diff --git a/OpenCL/inc_types.cl b/OpenCL/inc_types.cl index 0b6f00a5f..424dc4337 100644 --- a/OpenCL/inc_types.cl +++ b/OpenCL/inc_types.cl @@ -805,6 +805,8 @@ typedef struct wpa u8 essid[32]; u32 keymic[4]; u32 hash[4]; + int nonce_compare; + int nonce_error_corrections; } wpa_t; diff --git a/OpenCL/m02500.cl b/OpenCL/m02500.cl index 854c034bf..5bacaf694 100644 --- a/OpenCL/m02500.cl +++ b/OpenCL/m02500.cl @@ -827,39 +827,39 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul const u32 lid = get_local_id (0); + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = tmps[gid].out[0]; + w0[1] = tmps[gid].out[1]; + w0[2] = tmps[gid].out[2]; + w0[3] = tmps[gid].out[3]; + w1[0] = tmps[gid].out[4]; + w1[1] = tmps[gid].out[5]; + w1[2] = tmps[gid].out[6]; + w1[3] = tmps[gid].out[7]; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + u32 ipad_l0[5]; + u32 opad_l0[5]; + + hmac_sha1_pad_S (w0, w1, w2, w3, ipad_l0, opad_l0); + for (u32 digest_pos = 0; digest_pos < digests_cnt; digest_pos++) { const u32 digest_cur = digests_offset + digest_pos; __global wpa_t *wpa = &wpa_bufs[digest_cur]; - u32 w0[4]; - u32 w1[4]; - u32 w2[4]; - u32 w3[4]; - - w0[0] = tmps[gid].out[0]; - w0[1] = tmps[gid].out[1]; - w0[2] = tmps[gid].out[2]; - w0[3] = tmps[gid].out[3]; - w1[0] = tmps[gid].out[4]; - w1[1] = tmps[gid].out[5]; - w1[2] = tmps[gid].out[6]; - w1[3] = tmps[gid].out[7]; - w2[0] = 0; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = 0; - - u32 ipad[5]; - u32 opad[5]; - - hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad); - w0[0] = wpa->pke[ 0]; w0[1] = wpa->pke[ 1]; w0[2] = wpa->pke[ 2]; @@ -877,59 +877,124 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul w3[2] = wpa->pke[14]; w3[3] = wpa->pke[15]; - sha1_transform_S (w0, w1, w2, w3, ipad); - - w0[0] = wpa->pke[16]; - w0[1] = wpa->pke[17]; - w0[2] = wpa->pke[18]; - w0[3] = wpa->pke[19]; - w1[0] = wpa->pke[20]; - w1[1] = wpa->pke[21]; - w1[2] = wpa->pke[22]; - w1[3] = wpa->pke[23]; - w2[0] = wpa->pke[24]; - w2[1] = 0x80000000; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = (64 + 100) * 8; + u32 ipad_l1[5]; + u32 opad_l1[5]; + + ipad_l1[0] = ipad_l0[0]; + ipad_l1[1] = ipad_l0[1]; + ipad_l1[2] = ipad_l0[2]; + ipad_l1[3] = ipad_l0[3]; + ipad_l1[4] = ipad_l0[4]; - u32 digest[5]; + opad_l1[0] = opad_l0[0]; + opad_l1[1] = opad_l0[1]; + opad_l1[2] = opad_l0[2]; + opad_l1[3] = opad_l0[3]; + opad_l1[4] = opad_l0[4]; - hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, digest); + sha1_transform_S (w0, w1, w2, w3, ipad_l1); - u32 digest_final[5]; + const u32 nonce_error_corrections = wpa->nonce_error_corrections; - if (wpa->keyver == 1) + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) { - w0[0] = swap32_S (digest[0]); - w0[1] = swap32_S (digest[1]); - w0[2] = swap32_S (digest[2]); - w0[3] = swap32_S (digest[3]); - w1[0] = 0; - w1[1] = 0; - w1[2] = 0; - w1[3] = 0; - w2[0] = 0; - w2[1] = 0; + w0[0] = wpa->pke[16]; + w0[1] = wpa->pke[17]; + w0[2] = wpa->pke[18]; + w0[3] = wpa->pke[19]; + w1[0] = wpa->pke[20]; + w1[1] = wpa->pke[21]; + w1[2] = wpa->pke[22]; + w1[3] = wpa->pke[23]; + w2[0] = wpa->pke[24]; + w2[1] = 0x80000000; w2[2] = 0; w2[3] = 0; w3[0] = 0; w3[1] = 0; w3[2] = 0; - w3[3] = 0; + w3[3] = (64 + 100) * 8; - hmac_md5_pad_S (w0, w1, w2, w3, ipad, opad); + const u32 incval = (1 << 8) * nonce_error_correction; - int eapol_len = wpa->eapol_len; + if (wpa->nonce_compare < 0) + { + w0[0] += incval; + } + else + { + w2[0] += incval; + } + + u32 ipad[5]; + u32 opad[5]; - int eapol_left; - int eapol_off; + ipad[0] = ipad_l1[0]; + ipad[1] = ipad_l1[1]; + ipad[2] = ipad_l1[2]; + ipad[3] = ipad_l1[3]; + ipad[4] = ipad_l1[4]; - for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16) + opad[0] = opad_l1[0]; + opad[1] = opad_l1[1]; + opad[2] = opad_l1[2]; + opad[3] = opad_l1[3]; + opad[4] = opad_l1[4]; + + u32 digest[5]; + + hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, digest); + + u32 digest_final[5]; + + if (wpa->keyver == 1) { + w0[0] = swap32_S (digest[0]); + w0[1] = swap32_S (digest[1]); + w0[2] = swap32_S (digest[2]); + w0[3] = swap32_S (digest[3]); + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + hmac_md5_pad_S (w0, w1, w2, w3, ipad, opad); + + int eapol_len = wpa->eapol_len; + + int eapol_left; + int eapol_off; + + for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16) + { + w0[0] = wpa->eapol[eapol_off + 0]; + w0[1] = wpa->eapol[eapol_off + 1]; + w0[2] = wpa->eapol[eapol_off + 2]; + w0[3] = wpa->eapol[eapol_off + 3]; + w1[0] = wpa->eapol[eapol_off + 4]; + w1[1] = wpa->eapol[eapol_off + 5]; + w1[2] = wpa->eapol[eapol_off + 6]; + w1[3] = wpa->eapol[eapol_off + 7]; + w2[0] = wpa->eapol[eapol_off + 8]; + w2[1] = wpa->eapol[eapol_off + 9]; + w2[2] = wpa->eapol[eapol_off + 10]; + w2[3] = wpa->eapol[eapol_off + 11]; + w3[0] = wpa->eapol[eapol_off + 12]; + w3[1] = wpa->eapol[eapol_off + 13]; + w3[2] = wpa->eapol[eapol_off + 14]; + w3[3] = wpa->eapol[eapol_off + 15]; + + md5_transform_S (w0, w1, w2, w3, ipad); + } + w0[0] = wpa->eapol[eapol_off + 0]; w0[1] = wpa->eapol[eapol_off + 1]; w0[2] = wpa->eapol[eapol_off + 2]; @@ -944,59 +1009,59 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul w2[3] = wpa->eapol[eapol_off + 11]; w3[0] = wpa->eapol[eapol_off + 12]; w3[1] = wpa->eapol[eapol_off + 13]; - w3[2] = wpa->eapol[eapol_off + 14]; - w3[3] = wpa->eapol[eapol_off + 15]; + w3[2] = (64 + eapol_len) * 8; + w3[3] = 0; - md5_transform_S (w0, w1, w2, w3, ipad); + hmac_md5_run_S (w0, w1, w2, w3, ipad, opad, digest_final); } - - w0[0] = wpa->eapol[eapol_off + 0]; - w0[1] = wpa->eapol[eapol_off + 1]; - w0[2] = wpa->eapol[eapol_off + 2]; - w0[3] = wpa->eapol[eapol_off + 3]; - w1[0] = wpa->eapol[eapol_off + 4]; - w1[1] = wpa->eapol[eapol_off + 5]; - w1[2] = wpa->eapol[eapol_off + 6]; - w1[3] = wpa->eapol[eapol_off + 7]; - w2[0] = wpa->eapol[eapol_off + 8]; - w2[1] = wpa->eapol[eapol_off + 9]; - w2[2] = wpa->eapol[eapol_off + 10]; - w2[3] = wpa->eapol[eapol_off + 11]; - w3[0] = wpa->eapol[eapol_off + 12]; - w3[1] = wpa->eapol[eapol_off + 13]; - w3[2] = (64 + eapol_len) * 8; - w3[3] = 0; - - hmac_md5_run_S (w0, w1, w2, w3, ipad, opad, digest_final); - } - else - { - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = 0; - w1[1] = 0; - w1[2] = 0; - w1[3] = 0; - w2[0] = 0; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = 0; - - hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad); - - int eapol_len = wpa->eapol_len; - - int eapol_left; - int eapol_off; - - for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16) + else { + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad); + + int eapol_len = wpa->eapol_len; + + int eapol_left; + int eapol_off; + + for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16) + { + w0[0] = wpa->eapol[eapol_off + 0]; + w0[1] = wpa->eapol[eapol_off + 1]; + w0[2] = wpa->eapol[eapol_off + 2]; + w0[3] = wpa->eapol[eapol_off + 3]; + w1[0] = wpa->eapol[eapol_off + 4]; + w1[1] = wpa->eapol[eapol_off + 5]; + w1[2] = wpa->eapol[eapol_off + 6]; + w1[3] = wpa->eapol[eapol_off + 7]; + w2[0] = wpa->eapol[eapol_off + 8]; + w2[1] = wpa->eapol[eapol_off + 9]; + w2[2] = wpa->eapol[eapol_off + 10]; + w2[3] = wpa->eapol[eapol_off + 11]; + w3[0] = wpa->eapol[eapol_off + 12]; + w3[1] = wpa->eapol[eapol_off + 13]; + w3[2] = wpa->eapol[eapol_off + 14]; + w3[3] = wpa->eapol[eapol_off + 15]; + + sha1_transform_S (w0, w1, w2, w3, ipad); + } + w0[0] = wpa->eapol[eapol_off + 0]; w0[1] = wpa->eapol[eapol_off + 1]; w0[2] = wpa->eapol[eapol_off + 2]; @@ -1011,44 +1076,25 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul w2[3] = wpa->eapol[eapol_off + 11]; w3[0] = wpa->eapol[eapol_off + 12]; w3[1] = wpa->eapol[eapol_off + 13]; - w3[2] = wpa->eapol[eapol_off + 14]; - w3[3] = wpa->eapol[eapol_off + 15]; + w3[2] = 0; + w3[3] = (64 + eapol_len) * 8; - sha1_transform_S (w0, w1, w2, w3, ipad); - } - - w0[0] = wpa->eapol[eapol_off + 0]; - w0[1] = wpa->eapol[eapol_off + 1]; - w0[2] = wpa->eapol[eapol_off + 2]; - w0[3] = wpa->eapol[eapol_off + 3]; - w1[0] = wpa->eapol[eapol_off + 4]; - w1[1] = wpa->eapol[eapol_off + 5]; - w1[2] = wpa->eapol[eapol_off + 6]; - w1[3] = wpa->eapol[eapol_off + 7]; - w2[0] = wpa->eapol[eapol_off + 8]; - w2[1] = wpa->eapol[eapol_off + 9]; - w2[2] = wpa->eapol[eapol_off + 10]; - w2[3] = wpa->eapol[eapol_off + 11]; - w3[0] = wpa->eapol[eapol_off + 12]; - w3[1] = wpa->eapol[eapol_off + 13]; - w3[2] = 0; - w3[3] = (64 + eapol_len) * 8; + u32 digest2[5]; - u32 digest2[5]; - - hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, digest_final); - } + hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, digest_final); + } - /** - * final compare - */ + /** + * final compare + */ - if ((digest_final[0] == wpa->keymic[0]) - && (digest_final[1] == wpa->keymic[1]) - && (digest_final[2] == wpa->keymic[2]) - && (digest_final[3] == wpa->keymic[3])) - { - mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0); + if ((digest_final[0] == wpa->keymic[0]) + && (digest_final[1] == wpa->keymic[1]) + && (digest_final[2] == wpa->keymic[2]) + && (digest_final[3] == wpa->keymic[3])) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0); + } } } } diff --git a/docs/changes.txt b/docs/changes.txt index 636a076bd..530998231 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -1,5 +1,12 @@ * changes v3.40 -> ?: +## +## Features +## + +- WPA cracking: Added support for WPA/WPA2 handshake AP nonce automatic error correction +- WPA cracking: Added parameter --nonce-error-corrections to configure range of error correction + ## ## Improvements ## @@ -14,6 +21,13 @@ - Fixed a typo that resulted in the minimum password length not being correctly initialized - Fixed a problem with parsing and displaying -m 7000 = Fortigate (FortiOS) hashes +## +## Technical +## + +- Building: Added missing prototypes for atlassian_parse_hash function +- Sessions: Improved string comparison in case user sets --session to "hashcat" + * changes v3.30 -> v3.40: ## diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index 4b731f8d5..d45562873 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -189,8 +189,8 @@ _hashcat () local BUILD_IN_CHARSETS='?l ?u ?d ?a ?b ?s ?h ?H' local SHORT_OPTS="-m -a -V -v -h -b -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -i -I -s -l" - local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --hex-salt --hex-wordlist --hex-charset --force --status --status-timer --machine-readable --loopback --weak-hash-threshold --markov-hcstat --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-info --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-disable --gpu-temp-abort --gpu-temp-retain --powertune-enable --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --truecrypt-keyfiles --stdout --keep-guessing --hccapx-message-pair" - local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --weak-hash-threshold --markov-hcstat --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-abort --gpu-temp-retain -disable --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment-min --increment-max --scrypt-tmto --truecrypt-keyfiles" + local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --hex-salt --hex-wordlist --hex-charset --force --status --status-timer --machine-readable --loopback --weak-hash-threshold --markov-hcstat --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-info --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-disable --gpu-temp-abort --gpu-temp-retain --powertune-enable --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --truecrypt-keyfiles --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections" + local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --weak-hash-threshold --markov-hcstat --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-abort --gpu-temp-retain -disable --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment-min --increment-max --scrypt-tmto --truecrypt-keyfiles --hccapx-message-pair --nonce-error-corrections" COMPREPLY=() local cur="${COMP_WORDS[COMP_CWORD]}" diff --git a/include/interface.h b/include/interface.h index f016657f7..e0d312919 100644 --- a/include/interface.h +++ b/include/interface.h @@ -189,6 +189,8 @@ typedef struct wpa u8 essid[32]; u32 keymic[4]; u32 hash[4]; + int nonce_compare; + int nonce_error_corrections; } wpa_t; @@ -815,6 +817,17 @@ typedef struct struct_psafe2_hdr } psafe2_hdr; +typedef enum +{ + MESSAGE_PAIR_M12E2 = 0, + MESSAGE_PAIR_M14E4 = 1, + MESSAGE_PAIR_M32E2 = 2, + MESSAGE_PAIR_M32E3 = 3, + MESSAGE_PAIR_M34E3 = 4, + MESSAGE_PAIR_M34E4 = 5, + +} message_pair_t; + #define HCCAPX_VERSION 4 #define HCCAPX_SIGNATURE 0x58504348 // HCPX @@ -1728,6 +1741,7 @@ int skip32_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu int fortigate_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); int sha256b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); int filezilla_server_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); +int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); /** * hook functions diff --git a/include/types.h b/include/types.h index a6a7c873e..92488b3d1 100644 --- a/include/types.h +++ b/include/types.h @@ -519,6 +519,7 @@ typedef enum user_options_defaults MARKOV_CLASSIC = false, MARKOV_DISABLE = false, MARKOV_THRESHOLD = 0, + NONCE_ERROR_CORRECTIONS = 16, NVIDIA_SPIN_DAMP = 100, OPENCL_VECTOR_WIDTH = 0, OUTFILE_AUTOHEX = true, @@ -595,52 +596,53 @@ typedef enum user_options_map IDX_MARKOV_DISABLE = 0xff17, IDX_MARKOV_HCSTAT = 0xff18, IDX_MARKOV_THRESHOLD = 't', - IDX_NVIDIA_SPIN_DAMP = 0xff19, + IDX_NONCE_ERROR_CORRECTIONS = 0xff19, + IDX_NVIDIA_SPIN_DAMP = 0xff1a, IDX_OPENCL_DEVICES = 'd', IDX_OPENCL_DEVICE_TYPES = 'D', IDX_OPENCL_INFO = 'I', - IDX_OPENCL_PLATFORMS = 0xff1a, - IDX_OPENCL_VECTOR_WIDTH = 0xff1b, - IDX_OUTFILE_AUTOHEX_DISABLE = 0xff1c, - IDX_OUTFILE_CHECK_DIR = 0xff1d, - IDX_OUTFILE_CHECK_TIMER = 0xff1e, - IDX_OUTFILE_FORMAT = 0xff1f, + IDX_OPENCL_PLATFORMS = 0xff1b, + IDX_OPENCL_VECTOR_WIDTH = 0xff1c, + IDX_OUTFILE_AUTOHEX_DISABLE = 0xff1d, + IDX_OUTFILE_CHECK_DIR = 0xff1e, + IDX_OUTFILE_CHECK_TIMER = 0xff1f, + IDX_OUTFILE_FORMAT = 0xff20, IDX_OUTFILE = 'o', - IDX_POTFILE_DISABLE = 0xff20, - IDX_POTFILE_PATH = 0xff21, - IDX_POWERTUNE_ENABLE = 0xff22, - IDX_QUIET = 0xff23, - IDX_REMOVE = 0xff24, - IDX_REMOVE_TIMER = 0xff25, - IDX_RESTORE = 0xff26, - IDX_RESTORE_DISABLE = 0xff27, - IDX_RESTORE_FILE_PATH = 0xff28, + IDX_POTFILE_DISABLE = 0xff21, + IDX_POTFILE_PATH = 0xff22, + IDX_POWERTUNE_ENABLE = 0xff23, + IDX_QUIET = 0xff24, + IDX_REMOVE = 0xff25, + IDX_REMOVE_TIMER = 0xff26, + IDX_RESTORE = 0xff27, + IDX_RESTORE_DISABLE = 0xff28, + IDX_RESTORE_FILE_PATH = 0xff29, IDX_RP_FILE = 'r', - IDX_RP_GEN_FUNC_MAX = 0xff29, - IDX_RP_GEN_FUNC_MIN = 0xff2a, + IDX_RP_GEN_FUNC_MAX = 0xff2a, + IDX_RP_GEN_FUNC_MIN = 0xff2b, IDX_RP_GEN = 'g', - IDX_RP_GEN_SEED = 0xff2b, + IDX_RP_GEN_SEED = 0xff2c, IDX_RULE_BUF_L = 'j', IDX_RULE_BUF_R = 'k', - IDX_RUNTIME = 0xff2c, - IDX_SCRYPT_TMTO = 0xff2d, + IDX_RUNTIME = 0xff2d, + IDX_SCRYPT_TMTO = 0xff2e, IDX_SEGMENT_SIZE = 'c', IDX_SEPARATOR = 'p', - IDX_SESSION = 0xff2e, - IDX_SHOW = 0xff2f, + IDX_SESSION = 0xff2f, + IDX_SHOW = 0xff30, IDX_SKIP = 's', - IDX_STATUS = 0xff30, - IDX_STATUS_TIMER = 0xff31, - IDX_STDOUT_FLAG = 0xff32, - IDX_SPEED_ONLY = 0xff33, - IDX_PROGRESS_ONLY = 0xff34, - IDX_TRUECRYPT_KEYFILES = 0xff35, - IDX_USERNAME = 0xff36, - IDX_VERACRYPT_KEYFILES = 0xff37, - IDX_VERACRYPT_PIM = 0xff38, + IDX_STATUS = 0xff31, + IDX_STATUS_TIMER = 0xff32, + IDX_STDOUT_FLAG = 0xff33, + IDX_SPEED_ONLY = 0xff34, + IDX_PROGRESS_ONLY = 0xff35, + IDX_TRUECRYPT_KEYFILES = 0xff36, + IDX_USERNAME = 0xff37, + IDX_VERACRYPT_KEYFILES = 0xff38, + IDX_VERACRYPT_PIM = 0xff39, IDX_VERSION_LOWER = 'v', IDX_VERSION = 'V', - IDX_WEAK_HASH_THRESHOLD = 0xff39, + IDX_WEAK_HASH_THRESHOLD = 0xff3a, IDX_WORKLOAD_PROFILE = 'w' } user_options_map_t; @@ -1474,6 +1476,7 @@ typedef struct user_options u32 kernel_accel; u32 kernel_loops; u32 markov_threshold; + u32 nonce_error_corrections; u32 nvidia_spin_damp; u32 opencl_vector_width; u32 outfile_check_timer; diff --git a/src/hashes.c b/src/hashes.c index 0809133a6..ed52268bc 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -772,12 +772,17 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) { memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size); - if (user_options->hccapx_message_pair_chgd == true) + if (user_options->hash_mode == 2500) { wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt; - wpa->message_pair_chgd = (int) user_options->hccapx_message_pair_chgd; - wpa->message_pair = (u8) user_options->hccapx_message_pair; + if (user_options->hccapx_message_pair_chgd == true) + { + wpa->message_pair_chgd = (int) user_options->hccapx_message_pair_chgd; + wpa->message_pair = (u8) user_options->hccapx_message_pair; + } + + wpa->nonce_error_corrections = user_options->nonce_error_corrections; } } diff --git a/src/interface.c b/src/interface.c index db087619b..2fc13d614 100644 --- a/src/interface.c +++ b/src/interface.c @@ -2762,7 +2762,9 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED memcpy (pke_ptr + 29, in.mac_ap, 6); } - if (memcmp (in.nonce_ap, in.nonce_sta, 32) < 0) + wpa->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32); + + if (wpa->nonce_compare < 0) { memcpy (pke_ptr + 35, in.nonce_ap, 32); memcpy (pke_ptr + 67, in.nonce_sta, 32); @@ -2790,6 +2792,11 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED wpa->message_pair = in.message_pair; + if ((wpa->message_pair == MESSAGE_PAIR_M32E3) || (wpa->message_pair == MESSAGE_PAIR_M34E3)) + { + wpa->nonce_error_corrections = 0; + } + wpa->keyver = in.keyver; if (wpa->keyver & ~7) return (PARSER_SALT_VALUE); @@ -14933,10 +14940,8 @@ int check_old_hccap (const char *hashfile) void to_hccapx_t (hashcat_ctx_t *hashcat_ctx, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos) { - const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; - const hashes_t *hashes = hashcat_ctx->hashes; + const hashes_t *hashes = hashcat_ctx->hashes; - const void *digests_buf = hashes->digests_buf; const salt_t *salts_buf = hashes->salts_buf; const void *esalts_buf = hashes->esalts_buf; diff --git a/src/potfile.c b/src/potfile.c index 486a295fd..093167d91 100644 --- a/src/potfile.c +++ b/src/potfile.c @@ -24,7 +24,7 @@ int sort_by_hash_no_salt (const void *v1, const void *v2, void *v3); // this function is for potfile comparison where the potfile does not contain all the // information requires to do a true sort_by_hash() bsearch -static int sort_by_hash_t_salt (const void *v1, const void *v2, void *v3) +static int sort_by_hash_t_salt (const void *v1, const void *v2) { const hash_t *h1 = (const hash_t *) v1; const hash_t *h2 = (const hash_t *) v2; @@ -446,7 +446,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx) hash_buf.salt->salt_len = line_hash_len; - found = (hash_t *) hc_bsearch_r (&hash_buf, hashes_buf, hashes_cnt, sizeof (hash_t), sort_by_hash_t_salt, (void *) hashconfig); + found = (hash_t *) bsearch (&hash_buf, hashes_buf, hashes_cnt, sizeof (hash_t), sort_by_hash_t_salt); } } else if (hashconfig->hash_mode == 2500) diff --git a/src/usage.c b/src/usage.c index cd4dd2d16..16791a980 100644 --- a/src/usage.c +++ b/src/usage.c @@ -67,6 +67,7 @@ static const char *USAGE_BIG[] = " --outfile-check-dir | Dir | Specify the outfile directory to monitor for plains | --outfile-check-dir=x", " --logfile-disable | | Disable the logfile |", " --hccapx-message-pair | Num | Load only message pairs from hccapx matching X | --hccapx-message-pair=2", + " --nonce-error-corrections | Num | The BF size range to replace AP's nonce last bytes | --nonce-error-corrections=16", " --truecrypt-keyfiles | File | Keyfiles used, separate with comma | --truecrypt-key=x.png", " --veracrypt-keyfiles | File | Keyfiles used, separate with comma | --veracrypt-key=x.txt", " --veracrypt-pim | Num | VeraCrypt personal iterations multiplier | --veracrypt-pim=1000", diff --git a/src/user_options.c b/src/user_options.c index e08ee37ba..938e7d49c 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -60,6 +60,7 @@ static const struct option long_options[] = {"markov-disable", no_argument, 0, IDX_MARKOV_DISABLE}, {"markov-hcstat", required_argument, 0, IDX_MARKOV_HCSTAT}, {"markov-threshold", required_argument, 0, IDX_MARKOV_THRESHOLD}, + {"nonce-error-corrections", required_argument, 0, IDX_NONCE_ERROR_CORRECTIONS}, {"nvidia-spin-damp", required_argument, 0, IDX_NVIDIA_SPIN_DAMP}, {"opencl-devices", required_argument, 0, IDX_OPENCL_DEVICES}, {"opencl-device-types", required_argument, 0, IDX_OPENCL_DEVICE_TYPES}, @@ -154,6 +155,7 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->markov_disable = MARKOV_DISABLE; user_options->markov_hcstat = NULL; user_options->markov_threshold = MARKOV_THRESHOLD; + user_options->nonce_error_corrections = NONCE_ERROR_CORRECTIONS; user_options->nvidia_spin_damp = NVIDIA_SPIN_DAMP; user_options->opencl_devices = NULL; user_options->opencl_device_types = NULL; @@ -317,6 +319,7 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_LOGFILE_DISABLE: user_options->logfile_disable = true; break; case IDX_HCCAPX_MESSAGE_PAIR: user_options->hccapx_message_pair = atoi (optarg); user_options->hccapx_message_pair_chgd = true; break; + case IDX_NONCE_ERROR_CORRECTIONS: user_options->nonce_error_corrections = atoi (optarg); break; case IDX_TRUECRYPT_KEYFILES: user_options->truecrypt_keyfiles = optarg; break; case IDX_VERACRYPT_KEYFILES: user_options->veracrypt_keyfiles = optarg; break; case IDX_VERACRYPT_PIM: user_options->veracrypt_pim = atoi (optarg); break; @@ -990,7 +993,7 @@ void user_options_session_auto (hashcat_ctx_t *hashcat_ctx) { user_options_t *user_options = hashcat_ctx->user_options; - if (user_options->session == PROGNAME) + if (strcmp (user_options->session, PROGNAME) == 0) { if (user_options->benchmark == true) {