diff --git a/include/interface_migrate.h b/include/interface_migrate.h index 00a0aca31..ae37dd4aa 100644 --- a/include/interface_migrate.h +++ b/include/interface_migrate.h @@ -595,19 +595,6 @@ typedef struct oraclet_tmp } oraclet_tmp_t; -typedef struct seven_zip_tmp -{ - u32 h[8]; - - u32 w0[4]; - u32 w1[4]; - u32 w2[4]; - u32 w3[4]; - - int len; - -} seven_zip_tmp_t; - typedef struct bsdicrypt_tmp { u32 Kc[16]; @@ -880,7 +867,6 @@ typedef enum kern_type KERN_TYPE_BITCOIN_WALLET = 11300, KERN_TYPE_SIP_AUTH = 11400, KERN_TYPE_CRC32 = 11500, - KERN_TYPE_SEVEN_ZIP = 11600, KERN_TYPE_STREEBOG_256 = 11700, KERN_TYPE_HMAC_STREEBOG_256_PW = 11750, KERN_TYPE_HMAC_STREEBOG_256_SLT = 11760, @@ -970,7 +956,6 @@ typedef enum rounds_count ROUNDS_PDF17L8 = 64, ROUNDS_PBKDF2_SHA256 = 1000, ROUNDS_BITCOIN_WALLET = 200000, - ROUNDS_SEVEN_ZIP = (1 << 19), ROUNDS_PBKDF2_MD5 = 1000, ROUNDS_PBKDF2_SHA512 = 1000, ROUNDS_ECRYPTFS = 65536, @@ -1112,7 +1097,6 @@ int mysql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu int bitcoin_wallet_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int sip_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int crc32_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int seven_zip_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int streebog_256_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int streebog_512_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int pbkdf2_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); @@ -1180,41 +1164,6 @@ typedef struct tc } tc_t; -typedef struct seven_zip_hook -{ - u32 ukey[8]; - - u32 hook_success; - -} seven_zip_hook_t; - -typedef struct seven_zip_hook_salt -{ - u32 iv_buf[4]; - u32 iv_len; - - u32 salt_buf[4]; - u32 salt_len; - - u32 crc; - u32 crc_len; - - u8 data_type; - - u32 data_buf[81882]; - u32 data_len; - - u32 unpack_size; - - char coder_attributes[5 + 1]; - u8 coder_attributes_len; - - int aes_len; // pre-computed length of the maximal (subset of) data we need for AES-CBC - -} seven_zip_hook_salt_t; - - - static const u32 KERN_TYPE_TOTP_HMACSHA1 = 18100; static const u32 KERN_TYPE_LUKS_SHA1_AES = 14611; diff --git a/src/Makefile b/src/Makefile index 540a14d1a..bcad78956 100644 --- a/src/Makefile +++ b/src/Makefile @@ -389,7 +389,11 @@ WIN_64_OBJS += $(foreach OBJ,$(OBJS_XXHASH),obj/$(OBJ).WIN.64.o) endif endif -MODULE_OBJS_ALL := bitops convert cpu_aes cpu_des cpu_md5 memory shared +MODULE_OBJS_ALL := bitops convert cpu_aes cpu_crc32 cpu_des cpu_md5 ext_lzma memory shared + +ifeq ($(USE_SYSTEM_LZMA),0) +MODULE_OBJS_ALL += Alloc Lzma2Dec LzmaDec +endif MODULE_NATIVE_STATIC_OBJS := $(foreach OBJ,$(MODULE_OBJS_ALL),obj/$(OBJ).NATIVE.STATIC.o) MODULE_NATIVE_SHARED_OBJS := $(foreach OBJ,$(MODULE_OBJS_ALL),obj/$(OBJ).NATIVE.SHARED.o) diff --git a/src/cpu_crc32.c b/src/cpu_crc32.c index 670e4f949..2f0d328e0 100644 --- a/src/cpu_crc32.c +++ b/src/cpu_crc32.c @@ -96,13 +96,6 @@ int cpu_crc32 (hashcat_ctx_t *hashcat_ctx, const char *filename, u8 keytab[64]) FILE *fd = fopen (filename, "rb"); - if (fd == NULL) - { - event_log_error (hashcat_ctx, "%s: %s", filename, strerror (errno)); - - return -1; - } - #define MAX_KEY_SIZE (1024 * 1024) u8 *buf = (u8 *) hcmalloc (MAX_KEY_SIZE + 1); diff --git a/src/interface_migrate.c b/src/interface_migrate.c index 22c5b42df..2eb731893 100644 --- a/src/interface_migrate.c +++ b/src/interface_migrate.c @@ -134,7 +134,6 @@ " 9100 | Lotus Notes/Domino 8 | Enterprise Application Software (EAS)", " 133 | PeopleSoft | Enterprise Application Software (EAS)", " 13500 | PeopleSoft PS_TOKEN | Enterprise Application Software (EAS)", - " 11600 | 7-Zip | Archives", " 12500 | RAR3-hp | Archives", " 13000 | RAR5 | Archives", " 13200 | AxCrypt | Archives", @@ -387,7 +386,6 @@ static const char *ST_HASH_11200 = "$mysqlna$25766705685313717636431010562137517 static const char *ST_HASH_11300 = "$bitcoin$96$c265931309b4a59307921cf054b4ec6b6e4554369be79802e94e16477645777d948ae1d375191831efc78e5acd1f0443$16$8017214013543185$200460$96$480008005625057442352316337722323437108374245623701184230273883222762730232857701607167815448714$66$014754433300175043011633205413774877455616682000536368706315333388"; static const char *ST_HASH_11400 = "$sip$*72087*1215344588738747***342210558720*737232616*1215344588738747*8867133055*65600****MD5*e9980869221f9d1182c83b0d5e56a7db"; static const char *ST_HASH_11500 = "c762de4a:00000000"; -static const char *ST_HASH_11600 = "$7z$0$14$0$$11$33363437353138333138300000000000$2365089182$16$12$d00321533b483f54a523f624a5f63269"; static const char *ST_HASH_11700 = "57e9e50caec93d72e9498c211d6dc4f4d328248b48ecf46ba7abfa874f666e36"; static const char *ST_HASH_11750 = "0f71c7c82700c9094ca95eee3d804cc283b538bec49428a9ef8da7b34effb3ba:08151337"; static const char *ST_HASH_11760 = "d5c6b874338a492ac57ddc6871afc3c70dcfd264185a69d84cf839a07ef92b2c:08151337"; @@ -558,7 +556,6 @@ static const char *HT_11200 = "MySQL CRAM (SHA1)"; static const char *HT_11300 = "Bitcoin/Litecoin wallet.dat"; static const char *HT_11400 = "SIP digest authentication (MD5)"; static const char *HT_11500 = "CRC32"; -static const char *HT_11600 = "7-Zip"; static const char *HT_11700 = "GOST R 34.11-2012 (Streebog) 256-bit, big-endian"; static const char *HT_11750 = "HMAC-Streebog-256 (key = $pass), big-endian"; static const char *HT_11760 = "HMAC-Streebog-256 (key = $salt), big-endian"; @@ -718,7 +715,6 @@ static const char *SIGNATURE_RAR3 = "$RAR3$"; static const char *SIGNATURE_RAR5 = "$rar5$"; static const char *SIGNATURE_SAPH_SHA1 = "{x-issha, "; static const char *SIGNATURE_SCRYPT = "SCRYPT"; -static const char *SIGNATURE_SEVEN_ZIP = "$7z$"; static const char *SIGNATURE_SHA1AIX = "{ssha1}"; static const char *SIGNATURE_SHA1B64 = "{SHA}"; static const char *SIGNATURE_SHA256AIX = "{ssha256}"; @@ -10816,291 +10812,6 @@ int crc32_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUS return (PARSER_OK); } -int seven_zip_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - seven_zip_hook_salt_t *seven_zip = (seven_zip_hook_salt_t *) hash_buf->hook_salt; - - token_t token; - - token.token_cnt = 11; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_SEVEN_ZIP; - - token.len[0] = 4; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.sep[1] = '$'; - token.len_min[1] = 1; - token.len_max[1] = 1; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[2] = '$'; - token.len_min[2] = 1; - token.len_max[2] = 2; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[3] = '$'; - token.len_min[3] = 1; - token.len_max[3] = 1; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[4] = '$'; - token.len_min[4] = 0; - token.len_max[4] = 64; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; - - token.sep[5] = '$'; - token.len_min[5] = 1; - token.len_max[5] = 2; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[6] = '$'; - token.len_min[6] = 32; - token.len_max[6] = 32; - token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[7] = '$'; - token.len_min[7] = 1; - token.len_max[7] = 10; - token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[8] = '$'; - token.len_min[8] = 1; - token.len_max[8] = 4; - token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[9] = '$'; - token.len_min[9] = 1; - token.len_max[9] = 4; - token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[10] = '$'; - token.len_min[10] = 2; - token.len_max[10] = 655056; - token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *data_type_pos = token.buf[ 1]; - const u8 *NumCyclesPower_pos = token.buf[ 2]; - const u8 *salt_len_pos = token.buf[ 3]; - const u8 *salt_buf_pos = token.buf[ 4]; - const u8 *iv_len_pos = token.buf[ 5]; - const u8 *iv_buf_pos = token.buf[ 6]; - const u8 *crc_buf_pos = token.buf[ 7]; - const u8 *data_len_pos = token.buf[ 8]; - const u8 *unpack_size_pos = token.buf[ 9]; - const u8 *data_buf_pos = token.buf[10]; - - const int data_type_len = token.len[ 1]; - const int NumCyclesPower_len = token.len[ 2]; - const int salt_len_len = token.len[ 3]; - const int salt_buf_len = token.len[ 4]; - const int iv_len_len = token.len[ 5]; - const int iv_buf_len = token.len[ 6]; - const int crc_buf_len = token.len[ 7]; - const int data_len_len = token.len[ 8]; - const int unpack_size_len = token.len[ 9]; - int data_buf_len = token.len[10]; - - // fields only used when data was compressed: - - u8 *crc_len_pos = (u8 *) strchr ((const char *) data_buf_pos, '$'); - - u32 crc_len_len = 0; - u8 *coder_attributes_pos = 0; - u32 coder_attributes_len = 0; - - if (crc_len_pos != NULL) - { - data_buf_len = crc_len_pos - data_buf_pos; - - crc_len_pos++; - - coder_attributes_pos = (u8 *) strchr ((const char *) crc_len_pos, '$'); - - if (coder_attributes_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); - - crc_len_len = coder_attributes_pos - crc_len_pos; - - coder_attributes_pos++; - } - - if (is_valid_hex_string (data_buf_pos, data_buf_len) == false) return (PARSER_SALT_ENCODING); - - const int iter = hc_strtoul ((const char *) NumCyclesPower_pos, NULL, 10); - const int crc = hc_strtoul ((const char *) crc_buf_pos, NULL, 10); - const int data_type = hc_strtoul ((const char *) data_type_pos, NULL, 10); - const int salt_len = hc_strtoul ((const char *) salt_len_pos, NULL, 10); - const int iv_len = hc_strtoul ((const char *) iv_len_pos, NULL, 10); - const int unpack_size = hc_strtoul ((const char *) unpack_size_pos, NULL, 10); - const int data_len = hc_strtoul ((const char *) data_len_pos, NULL, 10); - - // if neither uncompressed nor truncated, then we need the length for crc and coder attributes - - int crc_len = 0; - - bool is_compressed = ((data_type != 0) && (data_type != 0x80)); - - if (is_compressed == true) - { - if (crc_len_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); - - coder_attributes_len = input_len - 1 - 2 - 1 - data_type_len - 1 - NumCyclesPower_len - 1 - salt_len_len - 1 - salt_buf_len - 1 - iv_len_len - 1 - iv_buf_len - 1 - crc_buf_len - 1 - data_len_len - 1 - unpack_size_len - 1 - data_buf_len - 1 - crc_len_len - 1; - - crc_len = hc_strtoul ((const char *) crc_len_pos, NULL, 10); - } - - /** - * verify some data - */ - - if (data_type > 2) // this includes also 0x80 (special case that means "truncated") - { - return (PARSER_SALT_VALUE); - } - - if (salt_len != 0) return (PARSER_SALT_VALUE); - - if ((data_len * 2) != data_buf_len) return (PARSER_SALT_VALUE); - - if (data_len > 327528) return (PARSER_SALT_VALUE); - - if (unpack_size > data_len) return (PARSER_SALT_VALUE); - - if (is_compressed == true) - { - if (crc_len_len > 7) return (PARSER_SALT_VALUE); - - if (coder_attributes_len > 10) return (PARSER_SALT_VALUE); - - if ((coder_attributes_len % 2) != 0) return (PARSER_SALT_VALUE); - - // we should be more strict about the needed attribute_len: - - if (data_type == 1) // LZMA1 - { - if ((coder_attributes_len / 2) != 5) return (PARSER_SALT_VALUE); - } - else if (data_type == 2) // LZMA2 - { - if ((coder_attributes_len / 2) != 1) return (PARSER_SALT_VALUE); - } - } - - /** - * store data - */ - - seven_zip->data_type = data_type; - - seven_zip->iv_buf[0] = hex_to_u32 (iv_buf_pos + 0); - seven_zip->iv_buf[1] = hex_to_u32 (iv_buf_pos + 8); - seven_zip->iv_buf[2] = hex_to_u32 (iv_buf_pos + 16); - seven_zip->iv_buf[3] = hex_to_u32 (iv_buf_pos + 24); - - seven_zip->iv_len = iv_len; - - memcpy (seven_zip->salt_buf, salt_buf_pos, salt_buf_len); // we just need that for later ascii_digest() - - seven_zip->salt_len = 0; - - seven_zip->crc = crc; - - for (int i = 0, j = 0; j < data_buf_len; i += 1, j += 8) - { - seven_zip->data_buf[i] = hex_to_u32 (data_buf_pos + j); - } - - seven_zip->data_len = data_len; - - seven_zip->unpack_size = unpack_size; - - seven_zip->crc_len = crc_len; - - memset (seven_zip->coder_attributes, 0, sizeof (seven_zip->coder_attributes)); - - seven_zip->coder_attributes_len = 0; - - if (is_compressed == 1) - { - if (is_valid_hex_string (coder_attributes_pos, coder_attributes_len) == false) return (PARSER_SALT_ENCODING); - - for (u32 i = 0, j = 0; j < coder_attributes_len; i += 1, j += 2) - { - seven_zip->coder_attributes[i] = hex_to_u8 ((const u8 *) &coder_attributes_pos[j]); - - seven_zip->coder_attributes_len++; - } - } - - // normally: crc_len <= unpacksize <= packsize (== data_len) - - int aes_len = data_len; - - if (crc_len != 0) // it is 0 only in case of uncompressed data or truncated data - { - // in theory we could just use crc_len, but sometimes (very rare) the compressed data - // is larger than the original data! (because of some additional bytes from lzma/headers) - // the +0.5 is used to round up (just to be sure we don't truncate) - - if (data_type == 1) // LZMA1 uses more bytes - { - aes_len = 32.5f + (float) crc_len * 1.05f; // +5% max (only for small random inputs) - } - else if (data_type == 2) // LZMA2 is more clever (e.g. uncompressed chunks) - { - aes_len = 4.5f + (float) crc_len * 1.01f; // +1% max (only for small random inputs) - } - - // just make sure we never go beyond the data_len limit itself - - aes_len = MIN (aes_len, data_len); - } - - seven_zip->aes_len = aes_len; - - // real salt - - salt->salt_buf[0] = seven_zip->data_buf[0]; - salt->salt_buf[1] = seven_zip->data_buf[1]; - salt->salt_buf[2] = seven_zip->data_buf[2]; - salt->salt_buf[3] = seven_zip->data_buf[3]; - - salt->salt_len = 16; - - salt->salt_sign[0] = data_type; - - salt->salt_iter = 1u << iter; - - /** - * digest - */ - - digest[0] = crc; - digest[1] = 0; - digest[2] = 0; - digest[3] = 0; - - return (PARSER_OK); -} - int streebog_256_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -15312,8 +15023,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo if (hashconfig->is_salted == true) { - - // special salt handling switch (hashconfig->hash_mode) @@ -15370,8 +15079,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo break; case 11500: salt->salt_len = 4; break; - case 11600: salt->salt_len = 4; - break; case 12400: salt->salt_len = 4; break; case 12500: salt->salt_len = 8; @@ -15465,16 +15172,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo ((jwt_t *) esalt)->salt_len = 32; break; } - - // special hook salt handling - - switch (hashconfig->hash_mode) - { - case 11600: ((seven_zip_hook_salt_t *) hook_salt)->iv_len = 16; - ((seven_zip_hook_salt_t *) hook_salt)->data_len = 112; - ((seven_zip_hook_salt_t *) hook_salt)->unpack_size = 112; - break; - } } // set default iterations @@ -15561,8 +15258,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo break; case 11300: salt->salt_iter = ROUNDS_BITCOIN_WALLET - 1; break; - case 11600: salt->salt_iter = ROUNDS_SEVEN_ZIP; - break; case 11900: salt->salt_iter = ROUNDS_PBKDF2_MD5 - 1; break; case 12001: salt->salt_iter = ROUNDS_ATLASSIAN - 1; @@ -17282,77 +16977,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, { snprintf (out_buf, out_size, "%08x:%s", byte_swap_32 (digest_buf[0]), (char *) salt.salt_buf); } - else if (hash_mode == 11600) - { - seven_zip_hook_salt_t *seven_zips = (seven_zip_hook_salt_t *) hashes->hook_salts_buf; - - seven_zip_hook_salt_t *seven_zip = &seven_zips[digest_cur]; - - const u32 data_len = seven_zip->data_len; - - char *data_buf = (char *) hcmalloc ((data_len * 2) + 1); - - for (u32 i = 0, j = 0; i < data_len; i += 1, j += 2) - { - const u8 *ptr = (const u8 *) seven_zip->data_buf; - - snprintf (data_buf + j, (data_len * 2) + 1 - j, "%02x", ptr[i]); - } - - u32 salt_iter = salt.salt_iter; - - u32 iv[4]; - - iv[0] = byte_swap_32 (seven_zip->iv_buf[0]); - iv[1] = byte_swap_32 (seven_zip->iv_buf[1]); - iv[2] = byte_swap_32 (seven_zip->iv_buf[2]); - iv[3] = byte_swap_32 (seven_zip->iv_buf[3]); - - u32 iv_len = seven_zip->iv_len; - - u32 cost = 0; // the log2 () of salt_iter - - while (salt_iter >>= 1) - { - cost++; - } - - snprintf (out_buf, out_size, "%s%u$%u$%u$%s$%u$%08x%08x%08x%08x$%u$%u$%u$%s", - SIGNATURE_SEVEN_ZIP, - salt.salt_sign[0], - cost, - seven_zip->salt_len, - (char *) seven_zip->salt_buf, - iv_len, - iv[0], - iv[1], - iv[2], - iv[3], - seven_zip->crc, - seven_zip->data_len, - seven_zip->unpack_size, - data_buf); - - if (seven_zip->data_type > 0) - { - u32 bytes_written = strlen (out_buf); - - snprintf (out_buf + bytes_written, out_len - bytes_written, "$%u$", seven_zip->crc_len); - - bytes_written = strlen (out_buf); - - const u8 *ptr = (const u8 *) seven_zip->coder_attributes; - - for (u32 i = 0, j = 0; i < seven_zip->coder_attributes_len; i += 1, j += 2) - { - snprintf (out_buf + bytes_written, out_len - bytes_written, "%02x", ptr[i]); - - bytes_written += 2; - } - } - - hcfree (data_buf); - } else if (hash_mode == 11700 || hash_mode == 11750 || hash_mode == 11760) { snprintf (out_buf, out_size, "%08x%08x%08x%08x%08x%08x%08x%08x", @@ -21513,23 +21137,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 11600: hashconfig->hash_type = HASH_TYPE_AES; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_HOOK23; - hashconfig->kern_type = KERN_TYPE_SEVEN_ZIP; - hashconfig->dgst_size = DGST_SIZE_4_4; // originally DGST_SIZE_4_2 - hashconfig->parse_func = seven_zip_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_11600; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 11700: hashconfig->hash_type = HASH_TYPE_STREEBOG_256; hashconfig->salt_type = SALT_TYPE_NONE; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -22916,13 +22523,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 18300: hashconfig->esalt_size = sizeof (apple_secure_notes_t); break; } - // hook_salt_size - - switch (hashconfig->hash_mode) - { - case 11600: hashconfig->hook_salt_size = sizeof (seven_zip_hook_salt_t); break; - } - // tmp_size switch (hashconfig->hash_mode) @@ -22965,7 +22565,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 10700: hashconfig->tmp_size = sizeof (pdf17l8_tmp_t); break; case 10900: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 11300: hashconfig->tmp_size = sizeof (bitcoin_wallet_tmp_t); break; - case 11600: hashconfig->tmp_size = sizeof (seven_zip_tmp_t); break; case 11900: hashconfig->tmp_size = sizeof (pbkdf2_md5_tmp_t); break; case 12001: hashconfig->tmp_size = sizeof (pbkdf2_sha1_tmp_t); break; case 12100: hashconfig->tmp_size = sizeof (pbkdf2_sha512_tmp_t); break; @@ -23014,13 +22613,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 18300: hashconfig->tmp_size = sizeof (apple_secure_notes_tmp_t); break; }; - // hook_size - - switch (hashconfig->hash_mode) - { - case 11600: hashconfig->hook_size = sizeof (seven_zip_hook_t); break; - }; - } u32 default_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) @@ -23146,7 +22738,6 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co case 10600: pw_max = 127; break; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ case 10900: pw_max = PW_MAX; break; case 11300: pw_max = PW_MAX; break; - case 11600: pw_max = PW_MAX; break; case 11900: pw_max = PW_MAX; break; case 12001: pw_max = PW_MAX; break; case 12200: pw_max = PW_MAX; break; @@ -23307,163 +22898,7 @@ u32 default_forced_outfile_format } -// goes into seven zip module -void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pws_cnt) -{ - seven_zip_hook_t *hook_items = (seven_zip_hook_t *) device_param->hooks_buf; - - seven_zip_hook_salt_t *seven_zips = (seven_zip_hook_salt_t *) hook_salts_buf; - seven_zip_hook_salt_t *seven_zip = &seven_zips[salt_pos]; - - u8 data_type = seven_zip->data_type; - u32 *data_buf = seven_zip->data_buf; - u32 unpack_size = seven_zip->unpack_size; - - for (u64 pw_pos = 0; pw_pos < pws_cnt; pw_pos++) - { - // this hook data needs to be updated (the "hook_success" variable): - - seven_zip_hook_t *hook_item = &hook_items[pw_pos]; - - const u8 *ukey = (const u8 *) hook_item->ukey; - - // init AES - - AES_KEY aes_key; - - memset (&aes_key, 0, sizeof (aes_key)); - - AES_set_decrypt_key (ukey, 256, &aes_key); - - int aes_len = seven_zip->aes_len; - - u32 data[4]; - u32 out [4]; - u32 iv [4]; - iv[0] = seven_zip->iv_buf[0]; - iv[1] = seven_zip->iv_buf[1]; - iv[2] = seven_zip->iv_buf[2]; - iv[3] = seven_zip->iv_buf[3]; - - u32 out_full[81882]; - - // if aes_len > 16 we need to loop - - int i = 0; - int j = 0; - - for (i = 0, j = 0; i < aes_len - 16; i += 16, j += 4) - { - data[0] = data_buf[j + 0]; - data[1] = data_buf[j + 1]; - data[2] = data_buf[j + 2]; - data[3] = data_buf[j + 3]; - - AES_decrypt (&aes_key, (u8*) data, (u8*) out); - - out[0] ^= iv[0]; - out[1] ^= iv[1]; - out[2] ^= iv[2]; - out[3] ^= iv[3]; - - iv[0] = data[0]; - iv[1] = data[1]; - iv[2] = data[2]; - iv[3] = data[3]; - - out_full[j + 0] = out[0]; - out_full[j + 1] = out[1]; - out_full[j + 2] = out[2]; - out_full[j + 3] = out[3]; - } - - // we need to run it at least once: - - data[0] = data_buf[j + 0]; - data[1] = data_buf[j + 1]; - data[2] = data_buf[j + 2]; - data[3] = data_buf[j + 3]; - - AES_decrypt (&aes_key, (u8*) data, (u8*) out); - - out[0] ^= iv[0]; - out[1] ^= iv[1]; - out[2] ^= iv[2]; - out[3] ^= iv[3]; - - out_full[j + 0] = out[0]; - out_full[j + 1] = out[1]; - out_full[j + 2] = out[2]; - out_full[j + 3] = out[3]; - - /* - * check the CRC32 "hash" - */ - - u32 seven_zip_crc = seven_zip->crc; - - u32 crc; - - if (data_type == 0) // uncompressed - { - crc = cpu_crc32_buffer ((u8 *) out_full, unpack_size); - } - else - { - u32 crc_len = seven_zip->crc_len; - - char *coder_attributes = seven_zip->coder_attributes; - - // input buffers and length - - u8 *compressed_data = (u8 *) out_full; - - SizeT compressed_data_len = aes_len; - - // output buffers and length - - unsigned char *decompressed_data; - - decompressed_data = (unsigned char *) hcmalloc (crc_len); - - SizeT decompressed_data_len = crc_len; - - int ret; - - if (data_type == 1) // LZMA1 - { - ret = hc_lzma1_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes); - } - else // we only support LZMA2 in addition to LZMA1 - { - ret = hc_lzma2_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes); - } - - if (ret != SZ_OK) - { - hook_item->hook_success = 0; - - hcfree (decompressed_data); - - continue; - } - - crc = cpu_crc32_buffer (decompressed_data, crc_len); - - hcfree (decompressed_data); - } - - if (crc == seven_zip_crc) - { - hook_item->hook_success = 1; - } - else - { - hook_item->hook_success = 0; - } - } -} static void precompute_salt_md5 (const u32 *salt_buf, const u32 salt_len, u8 *salt_pc) { @@ -23512,7 +22947,7 @@ bool outfile_check_nocomp } } -int module_hash_decode_outfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, const char *line_buf, MAYBE_UNUSED const int line_len) +int module_hash_decode_outfile { diff --git a/src/modules/module_11600.c b/src/modules/module_11600.c new file mode 100644 index 000000000..14546f0eb --- /dev/null +++ b/src/modules/module_11600.c @@ -0,0 +1,702 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_aes.h" +#include "cpu_crc32.h" +#include "ext_lzma.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_ARCHIVE; +static const char *HASH_NAME = "7-Zip"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 11600; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_HOOK23; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$7z$0$14$0$$11$33363437353138333138300000000000$2365089182$16$12$d00321533b483f54a523f624a5f63269"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct seven_zip_tmp +{ + u32 h[8]; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + int len; + +} seven_zip_tmp_t; + +typedef struct seven_zip_hook +{ + u32 ukey[8]; + + u32 hook_success; + +} seven_zip_hook_t; + +typedef struct seven_zip_hook_salt +{ + u32 iv_buf[4]; + u32 iv_len; + + u32 salt_buf[4]; + u32 salt_len; + + u32 crc; + u32 crc_len; + + u8 data_type; + + u32 data_buf[81882]; + u32 data_len; + + u32 unpack_size; + + char coder_attributes[5 + 1]; + u8 coder_attributes_len; + + int aes_len; // pre-computed length of the maximal (subset of) data we need for AES-CBC + +} seven_zip_hook_salt_t; + +static const char *SIGNATURE_SEVEN_ZIP = "$7z$"; + +void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pws_cnt) +{ + seven_zip_hook_t *hook_items = (seven_zip_hook_t *) device_param->hooks_buf; + + seven_zip_hook_salt_t *seven_zips = (seven_zip_hook_salt_t *) hook_salts_buf; + seven_zip_hook_salt_t *seven_zip = &seven_zips[salt_pos]; + + u8 data_type = seven_zip->data_type; + u32 *data_buf = seven_zip->data_buf; + u32 unpack_size = seven_zip->unpack_size; + + for (u64 pw_pos = 0; pw_pos < pws_cnt; pw_pos++) + { + // this hook data needs to be updated (the "hook_success" variable): + + seven_zip_hook_t *hook_item = &hook_items[pw_pos]; + + const u8 *ukey = (const u8 *) hook_item->ukey; + + // init AES + + AES_KEY aes_key; + + memset (&aes_key, 0, sizeof (aes_key)); + + AES_set_decrypt_key (ukey, 256, &aes_key); + + int aes_len = seven_zip->aes_len; + + u32 data[4]; + u32 out [4]; + u32 iv [4]; + + iv[0] = seven_zip->iv_buf[0]; + iv[1] = seven_zip->iv_buf[1]; + iv[2] = seven_zip->iv_buf[2]; + iv[3] = seven_zip->iv_buf[3]; + + u32 out_full[81882]; + + // if aes_len > 16 we need to loop + + int i = 0; + int j = 0; + + for (i = 0, j = 0; i < aes_len - 16; i += 16, j += 4) + { + data[0] = data_buf[j + 0]; + data[1] = data_buf[j + 1]; + data[2] = data_buf[j + 2]; + data[3] = data_buf[j + 3]; + + AES_decrypt (&aes_key, (u8*) data, (u8*) out); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; + + out_full[j + 0] = out[0]; + out_full[j + 1] = out[1]; + out_full[j + 2] = out[2]; + out_full[j + 3] = out[3]; + } + + // we need to run it at least once: + + data[0] = data_buf[j + 0]; + data[1] = data_buf[j + 1]; + data[2] = data_buf[j + 2]; + data[3] = data_buf[j + 3]; + + AES_decrypt (&aes_key, (u8*) data, (u8*) out); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + out_full[j + 0] = out[0]; + out_full[j + 1] = out[1]; + out_full[j + 2] = out[2]; + out_full[j + 3] = out[3]; + + /* + * check the CRC32 "hash" + */ + + u32 seven_zip_crc = seven_zip->crc; + + u32 crc; + + if (data_type == 0) // uncompressed + { + crc = cpu_crc32_buffer ((u8 *) out_full, unpack_size); + } + else + { + u32 crc_len = seven_zip->crc_len; + + char *coder_attributes = seven_zip->coder_attributes; + + // input buffers and length + + u8 *compressed_data = (u8 *) out_full; + + SizeT compressed_data_len = aes_len; + + // output buffers and length + + unsigned char *decompressed_data; + + decompressed_data = (unsigned char *) hcmalloc (crc_len); + + SizeT decompressed_data_len = crc_len; + + int ret; + + if (data_type == 1) // LZMA1 + { + ret = hc_lzma1_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes); + } + else // we only support LZMA2 in addition to LZMA1 + { + ret = hc_lzma2_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes); + } + + if (ret != SZ_OK) + { + hook_item->hook_success = 0; + + hcfree (decompressed_data); + + continue; + } + + crc = cpu_crc32_buffer (decompressed_data, crc_len); + + hcfree (decompressed_data); + } + + if (crc == seven_zip_crc) + { + hook_item->hook_success = 1; + } + else + { + hook_item->hook_success = 0; + } + } +} + +u64 module_hook_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 hook_size = (const u64) sizeof (seven_zip_hook_t); + + return hook_size; +} + +u64 module_hook_salt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 hook_salt_size = (const u64) sizeof (seven_zip_hook_salt_t); + + return hook_salt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (seven_zip_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + seven_zip_hook_salt_t *seven_zip = (seven_zip_hook_salt_t *) hook_salt_buf; + + token_t token; + + token.token_cnt = 11; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_SEVEN_ZIP; + + token.len[0] = 4; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '$'; + token.len_min[1] = 1; + token.len_max[1] = 1; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '$'; + token.len_min[2] = 1; + token.len_max[2] = 2; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[3] = '$'; + token.len_min[3] = 1; + token.len_max[3] = 1; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[4] = '$'; + token.len_min[4] = 0; + token.len_max[4] = 64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; + + token.sep[5] = '$'; + token.len_min[5] = 1; + token.len_max[5] = 2; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[6] = '$'; + token.len_min[6] = 32; + token.len_max[6] = 32; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = '$'; + token.len_min[7] = 1; + token.len_max[7] = 10; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[8] = '$'; + token.len_min[8] = 1; + token.len_max[8] = 4; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[9] = '$'; + token.len_min[9] = 1; + token.len_max[9] = 4; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[10] = '$'; + token.len_min[10] = 2; + token.len_max[10] = 655056; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *data_type_pos = token.buf[ 1]; + const u8 *NumCyclesPower_pos = token.buf[ 2]; + const u8 *salt_len_pos = token.buf[ 3]; + const u8 *salt_buf_pos = token.buf[ 4]; + const u8 *iv_len_pos = token.buf[ 5]; + const u8 *iv_buf_pos = token.buf[ 6]; + const u8 *crc_buf_pos = token.buf[ 7]; + const u8 *data_len_pos = token.buf[ 8]; + const u8 *unpack_size_pos = token.buf[ 9]; + const u8 *data_buf_pos = token.buf[10]; + + const int data_type_len = token.len[ 1]; + const int NumCyclesPower_len = token.len[ 2]; + const int salt_len_len = token.len[ 3]; + const int salt_buf_len = token.len[ 4]; + const int iv_len_len = token.len[ 5]; + const int iv_buf_len = token.len[ 6]; + const int crc_buf_len = token.len[ 7]; + const int data_len_len = token.len[ 8]; + const int unpack_size_len = token.len[ 9]; + int data_buf_len = token.len[10]; + + // fields only used when data was compressed: + + u8 *crc_len_pos = (u8 *) strchr ((const char *) data_buf_pos, '$'); + + u32 crc_len_len = 0; + u8 *coder_attributes_pos = 0; + u32 coder_attributes_len = 0; + + if (crc_len_pos != NULL) + { + data_buf_len = crc_len_pos - data_buf_pos; + + crc_len_pos++; + + coder_attributes_pos = (u8 *) strchr ((const char *) crc_len_pos, '$'); + + if (coder_attributes_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + crc_len_len = coder_attributes_pos - crc_len_pos; + + coder_attributes_pos++; + } + + if (is_valid_hex_string (data_buf_pos, data_buf_len) == false) return (PARSER_SALT_ENCODING); + + const int iter = hc_strtoul ((const char *) NumCyclesPower_pos, NULL, 10); + const int crc = hc_strtoul ((const char *) crc_buf_pos, NULL, 10); + const int data_type = hc_strtoul ((const char *) data_type_pos, NULL, 10); + const int salt_len = hc_strtoul ((const char *) salt_len_pos, NULL, 10); + const int iv_len = hc_strtoul ((const char *) iv_len_pos, NULL, 10); + const int unpack_size = hc_strtoul ((const char *) unpack_size_pos, NULL, 10); + const int data_len = hc_strtoul ((const char *) data_len_pos, NULL, 10); + + // if neither uncompressed nor truncated, then we need the length for crc and coder attributes + + int crc_len = 0; + + bool is_compressed = ((data_type != 0) && (data_type != 0x80)); + + if (is_compressed == true) + { + if (crc_len_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + coder_attributes_len = line_len - 1 - 2 - 1 - data_type_len - 1 - NumCyclesPower_len - 1 - salt_len_len - 1 - salt_buf_len - 1 - iv_len_len - 1 - iv_buf_len - 1 - crc_buf_len - 1 - data_len_len - 1 - unpack_size_len - 1 - data_buf_len - 1 - crc_len_len - 1; + + crc_len = hc_strtoul ((const char *) crc_len_pos, NULL, 10); + } + + /** + * verify some data + */ + + if (data_type > 2) // this includes also 0x80 (special case that means "truncated") + { + return (PARSER_SALT_VALUE); + } + + if (salt_len != 0) return (PARSER_SALT_VALUE); + + if ((data_len * 2) != data_buf_len) return (PARSER_SALT_VALUE); + + if (data_len > 327528) return (PARSER_SALT_VALUE); + + if (unpack_size > data_len) return (PARSER_SALT_VALUE); + + if (is_compressed == true) + { + if (crc_len_len > 7) return (PARSER_SALT_VALUE); + + if (coder_attributes_len > 10) return (PARSER_SALT_VALUE); + + if ((coder_attributes_len % 2) != 0) return (PARSER_SALT_VALUE); + + // we should be more strict about the needed attribute_len: + + if (data_type == 1) // LZMA1 + { + if ((coder_attributes_len / 2) != 5) return (PARSER_SALT_VALUE); + } + else if (data_type == 2) // LZMA2 + { + if ((coder_attributes_len / 2) != 1) return (PARSER_SALT_VALUE); + } + } + + /** + * store data + */ + + seven_zip->data_type = data_type; + + seven_zip->iv_buf[0] = hex_to_u32 (iv_buf_pos + 0); + seven_zip->iv_buf[1] = hex_to_u32 (iv_buf_pos + 8); + seven_zip->iv_buf[2] = hex_to_u32 (iv_buf_pos + 16); + seven_zip->iv_buf[3] = hex_to_u32 (iv_buf_pos + 24); + + seven_zip->iv_len = iv_len; + + memcpy (seven_zip->salt_buf, salt_buf_pos, salt_buf_len); // we just need that for later ascii_digest() + + seven_zip->salt_len = 0; + + seven_zip->crc = crc; + + for (int i = 0, j = 0; j < data_buf_len; i += 1, j += 8) + { + seven_zip->data_buf[i] = hex_to_u32 (data_buf_pos + j); + } + + seven_zip->data_len = data_len; + + seven_zip->unpack_size = unpack_size; + + seven_zip->crc_len = crc_len; + + memset (seven_zip->coder_attributes, 0, sizeof (seven_zip->coder_attributes)); + + seven_zip->coder_attributes_len = 0; + + if (is_compressed == 1) + { + if (is_valid_hex_string (coder_attributes_pos, coder_attributes_len) == false) return (PARSER_SALT_ENCODING); + + for (u32 i = 0, j = 0; j < coder_attributes_len; i += 1, j += 2) + { + seven_zip->coder_attributes[i] = hex_to_u8 ((const u8 *) &coder_attributes_pos[j]); + + seven_zip->coder_attributes_len++; + } + } + + // normally: crc_len <= unpacksize <= packsize (== data_len) + + int aes_len = data_len; + + if (crc_len != 0) // it is 0 only in case of uncompressed data or truncated data + { + // in theory we could just use crc_len, but sometimes (very rare) the compressed data + // is larger than the original data! (because of some additional bytes from lzma/headers) + // the +0.5 is used to round up (just to be sure we don't truncate) + + if (data_type == 1) // LZMA1 uses more bytes + { + aes_len = 32.5f + (float) crc_len * 1.05f; // +5% max (only for small random inputs) + } + else if (data_type == 2) // LZMA2 is more clever (e.g. uncompressed chunks) + { + aes_len = 4.5f + (float) crc_len * 1.01f; // +1% max (only for small random inputs) + } + + // just make sure we never go beyond the data_len limit itself + + aes_len = MIN (aes_len, data_len); + } + + seven_zip->aes_len = aes_len; + + // real salt + + salt->salt_buf[0] = seven_zip->data_buf[0]; + salt->salt_buf[1] = seven_zip->data_buf[1]; + salt->salt_buf[2] = seven_zip->data_buf[2]; + salt->salt_buf[3] = seven_zip->data_buf[3]; + + salt->salt_len = 16; + + salt->salt_sign[0] = data_type; + + salt->salt_iter = 1u << iter; + + /** + * digest + */ + + digest[0] = crc; + digest[1] = 0; + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + seven_zip_hook_salt_t *seven_zip = (seven_zip_hook_salt_t *) hook_salt_buf; + + const u32 data_len = seven_zip->data_len; + + char *data_buf = (char *) hcmalloc ((data_len * 2) + 1); + + for (u32 i = 0, j = 0; i < data_len; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) seven_zip->data_buf; + + snprintf (data_buf + j, (data_len * 2) + 1 - j, "%02x", ptr[i]); + } + + u32 salt_iter = salt->salt_iter; + + u32 iv[4]; + + iv[0] = byte_swap_32 (seven_zip->iv_buf[0]); + iv[1] = byte_swap_32 (seven_zip->iv_buf[1]); + iv[2] = byte_swap_32 (seven_zip->iv_buf[2]); + iv[3] = byte_swap_32 (seven_zip->iv_buf[3]); + + u32 iv_len = seven_zip->iv_len; + + u32 cost = 0; // the log2 () of salt_iter + + while (salt_iter >>= 1) + { + cost++; + } + + int bytes_written = snprintf (line_buf, line_size, "%s%u$%u$%u$%s$%u$%08x%08x%08x%08x$%u$%u$%u$%s", + SIGNATURE_SEVEN_ZIP, + salt->salt_sign[0], + cost, + seven_zip->salt_len, + (char *) seven_zip->salt_buf, + iv_len, + iv[0], + iv[1], + iv[2], + iv[3], + seven_zip->crc, + seven_zip->data_len, + seven_zip->unpack_size, + data_buf); + + if (seven_zip->data_type > 0) + { + bytes_written += snprintf (line_buf + bytes_written, line_size - bytes_written, "$%u$", seven_zip->crc_len); + + const u8 *ptr = (const u8 *) seven_zip->coder_attributes; + + for (u32 i = 0, j = 0; i < seven_zip->coder_attributes_len; i += 1, j += 2) + { + bytes_written += snprintf (line_buf + bytes_written, line_size - bytes_written, "%02x", ptr[i]); + } + } + + hcfree (data_buf); + + return bytes_written; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_binary_verify = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = module_hook23; + module_ctx->module_hook_salt_size = module_hook_salt_size; + module_ctx->module_hook_size = module_hook_size; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m11600.pm b/tools/test_modules/m11600.pm new file mode 100644 index 000000000..849a78089 --- /dev/null +++ b/tools/test_modules/m11600.pm @@ -0,0 +1,240 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::CBC; +use Digest::CRC qw (crc32); +use Digest::SHA qw (sha256); +use Encode; + +sub module_constraints { [[0, 255], [0, 16], [0, 27], [0, 16], [-1, -1]] } + +sub module_generate_hash +{ + my $word_buf = shift; + my $salt_buf = shift; + my $iter = shift; + my $additional_param = shift; + my $additional_param2 = shift; + my $additional_param3 = shift; + my $additional_param4 = shift; + my $additional_param5 = shift; + my $additional_param6 = shift; + + my ($p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, $data_len, $unpack_size, $data_buf); + + $p = 0; # is fixed + + my $validation_only = 0; + + $validation_only = 1 if (defined ($additional_param)); + + if ($validation_only == 1) + { + $num_cycle_power = int ($iter); + $seven_zip_salt_len = $additional_param; + $seven_zip_salt_buf = $additional_param2; + $salt_len = $additional_param3; + # $salt_buf set in parser + # $hash_buf (resulting crc) + $data_len = $additional_param4; + $unpack_size = $additional_param5; + $data_buf = $additional_param6; + } + else + { + $num_cycle_power = 14; # by default it is 19 + $seven_zip_salt_len = 0; + $seven_zip_salt_buf = ""; + $salt_len = length ($salt_buf); + # $salt_buf set automatically + # $hash_buf (resulting crc) + # $data_len will be set when encrypting + $unpack_size = random_number (1, 32 + 1); + $data_buf = random_string ($unpack_size); + } + + # + # 2 ^ NumCyclesPower "iterations" of SHA256 (only one final SHA256) + # + + $word_buf = encode ("UTF-16LE", $word_buf); + + my $rounds = 1 << $num_cycle_power; + + my $pass_buf = ""; + + for (my $i = 0; $i < $rounds; $i++) + { + my $num_buf = ""; + + $num_buf .= pack ("V", $i); + $num_buf .= "\x00" x 4; + + # this would be better but only works on 64-bit systems: + # $num_buf = pack ("q", $i); + + $pass_buf .= sprintf ("%s%s", $word_buf, $num_buf); + } + + my $key = sha256 ($pass_buf); + + # the salt_buf is our IV for AES CBC + # pad the salt_buf + + my $salt_buf_len = length ($salt_buf); + my $salt_padding_len = 0; + + if ($salt_buf_len < 16) + { + $salt_padding_len = 16 - $salt_buf_len; + } + + $salt_buf .= "\x00" x $salt_padding_len; + + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + key => $key, + keysize => 32, + literal_key => 1, + iv => $salt_buf, + header => "none", + }); + + my $hash_buf; + + if ($validation_only == 1) + { + # decrypt + + my $decrypted_data = $aes->decrypt ($data_buf); + + $decrypted_data = substr ($decrypted_data, 0, $unpack_size); + + $hash_buf = crc32 ($decrypted_data); + } + else + { + # encrypt + + $hash_buf = crc32 ($data_buf); + + $data_buf = $aes->encrypt ($data_buf); + + $data_len = length ($data_buf); + } + + my $tmp_hash = sprintf ("\$7z\$%i\$%i\$%i\$%s\$%i\$%08s\$%u\$%u\$%u\$%s", $p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, unpack ("H*", $salt_buf), $hash_buf, $data_len, $unpack_size, unpack ("H*", $data_buf)); + + return $tmp_hash; +} + +sub module_verify_hash +{ + my $line = shift; + + return unless (substr ($line, 0, 4) eq '$7z$'); + + # p + + my $index1 = index ($line, '$', 4); + + return if $index1 < 0; + + my $p = substr ($line, 4, $index1 - 4); + + return unless ($p eq "0"); + + # num cycle power + + my $index2 = index ($line, '$', $index1 + 1); + + return if $index2 < 0; + + my $iter = substr ($line, $index1 + 1, $index2 - $index1 - 1); + + # seven zip salt length + + $index1 = index ($line, '$', $index2 + 1); + + return if $index1 < 0; + + my $param = substr ($line, $index2 + 1, $index1 - $index2 - 1); + + # seven zip salt + + $index2 = index ($line, '$', $index1 + 1); + + return if $index2 < 0; + + my $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1); + + # salt len + + $index1 = index ($line, '$', $index2 + 1); + + return if $index1 < 0; + + my $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1); + + # salt + + $index2 = index ($line, '$', $index1 + 1); + + return if $index2 < 0; + + my $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1); + + $salt = pack ("H*", $salt); + + # crc / hash + + $index1 = index ($line, '$', $index2 + 1); + + return if $index1 < 0; + + my $crc = substr ($line, $index2 + 1, $index1 - $index2 - 1); + + # ignore this crc, we don't need to pass it to gen_hash () + + # data len + + $index2 = index ($line, '$', $index1 + 1); + + return if $index2 < 0; + + my $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1); + + # unpack size + + $index1 = index ($line, '$', $index2 + 1); + + return if $index1 < 0; + + my $param5 = substr ($line, $index2 + 1, $index1 - $index2 - 1); + + # data + + $index2 = index ($line, ':', $index1 + 1); + + return if $index2 < 0; + + my $param6 = substr ($line, $index1 + 1, $index2 - $index1 - 1); + $param6 = pack ("H*", $param6); + + my $word = substr ($line, $index2 + 1); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6); + + return ($new_hash, $word); +} + +1;