const u32 iter_pos = i * (ROUNDS / 16); - - ctx.len = iter_pos * p3; - - sha1_update_utf16le_swap (&ctx, w, pw_len); - - sha1_update_swap (&ctx, salt_buf, salt_len); - - memcat8c_be (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.len, hc_swap32_S (iter_pos), ctx.h); - - ctx.len += 3; - - sha1_final (&ctx); - - PUTCHAR (iv, i, ctx.h[4] & 0xff); - } + iv[0] = tmps[gid].iv[0]; + iv[1] = tmps[gid].iv[1]; out[0] ^= hc_swap32_S (iv[0]); out[1] ^= hc_swap32_S (iv[1]); - out[2] ^= hc_swap32_S (iv[2]); - out[3] ^= hc_swap32_S (iv[3]); const u32 r0 = out[0]; const u32 r1 = out[1]; diff --git a/docs/changes.txt b/docs/changes.txt index afdd8b716..20e930f62 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -85,6 +85,7 @@ - Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16 - Fixed cracking of Electrum Wallet Salt-Type 2 hashes - Fixed cracking of NetNTLMv1 passwords in mask-attack mode if mask > length 16 (optimized kernels only) +- Fixed cracking of RAR3-hp hashes with passwords longer than 28 bytes with pure kernel - Fixed cracking of VeraCrypt Streebog-512 hashes (CPU only) - Fixed cracking raw Streebog-HMAC 256 and 512 hashes with password of length >= 64 - Fixed cracking raw Whirlpool hashes cracking with password of length >= 32 diff --git a/src/modules/module_12500.c b/src/modules/module_12500.c index 6e5c46635..45540e0d4 100644 --- a/src/modules/module_12500.c +++ b/src/modules/module_12500.c @@ -42,16 +42,33 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, typedef struct rar3_tmp { - u32 dgst[17][5]; + u32 dgst[5]; + + u32 w[66]; // 256 byte pass + 8 byte salt + + u32 iv[4]; } rar3_tmp_t; +typedef struct rar3_tmp_optimized +{ + u32 dgst[17][5]; + +} rar3_tmp_optimized_t; + static const int ROUNDS_RAR3 = 262144; static const char *SIGNATURE_RAR3 = "$RAR3$"; u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u64 tmp_size = (const u64) sizeof (rar3_tmp_t); + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); + + u64 tmp_size = (u64) sizeof (rar3_tmp_t); + + if (optimized_kernel == true) + { + tmp_size = (u64) sizeof (rar3_tmp_optimized_t); + } return tmp_size; } @@ -74,7 +91,7 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con { const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); - u32 pw_max = PW_MAX; + u32 pw_max = 127; if (optimized_kernel == true) { diff --git a/tools/test_modules/m12500.pm b/tools/test_modules/m12500.pm new file mode 100644 index 000000000..155683a15 --- /dev/null +++ b/tools/test_modules/m12500.pm @@ -0,0 +1,405 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::SHA; +use Crypt::CBC; +use Encode; + +sub module_constraints { [[0, 127], [8, 8], [0, 20], [8, 8], [-1, -1]] } + +my $ITERATIONS = 0x40000; + +my $FIXED_RAW_STRING = pack ("H*", "c43d7b00400700000000000000000000"); + +my $SHA1C00 = 0x5a827999; +my $SHA1C01 = 0x6ed9eba1; +my $SHA1C02 = 0x8f1bbcdc; +my $SHA1C03 = 0xca62c1d6; + +my $SHA1M_A = 0x67452301; +my $SHA1M_B = 0xefcdab89; +my $SHA1M_C = 0x98badcfe; +my $SHA1M_D = 0x10325476; +my $SHA1M_E = 0xc3d2e1f0; + +sub rotl32 +{ + my $x = shift; + my $n = shift; + + return (($x << $n) | ($x >> (32 - $n))) & 0xffffffff; +} + +sub blk +{ + my $b = shift; + my $i = shift; + + $$b[$i & 15] = rotl32 ($$b[($i + 13) & 15] ^ + $$b[($i + 8) & 15] ^ + $$b[($i + 2) & 15] ^ + $$b[($i + 0) & 15], 1); + + return $$b[$i & 15]; +} + +sub R0 +{ + my ($b, $v, $w, $x, $y, $z, $i) = @_; + + $$b[$i] = unpack ("L<", pack ("L>", $$b[$i])); # blk0 or just swap_byte32 () + + $z += (($w & ($x ^ $y)) ^ $y) + $$b[$i] + $SHA1C00 + rotl32 ($v, 5); + + $z &= 0xffffffff; + + $w = rotl32 ($w, 30); + + return ($z, $w); +} + +sub R1 +{ + my ($b, $v, $w, $x, $y, $z, $i) = @_; + + $z += (($w & ($x ^ $y)) ^ $y) + blk ($b, $i) + $SHA1C00 + rotl32 ($v, 5); + + $z &= 0xffffffff; + + $w = rotl32 ($w, 30); + + return ($z, $w); +} + +sub R2 +{ + my ($b, $v, $w, $x, $y, $z, $i) = @_; + + $z += ($w ^ $x ^ $y) + blk ($b, $i) + $SHA1C01 + rotl32 ($v, 5); + + $z &= 0xffffffff; + + $w = rotl32 ($w, 30); + + return ($z, $w); +} + +sub R3 +{ + my ($b, $v, $w, $x, $y, $z, $i) = @_; + + $z += ((($w | $x) & $y) | ($w & $x)) + blk ($b, $i) + $SHA1C02 + rotl32 ($v, 5); + + $z &= 0xffffffff; + + $w = rotl32 ($w, 30); + + return ($z, $w); +} + +sub R4 +{ + my ($b, $v, $w, $x, $y, $z, $i) = @_; + + $z += ($w ^ $x ^ $y) + blk ($b, $i) + $SHA1C03 + rotl32 ($v, 5); + + $z &= 0xffffffff; + + $w = rotl32 ($w, 30); + + return ($z, $w); +} + +sub sha1_transform +{ + my ($state, $buffer) = @_; + + my @block = unpack ("L<*", $$buffer); + + my $a = $$state[0]; + my $b = $$state[1]; + my $c = $$state[2]; + my $d = $$state[3]; + my $e = $$state[4]; + + ($e, $b) = R0 (\@block, $a, $b, $c, $d, $e, 0); + ($d, $a) = R0 (\@block, $e, $a, $b, $c, $d, 1); + ($c, $e) = R0 (\@block, $d, $e, $a, $b, $c, 2); + ($b, $d) = R0 (\@block, $c, $d, $e, $a, $b, 3); + + ($a, $c) = R0 (\@block, $b, $c, $d, $e, $a, 4); + ($e, $b) = R0 (\@block, $a, $b, $c, $d, $e, 5); + ($d, $a) = R0 (\@block, $e, $a, $b, $c, $d, 6); + ($c, $e) = R0 (\@block, $d, $e, $a, $b, $c, 7); + + ($b, $d) = R0 (\@block, $c, $d, $e, $a, $b, 8); + ($a, $c) = R0 (\@block, $b, $c, $d, $e, $a, 9); + ($e, $b) = R0 (\@block, $a, $b, $c, $d, $e, 10); + ($d, $a) = R0 (\@block, $e, $a, $b, $c, $d, 11); + + ($c, $e) = R0 (\@block, $d, $e, $a, $b, $c, 12); + ($b, $d) = R0 (\@block, $c, $d, $e, $a, $b, 13); + ($a, $c) = R0 (\@block, $b, $c, $d, $e, $a, 14); + ($e, $b) = R0 (\@block, $a, $b, $c, $d, $e, 15); + + ($d, $a) = R1 (\@block, $e, $a, $b, $c, $d, 16); + ($c, $e) = R1 (\@block, $d, $e, $a, $b, $c, 17); + ($b, $d) = R1 (\@block, $c, $d, $e, $a, $b, 18); + ($a, $c) = R1 (\@block, $b, $c, $d, $e, $a, 19); + + ($e, $b) = R2 (\@block, $a, $b, $c, $d, $e, 20); + ($d, $a) = R2 (\@block, $e, $a, $b, $c, $d, 21); + ($c, $e) = R2 (\@block, $d, $e, $a, $b, $c, 22); + ($b, $d) = R2 (\@block, $c, $d, $e, $a, $b, 23); + + ($a, $c) = R2 (\@block, $b, $c, $d, $e, $a, 24); + ($e, $b) = R2 (\@block, $a, $b, $c, $d, $e, 25); + ($d, $a) = R2 (\@block, $e, $a, $b, $c, $d, 26); + ($c, $e) = R2 (\@block, $d, $e, $a, $b, $c, 27); + + ($b, $d) = R2 (\@block, $c, $d, $e, $a, $b, 28); + ($a, $c) = R2 (\@block, $b, $c, $d, $e, $a, 29); + ($e, $b) = R2 (\@block, $a, $b, $c, $d, $e, 30); + ($d, $a) = R2 (\@block, $e, $a, $b, $c, $d, 31); + + ($c, $e) = R2 (\@block, $d, $e, $a, $b, $c, 32); + ($b, $d) = R2 (\@block, $c, $d, $e, $a, $b, 33); + ($a, $c) = R2 (\@block, $b, $c, $d, $e, $a, 34); + ($e, $b) = R2 (\@block, $a, $b, $c, $d, $e, 35); + + ($d, $a) = R2 (\@block, $e, $a, $b, $c, $d, 36); + ($c, $e) = R2 (\@block, $d, $e, $a, $b, $c, 37); + ($b, $d) = R2 (\@block, $c, $d, $e, $a, $b, 38); + ($a, $c) = R2 (\@block, $b, $c, $d, $e, $a, 39); + + ($e, $b) = R3 (\@block, $a, $b, $c, $d, $e, 40); + ($d, $a) = R3 (\@block, $e, $a, $b, $c, $d, 41); + ($c, $e) = R3 (\@block, $d, $e, $a, $b, $c, 42); + ($b, $d) = R3 (\@block, $c, $d, $e, $a, $b, 43); + + ($a, $c) = R3 (\@block, $b, $c, $d, $e, $a, 44); + ($e, $b) = R3 (\@block, $a, $b, $c, $d, $e, 45); + ($d, $a) = R3 (\@block, $e, $a, $b, $c, $d, 46); + ($c, $e) = R3 (\@block, $d, $e, $a, $b, $c, 47); + + ($b, $d) = R3 (\@block, $c, $d, $e, $a, $b, 48); + ($a, $c) = R3 (\@block, $b, $c, $d, $e, $a, 49); + ($e, $b) = R3 (\@block, $a, $b, $c, $d, $e, 50); + ($d, $a) = R3 (\@block, $e, $a, $b, $c, $d, 51); + + ($c, $e) = R3 (\@block, $d, $e, $a, $b, $c, 52); + ($b, $d) = R3 (\@block, $c, $d, $e, $a, $b, 53); + ($a, $c) = R3 (\@block, $b, $c, $d, $e, $a, 54); + ($e, $b) = R3 (\@block, $a, $b, $c, $d, $e, 55); + + ($d, $a) = R3 (\@block, $e, $a, $b, $c, $d, 56); + ($c, $e) = R3 (\@block, $d, $e, $a, $b, $c, 57); + ($b, $d) = R3 (\@block, $c, $d, $e, $a, $b, 58); + ($a, $c) = R3 (\@block, $b, $c, $d, $e, $a, 59); + + ($e, $b) = R4 (\@block, $a, $b, $c, $d, $e, 60); + ($d, $a) = R4 (\@block, $e, $a, $b, $c, $d, 61); + ($c, $e) = R4 (\@block, $d, $e, $a, $b, $c, 62); + ($b, $d) = R4 (\@block, $c, $d, $e, $a, $b, 63); + + ($a, $c) = R4 (\@block, $b, $c, $d, $e, $a, 64); + ($e, $b) = R4 (\@block, $a, $b, $c, $d, $e, 65); + ($d, $a) = R4 (\@block, $e, $a, $b, $c, $d, 66); + ($c, $e) = R4 (\@block, $d, $e, $a, $b, $c, 67); + + ($b, $d) = R4 (\@block, $c, $d, $e, $a, $b, 68); + ($a, $c) = R4 (\@block, $b, $c, $d, $e, $a, 69); + ($e, $b) = R4 (\@block, $a, $b, $c, $d, $e, 70); + ($d, $a) = R4 (\@block, $e, $a, $b, $c, $d, 71); + + ($c, $e) = R4 (\@block, $d, $e, $a, $b, $c, 72); + ($b, $d) = R4 (\@block, $c, $d, $e, $a, $b, 73); + ($a, $c) = R4 (\@block, $b, $c, $d, $e, $a, 74); + ($e, $b) = R4 (\@block, $a, $b, $c, $d, $e, 75); + + ($d, $a) = R4 (\@block, $e, $a, $b, $c, $d, 76); + ($c, $e) = R4 (\@block, $d, $e, $a, $b, $c, 77); + ($b, $d) = R4 (\@block, $c, $d, $e, $a, $b, 78); + ($a, $c) = R4 (\@block, $b, $c, $d, $e, $a, 79); + + $$state[0] = ($$state[0] + $a) & 0xffffffff; + $$state[1] = ($$state[1] + $b) & 0xffffffff; + $$state[2] = ($$state[2] + $c) & 0xffffffff; + $$state[3] = ($$state[3] + $d) & 0xffffffff; + $$state[4] = ($$state[4] + $e) & 0xffffffff; + + $$buffer = pack ("L<*", @block); +} + +sub sha1_getstate +{ + my $ctx = shift; + + my $info = $ctx->getstate; + + # state: + + my $idx = index ($info, "H:"); + + my $state = substr ($info, $idx + 2, 44); + + $state =~ s/://g; + + my @state_arr = unpack ("L>*", pack ("H*", $state)); + + # block: + + $idx = index ($info, "block:"); + + my $block = substr ($info, $idx + 6, 191); + + $block =~ s/://g; + + $block = pack ("H*", $block); + + + return (\@state_arr, $block); +} + +sub sha1_update_rar29 +{ + my $ctx = shift; + my $data = shift; + my $len = shift; + my $count = shift; + + my $ctx_orig = $ctx->clone; + + $ctx->add ($$data); + + + # two early exits from this function, if (strange data) manipulation is not needed: + + my $j = $count & 63; + + return if (($j + $len) <= 63); + + + my $i = 64 - $j; + + return if (($i + 63) >= $len); + + + # proceed with updating $data: + + my ($state, $block) = sha1_getstate ($ctx_orig); + + + substr ($block, $j, $i) = substr ($$data, 0, $i); + + sha1_transform ($state, \$block); + + + while (($i + 63) < $len) + { + my $workspace = substr ($$data, $i, 64); + + sha1_transform ($state, \$workspace); + + substr ($$data, $i, 64) = $workspace; + + $i += 64; + } +} + +sub module_generate_hash +{ + my $pass = shift; + my $salt = shift; + + # convert to utf16le: + + my $buf = encode ("UTF-16LE", $pass); + + # add the salt to the password buffer: + + $buf .= $salt; + + my $len = length ($buf); + + my $count = 0; + + my $ctx = Digest::SHA->new ('SHA1'); + + my $iv = ""; + + # main loop: + + for (my $i = 0; $i < $ITERATIONS; $i++) + { + sha1_update_rar29 ($ctx, \$buf, $len, $count); + + $count += $len; + + my $pos = substr (pack ("L<", $i), 0, 3); + + $ctx->add ($pos); + + $count += 3; + + if (($i & 0x3fff) == 0) + { + my $dgst = $ctx->clone->digest; + + $iv .= substr ($dgst, 19, 1); + } + } + + my $k = $ctx->digest; + + $k = pack ("L<*", unpack ("L>4", $k)); # byte swap the first 4 * 4 = 16 bytes + + my $aes = Crypt::CBC->new ( + -cipher => "Crypt::Rijndael", + -key => $k, + -iv => $iv, + -keysize => 16, + -literal_key => 1, + -header => 'none'); + + my $hash = $aes->encrypt ($FIXED_RAW_STRING); + + return sprintf ("\$RAR3\$*0*%s*%s", unpack ("H*", $salt), unpack ("H*", substr ($hash, 0, 16))); +} + +sub module_verify_hash +{ + my $line = shift; + + my $idx = index ($line, ':'); + + return if ($idx < 1); + + my $hash = substr ($line, 0, $idx); + my $word = substr ($line, $idx + 1); + + return if (substr ($hash, 0, 9) ne "\$RAR3\$*0*"); + + $idx = index ($hash, '*', 9); + + return if ($idx < 1); + + my $salt = substr ($hash, 9, $idx - 9); + + $salt = pack ("H*", $salt); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt); + + return ($new_hash, $word); +} + +1; From f382d24dcf147e97d8c0bb8c5e4ba423fc69059a Mon Sep 17 00:00:00 2001 From: philsmd Date: Mon, 25 May 2020 11:30:45 +0200 Subject: [PATCH 04/12] fixes #2365: NSEC3 dot replace and empty salt/domain fix --- OpenCL/m08300_a0-optimized.cl | 201 ++++++++++++++++++++++++++++++++-- OpenCL/m08300_a0-pure.cl | 62 ++++++++++- OpenCL/m08300_a1-optimized.cl | 201 ++++++++++++++++++++++++++++++++-- OpenCL/m08300_a1-pure.cl | 80 ++++++++++++-- OpenCL/m08300_a3-optimized.cl | 174 ++++++++++++++++++++++++++++- OpenCL/m08300_a3-pure.cl | 129 +++++++++++++++++++++- docs/changes.txt | 1 + src/modules/module_08300.c | 9 +- tools/test_modules/m08300.pm | 15 ++- 9 files changed, 821 insertions(+), 51 deletions(-) diff --git a/OpenCL/m08300_a0-optimized.cl b/OpenCL/m08300_a0-optimized.cl index d9461bd26..62d964fe2 100644 --- a/OpenCL/m08300_a0-optimized.cl +++ b/OpenCL/m08300_a0-optimized.cl @@ -16,6 +16,113 @@ #include "inc_hash_sha1.cl" #endif +const u32 replace_dots (u32 *w, const u32 idx, const u32 old_len, const u32 pw_len) +{ + const u32 min_len = idx << 4; // 2 ^ 4 = 16 for each u32 w[4] + + if (pw_len <= min_len) return 0; + + const u32 max_len = pw_len - min_len - 1; + + const u32 start_pos = (max_len < 15) ? max_len : 15; + + u32 cur_len = old_len; + + for (int pos = (int) start_pos; pos >= 0; pos--) + { + const u32 div = pos / 4; + const u32 mod = pos & 3; + const u32 sht = mod << 3; + + if (((w[div] >> sht) & 0xff) == 0x2e) // '.' + { + w[div] += (cur_len - 0x2e) << sht; + + cur_len = 0; + } + else + { + cur_len++; + } + } + + return cur_len; +} + +const u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) +{ + u32 cur_len = 0; + + // loop over w3...w0 (4 * 16 = 64 bytes): + + cur_len = replace_dots (w3, 3, cur_len, pw_len); + cur_len = replace_dots (w2, 2, cur_len, pw_len); + cur_len = replace_dots (w1, 1, cur_len, pw_len); + cur_len = replace_dots (w0, 0, cur_len, pw_len); + + return cur_len; +} + +#define REPLACE_DOT_BY_LEN_VECT(n) \ + if (out_len.s##n > 0) \ + { \ + u32 tmp0[4]; \ + \ + tmp0[0] = w0_t[0].s##n; \ + tmp0[1] = w0_t[1].s##n; \ + tmp0[2] = w0_t[2].s##n; \ + tmp0[3] = w0_t[3].s##n; \ + \ + u32 tmp1[4]; \ + \ + tmp1[0] = w1_t[0].s##n; \ + tmp1[1] = w1_t[1].s##n; \ + tmp1[2] = w1_t[2].s##n; \ + tmp1[3] = w1_t[3].s##n; \ + \ + u32 tmp2[4]; \ + \ + tmp2[0] = w2_t[0].s##n; \ + tmp2[1] = w2_t[1].s##n; \ + tmp2[2] = w2_t[2].s##n; \ + tmp2[3] = w2_t[3].s##n; \ + \ + u32 tmp3[4]; \ + \ + tmp3[0] = w3_t[0].s##n; \ + tmp3[1] = w3_t[1].s##n; \ + tmp3[2] = w3_t[2].s##n; \ + tmp3[3] = w3_t[3].s##n; \ + \ + const u32 len = replace_dot_by_len (tmp0, tmp1, tmp2, tmp3, out_len.s##n); \ + \ + switch_buffer_by_offset_le_S (tmp0, tmp1, tmp2, tmp3, 1); \ + \ + tmp0[0] |= len & 0xff; \ + \ + w0_t[0].s##n = tmp0[0]; \ + w0_t[1].s##n = tmp0[1]; \ + w0_t[2].s##n = tmp0[2]; \ + w0_t[3].s##n = tmp0[3]; \ + \ + w1_t[0].s##n = tmp1[0]; \ + w1_t[1].s##n = tmp1[1]; \ + w1_t[2].s##n = tmp1[2]; \ + w1_t[3].s##n = tmp1[3]; \ + \ + w2_t[0].s##n = tmp2[0]; \ + w2_t[1].s##n = tmp2[1]; \ + w2_t[2].s##n = tmp2[2]; \ + w2_t[3].s##n = tmp2[3]; \ + \ + w3_t[0].s##n = tmp3[0]; \ + w3_t[1].s##n = tmp3[1]; \ + w3_t[2].s##n = tmp3[2]; \ + w3_t[3].s##n = tmp3[3]; \ + \ + out_len.s##n++; \ + } + KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ()) { /** @@ -91,7 +198,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ()) u32x w2[4] = { 0 }; u32x w3[4] = { 0 }; - const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); /** * salt @@ -119,9 +226,44 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ()) w3_t[2] = w3[2]; w3_t[3] = w3[3]; - switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1); + // replace "." with the length: - w0_t[0] |= out_len & 0xff; + #if VECT_SIZE == 1 + if (out_len > 0) + { + const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, out_len); + + switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1); + + w0_t[0] |= len & 0xff; + + out_len++; + } + #endif + #if VECT_SIZE >= 2 + REPLACE_DOT_BY_LEN_VECT (0) + REPLACE_DOT_BY_LEN_VECT (1) + #endif + #if VECT_SIZE >= 4 + REPLACE_DOT_BY_LEN_VECT (2) + REPLACE_DOT_BY_LEN_VECT (3) + #endif + #if VECT_SIZE >= 8 + REPLACE_DOT_BY_LEN_VECT (4) + REPLACE_DOT_BY_LEN_VECT (5) + REPLACE_DOT_BY_LEN_VECT (6) + REPLACE_DOT_BY_LEN_VECT (7) + #endif + #if VECT_SIZE >= 16 + REPLACE_DOT_BY_LEN_VECT (8) + REPLACE_DOT_BY_LEN_VECT (9) + REPLACE_DOT_BY_LEN_VECT (a) + REPLACE_DOT_BY_LEN_VECT (b) + REPLACE_DOT_BY_LEN_VECT (c) + REPLACE_DOT_BY_LEN_VECT (d) + REPLACE_DOT_BY_LEN_VECT (e) + REPLACE_DOT_BY_LEN_VECT (f) + #endif u32x s0[4]; u32x s1[4]; @@ -145,7 +287,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + out_len); + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len); w0_t[0] |= s0[0]; w0_t[1] |= s0[1]; @@ -181,7 +323,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + out_len + domain_len + 1); + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len + domain_len + 1); w0_t[0] |= s0[0]; w0_t[1] |= s0[1]; @@ -219,7 +361,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ()) w3_t[0] = hc_swap32 (w3_t[0]); w3_t[1] = hc_swap32 (w3_t[1]); w3_t[2] = 0; - w3_t[3] = (1 + out_len + domain_len + 1 + salt_len) * 8; + w3_t[3] = (out_len + domain_len + 1 + salt_len) * 8; u32x digest[5]; @@ -360,7 +502,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ()) u32x w2[4] = { 0 }; u32x w3[4] = { 0 }; - const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); /** * salt @@ -388,9 +530,44 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ()) w3_t[2] = w3[2]; w3_t[3] = w3[3]; - switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1); + // replace "." with the length: - w0_t[0] |= out_len & 0xff; + #if VECT_SIZE == 1 + if (out_len > 0) + { + const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, out_len); + + switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1); + + w0_t[0] |= len & 0xff; + + out_len++; + } + #endif + #if VECT_SIZE >= 2 + REPLACE_DOT_BY_LEN_VECT (0) + REPLACE_DOT_BY_LEN_VECT (1) + #endif + #if VECT_SIZE >= 4 + REPLACE_DOT_BY_LEN_VECT (2) + REPLACE_DOT_BY_LEN_VECT (3) + #endif + #if VECT_SIZE >= 8 + REPLACE_DOT_BY_LEN_VECT (4) + REPLACE_DOT_BY_LEN_VECT (5) + REPLACE_DOT_BY_LEN_VECT (6) + REPLACE_DOT_BY_LEN_VECT (7) + #endif + #if VECT_SIZE >= 16 + REPLACE_DOT_BY_LEN_VECT (8) + REPLACE_DOT_BY_LEN_VECT (9) + REPLACE_DOT_BY_LEN_VECT (a) + REPLACE_DOT_BY_LEN_VECT (b) + REPLACE_DOT_BY_LEN_VECT (c) + REPLACE_DOT_BY_LEN_VECT (d) + REPLACE_DOT_BY_LEN_VECT (e) + REPLACE_DOT_BY_LEN_VECT (f) + #endif u32x s0[4]; u32x s1[4]; @@ -414,7 +591,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + out_len); + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len); w0_t[0] |= s0[0]; w0_t[1] |= s0[1]; @@ -450,7 +627,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + out_len + domain_len + 1); + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len + domain_len + 1); w0_t[0] |= s0[0]; w0_t[1] |= s0[1]; @@ -488,7 +665,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ()) w3_t[0] = hc_swap32 (w3_t[0]); w3_t[1] = hc_swap32 (w3_t[1]); w3_t[2] = 0; - w3_t[3] = (1 + out_len + domain_len + 1 + salt_len) * 8; + w3_t[3] = (out_len + domain_len + 1 + salt_len) * 8; u32x digest[5]; diff --git a/OpenCL/m08300_a0-pure.cl b/OpenCL/m08300_a0-pure.cl index 7bf1156fd..66d4cea99 100644 --- a/OpenCL/m08300_a0-pure.cl +++ b/OpenCL/m08300_a0-pure.cl @@ -67,11 +67,36 @@ KERNEL_FQ void m08300_mxx (KERN_ATTR_RULES ()) sha1_init (&ctx1); - ctx1.w0[0] = (tmp.pw_len & 0xff) << 24; + // replace "." with the length: - ctx1.len = 1; + if (tmp.pw_len > 0) + { + u32 len = 0; - sha1_update_swap (&ctx1, tmp.i, tmp.pw_len); + for (int pos = tmp.pw_len - 1; pos >= 0; pos--) + { + const u32 div = pos / 4; + const u32 mod = pos & 3; + const u32 sht = mod << 3; + + if (((tmp.i[div] >> sht) & 0xff) == 0x2e) // '.' + { + tmp.i[div] += (len - 0x2e) << sht; + + len = 0; + + continue; + } + + len++; + } + + ctx1.w0[0] = (len & 0xff) << 24; + + ctx1.len = 1; + + sha1_update_swap (&ctx1, tmp.i, tmp.pw_len); + } sha1_update (&ctx1, s_pc, salt_len_pc + 1); @@ -186,11 +211,36 @@ KERNEL_FQ void m08300_sxx (KERN_ATTR_RULES ()) sha1_init (&ctx1); - ctx1.w0[0] = (tmp.pw_len & 0xff) << 24; + // replace "." with the length: - ctx1.len = 1; + if (tmp.pw_len > 0) + { + u32 len = 0; - sha1_update_swap (&ctx1, tmp.i, tmp.pw_len); + for (int pos = tmp.pw_len - 1; pos >= 0; pos--) + { + const u32 div = pos / 4; + const u32 mod = pos & 3; + const u32 sht = mod << 3; + + if (((tmp.i[div] >> sht) & 0xff) == 0x2e) // '.' + { + tmp.i[div] += (len - 0x2e) << sht; + + len = 0; + + continue; + } + + len++; + } + + ctx1.w0[0] = (len & 0xff) << 24; + + ctx1.len = 1; + + sha1_update_swap (&ctx1, tmp.i, tmp.pw_len); + } sha1_update (&ctx1, s_pc, salt_len_pc + 1); diff --git a/OpenCL/m08300_a1-optimized.cl b/OpenCL/m08300_a1-optimized.cl index a669c739d..a5e3df1e4 100644 --- a/OpenCL/m08300_a1-optimized.cl +++ b/OpenCL/m08300_a1-optimized.cl @@ -14,6 +14,113 @@ #include "inc_hash_sha1.cl" #endif +const u32 replace_dots (u32 *w, const u32 idx, const u32 old_len, const u32 pw_len) +{ + const u32 min_len = idx << 4; // 2 ^ 4 = 16 for each u32 w[4] + + if (pw_len <= min_len) return 0; + + const u32 max_len = pw_len - min_len - 1; + + const u32 start_pos = (max_len < 15) ? max_len : 15; + + u32 cur_len = old_len; + + for (int pos = (int) start_pos; pos >= 0; pos--) + { + const u32 div = pos / 4; + const u32 mod = pos & 3; + const u32 sht = mod << 3; + + if (((w[div] >> sht) & 0xff) == 0x2e) // '.' + { + w[div] += (cur_len - 0x2e) << sht; + + cur_len = 0; + } + else + { + cur_len++; + } + } + + return cur_len; +} + +const u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) +{ + u32 cur_len = 0; + + // loop over w3...w0 (4 * 16 = 64 bytes): + + cur_len = replace_dots (w3, 3, cur_len, pw_len); + cur_len = replace_dots (w2, 2, cur_len, pw_len); + cur_len = replace_dots (w1, 1, cur_len, pw_len); + cur_len = replace_dots (w0, 0, cur_len, pw_len); + + return cur_len; +} + +#define REPLACE_DOT_BY_LEN_VECT(n) \ + if (pw_len.s##n > 0) \ + { \ + u32 tmp0[4]; \ + \ + tmp0[0] = w0_t[0].s##n; \ + tmp0[1] = w0_t[1].s##n; \ + tmp0[2] = w0_t[2].s##n; \ + tmp0[3] = w0_t[3].s##n; \ + \ + u32 tmp1[4]; \ + \ + tmp1[0] = w1_t[0].s##n; \ + tmp1[1] = w1_t[1].s##n; \ + tmp1[2] = w1_t[2].s##n; \ + tmp1[3] = w1_t[3].s##n; \ + \ + u32 tmp2[4]; \ + \ + tmp2[0] = w2_t[0].s##n; \ + tmp2[1] = w2_t[1].s##n; \ + tmp2[2] = w2_t[2].s##n; \ + tmp2[3] = w2_t[3].s##n; \ + \ + u32 tmp3[4]; \ + \ + tmp3[0] = w3_t[0].s##n; \ + tmp3[1] = w3_t[1].s##n; \ + tmp3[2] = w3_t[2].s##n; \ + tmp3[3] = w3_t[3].s##n; \ + \ + const u32 len = replace_dot_by_len (tmp0, tmp1, tmp2, tmp3, pw_len.s##n); \ + \ + switch_buffer_by_offset_le_S (tmp0, tmp1, tmp2, tmp3, 1); \ + \ + tmp0[0] |= len & 0xff; \ + \ + w0_t[0].s##n = tmp0[0]; \ + w0_t[1].s##n = tmp0[1]; \ + w0_t[2].s##n = tmp0[2]; \ + w0_t[3].s##n = tmp0[3]; \ + \ + w1_t[0].s##n = tmp1[0]; \ + w1_t[1].s##n = tmp1[1]; \ + w1_t[2].s##n = tmp1[2]; \ + w1_t[3].s##n = tmp1[3]; \ + \ + w2_t[0].s##n = tmp2[0]; \ + w2_t[1].s##n = tmp2[1]; \ + w2_t[2].s##n = tmp2[2]; \ + w2_t[3].s##n = tmp2[3]; \ + \ + w3_t[0].s##n = tmp3[0]; \ + w3_t[1].s##n = tmp3[1]; \ + w3_t[2].s##n = tmp3[2]; \ + w3_t[3].s##n = tmp3[3]; \ + \ + pw_len.s##n++; \ + } + KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ()) { /** @@ -86,7 +193,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ()) { const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63; - const u32x pw_len = (pw_l_len + pw_r_len) & 63; + u32x pw_len = (pw_l_len + pw_r_len) & 63; /** * concat password candidate @@ -177,9 +284,44 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ()) w3_t[2] = w3[2]; w3_t[3] = w3[3]; - switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1); + // replace "." with the length: - w0_t[0] |= pw_len & 0xff; + #if VECT_SIZE == 1 + if (pw_len > 0) + { + const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, pw_len); + + switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1); + + w0_t[0] |= len & 0xff; + + pw_len++; + } + #endif + #if VECT_SIZE >= 2 + REPLACE_DOT_BY_LEN_VECT (0) + REPLACE_DOT_BY_LEN_VECT (1) + #endif + #if VECT_SIZE >= 4 + REPLACE_DOT_BY_LEN_VECT (2) + REPLACE_DOT_BY_LEN_VECT (3) + #endif + #if VECT_SIZE >= 8 + REPLACE_DOT_BY_LEN_VECT (4) + REPLACE_DOT_BY_LEN_VECT (5) + REPLACE_DOT_BY_LEN_VECT (6) + REPLACE_DOT_BY_LEN_VECT (7) + #endif + #if VECT_SIZE >= 16 + REPLACE_DOT_BY_LEN_VECT (8) + REPLACE_DOT_BY_LEN_VECT (9) + REPLACE_DOT_BY_LEN_VECT (a) + REPLACE_DOT_BY_LEN_VECT (b) + REPLACE_DOT_BY_LEN_VECT (c) + REPLACE_DOT_BY_LEN_VECT (d) + REPLACE_DOT_BY_LEN_VECT (e) + REPLACE_DOT_BY_LEN_VECT (f) + #endif u32x s0[4]; u32x s1[4]; @@ -203,7 +345,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + pw_len); + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len); w0_t[0] |= s0[0]; w0_t[1] |= s0[1]; @@ -239,7 +381,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + pw_len + domain_len + 1); + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len + domain_len + 1); w0_t[0] |= s0[0]; w0_t[1] |= s0[1]; @@ -277,7 +419,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ()) w3_t[0] = hc_swap32 (w3_t[0]); w3_t[1] = hc_swap32 (w3_t[1]); w3_t[2] = 0; - w3_t[3] = (1 + pw_len + domain_len + 1 + salt_len) * 8; + w3_t[3] = (pw_len + domain_len + 1 + salt_len) * 8; u32x digest[5]; @@ -415,7 +557,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ()) { const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63; - const u32x pw_len = (pw_l_len + pw_r_len) & 63; + u32x pw_len = (pw_l_len + pw_r_len) & 63; /** * concat password candidate @@ -506,9 +648,44 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ()) w3_t[2] = w3[2]; w3_t[3] = w3[3]; - switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1); + // replace "." with the length: - w0_t[0] |= pw_len & 0xff; + #if VECT_SIZE == 1 + if (pw_len > 0) + { + const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, pw_len); + + switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1); + + w0_t[0] |= len & 0xff; + + pw_len++; + } + #endif + #if VECT_SIZE >= 2 + REPLACE_DOT_BY_LEN_VECT (0) + REPLACE_DOT_BY_LEN_VECT (1) + #endif + #if VECT_SIZE >= 4 + REPLACE_DOT_BY_LEN_VECT (2) + REPLACE_DOT_BY_LEN_VECT (3) + #endif + #if VECT_SIZE >= 8 + REPLACE_DOT_BY_LEN_VECT (4) + REPLACE_DOT_BY_LEN_VECT (5) + REPLACE_DOT_BY_LEN_VECT (6) + REPLACE_DOT_BY_LEN_VECT (7) + #endif + #if VECT_SIZE >= 16 + REPLACE_DOT_BY_LEN_VECT (8) + REPLACE_DOT_BY_LEN_VECT (9) + REPLACE_DOT_BY_LEN_VECT (a) + REPLACE_DOT_BY_LEN_VECT (b) + REPLACE_DOT_BY_LEN_VECT (c) + REPLACE_DOT_BY_LEN_VECT (d) + REPLACE_DOT_BY_LEN_VECT (e) + REPLACE_DOT_BY_LEN_VECT (f) + #endif u32x s0[4]; u32x s1[4]; @@ -532,7 +709,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + pw_len); + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len); w0_t[0] |= s0[0]; w0_t[1] |= s0[1]; @@ -568,7 +745,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + pw_len + domain_len + 1); + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len + domain_len + 1); w0_t[0] |= s0[0]; w0_t[1] |= s0[1]; @@ -606,7 +783,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ()) w3_t[0] = hc_swap32 (w3_t[0]); w3_t[1] = hc_swap32 (w3_t[1]); w3_t[2] = 0; - w3_t[3] = (1 + pw_len + domain_len + 1 + salt_len) * 8; + w3_t[3] = (pw_len + domain_len + 1 + salt_len) * 8; u32x digest[5]; diff --git a/OpenCL/m08300_a1-pure.cl b/OpenCL/m08300_a1-pure.cl index 42135dec1..28e356148 100644 --- a/OpenCL/m08300_a1-pure.cl +++ b/OpenCL/m08300_a1-pure.cl @@ -14,6 +14,42 @@ #include "inc_hash_sha1.cl" #endif +DECLSPEC const u32 replace_dot_by_len (pw_t *out, GLOBAL_AS const pw_t *in, const u32 old_len) +{ + // first make out a copy of in: + + out->pw_len = in->pw_len; + + for (int i = 0; i < 64; i++) + { + out->i[i] = in->i[i]; + } + + // replace "." with the length: + + u32 cur_len = old_len; + + for (int pos = out->pw_len - 1; pos >= 0; pos--) + { + const u32 div = pos / 4; + const u32 mod = pos & 3; + const u32 sht = mod << 3; + + if (((out->i[div] >> sht) & 0xff) == 0x2e) // '.' + { + out->i[div] += (cur_len - 0x2e) << sht; + + cur_len = 0; + + continue; + } + + cur_len++; + } + + return cur_len; +} + KERNEL_FQ void m08300_mxx (KERN_ATTR_BASIC ()) { /** @@ -59,13 +95,27 @@ KERNEL_FQ void m08300_mxx (KERN_ATTR_BASIC ()) sha1_init (&ctx1); - ctx1.w0[0] = ((pws[gid].pw_len + combs_buf[il_pos].pw_len) & 0xff) << 24; + const u32 pw_len = pws[gid].pw_len + combs_buf[il_pos].pw_len; - ctx1.len = 1; + // replace "." with the length: - sha1_update_global_swap (&ctx1, pws[gid].i, pws[gid].pw_len); + if (pw_len > 0) + { + pw_t combs; - sha1_update_global_swap (&ctx1, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + const u32 first_len_combs = replace_dot_by_len (&combs, &combs_buf[il_pos], 0); + + pw_t pw; + + const u32 first_len_pw = replace_dot_by_len (&pw, &pws[gid], first_len_combs); + + ctx1.w0[0] = (first_len_pw & 0xff) << 24; + + ctx1.len = 1; + + sha1_update_swap (&ctx1, pw.i, pw.pw_len); + sha1_update_swap (&ctx1, combs.i, combs.pw_len); + } sha1_update (&ctx1, s_pc, salt_len_pc + 1); @@ -174,13 +224,27 @@ KERNEL_FQ void m08300_sxx (KERN_ATTR_BASIC ()) sha1_init (&ctx1); - ctx1.w0[0] = ((pws[gid].pw_len + combs_buf[il_pos].pw_len) & 0xff) << 24; + const u32 pw_len = pws[gid].pw_len + combs_buf[il_pos].pw_len; - ctx1.len = 1; + // replace "." with the length: - sha1_update_global_swap (&ctx1, pws[gid].i, pws[gid].pw_len); + if (pw_len > 0) + { + pw_t combs; - sha1_update_global_swap (&ctx1, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + const u32 first_len_combs = replace_dot_by_len (&combs, &combs_buf[il_pos], 0); + + pw_t pw; + + const u32 first_len_pw = replace_dot_by_len (&pw, &pws[gid], first_len_combs); + + ctx1.w0[0] = (first_len_pw & 0xff) << 24; + + ctx1.len = 1; + + sha1_update_swap (&ctx1, pw.i, pw.pw_len); + sha1_update_swap (&ctx1, combs.i, combs.pw_len); + } sha1_update (&ctx1, s_pc, salt_len_pc + 1); diff --git a/OpenCL/m08300_a3-optimized.cl b/OpenCL/m08300_a3-optimized.cl index 0e9ad838f..f62267127 100644 --- a/OpenCL/m08300_a3-optimized.cl +++ b/OpenCL/m08300_a3-optimized.cl @@ -14,6 +14,110 @@ #include "inc_hash_sha1.cl" #endif +const u32 replace_dots (u32 *w, const u32 idx, const u32 old_len, const u32 pw_len) +{ + const u32 min_len = idx << 4; // 2 ^ 4 = 16 for each u32 w[4] + + if (pw_len <= min_len) return 0; + + const u32 max_len = pw_len - min_len - 1; + + const u32 start_pos = (max_len < 15) ? max_len : 15; + + u32 cur_len = old_len; + + for (int pos = (int) start_pos; pos >= 0; pos--) + { + const u32 div = pos / 4; + const u32 mod = pos & 3; + const u32 sht = (3 - mod) << 3; + + if (((w[div] >> sht) & 0xff) == 0x2e) // '.' + { + w[div] += (cur_len - 0x2e) << sht; + + cur_len = 0; + } + else + { + cur_len++; + } + } + + return cur_len; +} + +const u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) +{ + u32 cur_len = 0; + + // loop over w3...w0 (4 * 16 = 64 bytes): + + cur_len = replace_dots (w3, 3, cur_len, pw_len); + cur_len = replace_dots (w2, 2, cur_len, pw_len); + cur_len = replace_dots (w1, 1, cur_len, pw_len); + cur_len = replace_dots (w0, 0, cur_len, pw_len); + + return cur_len; +} + +#define REPLACE_DOT_BY_LEN_VECT(n) \ + { \ + u32 tmp0[4]; \ + \ + tmp0[0] = w0_t[0].s##n; \ + tmp0[1] = w0_t[1].s##n; \ + tmp0[2] = w0_t[2].s##n; \ + tmp0[3] = w0_t[3].s##n; \ + \ + u32 tmp1[4]; \ + \ + tmp1[0] = w1_t[0].s##n; \ + tmp1[1] = w1_t[1].s##n; \ + tmp1[2] = w1_t[2].s##n; \ + tmp1[3] = w1_t[3].s##n; \ + \ + u32 tmp2[4]; \ + \ + tmp2[0] = w2_t[0].s##n; \ + tmp2[1] = w2_t[1].s##n; \ + tmp2[2] = w2_t[2].s##n; \ + tmp2[3] = w2_t[3].s##n; \ + \ + u32 tmp3[4]; \ + \ + tmp3[0] = w3_t[0].s##n; \ + tmp3[1] = w3_t[1].s##n; \ + tmp3[2] = w3_t[2].s##n; \ + tmp3[3] = w3_t[3].s##n; \ + \ + const u32 len = replace_dot_by_len (tmp0, tmp1, tmp2, tmp3, pw_len); \ + \ + switch_buffer_by_offset_be_S (tmp0, tmp1, tmp2, tmp3, 1); \ + \ + tmp0[0] |= (len & 0xff) << 24; \ + \ + w0_t[0].s##n = tmp0[0]; \ + w0_t[1].s##n = tmp0[1]; \ + w0_t[2].s##n = tmp0[2]; \ + w0_t[3].s##n = tmp0[3]; \ + \ + w1_t[0].s##n = tmp1[0]; \ + w1_t[1].s##n = tmp1[1]; \ + w1_t[2].s##n = tmp1[2]; \ + w1_t[3].s##n = tmp1[3]; \ + \ + w2_t[0].s##n = tmp2[0]; \ + w2_t[1].s##n = tmp2[1]; \ + w2_t[2].s##n = tmp2[2]; \ + w2_t[3].s##n = tmp2[3]; \ + \ + w3_t[0].s##n = tmp3[0]; \ + w3_t[1].s##n = tmp3[1]; \ + w3_t[2].s##n = tmp3[2]; \ + w3_t[3].s##n = tmp3[3]; \ + } + DECLSPEC void m08300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) { /** @@ -168,9 +272,40 @@ DECLSPEC void m08300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER w3_t[2] = w3[2]; w3_t[3] = w3[3]; - switch_buffer_by_offset_be (w0_t, w1_t, w2_t, w3_t, 1); + // replace "." with the length: + + #if VECT_SIZE == 1 + const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, pw_len); + + switch_buffer_by_offset_be (w0_t, w1_t, w2_t, w3_t, 1); + + w0_t[0] |= (len & 0xff) << 24; + #endif + #if VECT_SIZE >= 2 + REPLACE_DOT_BY_LEN_VECT (0) + REPLACE_DOT_BY_LEN_VECT (1) + #endif + #if VECT_SIZE >= 4 + REPLACE_DOT_BY_LEN_VECT (2) + REPLACE_DOT_BY_LEN_VECT (3) + #endif + #if VECT_SIZE >= 8 + REPLACE_DOT_BY_LEN_VECT (4) + REPLACE_DOT_BY_LEN_VECT (5) + REPLACE_DOT_BY_LEN_VECT (6) + REPLACE_DOT_BY_LEN_VECT (7) + #endif + #if VECT_SIZE >= 16 + REPLACE_DOT_BY_LEN_VECT (8) + REPLACE_DOT_BY_LEN_VECT (9) + REPLACE_DOT_BY_LEN_VECT (a) + REPLACE_DOT_BY_LEN_VECT (b) + REPLACE_DOT_BY_LEN_VECT (c) + REPLACE_DOT_BY_LEN_VECT (d) + REPLACE_DOT_BY_LEN_VECT (e) + REPLACE_DOT_BY_LEN_VECT (f) + #endif - w0_t[0] |= (pw_len & 0xff) << 24; w3_t[2] = 0; w3_t[3] = (1 + pw_len + domain_len + 1 + salt_len) * 8; @@ -388,9 +523,40 @@ DECLSPEC void m08300s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER w3_t[2] = w3[2]; w3_t[3] = w3[3]; - switch_buffer_by_offset_be (w0_t, w1_t, w2_t, w3_t, 1); + // replace "." with the length: + + #if VECT_SIZE == 1 + const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, pw_len); + + switch_buffer_by_offset_be (w0_t, w1_t, w2_t, w3_t, 1); + + w0_t[0] |= (len & 0xff) << 24; + #endif + #if VECT_SIZE >= 2 + REPLACE_DOT_BY_LEN_VECT (0) + REPLACE_DOT_BY_LEN_VECT (1) + #endif + #if VECT_SIZE >= 4 + REPLACE_DOT_BY_LEN_VECT (2) + REPLACE_DOT_BY_LEN_VECT (3) + #endif + #if VECT_SIZE >= 8 + REPLACE_DOT_BY_LEN_VECT (4) + REPLACE_DOT_BY_LEN_VECT (5) + REPLACE_DOT_BY_LEN_VECT (6) + REPLACE_DOT_BY_LEN_VECT (7) + #endif + #if VECT_SIZE >= 16 + REPLACE_DOT_BY_LEN_VECT (8) + REPLACE_DOT_BY_LEN_VECT (9) + REPLACE_DOT_BY_LEN_VECT (a) + REPLACE_DOT_BY_LEN_VECT (b) + REPLACE_DOT_BY_LEN_VECT (c) + REPLACE_DOT_BY_LEN_VECT (d) + REPLACE_DOT_BY_LEN_VECT (e) + REPLACE_DOT_BY_LEN_VECT (f) + #endif - w0_t[0] |= (pw_len & 0xff) << 24; w3_t[2] = 0; w3_t[3] = (1 + pw_len + domain_len + 1 + salt_len) * 8; diff --git a/OpenCL/m08300_a3-pure.cl b/OpenCL/m08300_a3-pure.cl index 4215d42a0..b9ed4525c 100644 --- a/OpenCL/m08300_a3-pure.cl +++ b/OpenCL/m08300_a3-pure.cl @@ -14,6 +14,17 @@ #include "inc_hash_sha1.cl" #endif +#define REPLACE_DOT_BY_LEN(n) \ + if (((tmp[div].s##n >> sht) & 0xff) == 0x2e) \ + { \ + tmp[div].s##n += (len.s##n - 0x2e) << sht; \ + len.s##n = 0; \ + } \ + else \ + { \ + len.s##n++; \ + } + KERNEL_FQ void m08300_mxx (KERN_ATTR_VECTOR ()) { /** @@ -76,11 +87,66 @@ KERNEL_FQ void m08300_mxx (KERN_ATTR_VECTOR ()) sha1_init_vector (&ctx1); - ctx1.w0[0] = (pw_len & 0xff) << 24; + // replace "." with the length: + + u32x tmp[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + tmp[idx] = w[idx]; + } + + u32x len = 0; + + for (int pos = pw_len - 1; pos >= 0; pos--) + { + const u32 div = pos / 4; + const u32 mod = pos & 3; + const u32 sht = (3 - mod) << 3; + + #if VECT_SIZE == 1 + if (((tmp[div] >> sht) & 0xff) == 0x2e) // '.' + { + tmp[div] += (len - 0x2e) << sht; + + len = 0; + } + else + { + len++; + } + #endif + #if VECT_SIZE >= 2 + REPLACE_DOT_BY_LEN (0) + REPLACE_DOT_BY_LEN (1) + #endif + #if VECT_SIZE >= 4 + REPLACE_DOT_BY_LEN (2) + REPLACE_DOT_BY_LEN (3) + #endif + #if VECT_SIZE >= 8 + REPLACE_DOT_BY_LEN (4) + REPLACE_DOT_BY_LEN (5) + REPLACE_DOT_BY_LEN (6) + REPLACE_DOT_BY_LEN (7) + #endif + #if VECT_SIZE >= 16 + REPLACE_DOT_BY_LEN (8) + REPLACE_DOT_BY_LEN (9) + REPLACE_DOT_BY_LEN (a) + REPLACE_DOT_BY_LEN (b) + REPLACE_DOT_BY_LEN (c) + REPLACE_DOT_BY_LEN (d) + REPLACE_DOT_BY_LEN (e) + REPLACE_DOT_BY_LEN (f) + #endif + } + + ctx1.w0[0] = (len & 0xff) << 24; ctx1.len = 1; - sha1_update_vector (&ctx1, w, pw_len); + sha1_update_vector (&ctx1, tmp, pw_len); sha1_update_vector (&ctx1, s_pc, salt_len_pc + 1); @@ -206,11 +272,66 @@ KERNEL_FQ void m08300_sxx (KERN_ATTR_VECTOR ()) sha1_init_vector (&ctx1); - ctx1.w0[0] = (pw_len & 0xff) << 24; + // replace "." with the length: + + u32x tmp[64]; + + for (int i = 0; i < 64; i++) + { + tmp[i] = w[i]; + } + + u32x len = 0; + + for (int pos = pw_len - 1; pos >= 0; pos--) + { + const u32 div = pos / 4; + const u32 mod = pos & 3; + const u32 sht = (3 - mod) << 3; + + #if VECT_SIZE == 1 + if (((tmp[div] >> sht) & 0xff) == 0x2e) // '.' + { + tmp[div] += (len - 0x2e) << sht; + + len = 0; + } + else + { + len++; + } + #endif + #if VECT_SIZE >= 2 + REPLACE_DOT_BY_LEN (0) + REPLACE_DOT_BY_LEN (1) + #endif + #if VECT_SIZE >= 4 + REPLACE_DOT_BY_LEN (2) + REPLACE_DOT_BY_LEN (3) + #endif + #if VECT_SIZE >= 8 + REPLACE_DOT_BY_LEN (4) + REPLACE_DOT_BY_LEN (5) + REPLACE_DOT_BY_LEN (6) + REPLACE_DOT_BY_LEN (7) + #endif + #if VECT_SIZE >= 16 + REPLACE_DOT_BY_LEN (8) + REPLACE_DOT_BY_LEN (9) + REPLACE_DOT_BY_LEN (a) + REPLACE_DOT_BY_LEN (b) + REPLACE_DOT_BY_LEN (c) + REPLACE_DOT_BY_LEN (d) + REPLACE_DOT_BY_LEN (e) + REPLACE_DOT_BY_LEN (f) + #endif + } + + ctx1.w0[0] = (len & 0xff) << 24; ctx1.len = 1; - sha1_update_vector (&ctx1, w, pw_len); + sha1_update_vector (&ctx1, tmp, pw_len); sha1_update_vector (&ctx1, s_pc, salt_len_pc + 1); diff --git a/docs/changes.txt b/docs/changes.txt index afdd8b716..97eed9ae2 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -83,6 +83,7 @@ - Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt - Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data - Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16 +- Fixed cracking of DNSSEC (NSEC3) hashes by replacing all dots in the passwords with lengths - Fixed cracking of Electrum Wallet Salt-Type 2 hashes - Fixed cracking of NetNTLMv1 passwords in mask-attack mode if mask > length 16 (optimized kernels only) - Fixed cracking of VeraCrypt Streebog-512 hashes (CPU only) diff --git a/src/modules/module_08300.c b/src/modules/module_08300.c index c5fc7f352..fe7f7e169 100644 --- a/src/modules/module_08300.c +++ b/src/modules/module_08300.c @@ -56,7 +56,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; token.sep[1] = ':'; - token.len_min[1] = 1; + token.len_min[1] = 0; token.len_max[1] = 32; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; @@ -104,9 +104,12 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE u8 *salt_buf_pc_ptr = (u8 *) salt->salt_buf_pc; - memcpy (salt_buf_pc_ptr, domain_pos, domain_len); + if (domain_len > 0) + { + if (domain_pos[0] != '.') return (PARSER_SALT_VALUE); - if (salt_buf_pc_ptr[0] != '.') return (PARSER_SALT_VALUE); + memcpy (salt_buf_pc_ptr, domain_pos, domain_len); + } u8 *len_ptr = salt_buf_pc_ptr; diff --git a/tools/test_modules/m08300.pm b/tools/test_modules/m08300.pm index b3b163a62..34a3cacb1 100644 --- a/tools/test_modules/m08300.pm +++ b/tools/test_modules/m08300.pm @@ -11,7 +11,11 @@ use warnings; use Net::DNS::RR::NSEC3; use Net::DNS::SEC; -sub module_constraints { [[1, 256], [-1, -1], [1, 55], [-1, -1], [-1, -1]] } +# we need to restict the pure password length for the test module to 63 bytes, +# because we can't have any string (including the pass) of over 63 bytes without "." + +# sub module_constraints { [[1, 256], [-1, -1], [1, 55], [-1, -1], [-1, -1]] } +sub module_constraints { [[1, 63], [-1, -1], [1, 55], [-1, -1], [-1, -1]] } sub get_random_dnssec_salt { @@ -38,7 +42,14 @@ sub module_generate_hash if (length $salt == 0) { - $salt = get_random_dnssec_salt (); + if (int (rand (10)) == 0) + { + $salt = ":"; + } + else + { + $salt = get_random_dnssec_salt (); + } } my ($domain, $salt_hex) = split (":", $salt); From 077da392f0b8039f5e00ccd446f1154be92b603f Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 27 May 2020 21:15:36 +0200 Subject: [PATCH 05/12] added WSL build documentation --- BUILD.md | 7 ++++++- BUILD_WSL.md | 31 +++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 BUILD_WSL.md diff --git a/BUILD.md b/BUILD.md index 6cca7149e..9a71eb9be 100644 --- a/BUILD.md +++ b/BUILD.md @@ -3,7 +3,7 @@ hashcat build documentation ### Revision ### -* 1.4 +* 1.5 ### Author ### @@ -33,6 +33,11 @@ $ make install If you install it, cached kernels, session files, restore- and pot-files etc. will go to $HOME/.hashcat/ + +### Building hashcat for Windows (using Windows Subsystem for Linux) ### + +Refer to [BUILD_WSL.md](BUILD_WSL.md) + ### Building hashcat for Windows (using Cygwin) ### Refer to [BUILD_CYGWIN.md](BUILD_CYGWIN.md) diff --git a/BUILD_WSL.md b/BUILD_WSL.md new file mode 100644 index 000000000..6d059b792 --- /dev/null +++ b/BUILD_WSL.md @@ -0,0 +1,31 @@ +# Compiling hashcat for Windows with Windows Subsystem for Linux. + +Tested on a Windows 10 (x64 build 18363), should also work to build hashcat for Windows on Linux. + +### Installation ### + +Enable WSL. + +Run bash (win+r bash) and make sure to install additional dependencies necessary for hashcat compilation +``` +sudo apt install gcc-mingw-w64-x86-64 make git +git clone https://github.com/hashcat/hashcat +git clone https://github.com/win-iconv/win-iconv +cp hashcat/tools/win-iconv-64.diff win-iconv/ +cd win-iconv/ +sudo make install +``` + +### Building ### + +You've already cloned the latest master revision of hashcat repository above, so switch to the folder and type "make win" to start compiling hashcat +``` +cd ../hashcat +make win +``` + +The process may take a while, please be patient. Once it's finished, run a Windows command prompt (win+r cmd) and start hashcat by typing "hashcat.exe" + +``` +hashcat.exe +``` \ No newline at end of file From c46abd519ff6815fd994f0f75fbe1c7ee443f200 Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 4 Jun 2020 20:10:53 +0200 Subject: [PATCH 06/12] resolved comments --- BUILD_WSL.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/BUILD_WSL.md b/BUILD_WSL.md index 6d059b792..814eaa326 100644 --- a/BUILD_WSL.md +++ b/BUILD_WSL.md @@ -1,31 +1,36 @@ # Compiling hashcat for Windows with Windows Subsystem for Linux. -Tested on a Windows 10 (x64 build 18363), should also work to build hashcat for Windows on Linux. +Tested on Windows 10 x64, should also work to build hashcat for Windows on Linux. ### Installation ### Enable WSL. -Run bash (win+r bash) and make sure to install additional dependencies necessary for hashcat compilation +Press the win + r key on your keyboard simultaneously and in the "Run" popup window type bash and make sure to install additional dependencies necessary for hashcat compilation ``` sudo apt install gcc-mingw-w64-x86-64 make git git clone https://github.com/hashcat/hashcat -git clone https://github.com/win-iconv/win-iconv -cp hashcat/tools/win-iconv-64.diff win-iconv/ +git clone https://github.com/win-iconv/win-iconv cd win-iconv/ +patch < ../hashcat/tools/win-iconv-64.diff sudo make install +cd ../ ``` ### Building ### You've already cloned the latest master revision of hashcat repository above, so switch to the folder and type "make win" to start compiling hashcat ``` -cd ../hashcat +cd hashcat/ make win ``` -The process may take a while, please be patient. Once it's finished, run a Windows command prompt (win+r cmd) and start hashcat by typing "hashcat.exe" - +The process may take a while, please be patient. Once it's finished, close WSL. +Press the win + r keys together and (in the "Run" popup window) type cmd, using cd navigate to the hashcat folder e.g. +``` +cd "C:\Users\user\hashcat" +``` +and start hashcat by typing ``` hashcat.exe ``` \ No newline at end of file From ca35d8113fcb13ad6899d630bae21bafa3e510b1 Mon Sep 17 00:00:00 2001 From: philsmd Date: Fri, 5 Jun 2020 08:50:16 +0200 Subject: [PATCH 07/12] fixes #2430: documentation of rules z/Z was incorrect Signed-off-by: philsmd --- docs/rules.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/rules.txt b/docs/rules.txt index 52fba68ca..b2621bba4 100644 --- a/docs/rules.txt +++ b/docs/rules.txt @@ -23,8 +23,8 @@ #define RULE_OP_MANGLE_TRUNCATE_AT '\''// cut the word at pos N #define RULE_OP_MANGLE_REPLACE 's' // replace all chars X with char Y #define RULE_OP_MANGLE_PURGECHAR '@' // purge all instances of char X -#define RULE_OP_MANGLE_DUPECHAR_FIRST 'z' // prepend first char of word to itself. ex: hello -> hhello -#define RULE_OP_MANGLE_DUPECHAR_LAST 'Z' // append last char of word to itself. ex: hello -> helloo +#define RULE_OP_MANGLE_DUPECHAR_FIRST 'z' // prepend first char of word to itself N times. ex: hello -> hhhello +#define RULE_OP_MANGLE_DUPECHAR_LAST 'Z' // append last char of word to itself N times. ex: hello -> hellooo #define RULE_OP_MANGLE_DUPECHAR_ALL 'q' // duplicate all chars. ex: hello -> hheelllloo #define RULE_OP_MANGLE_SWITCH_FIRST 'k' // switches the first 2 chars. ex: hello -> ehllo #define RULE_OP_MANGLE_SWITCH_LAST 'K' // switches the last 2 chars. ex: hello -> helol @@ -33,10 +33,10 @@ #define RULE_OP_MANGLE_CHR_SHIFTR 'R' // bitwise shift right char at pos N. ex: hello` -> hello0 #define RULE_OP_MANGLE_CHR_INCR '+' // bytewise increase at pos N. ex: hello0 -> hello1 #define RULE_OP_MANGLE_CHR_DECR '-' // bytewise decreate at pos N. ex: hello1 -> hello0 -#define RULE_OP_MANGLE_REPLACE_NP1 '.' // replaces character @ n with value at @ n plus 1 -#define RULE_OP_MANGLE_REPLACE_NM1 ',' // replaces character @ n with value at @ n minus 1 -#define RULE_OP_MANGLE_DUPEBLOCK_FIRST 'y' // duplicates first n characters -#define RULE_OP_MANGLE_DUPEBLOCK_LAST 'Y' // duplicates last n characters +#define RULE_OP_MANGLE_REPLACE_NP1 '.' // replaces char @ n with value at @ n plus 1 +#define RULE_OP_MANGLE_REPLACE_NM1 ',' // replaces char @ n with value at @ n minus 1 +#define RULE_OP_MANGLE_DUPEBLOCK_FIRST 'y' // duplicates first N chars +#define RULE_OP_MANGLE_DUPEBLOCK_LAST 'Y' // duplicates last N chars #define RULE_OP_MANGLE_TITLE 'E' // lowercase everything then upper case the first letter and every letter after a space #define RULE_OP_MANGLE_TITLE_SEP 'e' // lowercase everything then upper case the first letter and every letter after char X @@ -57,4 +57,4 @@ #define RULE_OP_REJECT_EQUAL_AT '=' // reject plains that do not contain char X at pos N #define RULE_OP_REJECT_CONTAINS '%' // reject plains that contain char X less than N times #define RULE_OP_REJECT_MEMORY 'Q' // reject plains that match the plain saved (see M), i.e. if unchanged -#define RULE_LAST_REJECTED_SAVED_POS 'p' // pos of the character last found with '/' or '%' +#define RULE_LAST_REJECTED_SAVED_POS 'p' // pos of the char last found with '/' or '%' From df5564eee2e11fb1be8fd34574116df88d36d118 Mon Sep 17 00:00:00 2001 From: philsmd Date: Fri, 5 Jun 2020 08:59:20 +0200 Subject: [PATCH 08/12] cosmetic: make pure kernel of rar3-hp easier to read --- OpenCL/m12500-pure.cl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/OpenCL/m12500-pure.cl b/OpenCL/m12500-pure.cl index eefd4b30d..afd5f3cd2 100644 --- a/OpenCL/m12500-pure.cl +++ b/OpenCL/m12500-pure.cl @@ -700,15 +700,15 @@ DECLSPEC void sha1_update_rar29 (sha1_ctx_t *ctx, u32 *w, const int len) t[14] = hc_swap32_S (t[14]); t[15] = hc_swap32_S (t[15]); - const u32 n_idx = diff >> 2; - const u32 n_off = diff & 3; + const u32 n_idx = diff / 4; + const u32 n_off = diff % 4; if (n_off) { - const u32 off_mul = n_off << 3; + const u32 off_mul = n_off * 8; const u32 off_sub = 32 - off_mul; - t[16] = (t[15] << off_sub); + t[16] = (t[15] << off_sub); t[15] = (t[15] >> off_mul) | (t[14] << off_sub); t[14] = (t[14] >> off_mul) | (t[13] << off_sub); t[13] = (t[13] >> off_mul) | (t[12] << off_sub); @@ -727,7 +727,7 @@ DECLSPEC void sha1_update_rar29 (sha1_ctx_t *ctx, u32 *w, const int len) t[ 0] = (t[ 0] >> off_mul); } - w[n_idx] &= 0xffffff00 << ((3 - n_off) << 3); + w[n_idx] &= 0xffffff00 << ((3 - n_off) * 8); w[n_idx] |= t[0]; @@ -749,7 +749,7 @@ DECLSPEC void sha1_update_rar29 (sha1_ctx_t *ctx, u32 *w, const int len) // the final set is only meaningful: if (n_off) - w[n_idx + 16] &= 0xffffffff >> (n_off << 3); + w[n_idx + 16] &= 0xffffffff >> (n_off * 8); w[n_idx + 16] |= t[16]; } @@ -818,7 +818,7 @@ KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) if (salt_off == 2) // or just: if (salt_off) { - salt_buf[2] = (salt_buf[1] << 16); + salt_buf[2] = (salt_buf[1] << 16); salt_buf[1] = (salt_buf[1] >> 16) | (salt_buf[0] << 16); salt_buf[0] = (salt_buf[0] >> 16); } @@ -928,9 +928,9 @@ KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) sha1_final (&ctx_iv); const u32 iv_idx = init_pos / 4; - const u32 iv_off = init_pos & 3; + const u32 iv_off = init_pos % 4; - tmps[gid].iv[iv_idx] |= (ctx_iv.h[4] & 0xff) << (iv_off << 3); + tmps[gid].iv[iv_idx] |= (ctx_iv.h[4] & 0xff) << (iv_off * 8); // main loop: From b5544c385a8c68ea7a83ed2336beab6899331696 Mon Sep 17 00:00:00 2001 From: philsmd Date: Fri, 5 Jun 2020 09:07:23 +0200 Subject: [PATCH 09/12] docs: add ROCm to supported runtimes list --- docs/readme.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/readme.txt b/docs/readme.txt index c04fa8da3..d34e46212 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -347,6 +347,7 @@ NVIDIA GPUs require "NVIDIA Driver" (440.64 or later) and "CUDA Toolkit" (9.0 or - Intel - NVidia - POCL +- ROCm ## ## Supported OpenCL device types From c0753f361c9c61d2e67d2eca71dbcdb275f0bacb Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 9 Jun 2020 10:47:18 +0200 Subject: [PATCH 10/12] Removed branches in replace_dot_by_len() function of optimized -m 8300 kernels --- OpenCL/m08300_a0-optimized.cl | 106 +++++++++++++++++++++++++--------- OpenCL/m08300_a1-optimized.cl | 106 +++++++++++++++++++++++++--------- OpenCL/m08300_a3-optimized.cl | 105 ++++++++++++++++++++++++--------- 3 files changed, 233 insertions(+), 84 deletions(-) diff --git a/OpenCL/m08300_a0-optimized.cl b/OpenCL/m08300_a0-optimized.cl index 62d964fe2..63765710a 100644 --- a/OpenCL/m08300_a0-optimized.cl +++ b/OpenCL/m08300_a0-optimized.cl @@ -16,49 +16,99 @@ #include "inc_hash_sha1.cl" #endif -const u32 replace_dots (u32 *w, const u32 idx, const u32 old_len, const u32 pw_len) +DECLSPEC u64 u32_to_u64 (const u32 in) { - const u32 min_len = idx << 4; // 2 ^ 4 = 16 for each u32 w[4] + const u64 t0 = (u64) ((in >> 0) & 0xff); + const u64 t1 = (u64) ((in >> 8) & 0xff); + const u64 t2 = (u64) ((in >> 16) & 0xff); + const u64 t3 = (u64) ((in >> 24) & 0xff); - if (pw_len <= min_len) return 0; + const u64 out = (t0 << 0) + | (t1 << 16) + | (t2 << 32) + | (t3 << 48); - const u32 max_len = pw_len - min_len - 1; + return out; +} - const u32 start_pos = (max_len < 15) ? max_len : 15; +DECLSPEC u32 u64_to_u32 (const u64 in) +{ + const u32 t0 = (u32) ((in >> 0) & 0xff); + const u32 t1 = (u32) ((in >> 16) & 0xff); + const u32 t2 = (u32) ((in >> 32) & 0xff); + const u32 t3 = (u32) ((in >> 48) & 0xff); - u32 cur_len = old_len; + const u32 out = (t0 << 0) + | (t1 << 8) + | (t2 << 16) + | (t3 << 24); - for (int pos = (int) start_pos; pos >= 0; pos--) - { - const u32 div = pos / 4; - const u32 mod = pos & 3; - const u32 sht = mod << 3; + return out; +} - if (((w[div] >> sht) & 0xff) == 0x2e) // '.' - { - w[div] += (cur_len - 0x2e) << sht; +DECLSPEC int replace_u32_le (const u32 input, u32 *output, int cur_len) +{ + // expand to keep 9th bit consistent - cur_len = 0; - } - else - { - cur_len++; - } - } + u64 input64 = u32_to_u64 (input); + + u64 m64 = input64; + + m64 ^= 0x002e002e002e002e; // convert 0x2e to 0x00 + m64 ^= 0x00ff00ff00ff00ff; // convert 0x00 to 0xff (jit will optimize this to one instruction) + m64 += 0x0001000100010001; // only 0xff can set 9th bit + m64 &= 0x0100010001000100; // only 9th bit survives + + m64 |= m64 << 1; // converts 0x0100 to 0xff00 + m64 |= m64 << 2; + m64 |= m64 << 4; + + m64 >>= 8; // back to original positions (in 64 bit) + + u32 m = u64_to_u32 (m64); + + u32 r = 0; + + const u32 mn = ~m; + + const u32 r0 = mn & 0x000000ff; + const u32 r1 = mn & 0x0000ff00; + const u32 r2 = mn & 0x00ff0000; + const u32 r3 = mn & 0xff000000; + + cur_len <<= 24; + r |= cur_len; cur_len = (cur_len + 0x01000000) & r3; cur_len >>= 8; + r |= cur_len; cur_len = (cur_len + 0x00010000) & r2; cur_len >>= 8; + r |= cur_len; cur_len = (cur_len + 0x00000100) & r1; cur_len >>= 8; + r |= cur_len; cur_len = (cur_len + 0x00000001) & r0; + + *output = (input & mn) | (r & m); return cur_len; } -const u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) +DECLSPEC u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) { - u32 cur_len = 0; - // loop over w3...w0 (4 * 16 = 64 bytes): - cur_len = replace_dots (w3, 3, cur_len, pw_len); - cur_len = replace_dots (w2, 2, cur_len, pw_len); - cur_len = replace_dots (w1, 1, cur_len, pw_len); - cur_len = replace_dots (w0, 0, cur_len, pw_len); + int cur_len = 0 - (64 - pw_len); // number of padding bytes relative to buffer size + + cur_len = replace_u32_le (w3[3], &w3[3], cur_len); + cur_len = replace_u32_le (w3[2], &w3[2], cur_len); + cur_len = replace_u32_le (w3[1], &w3[1], cur_len); + cur_len = replace_u32_le (w3[0], &w3[0], cur_len); + cur_len = replace_u32_le (w2[3], &w2[3], cur_len); + cur_len = replace_u32_le (w2[2], &w2[2], cur_len); + cur_len = replace_u32_le (w2[1], &w2[1], cur_len); + cur_len = replace_u32_le (w2[0], &w2[0], cur_len); + cur_len = replace_u32_le (w1[3], &w1[3], cur_len); + cur_len = replace_u32_le (w1[2], &w1[2], cur_len); + cur_len = replace_u32_le (w1[1], &w1[1], cur_len); + cur_len = replace_u32_le (w1[0], &w1[0], cur_len); + cur_len = replace_u32_le (w0[3], &w0[3], cur_len); + cur_len = replace_u32_le (w0[2], &w0[2], cur_len); + cur_len = replace_u32_le (w0[1], &w0[1], cur_len); + cur_len = replace_u32_le (w0[0], &w0[0], cur_len); return cur_len; } diff --git a/OpenCL/m08300_a1-optimized.cl b/OpenCL/m08300_a1-optimized.cl index a5e3df1e4..9a70e5765 100644 --- a/OpenCL/m08300_a1-optimized.cl +++ b/OpenCL/m08300_a1-optimized.cl @@ -14,49 +14,99 @@ #include "inc_hash_sha1.cl" #endif -const u32 replace_dots (u32 *w, const u32 idx, const u32 old_len, const u32 pw_len) +DECLSPEC u64 u32_to_u64 (const u32 in) { - const u32 min_len = idx << 4; // 2 ^ 4 = 16 for each u32 w[4] + const u64 t0 = (u64) ((in >> 0) & 0xff); + const u64 t1 = (u64) ((in >> 8) & 0xff); + const u64 t2 = (u64) ((in >> 16) & 0xff); + const u64 t3 = (u64) ((in >> 24) & 0xff); - if (pw_len <= min_len) return 0; + const u64 out = (t0 << 0) + | (t1 << 16) + | (t2 << 32) + | (t3 << 48); - const u32 max_len = pw_len - min_len - 1; + return out; +} - const u32 start_pos = (max_len < 15) ? max_len : 15; +DECLSPEC u32 u64_to_u32 (const u64 in) +{ + const u32 t0 = (u32) ((in >> 0) & 0xff); + const u32 t1 = (u32) ((in >> 16) & 0xff); + const u32 t2 = (u32) ((in >> 32) & 0xff); + const u32 t3 = (u32) ((in >> 48) & 0xff); - u32 cur_len = old_len; + const u32 out = (t0 << 0) + | (t1 << 8) + | (t2 << 16) + | (t3 << 24); - for (int pos = (int) start_pos; pos >= 0; pos--) - { - const u32 div = pos / 4; - const u32 mod = pos & 3; - const u32 sht = mod << 3; + return out; +} - if (((w[div] >> sht) & 0xff) == 0x2e) // '.' - { - w[div] += (cur_len - 0x2e) << sht; +DECLSPEC int replace_u32_le (const u32 input, u32 *output, int cur_len) +{ + // expand to keep 9th bit consistent - cur_len = 0; - } - else - { - cur_len++; - } - } + u64 input64 = u32_to_u64 (input); + + u64 m64 = input64; + + m64 ^= 0x002e002e002e002e; // convert 0x2e to 0x00 + m64 ^= 0x00ff00ff00ff00ff; // convert 0x00 to 0xff (jit will optimize this to one instruction) + m64 += 0x0001000100010001; // only 0xff can set 9th bit + m64 &= 0x0100010001000100; // only 9th bit survives + + m64 |= m64 << 1; // converts 0x0100 to 0xff00 + m64 |= m64 << 2; + m64 |= m64 << 4; + + m64 >>= 8; // back to original positions (in 64 bit) + + u32 m = u64_to_u32 (m64); + + u32 r = 0; + + const u32 mn = ~m; + + const u32 r0 = mn & 0x000000ff; + const u32 r1 = mn & 0x0000ff00; + const u32 r2 = mn & 0x00ff0000; + const u32 r3 = mn & 0xff000000; + + cur_len <<= 24; + r |= cur_len; cur_len = (cur_len + 0x01000000) & r3; cur_len >>= 8; + r |= cur_len; cur_len = (cur_len + 0x00010000) & r2; cur_len >>= 8; + r |= cur_len; cur_len = (cur_len + 0x00000100) & r1; cur_len >>= 8; + r |= cur_len; cur_len = (cur_len + 0x00000001) & r0; + + *output = (input & mn) | (r & m); return cur_len; } -const u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) +DECLSPEC u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) { - u32 cur_len = 0; - // loop over w3...w0 (4 * 16 = 64 bytes): - cur_len = replace_dots (w3, 3, cur_len, pw_len); - cur_len = replace_dots (w2, 2, cur_len, pw_len); - cur_len = replace_dots (w1, 1, cur_len, pw_len); - cur_len = replace_dots (w0, 0, cur_len, pw_len); + int cur_len = 0 - (64 - pw_len); // number of padding bytes relative to buffer size + + cur_len = replace_u32_le (w3[3], &w3[3], cur_len); + cur_len = replace_u32_le (w3[2], &w3[2], cur_len); + cur_len = replace_u32_le (w3[1], &w3[1], cur_len); + cur_len = replace_u32_le (w3[0], &w3[0], cur_len); + cur_len = replace_u32_le (w2[3], &w2[3], cur_len); + cur_len = replace_u32_le (w2[2], &w2[2], cur_len); + cur_len = replace_u32_le (w2[1], &w2[1], cur_len); + cur_len = replace_u32_le (w2[0], &w2[0], cur_len); + cur_len = replace_u32_le (w1[3], &w1[3], cur_len); + cur_len = replace_u32_le (w1[2], &w1[2], cur_len); + cur_len = replace_u32_le (w1[1], &w1[1], cur_len); + cur_len = replace_u32_le (w1[0], &w1[0], cur_len); + cur_len = replace_u32_le (w0[3], &w0[3], cur_len); + cur_len = replace_u32_le (w0[2], &w0[2], cur_len); + cur_len = replace_u32_le (w0[1], &w0[1], cur_len); + cur_len = replace_u32_le (w0[0], &w0[0], cur_len); return cur_len; } diff --git a/OpenCL/m08300_a3-optimized.cl b/OpenCL/m08300_a3-optimized.cl index f62267127..29e7bd409 100644 --- a/OpenCL/m08300_a3-optimized.cl +++ b/OpenCL/m08300_a3-optimized.cl @@ -14,49 +14,98 @@ #include "inc_hash_sha1.cl" #endif -const u32 replace_dots (u32 *w, const u32 idx, const u32 old_len, const u32 pw_len) +DECLSPEC u64 u32_to_u64 (const u32 in) { - const u32 min_len = idx << 4; // 2 ^ 4 = 16 for each u32 w[4] + const u64 t0 = (u64) ((in >> 24) & 0xff); + const u64 t1 = (u64) ((in >> 16) & 0xff); + const u64 t2 = (u64) ((in >> 8) & 0xff); + const u64 t3 = (u64) ((in >> 0) & 0xff); - if (pw_len <= min_len) return 0; + const u64 out = (t0 << 48) + | (t1 << 32) + | (t2 << 16) + | (t3 << 0); - const u32 max_len = pw_len - min_len - 1; + return out; +} - const u32 start_pos = (max_len < 15) ? max_len : 15; +DECLSPEC u32 u64_to_u32 (const u64 in) +{ + const u32 t0 = (u32) ((in >> 48) & 0xff); + const u32 t1 = (u32) ((in >> 32) & 0xff); + const u32 t2 = (u32) ((in >> 16) & 0xff); + const u32 t3 = (u32) ((in >> 0) & 0xff); - u32 cur_len = old_len; + const u32 out = (t0 << 24) + | (t1 << 16) + | (t2 << 8) + | (t3 << 0); - for (int pos = (int) start_pos; pos >= 0; pos--) - { - const u32 div = pos / 4; - const u32 mod = pos & 3; - const u32 sht = (3 - mod) << 3; + return out; +} - if (((w[div] >> sht) & 0xff) == 0x2e) // '.' - { - w[div] += (cur_len - 0x2e) << sht; +DECLSPEC int replace_u32_be (const u32 input, u32 *output, int cur_len) +{ + // expand to keep 9th bit consistent - cur_len = 0; - } - else - { - cur_len++; - } - } + u64 input64 = u32_to_u64 (input); + + u64 m64 = input64; + + m64 ^= 0x002e002e002e002e; // convert 0x2e to 0x00 + m64 ^= 0x00ff00ff00ff00ff; // convert 0x00 to 0xff (jit will optimize this to one instruction) + m64 += 0x0001000100010001; // only 0xff can set 9th bit + m64 &= 0x0100010001000100; // only 9th bit survives + + m64 |= m64 << 1; // converts 0x0100 to 0xff00 + m64 |= m64 << 2; + m64 |= m64 << 4; + + m64 >>= 8; // back to original positions (in 64 bit) + + u32 m = u64_to_u32 (m64); + + u32 r = 0; + + const u32 mn = ~m; + + const u32 r0 = mn & 0xff000000; + const u32 r1 = mn & 0x00ff0000; + const u32 r2 = mn & 0x0000ff00; + const u32 r3 = mn & 0x000000ff; + + r |= cur_len; cur_len = (cur_len + 0x00000001) & r3; cur_len <<= 8; + r |= cur_len; cur_len = (cur_len + 0x00000100) & r2; cur_len <<= 8; + r |= cur_len; cur_len = (cur_len + 0x00010000) & r1; cur_len <<= 8; + r |= cur_len; cur_len = (cur_len + 0x01000000) & r0; cur_len >>= 24; + + *output = (input & mn) | (r & m); return cur_len; } -const u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) +DECLSPEC u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len) { - u32 cur_len = 0; - // loop over w3...w0 (4 * 16 = 64 bytes): - cur_len = replace_dots (w3, 3, cur_len, pw_len); - cur_len = replace_dots (w2, 2, cur_len, pw_len); - cur_len = replace_dots (w1, 1, cur_len, pw_len); - cur_len = replace_dots (w0, 0, cur_len, pw_len); + int cur_len = 0 - (64 - pw_len); // number of padding bytes relative to buffer size + + cur_len = replace_u32_be (w3[3], &w3[3], cur_len); + cur_len = replace_u32_be (w3[2], &w3[2], cur_len); + cur_len = replace_u32_be (w3[1], &w3[1], cur_len); + cur_len = replace_u32_be (w3[0], &w3[0], cur_len); + cur_len = replace_u32_be (w2[3], &w2[3], cur_len); + cur_len = replace_u32_be (w2[2], &w2[2], cur_len); + cur_len = replace_u32_be (w2[1], &w2[1], cur_len); + cur_len = replace_u32_be (w2[0], &w2[0], cur_len); + cur_len = replace_u32_be (w1[3], &w1[3], cur_len); + cur_len = replace_u32_be (w1[2], &w1[2], cur_len); + cur_len = replace_u32_be (w1[1], &w1[1], cur_len); + cur_len = replace_u32_be (w1[0], &w1[0], cur_len); + cur_len = replace_u32_be (w0[3], &w0[3], cur_len); + cur_len = replace_u32_be (w0[2], &w0[2], cur_len); + cur_len = replace_u32_be (w0[1], &w0[1], cur_len); + cur_len = replace_u32_be (w0[0], &w0[0], cur_len); return cur_len; } From cafb3bde0b6599ba793a5acea8ab31dde0bb664f Mon Sep 17 00:00:00 2001 From: Royce Williams Date: Tue, 9 Jun 2020 11:56:20 -0800 Subject: [PATCH 11/12] wrap kernel optimization warning --- src/interface.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/interface.c b/src/interface.c index 3ac86aedd..81611eab8 100644 --- a/src/interface.c +++ b/src/interface.c @@ -354,7 +354,12 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) { if (hashconfig->has_optimized_kernel == false) { - if (user_options->quiet == false) event_log_warning (hashcat_ctx, "%s: Optimized kernel requested but not needed - falling back to pure kernel", source_file); + if (user_options->quiet == false) + { + event_log_warning (hashcat_ctx, "Kernel %s:", source_file); + event_log_warning (hashcat_ctx, "Optimized kernel requested but not needed - falling back to pure kernel"); + event_log_warning (hashcat_ctx, NULL); + } } else { From 0279572ab32e889978ba6c0555a219776060161a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 10 Jun 2020 10:43:37 +0200 Subject: [PATCH 12/12] Updated docs/changes.txt --- docs/changes.txt | 66 +++++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 1e5cfc3fb..bd25f4746 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -1,22 +1,21 @@ * changes v5.1.0 -> v6.0.0 ## -## Feature +## Features ## -- Fully modularized hash-mode integration via plugin interface and conversion of all existing hash-modes -- Refactor hashcat backend interface to allow adding compute API other than OpenCL -- Added CUDA as a new compute API to hashcat backend (enables hashcat to run on NVIDIA Jetson, IBM POWER9 w/ Nvidia V100, etc.) -- Added new options --backend-ignore-cuda and --backend-ingore-opencl to ignore CUDA and/or OpenCL interface from being load on startup -- Added new parameter --brain-server-timer to specify the seconds for the next scheduled backup -- Added new way to specify the outfile format, the new --outfile-format now also supports timestamps -- Support use of all available GPU memory using CUDA backend -- Support use of all available CPU cores for hash-mode specific hooks +- Refactor hash-mode integration and replaced it with a fully modularized plugin interface +- Converted all existing hardwired hash-modes into hashcat plugins +- Added comprehensive plugin developer guide on how to add new/custom hash-modes to hashcat +- Refactor compute backend interface to allow adding compute API other than OpenCL +- Added CUDA as a new compute backend (enables hashcat to run on NVIDIA Jetson, IBM POWER9 w/ Nvidia V100, etc.) +- Support automatic use of all available GPU memory using CUDA backend +- Support automatic use of all available CPU cores for hash-mode specific hooks - Support on-the-fly loading of compressed wordlists in zip and gzip format -- Support for inline VeraCrypt PIM brute-force - Support deflate decompression for the 7-Zip hash-mode using zlib hook -- Added documentation on hashcat brain, slow-candidate and keyboard-layout mapping features +- Added additional documentation on hashcat brain, slow-candidate interface and keyboard-layout mapping features - Keep output of --show and --left in the original ordering of the input hash file +- Improved performance of many hash-modes ## ## Algorithms @@ -37,9 +36,6 @@ - Added hash-mode: Kerberos 5 Pre-Auth etype 18 (AES256-CTS-HMAC-SHA1-96) - Added hash-mode: Kerberos 5 TGS-REP etype 17 (AES128-CTS-HMAC-SHA1-96) - Added hash-mode: Kerberos 5 TGS-REP etype 18 (AES256-CTS-HMAC-SHA1-96) -- Added hash-mode: md5($salt.sha1($salt.$pass)) -- Added hash-mode: md5(sha1($pass).md5($pass).sha1($pass)) -- Added hash-mode: md5(sha1($salt).md5($pass)) - Added hash-mode: MultiBit Classic .key (MD5) - Added hash-mode: MultiBit HD (scrypt) - Added hash-mode: MySQL $A$ (sha256crypt) @@ -56,14 +52,6 @@ - Added hash-mode: QNX /etc/shadow (SHA512) - Added hash-mode: RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256) - Added hash-mode: Ruby on Rails Restful-Authentication -- Added hash-mode: sha1(md5(md5($pass))) -- Added hash-mode: sha1(md5($pass.$salt)) -- Added hash-mode: sha1(md5($pass).$salt) -- Added hash-mode: sha1($salt1.$pass.$salt2) -- Added hash-mode: sha256(md5($pass)) -- Added hash-mode: sha256($salt.$pass.$salt) -- Added hash-mode: sha256(sha256_bin($pass)) -- Added hash-mode: sha256(sha256($pass).$salt) - Added hash-mode: SecureZIP AES-128 - Added hash-mode: SecureZIP AES-192 - Added hash-mode: SecureZIP AES-256 @@ -73,6 +61,17 @@ - Added hash-mode: Web2py pbkdf2-sha512 - Added hash-mode: WPA-PBKDF2-PMKID+EAPOL - Added hash-mode: WPA-PMK-PMKID+EAPOL +- Added hash-mode: md5($salt.sha1($salt.$pass)) +- Added hash-mode: md5(sha1($pass).md5($pass).sha1($pass)) +- Added hash-mode: md5(sha1($salt).md5($pass)) +- Added hash-mode: sha1(md5(md5($pass))) +- Added hash-mode: sha1(md5($pass.$salt)) +- Added hash-mode: sha1(md5($pass).$salt) +- Added hash-mode: sha1($salt1.$pass.$salt2) +- Added hash-mode: sha256(md5($pass)) +- Added hash-mode: sha256($salt.$pass.$salt) +- Added hash-mode: sha256(sha256_bin($pass)) +- Added hash-mode: sha256(sha256($pass).$salt) ## ## Bugs @@ -81,10 +80,10 @@ - Fixed buffer overflow in build_plain() function - Fixed buffer overflow in mp_add_cs_buf() function - Fixed calculation of brain-session ID, only the first hash of the hashset was taken into account -- Fixed cleanup of password candidate buffers on GPU set from autotune in case -n was used +- Fixed cleanup of password candidate buffers on GPU set from autotune in case -n parameter was used - Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7 -- Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt -- Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data +- Fixed cracking multiple Office hashes (modes 9500, 9600) if hashes shared the same salt +- Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes when testing decrypted data of unexpected format - Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16 - Fixed cracking of DNSSEC (NSEC3) hashes by replacing all dots in the passwords with lengths - Fixed cracking of Electrum Wallet Salt-Type 2 hashes @@ -115,15 +114,16 @@ ## - Bitcoin Wallet: Be more user friendly by allowing a larger data range for ckey and public_key +- Brain: Added new parameter --brain-server-timer to specify the seconds for the next scheduled backup - Building: Fix for library compilation failure due to multiple defenition of sbob_xx64() -- Building: Updated BUILD.md - Cracking bcrypt and Password Safe v2: Use a feedback from the compute API backend to dynamically find out optimal thread count - Dictstat: On Windows, the st_ino attribute in the stat struct is not set which can lead to invalid cache hits. Added the filename to the database entry. -- Documents: Added README on how to build hashcat on MSYS2 +- Documents: Added README on how to build hashcat on Cygwin, MSYS2 and WSL - File handling: Print a truncation warning when an oversized line is detected - My Wallet: Added additional plaintext pattern used in newer versions - Office cracking: Support hash format with second block data for 40-bit oldoffice files (eliminates false positives) - OpenCL Runtime: Added a warning if OpenCL runtime NEO, Beignet, POCL (v1.4 or older) or MESA is detected and skip associated devices (override with --force) +- OpenCL Runtime: Allow the kernel to access post-48k shared memory region on CUDA. Requires both module and kernel preparation - OpenCL Runtime: Disable OpenCL kernel cache on Apple for Intel CPU (throws CL_BUILD_PROGRAM_FAILURE for no reason) - OpenCL Runtime: Do not run shared- and constant-memory size checks if their memory type is of type global memory (typically CPU) - OpenCL Runtime: Improve ROCm detection and make sure to not confuse with recent AMDGPU drivers @@ -133,18 +133,19 @@ - OpenCL Runtime: Workaround JiT compiler error on AMDGPU driver compiling WPA-EAPOL-PBKDF2 OpenCL kernel - OpenCL Runtime: Workaround JiT compiler error on ROCm 2.3 driver if the 'inline' keyword is used in function declaration - OpenCL Runtime: Workaround memory allocation error on AMD driver on Windows leading to CL_MEM_OBJECT_ALLOCATION_FAILURE -- OpenCL Runtime: Workaround ROCm OpenCL driver problem trying to write temporary file into readonly folder by setting TMPDIR -- OpenCL Runtime: Allow the kernel to access post-48k shared memory region on CUDA. Requires both module and kernel preparation +- OpenCL Runtime: Removed some workarounds by calling chdir() to specific folders on startup +- Outfile: Added new systematic to specify the outfile format, the new --outfile-format now also supports timestamps - Startup Checks: Improved the pidfile check: Do not just check for existing PID but also check executable filename - Startup Checks: Prevent the user to modify options which are overwritten automatically in benchmark mode - Startup Screen: Add extra warning when using --force - Startup Screen: Add extra warning when using --keep-guessing - Startup Screen: Provide an estimate of host memory requirements for the requested attack -- Status Screen: Added brain status for all devices +- Status Screen: Added brain status for all compute devices - Status Screen: Added remaining counts and changed recovered count logic - Status Screen: Added --status-json flag for easier machine reading of hashcat status output - Tab Completion: Allow using "make install" version of hashcat - Tuning Database: Updated hashcat.hctune with new models and refreshed vector width values +- VeraCrypt: Added support for VeraCrypt PIM brute-force, replaced --veracrypt-pim with --veracrypt-pim-start and --veracrypt-pim-stop - WipZip cracking: Added two byte early reject, resulting in higher cracking speed - WPA/WPA2 cracking: In the potfile, replace password with PMK in order to detect already cracked networks across all WPA modes @@ -152,6 +153,7 @@ ## Technical ## +- Backend Interface: Added new options --backend-ignore-cuda and --backend-ingore-opencl to ignore CUDA and/or OpenCL API from being used - Binary Distribution: Removed 32-bit binary executables - Building: On macOS, switch from ar to /usr/bin/ar to improve building compatibility - Building: Skipping Travis/Appveyor build for non-code changes @@ -163,18 +165,18 @@ - Codebase: Remove redundant calls to fclose() - Dependencies: Updated LZMA-Headers from 18.05 to 19.00 - Dependencies: Updated OpenCL-Headers to latest version from GitHub master repository +- Hash-Mode 12500 (RAR3-hp): Allow cracking of passwords up to length 64 - Hash-mode 1460 (HMAC-SHA256 (key = $salt)): Allow up to 64 byte of salt - Hash-Mode 1680x (WPA-PMKID) specific: Changed separator character from '*' to ':' - Hash-Mode 8300 (DNSSEC (NSEC3)) specific: Allow empty salt -- Hash-Mode 12500 (RAR3-hp): Allow cracking of passwords up to length 64 - Keep Guessing: No longer automatically activate --keep-guessing for modes 9720, 9820, 14900 and 18100 - Keep Guessing: No longer mark hashes as cracked/removed when in potfile - Kernel Cache: Reactivate OpenCL runtime specific kernel caches - Kernel Compile: Removed -cl-std= from all kernel build options since we're compatible to all OpenCL versions - OpenCL Kernels: Fix OpenCL compiler warning on double precision constants - OpenCL Kernels: Moved "gpu_decompress", "gpu_memset" and "gpu_atinit" into shared.cl in order to reduce compile time -- OpenCL Options: Set --spin-damp to 0 (disabled) by default. With the CUDA backend this workaround became deprecated - OpenCL Options: Removed --opencl-platforms filter in order to force backend device numbers to stay constant +- OpenCL Options: Set --spin-damp to 0 (disabled) by default. With the CUDA backend this workaround became deprecated - Parsers: switched from strtok() to strtok_r() for thread safety - Requirements: Add new requirement for NVIDIA GPU: CUDA Toolkit (9.0 or later) - Requirements: Update runtime check for minimum NVIDIA driver version from 367.x to 440.64 or later