arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-22 08:08:10 +00:00
Code Issues Releases Wiki Activity

WPA cracking: Added support for WPA/WPA2 handshake AP nonce automatic error correction

Browse Source 
WPA cracking: Added parameter --nonce-error-corrections to configure range of error correction
This commit is contained in:
jsteube 2017-03-07 14:41:58 +01:00
parent 67159b1936
commit c04dd5c8b1
11 changed files with 288 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
OpenCL/inc_types.cl
View File

@ -805,6 +805,8 @@ typedef struct wpa
u8 essid[32];
u32 keymic[4];
u32 hash[4];
int nonce_compare;
int nonce_error_corrections;
} wpa_t;

346
OpenCL/m02500.cl
View File

@ -827,39 +827,39 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
const u32 lid = get_local_id (0);
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = tmps[gid].out[0];
w0[1] = tmps[gid].out[1];
w0[2] = tmps[gid].out[2];
w0[3] = tmps[gid].out[3];
w1[0] = tmps[gid].out[4];
w1[1] = tmps[gid].out[5];
w1[2] = tmps[gid].out[6];
w1[3] = tmps[gid].out[7];
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
u32 ipad_l0[5];
u32 opad_l0[5];
hmac_sha1_pad_S (w0, w1, w2, w3, ipad_l0, opad_l0);
for (u32 digest_pos = 0; digest_pos < digests_cnt; digest_pos++)
{
const u32 digest_cur = digests_offset + digest_pos;
__global wpa_t *wpa = &wpa_bufs[digest_cur];
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = tmps[gid].out[0];
w0[1] = tmps[gid].out[1];
w0[2] = tmps[gid].out[2];
w0[3] = tmps[gid].out[3];
w1[0] = tmps[gid].out[4];
w1[1] = tmps[gid].out[5];
w1[2] = tmps[gid].out[6];
w1[3] = tmps[gid].out[7];
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
u32 ipad[5];
u32 opad[5];
hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad);
w0[0] = wpa->pke[ 0];
w0[1] = wpa->pke[ 1];
w0[2] = wpa->pke[ 2];
@ -877,59 +877,124 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
w3[2] = wpa->pke[14];
w3[3] = wpa->pke[15];
sha1_transform_S (w0, w1, w2, w3, ipad);
u32 ipad_l1[5];
u32 opad_l1[5];
w0[0] = wpa->pke[16];
w0[1] = wpa->pke[17];
w0[2] = wpa->pke[18];
w0[3] = wpa->pke[19];
w1[0] = wpa->pke[20];
w1[1] = wpa->pke[21];
w1[2] = wpa->pke[22];
w1[3] = wpa->pke[23];
w2[0] = wpa->pke[24];
w2[1] = 0x80000000;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 100) * 8;
ipad_l1[0] = ipad_l0[0];
ipad_l1[1] = ipad_l0[1];
ipad_l1[2] = ipad_l0[2];
ipad_l1[3] = ipad_l0[3];
ipad_l1[4] = ipad_l0[4];
u32 digest[5];
opad_l1[0] = opad_l0[0];
opad_l1[1] = opad_l0[1];
opad_l1[2] = opad_l0[2];
opad_l1[3] = opad_l0[3];
opad_l1[4] = opad_l0[4];
hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, digest);
sha1_transform_S (w0, w1, w2, w3, ipad_l1);
u32 digest_final[5];
const u32 nonce_error_corrections = wpa->nonce_error_corrections;
if (wpa->keyver == 1)
for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++)
{
w0[0] = swap32_S (digest[0]);
w0[1] = swap32_S (digest[1]);
w0[2] = swap32_S (digest[2]);
w0[3] = swap32_S (digest[3]);
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w0[0] = wpa->pke[16];
w0[1] = wpa->pke[17];
w0[2] = wpa->pke[18];
w0[3] = wpa->pke[19];
w1[0] = wpa->pke[20];
w1[1] = wpa->pke[21];
w1[2] = wpa->pke[22];
w1[3] = wpa->pke[23];
w2[0] = wpa->pke[24];
w2[1] = 0x80000000;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
w3[3] = (64 + 100) * 8;
hmac_md5_pad_S (w0, w1, w2, w3, ipad, opad);
const u32 incval = (1 << 8) * nonce_error_correction;
int eapol_len = wpa->eapol_len;
int eapol_left;
int eapol_off;
for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16)
if (wpa->nonce_compare < 0)
{
w0[0] += incval;
}
else
{
w2[0] += incval;
}
u32 ipad[5];
u32 opad[5];
ipad[0] = ipad_l1[0];
ipad[1] = ipad_l1[1];
ipad[2] = ipad_l1[2];
ipad[3] = ipad_l1[3];
ipad[4] = ipad_l1[4];
opad[0] = opad_l1[0];
opad[1] = opad_l1[1];
opad[2] = opad_l1[2];
opad[3] = opad_l1[3];
opad[4] = opad_l1[4];
u32 digest[5];
hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, digest);
u32 digest_final[5];
if (wpa->keyver == 1)
{
w0[0] = swap32_S (digest[0]);
w0[1] = swap32_S (digest[1]);
w0[2] = swap32_S (digest[2]);
w0[3] = swap32_S (digest[3]);
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
hmac_md5_pad_S (w0, w1, w2, w3, ipad, opad);
int eapol_len = wpa->eapol_len;
int eapol_left;
int eapol_off;
for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16)
{
w0[0] = wpa->eapol[eapol_off + 0];
w0[1] = wpa->eapol[eapol_off + 1];
w0[2] = wpa->eapol[eapol_off + 2];
w0[3] = wpa->eapol[eapol_off + 3];
w1[0] = wpa->eapol[eapol_off + 4];
w1[1] = wpa->eapol[eapol_off + 5];
w1[2] = wpa->eapol[eapol_off + 6];
w1[3] = wpa->eapol[eapol_off + 7];
w2[0] = wpa->eapol[eapol_off + 8];
w2[1] = wpa->eapol[eapol_off + 9];
w2[2] = wpa->eapol[eapol_off + 10];
w2[3] = wpa->eapol[eapol_off + 11];
w3[0] = wpa->eapol[eapol_off + 12];
w3[1] = wpa->eapol[eapol_off + 13];
w3[2] = wpa->eapol[eapol_off + 14];
w3[3] = wpa->eapol[eapol_off + 15];
md5_transform_S (w0, w1, w2, w3, ipad);
}
w0[0] = wpa->eapol[eapol_off + 0];
w0[1] = wpa->eapol[eapol_off + 1];
w0[2] = wpa->eapol[eapol_off + 2];
@ -944,59 +1009,59 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
w2[3] = wpa->eapol[eapol_off + 11];
w3[0] = wpa->eapol[eapol_off + 12];
w3[1] = wpa->eapol[eapol_off + 13];
w3[2] = wpa->eapol[eapol_off + 14];
w3[3] = wpa->eapol[eapol_off + 15];
w3[2] = (64 + eapol_len) * 8;
w3[3] = 0;
md5_transform_S (w0, w1, w2, w3, ipad);
hmac_md5_run_S (w0, w1, w2, w3, ipad, opad, digest_final);
}
w0[0] = wpa->eapol[eapol_off + 0];
w0[1] = wpa->eapol[eapol_off + 1];
w0[2] = wpa->eapol[eapol_off + 2];
w0[3] = wpa->eapol[eapol_off + 3];
w1[0] = wpa->eapol[eapol_off + 4];
w1[1] = wpa->eapol[eapol_off + 5];
w1[2] = wpa->eapol[eapol_off + 6];
w1[3] = wpa->eapol[eapol_off + 7];
w2[0] = wpa->eapol[eapol_off + 8];
w2[1] = wpa->eapol[eapol_off + 9];
w2[2] = wpa->eapol[eapol_off + 10];
w2[3] = wpa->eapol[eapol_off + 11];
w3[0] = wpa->eapol[eapol_off + 12];
w3[1] = wpa->eapol[eapol_off + 13];
w3[2] = (64 + eapol_len) * 8;
w3[3] = 0;
hmac_md5_run_S (w0, w1, w2, w3, ipad, opad, digest_final);
}
else
{
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad);
int eapol_len = wpa->eapol_len;
int eapol_left;
int eapol_off;
for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16)
else
{
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad);
int eapol_len = wpa->eapol_len;
int eapol_left;
int eapol_off;
for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16)
{
w0[0] = wpa->eapol[eapol_off + 0];
w0[1] = wpa->eapol[eapol_off + 1];
w0[2] = wpa->eapol[eapol_off + 2];
w0[3] = wpa->eapol[eapol_off + 3];
w1[0] = wpa->eapol[eapol_off + 4];
w1[1] = wpa->eapol[eapol_off + 5];
w1[2] = wpa->eapol[eapol_off + 6];
w1[3] = wpa->eapol[eapol_off + 7];
w2[0] = wpa->eapol[eapol_off + 8];
w2[1] = wpa->eapol[eapol_off + 9];
w2[2] = wpa->eapol[eapol_off + 10];
w2[3] = wpa->eapol[eapol_off + 11];
w3[0] = wpa->eapol[eapol_off + 12];
w3[1] = wpa->eapol[eapol_off + 13];
w3[2] = wpa->eapol[eapol_off + 14];
w3[3] = wpa->eapol[eapol_off + 15];
sha1_transform_S (w0, w1, w2, w3, ipad);
}
w0[0] = wpa->eapol[eapol_off + 0];
w0[1] = wpa->eapol[eapol_off + 1];
w0[2] = wpa->eapol[eapol_off + 2];
@ -1011,44 +1076,25 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
w2[3] = wpa->eapol[eapol_off + 11];
w3[0] = wpa->eapol[eapol_off + 12];
w3[1] = wpa->eapol[eapol_off + 13];
w3[2] = wpa->eapol[eapol_off + 14];
w3[3] = wpa->eapol[eapol_off + 15];
w3[2] = 0;
w3[3] = (64 + eapol_len) * 8;
sha1_transform_S (w0, w1, w2, w3, ipad);
u32 digest2[5];
hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, digest_final);
}
w0[0] = wpa->eapol[eapol_off + 0];
w0[1] = wpa->eapol[eapol_off + 1];
w0[2] = wpa->eapol[eapol_off + 2];
w0[3] = wpa->eapol[eapol_off + 3];
w1[0] = wpa->eapol[eapol_off + 4];
w1[1] = wpa->eapol[eapol_off + 5];
w1[2] = wpa->eapol[eapol_off + 6];
w1[3] = wpa->eapol[eapol_off + 7];
w2[0] = wpa->eapol[eapol_off + 8];
w2[1] = wpa->eapol[eapol_off + 9];
w2[2] = wpa->eapol[eapol_off + 10];
w2[3] = wpa->eapol[eapol_off + 11];
w3[0] = wpa->eapol[eapol_off + 12];
w3[1] = wpa->eapol[eapol_off + 13];
w3[2] = 0;
w3[3] = (64 + eapol_len) * 8;
/**
* final compare
*/
u32 digest2[5];
hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, digest_final);
}
/**
* final compare
*/
if ((digest_final[0] == wpa->keymic[0])
&& (digest_final[1] == wpa->keymic[1])
&& (digest_final[2] == wpa->keymic[2])
&& (digest_final[3] == wpa->keymic[3]))
{
mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0);
if ((digest_final[0] == wpa->keymic[0])
&& (digest_final[1] == wpa->keymic[1])
&& (digest_final[2] == wpa->keymic[2])
&& (digest_final[3] == wpa->keymic[3]))
{
mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0);
}
}
}
}

14
docs/changes.txt
View File

@ -1,5 +1,12 @@
* changes v3.40 -> ?:
##
## Features
##
- WPA cracking: Added support for WPA/WPA2 handshake AP nonce automatic error correction
- WPA cracking: Added parameter --nonce-error-corrections to configure range of error correction
##
## Improvements
##
@ -14,6 +21,13 @@
- Fixed a typo that resulted in the minimum password length not being correctly initialized
- Fixed a problem with parsing and displaying -m 7000 = Fortigate (FortiOS) hashes
##
## Technical
##
- Building: Added missing prototypes for atlassian_parse_hash function
- Sessions: Improved string comparison in case user sets --session to "hashcat"
* changes v3.30 -> v3.40:
##

4
extra/tab_completion/hashcat.sh
View File

@ -189,8 +189,8 @@ _hashcat ()
local BUILD_IN_CHARSETS='?l ?u ?d ?a ?b ?s ?h ?H'
local SHORT_OPTS="-m -a -V -v -h -b -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -i -I -s -l"
local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --hex-salt --hex-wordlist --hex-charset --force --status --status-timer --machine-readable --loopback --weak-hash-threshold --markov-hcstat --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-info --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-disable --gpu-temp-abort --gpu-temp-retain --powertune-enable --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --truecrypt-keyfiles --stdout --keep-guessing --hccapx-message-pair"
local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --weak-hash-threshold --markov-hcstat --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-abort --gpu-temp-retain -disable --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment-min --increment-max --scrypt-tmto --truecrypt-keyfiles"
local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --hex-salt --hex-wordlist --hex-charset --force --status --status-timer --machine-readable --loopback --weak-hash-threshold --markov-hcstat --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-info --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-disable --gpu-temp-abort --gpu-temp-retain --powertune-enable --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --truecrypt-keyfiles --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections"
local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --weak-hash-threshold --markov-hcstat --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-abort --gpu-temp-retain -disable --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment-min --increment-max --scrypt-tmto --truecrypt-keyfiles --hccapx-message-pair --nonce-error-corrections"
COMPREPLY=()
local cur="${COMP_WORDS[COMP_CWORD]}"

14
include/interface.h
View File

@ -189,6 +189,8 @@ typedef struct wpa
u8 essid[32];
u32 keymic[4];
u32 hash[4];
int nonce_compare;
int nonce_error_corrections;
} wpa_t;
@ -815,6 +817,17 @@ typedef struct struct_psafe2_hdr
} psafe2_hdr;
typedef enum
{
MESSAGE_PAIR_M12E2 = 0,
MESSAGE_PAIR_M14E4 = 1,
MESSAGE_PAIR_M32E2 = 2,
MESSAGE_PAIR_M32E3 = 3,
MESSAGE_PAIR_M34E3 = 4,
MESSAGE_PAIR_M34E4 = 5,
} message_pair_t;
#define HCCAPX_VERSION 4
#define HCCAPX_SIGNATURE 0x58504348 // HCPX
@ -1728,6 +1741,7 @@ int skip32_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu
int fortigate_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
int sha256b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
int filezilla_server_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
/**
* hook functions

69
include/types.h
View File

@ -519,6 +519,7 @@ typedef enum user_options_defaults
MARKOV_CLASSIC = false,
MARKOV_DISABLE = false,
MARKOV_THRESHOLD = 0,
NONCE_ERROR_CORRECTIONS = 16,
NVIDIA_SPIN_DAMP = 100,
OPENCL_VECTOR_WIDTH = 0,
OUTFILE_AUTOHEX = true,
@ -595,52 +596,53 @@ typedef enum user_options_map
IDX_MARKOV_DISABLE = 0xff17,
IDX_MARKOV_HCSTAT = 0xff18,
IDX_MARKOV_THRESHOLD = 't',
IDX_NVIDIA_SPIN_DAMP = 0xff19,
IDX_NONCE_ERROR_CORRECTIONS = 0xff19,
IDX_NVIDIA_SPIN_DAMP = 0xff1a,
IDX_OPENCL_DEVICES = 'd',
IDX_OPENCL_DEVICE_TYPES = 'D',
IDX_OPENCL_INFO = 'I',
IDX_OPENCL_PLATFORMS = 0xff1a,
IDX_OPENCL_VECTOR_WIDTH = 0xff1b,
IDX_OUTFILE_AUTOHEX_DISABLE = 0xff1c,
IDX_OUTFILE_CHECK_DIR = 0xff1d,
IDX_OUTFILE_CHECK_TIMER = 0xff1e,
IDX_OUTFILE_FORMAT = 0xff1f,
IDX_OPENCL_PLATFORMS = 0xff1b,
IDX_OPENCL_VECTOR_WIDTH = 0xff1c,
IDX_OUTFILE_AUTOHEX_DISABLE = 0xff1d,
IDX_OUTFILE_CHECK_DIR = 0xff1e,
IDX_OUTFILE_CHECK_TIMER = 0xff1f,
IDX_OUTFILE_FORMAT = 0xff20,
IDX_OUTFILE = 'o',
IDX_POTFILE_DISABLE = 0xff20,
IDX_POTFILE_PATH = 0xff21,
IDX_POWERTUNE_ENABLE = 0xff22,
IDX_QUIET = 0xff23,
IDX_REMOVE = 0xff24,
IDX_REMOVE_TIMER = 0xff25,
IDX_RESTORE = 0xff26,
IDX_RESTORE_DISABLE = 0xff27,
IDX_RESTORE_FILE_PATH = 0xff28,
IDX_POTFILE_DISABLE = 0xff21,
IDX_POTFILE_PATH = 0xff22,
IDX_POWERTUNE_ENABLE = 0xff23,
IDX_QUIET = 0xff24,
IDX_REMOVE = 0xff25,
IDX_REMOVE_TIMER = 0xff26,
IDX_RESTORE = 0xff27,
IDX_RESTORE_DISABLE = 0xff28,
IDX_RESTORE_FILE_PATH = 0xff29,
IDX_RP_FILE = 'r',
IDX_RP_GEN_FUNC_MAX = 0xff29,
IDX_RP_GEN_FUNC_MIN = 0xff2a,
IDX_RP_GEN_FUNC_MAX = 0xff2a,
IDX_RP_GEN_FUNC_MIN = 0xff2b,
IDX_RP_GEN = 'g',
IDX_RP_GEN_SEED = 0xff2b,
IDX_RP_GEN_SEED = 0xff2c,
IDX_RULE_BUF_L = 'j',
IDX_RULE_BUF_R = 'k',
IDX_RUNTIME = 0xff2c,
IDX_SCRYPT_TMTO = 0xff2d,
IDX_RUNTIME = 0xff2d,
IDX_SCRYPT_TMTO = 0xff2e,
IDX_SEGMENT_SIZE = 'c',
IDX_SEPARATOR = 'p',
IDX_SESSION = 0xff2e,
IDX_SHOW = 0xff2f,
IDX_SESSION = 0xff2f,
IDX_SHOW = 0xff30,
IDX_SKIP = 's',
IDX_STATUS = 0xff30,
IDX_STATUS_TIMER = 0xff31,
IDX_STDOUT_FLAG = 0xff32,
IDX_SPEED_ONLY = 0xff33,
IDX_PROGRESS_ONLY = 0xff34,
IDX_TRUECRYPT_KEYFILES = 0xff35,
IDX_USERNAME = 0xff36,
IDX_VERACRYPT_KEYFILES = 0xff37,
IDX_VERACRYPT_PIM = 0xff38,
IDX_STATUS = 0xff31,
IDX_STATUS_TIMER = 0xff32,
IDX_STDOUT_FLAG = 0xff33,
IDX_SPEED_ONLY = 0xff34,
IDX_PROGRESS_ONLY = 0xff35,
IDX_TRUECRYPT_KEYFILES = 0xff36,
IDX_USERNAME = 0xff37,
IDX_VERACRYPT_KEYFILES = 0xff38,
IDX_VERACRYPT_PIM = 0xff39,
IDX_VERSION_LOWER = 'v',
IDX_VERSION = 'V',
IDX_WEAK_HASH_THRESHOLD = 0xff39,
IDX_WEAK_HASH_THRESHOLD = 0xff3a,
IDX_WORKLOAD_PROFILE = 'w'
} user_options_map_t;
@ -1474,6 +1476,7 @@ typedef struct user_options
u32 kernel_accel;
u32 kernel_loops;
u32 markov_threshold;
u32 nonce_error_corrections;
u32 nvidia_spin_damp;
u32 opencl_vector_width;
u32 outfile_check_timer;

11
src/hashes.c
View File

@ -772,12 +772,17 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
{
memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size);
if (user_options->hccapx_message_pair_chgd == true)
if (user_options->hash_mode == 2500)
{
wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt;
wpa->message_pair_chgd = (int) user_options->hccapx_message_pair_chgd;
wpa->message_pair = (u8) user_options->hccapx_message_pair;
if (user_options->hccapx_message_pair_chgd == true)
{
wpa->message_pair_chgd = (int) user_options->hccapx_message_pair_chgd;
wpa->message_pair = (u8) user_options->hccapx_message_pair;
}
wpa->nonce_error_corrections = user_options->nonce_error_corrections;
}
}

13
src/interface.c
View File

@ -2762,7 +2762,9 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
memcpy (pke_ptr + 29, in.mac_ap, 6);
}
if (memcmp (in.nonce_ap, in.nonce_sta, 32) < 0)
wpa->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
if (wpa->nonce_compare < 0)
{
memcpy (pke_ptr + 35, in.nonce_ap, 32);
memcpy (pke_ptr + 67, in.nonce_sta, 32);
@ -2790,6 +2792,11 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
wpa->message_pair = in.message_pair;
if ((wpa->message_pair == MESSAGE_PAIR_M32E3) || (wpa->message_pair == MESSAGE_PAIR_M34E3))
{
wpa->nonce_error_corrections = 0;
}
wpa->keyver = in.keyver;
if (wpa->keyver & ~7) return (PARSER_SALT_VALUE);
@ -14933,10 +14940,8 @@ int check_old_hccap (const char *hashfile)
void to_hccapx_t (hashcat_ctx_t *hashcat_ctx, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos)
{
const hashconfig_t *hashconfig = hashcat_ctx->hashconfig;
const hashes_t *hashes = hashcat_ctx->hashes;
const hashes_t *hashes = hashcat_ctx->hashes;
const void *digests_buf = hashes->digests_buf;
const salt_t *salts_buf = hashes->salts_buf;
const void *esalts_buf = hashes->esalts_buf;

4
src/potfile.c
View File

@ -24,7 +24,7 @@ int sort_by_hash_no_salt (const void *v1, const void *v2, void *v3);
// this function is for potfile comparison where the potfile does not contain all the
// information requires to do a true sort_by_hash() bsearch
static int sort_by_hash_t_salt (const void *v1, const void *v2, void *v3)
static int sort_by_hash_t_salt (const void *v1, const void *v2)
{
const hash_t *h1 = (const hash_t *) v1;
const hash_t *h2 = (const hash_t *) v2;
@ -446,7 +446,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx)
hash_buf.salt->salt_len = line_hash_len;
found = (hash_t *) hc_bsearch_r (&hash_buf, hashes_buf, hashes_cnt, sizeof (hash_t), sort_by_hash_t_salt, (void *) hashconfig);
found = (hash_t *) bsearch (&hash_buf, hashes_buf, hashes_cnt, sizeof (hash_t), sort_by_hash_t_salt);
}
}
else if (hashconfig->hash_mode == 2500)

1
src/usage.c
View File

@ -67,6 +67,7 @@ static const char *USAGE_BIG[] =
" --outfile-check-dir | Dir | Specify the outfile directory to monitor for plains | --outfile-check-dir=x",
" --logfile-disable | | Disable the logfile |",
" --hccapx-message-pair | Num | Load only message pairs from hccapx matching X | --hccapx-message-pair=2",
" --nonce-error-corrections | Num | The BF size range to replace AP's nonce last bytes | --nonce-error-corrections=16",
" --truecrypt-keyfiles | File | Keyfiles used, separate with comma | --truecrypt-key=x.png",
" --veracrypt-keyfiles | File | Keyfiles used, separate with comma | --veracrypt-key=x.txt",
" --veracrypt-pim | Num | VeraCrypt personal iterations multiplier | --veracrypt-pim=1000",

5
src/user_options.c
View File

@ -60,6 +60,7 @@ static const struct option long_options[] =
{"markov-disable", no_argument, 0, IDX_MARKOV_DISABLE},
{"markov-hcstat", required_argument, 0, IDX_MARKOV_HCSTAT},
{"markov-threshold", required_argument, 0, IDX_MARKOV_THRESHOLD},
{"nonce-error-corrections", required_argument, 0, IDX_NONCE_ERROR_CORRECTIONS},
{"nvidia-spin-damp", required_argument, 0, IDX_NVIDIA_SPIN_DAMP},
{"opencl-devices", required_argument, 0, IDX_OPENCL_DEVICES},
{"opencl-device-types", required_argument, 0, IDX_OPENCL_DEVICE_TYPES},
@ -154,6 +155,7 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx)
user_options->markov_disable = MARKOV_DISABLE;
user_options->markov_hcstat = NULL;
user_options->markov_threshold = MARKOV_THRESHOLD;
user_options->nonce_error_corrections = NONCE_ERROR_CORRECTIONS;
user_options->nvidia_spin_damp = NVIDIA_SPIN_DAMP;
user_options->opencl_devices = NULL;
user_options->opencl_device_types = NULL;
@ -317,6 +319,7 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv)
case IDX_LOGFILE_DISABLE: user_options->logfile_disable = true; break;
case IDX_HCCAPX_MESSAGE_PAIR: user_options->hccapx_message_pair = atoi (optarg);
user_options->hccapx_message_pair_chgd = true; break;
case IDX_NONCE_ERROR_CORRECTIONS: user_options->nonce_error_corrections = atoi (optarg); break;
case IDX_TRUECRYPT_KEYFILES: user_options->truecrypt_keyfiles = optarg; break;
case IDX_VERACRYPT_KEYFILES: user_options->veracrypt_keyfiles = optarg; break;
case IDX_VERACRYPT_PIM: user_options->veracrypt_pim = atoi (optarg); break;
@ -990,7 +993,7 @@ void user_options_session_auto (hashcat_ctx_t *hashcat_ctx)
{
user_options_t *user_options = hashcat_ctx->user_options;
if (user_options->session == PROGNAME)
if (strcmp (user_options->session, PROGNAME) == 0)
{
if (user_options->benchmark == true)
{