diff --git a/OpenCL/m27000-pure.cl b/OpenCL/m27000-pure.cl new file mode 100644 index 000000000..6f5e8955a --- /dev/null +++ b/OpenCL/m27000-pure.cl @@ -0,0 +1,697 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_rp.h" +#include "inc_rp.cl" +#include "inc_scalar.cl" +#include "inc_hash_md4.cl" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +#define PERM_OP(a,b,tt,n,m) \ +{ \ + tt = a >> n; \ + tt = tt ^ b; \ + tt = tt & m; \ + b = b ^ tt; \ + tt = tt << n; \ + a = a ^ tt; \ +} + +#define HPERM_OP(a,tt,n,m) \ +{ \ + tt = a << (16 + n); \ + tt = tt ^ a; \ + tt = tt & m; \ + a = a ^ tt; \ + tt = tt >> (16 + n); \ + a = a ^ tt; \ +} + +CONSTANT_VK u32a c_SPtrans[8][64] = +{ + { + 0x02080800, 0x00080000, 0x02000002, 0x02080802, + 0x02000000, 0x00080802, 0x00080002, 0x02000002, + 0x00080802, 0x02080800, 0x02080000, 0x00000802, + 0x02000802, 0x02000000, 0x00000000, 0x00080002, + 0x00080000, 0x00000002, 0x02000800, 0x00080800, + 0x02080802, 0x02080000, 0x00000802, 0x02000800, + 0x00000002, 0x00000800, 0x00080800, 0x02080002, + 0x00000800, 0x02000802, 0x02080002, 0x00000000, + 0x00000000, 0x02080802, 0x02000800, 0x00080002, + 0x02080800, 0x00080000, 0x00000802, 0x02000800, + 0x02080002, 0x00000800, 0x00080800, 0x02000002, + 0x00080802, 0x00000002, 0x02000002, 0x02080000, + 0x02080802, 0x00080800, 0x02080000, 0x02000802, + 0x02000000, 0x00000802, 0x00080002, 0x00000000, + 0x00080000, 0x02000000, 0x02000802, 0x02080800, + 0x00000002, 0x02080002, 0x00000800, 0x00080802, + }, + { + 0x40108010, 0x00000000, 0x00108000, 0x40100000, + 0x40000010, 0x00008010, 0x40008000, 0x00108000, + 0x00008000, 0x40100010, 0x00000010, 0x40008000, + 0x00100010, 0x40108000, 0x40100000, 0x00000010, + 0x00100000, 0x40008010, 0x40100010, 0x00008000, + 0x00108010, 0x40000000, 0x00000000, 0x00100010, + 0x40008010, 0x00108010, 0x40108000, 0x40000010, + 0x40000000, 0x00100000, 0x00008010, 0x40108010, + 0x00100010, 0x40108000, 0x40008000, 0x00108010, + 0x40108010, 0x00100010, 0x40000010, 0x00000000, + 0x40000000, 0x00008010, 0x00100000, 0x40100010, + 0x00008000, 0x40000000, 0x00108010, 0x40008010, + 0x40108000, 0x00008000, 0x00000000, 0x40000010, + 0x00000010, 0x40108010, 0x00108000, 0x40100000, + 0x40100010, 0x00100000, 0x00008010, 0x40008000, + 0x40008010, 0x00000010, 0x40100000, 0x00108000, + }, + { + 0x04000001, 0x04040100, 0x00000100, 0x04000101, + 0x00040001, 0x04000000, 0x04000101, 0x00040100, + 0x04000100, 0x00040000, 0x04040000, 0x00000001, + 0x04040101, 0x00000101, 0x00000001, 0x04040001, + 0x00000000, 0x00040001, 0x04040100, 0x00000100, + 0x00000101, 0x04040101, 0x00040000, 0x04000001, + 0x04040001, 0x04000100, 0x00040101, 0x04040000, + 0x00040100, 0x00000000, 0x04000000, 0x00040101, + 0x04040100, 0x00000100, 0x00000001, 0x00040000, + 0x00000101, 0x00040001, 0x04040000, 0x04000101, + 0x00000000, 0x04040100, 0x00040100, 0x04040001, + 0x00040001, 0x04000000, 0x04040101, 0x00000001, + 0x00040101, 0x04000001, 0x04000000, 0x04040101, + 0x00040000, 0x04000100, 0x04000101, 0x00040100, + 0x04000100, 0x00000000, 0x04040001, 0x00000101, + 0x04000001, 0x00040101, 0x00000100, 0x04040000, + }, + { + 0x00401008, 0x10001000, 0x00000008, 0x10401008, + 0x00000000, 0x10400000, 0x10001008, 0x00400008, + 0x10401000, 0x10000008, 0x10000000, 0x00001008, + 0x10000008, 0x00401008, 0x00400000, 0x10000000, + 0x10400008, 0x00401000, 0x00001000, 0x00000008, + 0x00401000, 0x10001008, 0x10400000, 0x00001000, + 0x00001008, 0x00000000, 0x00400008, 0x10401000, + 0x10001000, 0x10400008, 0x10401008, 0x00400000, + 0x10400008, 0x00001008, 0x00400000, 0x10000008, + 0x00401000, 0x10001000, 0x00000008, 0x10400000, + 0x10001008, 0x00000000, 0x00001000, 0x00400008, + 0x00000000, 0x10400008, 0x10401000, 0x00001000, + 0x10000000, 0x10401008, 0x00401008, 0x00400000, + 0x10401008, 0x00000008, 0x10001000, 0x00401008, + 0x00400008, 0x00401000, 0x10400000, 0x10001008, + 0x00001008, 0x10000000, 0x10000008, 0x10401000, + }, + { + 0x08000000, 0x00010000, 0x00000400, 0x08010420, + 0x08010020, 0x08000400, 0x00010420, 0x08010000, + 0x00010000, 0x00000020, 0x08000020, 0x00010400, + 0x08000420, 0x08010020, 0x08010400, 0x00000000, + 0x00010400, 0x08000000, 0x00010020, 0x00000420, + 0x08000400, 0x00010420, 0x00000000, 0x08000020, + 0x00000020, 0x08000420, 0x08010420, 0x00010020, + 0x08010000, 0x00000400, 0x00000420, 0x08010400, + 0x08010400, 0x08000420, 0x00010020, 0x08010000, + 0x00010000, 0x00000020, 0x08000020, 0x08000400, + 0x08000000, 0x00010400, 0x08010420, 0x00000000, + 0x00010420, 0x08000000, 0x00000400, 0x00010020, + 0x08000420, 0x00000400, 0x00000000, 0x08010420, + 0x08010020, 0x08010400, 0x00000420, 0x00010000, + 0x00010400, 0x08010020, 0x08000400, 0x00000420, + 0x00000020, 0x00010420, 0x08010000, 0x08000020, + }, + { + 0x80000040, 0x00200040, 0x00000000, 0x80202000, + 0x00200040, 0x00002000, 0x80002040, 0x00200000, + 0x00002040, 0x80202040, 0x00202000, 0x80000000, + 0x80002000, 0x80000040, 0x80200000, 0x00202040, + 0x00200000, 0x80002040, 0x80200040, 0x00000000, + 0x00002000, 0x00000040, 0x80202000, 0x80200040, + 0x80202040, 0x80200000, 0x80000000, 0x00002040, + 0x00000040, 0x00202000, 0x00202040, 0x80002000, + 0x00002040, 0x80000000, 0x80002000, 0x00202040, + 0x80202000, 0x00200040, 0x00000000, 0x80002000, + 0x80000000, 0x00002000, 0x80200040, 0x00200000, + 0x00200040, 0x80202040, 0x00202000, 0x00000040, + 0x80202040, 0x00202000, 0x00200000, 0x80002040, + 0x80000040, 0x80200000, 0x00202040, 0x00000000, + 0x00002000, 0x80000040, 0x80002040, 0x80202000, + 0x80200000, 0x00002040, 0x00000040, 0x80200040, + }, + { + 0x00004000, 0x00000200, 0x01000200, 0x01000004, + 0x01004204, 0x00004004, 0x00004200, 0x00000000, + 0x01000000, 0x01000204, 0x00000204, 0x01004000, + 0x00000004, 0x01004200, 0x01004000, 0x00000204, + 0x01000204, 0x00004000, 0x00004004, 0x01004204, + 0x00000000, 0x01000200, 0x01000004, 0x00004200, + 0x01004004, 0x00004204, 0x01004200, 0x00000004, + 0x00004204, 0x01004004, 0x00000200, 0x01000000, + 0x00004204, 0x01004000, 0x01004004, 0x00000204, + 0x00004000, 0x00000200, 0x01000000, 0x01004004, + 0x01000204, 0x00004204, 0x00004200, 0x00000000, + 0x00000200, 0x01000004, 0x00000004, 0x01000200, + 0x00000000, 0x01000204, 0x01000200, 0x00004200, + 0x00000204, 0x00004000, 0x01004204, 0x01000000, + 0x01004200, 0x00000004, 0x00004004, 0x01004204, + 0x01000004, 0x01004200, 0x01004000, 0x00004004, + }, + { + 0x20800080, 0x20820000, 0x00020080, 0x00000000, + 0x20020000, 0x00800080, 0x20800000, 0x20820080, + 0x00000080, 0x20000000, 0x00820000, 0x00020080, + 0x00820080, 0x20020080, 0x20000080, 0x20800000, + 0x00020000, 0x00820080, 0x00800080, 0x20020000, + 0x20820080, 0x20000080, 0x00000000, 0x00820000, + 0x20000000, 0x00800000, 0x20020080, 0x20800080, + 0x00800000, 0x00020000, 0x20820000, 0x00000080, + 0x00800000, 0x00020000, 0x20000080, 0x20820080, + 0x00020080, 0x20000000, 0x00000000, 0x00820000, + 0x20800080, 0x20020080, 0x20020000, 0x00800080, + 0x20820000, 0x00000080, 0x00800080, 0x20020000, + 0x20820080, 0x00800000, 0x20800000, 0x20000080, + 0x00820000, 0x00020080, 0x20020080, 0x20800000, + 0x00000080, 0x20820000, 0x00820080, 0x00000000, + 0x20000000, 0x20800080, 0x00020000, 0x00820080, + } +}; + +CONSTANT_VK u32a c_skb[8][64] = +{ + { + 0x00000000, 0x00000010, 0x20000000, 0x20000010, + 0x00010000, 0x00010010, 0x20010000, 0x20010010, + 0x00000800, 0x00000810, 0x20000800, 0x20000810, + 0x00010800, 0x00010810, 0x20010800, 0x20010810, + 0x00000020, 0x00000030, 0x20000020, 0x20000030, + 0x00010020, 0x00010030, 0x20010020, 0x20010030, + 0x00000820, 0x00000830, 0x20000820, 0x20000830, + 0x00010820, 0x00010830, 0x20010820, 0x20010830, + 0x00080000, 0x00080010, 0x20080000, 0x20080010, + 0x00090000, 0x00090010, 0x20090000, 0x20090010, + 0x00080800, 0x00080810, 0x20080800, 0x20080810, + 0x00090800, 0x00090810, 0x20090800, 0x20090810, + 0x00080020, 0x00080030, 0x20080020, 0x20080030, + 0x00090020, 0x00090030, 0x20090020, 0x20090030, + 0x00080820, 0x00080830, 0x20080820, 0x20080830, + 0x00090820, 0x00090830, 0x20090820, 0x20090830, + }, + { + 0x00000000, 0x02000000, 0x00002000, 0x02002000, + 0x00200000, 0x02200000, 0x00202000, 0x02202000, + 0x00000004, 0x02000004, 0x00002004, 0x02002004, + 0x00200004, 0x02200004, 0x00202004, 0x02202004, + 0x00000400, 0x02000400, 0x00002400, 0x02002400, + 0x00200400, 0x02200400, 0x00202400, 0x02202400, + 0x00000404, 0x02000404, 0x00002404, 0x02002404, + 0x00200404, 0x02200404, 0x00202404, 0x02202404, + 0x10000000, 0x12000000, 0x10002000, 0x12002000, + 0x10200000, 0x12200000, 0x10202000, 0x12202000, + 0x10000004, 0x12000004, 0x10002004, 0x12002004, + 0x10200004, 0x12200004, 0x10202004, 0x12202004, + 0x10000400, 0x12000400, 0x10002400, 0x12002400, + 0x10200400, 0x12200400, 0x10202400, 0x12202400, + 0x10000404, 0x12000404, 0x10002404, 0x12002404, + 0x10200404, 0x12200404, 0x10202404, 0x12202404, + }, + { + 0x00000000, 0x00000001, 0x00040000, 0x00040001, + 0x01000000, 0x01000001, 0x01040000, 0x01040001, + 0x00000002, 0x00000003, 0x00040002, 0x00040003, + 0x01000002, 0x01000003, 0x01040002, 0x01040003, + 0x00000200, 0x00000201, 0x00040200, 0x00040201, + 0x01000200, 0x01000201, 0x01040200, 0x01040201, + 0x00000202, 0x00000203, 0x00040202, 0x00040203, + 0x01000202, 0x01000203, 0x01040202, 0x01040203, + 0x08000000, 0x08000001, 0x08040000, 0x08040001, + 0x09000000, 0x09000001, 0x09040000, 0x09040001, + 0x08000002, 0x08000003, 0x08040002, 0x08040003, + 0x09000002, 0x09000003, 0x09040002, 0x09040003, + 0x08000200, 0x08000201, 0x08040200, 0x08040201, + 0x09000200, 0x09000201, 0x09040200, 0x09040201, + 0x08000202, 0x08000203, 0x08040202, 0x08040203, + 0x09000202, 0x09000203, 0x09040202, 0x09040203, + }, + { + 0x00000000, 0x00100000, 0x00000100, 0x00100100, + 0x00000008, 0x00100008, 0x00000108, 0x00100108, + 0x00001000, 0x00101000, 0x00001100, 0x00101100, + 0x00001008, 0x00101008, 0x00001108, 0x00101108, + 0x04000000, 0x04100000, 0x04000100, 0x04100100, + 0x04000008, 0x04100008, 0x04000108, 0x04100108, + 0x04001000, 0x04101000, 0x04001100, 0x04101100, + 0x04001008, 0x04101008, 0x04001108, 0x04101108, + 0x00020000, 0x00120000, 0x00020100, 0x00120100, + 0x00020008, 0x00120008, 0x00020108, 0x00120108, + 0x00021000, 0x00121000, 0x00021100, 0x00121100, + 0x00021008, 0x00121008, 0x00021108, 0x00121108, + 0x04020000, 0x04120000, 0x04020100, 0x04120100, + 0x04020008, 0x04120008, 0x04020108, 0x04120108, + 0x04021000, 0x04121000, 0x04021100, 0x04121100, + 0x04021008, 0x04121008, 0x04021108, 0x04121108, + }, + { + 0x00000000, 0x10000000, 0x00010000, 0x10010000, + 0x00000004, 0x10000004, 0x00010004, 0x10010004, + 0x20000000, 0x30000000, 0x20010000, 0x30010000, + 0x20000004, 0x30000004, 0x20010004, 0x30010004, + 0x00100000, 0x10100000, 0x00110000, 0x10110000, + 0x00100004, 0x10100004, 0x00110004, 0x10110004, + 0x20100000, 0x30100000, 0x20110000, 0x30110000, + 0x20100004, 0x30100004, 0x20110004, 0x30110004, + 0x00001000, 0x10001000, 0x00011000, 0x10011000, + 0x00001004, 0x10001004, 0x00011004, 0x10011004, + 0x20001000, 0x30001000, 0x20011000, 0x30011000, + 0x20001004, 0x30001004, 0x20011004, 0x30011004, + 0x00101000, 0x10101000, 0x00111000, 0x10111000, + 0x00101004, 0x10101004, 0x00111004, 0x10111004, + 0x20101000, 0x30101000, 0x20111000, 0x30111000, + 0x20101004, 0x30101004, 0x20111004, 0x30111004, + }, + { + 0x00000000, 0x08000000, 0x00000008, 0x08000008, + 0x00000400, 0x08000400, 0x00000408, 0x08000408, + 0x00020000, 0x08020000, 0x00020008, 0x08020008, + 0x00020400, 0x08020400, 0x00020408, 0x08020408, + 0x00000001, 0x08000001, 0x00000009, 0x08000009, + 0x00000401, 0x08000401, 0x00000409, 0x08000409, + 0x00020001, 0x08020001, 0x00020009, 0x08020009, + 0x00020401, 0x08020401, 0x00020409, 0x08020409, + 0x02000000, 0x0A000000, 0x02000008, 0x0A000008, + 0x02000400, 0x0A000400, 0x02000408, 0x0A000408, + 0x02020000, 0x0A020000, 0x02020008, 0x0A020008, + 0x02020400, 0x0A020400, 0x02020408, 0x0A020408, + 0x02000001, 0x0A000001, 0x02000009, 0x0A000009, + 0x02000401, 0x0A000401, 0x02000409, 0x0A000409, + 0x02020001, 0x0A020001, 0x02020009, 0x0A020009, + 0x02020401, 0x0A020401, 0x02020409, 0x0A020409, + }, + { + 0x00000000, 0x00000100, 0x00080000, 0x00080100, + 0x01000000, 0x01000100, 0x01080000, 0x01080100, + 0x00000010, 0x00000110, 0x00080010, 0x00080110, + 0x01000010, 0x01000110, 0x01080010, 0x01080110, + 0x00200000, 0x00200100, 0x00280000, 0x00280100, + 0x01200000, 0x01200100, 0x01280000, 0x01280100, + 0x00200010, 0x00200110, 0x00280010, 0x00280110, + 0x01200010, 0x01200110, 0x01280010, 0x01280110, + 0x00000200, 0x00000300, 0x00080200, 0x00080300, + 0x01000200, 0x01000300, 0x01080200, 0x01080300, + 0x00000210, 0x00000310, 0x00080210, 0x00080310, + 0x01000210, 0x01000310, 0x01080210, 0x01080310, + 0x00200200, 0x00200300, 0x00280200, 0x00280300, + 0x01200200, 0x01200300, 0x01280200, 0x01280300, + 0x00200210, 0x00200310, 0x00280210, 0x00280310, + 0x01200210, 0x01200310, 0x01280210, 0x01280310, + }, + { + 0x00000000, 0x04000000, 0x00040000, 0x04040000, + 0x00000002, 0x04000002, 0x00040002, 0x04040002, + 0x00002000, 0x04002000, 0x00042000, 0x04042000, + 0x00002002, 0x04002002, 0x00042002, 0x04042002, + 0x00000020, 0x04000020, 0x00040020, 0x04040020, + 0x00000022, 0x04000022, 0x00040022, 0x04040022, + 0x00002020, 0x04002020, 0x00042020, 0x04042020, + 0x00002022, 0x04002022, 0x00042022, 0x04042022, + 0x00000800, 0x04000800, 0x00040800, 0x04040800, + 0x00000802, 0x04000802, 0x00040802, 0x04040802, + 0x00002800, 0x04002800, 0x00042800, 0x04042800, + 0x00002802, 0x04002802, 0x00042802, 0x04042802, + 0x00000820, 0x04000820, 0x00040820, 0x04040820, + 0x00000822, 0x04000822, 0x00040822, 0x04040822, + 0x00002820, 0x04002820, 0x00042820, 0x04042820, + 0x00002822, 0x04002822, 0x00042822, 0x04042822 + } +}; + +#if VECT_SIZE == 1 +#define BOX(i,n,S) (S)[(n)][(i)] +#elif VECT_SIZE == 2 +#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1]) +#elif VECT_SIZE == 4 +#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3]) +#elif VECT_SIZE == 8 +#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7]) +#elif VECT_SIZE == 16 +#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) +#endif + +DECLSPEC void _des_crypt_encrypt (u32 *iv, u32 *data, u32 *Kc, u32 *Kd, SHM_TYPE u32 (*s_SPtrans)[64]) +{ + u32 r = data[0]; + u32 l = data[1]; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 16; i += 2) + { + u32 u; + u32 t; + + u = Kc[i + 0] ^ hc_rotl32 (r, 30u); + t = Kd[i + 0] ^ hc_rotl32 (r, 26u); + + l ^= BOX (((u >> 0) & 0x3f), 0, s_SPtrans) + | BOX (((u >> 8) & 0x3f), 2, s_SPtrans) + | BOX (((u >> 16) & 0x3f), 4, s_SPtrans) + | BOX (((u >> 24) & 0x3f), 6, s_SPtrans) + | BOX (((t >> 0) & 0x3f), 1, s_SPtrans) + | BOX (((t >> 8) & 0x3f), 3, s_SPtrans) + | BOX (((t >> 16) & 0x3f), 5, s_SPtrans) + | BOX (((t >> 24) & 0x3f), 7, s_SPtrans); + + u = Kc[i + 1] ^ hc_rotl32 (l, 30u); + t = Kd[i + 1] ^ hc_rotl32 (l, 26u); + + r ^= BOX (((u >> 0) & 0x3f), 0, s_SPtrans) + | BOX (((u >> 8) & 0x3f), 2, s_SPtrans) + | BOX (((u >> 16) & 0x3f), 4, s_SPtrans) + | BOX (((u >> 24) & 0x3f), 6, s_SPtrans) + | BOX (((t >> 0) & 0x3f), 1, s_SPtrans) + | BOX (((t >> 8) & 0x3f), 3, s_SPtrans) + | BOX (((t >> 16) & 0x3f), 5, s_SPtrans) + | BOX (((t >> 24) & 0x3f), 7, s_SPtrans); + } + + iv[0] = l; + iv[1] = r; +} + +DECLSPEC void _des_crypt_keysetup (u32 c, u32 d, u32 *Kc, u32 *Kd, SHM_TYPE u32 (*s_skb)[64]) +{ + u32 tt; + + PERM_OP (d, c, tt, 4, 0x0f0f0f0f); + HPERM_OP (c, tt, 2, 0xcccc0000); + HPERM_OP (d, tt, 2, 0xcccc0000); + PERM_OP (d, c, tt, 1, 0x55555555); + PERM_OP (c, d, tt, 8, 0x00ff00ff); + PERM_OP (d, c, tt, 1, 0x55555555); + + d = ((d & 0x000000ff) << 16) + | ((d & 0x0000ff00) << 0) + | ((d & 0x00ff0000) >> 16) + | ((c & 0xf0000000) >> 4); + + c = c & 0x0fffffff; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 16; i++) + { + if ((i < 2) || (i == 8) || (i == 15)) + { + c = ((c >> 1) | (c << 27)); + d = ((d >> 1) | (d << 27)); + } + else + { + c = ((c >> 2) | (c << 26)); + d = ((d >> 2) | (d << 26)); + } + + c = c & 0x0fffffff; + d = d & 0x0fffffff; + + const u32 c00 = (c >> 0) & 0x0000003f; + const u32 c06 = (c >> 6) & 0x00383003; + const u32 c07 = (c >> 7) & 0x0000003c; + const u32 c13 = (c >> 13) & 0x0000060f; + const u32 c20 = (c >> 20) & 0x00000001; + + u32 s = BOX (((c00 >> 0) & 0xff), 0, s_skb) + | BOX (((c06 >> 0) & 0xff) + |((c07 >> 0) & 0xff), 1, s_skb) + | BOX (((c13 >> 0) & 0xff) + |((c06 >> 8) & 0xff), 2, s_skb) + | BOX (((c20 >> 0) & 0xff) + |((c13 >> 8) & 0xff) + |((c06 >> 16) & 0xff), 3, s_skb); + + const u32 d00 = (d >> 0) & 0x00003c3f; + const u32 d07 = (d >> 7) & 0x00003f03; + const u32 d21 = (d >> 21) & 0x0000000f; + const u32 d22 = (d >> 22) & 0x00000030; + + u32 t = BOX (((d00 >> 0) & 0xff), 4, s_skb) + | BOX (((d07 >> 0) & 0xff) + |((d00 >> 8) & 0xff), 5, s_skb) + | BOX (((d07 >> 8) & 0xff), 6, s_skb) + | BOX (((d21 >> 0) & 0xff) + |((d22 >> 0) & 0xff), 7, s_skb); + + Kc[i] = ((t << 16) | (s & 0x0000ffff)); + Kd[i] = ((s >> 16) | (t & 0xffff0000)); + } +} + +DECLSPEC void transform_netntlmv1_key (const u32 w0, const u32 w1, u32 *out) +{ + u32 t[8]; + + t[0] = (w0 >> 0) & 0xff; + t[1] = (w0 >> 8) & 0xff; + t[2] = (w0 >> 16) & 0xff; + t[3] = (w0 >> 24) & 0xff; + t[4] = (w1 >> 0) & 0xff; + t[5] = (w1 >> 8) & 0xff; + t[6] = (w1 >> 16) & 0xff; + t[7] = (w1 >> 24) & 0xff; + + u32 k[8]; + + k[0] = (t[0] >> 0); + k[1] = (t[0] << 7) | (t[1] >> 1); + k[2] = (t[1] << 6) | (t[2] >> 2); + k[3] = (t[2] << 5) | (t[3] >> 3); + k[4] = (t[3] << 4) | (t[4] >> 4); + k[5] = (t[4] << 3) | (t[5] >> 5); + k[6] = (t[5] << 2) | (t[6] >> 6); + k[7] = (t[6] << 1); + + out[0] = ((k[0] & 0xff) << 0) + | ((k[1] & 0xff) << 8) + | ((k[2] & 0xff) << 16) + | ((k[3] & 0xff) << 24); + + out[1] = ((k[4] & 0xff) << 0) + | ((k[5] & 0xff) << 8) + | ((k[6] & 0xff) << 16) + | ((k[7] & 0xff) << 24); +} + +#ifdef KERNEL_STATIC +DECLSPEC u8 hex_convert (const u8 c) +{ + return (c & 15) + (c >> 6) * 9; +} + +DECLSPEC u8 hex_to_u8 (const u8 *hex) +{ + u8 v = 0; + + v |= ((u8) hex_convert (hex[1]) << 0); + v |= ((u8) hex_convert (hex[0]) << 4); + + return (v); +} +#endif + +typedef struct netntlm +{ + u32 user_len; + u32 domain_len; + u32 srvchall_len; + u32 clichall_len; + + u32 userdomain_buf[64]; + u32 chall_buf[256]; + +} netntlm_t; + +typedef struct netntlm_tmp +{ + u32 digest_buf[4]; + +} netntlm_tmp_t; + +KERNEL_FQ void m27000_init (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t)) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + if (gid >= gid_max) return; + + /** + * salt + */ + + u32 in[16]; + + in[ 0] = pws[gid].i[ 0]; + in[ 1] = pws[gid].i[ 1]; + in[ 2] = pws[gid].i[ 2]; + in[ 3] = pws[gid].i[ 3]; + in[ 4] = pws[gid].i[ 4]; + in[ 5] = pws[gid].i[ 5]; + in[ 6] = pws[gid].i[ 6]; + in[ 7] = pws[gid].i[ 7]; + + u8 *in_ptr = (u8 *) in; + + u32 out[4]; + + u8 *out_ptr = (u8 *) out; + + for (int i = 0, j = 0; i < 16; i += 1, j += 2) + { + out_ptr[i] = hex_to_u8 (in_ptr + j); + } + + tmps[gid].digest_buf[0] = out[ 0]; + tmps[gid].digest_buf[1] = out[ 1]; + tmps[gid].digest_buf[2] = out[ 2]; + tmps[gid].digest_buf[3] = out[ 3]; + +} + +KERNEL_FQ void m27000_loop (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t)) +{ + +} + +KERNEL_FQ void m27000_comp (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t)) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * sbox, kbox + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_SPtrans[8][64]; + LOCAL_VK u32 s_skb[8][64]; + + for (u32 i = lid; i < 64; i += lsz) + { + s_SPtrans[0][i] = c_SPtrans[0][i]; + s_SPtrans[1][i] = c_SPtrans[1][i]; + s_SPtrans[2][i] = c_SPtrans[2][i]; + s_SPtrans[3][i] = c_SPtrans[3][i]; + s_SPtrans[4][i] = c_SPtrans[4][i]; + s_SPtrans[5][i] = c_SPtrans[5][i]; + s_SPtrans[6][i] = c_SPtrans[6][i]; + s_SPtrans[7][i] = c_SPtrans[7][i]; + + s_skb[0][i] = c_skb[0][i]; + s_skb[1][i] = c_skb[1][i]; + s_skb[2][i] = c_skb[2][i]; + s_skb[3][i] = c_skb[3][i]; + s_skb[4][i] = c_skb[4][i]; + s_skb[5][i] = c_skb[5][i]; + s_skb[6][i] = c_skb[6][i]; + s_skb[7][i] = c_skb[7][i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + const u32 s0 = salt_bufs[SALT_POS].salt_buf[0]; + const u32 s1 = salt_bufs[SALT_POS].salt_buf[1]; + const u32 s2 = salt_bufs[SALT_POS].salt_buf[2]; + + const u32 a = tmps[gid].digest_buf[0]; + const u32 b = tmps[gid].digest_buf[1]; + const u32 c = tmps[gid].digest_buf[2]; + const u32 d = tmps[gid].digest_buf[3]; + + // I believe this matches the last 2 bytes and throws away. + // Taken from 5500. + if ((d >> 16) != s2) return; + + /** + * DES1 + */ + + u32 key[2]; + + transform_netntlmv1_key (a, b, key); + + u32 Kc[16]; + u32 Kd[16]; + + _des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb); + + u32 data[2]; + + data[0] = s0; + data[1] = s1; + + u32 out1[2]; + + _des_crypt_encrypt (out1, data, Kc, Kd, s_SPtrans); + + /** + * DES2 + */ + + transform_netntlmv1_key (((b >> 24) | (c << 8)), ((c >> 24) | (d << 8)), key); + + _des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb); + + u32 out2[2]; + + _des_crypt_encrypt (out2, data, Kc, Kd, s_SPtrans); + + /** + * digest + */ + + const u32 r0 = out1[0]; + const u32 r1 = out1[1]; + const u32 r2 = out2[0]; + const u32 r3 = out2[1]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} \ No newline at end of file diff --git a/OpenCL/m27100-pure.cl b/OpenCL/m27100-pure.cl new file mode 100644 index 000000000..d34355187 --- /dev/null +++ b/OpenCL/m27100-pure.cl @@ -0,0 +1,197 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +// #define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_rp.h" +#include "inc_rp.cl" +#include "inc_scalar.cl" +#include "inc_hash_md4.cl" +#include "inc_hash_md5.cl" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +#ifdef KERNEL_STATIC +DECLSPEC u8 hex_convert (const u8 c) +{ + return (c & 15) + (c >> 6) * 9; +} + +DECLSPEC u8 hex_to_u8 (const u8 *hex) +{ + u8 v = 0; + + v |= ((u8) hex_convert (hex[1]) << 0); + v |= ((u8) hex_convert (hex[0]) << 4); + + return (v); +} +#endif + +typedef struct netntlm +{ + u32 user_len; + u32 domain_len; + u32 srvchall_len; + u32 clichall_len; + + u32 userdomain_buf[64]; + u32 chall_buf[256]; + +} netntlm_t; + +typedef struct netntlmv2_tmp +{ + u32 digest_buf[4]; + +} netntlm_tmp_t; + + +KERNEL_FQ void m27100_init (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t)) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 in[16]; + + in[ 0] = pws[gid].i[ 0]; + in[ 1] = pws[gid].i[ 1]; + in[ 2] = pws[gid].i[ 2]; + in[ 3] = pws[gid].i[ 3]; + in[ 4] = pws[gid].i[ 4]; + in[ 5] = pws[gid].i[ 5]; + in[ 6] = pws[gid].i[ 6]; + in[ 7] = pws[gid].i[ 7]; + + u8 *in_ptr = (u8 *) in; + + u32 out[4]; + + u8 *out_ptr = (u8 *) out; + + for (int i = 0, j = 0; i < 16; i += 1, j += 2) + { + out_ptr[i] = hex_to_u8 (in_ptr + j); + } + + tmps[gid].digest_buf[0] = out[ 0]; + tmps[gid].digest_buf[1] = out[ 1]; + tmps[gid].digest_buf[2] = out[ 2]; + tmps[gid].digest_buf[3] = out[ 3]; + +} + + +KERNEL_FQ void m27100_loop (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t)) +{ + + +} + +KERNEL_FQ void m27100_comp (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t)) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + const u64 lid = get_local_id (0); + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = tmps[gid].digest_buf[0]; + w0[1] = tmps[gid].digest_buf[1]; + w0[2] = tmps[gid].digest_buf[2]; + w0[3] = tmps[gid].digest_buf[3]; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + md5_hmac_ctx_t ctx0; + + md5_hmac_init_64 (&ctx0, w0, w1, w2, w3); + + md5_hmac_update_global (&ctx0, esalt_bufs[DIGESTS_OFFSET].userdomain_buf, esalt_bufs[DIGESTS_OFFSET].user_len + esalt_bufs[DIGESTS_OFFSET].domain_len); + + md5_hmac_final (&ctx0); + + w0[0] = ctx0.opad.h[0]; + w0[1] = ctx0.opad.h[1]; + w0[2] = ctx0.opad.h[2]; + w0[3] = ctx0.opad.h[3]; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + md5_hmac_ctx_t ctx; + + md5_hmac_init_64 (&ctx, w0, w1, w2, w3); + + md5_hmac_update_global (&ctx, esalt_bufs[DIGESTS_OFFSET].chall_buf, esalt_bufs[DIGESTS_OFFSET].srvchall_len + esalt_bufs[DIGESTS_OFFSET].clichall_len); + + md5_hmac_final (&ctx); + + tmps[gid].digest_buf[0] = ctx.opad.h[0]; + tmps[gid].digest_buf[1] = ctx.opad.h[1]; + tmps[gid].digest_buf[2] = ctx.opad.h[2]; + tmps[gid].digest_buf[3] = ctx.opad.h[3]; + + + /** + * digest + */ + + const u32 r0 = ctx.opad.h[DGST_R0]; + const u32 r1 = ctx.opad.h[DGST_R1]; + const u32 r2 = ctx.opad.h[DGST_R2]; + const u32 r3 = ctx.opad.h[DGST_R3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} \ No newline at end of file diff --git a/src/modules/module_27000.c b/src/modules/module_27000.c new file mode 100644 index 000000000..7bb8287bc --- /dev/null +++ b/src/modules/module_27000.c @@ -0,0 +1,512 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "emu_inc_cipher_des.h" +#include "emu_inc_hash_md5.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL; +static const char *HASH_NAME = "NetNTLMv1 / NetNTLMv1+ESS (NT)"; +static const u64 KERN_TYPE = 27000; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_ADDBITS14 + | OPTS_TYPE_PT_UTF16LE + | OPTS_TYPE_ST_HEX; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "b4b9b02e6f09a9bd760f388b67351e2b"; +static const char *ST_HASH = "::5V4T:ada06359242920a500000000000000000000000000000000:0556d5297b5daa70eaffde82ef99293a3f3bb59b7c9704ea:9c23f6c094853920"; + +typedef struct netntlm +{ + int user_len; + int domain_len; + int srvchall_len; + int clichall_len; + + u32 userdomain_buf[64]; + u32 chall_buf[256]; + +} netntlm_t; + +typedef struct netntlm_tmp +{ + u32 digest_buf[4]; + +} netntlm_tmp_t; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (netntlm_tmp_t); + + return tmp_size; +} + +static void transform_netntlmv1_key (const u8 *nthash, u8 *key) +{ + key[0] = (nthash[0] >> 0); + key[1] = (nthash[0] << 7) | (nthash[1] >> 1); + key[2] = (nthash[1] << 6) | (nthash[2] >> 2); + key[3] = (nthash[2] << 5) | (nthash[3] >> 3); + key[4] = (nthash[3] << 4) | (nthash[4] >> 4); + key[5] = (nthash[4] << 3) | (nthash[5] >> 5); + key[6] = (nthash[5] << 2) | (nthash[6] >> 6); + key[7] = (nthash[6] << 1); + + key[0] |= 0x01; + key[1] |= 0x01; + key[2] |= 0x01; + key[3] |= 0x01; + key[4] |= 0x01; + key[5] |= 0x01; + key[6] |= 0x01; + key[7] |= 0x01; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (netntlm_t); + + return esalt_size; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + netntlm_t *netntlm = (netntlm_t *) esalt_buf; + + token_t token; + + token.token_cnt = 6; + + // username + token.len_min[0] = 0; + token.len_max[0] = 60; + token.sep[0] = ':'; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; + + // unused + token.len_min[1] = 0; + token.len_max[1] = 0; + token.sep[1] = ':'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + // domain + token.len_min[2] = 0; + token.len_max[2] = 45; + token.sep[2] = ':'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + // lm response + token.len_min[3] = 0; + token.len_max[3] = 48; + token.sep[3] = ':'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + // ntlm response + token.len_min[4] = 48; + token.len_max[4] = 48; + token.sep[4] = ':'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + // challenge + token.len_min[5] = 16; + token.len_max[5] = 16; + token.sep[5] = ':'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *user_pos = token.buf[0]; + const u8 *domain_pos = token.buf[2]; + const u8 *srvchall_pos = token.buf[3]; + const u8 *hash_pos = token.buf[4]; + const u8 *clichall_pos = token.buf[5]; + + const int user_len = token.len[0]; + const int domain_len = token.len[2]; + const int srvchall_len = token.len[3]; + const int clichall_len = token.len[5]; + + /** + * store some data for later use + */ + + netntlm->user_len = user_len * 2; + netntlm->domain_len = domain_len * 2; + netntlm->srvchall_len = srvchall_len / 2; + netntlm->clichall_len = clichall_len / 2; + + u8 *userdomain_ptr = (u8 *) netntlm->userdomain_buf; + u8 *chall_ptr = (u8 *) netntlm->chall_buf; + + /** + * handle username and domainname + */ + + for (int i = 0; i < user_len; i++) + { + *userdomain_ptr++ = user_pos[i]; + *userdomain_ptr++ = 0; + } + + for (int i = 0; i < domain_len; i++) + { + *userdomain_ptr++ = domain_pos[i]; + *userdomain_ptr++ = 0; + } + + /** + * handle server challenge encoding + */ + + for (int i = 0; i < srvchall_len; i += 2) + { + const u8 p0 = srvchall_pos[i + 0]; + const u8 p1 = srvchall_pos[i + 1]; + + *chall_ptr++ = hex_convert (p1) << 0 + | hex_convert (p0) << 4; + } + + /** + * handle client challenge encoding + */ + + for (int i = 0; i < clichall_len; i += 2) + { + const u8 p0 = clichall_pos[i + 0]; + const u8 p1 = clichall_pos[i + 1]; + + *chall_ptr++ = hex_convert (p1) << 0 + | hex_convert (p0) << 4; + } + + /** + * store data + */ + + const bool parse_rc = generic_salt_decode (hashconfig, clichall_pos, clichall_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + + /* special case, last 8 byte do not need to be checked since they are brute-forced next */ + + u32 digest_tmp[2]; + + digest_tmp[0] = hex_to_u32 (hash_pos + 32); + digest_tmp[1] = hex_to_u32 (hash_pos + 40); + + /* special case 2: ESS */ + + if (srvchall_len == 48) + { + if ((netntlm->chall_buf[2] == 0) && (netntlm->chall_buf[3] == 0) && (netntlm->chall_buf[4] == 0) && (netntlm->chall_buf[5] == 0)) + { + u32 w[16] = { 0 }; + + w[ 0] = salt->salt_buf[0]; + w[ 1] = salt->salt_buf[1]; + w[ 2] = netntlm->chall_buf[0]; + w[ 3] = netntlm->chall_buf[1]; + w[ 4] = 0x80; + w[14] = 16 * 8; + + u32 dgst[4] = { 0 }; + + dgst[0] = MD5M_A; + dgst[1] = MD5M_B; + dgst[2] = MD5M_C; + dgst[3] = MD5M_D; + + md5_transform (w + 0, w + 4, w + 8, w + 12, dgst); + + salt->salt_buf[0] = dgst[0]; + salt->salt_buf[1] = dgst[1]; + } + } + + /* precompute netntlmv1 exploit start */ + + for (u32 i = 0; i < 0x10000; i++) + { + u32 key_md4[2] = { 0 }; + u32 key_des[2] = { 0 }; + + key_md4[0] = i; + + transform_netntlmv1_key ((const u8 *) key_md4, (u8 *) key_des); + + u32 Kc[16] = { 0 }; + u32 Kd[16] = { 0 }; + + _des_crypt_keysetup (key_des[0], key_des[1], Kc, Kd, (u32 (*)[64]) c_skb); + + u32 data3[2] = { salt->salt_buf[0], salt->salt_buf[1] }; + + _des_crypt_encrypt (data3, data3, Kc, Kd, (u32 (*)[64]) c_SPtrans); + + if (data3[0] != digest_tmp[0]) continue; + if (data3[1] != digest_tmp[1]) continue; + + salt->salt_buf[2] = i; + + salt->salt_len = 24; + + break; + } + + salt->salt_buf_pc[0] = digest_tmp[0]; + salt->salt_buf_pc[1] = digest_tmp[1]; + + /* precompute netntlmv1 exploit stop */ + + DES_IP (digest[0], digest[1]); + DES_IP (digest[2], digest[3]); + + digest[0] = rotr32 (digest[0], 29); + digest[1] = rotr32 (digest[1], 29); + digest[2] = rotr32 (digest[2], 29); + digest[3] = rotr32 (digest[3], 29); + + DES_IP (salt->salt_buf[0], salt->salt_buf[1]); + + salt->salt_buf[0] = rotl32 (salt->salt_buf[0], 3); + salt->salt_buf[1] = rotl32 (salt->salt_buf[1], 3); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const netntlm_t *netntlm = (const netntlm_t *) esalt_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u32 tmp[4]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + + tmp[0] = rotl32 (tmp[0], 29); + tmp[1] = rotl32 (tmp[1], 29); + tmp[2] = rotl32 (tmp[2], 29); + tmp[3] = rotl32 (tmp[3], 29); + + DES_FP (tmp[1], tmp[0]); + DES_FP (tmp[3], tmp[2]); + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + u8 *ptr; + + ptr = (u8 *) netntlm->userdomain_buf; + + for (int i = 0; i < netntlm->user_len; i += 2) + { + out_buf[out_len++] = ptr[i]; + } + + out_buf[out_len++] = ':'; + out_buf[out_len++] = ':'; + + ptr += netntlm->user_len; + + for (int i = 0; i < netntlm->domain_len; i += 2) + { + out_buf[out_len++] = ptr[i]; + } + + out_buf[out_len++] = ':'; + + ptr = (u8 *) netntlm->chall_buf; + + for (int i = 0; i < netntlm->srvchall_len; i++) + { + u8_to_hex (ptr[i], out_buf + out_len); out_len += 2; + } + + out_buf[out_len++] = ':'; + + u32_to_hex (tmp[0], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[1], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[2], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[3], out_buf + out_len); out_len += 8; + + u32_to_hex (salt->salt_buf_pc[0], out_buf + out_len); out_len += 8; + u32_to_hex (salt->salt_buf_pc[1], out_buf + out_len); out_len += 8; + + out_buf[out_len++] = ':'; + + ptr += netntlm->srvchall_len; + + for (int i = 0; i < netntlm->clichall_len; i++) + { + u8_to_hex (ptr[i], out_buf + out_len); out_len += 2; + } + + return out_len; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 32; // Length of a NT hash + + return pw_max; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 32; // Length of a NT hash + + return pw_min; +} + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const char *mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxx"; + return mask; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_27100.c b/src/modules/module_27100.c new file mode 100644 index 000000000..84b1fa6ca --- /dev/null +++ b/src/modules/module_27100.c @@ -0,0 +1,408 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "emu_inc_cipher_des.h" +#include "emu_inc_hash_md5.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 3; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 1; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL; +static const char *HASH_NAME = "NetNTLMv2 (NT)"; +static const u64 KERN_TYPE = 27100; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_ADDBITS14 + | OPTS_TYPE_PT_UTF16LE + | OPTS_TYPE_ST_HEX; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "b4b9b02e6f09a9bd760f388b67351e2b"; +static const char *ST_HASH = "0UL5G37JOI0SX::6VB1IS0KA74:ebe1afa18b7fbfa6:aab8bf8675658dd2a939458a1077ba08:010100000000000031c8aa092510945398b9f7b7dde1a9fb00000000f7876f2b04b700"; + +typedef struct netntlm +{ + int user_len; + int domain_len; + int srvchall_len; + int clichall_len; + + u32 userdomain_buf[64]; + u32 chall_buf[256]; + +} netntlm_t; + +typedef struct netntlmv2_tmp +{ + u32 digest_buf[4]; + +} netntlm_tmp_t; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (netntlm_tmp_t); + + return tmp_size; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (netntlm_t); + + return esalt_size; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + netntlm_t *netntlm = (netntlm_t *) esalt_buf; + + token_t token; + + token.token_cnt = 6; + + // username + token.len_min[0] = 0; + token.len_max[0] = 60; + token.sep[0] = ':'; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; + + // unused + token.len_min[1] = 0; + token.len_max[1] = 0; + token.sep[1] = ':'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + // domain + token.len_min[2] = 0; + token.len_max[2] = 45; + token.sep[2] = ':'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + // lm response + token.len_min[3] = 16; + token.len_max[3] = 16; + token.sep[3] = ':'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + // ntlm response + token.len_min[4] = 32; + token.len_max[4] = 32; + token.sep[4] = ':'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + // challenge + token.len_min[5] = 2; + token.len_max[5] = 1024; + token.sep[5] = ':'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *user_pos = token.buf[0]; + const u8 *domain_pos = token.buf[2]; + const u8 *srvchall_pos = token.buf[3]; + const u8 *hash_pos = token.buf[4]; + const u8 *clichall_pos = token.buf[5]; + + const int user_len = token.len[0]; + const int domain_len = token.len[2]; + const int srvchall_len = token.len[3]; + const int clichall_len = token.len[5]; + + /** + * store some data for later use + */ + + netntlm->user_len = user_len * 2; + netntlm->domain_len = domain_len * 2; + netntlm->srvchall_len = srvchall_len / 2; + netntlm->clichall_len = clichall_len / 2; + + u8 *userdomain_ptr = (u8 *) netntlm->userdomain_buf; + u8 *chall_ptr = (u8 *) netntlm->chall_buf; + + /** + * handle username and domainname + */ + + for (int i = 0; i < user_len; i++) + { + *userdomain_ptr++ = toupper (user_pos[i]); + *userdomain_ptr++ = 0; + } + + for (int i = 0; i < domain_len; i++) + { + *userdomain_ptr++ = domain_pos[i]; + *userdomain_ptr++ = 0; + } + + *userdomain_ptr++ = 0x80; + + /** + * handle server challenge encoding + */ + + for (int i = 0; i < srvchall_len; i += 2) + { + const u8 p0 = srvchall_pos[i + 0]; + const u8 p1 = srvchall_pos[i + 1]; + + *chall_ptr++ = hex_convert (p1) << 0 + | hex_convert (p0) << 4; + } + + /** + * handle client challenge encoding + */ + + for (int i = 0; i < clichall_len; i += 2) + { + const u8 p0 = clichall_pos[i + 0]; + const u8 p1 = clichall_pos[i + 1]; + + *chall_ptr++ = hex_convert (p1) << 0 + | hex_convert (p0) << 4; + } + + *chall_ptr++ = 0x80; + + /** + * handle hash itself + */ + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + + /** + * reuse challange data as salt_buf, its the buffer that is most likely unique + */ + + salt->salt_buf[0] = 0; + salt->salt_buf[1] = 0; + salt->salt_buf[2] = 0; + salt->salt_buf[3] = 0; + salt->salt_buf[4] = 0; + salt->salt_buf[5] = 0; + salt->salt_buf[6] = 0; + salt->salt_buf[7] = 0; + + u32 *uptr; + + uptr = (u32 *) netntlm->userdomain_buf; + + for (u32 i = 0; i < 64; i += 16, uptr += 16) + { + md5_transform (uptr + 0, uptr + 4, uptr + 8, uptr + 12, salt->salt_buf); + } + + uptr = (u32 *) netntlm->chall_buf; + + for (u32 i = 0; i < 256; i += 16, uptr += 16) + { + md5_transform (uptr + 0, uptr + 4, uptr + 8, uptr + 12, salt->salt_buf); + } + + salt->salt_len = 16; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const netntlm_t *netntlm = (const netntlm_t *) esalt_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u32 tmp[4]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + u8 *ptr; + + ptr = (u8 *) netntlm->userdomain_buf; + + for (int i = 0; i < netntlm->user_len; i += 2) + { + out_buf[out_len++] = ptr[i]; + } + + out_buf[out_len++] = ':'; + out_buf[out_len++] = ':'; + + ptr += netntlm->user_len; + + for (int i = 0; i < netntlm->domain_len; i += 2) + { + out_buf[out_len++] = ptr[i]; + } + + out_buf[out_len++] = ':'; + + ptr = (u8 *) netntlm->chall_buf; + + for (int i = 0; i < netntlm->srvchall_len; i++) + { + u8_to_hex (ptr[i], out_buf + out_len); out_len += 2; + } + + out_buf[out_len++] = ':'; + + u32_to_hex (tmp[0], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[1], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[2], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[3], out_buf + out_len); out_len += 8; + + out_buf[out_len++] = ':'; + + ptr += netntlm->srvchall_len; + + for (int i = 0; i < netntlm->clichall_len; i++) + { + u8_to_hex (ptr[i], out_buf + out_len); out_len += 2; + } + + return out_len; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 32; // Length of a NT hash + + return pw_max; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 32; // Length of a NT hash + + return pw_min; +} + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const char *mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxx"; + return mask; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m27000.pm b/tools/test_modules/m27000.pm new file mode 100644 index 000000000..2ae2ea163 --- /dev/null +++ b/tools/test_modules/m27000.pm @@ -0,0 +1,176 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::HMAC qw (hmac hmac_hex); +use Digest::MD5 qw (md5); +use Encode qw (encode); +use Crypt::ECB qw (encrypt); + +sub setup_des_key +{ + my @key_56 = split (//, shift); + + my $key = ""; + + $key = $key_56[0]; + + $key .= chr (((ord ($key_56[0]) << 7) | (ord ($key_56[1]) >> 1)) & 255); + $key .= chr (((ord ($key_56[1]) << 6) | (ord ($key_56[2]) >> 2)) & 255); + $key .= chr (((ord ($key_56[2]) << 5) | (ord ($key_56[3]) >> 3)) & 255); + $key .= chr (((ord ($key_56[3]) << 4) | (ord ($key_56[4]) >> 4)) & 255); + $key .= chr (((ord ($key_56[4]) << 3) | (ord ($key_56[5]) >> 5)) & 255); + $key .= chr (((ord ($key_56[5]) << 2) | (ord ($key_56[6]) >> 6)) & 255); + $key .= chr (( ord ($key_56[6]) << 1) & 255); + + return $key; +} + +sub get_random_netntlmv1_salt +{ + my $len_user = shift; + my $len_domain = shift; + + my $char; + my $type; + my $user = ""; + + for (my $i = 0; $i < $len_user; $i++) + { + $type = random_number (1, 3); + + if ($type == 1) + { + $char = random_numeric_string (1); + } + elsif ($type == 2) + { + $char = random_uppercase_string (1); + } + else + { + $char = random_lowercase_string (1); + } + + $user .= $char; + } + + my $domain = ""; + + for (my $i = 0; $i < $len_domain; $i++) + { + $type = random_number (1, 3); + + if ($type == 1) + { + $char = random_numeric_string (1); + } + elsif ($type == 2) + { + $char = random_uppercase_string (1); + } + else + { + $char = random_lowercase_string (1); + } + + $domain .= $char; + } + + my $c_challenge = random_bytes (8); + my $s_challenge = random_bytes (8); + + my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $c_challenge) . unpack ("H*", $s_challenge); + + return $salt_buf; +} + +sub module_constraints { [[32, 32], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } # room for improvement in pure kernel mode + +sub module_generate_hash +{ + my $word = shift; + my $unused = shift; + my $salt = shift // get_random_netntlmv1_salt (random_number (0, 15), random_number (0, 15)); + + my $index1 = index ($salt, "::"); + my $user = substr ($salt, 0, $index1); + + my $index2 = index ($salt, ":", $index1 + 2); + my $domain = substr ($salt, $index1 + 2, $index2 - $index1 - 2); + + my $len = length (substr ($salt, $index2 + 1)); + + my $c_challenge_hex; + + if ($len > 32) + { + $c_challenge_hex = substr ($salt, $index2 + 1, 48); + $index2 += 32; + } + else + { + $c_challenge_hex = substr ($salt, $index2 + 1, 16); + $c_challenge_hex .= 00 x 32; + } + + my $c_challenge = pack ("H*", substr ($c_challenge_hex, 0, 16)); + my $s_challenge_hex = substr ($salt, $index2 + 17, 16); + my $s_challenge = pack ("H*", $s_challenge_hex); + + my $challenge = substr (md5 ($s_challenge . $c_challenge), 0, 8); + + my $ntresp; + + my $nthash = pack ("H*", $word); + my $nthashpadded = $nthash . "\x00" x 5; + + $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthashpadded, 0, 7)), "DES", $challenge, "none"); + $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthashpadded, 7, 7)), "DES", $challenge, "none"); + $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthashpadded, 14, 7)), "DES", $challenge, "none"); + + my $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $c_challenge_hex, unpack ("H*", $ntresp), $s_challenge_hex); + + return $tmp_hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $index1 = index ($line, "::"); + + return if $index1 < 1; + + my $index2 = index ($line, ":", $index1 + 2); + + return if $index2 < 1; + + $index2 = index ($line, ":", $index2 + 1); + + return if $index2 < 1; + + my $salt = substr ($line, 0, $index2 - 32); + + $index2 = index ($line, ":", $index2 + 1); + + return if $index2 < 1; + + $salt .= substr ($line, $index2 + 1, 16); + + my $word = substr ($line, $index2 + 1 + 16 + 1); + + # my $word_packed = pack ("H*", $word); + + my $new_hash = module_generate_hash ($word, undef, $salt); + + return ($new_hash, $word); +} + +1; diff --git a/tools/test_modules/m27100.pm b/tools/test_modules/m27100.pm new file mode 100644 index 000000000..fb52146c5 --- /dev/null +++ b/tools/test_modules/m27100.pm @@ -0,0 +1,90 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::HMAC qw (hmac hmac_hex); +use Digest::MD5 qw (md5); +use Encode qw (encode); + +sub module_constraints { [[32, 32], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $user = shift; + + my $user_len = length $user; + my $domain_len = 27 - $user_len; + + my $domain = shift // random_string ($domain_len); + my $srv_ch = shift // random_hex_string (2 * 8); + my $cli_ch = shift // random_client_challenge (); + + my $b_srv_ch = pack ('H*', $srv_ch); + my $b_cli_ch = pack ('H*', $cli_ch); + + my $nthash = pack ("H*", $word); + my $identity = encode ('UTF-16LE', uc ($user) . $domain); + my $digest = hmac_hex ($b_srv_ch . $b_cli_ch, hmac ($identity, $nthash, \&md5, 64), \&md5, 64); + + my $hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $srv_ch, $digest, $cli_ch); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $user; + my $domain; + my $srv_ch; + my $cli_ch; + my $word; + + my $hash; + + my $index1 = index ($line, '::'); + my $index2 = index ($line, ':', $index1 + 2); + my $index3 = index ($line, ':', $index2 + 3 + 16 + 32); + + return if $index1 eq -1; + return if $index2 eq -1; + return if $index3 eq -1; + + $hash = substr ($line, 0, $index3); + + $user = substr ($line, 0, $index1); + $domain = substr ($line, $index1 + 2, $index2 - $index1 - 2); + $srv_ch = substr ($line, $index2 + 1, 16); + $cli_ch = substr ($line, $index2 + 3 + 16 + 32, $index3 - $index2 - 3 - 16 - 32); + $word = substr ($line, $index3 + 1); + + my $word_packed = pack ("H*", $word); + + my $new_hash = module_generate_hash ($word_packed, $user, $domain, $srv_ch, $cli_ch); + + return ($new_hash, $word); +} + +sub random_client_challenge +{ + my $ch; + + $ch .= '0101000000000000'; + $ch .= random_hex_string (2 * 16); + $ch .= '00000000'; + $ch .= random_hex_string (2 * random_count (20)); + $ch .= '00'; + + return $ch; +} + +1; +