diff --git a/docs/changes.txt b/docs/changes.txt index 42bb6124b..01d86a99e 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -67,6 +67,7 @@ - Fixed incorrect progress-only result in a special race condition - Fixed invalid call of mp_css_utf16le_expand()/mp_css_utf16be_expand() in a slow-candidate session - Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character +- Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256 - Fixed maximum password length limit which was announced as 256 but actually was 255 - Fixed output of IKE PSK (mode 5300 and 5400) hashes to have separators at right position - Fixed output password of "e" rule in pure and cpu rule engine if separator character is also the first letter diff --git a/src/dispatch.c b/src/dispatch.c index b2e936235..428be4371 100644 --- a/src/dispatch.c +++ b/src/dispatch.c @@ -1390,8 +1390,6 @@ static int calc (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param) { get_next_word (hashcat_ctx_tmp, &fp, &line_buf, &line_len); - line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len); - // post-process rule engine if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) diff --git a/src/slow_candidates.c b/src/slow_candidates.c index 222cc4a92..a4033c6cf 100644 --- a/src/slow_candidates.c +++ b/src/slow_candidates.c @@ -125,6 +125,8 @@ void slow_candidates_seek (hashcat_ctx_t *hashcat_ctx, void *extra_info, const u { line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE); + line_len = convert_from_hex (hashcat_ctx, line_buf, line_len); + // post-process rule engine if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) @@ -180,8 +182,6 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) get_next_word (hashcat_ctx, fp, &line_buf, &line_len); - line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len); - // post-process rule engine char rule_buf_out[RP_PASSWORD_SIZE]; @@ -250,21 +250,22 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) { get_next_word (hashcat_ctx, base_fp, &line_buf, &line_len); - line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len); - // post-process rule engine + char rule_buf_out[RP_PASSWORD_SIZE]; + if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) { if (line_len >= RP_PASSWORD_SIZE) continue; - char rule_buf_out[RP_PASSWORD_SIZE]; - memset (rule_buf_out, 0, sizeof (rule_buf_out)); const int rule_len_out = _old_apply_rule (user_options->rule_buf_l, (int) user_options_extra->rule_len_l, line_buf, (int) line_len, rule_buf_out); if (rule_len_out < 0) continue; + + line_buf = rule_buf_out; + line_len = (u32) rule_len_out; } break; @@ -288,6 +289,8 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) { line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE); + line_len = convert_from_hex (hashcat_ctx, line_buf, line_len); + // post-process rule engine if (run_rule_engine ((int) user_options_extra->rule_len_r, user_options->rule_buf_r)) diff --git a/src/wordlist.c b/src/wordlist.c index 57bd36346..7ac0b07c1 100644 --- a/src/wordlist.c +++ b/src/wordlist.c @@ -187,7 +187,13 @@ void get_next_word (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, char **out_buf, u32 wl_data->pos += off; + // do the on-the-fly hex decode using original buffer + // this is safe as length only decreases in size + + len = (u32) convert_from_hex (hashcat_ctx, ptr, len); + // do the on-the-fly encoding + // needs to write into new buffer because size case both decrease and increase if (wl_data->iconv_enabled == true) { @@ -204,6 +210,8 @@ void get_next_word (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, char **out_buf, u32 len = HCBUFSIZ_TINY - iconv_sz; } + // this is only a test for length, not writing into output buffer + if (run_rule_engine (user_options_extra->rule_len_l, user_options->rule_buf_l)) { if (len >= RP_PASSWORD_SIZE) continue; @@ -444,6 +452,11 @@ int count_words (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, const char *dictfile, u i += off; + // do the on-the-fly hex decode using original buffer + // this is safe as length only decreases in size + + len = (u32) convert_from_hex (hashcat_ctx, ptr, len); + // do the on-the-fly encoding if (wl_data->iconv_enabled == true)