From c9e796fcf06102ab13ca8fe4b13d67a819d48c02 Mon Sep 17 00:00:00 2001 From: jsteube Date: Fri, 8 Feb 2019 13:00:40 +0100 Subject: [PATCH] Add some more modules converted --- include/interface_migrate.h | 438 ---- src/interface_migrate.c | 4803 ---------------------------------- src/modules/module_02100.c | 231 ++ src/modules/module_02811.c | 230 ++ src/modules/module_03910.c | 232 ++ src/modules/module_05200.c | 223 ++ src/modules/module_05300.c | 308 +++ src/modules/module_05400.c | 314 +++ src/modules/module_08500.c | 242 ++ src/modules/module_09000.c | 214 ++ src/modules/module_09600.c | 334 +++ src/modules/module_09700.c | 283 ++ src/modules/module_09710.c | 302 +++ src/modules/module_09720.c | 301 +++ src/modules/module_09800.c | 299 +++ src/modules/module_09810.c | 308 +++ src/modules/module_09820.c | 306 +++ src/modules/module_10400.c | 376 +++ src/modules/module_10410.c | 396 +++ src/modules/module_10420.c | 397 +++ src/modules/module_10500.c | 486 ++++ src/modules/module_11000.c | 204 ++ src/modules/module_12400.c | 265 ++ src/modules/module_12600.c | 285 ++ src/modules/module_13711.c | 312 +++ src/modules/module_13712.c | 312 +++ src/modules/module_13713.c | 312 +++ src/modules/module_13721.c | 315 +++ src/modules/module_13722.c | 313 +++ src/modules/module_13723.c | 313 +++ src/modules/module_13731.c | 312 +++ src/modules/module_13732.c | 312 +++ src/modules/module_13733.c | 312 +++ src/modules/module_13741.c | 325 +++ src/modules/module_13742.c | 325 +++ src/modules/module_13743.c | 325 +++ src/modules/module_13751.c | 312 +++ src/modules/module_13752.c | 312 +++ src/modules/module_13753.c | 312 +++ src/modules/module_13761.c | 325 +++ src/modules/module_13762.c | 325 +++ src/modules/module_13763.c | 325 +++ src/modules/module_13771.c | 316 +++ src/modules/module_13772.c | 316 +++ src/modules/module_13773.c | 316 +++ src/modules/module_14900.c | 188 ++ src/modules/module_15000.c | 261 ++ src/modules/module_15400.c | 273 ++ src/modules/module_16000.c | 167 ++ tools/test_modules/m08500.pm | 88 + tools/test_modules/m12400.pm | 65 + 51 files changed, 14225 insertions(+), 5241 deletions(-) create mode 100644 src/modules/module_02100.c create mode 100644 src/modules/module_02811.c create mode 100644 src/modules/module_03910.c create mode 100644 src/modules/module_05200.c create mode 100644 src/modules/module_05300.c create mode 100644 src/modules/module_05400.c create mode 100644 src/modules/module_08500.c create mode 100644 src/modules/module_09000.c create mode 100644 src/modules/module_09600.c create mode 100644 src/modules/module_09700.c create mode 100644 src/modules/module_09710.c create mode 100644 src/modules/module_09720.c create mode 100644 src/modules/module_09800.c create mode 100644 src/modules/module_09810.c create mode 100644 src/modules/module_09820.c create mode 100644 src/modules/module_10400.c create mode 100644 src/modules/module_10410.c create mode 100644 src/modules/module_10420.c create mode 100644 src/modules/module_10500.c create mode 100644 src/modules/module_11000.c create mode 100644 src/modules/module_12400.c create mode 100644 src/modules/module_12600.c create mode 100644 src/modules/module_13711.c create mode 100644 src/modules/module_13712.c create mode 100644 src/modules/module_13713.c create mode 100644 src/modules/module_13721.c create mode 100644 src/modules/module_13722.c create mode 100644 src/modules/module_13723.c create mode 100644 src/modules/module_13731.c create mode 100644 src/modules/module_13732.c create mode 100644 src/modules/module_13733.c create mode 100644 src/modules/module_13741.c create mode 100644 src/modules/module_13742.c create mode 100644 src/modules/module_13743.c create mode 100644 src/modules/module_13751.c create mode 100644 src/modules/module_13752.c create mode 100644 src/modules/module_13753.c create mode 100644 src/modules/module_13761.c create mode 100644 src/modules/module_13762.c create mode 100644 src/modules/module_13763.c create mode 100644 src/modules/module_13771.c create mode 100644 src/modules/module_13772.c create mode 100644 src/modules/module_13773.c create mode 100644 src/modules/module_14900.c create mode 100644 src/modules/module_15000.c create mode 100644 src/modules/module_15400.c create mode 100644 src/modules/module_16000.c create mode 100644 tools/test_modules/m08500.pm create mode 100644 tools/test_modules/m12400.pm diff --git a/include/interface_migrate.h b/include/interface_migrate.h index fd292eb33..50d57836e 100644 --- a/include/interface_migrate.h +++ b/include/interface_migrate.h @@ -10,15 +10,6 @@ typedef struct itunes_backup } itunes_backup_t; -typedef struct chacha20 -{ - u32 iv[2]; - u32 plain[2]; - u32 position[2]; - u32 offset; - -} chacha20_t; - typedef struct pdf { int V; @@ -56,16 +47,6 @@ typedef struct androidfde } androidfde_t; -typedef struct ikepsk -{ - u32 nr_buf[16]; - u32 nr_len; - - u32 msg_buf[128]; - u32 msg_len[6]; - -} ikepsk_t; - typedef struct pbkdf2_md5 { u32 salt_buf[16]; @@ -120,31 +101,6 @@ typedef struct office2010 } office2010_t; -typedef struct office2013 -{ - u32 encryptedVerifier[4]; - u32 encryptedVerifierHash[8]; - -} office2013_t; - -typedef struct oldoffice01 -{ - u32 version; - u32 encryptedVerifier[4]; - u32 encryptedVerifierHash[4]; - u32 rc4key[2]; - -} oldoffice01_t; - -typedef struct oldoffice34 -{ - u32 version; - u32 encryptedVerifier[4]; - u32 encryptedVerifierHash[5]; - u32 rc4key[2]; - -} oldoffice34_t; - typedef struct zip2 { u32 type; @@ -167,15 +123,6 @@ typedef struct win8phone } win8phone_t; -typedef struct psafe3 -{ - char signature[4]; - u32 salt_buf[8]; - u32 iterations; - u32 hash_buf[8]; - -} psafe3_t; - typedef struct jks_sha1 { u32 checksum[5]; @@ -237,15 +184,6 @@ typedef struct electrum_wallet } electrum_wallet_t; - - -typedef struct pdf14_tmp -{ - u32 digest[4]; - u32 out[4]; - -} pdf14_tmp_t; - typedef struct pdf17l8_tmp { union @@ -269,35 +207,6 @@ typedef struct sha256crypt_tmp } sha256crypt_tmp_t; -typedef struct dcc2_tmp -{ - u32 ipad[5]; - u32 opad[5]; - - u32 dgst[5]; - u32 out[4]; - -} dcc2_tmp_t; - -typedef struct pwsafe2_tmp -{ - u32 digest[2]; - - u32 P[18]; - - u32 S0[256]; - u32 S1[256]; - u32 S2[256]; - u32 S3[256]; - -} pwsafe2_tmp_t; - -typedef struct pwsafe3_tmp -{ - u32 digest_buf[8]; - -} pwsafe3_tmp_t; - typedef struct androidpin_tmp { u32 digest_buf[5]; @@ -314,39 +223,6 @@ typedef struct androidfde_tmp } androidfde_tmp_t; -typedef struct tc_tmp -{ - u32 ipad[16]; - u32 opad[16]; - - u32 dgst[64]; - u32 out[64]; - -} tc_tmp_t; - -typedef struct tc64_tmp -{ - u64 ipad[8]; - u64 opad[8]; - - u64 dgst[32]; - u64 out[32]; - -} tc64_tmp_t; - -typedef struct vc64_sbog_tmp -{ - u64 ipad_raw[8]; - u64 opad_raw[8]; - - u64 ipad_hash[8]; - u64 opad_hash[8]; - - u64 dgst[32]; - u64 out[32]; - -} vc64_sbog_tmp_t; - typedef struct agilekey_tmp { u32 ipad[5]; @@ -425,12 +301,6 @@ typedef struct office2010_tmp } office2010_tmp_t; -typedef struct office2013_tmp -{ - u64 out[8]; - -} office2013_tmp_t; - typedef struct saph_sha1_tmp { u32 digest_buf[5]; @@ -494,15 +364,6 @@ typedef struct oraclet_tmp } oraclet_tmp_t; -typedef struct bsdicrypt_tmp -{ - u32 Kc[16]; - u32 Kd[16]; - - u32 iv[2]; - -} bsdicrypt_tmp_t; - typedef struct cram_md5 { u32 user[16]; @@ -527,107 +388,7 @@ typedef struct apple_secure_notes_tmp } apple_secure_notes_tmp_t; -typedef struct struct_psafe2_hdr -{ - u32 random[2]; - u32 hash[5]; - u32 salt[5]; // unused, but makes better valid check - u32 iv[2]; // unused, but makes better valid check -} psafe2_hdr; - -typedef enum -{ - MESSAGE_PAIR_M12E2 = 0, - MESSAGE_PAIR_M14E4 = 1, - MESSAGE_PAIR_M32E2 = 2, - MESSAGE_PAIR_M32E3 = 3, - MESSAGE_PAIR_M34E3 = 4, - MESSAGE_PAIR_M34E4 = 5, - -} message_pair_t; - -#define HCCAPX_VERSION 4 -#define HCCAPX_SIGNATURE 0x58504348 // HCPX - -// this is required to force mingw to accept the packed attribute -#pragma pack(push,1) - -struct hccapx -{ - u32 signature; - u32 version; - u8 message_pair; - u8 essid_len; - u8 essid[32]; - u8 keyver; - u8 keymic[16]; - u8 mac_ap[6]; - u8 nonce_ap[32]; - u8 mac_sta[6]; - u8 nonce_sta[32]; - u16 eapol_len; - u8 eapol[256]; - -} __attribute__((packed)); - -typedef struct hccapx hccapx_t; - -#pragma pack(pop) - -typedef enum hash_type -{ - HASH_TYPE_MD4 = 1, - HASH_TYPE_MD5 = 2, - HASH_TYPE_SHA1 = 4, - HASH_TYPE_SHA224 = 5, - HASH_TYPE_SHA256 = 6, - HASH_TYPE_SHA384 = 7, - HASH_TYPE_SHA512 = 8, - HASH_TYPE_DCC2 = 9, - HASH_TYPE_ORACLEH = 13, - HASH_TYPE_DESRACF = 14, - HASH_TYPE_RIPEMD160 = 18, - HASH_TYPE_WHIRLPOOL = 19, - HASH_TYPE_AES = 20, - HASH_TYPE_GOST = 21, - HASH_TYPE_SAPB = 23, - HASH_TYPE_SAPG = 24, - HASH_TYPE_MYSQL = 25, - HASH_TYPE_LOTUS5 = 26, - HASH_TYPE_LOTUS6 = 27, - HASH_TYPE_ANDROIDFDE = 28, - HASH_TYPE_LOTUS8 = 30, - HASH_TYPE_OFFICE2007 = 31, - HASH_TYPE_OFFICE2010 = 32, - HASH_TYPE_OFFICE2013 = 33, - HASH_TYPE_OLDOFFICE01 = 34, - HASH_TYPE_OLDOFFICE34 = 35, - HASH_TYPE_SIPHASH = 36, - HASH_TYPE_PDFU16 = 37, - HASH_TYPE_PDFU32 = 38, - HASH_TYPE_PBKDF2_SHA256 = 39, - HASH_TYPE_CRC32 = 41, - HASH_TYPE_STREEBOG_256 = 42, - HASH_TYPE_STREEBOG_512 = 43, - HASH_TYPE_PBKDF2_MD5 = 44, - HASH_TYPE_PBKDF2_SHA512 = 46, - HASH_TYPE_ECRYPTFS = 47, - HASH_TYPE_ORACLET = 48, - HASH_TYPE_BSDICRYPT = 49, - HASH_TYPE_PLAINTEXT = 54, - HASH_TYPE_ITUNES_BACKUP_9 = 56, - HASH_TYPE_ITUNES_BACKUP_10 = 57, - HASH_TYPE_SKIP32 = 58, - HASH_TYPE_CHACHA20 = 60, - HASH_TYPE_JKS_SHA1 = 62, - HASH_TYPE_TACACS_PLUS = 63, - HASH_TYPE_APPLE_SECURE_NOTES = 64, - HASH_TYPE_CRAM_MD5_DOVECOT = 65, - HASH_TYPE_JWT = 66, - HASH_TYPE_ELECTRUM_WALLET = 67, - -} hash_type_t; typedef enum kern_type { @@ -654,7 +415,6 @@ typedef enum kern_type KERN_TYPE_SHA512_SLTPWU = 1740, KERN_TYPE_HMACSHA512_PW = 1750, KERN_TYPE_HMACSHA512_SLT = 1760, - KERN_TYPE_DCC2 = 2100, KERN_TYPE_MD5ASA = 2410, KERN_TYPE_MD55 = 2600, KERN_TYPE_MD55_PWSLT1 = 2610, @@ -663,7 +423,6 @@ typedef enum kern_type KERN_TYPE_ORACLEH = 3100, KERN_TYPE_MD5_SLT_MD5_PW = 3710, KERN_TYPE_MD5_SLT_PW_SLT = 3800, - KERN_TYPE_MD55_PWSLT = 3910, KERN_TYPE_MD5_SLT_MD5_SLT_PW = 4010, KERN_TYPE_MD5_SLT_MD5_PW_SLT = 4110, KERN_TYPE_MD5U5 = 4300, @@ -674,18 +433,9 @@ typedef enum kern_type KERN_TYPE_SHA1_MD5 = 4700, KERN_TYPE_MD5_CHAP = 4800, KERN_TYPE_SHA1_SLT_PW_SLT = 4900, - KERN_TYPE_PSAFE3 = 5200, - KERN_TYPE_IKEPSK_MD5 = 5300, - KERN_TYPE_IKEPSK_SHA1 = 5400, KERN_TYPE_ANDROIDPIN = 5800, KERN_TYPE_RIPEMD160 = 6000, KERN_TYPE_WHIRLPOOL = 6100, - KERN_TYPE_VCSHA256_XTS512 = 13751, - KERN_TYPE_VCSHA256_XTS1024 = 13752, - KERN_TYPE_VCSHA256_XTS1536 = 13753, - KERN_TYPE_VCSBOG512_XTS512 = 13771, - KERN_TYPE_VCSBOG512_XTS1024 = 13772, - KERN_TYPE_VCSBOG512_XTS1536 = 13773, KERN_TYPE_MD5AIX = 6300, KERN_TYPE_SHA256AIX = 6400, KERN_TYPE_SHA512AIX = 6500, @@ -705,31 +455,17 @@ typedef enum kern_type KERN_TYPE_CLOUDKEY = 8200, KERN_TYPE_NSEC3 = 8300, KERN_TYPE_WBB3 = 8400, - KERN_TYPE_RACF = 8500, KERN_TYPE_LOTUS5 = 8600, KERN_TYPE_LOTUS6 = 8700, KERN_TYPE_ANDROIDFDE = 8800, - KERN_TYPE_PSAFE2 = 9000, KERN_TYPE_LOTUS8 = 9100, KERN_TYPE_OFFICE2007 = 9400, KERN_TYPE_OFFICE2010 = 9500, - KERN_TYPE_OFFICE2013 = 9600, - KERN_TYPE_OLDOFFICE01 = 9700, - KERN_TYPE_OLDOFFICE01CM1 = 9710, - KERN_TYPE_OLDOFFICE01CM2 = 9720, - KERN_TYPE_OLDOFFICE34 = 9800, - KERN_TYPE_OLDOFFICE34CM1 = 9810, - KERN_TYPE_OLDOFFICE34CM2 = 9820, KERN_TYPE_RADMIN2 = 9900, KERN_TYPE_SIPHASH = 10100, KERN_TYPE_SAPH_SHA1 = 10300, - KERN_TYPE_PDF11 = 10400, - KERN_TYPE_PDF11CM1 = 10410, - KERN_TYPE_PDF11CM2 = 10420, - KERN_TYPE_PDF14 = 10500, KERN_TYPE_PDF17L8 = 10700, KERN_TYPE_PBKDF2_SHA256 = 10900, - KERN_TYPE_PRESTASHOP = 11000, KERN_TYPE_POSTGRESQL_AUTH = 11100, KERN_TYPE_MYSQL_AUTH = 11200, KERN_TYPE_SIP_AUTH = 11400, @@ -742,8 +478,6 @@ typedef enum kern_type KERN_TYPE_PBKDF2_MD5 = 11900, KERN_TYPE_ECRYPTFS = 12200, KERN_TYPE_ORACLET = 12300, - KERN_TYPE_BSDICRYPT = 12400, - KERN_TYPE_CF10 = 12600, KERN_TYPE_MYWALLET = 12700, KERN_TYPE_MS_DRSR = 12800, KERN_TYPE_ANDROIDFDE_SAMSUNG = 12900, @@ -755,10 +489,7 @@ typedef enum kern_type KERN_TYPE_SHA1CX = 14400, KERN_TYPE_ITUNES_BACKUP_9 = 14700, KERN_TYPE_ITUNES_BACKUP_10 = 14800, - KERN_TYPE_SKIP32 = 14900, - KERN_TYPE_FILEZILLA_SERVER = 15000, KERN_TYPE_NETBSD_SHA1CRYPT = 15100, - KERN_TYPE_CHACHA20 = 15400, KERN_TYPE_JKS_SHA1 = 15500, KERN_TYPE_ETHEREUM_PBKDF2 = 15600, KERN_TYPE_TRIPCODE = 16000, @@ -779,8 +510,6 @@ typedef enum kern_type typedef enum rounds_count { - ROUNDS_DCC2 = 10240, - ROUNDS_PSAFE3 = 2048, ROUNDS_ANDROIDPIN = 1024, ROUNDS_VERACRYPT_200000 = 200000, ROUNDS_VERACRYPT_500000 = 500000, @@ -796,24 +525,20 @@ typedef enum rounds_count ROUNDS_CLOUDKEY = 40000, ROUNDS_NSEC3 = 1, ROUNDS_ANDROIDFDE = 2000, - ROUNDS_PSAFE2 = 1000, ROUNDS_LOTUS8 = 5000, ROUNDS_CISCO8 = 20000, ROUNDS_OFFICE2007 = 50000, ROUNDS_OFFICE2010 = 100000, - ROUNDS_OFFICE2013 = 100000, ROUNDS_LIBREOFFICE = 100000, ROUNDS_OPENOFFICE = 1024, ROUNDS_DJANGOPBKDF2 = 20000, ROUNDS_SAPH_SHA1 = 1024, - ROUNDS_PDF14 = (50 + 20), ROUNDS_PDF17L8 = 64, ROUNDS_PBKDF2_SHA256 = 1000, ROUNDS_PBKDF2_MD5 = 1000, ROUNDS_PBKDF2_SHA512 = 1000, ROUNDS_ECRYPTFS = 65536, ROUNDS_ORACLET = 4096, - ROUNDS_BSDICRYPT = 2900, ROUNDS_MYWALLET = 10, ROUNDS_MYWALLETV2 = 5000, ROUNDS_MS_DRSR = 100, @@ -831,166 +556,3 @@ typedef enum rounds_count ROUNDS_ETHEREUM_PRESALE = 2000 - 1, } rounds_count_t; - -/** - * input functions - */ - -int cisco4_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int dcc2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int episerver_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int netscreen_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int chacha20_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md4_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md4s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md5s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md5md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md5pix_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md5asa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md5apr1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int mssql2000_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int mssql2005_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oracleh_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oracles_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oraclet_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int arubaos_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int macos1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int macos512_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha1b64_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha1b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha1s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha224_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha256_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha256s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha384_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha512_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha512s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int vb30_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int psafe2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int psafe3_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int ikepsk_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int ikepsk_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int androidpin_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int ripemd160_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int whirlpool_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int md5aix_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha256aix_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha512aix_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int agilekey_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha1aix_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int gost_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha256crypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int mssql2012_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int episerver4_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha512grub_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha512b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sapb_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sapg_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int drupal7_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sybasease_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int mysql323_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int rakp_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int netscaler_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int chap_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int cloudkey_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int nsec3_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int wbb3_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int racf_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int lotus5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int lotus6_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int lotus8_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int hmailserver_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int phps_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int mediawiki_b_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int peoplesoft_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int skype_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int androidfde_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int cisco8_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int cisco9_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int office2007_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int office2010_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int office2013_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oldoffice01_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oldoffice01cm1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oldoffice01cm2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oldoffice34_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oldoffice34cm1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int oldoffice34cm2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int radmin2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int djangosha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int djangopbkdf2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int siphash_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int crammd5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int crammd5_dovecot_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int saph_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int redmine_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int punbb_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pdf11_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pdf11cm1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pdf11cm2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pdf14_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pdf17l3_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pdf17l8_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pbkdf2_sha256_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int prestashop_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int postgresql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int mysql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sip_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int streebog_256_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int streebog_512_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pbkdf2_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pbkdf2_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int pbkdf2_sha512_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int ecryptfs_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int bsdicrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int cf10_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int mywallet_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int mywalletv2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int ms_drsr_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int androidfde_samsung_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int axcrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha1axcrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int zip2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int veracrypt_parse_hash_200000 (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int veracrypt_parse_hash_500000 (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int veracrypt_parse_hash_327661 (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int veracrypt_parse_hash_655331 (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int win8phone_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int opencart_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int plaintext_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha1cx_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int itunes_backup_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int skip32_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int fortigate_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int sha256b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int filezilla_server_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int netbsd_sha1crypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int jks_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int ethereum_pbkdf2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int tripcode_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int tacacs_plus_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int apple_secure_notes_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int ethereum_presale_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int jwt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int electrum_wallet13_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int filevault2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); - -/** - * migrate stuff - */ - -typedef struct tc -{ - u32 salt_buf[32]; - u32 data_buf[112]; - u32 keyfile_buf[16]; - u32 signature; - - keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; - int keyboard_layout_mapping_cnt; - -} tc_t; - diff --git a/src/interface_migrate.c b/src/interface_migrate.c index 007123a90..7d594154a 100644 --- a/src/interface_migrate.c +++ b/src/interface_migrate.c @@ -12,7 +12,6 @@ " 4010 | md5($salt.md5($salt.$pass)) | Raw Hash, Salted and/or Iterated", " 4110 | md5($salt.md5($pass.$salt)) | Raw Hash, Salted and/or Iterated", " 2600 | md5(md5($pass)) | Raw Hash, Salted and/or Iterated", - " 3910 | md5(md5($pass).md5($salt)) | Raw Hash, Salted and/or Iterated", " 4300 | md5(strtoupper(md5($pass))) | Raw Hash, Salted and/or Iterated", " 4400 | md5(sha1($pass)) | Raw Hash, Salted and/or Iterated", " 120 | sha1($salt.$pass) | Raw Hash, Salted and/or Iterated", @@ -43,15 +42,11 @@ " 11760 | HMAC-Streebog-256 (key = $salt), big-endian | Raw Hash, Authenticated", " 11850 | HMAC-Streebog-512 (key = $pass), big-endian | Raw Hash, Authenticated", " 11860 | HMAC-Streebog-512 (key = $salt), big-endian | Raw Hash, Authenticated", - " 14900 | Skip32 (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack", - " 15400 | ChaCha20 | Raw Cipher, Known-Plaintext attack", " 11900 | PBKDF2-HMAC-MD5 | Generic KDF", " 10900 | PBKDF2-HMAC-SHA256 | Generic KDF", " 12100 | PBKDF2-HMAC-SHA512 | Generic KDF", " 23 | Skype | Network Protocols", " 4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocols", - " 5300 | IKE-PSK MD5 | Network Protocols", - " 5400 | IKE-PSK SHA1 | Network Protocols", " 7300 | IPMI2 RAKP HMAC-SHA1 | Network Protocols", " 8300 | DNSSEC (NSEC3) | Network Protocols", " 10200 | CRAM-MD5 | Network Protocols", @@ -63,12 +58,9 @@ " 121 | SMF (Simple Machines Forum) > v1.1 | Forums, CMS, E-Commerce, Frameworks", " 2611 | vBulletin < v3.8.5 | Forums, CMS, E-Commerce, Frameworks", " 2711 | vBulletin >= v3.8.5 | Forums, CMS, E-Commerce, Frameworks", - " 2811 | MyBB 1.2+ | Forums, CMS, E-Commerce, Frameworks", - " 2811 | IPB2+ (Invision Power Board) | Forums, CMS, E-Commerce, Frameworks", " 8400 | WBB3 (Woltlab Burning Board) | Forums, CMS, E-Commerce, Frameworks", " 2612 | PHPS | Forums, CMS, E-Commerce, Frameworks", " 7900 | Drupal7 | Forums, CMS, E-Commerce, Frameworks", - " 11000 | PrestaShop | Forums, CMS, E-Commerce, Frameworks", " 124 | Django (SHA-1) | Forums, CMS, E-Commerce, Frameworks", " 10000 | Django (PBKDF2-SHA256) | Forums, CMS, E-Commerce, Frameworks", " 16000 | Tripcode | Forums, CMS, E-Commerce, Frameworks", @@ -87,16 +79,12 @@ " 141 | Episerver 6.x < .NET 4 | HTTP, SMTP, LDAP Server", " 1441 | Episerver 6.x >= .NET 4 | HTTP, SMTP, LDAP Server", " 1600 | Apache $apr1$ MD5, md5apr1, MD5 (APR) | HTTP, SMTP, LDAP Server", - " 12600 | ColdFusion 10+ | HTTP, SMTP, LDAP Server", " 1421 | hMailServer | HTTP, SMTP, LDAP Server", " 111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | HTTP, SMTP, LDAP Server", " 1411 | SSHA-256(Base64), LDAP {SSHA256} | HTTP, SMTP, LDAP Server", " 1711 | SSHA-512(Base64), LDAP {SSHA512} | HTTP, SMTP, LDAP Server", " 16400 | CRAM-MD5 Dovecot | HTTP, SMTP, LDAP Server", - " 15000 | FileZilla Server >= 0.9.55 | FTP Server", - " 2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating Systems", " 12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating Systems", - " 12400 | BSDi Crypt, Extended DES | Operating Systems", " 7400 | sha256crypt $5$, SHA256 (Unix) | Operating Systems", " 122 | macOS v10.4, MacOS v10.5, MacOS v10.6 | Operating Systems", " 1722 | macOS v10.7 | Operating Systems", @@ -114,7 +102,6 @@ " 5800 | Samsung Android Password/PIN | Operating Systems", " 13800 | Windows Phone 8+ PIN/password | Operating Systems", " 8100 | Citrix NetScaler | Operating Systems", - " 8500 | RACF | Operating Systems", " 7200 | GRUB 2 | Operating Systems", " 9900 | Radmin2 | Operating Systems", " 125 | ArubaOS | Operating Systems", @@ -135,51 +122,12 @@ " 8800 | Android FDE <= 4.3 | Full-Disk Encryption (FDE)", " 12900 | Android FDE (Samsung DEK) | Full-Disk Encryption (FDE)", " 12200 | eCryptfs | Full-Disk Encryption (FDE)", - " 137XY | VeraCrypt | Full-Disk Encryption (FDE)", - " X | 1 = PBKDF2-HMAC-RIPEMD160 | Full-Disk Encryption (FDE)", - " X | 2 = PBKDF2-HMAC-SHA512 | Full-Disk Encryption (FDE)", - " X | 3 = PBKDF2-HMAC-Whirlpool | Full-Disk Encryption (FDE)", - " X | 4 = PBKDF2-HMAC-RIPEMD160 + boot-mode | Full-Disk Encryption (FDE)", - " X | 5 = PBKDF2-HMAC-SHA256 | Full-Disk Encryption (FDE)", - " X | 6 = PBKDF2-HMAC-SHA256 + boot-mode | Full-Disk Encryption (FDE)", - " X | 7 = PBKDF2-HMAC-Streebog-512 | Full-Disk Encryption (FDE)", - " Y | 1 = XTS 512 bit pure AES | Full-Disk Encryption (FDE)", - " Y | 1 = XTS 512 bit pure Serpent | Full-Disk Encryption (FDE)", - " Y | 1 = XTS 512 bit pure Twofish | Full-Disk Encryption (FDE)", - " Y | 1 = XTS 512 bit pure Camellia | Full-Disk Encryption (FDE)", - " Y | 1 = XTS 512 bit pure Kuznyechik | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit pure AES | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit pure Serpent | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit pure Twofish | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit pure Camellia | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit pure Kuznyechik | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit cascaded AES-Twofish | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit cascaded Camellia-Kuznyechik | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit cascaded Camellia-Serpent | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit cascaded Kuznyechik-AES | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit cascaded Kuznyechik-Twofish | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk Encryption (FDE)", - " Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk Encryption (FDE)", - " Y | 3 = XTS 1536 bit all | Full-Disk Encryption (FDE)", " 16700 | FileVault 2 | Full-Disk Encryption (FDE)", - " 9700 | MS Office <= 2003 $0/$1, MD5 + RC4 | Documents", - " 9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 | Documents", - " 9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 | Documents", - " 9800 | MS Office <= 2003 $3/$4, SHA1 + RC4 | Documents", - " 9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1 | Documents", - " 9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2 | Documents", " 9400 | MS Office 2007 | Documents", " 9500 | MS Office 2010 | Documents", - " 9600 | MS Office 2013 | Documents", - " 10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Documents", - " 10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Documents", - " 10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Documents", - " 10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Documents", " 10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents", " 10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents", " 16200 | Apple Secure Notes | Documents", - " 9000 | Password Safe v2 | Password Managers", - " 5200 | Password Safe v3 | Password Managers", " 6600 | 1Password, agilekeychain | Password Managers", " 8200 | 1Password, cloudkeychain | Password Managers", " 12700 | Blockchain, My Wallet | Password Managers", @@ -190,22 +138,9 @@ " 16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 | Password Managers", -static const char *ST_PASS_HASHCAT_PLAIN = "hashcat"; -static const char *ST_PASS_HASHCAT_EXCL = "hashcat!"; -static const char *ST_PASS_HASHCAT_EXCL3 = "hashcat!!!"; -static const char *ST_PASS_HASHCAT_ONE = "hashcat1"; -static const char *ST_PASS_HASHCAT_ONET3 = "hashcat1hashcat1hashcat1"; - -static const char *ST_PASS_BIN_09710 = "\x91\xb2\xe0\x62\xb9"; -static const char *ST_PASS_BIN_09810 = "\xb8\xf6\x36\x19\xca"; -static const char *ST_PASS_BIN_10410 = "\x6a\x8a\xed\xcc\xb7"; - - /** * Missing self-test hashes: * - * ST_HASH_1374x missing example hash - * ST_HASH_1376x missing example hash * ST_HASH_16500 multi-hash-mode algorithm, unlikely to match self-test hash settings */ @@ -250,18 +185,15 @@ static const char *ST_HASH_01722 = "07543781b07e905f6f947db8ae305c248b9e12f509b4 static const char *ST_HASH_01731 = "0x02003788006711b2e74e7d8cb4be96b1d187c962c5591a02d5a6ae81b3a4a094b26b7877958b26733e45016d929a756ed30d0a5ee65d3ce1970f9b7bf946e705c595f07625b1"; static const char *ST_HASH_01750 = "138c00f17a1a0363f274817c91118f019aff09f937bfdaea844280a0c0e7811267cc4735d967d8640eed1218268c1c4a76fec8f7aa551491b353829f3a654270:885142"; static const char *ST_HASH_01760 = "7d02921299935179d509e6dd4f3d0f2944e3451ea9de3af16baead6a7297e5653577d2473a0fff743d9fe78a89bd49296114319989dc7e7870fc7f62bc96accb:114"; -static const char *ST_HASH_02100 = "$DCC2$10240#6848#e2829c8af2232fa53797e2f0e35e4626"; static const char *ST_HASH_02410 = "YjDBNr.A0AN7DA8s:4684"; static const char *ST_HASH_02600 = "a936af92b0ae20b1ff6c3347a72e5fbe"; static const char *ST_HASH_02611 = "28f9975808ae2bdc5847b1cda26033ea:308"; static const char *ST_HASH_02612 = "$PHPS$30353031383437363132$f02b0b2f25e5754edb04522c346ba243"; static const char *ST_HASH_02711 = "0844fbb2fdeda31884a7a45ec2010bb6:324410183853308365427804872426"; -static const char *ST_HASH_02811 = "022f7e02b3314f7d0968f73c00ba759f:67588"; static const char *ST_HASH_03100 = "792FCB0AE31D8489:7284616727"; static const char *ST_HASH_03710 = "a3aa0ae2b4a102a9974cdf40edeabee0:242812778074"; static const char *ST_HASH_03711 = "$B$2152187716$8c8b39c3602b194eeeb6cac78eea2742"; static const char *ST_HASH_03800 = "78274b1105fb8a7c415b43ffe35ec4a9:6"; -static const char *ST_HASH_03910 = "d8281daba5da597503d12fe31808b4a7:283053"; static const char *ST_HASH_04010 = "82422514daaa8253be0aa43f3e263af5:7530326651137"; static const char *ST_HASH_04110 = "45b1005214e2d9472a7ad681578b2438:64268771004"; static const char *ST_HASH_04300 = "b8c385461bb9f9d733d3af832cf60b27"; @@ -273,9 +205,6 @@ static const char *ST_HASH_04522 = "9038129c474caa3f0de56f38db84033d0fe1d4b8:365 static const char *ST_HASH_04700 = "92d85978d884eb1d99a51652b1139c8279fa8663"; static const char *ST_HASH_04800 = "aa4aaa1d52319525023c06a4873f4c51:35343534373533343633383832343736:dc"; static const char *ST_HASH_04900 = "75d280ca9a0c2ee18729603104ead576d9ca6285:347070"; -static const char *ST_HASH_05200 = "50575333e4e2a590a5e5c8269f57ec04a8a1c0c03da55b311c51236dab8c6b96b0afca02000800005eaeee20c6cc10d5caa6522b3ca545c41d9133d630ca08f467b7aae8a2bbef51aa2df968d10b9c4cfb17a182c0add7acb8c153794f51337e12f472f451d10e6dcac664ed760606aabdbb6b794a80d6ce2a330100c76de0ff961a45cca21576b893d826c52f272b97cdf48aca6fbe6c74b039f81c61b7d632fb6fddd9f96162ab1effd69a4598a331e855e38792e5365272d4791bf991d248e1585a9ad20ea3d77b5d2ef9a711ef90a70ec6991cb578f1b8bdaa9efa7b0039e9ea96f777491713047bdd99fa1d78f06f23406a66046b387d3034e46b1f84129bba853cc18fa49f107dc0290547258d30566a4b1b363ff4c1c16cb2f5f400059833d4b651bfa508200cbdc7a75fc57ef90eb1d90b0deea8505753332d454f46505753332d454f466236710e2e2477878e738b60d0aa2834a96b01e97764fe980243a06ad16939d1"; -static const char *ST_HASH_05300 = "50503326cac6e4bd892b8257805b5a59a285f464ad3f63dc01bd0335f8341ef52e00be0b8cb205422a3788f021e4e6e8ccbe34784bc85abe42f62545bac64888426a2f1264fa28cf384ff00b14cfa5eff562dda4fad2a31fd7a6715218cff959916deed856feea5bee2e773241c5fbebf202958f0ce0c432955e0f1f6d1259da:688a7bfa8d5819630a970ed6d27018021a15fbb3e2fdcc36ce9b563d8ff95f510c4b3236c014d1cde9c2f1a999b121bc3ab1bc8049c8ac1e8c167a84f53c867492723eb01ab4b38074b38f4297d6fea8f44e01ea828fce33c433430938b1551f60673ce8088e7d2f41e3b49315344046fefee1e3860064331417562761db3ba4:c66606d691eaade4:8bdc88a2cdb4a1cf:c3b13137fae9f66684d98709939e5c3454ee31a98c80a1c76427d805b5dea866eff045515e8fb42dd259b9448caba9d937f4b3b75ec1b092a92232b4c8c1e70a60a52076e907f887b731d0f66e19e09b535238169c74c04a4b393f9b815c54eef4558cd8a22c9018bb4f24ee6db0e32979f9a353361cdba948f9027551ee40b1c96ba81c28aa3e1a0fac105dc469efa83f6d3ee281b945c6fa8b4677bac26dda:53f757c5b08afad6:aa02d9289e1702e5d7ed1e4ebf35ab31c2688e00:aab8580015cf545ac0b7291d15a4f2c79e06defd:944a0df3939f3bd281c9d05fbc0e3d30"; -static const char *ST_HASH_05400 = "266b43c54636c062b6696b71f24b30999c98bd4c3ba57e2de56a7ae50bb17ebcbca1abcd33e9ad466d4df6e6f2a407600f0c5a983f79d493b0a3694080a81143d4bac7a8b7b008ae5364a04688b3cfae44824885ca96ade1e395936567ecad519b502c3a786c72847f79c67b777feb8ba4f747303eb985709e92b3a5634f6513:60f861c6209c9c996ac0dcb49d6f6809faaaf0e8eb8041fe603a918170a801e94ab8ab10c5906d850f4282c0668029fa69dbc8576f7d86633dc2b21f0d79aa06342b02a4d2732841cd3266b84a7eb49ac489b307ba55562a17741142bac7712025f0a8cad59b11f19d9b756ce998176fd6b063df556957b257b3645549a138c2:f4dd079ed2b60e77:f1f8da1f38f76923:fd862602549f6949b33870f186d96cb8926a19d78442c02af823460740be719eba41a79388aeefb072e1ec7cb46b2f0b72e21fb30bd3a6568d2b041af7f9dc0c9cce27ed577e5aabb9ab6c405f1c4b189adbee8c9fb6abf4788b63a3ae05a02c192187b9d7246efe5e46db9b01bf8f4be05f7599ae52bf137743e41d90dceb85bd6ae07397dcc168bbc904adfebb08e6bc67e653edeee97a7e4ab9dab5e63fec:56e3f0d49ea70514:e754055008febe970053d795d26bfe609f42eda8:0c3283efd6396e7a2ecb008e1933fccb694a4ac0:8f79167724f4bdb2d76ee5d5e502b665e3445ea6"; static const char *ST_HASH_05700 = "2btjjy78REtmYkkW0csHUbJZOstRXoWdX1mGrmmfeHI"; static const char *ST_HASH_05800 = "3edde1eb9e6679ccbc1ff3c417e8a475a2d2e279:7724368582277760"; static const char *ST_HASH_06000 = "012cb9b334ec1aeb71a9c8ce85586082467f7eb6"; @@ -300,35 +229,21 @@ static const char *ST_HASH_08100 = "1130725275da09ca13254957f2314a639818d44c37ef static const char *ST_HASH_08200 = "9b6933f4a1f65baf02737545efc8c1caee4c7a5a82ce3ab637bcc19b0b51f5c5:30b952120ca9a190ac673a5e12a358e4:40000:e29b48a8cfd216701a8ced536038d0d49cf58dd25686e02d7ba3aa0463cc369062045db9e95653ac176e2192732b49073d481c26f29e1c611c84aaba93e553a6c51d1a9f7cfce0d01e099fb19f6a412bacd8034a333f7165fda1cc89df845e019c03ac9a09bc77b26c49524ade5c5a812230322f014f058b3bb790319e4a788f917aa164e56e78941f74e9c08921144e14be9b60da1a7321a0d178a1b8c1dcf83ffcadcb1599039049650577780d6913ee924e6529401e7a65b7d71c169a107e502dbd13b6b01c58e0483afb61b926313fa4273e685dd4890218bb797fab038c6a24df90883c7acd2358908edc1f7d95ef498757a3e0659aaaf6981c744ab69254267127fc806cf3cd1ced99ab455ece06479c91c892769af5db0c0f7a70dd83e4341bf86d085bbdc6a7e195ab08fc26"; static const char *ST_HASH_08300 = "pi6a89u8tca930h8mvolklmesefc5gmn:.fnmlbsik.net:35537886:1"; static const char *ST_HASH_08400 = "7f8d1951fe48ae3266980c2979c141f60e4415e5:5037864764153886517871426607441768004150"; -static const char *ST_HASH_08500 = "$racf$*8481*6095E8FCA59F8E3E"; static const char *ST_HASH_08600 = "3dd2e1e5ac03e230243d58b8c5ada076"; static const char *ST_HASH_08700 = "(GDJ0nDZI8l8RJzlRbemg)"; static const char *ST_HASH_08800 = "$fde$16$ca56e82e7b5a9c2fc1e3b5a7d671c2f9$16$7c124af19ac913be0fc137b75a34b20d$eac806ae7277c8d48243d52a8644fa57a817317bd3457f94dca727964cbc27c88296954f289597a9de3314a4e9d9f28dce70cf9ce3e1c3c0c6fc041687a0ad3cb333d4449bc9da8fcc7d5f85948a7ac3bc6d34f505e9d0d91da4396e35840bde3465ad11c5086c89ee6db68d65e47a2e5413f272caa01e02224e5ff3dc3bed3953a702e85e964e562e62f5c97a2df6c47547bfb5aeeb329ff8f9c9666724d399043fe970c8b282b45e93d008333f3b4edd5eb147bd023ed18ac1f9f75a6cd33444b507694c64e1e98a964b48c0a77276e9930250d01801813c235169a7b1952891c63ce0d462abc688bd96c0337174695a957858b4c9fd277d04abe8a0c2c5def4b352ba29410f8dbec91bcb2ca2b8faf26d44f02340b3373bc94e7487ce014e6adfbf7edfdd2057225f8aeb324c9d1be877c6ae4211ae387e07bf2a056984d2ed2815149b3e9cf9fbfae852f7dd5906c2b86e7910c0d7755ef5bcc39f0e135bf546c839693dc4af3e50b8382c7c8c754d4ee218fa85d70ee0a5707a9f827209a7ddb6c2fb9431a61c9775112cc88aa2a34f97c2f53dfce082aa0758917269a5fc30049ceab67d3efd721fee021ffca979f839b4f052e27f5c382c0dd5c02fd39fbc9b26e04bf9e051d1923eff9a7cde3244902bb8538b1b9f11631def5aad7c21d2113bcdc989b771ff6bf220f94354034dd417510117b55a669e969fc3bc6c5dcd4741b8313bf7d999dc94d4949f27eec0cd06f906c17a80d09f583a5dd601854832673b78d125a2c5ad0352932be7b93c611fee8c6049670442d8c532674f3d21d45d3d009211d2a9e6568252ac4682982172cb43e7c6b05e85851787ad90e25b77cce3f7968d455f92653a1d3790bc50e5f6e1f743ac47275ffa8e81bbe832a8d7d78d5d5a7c73f95703aebb355849ae566492093bd9cb51070f39c69bb4e22b99cc0e60e96d048385bb69f1c44a3b79547fbc19a873a632f43f05fa2d8a6f9155e59d153e2851b739c42444018b8c4e09a93be43570834667d0b5a5d2a53b1572dab3e750b3f9e641e303559bace06612fbd451a5e822201442828e79168c567a85d8c024cd8ce32bf650105b1af98cc5428675f4f4bbede37a0ef98d1533a8a6dcb27d87a2b799f18706f4677edaa0411becac4c591ede83993aedba660d1dd67f6c4a5c141ad3e6e0c77730cb0ecbf4f4bd8ef6067e05ca3bc563d9e1554a893fea0050bdd1733c883f533f87eac39cceee0ccf817fc1f19bcfdd13e9f241b89bfb149b509e9a0747658438536b6705514cc6d6bb3c64c903e4710435d8bebc35297d1ebbdff8074b203f37d1910d8b4637e4d3dab997f4aa378a7a67c79e698a11e83d0d7e759d0e7969c4f5408168b282fe28d3279ec1d4cc6f85a0f8e5d01f21c7508a69773c44167ff8d467d0801f9ec54f9ee2496d4e7e470214abc1ca11355bb18cd23273aac6b05b47f9e301b42b137a2455758c24e2716dcd2e55bbeb780f592e664e7392bf6eccb80959f24c8800816c84f2575e82e1f3559c33a5be7a3a0c843c2989f486b113d5eeada007caf6b5a0f6d71e2f5c09a4def57c7057168051868317a9ec790d570d76a0d21a45ad951c475db5a66101475871147c5a5907ec4e6b14128ed6695bb73c1c97952e96826eeb6003aa13462093e4afc209627241f03b0247e110fbab983640423b7cdf112e01579fed68c80ac7df7449d9d2114b9ae5539c03c2037be45c5f74e7357b25c6a24b7bd503864437147e50d7ac4ccc4bbd0cabecdc6bac60a362285fe450e2c2d0a446578c8880dc957e6e8061e691b83eb8062d1aad476e0c7b25e4d5454f1288686eb525f37fe649637b235b7828366b0219a9c63d6ddbb696dc3585a2ebfbd5f5e4c170d6784ab9993e15142535e194d2bee3dc9477ef8b8e1b07605e0c04f49edf6d42be3a9dabbc592dde78ce8b7dd9684bfcf4ca2f5a44b1872abe18fb6fa67a79390f273a9d12f9269389629456d71b9e7ed3447462269a849ce83e1893f253c832537f850b1acce5b11d2ba6b7c2f99e8e7c8085f390c21f69e1ce4bbf85b4e1ad86c0d6706432766978076f4cada9ca6f28d395d9cc5e74b2a6b46eb9d1de79eeecff7dc97ec2a8d8870e3894e1e4e26ccb98dd2f88c0229bbd3152fa149f0cc132561f"; -static const char *ST_HASH_09000 = "0a3f352686e5eb5be173e668a4fff5cd5df420927e1da2d5d4052340160637e3e6a5a92841a188ed240e13b919f3d91694bd4c0acba79271e9c08a83ea5ad387cbb74d5884066a1cb5a8caa80d847079168f84823847c631dbe3a834f1bc496acfebac3bff1608bf1c857717f8f428e07b5e2cb12aaeddfa83d7dcb6d840234d08b84f8ca6c6e562af73eea13148f7902bcaf0220d3e36eeeff1d37283dc421483a2791182614ebb"; static const char *ST_HASH_09100 = "(HC34tD3KtDp4oCZWmCJ4qC30mC30mC3KmC30mCcA5ovrMLH9M)"; static const char *ST_HASH_09200 = "$8$84486783037343$pYNyVrtyMalQrZLxRi7ZLQS1Fl.jkYCgASUi5P8JNb2"; static const char *ST_HASH_09400 = "$office$*2007*20*128*16*18410007331073848057180885845227*944c70a5ee6e5ab2a6a86ff54b5f621a*e6650f1f2630c27fd8fc0f5e56e2e01f99784b9f"; static const char *ST_HASH_09500 = "$office$*2010*100000*128*16*34170046140146368675746031258762*de5bc114991bb3a5679a6e24320bdb09*1b72a4ddffba3dcd5395f6a5ff75b126cb832b733c298e86162028ca47a235a9"; -static const char *ST_HASH_09600 = "$office$*2013*100000*256*16*67805436882475302087847656644837*0c392d3b9ca889656d1e615c54f9f3c9*612b79e33b96322c3253fc8a0f314463cd76bc4efe1352f7efffca0f374f7e4b"; -static const char *ST_HASH_09700 = "$oldoffice$0*55045061647456688860411218030058*e7e24d163fbd743992d4b8892bf3f2f7*493410dbc832557d3fe1870ace8397e2"; -static const char *ST_HASH_09710 = "$oldoffice$0*55045061647456688860411218030058*e7e24d163fbd743992d4b8892bf3f2f7*493410dbc832557d3fe1870ace8397e2"; -static const char *ST_HASH_09720 = "$oldoffice$0*55045061647456688860411218030058*e7e24d163fbd743992d4b8892bf3f2f7*493410dbc832557d3fe1870ace8397e2:91b2e062b9"; -static const char *ST_HASH_09800 = "$oldoffice$3*83328705222323020515404251156288*2855956a165ff6511bc7f4cd77b9e101*941861655e73a09c40f7b1e9dfd0c256ed285acd"; -static const char *ST_HASH_09810 = "$oldoffice$3*83328705222323020515404251156288*2855956a165ff6511bc7f4cd77b9e101*941861655e73a09c40f7b1e9dfd0c256ed285acd"; -static const char *ST_HASH_09820 = "$oldoffice$3*83328705222323020515404251156288*2855956a165ff6511bc7f4cd77b9e101*941861655e73a09c40f7b1e9dfd0c256ed285acd:b8f63619ca"; static const char *ST_HASH_09900 = "22527bee5c29ce95373c4e0f359f079b"; static const char *ST_HASH_10000 = "pbkdf2_sha256$10000$1135411628$bFYX62rfJobJ07VwrUMXfuffLfj2RDM2G6/BrTrUWkE="; static const char *ST_HASH_10100 = "583e6f51e52ba296:2:4:47356410265714355482333327356688"; static const char *ST_HASH_10200 = "$cram_md5$MTI=$dXNlciBiOGYwNjk5MTE0YjA1Nzg4OTIyM2RmMDg0ZjgyMjQ2Zg=="; static const char *ST_HASH_10300 = "{x-issha, 1024}BnjXMqcNTwa3BzdnUOf1iAu6dw02NzU4MzE2MTA="; -static const char *ST_HASH_10400 = "$pdf$1*2*40*-1*0*16*01221086741440841668371056103222*32*27c3fecef6d46a78eb61b8b4dbc690f5f8a2912bbb9afc842c12d79481568b74*32*0000000000000000000000000000000000000000000000000000000000000000"; -static const char *ST_HASH_10410 = "$pdf$1*2*40*-1*0*16*01221086741440841668371056103222*32*27c3fecef6d46a78eb61b8b4dbc690f5f8a2912bbb9afc842c12d79481568b74*32*0000000000000000000000000000000000000000000000000000000000000000"; -static const char *ST_HASH_10420 = "$pdf$1*2*40*-1*0*16*01221086741440841668371056103222*32*27c3fecef6d46a78eb61b8b4dbc690f5f8a2912bbb9afc842c12d79481568b74*32*0000000000000000000000000000000000000000000000000000000000000000:6a8aedccb7"; -static const char *ST_HASH_10500 = "$pdf$2*3*128*-4*1*16*62888255846156252261477183186121*32*6879919b1afd520bd3b7dbcc0868a0a500000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000"; static const char *ST_HASH_10600 = "$pdf$5*5*256*-1028*1*16*28562274676426582441147358074521*127*a3aab04cff2c536118870976d768f1fdd445754d6b2dd81fba10bb6e742acd7f2856227467642658244114735807452100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000"; static const char *ST_HASH_10700 = "$pdf$5*6*256*-1028*1*16*62137640825124540503886403748430*127*0391647179352257f7181236ba371e540c2dbb82fac1c462313eb58b772a54956213764082512454050388640374843000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000"; static const char *ST_HASH_10900 = "sha256:1000:NjI3MDM3:vVfavLQL9ZWjg8BUMq6/FB8FtpkIGWYk"; -static const char *ST_HASH_11000 = "f22cade043e7214200206dbffca49fd9:27167508161455764247627144160038845437138252877014827848"; static const char *ST_HASH_11100 = "$postgres$postgres*74402844*4e7fabaaf34d780c4a5822d28ee1c83e"; static const char *ST_HASH_11200 = "$mysqlna$2576670568531371763643101056213751754328*5e4be686a3149a12847caa9898247dcc05739601"; static const char *ST_HASH_11400 = "$sip$*72087*1215344588738747***342210558720*737232616*1215344588738747*8867133055*65600****MD5*e9980869221f9d1182c83b0d5e56a7db"; @@ -343,39 +258,19 @@ static const char *ST_HASH_12001 = "{PKCS5S2}NTczNTY0NDY2NjQyNzU1Mx8gGiRGobaZYwu static const char *ST_HASH_12100 = "sha512:1000:NzY2:DNWohLbdIWIt4Npk9gpTvA=="; static const char *ST_HASH_12200 = "$ecryptfs$0$1$4207883745556753$567daa975114206c"; static const char *ST_HASH_12300 = "8F75FBD166AFDB6D7587DAB89C2F15672AAC031C5B0B5E65C0835FB130555F6FF4E0E5764976755558112246FFF306450C22F6B7746B9E9831ED97B373992F9157436180438417080374881414745255"; -static const char *ST_HASH_12400 = "_GW..8841inaTltazRsQ"; -static const char *ST_HASH_12600 = "3f3473a071b1fb955544e80c81853ca0f1e4f9ee4ca3bf4d2a8a10b5ef5be1f6:6058321484538505215534207835727413038041028036676832416353152201"; static const char *ST_HASH_12700 = "$blockchain$288$713253722114000682636604801283547365b7a53a802a7388d08eb7e6c32c1efb4a157fe19bca940a753d7f16e8bdaf491aa9cf6cda4035ac48d56bb025aced81455424272f3e0459ec7674df3e82abd7323bc09af4fd0869fd790b3f17f8fe424b8ec81a013e1476a5c5a6a53c4b85a055eecfbc13eccf855f905d3ddc3f0c54015b8cb177401d5942af833f655947bfc12fc00656302f31339187de2a69ab06bc61073933b3a48c9f144177ae4b330968eb919f8a22cec312f734475b28cdfe5c25b43c035bf132887f3241d86b71eb7e1cf517f99305b19c47997a1a1f89df6248749ac7f38ca7c88719cf16d6af2394307dce55600b8858f4789cf1ae8fd362ef565cd9332f32068b3c04c9282553e658b759c2e76ed092d67bd55961ae"; static const char *ST_HASH_12800 = "v1;PPH1_MD4,54188415275183448824,100,55b530f052a9af79a7ba9c466dddcb8b116f8babf6c3873a51a3898fb008e123"; static const char *ST_HASH_12900 = "15738301074686823451275227041071157383010746868234512752270410712bc4be900bf96ccf43c9852fff49b5f5874a9f6e7bf301686fa6d98286de151f15738301074686823451275227041071"; static const char *ST_HASH_13200 = "$axcrypt$*1*10467*9a7cd609bb262c738d9f0e4977039b94*ecbe0fd05a96fd2099d88a92eebb76c59d6837dfe55b3631"; static const char *ST_HASH_13300 = "$axcrypt_sha1$b89eaac7e61417341b710b727768294d"; static const char *ST_HASH_13600 = "$zip2$*0*3*0*74705614874758221371566185145124*1605*0**75bf9be92e8ab106ff67*$/zip2$"; -static const char *ST_HASH_13711 = "531aca1fa6db5118506320114cb11a9f00dade61720533fc12982b28ec71a1a3856ac6ee44b4acc207c8230352208d5f0dc37bf755bd98830279d6befcb6001cdf025f816a0aa1baf3b9b51be00fadb451ffbe9bdfc381115eeceeef778e29a8761f853b7c99e0ea9ec452ba77677f888ea40a39cf65db74d87147690684e273313dea15ff2039797e112006e5f80f2c5baf2c11eb62cb63cfb45883f8885fc7cd5bdb74ef57ec4fe3cec5c2025364582380366169d9419ac41b6f6e878429239e52538f9698e73700b920e7b58c56a4563f5aa512e334ddc56909ac2a0ad4146833f050edd78b7954e6549d0fa2e3b26ed2a769a6c029bfa4de62d49575acce078ef035e366ec13b6092cb205e481bc822f87972bfbe4a3915fad620c4b8645e96bcc468d5804208ae251a560068a09455657f4539dc7e80637fa85fbce058ffee421a98d85b2ae1118d9bd4f24e1e810627cc9893b7166e199dc91fd7f79740530a472df0948f285293478042b28cd2caef086a6ce9d5f656f97adde7d68924ef477fdf2a0c0b107671a1f94b2906d8fb58114836982e4e130e6944df8b42288512376553a1fa6526f9e46dc19b99bb568b30269d9f5d7db2d70a9aa85371b0ac71a6f6f564aaef26a0508c16bf03934973504a5188de37b18a689a020bc37a54d2863879e12902b43bc71c057fa47cbaac1e0100696af365e8226daeba346"; -static const char *ST_HASH_13712 = "6efa052302d814f368ebf5274e5718cdfd3c1cd5ce8949b963cf4c376a49a033348905f9f5bef7a5a097e3d2d05b09c35c3cb26836e75b45830345bc287903b1c7e2e20c056ba015769d6f5685b8c6a609acd9927afac24f80613c929c1b582553f6637f2523367df94c9c6c0d6ae6e19430313be3f8ea738da30bd910c567222b0d21a03ebc399192453f8dd64f7ae3eeef84e04b77858e678c9dfd30080fb68a8ec532ee8effa65b674c258df29de6f6f7345ffb0ab324cfea9edbc9e1c0366effe284f92a495a9d7901d1008d83fc39a31a750d5b305683e687c69a9321adbbacf09868078147be41ef5d35805ff0f3d4430042c6390b41483d26d287ee1c00fda37588794ea7223ef08be085924ec34f6de6bbc6f79f73ca4c13e7947851a9f220307f9da45c7370306cca3be0ac8a1e555f2f4b87e6bc39b37f2863061a8a62b9df70dd9c5c2ddf9022606bc38e221b9dc0d7a1c311ff7b36cbd97c2df70e1b5c860b03a1ac0cdb5a89f40b1a155be301dc5a96698743aa01527ac1b676440a3fdd68b462c4d77ccff59afb1f9b8ec8b82e7eb9147334d180243b77930ef87c3b2deb145267e5932223b5fbc76eabdc1e44cffb1b36649409565a521c3112119232f829c6ee9408f1c030eab522ae21083d851fb9df0773ba84ea8a6668044cecb82723e7720eb0fa7c0aa13871015452ad08d8b47d7e7fe0bdfde13b21"; -static const char *ST_HASH_13713 = "9c95d40f14ecd2a90f9d942f7869df881ff48bbe3b0fa6ae1d1bea56271844f00a8a40793eec1bc9240578269a1f40d825e6ad3351aa95b8b65b2b3089d8cfed07c2a3187735143f64cf55af972b045ac3fba3f744106ad1afa9bcfd9ae268ba8bca7168bb255507e2c10dff00c386ce442d898ff4db658645f65554b4b2d9d7a327402eadd6974d1dfbf7864680a514950be513dc5eea63d2e2297ff7c2dd256adc8dff9b7568e44c39150e3b2274badf28cecd27a6caed79675bbb66aa98f6a876a455d84b6190c598fa9198921a3e19ca7e00281a9789299db2b4317bc42375cd87461d0e690dea4a447228414d9452947a9a3cc30b727128c796ce1a2dfe8cc6d4a5984373e956ec7eac89412a49cd93ac5ebd1c0fe795413edd250fb7f4b63a04c54b194891a5ff8e05e8aeca0be9cca3b41182ae9634caac4647182f3d872753b8bf47a245eadcabe1e067c2783c15eaf8aa52ce8a27a14a647b6819bab62471e2a21caf69bccff414962308207141c28ac87ecab2e3bdb5d2501f8de8909ab0f585437e62b7bac42b5e157fcc7936c7d0142ca4a497710309074ae1774af8aff5975dc1061088614f36fe43c63f64d37bdee5da0a54955054a070f277176dd0dfdddbd6b61d028342204f9aba4088d90504d2940104bf40365db569b24b419ce261c5c4f15f509b98158490b8867ef6f629c1156919c5543b2639c7a4"; -static const char *ST_HASH_13721 = "2be25b279d8d2694e0ad1e5049902e717f1bdf741bbd678bf307d510741b649d78c54dca46fb2c92723afd9a40769b295e66d445ec232af5bddf91481ee41256e56b77839e8bf55265077bab405901218ac7933f74073f1208f1de72aace5da4e07d5f83ca580c0216d36c200b54570a1d58e9d8e5c98a597dec23b74a465aeac572a99af70e1a1e20fd29c7c296099e4eed5b715cb470617ea4f20140b62ec4694af67d9158deac3ce846718e10518875ce8cea0286a487a295979e67159d06e871789bf5535b75c809b340f8627e18679e3dab839a1c9823ea14a07d5cc4251b777dddb408da147c70e7cc788a01c27b0ba4f4700d3248f59fa8217874ae4958ea4518522b44f7191ec19459faef7678422adecd58777487ef54a5305ff2caaa545dcb82f7e7a3eb30bd9f7ebab542d0964a367f9c710cf26bbd704e841d591428da3486db31c57f91c6167bf99e31839363cb93bc60d755031f96f2d2c964e1d85b7eaa104985ef801a21d99352c025d7415d5b2f1aa37dc513345d0ff6a1bca92ad7b8c265f322d04f2992895de32636c9b03318cf7154632d547debc1c5e0c8f8730a045efcf3d16ff956cf803716eee22168bc5a5ab72ddb5087436722cb0f59a5b7b03bc557ffb50e8757d1a5639e2bcddd8060de4ee5535fb614b4fc159c6a39040dcbe83889b9c6fac1c9364a7bea930d916ea23fafa0fde07ef609"; -static const char *ST_HASH_13722 = "37e6db10454a5d74c1e75eca0bc8a70e67ac032357e4bd6a4315c0174cf9780f92210dfc0a3e977969f2890828d446aecc317dc40fb3162915998cc703e49257a950a1603342913900052011a7fa85fb0b1fd4489f17237ac1a8bbfd644e871ab95a4019f14b2b938d627646b9958b530dd0739760024ad323d36962b60ba92908e55a876fc392ac2dce6a2410bcdd30a01cba90427f02ccb96e222ab1381266a6f626aa00b0f59e743c1a77433cbb28648f04c91853bdf9b8b29917b2341bf7deb013131ad228ea0c7f9435985318431dae59faff46db3726341b97a956da4ad11766124cd06644c1ba1083b36d3f380f20c272e460b958841fc23be1820ad2e0e6db66eaf4ea171035add0ab543ce8e853e3119ceb9d7f32c0948b81604b81075bcb33efe747fec300a7c68ec383d28d560cccce713c0acf51d74c0db718ba93a9e720b657dda2409adf1ce35aa7e1c0d7ed3df98dd0b6d455a355ce02bda8bea8afc0a8341ac78214efd4372b4430270009ec65badf186e5f0d815dcf597b4703af95e3bfc03313125d2a88b9bb3788b6bbc3c7212713cd584a226b155a2e6872b33730af6fba29aa3dccdb0ec35b5d6e3d981faf39c8dd35fdcff502d14736bc6a47af6e4d7f3518f8ef5e0a4e5d521589a761757f86e2bef471d9867e9b532903c479e4966dcc99189fcdfa3d676f50ccd33fb7cc0aa3e85542ff2648c9"; -static const char *ST_HASH_13723 = "d44f26d1742260f88023d825729cc5a64cf8475d887632a2fb4a84af27af138cfadc4bcbb122f6ba68339ae8427d1f72c0c4aeef041291492ae0a7d8677d8da43227ae2a26d9a433076b44458b14f52766cf0e4baeb473a789180660d62e42bbea7c042379a5a74e259463e1c18381fa13aee27141264be381de71c12f8f704913f211c45fda0295e963d90fc35272e907858c0522601f6e7a73b43ff222663f149a485fc6c464e5f3b7cc0b6508f30621385365ca8a4e0bff4061f64f5fbdb11f70f19d77e56fa6ff015ad76ecaaccd759d30da05d2a6fbf00ac9673ac3c23efd339313c2a99511e928f976bf9b2664d97685498d5931af2d453edc6fb1129e324eaba64264711fbe21d0d202b3659106e8100634f09c38cd15b1b3acba79d7f31d31fe23c166392e300db09f10550c83187566dc0fdf768b872555851b34e3c15ad7e7438a72e6126c895cf1204987df4b42cb7bc2fe03c5777867d269378c6e496df2a1a3457b907f7143a139d800868ad95e2901723c6ebb991054b4e991c67fe4c17702d9829d9dc1fe8bf4a956460721c858e31dbcbe56850a4ed31558c6ee89ba2cba2ef4bde77fed11848f9f92e0add54964a683c3686dbab4695ebc42554da922a08c6fff32cac936ea447e771aa74a689eb269ffef677294ef297600dfd73bbbb734d2968e38a98b4a8a77ff0eec8246d93b542e3521a3eb636101"; -static const char *ST_HASH_13731 = "48f79476aa0aa8327a8a9056e61450f4e2883c9e9669142f2e2f022c2f85303b897d088dea03d64329f6c402a56fed05b3919715929090a25c8ae84c67dbdb364ebfa3e9ccc0b391c130a4c3dd6495a1d6eb5d2eab72f8009096f7475ecb736bb3225b6da144e1596d859dad159fae5a739beea88ea074771e9d0b2d7c48ae302606a60d7cff6db54f3e460c548c06a4f47dc1ac203a8c8349fbff6a652219a63f27bc76327543e22be4f8dab8e4f90a4283fbf1552119fe24114ce8869eb20ce87dd72300f7aad3f7b4a26a355f16517725449151cf0373dbd0b281f6ac753485a14a5361cc75d40928e241a6b4684658801774843238048cf8c7f2fd88950abac040e12b0c41fdcaca3702907e951ec11c061a91b3050a4855abe6f3b50b4bd0b17c4be1f5b50b873eadc2d8446cd72c4fcac576bbce3acea769f740c5322ee8c927ffd4dd11c8a9e66f06e58df2e5d4d85c13b44c412bab839c9512b7a0acdd97b37dcccc4b70854eda0f36de12d62dd10cc13bc6154103d083bf6540bc78e5d0aad5d063cc74dad4cbe6e060febda2a9fd79c238f99dcb0766ff4addcfd0c03e619c765f65b1c75d5d22c6536958bcda78077ff44b64c4da741bf50154df310d4e0724238a777b524237b9478277e400ad8146dc3ca1da83e3d2f1c5115a4b7fcdc71dd7d56ba86a2f9b721c9a4137aabb07c3c5fedcf5342c4fae4898c9"; -static const char *ST_HASH_13732 = "1b721942019ebe8cedddbed7744a0702c0e053281a467e0ed69bf875c7406407d72eb8f2aea21270e41898c0a2c14382f86e04c15e7bc019d1d9dd813eabee0ae5173e3cb1d927859d3e6de1006335a5184ae12b4c8dc2db2b1cd785063152a776f4dc5cacc1856a919b880d704b7450f5a0e0c9521bc9b4d67213c36a50e6664a1cbcea33f997b858e654111c7e9fca74f361528e85a28880381ec2600e3c1cd508c3833dd21cc91978185cba53caefd7b3c82d219d49f0b41e536d32e8d3ce194ad7923ca742213e19dcebdbd9687979d5a594654a5c611e8b829c4019e90a3cfb14e5fd7f8ed91e0fc79eed182399f02a3e3e202d4becaa6730e1f05f99ce06ce16dba7777ccddac72e85f2d3be5ecc9c808ac273f10ceb71cad666166abc327c4061a5f47424a5b6d9d093782f34b49924342a2e8cea663446ed4232a9a415ee2dfde988fa827b06d7438fec20ad0689543c3ee4602ce3ec3806fc7d668ef7e34330edd1e077b329a7627fa3ae5c89308258a17ecefbee114c80c2ab06f8271f14de8f2d13d1d6e5a119b71a6bae88ab151f76cdb2442284bc481d0df7e2163c3acfe763d3968195450d275af9034a00184a30cefed163e636626bffe6a35df3472508a49cb2b9b4c4a95d11c5d17e4e0539e9f13112125515778bcd1c2813c62a02673663062ad60583ec6a02c8a572865829e5b8c767b285728bea4907"; -static const char *ST_HASH_13733 = "5eb128daef63eff7e6db6aa10a8858f89964f47844acca68df82ebb2e73866fa75e3b7a53f9d2ff1ecdd1f4dc90e9c0fdf51f60d11b1992cd2971b4889edfc8920bbf346fd7693f675b617cb9e4e9a43e6f445021068fc13453b130f2eb1d753ee83ecc61dabec293e88b62110cf6a8fab670e171f6aba2226550b54893263f5fa086b3cc41dd3db2eae07b585e5162c7a0d9723a426d408d83266c4d6018dc1b8b456d28a224033a30bfe62b1e58c2ddf596e07f7ff31849a6f5cfcc1c977b82d8484c270d44ededb0afdb781295e92968fc8cc69766af0ce1e72f02d6b4e124ba4b1af71519dcaade857bb3f371f93a350da6e65ee46c2ac782f134c75c10fe9d653fccc08c614dc362871911af8b83bdfc479f770dfe4b3c86b5d895842c53852fe4912738f848bf7c3e10b8189d25faceab9ef30b6fa0284edaa471752ac2b65335179b8d605417709f64fded7d94383618a921660d4cdb190bbb3769a8e56d2cd1ee07078ebc3b68ebeb016893f7099018e40cb326e32b29a62806eaf1a3fd382f4f876bf721eadfc019c5545813e81fd7168995f743663b136762b07910a63b6eec5b728a4ad07a689cceecb14c2802f334401a0a4fd2ec49e2da7f3cb24d6181f01ceed93ee73dedc3378133c83c9a71155c86785ff20dd5a64323d2fd4bf076bab3c17a1bb45edf81c30a7bd7dbbb097ece0dca83fff9138d56ae668"; -static const char *ST_HASH_13751 = "b8a19a544414e540172595aef79e6616f504799b40a407edfb69d40534e93f0bdb3187876f0b7a21739b3a9bb02bd4752eac4d2021e65a2a9413cc389964fad46e2cd37f337eb3fe3c75909fe9911609d084fb8c09543f949e738fc2fcfa4825ca5f1e08678e711142553f95b19ba720fa6c8ae5d325be0b36b93c1b2683b0944d2ad4e858c1d83f21a302ef721b9a570233219b9fcf95919fef9ca353af32d7ceb0b3058986c4ed9580b8058325403d45048e43d9e94a1e8fbaa0658f82f81940ea821e1bd526829ee6478a32da4095ab9e7c04dac3b6cc08f99348467a5bf068ba54d0aededdf6005c18ee37e21ee8d980cabe470be49d332661761934f5c07126001c290002587ba4b49982fefaac41b62f7e74ce943bb40a2d78094f734d1bc2aa3dedff43ee2a7b8f3525743c76194637da9ebc2794bac14601e03aa98e9118023a184970b6b8f84f546af88b81e2fde836e286b57cbcbdd7d39334860571a5cc612b77f0c51c741854abeb320bf961aea99b88798199bf826970f2b1b8027499955f68e15328080289d8cf0569057e1ed887f956ce72b14dd13a1f61134e1195d13c68d9c298ae0183107e3a93dd13ee0730f1fabe3935ee70f4c6a1923abb3e0d0c8ecf45260c1444e7e73386acf29d3239d0160e097e6193099e10cc98f61bfda49df6b0635e73a9ccc7bdcc543306b40dd12b91023f61b21418af91"; -static const char *ST_HASH_13752 = "1c3197f32dc5b72b4d60474a7a43afefb0d2e856a8fc4957c3fb1188b62cb0ca002f585c125bb33c5a5e85a665afae9fce15cb127c2fd9b5ee074a48fd95b3a58364dfd645968187d546443ba234f5cc40e78c4bdcd1e0c6d0a1208dd892442bc1dfe2a45bc4821e843bb6d9f4adf742c48c432daf0d4a51d42cafdfca281f0fab0caabde8005405840383bbfd8dbf227384891ffa501531549e0b9562c2dd77f0e6552d253acb20cbee9a75d17ec283a46006ee89cd53e3b538e054952ae6db7aac9f2f190590e697a2a8e22d080e88c32f4d27b5afe100647da2a5c80cfcb69e5a3db67cb2fcd86d89c1c53fab1bf3a287bb9002d092e75eb1fe6269a1603545dbf97b9d7fcc9485b6400f7b0abaccc31642cefd83f037e7314c6990c51af24ae894cc1c49a09d18f3ad91b3ef37ae5414fef280ec776d9c0bf84b2eb312c8cb0046bedf6f29b4aab30cdb34333f613000a39bf650341cbf33bdd47ba7bd9be8108a1254390b045d82b208d21aa45de7ca399f8e91845b9ffb47d9e6eeb506965622a2e842ec6897277388cbb6ca2a50117e228e84bebd98f9aba40f38dc3bce3b576cb08596836e50ef276ee3a76b8ce76735fd172e9bae284aa83e2677dac56e4624e66604a90e2e3ae704c64a0f27b51ce9e472891bbc212b4a6055e4482b2e6963507f9ffb477224372289fcfee5764a5f4bc7307a509e7c37c69b4857"; -static const char *ST_HASH_13753 = "f421bdc1087b8319c12d84a680ceab0102e8e41c9ccffe76dbe0215dcfcb7b543f3e1bbedd099e88646823dae5bad8468b72436961ea8e0449a6b92b8bda7b9ba1fe215e997ec3be2ee5eb3b4d47c41d50998df2f883404fb66270f72b5ce666e7d5ca7847c4a8b2762723da1ad088b0ad75c4fd2ccbbfa4e3adf091b6af4f44f5484ce0c89a5b0db0cbe99b3a9d43d7ff6c4ddbc9636cacfedb26b59340c6eb3e8c587db41fc01f10da2974af96531b2bee5f0b9818c3b86a3cac4ba20e08c49be84af65eb40d51626161f4eef187bf5776a89e791f3f5cbcfaa510df201fb2bf35ff03e81d0572af9abbed3cac82681925a3d1954440a6037df78f7a1e63bea81c852571a21fb550f9fe114b82bf7b94290e362cef233186f17396488c0f259c83c50ac4f8cc27d3a134ddc98f14c2fe0dd6e7d6f5eec63848314dc5984979eeb79df326f80ee0e7f671072117903cb72bbbce4f750fca3f008dadf532241e05913704df6ca03edb9641775c3b6e3e328fd078c6d70298512118312cab8316bb6ddc0b860952c621b2bb4cec1b3c7da9b1cb4c494fec382fe85aefdc56570b54845a14651535d261db519be0e860a4e20c30c86cff6f9de6e16b68d09a0e9593d271df2740950e65f1fb16e3fee034183e540e2a3b0f76156f06946b5d1bfc62fe0cab3daa14603a8d21eb03a4d266e965b010c265c9a0e093084d262a8c03"; -static const char *ST_HASH_13771 = "444ec71554f0a2989b34bd8a5750ae7b5ed8b1ccdead29120fc030bd5186f312a7fa18ab4f4389d7798e43c073afd1e71dda2052db38dec04a700e8d6b488802ead0cf95d6e6cecc8eaf6464baf94a64acbbd1a86f826333115b6380bda18cf936150efd6ffc2a344bb78b0b4875781a8c5079772429ef50ddf148f35895496d2e39f32ffaf68a007b070b0beaad316c4b3adf43c0c58ad24430a34abf168ed455b64958ca5465cae0684adadc00f7b9c13fc7671b4520892d23aebff49ea92bc15e804cc650dc3bbd5b8f5122051636f0c576977d4b64ba355bf6e6a8e042fc5165f2a8affa51aa12ff718cee4c543976bf565997b4b57c74e79584e317f4bdb3920f2937c4251af87f432bb8ce78dcb30675246f0303db4aaea913c93be5a26d16dbf8d4d20773aa2a4608d2151491ca6593b51965baeaf9b58f78905df522bf88976fe9436a916c8de38d5a6ca7ca7f436e7982a36335a404298304322ebe194bb34e91e8f7ee7c6541679bb0ce9d80bf4431d1c475b1a785e943e57f8e27a4e665940389b6da2771bd27d943955185379f83ca6a124ec55b2b63d4ef2e2ad6ee27de25f959708f3a64facfe07f06e29459a14f02699751d530f258d0c744a759c188de4f9423f2bd21d3d999ea28df4f3a93a2c47a7e788fe43ccbfbe267277b048002da1ef8c1e7b26690230285675a3a8fdc0f2acf46a4cb24141b3ad1"; -static const char *ST_HASH_13772 = "0f5da0b17c60edcd392058752ec29c389b140b54cd1f94de43dccea703b1fd37936e75a500b7f9d4e94e7f214c4696c051be9697792a856ebf9c0f5a598cf8ba5621e49c7505eba3b4738acdc860b6ed648f52e5b673ae06bb04616de438a090ab19abea11c30984ead06859de9b7aec8e436c40816f67a56cb53d5f125e58c42225315a4bf494da8128f0df924bcf6ad4b91c9efc5cb0be67cb0cd753c392388d780f57aba39197513a191cc684e9ebee41bc901dd99e9a625141cf98e55e8f74d838baea3bf8f411b85c14eff8cddd1720c2539eef7a38a72c4ed9745a05476b6a16bcda2a5391c94b6f499e3bea64ff412d03d060741e938ed3dc905d8bd6dbb2420e9277251ebe3421be389ea8b02782baeb258b9ec7e0732b3817ee6da58209871aee4e16d57a132c6215782364570238157d8a7fdcd29f54ab2295f68d027dc9f2e0c951afad7500cafe3219e6530699918ac55f4fa1141bc3596155b05bae2fdc8b0a5438edeb5bb0cfac592565b20645be90b406a1fd59846957e7539fd8423bfd4c7ae7d608aacb084ae887baa1a83b14afff8d2063565086c66e293234a8667af39642b90a38c3a5bd4fa8a787c60f73882535c9b34cb7b243465dcc32aff29cee0e741ff059c6acd8ddcbdb3cfafecdcd0f45c84dd871be4fbffd5ac2ab9e01898009adcf7d932c37d6568ad875e4d6ea15db29a1e8ba5a4e86bd"; -static const char *ST_HASH_13773 = "18d2e8314961850f8fc26d2bc6f896db9c4eee301b5fa7295615166552b2422042c6cf6212187ec9c0234908e7934009c23ceed0c4858a7a4deecbc59b50a303afdc7d583cde1b0c06f0bf56162ef1d6d8df8f194aadcbe395780b3d1d7127faf39910eb10f4805abdd1c3ef7a66972603124a475e2b9224699e60a9e12f4096597f20c5fb0528f590d7bd317e41dc6a2128cf5e58a99803a28c213feb8286350b1d7ab56d43bb52e511f3c860e5002472a4454a549509c8ce0c34f17ece23d5b61aa7c63389c8ca44ed10c2caae03e7ed30b3ef98565926d7e4f3a2a9abf03b278083bed7aaadd78d5bffb7cd45ffae92990c06d9e9f375a77a94226035d1f90e177c46a04dab416dfb7ed7c4ed9ee7e84580bed65c5fee9f4b1545b9a7cf6af533870d393eced609aebe308ec1eee3729da09eb7df7a8d1282b15c4a1b8266a456c06b4ea20c209c549d5d6b58a861f8e15cca3b6cef114accbf470ec76d717f6d7d416d7a32f064ab560c1167f9ef4e93310fbd927b088bffbb0cf5d5c2e271c9cad4c604e489e9983a990b23e1a2f973682fdfe38df385474f73ecdc9bce701d01d627192d3051240f4b96bbdcf2346b275e05aa75add4acb97b286cc00e830fee95d0f86a8b1e315ccb6f3f8642180392b3baac01ed2c97c200489b5e5ca4dcb0a6417e622b6196482a10e640b2b6b08e3f62acac3d45dfc6b88c666205"; static const char *ST_HASH_13800 = "060a4a94cb2263bcefe74705bd0efe7643d09c2bc25fc69f6a32c1b8d5a5d0d9:4647316184156410832507278642444030512402463246148636510356103432440257733102761444262383653100802140838605535187005586063548643765207865344068042278454875021452355870320020868064506248840047414683714173748364871633802572014845467035357710118327480707136422"; static const char *ST_HASH_13900 = "058c1c3773340c8563421e2b17e60eb7c916787e:827500576"; static const char *ST_HASH_14400 = "fcdc7ec700b887e8eaebf94c2ec52aebb5521223:63038426024388230227"; static const char *ST_HASH_14700 = "$itunes_backup$*9*ebd7f9b33293b2511f0a4139d5b213feff51476968863cef60ec38d720497b6ff39a0bb63fa9f84e*10000*2202015774208421818002001652122401871832**"; static const char *ST_HASH_14800 = "$itunes_backup$*10*17a3b858e79bc273be43a9f113b71efe7ec8e7e401396b350180b4592ef45db67ffef7b2d64329a5*10000*2721336781705041205314422175267631184867*1000*99fafc983e732998adb9fadc162a2e382143f115"; -static const char *ST_HASH_14900 = "7090b6b9:04223875"; -static const char *ST_HASH_15000 = "bfa9fe5a404faff8b0d200385e26b783a163e475869336029d3ebaccaf02b5f16e4949279e8a33b942ab647f8f19a83dbe89a6d39dd6d8f84812de7d2e556767:6422386434050716105781561510557063652302782465168686858312232148"; static const char *ST_HASH_15100 = "$sha1$20000$75552156$HhYMDdaEHiK3eMIzTldOFPnw.s2Q"; static const char *ST_HASH_15200 = "$blockchain$v2$5000$288$324724252428471806184866704068819419467b2b32fd9593fd1a274e0b68bf2c72e5a1f5e748fd319056d1e47ca7b40767136a2d97d7133d14faaeca50986f66cdbc0faec0a3fabbd0ba5d08d5322b6b53da021aacfc439c45bec0e9fe02ad81db82f94e9bd36a7d4d76b505c2339fcd46565d3abab958fbeb1de8bfc53beb96cde8fe44128965477c9ef0762c62bbb1d66532b4888e174ea949db54374a2ed9686a63eb0b5b17ae293f7410bb4ae5106f108314a259c5fd097d558515d79350713412159103a8a174cd384a14f3da45efe18044e1146036000231f6042577d0add98fc959d265368e398dc1550b0bc693e9023cd9d51b40e701bd786e19c3a281a90465aa6ea3f9e756d430164ab2eb43be5b6796d7ac15b2fe99217410f2"; -static const char *ST_HASH_15400 = "$chacha20$*0400000000000003*35*0200000000000001*3961626364656667*8a152c57a7a856a8"; static const char *ST_HASH_15500 = "$jksprivk$*338BD2FBEBA7B3EF198A4CBFC6E18AFF1E229367*5225850113575146134463704406336350011656*D5253EB151EB92DC73E542D8C0A4D7A848A5B0C0E370E625E6547D4E6F23416FC85A27BC295731B8021CDFBD003551C66C434FFBC87DACAD1FDF39022320034A2F86E779F2B1B3325428A666518FA89507AD63E15FD9C57B9E36EF5B642A2F448A9A3F09B79AD93D65F46B8692CD07539FD140146F8F219DC262971AF019E18EDC16C3C240569E1673F4D98BC818CCF28298D5A7BFF038A663DD10FE5E48643C3217C237D342164E2D41EF15075431FBD5B34800E5AE7EB80FAA5AE9982A55F35379AA7B31217E7F1C5F1964A15024A305AE4B3981FE1C80C163BC38ECA5581F11867E5C34C5D124D0367B3737E5E5BB14D2CAB26A698C8DAAB755C82BA6B823BCAECDD4A89C831651ACE5A6029FD0D3515C5D1D53AD8B9062CE8C445373862035CBBF60D490CA2E4975EE6E0358EC32E871FAB15347E3032E21F30F543BAAB01D779BA833CA0B8C7591B42C7C59A8FDD46D7DECEC0E91ADBF331177605E7830ABED62FAD7D5D806D8EFD01C38765940B7F97168FC72C39BF4C98F944FFC310CA8F4EB1D0F960F352CC5E2BB23A1EB221072A5471EDA2CE81C04595B8D37088CFB5C14F6A4A881AD12125DEFBB8154EB4C130AB7FD9933FD36DF1A6A26B51AB169866788678FCED988C8E017CA84354F487A5508210181AFB8B3AD0753E3E28BE674DFBD4E4FBDFD1E30D592F4EA3A77A2F0F5CF9A175DBC590EF5D42971A39918F12B92DCD8BFD56BE9A3459856B5587603C7B53062663A4C8894BBC9894FB1663BF30F32D907664328138B7A50EAC7F8E3183D74562A5C90FE1889AC4C5FE43EBEB8974563B6682F92591ECA4FA0DA72236C3851DA102DB6BA0CC07BFD32F7E962AB0EDCF4A8DEA6525174F5BB5C021E2A9A3F7F761E9CA90B6E27FB7E55CD91DA184FAC5E534E8AD25314C56CE5796506A0CA70881782F9C5147D87705065D68BD67D2B0344205BA6445D562273690004CA5A303274FB283A75F49BA968D7947943AA98F2AF9CB8253B425B86225E7395A331AC4CB1B1700C64D4F458D5D642C54148AE6DA41D9E26657D331B157D76042C2CF3057B83997C23D8BF68FB3C7337CAFB8B324AD0DF7A80B554B4D7F9AD6ED527E7932F1741A573C152A41610F6517E3F4A3BC6B66685871A7CE3795C559BD47CDB8E34CB2C1DFE980518D79E2078C258C54F312EB38609F640E7DC013E0F2A16A25BB5971882B4308D27930CA99FEC231AE927B62215A1B56098C362B7F20593953B29428681875070E84BF5B60BEA3948127151634123DA77C814AAD54CE10905763C8C19BC191C0C40458C809402E1957C4C05C4EAE27576B2D30593F7FDCC9A248DB5DB23CF2FA22A92C016090F611690BF0AB5B8B2866ED25F345EFE85DF3311C9E91C37CEE709CF16E7CB09D01BECD2961D094C02D42EC85BF47FAB1B67A13B9A1741C15F7156D57A71BFFABB03B71E69707913A5C136B3D69CE3F71ABFE376F0A21D723FFA2E60AC180689D3E8AF4348C9F555CD897387327FC8BA2B9C51A7298547E556A11A60441EF5331A1BFB847A3D23DD9F7C50E636A2C6309BC82E1A8852F5A8569B6D93*14*78D6A2424484CF5149932B7EA8BF*test"; static const char *ST_HASH_15600 = "$ethereum$p*1024*38353131353831333338313138363430*a8b4dfe92687dbc0afeb5dae7863f18964241e96b264f09959903c8c924583fc*0a9252861d1e235994ce33dbca91c98231764d8ecb4950015a8ae20d6415b986"; static const char *ST_HASH_16000 = "pfaRCwDe0U"; @@ -411,14 +306,12 @@ static const char *HT_01730 = "sha512(utf16le($pass).$salt)"; static const char *HT_01740 = "sha512($salt.utf16le($pass))"; static const char *HT_01750 = "HMAC-SHA512 (key = $pass)"; static const char *HT_01760 = "HMAC-SHA512 (key = $salt)"; -static const char *HT_02100 = "Domain Cached Credentials 2 (DCC2), MS Cache 2"; static const char *HT_02410 = "Cisco-ASA MD5"; static const char *HT_02600 = "md5(md5($pass))"; static const char *HT_03100 = "Oracle H: Type (Oracle 7+)"; static const char *HT_03710 = "md5($salt.md5($pass))"; static const char *HT_03711 = "MediaWiki B type"; static const char *HT_03800 = "md5($salt.$pass.$salt)"; -static const char *HT_03910 = "md5(md5($pass).md5($salt))"; static const char *HT_04010 = "md5($salt.md5($salt.$pass))"; static const char *HT_04110 = "md5($salt.md5($pass.$salt))"; static const char *HT_04300 = "md5(strtoupper(md5($pass)))"; @@ -428,9 +321,6 @@ static const char *HT_04520 = "sha1($salt.sha1($pass))"; static const char *HT_04700 = "sha1(md5($pass))"; static const char *HT_04800 = "iSCSI CHAP authentication, MD5(CHAP)"; static const char *HT_04900 = "sha1($salt.$pass.$salt)"; -static const char *HT_05200 = "Password Safe v3"; -static const char *HT_05300 = "IKE-PSK MD5"; -static const char *HT_05400 = "IKE-PSK SHA1"; static const char *HT_05700 = "Cisco-IOS type 4 (SHA256)"; static const char *HT_05800 = "Samsung Android Password/PIN"; static const char *HT_06000 = "RIPEMD-160"; @@ -455,35 +345,21 @@ static const char *HT_08100 = "Citrix NetScaler"; static const char *HT_08200 = "1Password, cloudkeychain"; static const char *HT_08300 = "DNSSEC (NSEC3)"; static const char *HT_08400 = "WBB3 (Woltlab Burning Board)"; -static const char *HT_08500 = "RACF"; static const char *HT_08600 = "Lotus Notes/Domino 5"; static const char *HT_08700 = "Lotus Notes/Domino 6"; static const char *HT_08800 = "Android FDE <= 4.3"; -static const char *HT_09000 = "Password Safe v2"; static const char *HT_09100 = "Lotus Notes/Domino 8"; static const char *HT_09200 = "Cisco-IOS $8$ (PBKDF2-SHA256)"; static const char *HT_09400 = "MS Office 2007"; static const char *HT_09500 = "MS Office 2010"; -static const char *HT_09600 = "MS Office 2013"; -static const char *HT_09700 = "MS Office <= 2003 $0/$1, MD5 + RC4"; -static const char *HT_09710 = "MS Office <= 2003 $0/$1, MD5 + RC4, collider #1"; -static const char *HT_09720 = "MS Office <= 2003 $0/$1, MD5 + RC4, collider #2"; -static const char *HT_09800 = "MS Office <= 2003 $3/$4, SHA1 + RC4"; -static const char *HT_09810 = "MS Office <= 2003 $3, SHA1 + RC4, collider #1"; -static const char *HT_09820 = "MS Office <= 2003 $3, SHA1 + RC4, collider #2"; static const char *HT_09900 = "Radmin2"; static const char *HT_10000 = "Django (PBKDF2-SHA256)"; static const char *HT_10100 = "SipHash"; static const char *HT_10200 = "CRAM-MD5"; static const char *HT_10300 = "SAP CODVN H (PWDSALTEDHASH) iSSHA-1"; -static const char *HT_10400 = "PDF 1.1 - 1.3 (Acrobat 2 - 4)"; -static const char *HT_10410 = "PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1"; -static const char *HT_10420 = "PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2"; -static const char *HT_10500 = "PDF 1.4 - 1.6 (Acrobat 5 - 8)"; static const char *HT_10600 = "PDF 1.7 Level 3 (Acrobat 9)"; static const char *HT_10700 = "PDF 1.7 Level 8 (Acrobat 10 - 11)"; static const char *HT_10900 = "PBKDF2-HMAC-SHA256"; -static const char *HT_11000 = "PrestaShop"; static const char *HT_11100 = "PostgreSQL CRAM (MD5)"; static const char *HT_11200 = "MySQL CRAM (SHA1)"; static const char *HT_11400 = "SIP digest authentication (MD5)"; @@ -497,8 +373,6 @@ static const char *HT_11900 = "PBKDF2-HMAC-MD5"; static const char *HT_12100 = "PBKDF2-HMAC-SHA512"; static const char *HT_12200 = "eCryptfs"; static const char *HT_12300 = "Oracle T: Type (Oracle 12+)"; -static const char *HT_12400 = "BSDi Crypt, Extended DES"; -static const char *HT_12600 = "ColdFusion 10+"; static const char *HT_12700 = "Blockchain, My Wallet"; static const char *HT_12800 = "MS-AzureSync PBKDF2-HMAC-SHA256"; static const char *HT_12900 = "Android FDE (Samsung DEK)"; @@ -510,11 +384,8 @@ static const char *HT_13900 = "OpenCart"; static const char *HT_14400 = "sha1(CX)"; static const char *HT_14700 = "iTunes backup < 10.0"; static const char *HT_14800 = "iTunes backup >= 10.0"; -static const char *HT_14900 = "Skip32 (PT = $salt, key = $pass)"; -static const char *HT_15000 = "FileZilla Server >= 0.9.55"; static const char *HT_15100 = "Juniper/NetBSD sha1crypt"; static const char *HT_15200 = "Blockchain, My Wallet, V2"; -static const char *HT_15400 = "ChaCha20"; static const char *HT_15500 = "JKS Java Key Store Private Keys (SHA1)"; static const char *HT_15600 = "Ethereum Wallet, PBKDF2-HMAC-SHA256"; static const char *HT_16000 = "Tripcode"; @@ -548,40 +419,16 @@ static const char *HT_01731 = "MSSQL (2012, 2014)"; static const char *HT_02611 = "vBulletin < v3.8.5"; static const char *HT_02612 = "PHPS"; static const char *HT_02711 = "vBulletin >= v3.8.5"; -static const char *HT_02811 = "IPB2+ (Invision Power Board), MyBB 1.2+"; static const char *HT_04521 = "Redmine"; static const char *HT_04522 = "PunBB"; -static const char *HT_13711 = "VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 512 bit"; -static const char *HT_13712 = "VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 1024 bit"; -static const char *HT_13713 = "VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 1536 bit"; -static const char *HT_13721 = "VeraCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit"; -static const char *HT_13722 = "VeraCrypt PBKDF2-HMAC-SHA512 + XTS 1024 bit"; -static const char *HT_13723 = "VeraCrypt PBKDF2-HMAC-SHA512 + XTS 1536 bit"; -static const char *HT_13731 = "VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit"; -static const char *HT_13732 = "VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 1024 bit"; -static const char *HT_13733 = "VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 1536 bit"; -static const char *HT_13741 = "VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 512 bit + boot-mode"; -static const char *HT_13742 = "VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 1024 bit + boot-mode"; -static const char *HT_13743 = "VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 1536 bit + boot-mode"; -static const char *HT_13751 = "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit"; -static const char *HT_13752 = "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1024 bit"; -static const char *HT_13753 = "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1536 bit"; -static const char *HT_13761 = "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit + boot-mode"; -static const char *HT_13762 = "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1024 bit + boot-mode"; -static const char *HT_13763 = "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1536 bit + boot-mode"; -static const char *HT_13771 = "VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 512 bit"; -static const char *HT_13772 = "VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 1024 bit"; -static const char *HT_13773 = "VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 1536 bit"; static const char *HT_12001 = "Atlassian (PBKDF2-HMAC-SHA1)"; static const char *SIGNATURE_ANDROIDFDE = "$fde$"; static const char *SIGNATURE_AXCRYPT = "$axcrypt$"; static const char *SIGNATURE_AXCRYPT_SHA1 = "$axcrypt_sha1$"; -static const char *SIGNATURE_BSDICRYPT = "_"; static const char *SIGNATURE_CISCO8 = "$8$"; static const char *SIGNATURE_CRAM_MD5 = "$cram_md5$"; static const char *SIGNATURE_CRAM_MD5_DOVECOT = "{CRAM-MD5}"; -static const char *SIGNATURE_DCC2 = "$DCC2$"; static const char *SIGNATURE_DJANGOPBKDF2 = "pbkdf2_sha256"; static const char *SIGNATURE_DJANGOSHA1 = "sha1$"; static const char *SIGNATURE_DRUPAL7 = "$S$"; @@ -599,20 +446,11 @@ static const char *SIGNATURE_MYWALLETV2 = "$blockchain$v2$"; static const char *SIGNATURE_NETSCALER = "1"; static const char *SIGNATURE_OFFICE2007 = "$office$"; static const char *SIGNATURE_OFFICE2010 = "$office$"; -static const char *SIGNATURE_OFFICE2013 = "$office$"; -static const char *SIGNATURE_OLDOFFICE = "$oldoffice$"; -static const char *SIGNATURE_OLDOFFICE0 = "$oldoffice$0"; -static const char *SIGNATURE_OLDOFFICE1 = "$oldoffice$1"; -static const char *SIGNATURE_OLDOFFICE3 = "$oldoffice$3"; -static const char *SIGNATURE_OLDOFFICE4 = "$oldoffice$4"; static const char *SIGNATURE_PBKDF2_MD5 = "md5"; static const char *SIGNATURE_PBKDF2_SHA256 = "sha256"; static const char *SIGNATURE_PBKDF2_SHA512 = "sha512"; -static const char *SIGNATURE_PDF = "$pdf$"; static const char *SIGNATURE_PHPS = "$PHPS$"; static const char *SIGNATURE_POSTGRESQL_AUTH = "$postgres$"; -static const char *SIGNATURE_PSAFE3 = "PWS3"; -static const char *SIGNATURE_RACF = "$racf$"; static const char *SIGNATURE_SAPH_SHA1 = "{x-issha, "; static const char *SIGNATURE_SHA1AIX = "{ssha1}"; static const char *SIGNATURE_SHA1B64 = "{SHA}"; @@ -632,7 +470,6 @@ static const char *SIGNATURE_ITUNES_BACKUP = "$itunes_backup$"; static const char *SIGNATURE_FORTIGATE = "AK1"; static const char *SIGNATURE_ATLASSIAN = "{PKCS5S2}"; static const char *SIGNATURE_NETBSD_SHA1CRYPT = "$sha1$"; -static const char *SIGNATURE_CHACHA20 = "$chacha20$"; static const char *SIGNATURE_JKS_SHA1 = "$jksprivk$"; static const char *SIGNATURE_ETHEREUM_PBKDF2 = "$ethereum$p"; static const char *SIGNATURE_TACACS_PLUS = "$tacacs-plus$0$"; @@ -2182,166 +2019,6 @@ int netscreen_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_ return (PARSER_OK); } -int dcc2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - token_t token; - - token.token_cnt = 4; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_DCC2; - - token.len[0] = 6; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 1; - token.len_max[1] = 6; - token.sep[1] = '#'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = SALT_MIN; - token.len_max[2] = SALT_MAX; - token.sep[2] = '#'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[3] = 32; - token.len_max[3] = 32; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *hash_pos = token.buf[3]; - - digest[0] = hex_to_u32 (hash_pos + 0); - digest[1] = hex_to_u32 (hash_pos + 8); - digest[2] = hex_to_u32 (hash_pos + 16); - digest[3] = hex_to_u32 (hash_pos + 24); - - digest[0] = byte_swap_32 (digest[0]); - digest[1] = byte_swap_32 (digest[1]); - digest[2] = byte_swap_32 (digest[2]); - digest[3] = byte_swap_32 (digest[3]); - - const u8 *salt_pos = token.buf[2]; - const int salt_len = token.len[2]; - - const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); - - if (parse_rc == false) return (PARSER_SALT_LENGTH); - - const u8 *iter_pos = token.buf[1]; - - u32 iter = hc_strtoul ((const char *) iter_pos, NULL, 10); - - salt->salt_iter = iter - 1; - - return (PARSER_OK); -} - -int psafe2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - if (input_len == 0) return (PARSER_HASH_LENGTH); - - FILE *fp = fopen ((const char *) input_buf, "rb"); - - if (fp == NULL) return (PARSER_HASH_FILE); - - psafe2_hdr buf; - - memset (&buf, 0, sizeof (psafe2_hdr)); - - const size_t n = hc_fread (&buf, sizeof (psafe2_hdr), 1, fp); - - fclose (fp); - - if (n != 1) return (PARSER_PSAFE2_FILE_SIZE); - - salt->salt_buf[0] = buf.random[0]; - salt->salt_buf[1] = buf.random[1]; - - salt->salt_len = 8; - salt->salt_iter = 1000; - - digest[0] = byte_swap_32 (buf.hash[0]); - digest[1] = byte_swap_32 (buf.hash[1]); - digest[2] = byte_swap_32 (buf.hash[2]); - digest[3] = byte_swap_32 (buf.hash[3]); - digest[4] = byte_swap_32 (buf.hash[4]); - - return (PARSER_OK); -} - -int psafe3_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - if (input_len == 0) return (PARSER_HASH_LENGTH); - - FILE *fp = fopen ((const char *) input_buf, "rb"); - - if (fp == NULL) return (PARSER_HASH_FILE); - - psafe3_t in; - - memset (&in, 0, sizeof (psafe3_t)); - - const size_t n = hc_fread (&in, sizeof (psafe3_t), 1, fp); - - fclose (fp); - - if (n != 1) return (PARSER_PSAFE3_FILE_SIZE); - - if (memcmp (SIGNATURE_PSAFE3, in.signature, 4) != 0) return (PARSER_SIGNATURE_UNMATCHED); - - salt->salt_iter = in.iterations + 1; - - salt->salt_buf[0] = in.salt_buf[0]; - salt->salt_buf[1] = in.salt_buf[1]; - salt->salt_buf[2] = in.salt_buf[2]; - salt->salt_buf[3] = in.salt_buf[3]; - salt->salt_buf[4] = in.salt_buf[4]; - salt->salt_buf[5] = in.salt_buf[5]; - salt->salt_buf[6] = in.salt_buf[6]; - salt->salt_buf[7] = in.salt_buf[7]; - - salt->salt_len = 32; - - digest[0] = in.hash_buf[0]; - digest[1] = in.hash_buf[1]; - digest[2] = in.hash_buf[2]; - digest[3] = in.hash_buf[3]; - digest[4] = in.hash_buf[4]; - digest[5] = in.hash_buf[5]; - digest[6] = in.hash_buf[6]; - digest[7] = in.hash_buf[7]; - - digest[0] = byte_swap_32 (digest[0]); - digest[1] = byte_swap_32 (digest[1]); - digest[2] = byte_swap_32 (digest[2]); - digest[3] = byte_swap_32 (digest[3]); - digest[4] = byte_swap_32 (digest[4]); - digest[5] = byte_swap_32 (digest[5]); - digest[6] = byte_swap_32 (digest[6]); - digest[7] = byte_swap_32 (digest[7]); - - return (PARSER_OK); -} - int episerver_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -3817,362 +3494,6 @@ int sha512s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UN return (PARSER_OK); } -int chacha20_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - chacha20_t *chacha20 = (chacha20_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 6; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_CHACHA20; - - token.sep[0] = '*'; - token.len_min[0] = 10; - token.len_max[0] = 10; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.sep[1] = '*'; - token.len_min[1] = 16; - token.len_max[1] = 16; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[2] = '*'; - token.len_min[2] = 1; - token.len_max[2] = 2; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; - - token.sep[3] = '*'; - token.len_min[3] = 16; - token.len_max[3] = 16; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[4] = '*'; - token.len_min[4] = 16; - token.len_max[4] = 16; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[5] = '*'; - token.len_min[5] = 16; - token.len_max[5] = 16; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - // offset - - const u8 *offset_marker = token.buf[2]; - - const int offset = strtol ((const char *) offset_marker, NULL, 10); - - if (offset > 63) return (PARSER_SALT_VALUE); - - chacha20->offset = offset; - - // position - - const u8 *position_marker = token.buf[1]; - - chacha20->position[0] = hex_to_u32 ((const u8 *) position_marker + 0); - chacha20->position[1] = hex_to_u32 ((const u8 *) position_marker + 8); - - // iv - - const u8 *iv_marker = token.buf[3]; - - chacha20->iv[0] = hex_to_u32 ((const u8 *) iv_marker + 8); - chacha20->iv[1] = hex_to_u32 ((const u8 *) iv_marker + 0); - - // plain - - const u8 *plain_marker = token.buf[4]; - - chacha20->plain[0] = hex_to_u32 ((const u8 *) plain_marker + 0); - chacha20->plain[1] = hex_to_u32 ((const u8 *) plain_marker + 8); - - /* some fake salt for the sorting mechanisms */ - - salt->salt_buf[0] = chacha20->iv[0]; - salt->salt_buf[1] = chacha20->iv[1]; - salt->salt_buf[2] = chacha20->plain[0]; - salt->salt_buf[3] = chacha20->plain[1]; - salt->salt_buf[4] = chacha20->position[0]; - salt->salt_buf[5] = chacha20->position[1]; - salt->salt_buf[6] = chacha20->offset; - salt->salt_buf[7] = 0; - salt->salt_len = 32; - - /* Store cipher for search mechanism */ - - const u8 *cipher_marker = token.buf[5]; - - digest[0] = hex_to_u32 ((const u8 *) cipher_marker + 8); - digest[1] = hex_to_u32 ((const u8 *) cipher_marker + 0); - - return (PARSER_OK); -} - -int ikepsk_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - ikepsk_t *ikepsk = (ikepsk_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 9; - - token.sep[0] = ':'; - token.len_min[0] = 0; - token.len_max[0] = 1024; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[1] = ':'; - token.len_min[1] = 0; - token.len_max[1] = 1024; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[2] = ':'; - token.len_min[2] = 0; - token.len_max[2] = 1024; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[3] = ':'; - token.len_min[3] = 0; - token.len_max[3] = 1024; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[4] = ':'; - token.len_min[4] = 0; - token.len_max[4] = 1024; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[5] = ':'; - token.len_min[5] = 0; - token.len_max[5] = 1024; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[6] = ':'; - token.len_min[6] = 0; - token.len_max[6] = 128; - token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[7] = ':'; - token.len_min[7] = 0; - token.len_max[7] = 128; - token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[8] = ':'; - token.len_min[8] = 32; - token.len_max[8] = 32; - token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - ikepsk->msg_len[0] = token.len[0] / 2; - ikepsk->msg_len[1] = ikepsk->msg_len[0] + token.len[1] / 2; - ikepsk->msg_len[2] = ikepsk->msg_len[1] + token.len[2] / 2; - ikepsk->msg_len[3] = ikepsk->msg_len[2] + token.len[3] / 2; - ikepsk->msg_len[4] = ikepsk->msg_len[3] + token.len[4] / 2; - ikepsk->msg_len[5] = ikepsk->msg_len[4] + token.len[5] / 2; - ikepsk->nr_len = (token.len[6] + token.len[7]) / 2; - - if (ikepsk->msg_len[5] > 512) return (PARSER_SALT_LENGTH); - if (ikepsk->nr_len > 64) return (PARSER_SALT_LENGTH); - - u8 *ptr1 = (u8 *) ikepsk->msg_buf; - u8 *ptr2 = (u8 *) ikepsk->nr_buf; - - for (int i = 0; i < token.len[0]; i += 2) *ptr1++ = hex_to_u8 (token.buf[0] + i); - for (int i = 0; i < token.len[1]; i += 2) *ptr1++ = hex_to_u8 (token.buf[1] + i); - for (int i = 0; i < token.len[2]; i += 2) *ptr1++ = hex_to_u8 (token.buf[2] + i); - for (int i = 0; i < token.len[3]; i += 2) *ptr1++ = hex_to_u8 (token.buf[3] + i); - for (int i = 0; i < token.len[4]; i += 2) *ptr1++ = hex_to_u8 (token.buf[4] + i); - for (int i = 0; i < token.len[5]; i += 2) *ptr1++ = hex_to_u8 (token.buf[5] + i); - for (int i = 0; i < token.len[6]; i += 2) *ptr2++ = hex_to_u8 (token.buf[6] + i); - for (int i = 0; i < token.len[7]; i += 2) *ptr2++ = hex_to_u8 (token.buf[7] + i); - - *ptr1++ = 0x80; - *ptr2++ = 0x80; - - /** - * Store to database - */ - - const u8 *hash_pos = token.buf[8]; - - digest[0] = hex_to_u32 (hash_pos + 0); - digest[1] = hex_to_u32 (hash_pos + 8); - digest[2] = hex_to_u32 (hash_pos + 16); - digest[3] = hex_to_u32 (hash_pos + 24); - - salt->salt_len = 32; - - salt->salt_buf[0] = ikepsk->nr_buf[0]; - salt->salt_buf[1] = ikepsk->nr_buf[1]; - salt->salt_buf[2] = ikepsk->nr_buf[2]; - salt->salt_buf[3] = ikepsk->nr_buf[3]; - salt->salt_buf[4] = ikepsk->nr_buf[4]; - salt->salt_buf[5] = ikepsk->nr_buf[5]; - salt->salt_buf[6] = ikepsk->nr_buf[6]; - salt->salt_buf[7] = ikepsk->nr_buf[7]; - - return (PARSER_OK); -} - -int ikepsk_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - ikepsk_t *ikepsk = (ikepsk_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 9; - - token.sep[0] = ':'; - token.len_min[0] = 0; - token.len_max[0] = 1024; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[1] = ':'; - token.len_min[1] = 0; - token.len_max[1] = 1024; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[2] = ':'; - token.len_min[2] = 0; - token.len_max[2] = 1024; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[3] = ':'; - token.len_min[3] = 0; - token.len_max[3] = 1024; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[4] = ':'; - token.len_min[4] = 0; - token.len_max[4] = 1024; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[5] = ':'; - token.len_min[5] = 0; - token.len_max[5] = 1024; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[6] = ':'; - token.len_min[6] = 0; - token.len_max[6] = 128; - token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[7] = ':'; - token.len_min[7] = 0; - token.len_max[7] = 128; - token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.sep[8] = ':'; - token.len_min[8] = 40; - token.len_max[8] = 40; - token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - ikepsk->msg_len[0] = token.len[0] / 2; - ikepsk->msg_len[1] = ikepsk->msg_len[0] + token.len[1] / 2; - ikepsk->msg_len[2] = ikepsk->msg_len[1] + token.len[2] / 2; - ikepsk->msg_len[3] = ikepsk->msg_len[2] + token.len[3] / 2; - ikepsk->msg_len[4] = ikepsk->msg_len[3] + token.len[4] / 2; - ikepsk->msg_len[5] = ikepsk->msg_len[4] + token.len[5] / 2; - ikepsk->nr_len = (token.len[6] + token.len[7]) / 2; - - if (ikepsk->msg_len[5] > 512) return (PARSER_SALT_LENGTH); - if (ikepsk->nr_len > 64) return (PARSER_SALT_LENGTH); - - u8 *ptr1 = (u8 *) ikepsk->msg_buf; - u8 *ptr2 = (u8 *) ikepsk->nr_buf; - - for (int i = 0; i < token.len[0]; i += 2) *ptr1++ = hex_to_u8 (token.buf[0] + i); - for (int i = 0; i < token.len[1]; i += 2) *ptr1++ = hex_to_u8 (token.buf[1] + i); - for (int i = 0; i < token.len[2]; i += 2) *ptr1++ = hex_to_u8 (token.buf[2] + i); - for (int i = 0; i < token.len[3]; i += 2) *ptr1++ = hex_to_u8 (token.buf[3] + i); - for (int i = 0; i < token.len[4]; i += 2) *ptr1++ = hex_to_u8 (token.buf[4] + i); - for (int i = 0; i < token.len[5]; i += 2) *ptr1++ = hex_to_u8 (token.buf[5] + i); - for (int i = 0; i < token.len[6]; i += 2) *ptr2++ = hex_to_u8 (token.buf[6] + i); - for (int i = 0; i < token.len[7]; i += 2) *ptr2++ = hex_to_u8 (token.buf[7] + i); - - *ptr1++ = 0x80; - *ptr2++ = 0x80; - - /** - * Store to database - */ - - const u8 *hash_pos = token.buf[8]; - - digest[0] = hex_to_u32 (hash_pos + 0); - digest[1] = hex_to_u32 (hash_pos + 8); - digest[2] = hex_to_u32 (hash_pos + 16); - digest[3] = hex_to_u32 (hash_pos + 24); - digest[4] = hex_to_u32 (hash_pos + 32); - - digest[0] = byte_swap_32 (digest[0]); - digest[1] = byte_swap_32 (digest[1]); - digest[2] = byte_swap_32 (digest[2]); - digest[3] = byte_swap_32 (digest[3]); - digest[4] = byte_swap_32 (digest[4]); - - salt->salt_len = 32; - - salt->salt_buf[0] = ikepsk->nr_buf[0]; - salt->salt_buf[1] = ikepsk->nr_buf[1]; - salt->salt_buf[2] = ikepsk->nr_buf[2]; - salt->salt_buf[3] = ikepsk->nr_buf[3]; - salt->salt_buf[4] = ikepsk->nr_buf[4]; - salt->salt_buf[5] = ikepsk->nr_buf[5]; - salt->salt_buf[6] = ikepsk->nr_buf[6]; - salt->salt_buf[7] = ikepsk->nr_buf[7]; - - return (PARSER_OK); -} - int ripemd160_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -4307,178 +3628,6 @@ int androidpin_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE return (PARSER_OK); } -int veracrypt_parse_hash_200000 (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - tc_t *tc = (tc_t *) hash_buf->esalt; - - if (input_len == 0) return (PARSER_HASH_LENGTH); - - FILE *fp = fopen ((const char *) input_buf, "rb"); - - if (fp == NULL) return (PARSER_HASH_FILE); - - u8 buf[512]; - - const size_t n = hc_fread ((char *) buf, 1, sizeof (buf), fp); - - fclose (fp); - - if (n != sizeof (buf)) return (PARSER_VC_FILE_SIZE); - - const float entropy = get_entropy (buf, n); - - if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); - - memcpy (tc->salt_buf, buf, 64); - - memcpy (tc->data_buf, buf + 64, 512 - 64); - - salt->salt_buf[0] = tc->salt_buf[0]; - - salt->salt_len = 4; - - salt->salt_iter = ROUNDS_VERACRYPT_200000 - 1; - - tc->signature = 0x41524556; // "VERA" - - digest[0] = tc->data_buf[0]; - - return (PARSER_OK); -} - -int veracrypt_parse_hash_500000 (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - tc_t *tc = (tc_t *) hash_buf->esalt; - - if (input_len == 0) return (PARSER_HASH_LENGTH); - - FILE *fp = fopen ((const char *) input_buf, "rb"); - - if (fp == NULL) return (PARSER_HASH_FILE); - - u8 buf[512]; - - const size_t n = hc_fread ((char *) buf, 1, sizeof (buf), fp); - - fclose (fp); - - if (n != sizeof (buf)) return (PARSER_VC_FILE_SIZE); - - const float entropy = get_entropy (buf, n); - - if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); - - memcpy (tc->salt_buf, buf, 64); - - memcpy (tc->data_buf, buf + 64, 512 - 64); - - salt->salt_buf[0] = tc->salt_buf[0]; - - salt->salt_len = 4; - - salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; - - tc->signature = 0x41524556; // "VERA" - - digest[0] = tc->data_buf[0]; - - return (PARSER_OK); -} - -int veracrypt_parse_hash_327661 (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - tc_t *tc = (tc_t *) hash_buf->esalt; - - if (input_len == 0) return (PARSER_HASH_LENGTH); - - FILE *fp = fopen ((const char *) input_buf, "rb"); - - if (fp == NULL) return (PARSER_HASH_FILE); - - u8 buf[512]; - - const size_t n = hc_fread ((char *) buf, 1, sizeof (buf), fp); - - fclose (fp); - - if (n != sizeof (buf)) return (PARSER_VC_FILE_SIZE); - - const float entropy = get_entropy (buf, n); - - if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); - - memcpy (tc->salt_buf, buf, 64); - - memcpy (tc->data_buf, buf + 64, 512 - 64); - - salt->salt_buf[0] = tc->salt_buf[0]; - - salt->salt_len = 4; - - salt->salt_iter = ROUNDS_VERACRYPT_327661 - 1; - - tc->signature = 0x41524556; // "VERA" - - digest[0] = tc->data_buf[0]; - - return (PARSER_OK); -} - -int veracrypt_parse_hash_655331 (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - tc_t *tc = (tc_t *) hash_buf->esalt; - - if (input_len == 0) return (PARSER_HASH_LENGTH); - - FILE *fp = fopen ((const char *) input_buf, "rb"); - - if (fp == NULL) return (PARSER_HASH_FILE); - - u8 buf[512]; - - const size_t n = hc_fread ((char *) buf, 1, sizeof (buf), fp); - - fclose (fp); - - if (n != sizeof (buf)) return (PARSER_VC_FILE_SIZE); - - const float entropy = get_entropy (buf, n); - - if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); - - memcpy (tc->salt_buf, buf, 64); - - memcpy (tc->data_buf, buf + 64, 512 - 64); - - salt->salt_buf[0] = tc->salt_buf[0]; - - salt->salt_len = 4; - - salt->salt_iter = ROUNDS_VERACRYPT_655331 - 1; - - tc->signature = 0x41524556; // "VERA" - - digest[0] = tc->data_buf[0]; - - return (PARSER_OK); -} - int sha1aix_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -5952,107 +5101,6 @@ int opencart_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_U return (PARSER_OK); } -int racf_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - const u8 ascii_to_ebcdic[] = - { - 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, 0x16, 0x05, 0x25, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, - 0x40, 0x4f, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, - 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, - 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0x4a, 0xe0, 0x5a, 0x5f, 0x6d, - 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, - 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xc0, 0x6a, 0xd0, 0xa1, 0x07, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x15, 0x06, 0x17, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x1b, - 0x30, 0x31, 0x1a, 0x33, 0x34, 0x35, 0x36, 0x08, 0x38, 0x39, 0x3a, 0x3b, 0x04, 0x14, 0x3e, 0xe1, - 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, - 0x76, 0x77, 0x78, 0x80, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, - 0x9f, 0xa0, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xda, 0xdb, - 0xdc, 0xdd, 0xde, 0xdf, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, - }; - - token_t token; - - token.token_cnt = 3; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_RACF; - - token.len_min[0] = 6; - token.len_max[0] = 6; - token.sep[0] = '*'; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 0; - token.len_max[1] = 8; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[2] = 2; - token.len_max[2] = 16; - token.sep[2] = '$'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - // salt - - const u8 *salt_pos = token.buf[1]; - const int salt_len = token.len[1]; - - const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); - - if (parse_rc == false) return (PARSER_SALT_LENGTH); - - // salt pc - - u8 *salt_buf_ptr = (u8 *) salt->salt_buf; - u8 *salt_buf_pc_ptr = (u8 *) salt->salt_buf_pc; - - for (u32 i = 0; i < salt->salt_len; i++) - { - salt_buf_pc_ptr[i] = ascii_to_ebcdic[(int) salt_buf_ptr[i]]; - } - for (u32 i = salt_len; i < 8; i++) - { - salt_buf_pc_ptr[i] = 0x40; - } - - u32 tt; - - IP (salt->salt_buf_pc[0], salt->salt_buf_pc[1], tt); - - salt->salt_buf_pc[0] = rotl32 (salt->salt_buf_pc[0], 3u); - salt->salt_buf_pc[1] = rotl32 (salt->salt_buf_pc[1], 3u); - - // hash - - const u8 *hash_pos = token.buf[2]; - - digest[0] = hex_to_u32 (hash_pos + 0); - digest[1] = hex_to_u32 (hash_pos + 8); - - IP (digest[0], digest[1], tt); - - digest[0] = rotr32 (digest[0], 29); - digest[1] = rotr32 (digest[1], 29); - digest[2] = 0; - digest[3] = 0; - - return (PARSER_OK); -} - int lotus5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -6968,638 +6016,6 @@ int office2010_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE return (PARSER_OK); } -int office2013_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - office2013_t *office2013 = (office2013_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 8; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_OFFICE2013; - - token.len_min[0] = 8; - token.len_max[0] = 8; - token.sep[0] = '*'; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 4; - token.len_max[1] = 4; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 6; - token.len_max[2] = 6; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[3] = 3; - token.len_max[3] = 3; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[4] = 2; - token.len_max[4] = 2; - token.sep[4] = '*'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[5] = 32; - token.len_max[5] = 32; - token.sep[5] = '*'; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[6] = 32; - token.len_max[6] = 32; - token.sep[6] = '*'; - token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[7] = 64; - token.len_max[7] = 64; - token.sep[7] = '*'; - token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *version_pos = token.buf[1]; - const u8 *spinCount_pos = token.buf[2]; - const u8 *keySize_pos = token.buf[3]; - const u8 *saltSize_pos = token.buf[4]; - const u8 *osalt_pos = token.buf[5]; - const u8 *encryptedVerifier_pos = token.buf[6]; - const u8 *encryptedVerifierHash_pos = token.buf[7]; - - const u32 version = hc_strtoul ((const char *) version_pos, NULL, 10); - const u32 spinCount = hc_strtoul ((const char *) spinCount_pos, NULL, 10); - const u32 keySize = hc_strtoul ((const char *) keySize_pos, NULL, 10); - const u32 saltSize = hc_strtoul ((const char *) saltSize_pos, NULL, 10); - - if (version != 2013) return (PARSER_SALT_VALUE); - if (spinCount != 100000) return (PARSER_SALT_VALUE); - if (keySize != 256) return (PARSER_SALT_VALUE); - if (saltSize != 16) return (PARSER_SALT_VALUE); - - /** - * salt - */ - - salt->salt_len = 16; - salt->salt_iter = spinCount; - - salt->salt_buf[0] = hex_to_u32 (osalt_pos + 0); - salt->salt_buf[1] = hex_to_u32 (osalt_pos + 8); - salt->salt_buf[2] = hex_to_u32 (osalt_pos + 16); - salt->salt_buf[3] = hex_to_u32 (osalt_pos + 24); - - salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); - salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); - salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); - salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); - - /** - * esalt - */ - - office2013->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); - office2013->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); - office2013->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); - office2013->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); - - office2013->encryptedVerifier[0] = byte_swap_32 (office2013->encryptedVerifier[0]); - office2013->encryptedVerifier[1] = byte_swap_32 (office2013->encryptedVerifier[1]); - office2013->encryptedVerifier[2] = byte_swap_32 (office2013->encryptedVerifier[2]); - office2013->encryptedVerifier[3] = byte_swap_32 (office2013->encryptedVerifier[3]); - - office2013->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); - office2013->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); - office2013->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); - office2013->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); - office2013->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); - office2013->encryptedVerifierHash[5] = hex_to_u32 (encryptedVerifierHash_pos + 40); - office2013->encryptedVerifierHash[6] = hex_to_u32 (encryptedVerifierHash_pos + 48); - office2013->encryptedVerifierHash[7] = hex_to_u32 (encryptedVerifierHash_pos + 56); - - office2013->encryptedVerifierHash[0] = byte_swap_32 (office2013->encryptedVerifierHash[0]); - office2013->encryptedVerifierHash[1] = byte_swap_32 (office2013->encryptedVerifierHash[1]); - office2013->encryptedVerifierHash[2] = byte_swap_32 (office2013->encryptedVerifierHash[2]); - office2013->encryptedVerifierHash[3] = byte_swap_32 (office2013->encryptedVerifierHash[3]); - office2013->encryptedVerifierHash[4] = byte_swap_32 (office2013->encryptedVerifierHash[4]); - office2013->encryptedVerifierHash[5] = byte_swap_32 (office2013->encryptedVerifierHash[5]); - office2013->encryptedVerifierHash[6] = byte_swap_32 (office2013->encryptedVerifierHash[6]); - office2013->encryptedVerifierHash[7] = byte_swap_32 (office2013->encryptedVerifierHash[7]); - - /** - * digest - */ - - digest[0] = office2013->encryptedVerifierHash[0]; - digest[1] = office2013->encryptedVerifierHash[1]; - digest[2] = office2013->encryptedVerifierHash[2]; - digest[3] = office2013->encryptedVerifierHash[3]; - - return (PARSER_OK); -} - -int oldoffice01_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - oldoffice01_t *oldoffice01 = (oldoffice01_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 5; - - token.signatures_cnt = 2; - token.signatures_buf[0] = SIGNATURE_OLDOFFICE0; - token.signatures_buf[1] = SIGNATURE_OLDOFFICE1; - - token.len[0] = 11; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 1; - token.len_max[1] = 1; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 32; - token.len_max[2] = 32; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[3] = 32; - token.len_max[3] = 32; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[4] = 32; - token.len_max[4] = 32; - token.sep[4] = '*'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *version_pos = token.buf[1]; - const u8 *osalt_pos = token.buf[2]; - const u8 *encryptedVerifier_pos = token.buf[3]; - const u8 *encryptedVerifierHash_pos = token.buf[4]; - - // esalt - - const u32 version = *version_pos - 0x30; - - if (version != 0 && version != 1) return (PARSER_SALT_VALUE); - - oldoffice01->version = version; - - oldoffice01->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); - oldoffice01->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); - oldoffice01->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); - oldoffice01->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); - - oldoffice01->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); - oldoffice01->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); - oldoffice01->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); - oldoffice01->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); - - // salt - - salt->salt_len = 16; - - salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); - salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); - salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); - salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); - - // this is a workaround as office produces multiple documents with the same salt - - salt->salt_buf[ 4] = oldoffice01->encryptedVerifier[0]; - salt->salt_buf[ 5] = oldoffice01->encryptedVerifier[1]; - salt->salt_buf[ 6] = oldoffice01->encryptedVerifier[2]; - salt->salt_buf[ 7] = oldoffice01->encryptedVerifier[3]; - salt->salt_buf[ 8] = oldoffice01->encryptedVerifierHash[0]; - salt->salt_buf[ 9] = oldoffice01->encryptedVerifierHash[1]; - salt->salt_buf[10] = oldoffice01->encryptedVerifierHash[2]; - salt->salt_buf[11] = oldoffice01->encryptedVerifierHash[3]; - - salt->salt_len += 32; - - /** - * digest - */ - - digest[0] = oldoffice01->encryptedVerifierHash[0]; - digest[1] = oldoffice01->encryptedVerifierHash[1]; - digest[2] = oldoffice01->encryptedVerifierHash[2]; - digest[3] = oldoffice01->encryptedVerifierHash[3]; - - return (PARSER_OK); -} - -int oldoffice01cm1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - return oldoffice01_parse_hash (input_buf, input_len, hash_buf, hashconfig); -} - -int oldoffice01cm2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - oldoffice01_t *oldoffice01 = (oldoffice01_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 6; - - token.signatures_cnt = 2; - token.signatures_buf[0] = SIGNATURE_OLDOFFICE0; - token.signatures_buf[1] = SIGNATURE_OLDOFFICE1; - - token.len[0] = 11; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 1; - token.len_max[1] = 1; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 32; - token.len_max[2] = 32; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[3] = 32; - token.len_max[3] = 32; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[4] = 32; - token.len_max[4] = 32; - token.sep[4] = ':'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[5] = 10; - token.len_max[5] = 10; - token.sep[5] = ':'; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *version_pos = token.buf[1]; - const u8 *osalt_pos = token.buf[2]; - const u8 *encryptedVerifier_pos = token.buf[3]; - const u8 *encryptedVerifierHash_pos = token.buf[4]; - const u8 *rc4key_pos = token.buf[5]; - - // esalt - - const u32 version = *version_pos - 0x30; - - if (version != 0 && version != 1) return (PARSER_SALT_VALUE); - - oldoffice01->version = version; - - oldoffice01->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); - oldoffice01->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); - oldoffice01->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); - oldoffice01->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); - - oldoffice01->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); - oldoffice01->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); - oldoffice01->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); - oldoffice01->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); - - oldoffice01->rc4key[1] = 0; - oldoffice01->rc4key[0] = 0; - - oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[0]) << 28; - oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[1]) << 24; - oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[2]) << 20; - oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[3]) << 16; - oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[4]) << 12; - oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[5]) << 8; - oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[6]) << 4; - oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[7]) << 0; - oldoffice01->rc4key[1] |= hex_convert (rc4key_pos[8]) << 28; - oldoffice01->rc4key[1] |= hex_convert (rc4key_pos[9]) << 24; - - oldoffice01->rc4key[0] = byte_swap_32 (oldoffice01->rc4key[0]); - oldoffice01->rc4key[1] = byte_swap_32 (oldoffice01->rc4key[1]); - - // salt - - salt->salt_len = 16; - - salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); - salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); - salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); - salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); - - // this is a workaround as office produces multiple documents with the same salt - - salt->salt_buf[ 4] = oldoffice01->encryptedVerifier[0]; - salt->salt_buf[ 5] = oldoffice01->encryptedVerifier[1]; - salt->salt_buf[ 6] = oldoffice01->encryptedVerifier[2]; - salt->salt_buf[ 7] = oldoffice01->encryptedVerifier[3]; - salt->salt_buf[ 8] = oldoffice01->encryptedVerifierHash[0]; - salt->salt_buf[ 9] = oldoffice01->encryptedVerifierHash[1]; - salt->salt_buf[10] = oldoffice01->encryptedVerifierHash[2]; - salt->salt_buf[11] = oldoffice01->encryptedVerifierHash[3]; - - salt->salt_len += 32; - - /** - * digest - */ - - digest[0] = oldoffice01->rc4key[0]; - digest[1] = oldoffice01->rc4key[1]; - digest[2] = 0; - digest[3] = 0; - - return (PARSER_OK); -} - -int oldoffice34_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - oldoffice34_t *oldoffice34 = (oldoffice34_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 5; - - token.signatures_cnt = 2; - token.signatures_buf[0] = SIGNATURE_OLDOFFICE3; - token.signatures_buf[1] = SIGNATURE_OLDOFFICE4; - - token.len[0] = 11; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 1; - token.len_max[1] = 1; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 32; - token.len_max[2] = 32; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[3] = 32; - token.len_max[3] = 32; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[4] = 40; - token.len_max[4] = 40; - token.sep[4] = '*'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *version_pos = token.buf[1]; - const u8 *osalt_pos = token.buf[2]; - const u8 *encryptedVerifier_pos = token.buf[3]; - const u8 *encryptedVerifierHash_pos = token.buf[4]; - - // esalt - - const u32 version = *version_pos - 0x30; - - if (version != 3 && version != 4) return (PARSER_SALT_VALUE); - - oldoffice34->version = version; - - oldoffice34->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); - oldoffice34->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); - oldoffice34->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); - oldoffice34->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); - - oldoffice34->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); - oldoffice34->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); - oldoffice34->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); - oldoffice34->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); - oldoffice34->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); - - // salt - - salt->salt_len = 16; - - salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); - salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); - salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); - salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); - - salt->salt_buf[ 0] = byte_swap_32 (salt->salt_buf[0]); - salt->salt_buf[ 1] = byte_swap_32 (salt->salt_buf[1]); - salt->salt_buf[ 2] = byte_swap_32 (salt->salt_buf[2]); - salt->salt_buf[ 3] = byte_swap_32 (salt->salt_buf[3]); - - // this is a workaround as office produces multiple documents with the same salt - - salt->salt_buf[ 4] = oldoffice34->encryptedVerifier[0]; - salt->salt_buf[ 5] = oldoffice34->encryptedVerifier[1]; - salt->salt_buf[ 6] = oldoffice34->encryptedVerifier[2]; - salt->salt_buf[ 7] = oldoffice34->encryptedVerifier[3]; - salt->salt_buf[ 8] = oldoffice34->encryptedVerifierHash[0]; - salt->salt_buf[ 9] = oldoffice34->encryptedVerifierHash[1]; - salt->salt_buf[10] = oldoffice34->encryptedVerifierHash[2]; - salt->salt_buf[11] = oldoffice34->encryptedVerifierHash[3]; - - salt->salt_len += 32; - - /** - * digest - */ - - digest[0] = oldoffice34->encryptedVerifierHash[0]; - digest[1] = oldoffice34->encryptedVerifierHash[1]; - digest[2] = oldoffice34->encryptedVerifierHash[2]; - digest[3] = oldoffice34->encryptedVerifierHash[3]; - - return (PARSER_OK); -} - -int oldoffice34cm1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - if (memcmp (SIGNATURE_OLDOFFICE3, input_buf, 12) != 0) return (PARSER_SIGNATURE_UNMATCHED); - - return oldoffice34_parse_hash (input_buf, input_len, hash_buf, hashconfig); -} - -int oldoffice34cm2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - oldoffice34_t *oldoffice34 = (oldoffice34_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 6; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_OLDOFFICE3; - - token.len[0] = 11; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 1; - token.len_max[1] = 1; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 32; - token.len_max[2] = 32; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[3] = 32; - token.len_max[3] = 32; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[4] = 40; - token.len_max[4] = 40; - token.sep[4] = ':'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[5] = 10; - token.len_max[5] = 10; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *version_pos = token.buf[1]; - const u8 *osalt_pos = token.buf[2]; - const u8 *encryptedVerifier_pos = token.buf[3]; - const u8 *encryptedVerifierHash_pos = token.buf[4]; - const u8 *rc4key_pos = token.buf[5]; - - // esalt - - const u32 version = *version_pos - 0x30; - - if (version != 3 && version != 4) return (PARSER_SALT_VALUE); - - oldoffice34->version = version; - - oldoffice34->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); - oldoffice34->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); - oldoffice34->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); - oldoffice34->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); - - oldoffice34->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); - oldoffice34->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); - oldoffice34->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); - oldoffice34->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); - oldoffice34->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); - - oldoffice34->rc4key[1] = 0; - oldoffice34->rc4key[0] = 0; - - oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[0]) << 28; - oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[1]) << 24; - oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[2]) << 20; - oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[3]) << 16; - oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[4]) << 12; - oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[5]) << 8; - oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[6]) << 4; - oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[7]) << 0; - oldoffice34->rc4key[1] |= hex_convert (rc4key_pos[8]) << 28; - oldoffice34->rc4key[1] |= hex_convert (rc4key_pos[9]) << 24; - - oldoffice34->rc4key[0] = byte_swap_32 (oldoffice34->rc4key[0]); - oldoffice34->rc4key[1] = byte_swap_32 (oldoffice34->rc4key[1]); - - // salt - - salt->salt_len = 16; - - salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); - salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); - salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); - salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); - - salt->salt_buf[ 0] = byte_swap_32 (salt->salt_buf[0]); - salt->salt_buf[ 1] = byte_swap_32 (salt->salt_buf[1]); - salt->salt_buf[ 2] = byte_swap_32 (salt->salt_buf[2]); - salt->salt_buf[ 3] = byte_swap_32 (salt->salt_buf[3]); - - // this is a workaround as office produces multiple documents with the same salt - - salt->salt_buf[ 4] = oldoffice34->encryptedVerifier[0]; - salt->salt_buf[ 5] = oldoffice34->encryptedVerifier[1]; - salt->salt_buf[ 6] = oldoffice34->encryptedVerifier[2]; - salt->salt_buf[ 7] = oldoffice34->encryptedVerifier[3]; - salt->salt_buf[ 8] = oldoffice34->encryptedVerifierHash[0]; - salt->salt_buf[ 9] = oldoffice34->encryptedVerifierHash[1]; - salt->salt_buf[10] = oldoffice34->encryptedVerifierHash[2]; - salt->salt_buf[11] = oldoffice34->encryptedVerifierHash[3]; - - salt->salt_len += 32; - - /** - * digest - */ - - digest[0] = oldoffice34->rc4key[0]; - digest[1] = oldoffice34->rc4key[1]; - digest[2] = 0; - digest[3] = 0; - - return (PARSER_OK); -} - int radmin2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -8185,617 +6601,6 @@ int punbb_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUS return (PARSER_OK); } -int pdf11_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - pdf_t *pdf = (pdf_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 12; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_PDF; - - token.len[0] = 5; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 1; - token.len_max[1] = 1; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 1; - token.len_max[2] = 1; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[3] = 2; - token.len_max[3] = 2; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[4] = 1; - token.len_max[4] = 6; - token.sep[4] = '*'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[5] = 1; - token.len_max[5] = 1; - token.sep[5] = '*'; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[6] = 2; - token.len_max[6] = 2; - token.sep[6] = '*'; - token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[7] = 32; - token.len_max[7] = 32; - token.sep[7] = '*'; - token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[8] = 2; - token.len_max[8] = 2; - token.sep[8] = '*'; - token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[9] = 64; - token.len_max[9] = 64; - token.sep[9] = '*'; - token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[10] = 2; - token.len_max[10] = 2; - token.sep[10] = '*'; - token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[11] = 64; - token.len_max[11] = 64; - token.sep[11] = '*'; - token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *V_pos = token.buf[1]; - const u8 *R_pos = token.buf[2]; - const u8 *bits_pos = token.buf[3]; - const u8 *P_pos = token.buf[4]; - const u8 *enc_md_pos = token.buf[5]; - const u8 *id_len_pos = token.buf[6]; - const u8 *id_buf_pos = token.buf[7]; - const u8 *u_len_pos = token.buf[8]; - const u8 *u_buf_pos = token.buf[9]; - const u8 *o_len_pos = token.buf[10]; - const u8 *o_buf_pos = token.buf[11]; - - // validate data - - const int V = strtol ((const char *) V_pos, NULL, 10); - const int R = strtol ((const char *) R_pos, NULL, 10); - const int P = strtol ((const char *) P_pos, NULL, 10); - - if (V != 1) return (PARSER_SALT_VALUE); - if (R != 2) return (PARSER_SALT_VALUE); - - const int enc_md = strtol ((const char *) enc_md_pos, NULL, 10); - - if ((enc_md != 0) && (enc_md != 1)) return (PARSER_SALT_VALUE); - - const int id_len = strtol ((const char *) id_len_pos, NULL, 10); - const int u_len = strtol ((const char *) u_len_pos, NULL, 10); - const int o_len = strtol ((const char *) o_len_pos, NULL, 10); - - if (id_len != 16) return (PARSER_SALT_VALUE); - if (u_len != 32) return (PARSER_SALT_VALUE); - if (o_len != 32) return (PARSER_SALT_VALUE); - - const int bits = strtol ((const char *) bits_pos, NULL, 10); - - if (bits != 40) return (PARSER_SALT_VALUE); - - // copy data to esalt - - pdf->V = V; - pdf->R = R; - pdf->P = P; - - pdf->enc_md = enc_md; - - pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0); - pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8); - pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16); - pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24); - pdf->id_len = id_len; - - pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0); - pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8); - pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16); - pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24); - pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32); - pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40); - pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48); - pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56); - pdf->u_len = u_len; - - pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0); - pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8); - pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16); - pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24); - pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32); - pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40); - pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48); - pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56); - pdf->o_len = o_len; - - // we use ID for salt, maybe needs to change, we will see... - - salt->salt_buf[0] = pdf->id_buf[0]; - salt->salt_buf[1] = pdf->id_buf[1]; - salt->salt_buf[2] = pdf->id_buf[2]; - salt->salt_buf[3] = pdf->id_buf[3]; - salt->salt_len = pdf->id_len; - - digest[0] = pdf->u_buf[0]; - digest[1] = pdf->u_buf[1]; - digest[2] = pdf->u_buf[2]; - digest[3] = pdf->u_buf[3]; - - return (PARSER_OK); -} - -int pdf11cm1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - return pdf11_parse_hash (input_buf, input_len, hash_buf, hashconfig); -} - -int pdf11cm2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - pdf_t *pdf = (pdf_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 13; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_PDF; - - token.len[0] = 5; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 1; - token.len_max[1] = 1; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 1; - token.len_max[2] = 1; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[3] = 2; - token.len_max[3] = 2; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[4] = 1; - token.len_max[4] = 6; - token.sep[4] = '*'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[5] = 1; - token.len_max[5] = 1; - token.sep[5] = '*'; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[6] = 2; - token.len_max[6] = 2; - token.sep[6] = '*'; - token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[7] = 32; - token.len_max[7] = 32; - token.sep[7] = '*'; - token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[8] = 2; - token.len_max[8] = 2; - token.sep[8] = '*'; - token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[9] = 64; - token.len_max[9] = 64; - token.sep[9] = '*'; - token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[10] = 2; - token.len_max[10] = 2; - token.sep[10] = '*'; - token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[11] = 64; - token.len_max[11] = 64; - token.sep[11] = ':'; - token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[12] = 10; - token.len_max[12] = 10; - token.sep[12] = '*'; - token.attr[12] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *V_pos = token.buf[1]; - const u8 *R_pos = token.buf[2]; - const u8 *bits_pos = token.buf[3]; - const u8 *P_pos = token.buf[4]; - const u8 *enc_md_pos = token.buf[5]; - const u8 *id_len_pos = token.buf[6]; - const u8 *id_buf_pos = token.buf[7]; - const u8 *u_len_pos = token.buf[8]; - const u8 *u_buf_pos = token.buf[9]; - const u8 *o_len_pos = token.buf[10]; - const u8 *o_buf_pos = token.buf[11]; - const u8 *rc4key_pos = token.buf[12]; - - // validate data - - const int V = strtol ((const char *) V_pos, NULL, 10); - const int R = strtol ((const char *) R_pos, NULL, 10); - const int P = strtol ((const char *) P_pos, NULL, 10); - - if (V != 1) return (PARSER_SALT_VALUE); - if (R != 2) return (PARSER_SALT_VALUE); - - const int enc_md = strtol ((const char *) enc_md_pos, NULL, 10); - - if ((enc_md != 0) && (enc_md != 1)) return (PARSER_SALT_VALUE); - - const int id_len = strtol ((const char *) id_len_pos, NULL, 10); - const int u_len = strtol ((const char *) u_len_pos, NULL, 10); - const int o_len = strtol ((const char *) o_len_pos, NULL, 10); - - if (id_len != 16) return (PARSER_SALT_VALUE); - if (u_len != 32) return (PARSER_SALT_VALUE); - if (o_len != 32) return (PARSER_SALT_VALUE); - - const int bits = strtol ((const char *) bits_pos, NULL, 10); - - if (bits != 40) return (PARSER_SALT_VALUE); - - // copy data to esalt - - pdf->V = V; - pdf->R = R; - pdf->P = P; - - pdf->enc_md = enc_md; - - pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0); - pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8); - pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16); - pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24); - pdf->id_len = id_len; - - pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0); - pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8); - pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16); - pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24); - pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32); - pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40); - pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48); - pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56); - pdf->u_len = u_len; - - pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0); - pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8); - pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16); - pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24); - pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32); - pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40); - pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48); - pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56); - pdf->o_len = o_len; - - pdf->rc4key[1] = 0; - pdf->rc4key[0] = 0; - - pdf->rc4key[0] |= hex_convert (rc4key_pos[0]) << 28; - pdf->rc4key[0] |= hex_convert (rc4key_pos[1]) << 24; - pdf->rc4key[0] |= hex_convert (rc4key_pos[2]) << 20; - pdf->rc4key[0] |= hex_convert (rc4key_pos[3]) << 16; - pdf->rc4key[0] |= hex_convert (rc4key_pos[4]) << 12; - pdf->rc4key[0] |= hex_convert (rc4key_pos[5]) << 8; - pdf->rc4key[0] |= hex_convert (rc4key_pos[6]) << 4; - pdf->rc4key[0] |= hex_convert (rc4key_pos[7]) << 0; - pdf->rc4key[1] |= hex_convert (rc4key_pos[8]) << 28; - pdf->rc4key[1] |= hex_convert (rc4key_pos[9]) << 24; - - pdf->rc4key[0] = byte_swap_32 (pdf->rc4key[0]); - pdf->rc4key[1] = byte_swap_32 (pdf->rc4key[1]); - - // we use ID for salt, maybe needs to change, we will see... - - salt->salt_buf[0] = pdf->id_buf[0]; - salt->salt_buf[1] = pdf->id_buf[1]; - salt->salt_buf[2] = pdf->id_buf[2]; - salt->salt_buf[3] = pdf->id_buf[3]; - salt->salt_buf[4] = pdf->u_buf[0]; - salt->salt_buf[5] = pdf->u_buf[1]; - salt->salt_buf[6] = pdf->o_buf[0]; - salt->salt_buf[7] = pdf->o_buf[1]; - salt->salt_len = pdf->id_len + 16; - - digest[0] = pdf->rc4key[0]; - digest[1] = pdf->rc4key[1]; - digest[2] = 0; - digest[3] = 0; - - return (PARSER_OK); -} - -int pdf14_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - pdf_t *pdf = (pdf_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 12; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_PDF; - - token.len[0] = 5; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 1; - token.len_max[1] = 1; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 1; - token.len_max[2] = 1; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[3] = 3; - token.len_max[3] = 3; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[4] = 1; - token.len_max[4] = 6; - token.sep[4] = '*'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[5] = 1; - token.len_max[5] = 1; - token.sep[5] = '*'; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[6] = 2; - token.len_max[6] = 2; - token.sep[6] = '*'; - token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[7] = 32; - token.len_max[7] = 64; - token.sep[7] = '*'; - token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[8] = 2; - token.len_max[8] = 2; - token.sep[8] = '*'; - token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[9] = 64; - token.len_max[9] = 64; - token.sep[9] = '*'; - token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[10] = 2; - token.len_max[10] = 2; - token.sep[10] = '*'; - token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[11] = 64; - token.len_max[11] = 64; - token.sep[11] = '*'; - token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *V_pos = token.buf[1]; - const u8 *R_pos = token.buf[2]; - const u8 *bits_pos = token.buf[3]; - const u8 *P_pos = token.buf[4]; - const u8 *enc_md_pos = token.buf[5]; - const u8 *id_len_pos = token.buf[6]; - const u8 *id_buf_pos = token.buf[7]; - const u8 *u_len_pos = token.buf[8]; - const u8 *u_buf_pos = token.buf[9]; - const u8 *o_len_pos = token.buf[10]; - const u8 *o_buf_pos = token.buf[11]; - - // validate data - - const int V = strtol ((const char *) V_pos, NULL, 10); - const int R = strtol ((const char *) R_pos, NULL, 10); - const int P = strtol ((const char *) P_pos, NULL, 10); - - int vr_ok = 0; - - if ((V == 2) && (R == 3)) vr_ok = 1; - if ((V == 4) && (R == 4)) vr_ok = 1; - - if (vr_ok == 0) return (PARSER_SALT_VALUE); - - const int id_len = strtol ((const char *) id_len_pos, NULL, 10); - const int u_len = strtol ((const char *) u_len_pos, NULL, 10); - const int o_len = strtol ((const char *) o_len_pos, NULL, 10); - - if ((id_len != 16) && (id_len != 32)) return (PARSER_SALT_VALUE); - - if (u_len != 32) return (PARSER_SALT_VALUE); - if (o_len != 32) return (PARSER_SALT_VALUE); - - const int bits = strtol ((const char *) bits_pos, NULL, 10); - - if (bits != 128) return (PARSER_SALT_VALUE); - - int enc_md = 1; - - if (R >= 4) - { - enc_md = strtol ((const char *) enc_md_pos, NULL, 10); - } - - // copy data to esalt - - pdf->V = V; - pdf->R = R; - pdf->P = P; - - pdf->enc_md = enc_md; - - pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0); - pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8); - pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16); - pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24); - - if (id_len == 32) - { - pdf->id_buf[4] = hex_to_u32 (id_buf_pos + 32); - pdf->id_buf[5] = hex_to_u32 (id_buf_pos + 40); - pdf->id_buf[6] = hex_to_u32 (id_buf_pos + 48); - pdf->id_buf[7] = hex_to_u32 (id_buf_pos + 56); - } - - pdf->id_len = id_len; - - pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0); - pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8); - pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16); - pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24); - pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32); - pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40); - pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48); - pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56); - pdf->u_len = u_len; - - pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0); - pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8); - pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16); - pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24); - pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32); - pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40); - pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48); - pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56); - pdf->o_len = o_len; - - // precompute rc4 data for later use - - u32 padding[8] = - { - 0x5e4ebf28, - 0x418a754e, - 0x564e0064, - 0x0801faff, - 0xb6002e2e, - 0x803e68d0, - 0xfea90c2f, - 0x7a695364 - }; - - // md5 - - u32 salt_pc_block[32] = { 0 }; - - u8 *salt_pc_ptr = (u8 *) salt_pc_block; - - memcpy (salt_pc_ptr, padding, 32); - memcpy (salt_pc_ptr + 32, pdf->id_buf, pdf->id_len); - - u32 salt_pc_digest[4] = { 0 }; - - md5_complete_no_limit (salt_pc_digest, salt_pc_block, 32 + pdf->id_len); - - pdf->rc4data[0] = salt_pc_digest[0]; - pdf->rc4data[1] = salt_pc_digest[1]; - - // we use ID for salt, maybe needs to change, we will see... - - salt->salt_buf[0] = pdf->id_buf[0]; - salt->salt_buf[1] = pdf->id_buf[1]; - salt->salt_buf[2] = pdf->id_buf[2]; - salt->salt_buf[3] = pdf->id_buf[3]; - salt->salt_buf[4] = pdf->u_buf[0]; - salt->salt_buf[5] = pdf->u_buf[1]; - salt->salt_buf[6] = pdf->o_buf[0]; - salt->salt_buf[7] = pdf->o_buf[1]; - salt->salt_len = pdf->id_len + 16; - - salt->salt_iter = ROUNDS_PDF14; - - digest[0] = pdf->u_buf[0]; - digest[1] = pdf->u_buf[1]; - digest[2] = 0; - digest[3] = 0; - - return (PARSER_OK); -} - int pdf17l3_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { int ret = pdf17l8_parse_hash (input_buf, input_len, hash_buf, hashconfig); @@ -9092,47 +6897,6 @@ int pbkdf2_sha256_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA return (PARSER_OK); } -int prestashop_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - token_t token; - - token.token_cnt = 2; - - token.sep[0] = hashconfig->separator; - token.len_min[0] = 32; - token.len_max[0] = 32; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[1] = 56; - token.len_max[1] = 56; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *hash_pos = token.buf[0]; - - digest[0] = hex_to_u32 (hash_pos + 0); - digest[1] = hex_to_u32 (hash_pos + 8); - digest[2] = hex_to_u32 (hash_pos + 16); - digest[3] = hex_to_u32 (hash_pos + 24); - - const u8 *salt_pos = token.buf[1]; - const int salt_len = token.len[1]; - - const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); - - if (parse_rc == false) return (PARSER_SALT_LENGTH); - - return (PARSER_OK); -} - int postgresql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -10076,86 +7840,6 @@ int ecryptfs_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_U return (PARSER_OK); } -int bsdicrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - salt_t *salt = hash_buf->salt; - - u32 *digest = (u32 *) hash_buf->digest; - - token_t token; - - token.token_cnt = 4; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_BSDICRYPT; - - token.len[0] = 1; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len[1] = 4; - token.attr[1] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64B; - - token.len[2] = 4; - token.attr[2] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64B; - - token.len[3] = 11; - token.attr[3] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64B; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - // iteration count - - const u8 *iter_pos = token.buf[1]; - - salt->salt_iter = itoa64_to_int (iter_pos[0]) - | itoa64_to_int (iter_pos[1]) << 6 - | itoa64_to_int (iter_pos[2]) << 12 - | itoa64_to_int (iter_pos[3]) << 18; - - // set salt - - const u8 *salt_pos = token.buf[2]; - - salt->salt_buf[0] = itoa64_to_int (salt_pos[0]) - | itoa64_to_int (salt_pos[1]) << 6 - | itoa64_to_int (salt_pos[2]) << 12 - | itoa64_to_int (salt_pos[3]) << 18; - - salt->salt_len = 4; - - // hash - - const u8 *hash_pos = token.buf[3]; - const int hash_len = token.len[3]; - - unsigned char c19 = itoa64_to_int (hash_pos[10]); - - if (c19 & 3) return (PARSER_HASH_VALUE); - - u8 tmp_buf[100] = { 0 }; - - base64_decode (itoa64_to_int, hash_pos, hash_len, tmp_buf); - - memcpy (digest, tmp_buf, 8); - - u32 tt; - - IP (digest[0], digest[1], tt); - - digest[0] = rotr32 (digest[0], 31); - digest[1] = rotr32 (digest[1], 31); - digest[2] = 0; - digest[3] = 0; - - return (PARSER_OK); -} - int axcrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -10665,110 +8349,6 @@ int keepass_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UN return (PARSER_OK); } -int cf10_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - token_t token; - - token.token_cnt = 2; - - token.sep[0] = hashconfig->separator; - token.len_min[0] = 64; - token.len_max[0] = 64; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[1] = 64; - token.len_max[1] = 64; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - // hash - - const u8 *hash_pos = token.buf[0]; - - digest[0] = hex_to_u32 (hash_pos + 0); - digest[1] = hex_to_u32 (hash_pos + 8); - digest[2] = hex_to_u32 (hash_pos + 16); - digest[3] = hex_to_u32 (hash_pos + 24); - digest[4] = hex_to_u32 (hash_pos + 32); - digest[5] = hex_to_u32 (hash_pos + 40); - digest[6] = hex_to_u32 (hash_pos + 48); - digest[7] = hex_to_u32 (hash_pos + 56); - - digest[0] = byte_swap_32 (digest[0]); - digest[1] = byte_swap_32 (digest[1]); - digest[2] = byte_swap_32 (digest[2]); - digest[3] = byte_swap_32 (digest[3]); - digest[4] = byte_swap_32 (digest[4]); - digest[5] = byte_swap_32 (digest[5]); - digest[6] = byte_swap_32 (digest[6]); - digest[7] = byte_swap_32 (digest[7]); - - // salt - - const u8 *salt_pos = token.buf[1]; - const int salt_len = token.len[1]; - - const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); - - if (parse_rc == false) return (PARSER_SALT_LENGTH); - - /** - * we can precompute the first sha256 transform - */ - - u32 w[16] = { 0 }; - - w[ 0] = byte_swap_32 (salt->salt_buf[ 0]); - w[ 1] = byte_swap_32 (salt->salt_buf[ 1]); - w[ 2] = byte_swap_32 (salt->salt_buf[ 2]); - w[ 3] = byte_swap_32 (salt->salt_buf[ 3]); - w[ 4] = byte_swap_32 (salt->salt_buf[ 4]); - w[ 5] = byte_swap_32 (salt->salt_buf[ 5]); - w[ 6] = byte_swap_32 (salt->salt_buf[ 6]); - w[ 7] = byte_swap_32 (salt->salt_buf[ 7]); - w[ 8] = byte_swap_32 (salt->salt_buf[ 8]); - w[ 9] = byte_swap_32 (salt->salt_buf[ 9]); - w[10] = byte_swap_32 (salt->salt_buf[10]); - w[11] = byte_swap_32 (salt->salt_buf[11]); - w[12] = byte_swap_32 (salt->salt_buf[12]); - w[13] = byte_swap_32 (salt->salt_buf[13]); - w[14] = byte_swap_32 (salt->salt_buf[14]); - w[15] = byte_swap_32 (salt->salt_buf[15]); - - u32 pc256[8] = { SHA256M_A, SHA256M_B, SHA256M_C, SHA256M_D, SHA256M_E, SHA256M_F, SHA256M_G, SHA256M_H }; - - sha256_64 (w, pc256); - - salt->salt_buf_pc[0] = pc256[0]; - salt->salt_buf_pc[1] = pc256[1]; - salt->salt_buf_pc[2] = pc256[2]; - salt->salt_buf_pc[3] = pc256[3]; - salt->salt_buf_pc[4] = pc256[4]; - salt->salt_buf_pc[5] = pc256[5]; - salt->salt_buf_pc[6] = pc256[6]; - salt->salt_buf_pc[7] = pc256[7]; - - digest[0] -= pc256[0]; - digest[1] -= pc256[1]; - digest[2] -= pc256[2]; - digest[3] -= pc256[3]; - digest[4] -= pc256[4]; - digest[5] -= pc256[5]; - digest[6] -= pc256[6]; - digest[7] -= pc256[7]; - - return (PARSER_OK); -} - int mywallet_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -11712,52 +9292,6 @@ int itunes_backup_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA return (PARSER_OK); } -int skip32_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - token_t token; - - token.token_cnt = 2; - - token.len_min[0] = 8; - token.len_max[0] = 8; - token.sep[0] = hashconfig->separator; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[1] = 8; - token.len_max[1] = 8; - token.sep[1] = hashconfig->separator; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - // digest - - const u8 *hash_pos = token.buf[0]; - - digest[0] = hex_to_u32 ((const u8 *) &hash_pos[0]); - digest[1] = 0; - digest[2] = 0; - digest[3] = 0; - - // salt - - const u8 *salt_pos = token.buf[1]; - const int salt_len = token.len[1]; - - salt->salt_buf[0] = hex_to_u32 ((const u8 *) &salt_pos[0]); - - salt->salt_len = salt_len / 2; // 4 - - return (PARSER_OK); -} int fortigate_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { @@ -11912,72 +9446,6 @@ int sha256b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE return (PARSER_OK); } -int filezilla_server_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u64 *digest = (u64 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - token_t token; - - token.token_cnt = 2; - - token.sep[0] = hashconfig->separator; - token.len_min[0] = 128; - token.len_max[0] = 128; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[1] = 64; - token.len_max[1] = 64; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *hash_pos = token.buf[0]; - - digest[0] = hex_to_u64 (hash_pos + 0); - digest[1] = hex_to_u64 (hash_pos + 16); - digest[2] = hex_to_u64 (hash_pos + 32); - digest[3] = hex_to_u64 (hash_pos + 48); - digest[4] = hex_to_u64 (hash_pos + 64); - digest[5] = hex_to_u64 (hash_pos + 80); - digest[6] = hex_to_u64 (hash_pos + 96); - digest[7] = hex_to_u64 (hash_pos + 112); - - digest[0] = byte_swap_64 (digest[0]); - digest[1] = byte_swap_64 (digest[1]); - digest[2] = byte_swap_64 (digest[2]); - digest[3] = byte_swap_64 (digest[3]); - digest[4] = byte_swap_64 (digest[4]); - digest[5] = byte_swap_64 (digest[5]); - digest[6] = byte_swap_64 (digest[6]); - digest[7] = byte_swap_64 (digest[7]); - - if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE) - { - digest[0] -= SHA512M_A; - digest[1] -= SHA512M_B; - digest[2] -= SHA512M_C; - digest[3] -= SHA512M_D; - digest[4] -= SHA512M_E; - digest[5] -= SHA512M_F; - digest[6] -= SHA512M_G; - digest[7] -= SHA512M_H; - } - - const u8 *salt_pos = token.buf[1]; - const int salt_len = token.len[1]; - - const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); - - if (parse_rc == false) return (PARSER_SALT_LENGTH); - - return (PARSER_OK); -} - int netbsd_sha1crypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -13150,287 +10618,6 @@ int filevault2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE return (PARSER_OK); } -u32 kernel_threads_mxx (hashcat_ctx_t *hashcat_ctx) -{ - - if (hashconfig->hash_mode == 9000) kernel_threads = 8; // Blowfish - if (hashconfig->hash_mode == 9700) kernel_threads = 64; // RC4 - if (hashconfig->hash_mode == 9710) kernel_threads = 64; // RC4 - if (hashconfig->hash_mode == 9800) kernel_threads = 64; // RC4 - if (hashconfig->hash_mode == 9810) kernel_threads = 64; // RC4 - if (hashconfig->hash_mode == 10400) kernel_threads = 64; // RC4 - if (hashconfig->hash_mode == 10410) kernel_threads = 64; // RC4 - if (hashconfig->hash_mode == 10500) kernel_threads = 64; // RC4 - - // let the module decide if it allows user-defined values over module defined valaues - - if (user_options->kernel_threads_chgd == true) - { - device_param->kernel_threads_min = user_options->kernel_threads; - device_param->kernel_threads_max = user_options->kernel_threads; - } -} - - - -void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, void *esalt, void *hook_salt) -{ - hashconfig_t *hashconfig = hashcat_ctx->hashconfig; - - if (hashconfig->is_salted == true) - { - // special salt handling - - switch (hashconfig->hash_mode) - { - case 22: salt->salt_len = 30; - break; - case 1731: salt->salt_len = 4; - break; - case 2410: salt->salt_len = 4; - break; - case 3100: salt->salt_len = 1; - break; - case 5800: salt->salt_len = 16; - break; - case 8400: salt->salt_len = 40; - break; - case 8800: salt->salt_len = 16; - break; - case 9100: salt->salt_len = 16; - break; - case 9400: salt->salt_len = 16; - break; - case 9500: salt->salt_len = 16; - break; - case 9600: salt->salt_len = 16; - break; - case 9700: salt->salt_len = 16; - break; - case 9710: salt->salt_len = 16; - break; - case 9720: salt->salt_len = 16; - break; - case 9800: salt->salt_len = 16; - break; - case 9810: salt->salt_len = 16; - break; - case 9820: salt->salt_len = 16; - break; - case 10300: salt->salt_len = 12; - break; - case 11000: salt->salt_len = 56; - break; - case 12400: salt->salt_len = 4; - break; - case 12600: salt->salt_len = 64; - break; - case 14700: salt->salt_len = 20; - break; - case 14800: salt->salt_len = 20; - break; - case 14900: salt->salt_len = 4; - break; - case 15100: salt->salt_len = 8; - break; - case 15600: salt->salt_len = 32; - break; - case 16200: salt->salt_len = 16; - break; - case 16300: salt->salt_len = 20; - break; - case 16700: salt->salt_len = 16; - break; - } - - // special esalt handling - - switch (hashconfig->hash_mode) - { - case 5300: ((ikepsk_t *) esalt)->nr_len = 1; - ((ikepsk_t *) esalt)->msg_len[5] = 1; - break; - case 5400: ((ikepsk_t *) esalt)->nr_len = 1; - ((ikepsk_t *) esalt)->msg_len[5] = 1; - break; - case 7300: ((rakp_t *) esalt)->salt_len = 32; - break; - case 10400: ((pdf_t *) esalt)->id_len = 16; - ((pdf_t *) esalt)->o_len = 32; - ((pdf_t *) esalt)->u_len = 32; - break; - case 10410: ((pdf_t *) esalt)->id_len = 16; - ((pdf_t *) esalt)->o_len = 32; - ((pdf_t *) esalt)->u_len = 32; - break; - case 10420: ((pdf_t *) esalt)->id_len = 16; - ((pdf_t *) esalt)->o_len = 32; - ((pdf_t *) esalt)->u_len = 32; - break; - case 10500: ((pdf_t *) esalt)->id_len = 16; - ((pdf_t *) esalt)->o_len = 32; - ((pdf_t *) esalt)->u_len = 32; - break; - case 10600: ((pdf_t *) esalt)->id_len = 16; - ((pdf_t *) esalt)->o_len = 127; - ((pdf_t *) esalt)->u_len = 127; - break; - case 10700: ((pdf_t *) esalt)->id_len = 16; - ((pdf_t *) esalt)->o_len = 127; - ((pdf_t *) esalt)->u_len = 127; - break; - case 11400: ((sip_t *) esalt)->salt_len = 2; - ((sip_t *) esalt)->esalt_len = 39; - break; - case 13600: ((zip2_t *) esalt)->salt_len = 16; - ((zip2_t *) esalt)->data_len = 32; - ((zip2_t *) esalt)->mode = 3; - break; - case 16300: ((ethereum_presale_t *) esalt)->enc_seed_len = 608; - break; - case 16500: hashconfig->kern_type = KERN_TYPE_JWT_HS256; - ((jwt_t *) esalt)->salt_len = 32; - break; - } - } - - // set default iterations - - switch (hashconfig->hash_mode) - { - case 2100: salt->salt_iter = ROUNDS_DCC2; - break; - case 5200: salt->salt_iter = ROUNDS_PSAFE3; - break; - case 5800: salt->salt_iter = ROUNDS_ANDROIDPIN - 1; - break; - case 6400: salt->salt_iter = ROUNDS_SHA256AIX; - break; - case 6500: salt->salt_iter = ROUNDS_SHA512AIX; - break; - case 6700: salt->salt_iter = ROUNDS_SHA1AIX; - break; - case 6600: salt->salt_iter = ROUNDS_AGILEKEY; - break; - case 7200: salt->salt_iter = ROUNDS_GRUB; - break; - case 7400: salt->salt_iter = ROUNDS_SHA256CRYPT; - break; - case 7900: salt->salt_iter = ROUNDS_DRUPAL7; - break; - case 8200: salt->salt_iter = ROUNDS_CLOUDKEY; - break; - case 8300: salt->salt_iter = ROUNDS_NSEC3; - break; - case 8800: salt->salt_iter = ROUNDS_ANDROIDFDE; - break; - case 9000: salt->salt_iter = ROUNDS_PSAFE2; - break; - case 9100: salt->salt_iter = ROUNDS_LOTUS8; - break; - case 9200: salt->salt_iter = ROUNDS_CISCO8; - break; - case 9400: salt->salt_iter = ROUNDS_OFFICE2007; - break; - case 9500: salt->salt_iter = ROUNDS_OFFICE2010; - break; - case 9600: salt->salt_iter = ROUNDS_OFFICE2013; - break; - case 10000: salt->salt_iter = ROUNDS_DJANGOPBKDF2; - break; - case 10300: salt->salt_iter = ROUNDS_SAPH_SHA1 - 1; - break; - case 10500: salt->salt_iter = ROUNDS_PDF14; - break; - case 10700: salt->salt_iter = ROUNDS_PDF17L8; - break; - case 10900: salt->salt_iter = ROUNDS_PBKDF2_SHA256 - 1; - break; - case 11900: salt->salt_iter = ROUNDS_PBKDF2_MD5 - 1; - break; - case 12001: salt->salt_iter = ROUNDS_ATLASSIAN - 1; - break; - case 12100: salt->salt_iter = ROUNDS_PBKDF2_SHA512 - 1; - break; - case 12200: salt->salt_iter = ROUNDS_ECRYPTFS - 1; - break; - case 12300: salt->salt_iter = ROUNDS_ORACLET - 1; - break; - case 12400: salt->salt_iter = ROUNDS_BSDICRYPT - 1; - break; - case 12700: salt->salt_iter = ROUNDS_MYWALLET; - break; - case 12800: salt->salt_iter = ROUNDS_MS_DRSR - 1; - break; - case 12900: salt->salt_iter = ROUNDS_ANDROIDFDE_SAMSUNG - 1; - break; - case 13200: salt->salt_iter = ROUNDS_AXCRYPT; - break; - case 13600: salt->salt_iter = ROUNDS_ZIP2; - break; - case 13711: salt->salt_iter = ROUNDS_VERACRYPT_655331; - break; - case 13712: salt->salt_iter = ROUNDS_VERACRYPT_655331; - break; - case 13713: salt->salt_iter = ROUNDS_VERACRYPT_655331; - break; - case 13721: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13722: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13723: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13731: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13732: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13733: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13741: salt->salt_iter = ROUNDS_VERACRYPT_327661; - break; - case 13742: salt->salt_iter = ROUNDS_VERACRYPT_327661; - break; - case 13743: salt->salt_iter = ROUNDS_VERACRYPT_327661; - break; - case 13751: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13752: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13753: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13761: salt->salt_iter = ROUNDS_VERACRYPT_200000; - break; - case 13762: salt->salt_iter = ROUNDS_VERACRYPT_200000; - break; - case 13763: salt->salt_iter = ROUNDS_VERACRYPT_200000; - break; - case 13771: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13772: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 13773: salt->salt_iter = ROUNDS_VERACRYPT_500000; - break; - case 14700: salt->salt_iter = ROUNDS_ITUNES9_BACKUP - 1; - break; - case 14800: salt->salt_iter = ROUNDS_ITUNES101_BACKUP - 1; - salt->salt_iter2 = ROUNDS_ITUNES102_BACKUP - 1; - break; - case 15100: salt->salt_iter = ROUNDS_NETBSD_SHA1CRYPT - 1; - break; - case 15200: salt->salt_iter = ROUNDS_MYWALLETV2; - break; - case 15600: salt->salt_iter = ROUNDS_ETHEREUM_PBKDF2; - break; - case 16200: salt->salt_iter = ROUNDS_APPLE_SECURE_NOTES - 1; - break; - case 16300: salt->salt_iter = ROUNDS_ETHEREUM_PRESALE; - break; - case 16700: salt->salt_iter = ROUNDS_APPLE_SECURE_NOTES - 1; - break; - } - -} - int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, const u32 salt_pos, const u32 digest_pos) { if (hash_mode == 22) @@ -13734,28 +10921,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, ptr[13], ptr[12], ptr[15], ptr[14]); } - else if (hash_mode == 2100) - { - u32 pos = 0; - - snprintf (out_buf + pos, out_len - pos, "%s%u#", - SIGNATURE_DCC2, - salt.salt_iter + 1); - - u32 signature_len = strlen (out_buf); - - pos += signature_len; - - char *salt_ptr = (char *) salt.salt_buf; - - for (u32 i = 0; i < salt.salt_len; i++, pos++) snprintf (out_buf + pos, out_len - pos, "%c", salt_ptr[i]); - - snprintf (out_buf + pos, out_len - pos, "#%08x%08x%08x%08x", - byte_swap_32 (digest_buf[0]), - byte_swap_32 (digest_buf[1]), - byte_swap_32 (digest_buf[2]), - byte_swap_32 (digest_buf[3])); - } else if ((hash_mode == 2400) || (hash_mode == 2410)) { memcpy (tmp_buf, digest_buf, 16); @@ -13830,142 +10995,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, byte_swap_32 (digest_buf[3]), byte_swap_32 (digest_buf[4])); } - else if (hash_mode == 5200) - { - snprintf (out_buf, out_size, "%s", hashfile); - } - else if (hash_mode == 5300) - { - ikepsk_t *ikepsks = (ikepsk_t *) esalts_buf; - - ikepsk_t *ikepsk = &ikepsks[digest_cur]; - - size_t buf_len = out_len - 1; - - // msg_buf - - u32 ikepsk_msg_len = ikepsk->msg_len[5] / 4; - - for (u32 i = 0; i < ikepsk_msg_len; i++) - { - if ((i == ikepsk->msg_len[0] / 4) || (i == ikepsk->msg_len[1] / 4) || (i == ikepsk->msg_len[2] / 4) || (i == ikepsk->msg_len[3] / 4) || (i == ikepsk->msg_len[4] / 4)) - { - snprintf (out_buf, buf_len, ":"); - - buf_len--; - out_buf++; - } - - snprintf (out_buf, buf_len, "%08x", byte_swap_32 (ikepsk->msg_buf[i])); - - buf_len -= 8; - out_buf += 8; - } - - // nr_buf - - u32 ikepsk_nr_len = ikepsk->nr_len / 4; - - for (u32 i = 0; i < ikepsk_nr_len; i++) - { - if ((i == 0) || (i == 5)) - { - snprintf (out_buf, buf_len, ":"); - - buf_len--; - out_buf++; - } - - snprintf (out_buf, buf_len, "%08x", byte_swap_32 (ikepsk->nr_buf[i])); - - buf_len -= 8; - out_buf += 8; - } - - // digest_buf - - for (u32 i = 0; i < 4; i++) - { - if (i == 0) - { - snprintf (out_buf, buf_len, ":"); - - buf_len--; - out_buf++; - } - - snprintf (out_buf, buf_len, "%08x", digest_buf[i]); - - buf_len -= 8; - out_buf += 8; - } - } - else if (hash_mode == 5400) - { - ikepsk_t *ikepsks = (ikepsk_t *) esalts_buf; - - ikepsk_t *ikepsk = &ikepsks[digest_cur]; - - size_t buf_len = out_len - 1; - - // msg_buf - - u32 ikepsk_msg_len = ikepsk->msg_len[5] / 4; - - for (u32 i = 0; i < ikepsk_msg_len; i++) - { - if ((i == ikepsk->msg_len[0] / 4) || (i == ikepsk->msg_len[1] / 4) || (i == ikepsk->msg_len[2] / 4) || (i == ikepsk->msg_len[3] / 4) || (i == ikepsk->msg_len[4] / 4)) - { - snprintf (out_buf, buf_len, ":"); - - buf_len--; - out_buf++; - } - - snprintf (out_buf, buf_len, "%08x", byte_swap_32 (ikepsk->msg_buf[i])); - - buf_len -= 8; - out_buf += 8; - } - - // nr_buf - - u32 ikepsk_nr_len = ikepsk->nr_len / 4; - - for (u32 i = 0; i < ikepsk_nr_len; i++) - { - if ((i == 0) || (i == 5)) - { - snprintf (out_buf, buf_len, ":"); - - buf_len--; - out_buf++; - } - - snprintf (out_buf, buf_len, "%08x", byte_swap_32 (ikepsk->nr_buf[i])); - - buf_len -= 8; - out_buf += 8; - } - - // digest_buf - - for (u32 i = 0; i < 5; i++) - { - if (i == 0) - { - snprintf (out_buf, buf_len, ":"); - - buf_len--; - out_buf++; - } - - snprintf (out_buf, buf_len, "%08x", digest_buf[i]); - - buf_len -= 8; - out_buf += 8; - } - } else if (hash_mode == 5700) { // the encoder is a bit too intelligent, it expects the input data in the wrong BOM @@ -14275,10 +11304,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, snprintf (out_buf, out_size, "%s:%s:%s:%u", digest_buf_c, domain_buf_c, (char *) salt.salt_buf, salt.salt_iter); } - else if (hash_mode == 8500) - { - snprintf (out_buf, out_size, "%s*%s*%08X%08X", SIGNATURE_RACF, (char *) salt.salt_buf, digest_buf[0], digest_buf[1]); - } else if (hash_mode == 2612) { snprintf (out_buf, out_size, "%s%s$%08x%08x%08x%08x", @@ -14330,10 +11355,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, byte_swap_32 (digest_buf[3]), tmp); } - else if (hash_mode == 9000) - { - snprintf (out_buf, out_size, "%s", hashfile); - } else if (hash_mode == 9200) { // salt @@ -14419,184 +11440,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, office2010->encryptedVerifierHash[6], office2010->encryptedVerifierHash[7]); } - else if (hash_mode == 9600) - { - office2013_t *office2013s = (office2013_t *) esalts_buf; - - office2013_t *office2013 = &office2013s[digest_cur]; - - snprintf (out_buf, out_size, "%s*%d*%d*%d*%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x%08x%08x%08x", - SIGNATURE_OFFICE2013, - 2013, - 100000, - 256, - 16, - salt.salt_buf[0], - salt.salt_buf[1], - salt.salt_buf[2], - salt.salt_buf[3], - office2013->encryptedVerifier[0], - office2013->encryptedVerifier[1], - office2013->encryptedVerifier[2], - office2013->encryptedVerifier[3], - office2013->encryptedVerifierHash[0], - office2013->encryptedVerifierHash[1], - office2013->encryptedVerifierHash[2], - office2013->encryptedVerifierHash[3], - office2013->encryptedVerifierHash[4], - office2013->encryptedVerifierHash[5], - office2013->encryptedVerifierHash[6], - office2013->encryptedVerifierHash[7]); - } - else if (hash_mode == 9700) - { - oldoffice01_t *oldoffice01s = (oldoffice01_t *) esalts_buf; - - oldoffice01_t *oldoffice01 = &oldoffice01s[digest_cur]; - - snprintf (out_buf, out_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x", - SIGNATURE_OLDOFFICE, - oldoffice01->version, - byte_swap_32 (salt.salt_buf[0]), - byte_swap_32 (salt.salt_buf[1]), - byte_swap_32 (salt.salt_buf[2]), - byte_swap_32 (salt.salt_buf[3]), - byte_swap_32 (oldoffice01->encryptedVerifier[0]), - byte_swap_32 (oldoffice01->encryptedVerifier[1]), - byte_swap_32 (oldoffice01->encryptedVerifier[2]), - byte_swap_32 (oldoffice01->encryptedVerifier[3]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[0]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[1]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[2]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[3])); - } - else if (hash_mode == 9710) - { - oldoffice01_t *oldoffice01s = (oldoffice01_t *) esalts_buf; - - oldoffice01_t *oldoffice01 = &oldoffice01s[digest_cur]; - - snprintf (out_buf, out_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x", - SIGNATURE_OLDOFFICE, - oldoffice01->version, - byte_swap_32 (salt.salt_buf[0]), - byte_swap_32 (salt.salt_buf[1]), - byte_swap_32 (salt.salt_buf[2]), - byte_swap_32 (salt.salt_buf[3]), - byte_swap_32 (oldoffice01->encryptedVerifier[0]), - byte_swap_32 (oldoffice01->encryptedVerifier[1]), - byte_swap_32 (oldoffice01->encryptedVerifier[2]), - byte_swap_32 (oldoffice01->encryptedVerifier[3]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[0]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[1]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[2]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[3])); - } - else if (hash_mode == 9720) - { - oldoffice01_t *oldoffice01s = (oldoffice01_t *) esalts_buf; - - oldoffice01_t *oldoffice01 = &oldoffice01s[digest_cur]; - - u8 *rc4key = (u8 *) oldoffice01->rc4key; - - snprintf (out_buf, out_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x:%02x%02x%02x%02x%02x", - SIGNATURE_OLDOFFICE, - oldoffice01->version, - byte_swap_32 (salt.salt_buf[0]), - byte_swap_32 (salt.salt_buf[1]), - byte_swap_32 (salt.salt_buf[2]), - byte_swap_32 (salt.salt_buf[3]), - byte_swap_32 (oldoffice01->encryptedVerifier[0]), - byte_swap_32 (oldoffice01->encryptedVerifier[1]), - byte_swap_32 (oldoffice01->encryptedVerifier[2]), - byte_swap_32 (oldoffice01->encryptedVerifier[3]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[0]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[1]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[2]), - byte_swap_32 (oldoffice01->encryptedVerifierHash[3]), - rc4key[0], - rc4key[1], - rc4key[2], - rc4key[3], - rc4key[4]); - } - else if (hash_mode == 9800) - { - oldoffice34_t *oldoffice34s = (oldoffice34_t *) esalts_buf; - - oldoffice34_t *oldoffice34 = &oldoffice34s[digest_cur]; - - snprintf (out_buf, out_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x", - SIGNATURE_OLDOFFICE, - oldoffice34->version, - salt.salt_buf[0], - salt.salt_buf[1], - salt.salt_buf[2], - salt.salt_buf[3], - byte_swap_32 (oldoffice34->encryptedVerifier[0]), - byte_swap_32 (oldoffice34->encryptedVerifier[1]), - byte_swap_32 (oldoffice34->encryptedVerifier[2]), - byte_swap_32 (oldoffice34->encryptedVerifier[3]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[0]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[1]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[4])); - } - else if (hash_mode == 9810) - { - oldoffice34_t *oldoffice34s = (oldoffice34_t *) esalts_buf; - - oldoffice34_t *oldoffice34 = &oldoffice34s[digest_cur]; - - snprintf (out_buf, out_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x", - SIGNATURE_OLDOFFICE, - oldoffice34->version, - salt.salt_buf[0], - salt.salt_buf[1], - salt.salt_buf[2], - salt.salt_buf[3], - byte_swap_32 (oldoffice34->encryptedVerifier[0]), - byte_swap_32 (oldoffice34->encryptedVerifier[1]), - byte_swap_32 (oldoffice34->encryptedVerifier[2]), - byte_swap_32 (oldoffice34->encryptedVerifier[3]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[0]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[1]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[4])); - } - else if (hash_mode == 9820) - { - oldoffice34_t *oldoffice34s = (oldoffice34_t *) esalts_buf; - - oldoffice34_t *oldoffice34 = &oldoffice34s[digest_cur]; - - u8 *rc4key = (u8 *) oldoffice34->rc4key; - - snprintf (out_buf, out_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x:%02x%02x%02x%02x%02x", - SIGNATURE_OLDOFFICE, - oldoffice34->version, - salt.salt_buf[0], - salt.salt_buf[1], - salt.salt_buf[2], - salt.salt_buf[3], - byte_swap_32 (oldoffice34->encryptedVerifier[0]), - byte_swap_32 (oldoffice34->encryptedVerifier[1]), - byte_swap_32 (oldoffice34->encryptedVerifier[2]), - byte_swap_32 (oldoffice34->encryptedVerifier[3]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[0]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[1]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[4]), - rc4key[0], - rc4key[1], - rc4key[2], - rc4key[3], - rc4key[4]); - } else if (hash_mode == 10000) { // salt @@ -14679,206 +11522,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, snprintf (out_buf, out_size, "%s%u}%s", SIGNATURE_SAPH_SHA1, salt.salt_iter + 1, base64_encoded); } - else if (hash_mode == 10400) - { - pdf_t *pdfs = (pdf_t *) esalts_buf; - - pdf_t *pdf = &pdfs[digest_cur]; - - snprintf (out_buf, out_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", - - pdf->V, - pdf->R, - 40, - pdf->P, - pdf->enc_md, - pdf->id_len, - byte_swap_32 (pdf->id_buf[0]), - byte_swap_32 (pdf->id_buf[1]), - byte_swap_32 (pdf->id_buf[2]), - byte_swap_32 (pdf->id_buf[3]), - pdf->u_len, - byte_swap_32 (pdf->u_buf[0]), - byte_swap_32 (pdf->u_buf[1]), - byte_swap_32 (pdf->u_buf[2]), - byte_swap_32 (pdf->u_buf[3]), - byte_swap_32 (pdf->u_buf[4]), - byte_swap_32 (pdf->u_buf[5]), - byte_swap_32 (pdf->u_buf[6]), - byte_swap_32 (pdf->u_buf[7]), - pdf->o_len, - byte_swap_32 (pdf->o_buf[0]), - byte_swap_32 (pdf->o_buf[1]), - byte_swap_32 (pdf->o_buf[2]), - byte_swap_32 (pdf->o_buf[3]), - byte_swap_32 (pdf->o_buf[4]), - byte_swap_32 (pdf->o_buf[5]), - byte_swap_32 (pdf->o_buf[6]), - byte_swap_32 (pdf->o_buf[7]) - ); - } - else if (hash_mode == 10410) - { - pdf_t *pdfs = (pdf_t *) esalts_buf; - - pdf_t *pdf = &pdfs[digest_cur]; - - snprintf (out_buf, out_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", - - pdf->V, - pdf->R, - 40, - pdf->P, - pdf->enc_md, - pdf->id_len, - byte_swap_32 (pdf->id_buf[0]), - byte_swap_32 (pdf->id_buf[1]), - byte_swap_32 (pdf->id_buf[2]), - byte_swap_32 (pdf->id_buf[3]), - pdf->u_len, - byte_swap_32 (pdf->u_buf[0]), - byte_swap_32 (pdf->u_buf[1]), - byte_swap_32 (pdf->u_buf[2]), - byte_swap_32 (pdf->u_buf[3]), - byte_swap_32 (pdf->u_buf[4]), - byte_swap_32 (pdf->u_buf[5]), - byte_swap_32 (pdf->u_buf[6]), - byte_swap_32 (pdf->u_buf[7]), - pdf->o_len, - byte_swap_32 (pdf->o_buf[0]), - byte_swap_32 (pdf->o_buf[1]), - byte_swap_32 (pdf->o_buf[2]), - byte_swap_32 (pdf->o_buf[3]), - byte_swap_32 (pdf->o_buf[4]), - byte_swap_32 (pdf->o_buf[5]), - byte_swap_32 (pdf->o_buf[6]), - byte_swap_32 (pdf->o_buf[7]) - ); - } - else if (hash_mode == 10420) - { - pdf_t *pdfs = (pdf_t *) esalts_buf; - - pdf_t *pdf = &pdfs[digest_cur]; - - u8 *rc4key = (u8 *) pdf->rc4key; - - snprintf (out_buf, out_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x:%02x%02x%02x%02x%02x", - - pdf->V, - pdf->R, - 40, - pdf->P, - pdf->enc_md, - pdf->id_len, - byte_swap_32 (pdf->id_buf[0]), - byte_swap_32 (pdf->id_buf[1]), - byte_swap_32 (pdf->id_buf[2]), - byte_swap_32 (pdf->id_buf[3]), - pdf->u_len, - byte_swap_32 (pdf->u_buf[0]), - byte_swap_32 (pdf->u_buf[1]), - byte_swap_32 (pdf->u_buf[2]), - byte_swap_32 (pdf->u_buf[3]), - byte_swap_32 (pdf->u_buf[4]), - byte_swap_32 (pdf->u_buf[5]), - byte_swap_32 (pdf->u_buf[6]), - byte_swap_32 (pdf->u_buf[7]), - pdf->o_len, - byte_swap_32 (pdf->o_buf[0]), - byte_swap_32 (pdf->o_buf[1]), - byte_swap_32 (pdf->o_buf[2]), - byte_swap_32 (pdf->o_buf[3]), - byte_swap_32 (pdf->o_buf[4]), - byte_swap_32 (pdf->o_buf[5]), - byte_swap_32 (pdf->o_buf[6]), - byte_swap_32 (pdf->o_buf[7]), - rc4key[0], - rc4key[1], - rc4key[2], - rc4key[3], - rc4key[4] - ); - } - else if (hash_mode == 10500) - { - pdf_t *pdfs = (pdf_t *) esalts_buf; - - pdf_t *pdf = &pdfs[digest_cur]; - - if (pdf->id_len == 32) - { - snprintf (out_buf, out_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", - - pdf->V, - pdf->R, - 128, - pdf->P, - pdf->enc_md, - pdf->id_len, - byte_swap_32 (pdf->id_buf[0]), - byte_swap_32 (pdf->id_buf[1]), - byte_swap_32 (pdf->id_buf[2]), - byte_swap_32 (pdf->id_buf[3]), - byte_swap_32 (pdf->id_buf[4]), - byte_swap_32 (pdf->id_buf[5]), - byte_swap_32 (pdf->id_buf[6]), - byte_swap_32 (pdf->id_buf[7]), - pdf->u_len, - byte_swap_32 (pdf->u_buf[0]), - byte_swap_32 (pdf->u_buf[1]), - byte_swap_32 (pdf->u_buf[2]), - byte_swap_32 (pdf->u_buf[3]), - byte_swap_32 (pdf->u_buf[4]), - byte_swap_32 (pdf->u_buf[5]), - byte_swap_32 (pdf->u_buf[6]), - byte_swap_32 (pdf->u_buf[7]), - pdf->o_len, - byte_swap_32 (pdf->o_buf[0]), - byte_swap_32 (pdf->o_buf[1]), - byte_swap_32 (pdf->o_buf[2]), - byte_swap_32 (pdf->o_buf[3]), - byte_swap_32 (pdf->o_buf[4]), - byte_swap_32 (pdf->o_buf[5]), - byte_swap_32 (pdf->o_buf[6]), - byte_swap_32 (pdf->o_buf[7]) - ); - } - else - { - snprintf (out_buf, out_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", - - pdf->V, - pdf->R, - 128, - pdf->P, - pdf->enc_md, - pdf->id_len, - byte_swap_32 (pdf->id_buf[0]), - byte_swap_32 (pdf->id_buf[1]), - byte_swap_32 (pdf->id_buf[2]), - byte_swap_32 (pdf->id_buf[3]), - pdf->u_len, - byte_swap_32 (pdf->u_buf[0]), - byte_swap_32 (pdf->u_buf[1]), - byte_swap_32 (pdf->u_buf[2]), - byte_swap_32 (pdf->u_buf[3]), - byte_swap_32 (pdf->u_buf[4]), - byte_swap_32 (pdf->u_buf[5]), - byte_swap_32 (pdf->u_buf[6]), - byte_swap_32 (pdf->u_buf[7]), - pdf->o_len, - byte_swap_32 (pdf->o_buf[0]), - byte_swap_32 (pdf->o_buf[1]), - byte_swap_32 (pdf->o_buf[2]), - byte_swap_32 (pdf->o_buf[3]), - byte_swap_32 (pdf->o_buf[4]), - byte_swap_32 (pdf->o_buf[5]), - byte_swap_32 (pdf->o_buf[6]), - byte_swap_32 (pdf->o_buf[7]) - ); - } - } else if (hash_mode == 10600) { hashinfo_t **hashinfo_ptr = hash_info; @@ -15017,55 +11660,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, salt.salt_buf[2], salt.salt_buf[3]); } - else if (hash_mode == 12400) - { - // encode iteration count - - u8 salt_iter[5] = { 0 }; - - salt_iter[0] = int_to_itoa64 ((salt.salt_iter ) & 0x3f); - salt_iter[1] = int_to_itoa64 ((salt.salt_iter >> 6) & 0x3f); - salt_iter[2] = int_to_itoa64 ((salt.salt_iter >> 12) & 0x3f); - salt_iter[3] = int_to_itoa64 ((salt.salt_iter >> 18) & 0x3f); - salt_iter[4] = 0; - - // encode salt - - ptr_salt[0] = int_to_itoa64 ((salt.salt_buf[0] ) & 0x3f); - ptr_salt[1] = int_to_itoa64 ((salt.salt_buf[0] >> 6) & 0x3f); - ptr_salt[2] = int_to_itoa64 ((salt.salt_buf[0] >> 12) & 0x3f); - ptr_salt[3] = int_to_itoa64 ((salt.salt_buf[0] >> 18) & 0x3f); - ptr_salt[4] = 0; - - // encode digest - - memset (tmp_buf, 0, sizeof (tmp_buf)); - - digest_buf[0] = byte_swap_32 (digest_buf[0]); - digest_buf[1] = byte_swap_32 (digest_buf[1]); - - memcpy (tmp_buf, digest_buf, 8); - - base64_encode (int_to_itoa64, (const u8 *) tmp_buf, 8, (u8 *) ptr_plain); - - ptr_plain[11] = 0; - - // fill the resulting buffer - - snprintf (out_buf, out_size, "_%s%s%s", salt_iter, ptr_salt, ptr_plain); - } - else if (hash_mode == 12600) - { - snprintf (out_buf, out_size, "%08x%08x%08x%08x%08x%08x%08x%08x", - digest_buf[0] + salt.salt_buf_pc[0], - digest_buf[1] + salt.salt_buf_pc[1], - digest_buf[2] + salt.salt_buf_pc[2], - digest_buf[3] + salt.salt_buf_pc[3], - digest_buf[4] + salt.salt_buf_pc[4], - digest_buf[5] + salt.salt_buf_pc[5], - digest_buf[6] + salt.salt_buf_pc[6], - digest_buf[7] + salt.salt_buf_pc[7]); - } else if (hash_mode == 12700) { hashinfo_t **hashinfo_ptr = hash_info; @@ -15201,10 +11795,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, auth_tmp, SIGNATURE_ZIP2_STOP); } - else if ((hash_mode >= 13700) && (hash_mode <= 13799)) - { - snprintf (out_buf, out_size, "%s", hashfile); - } else if (hash_mode == 13800) { win8phone_t *esalts = (win8phone_t *) esalts_buf; @@ -15344,10 +11934,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, salt.salt_iter + 1, dpsl); } - else if (hash_mode == 14900) - { - snprintf (out_buf, out_size, "%08x:%08x", digest_buf[0], salt.salt_buf[0]); - } else if (hash_mode == 15100) { // encode the digest: @@ -15755,25 +12341,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, digest_buf[0], digest_buf[1]); } - else if (hash_type == HASH_TYPE_CHACHA20) - { - u32 *ptr = digest_buf; - - const chacha20_t *chacha20_tmp = (const chacha20_t *) esalts_buf; - const chacha20_t *chacha20 = &chacha20_tmp[digest_cur]; - - snprintf (out_buf, out_size, "%s*%08x%08x*%u*%08x%08x*%08x%08x*%08x%08x", - SIGNATURE_CHACHA20, - byte_swap_32 (chacha20->position[0]), - byte_swap_32 (chacha20->position[1]), - chacha20->offset, - byte_swap_32 (chacha20->iv[1]), - byte_swap_32 (chacha20->iv[0]), - byte_swap_32 (chacha20->plain[0]), - byte_swap_32 (chacha20->plain[1]), - ptr[1], - ptr[0]); - } else if (hash_type == HASH_TYPE_RIPEMD160) { snprintf (out_buf, out_size, "%08x%08x%08x%08x%08x", @@ -15880,13 +12447,10 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, snprintf (out_buf, out_size, "(H%s)", tmp_buf); } } - } - int hashconfig_init (hashcat_ctx_t *hashcat_ctx) { - case 22: hashconfig->hash_type = HASH_TYPE_MD5; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -16835,24 +13399,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 2100: hashconfig->hash_type = HASH_TYPE_DCC2; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_ST_LOWER; - hashconfig->kern_type = KERN_TYPE_DCC2; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = dcc2_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_02100; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 2410: hashconfig->hash_type = HASH_TYPE_MD5; hashconfig->salt_type = SALT_TYPE_GENERIC; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -16961,27 +13507,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 2811: hashconfig->hash_type = HASH_TYPE_MD5; - hashconfig->salt_type = SALT_TYPE_GENERIC; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_ST_HASH_MD5 - | OPTS_TYPE_PT_ADD80 - | OPTS_TYPE_PT_ADDBITS14; - hashconfig->kern_type = KERN_TYPE_MD55_SLTPW; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = md5s_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_EARLY_SKIP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 3; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 1; - hashconfig->st_hash = ST_HASH_02811; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 3100: hashconfig->hash_type = HASH_TYPE_ORACLEH; hashconfig->salt_type = SALT_TYPE_GENERIC; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -17064,29 +13589,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 3910: hashconfig->hash_type = HASH_TYPE_MD5; - hashconfig->salt_type = SALT_TYPE_GENERIC; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_ADD80 - | OPTS_TYPE_PT_ADDBITS14 - | OPTS_TYPE_ST_HASH_MD5 - | OPTS_TYPE_ST_ADD80 - | OPTS_TYPE_ST_ADDBITS14; - hashconfig->kern_type = KERN_TYPE_MD55_PWSLT; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = md5s_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_EARLY_SKIP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 3; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 1; - hashconfig->st_hash = ST_HASH_03910; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 4010: hashconfig->hash_type = HASH_TYPE_MD5; hashconfig->salt_type = SALT_TYPE_GENERIC; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -17324,58 +13826,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 5200: hashconfig->hash_type = HASH_TYPE_SHA256; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_PSAFE3; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = psafe3_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_05200; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 5300: hashconfig->hash_type = HASH_TYPE_MD5; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_ST_ADD80; - hashconfig->kern_type = KERN_TYPE_IKEPSK_MD5; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = ikepsk_md5_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 3; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 1; - hashconfig->st_hash = ST_HASH_05300; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 5400: hashconfig->hash_type = HASH_TYPE_SHA1; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_BE - | OPTS_TYPE_ST_ADD80; - hashconfig->kern_type = KERN_TYPE_IKEPSK_SHA1; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = ikepsk_sha1_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE; - hashconfig->dgst_pos0 = 3; - hashconfig->dgst_pos1 = 4; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 1; - hashconfig->st_hash = ST_HASH_05400; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 5700: hashconfig->hash_type = HASH_TYPE_SHA256; hashconfig->salt_type = SALT_TYPE_NONE; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -17822,24 +14272,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 8500: hashconfig->hash_type = HASH_TYPE_DESRACF; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_ST_UPPER; - hashconfig->kern_type = KERN_TYPE_RACF; - hashconfig->dgst_size = DGST_SIZE_4_4; // originally DGST_SIZE_4_2 - hashconfig->parse_func = racf_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_PERMUT; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_08500; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 8600: hashconfig->hash_type = HASH_TYPE_LOTUS5; hashconfig->salt_type = SALT_TYPE_NONE; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -17894,24 +14326,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 9000: hashconfig->hash_type = HASH_TYPE_SHA1; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_ST_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_PSAFE2; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = psafe2_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09000; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 9100: hashconfig->hash_type = HASH_TYPE_LOTUS8; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; @@ -17980,145 +14394,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 9600: hashconfig->hash_type = HASH_TYPE_OFFICE2013; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_DEEP_COMP_KERNEL; - hashconfig->kern_type = KERN_TYPE_OFFICE2013; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = office2013_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09600; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 9700: hashconfig->hash_type = HASH_TYPE_OLDOFFICE01; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_ADD80 - | OPTS_TYPE_PT_UTF16LE; - hashconfig->kern_type = KERN_TYPE_OLDOFFICE01; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = oldoffice01_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09700; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 9710: hashconfig->hash_type = HASH_TYPE_OLDOFFICE01; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_ADD80 - | OPTS_TYPE_PT_ALWAYS_HEXIFY; - hashconfig->kern_type = KERN_TYPE_OLDOFFICE01CM1; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = oldoffice01cm1_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09710; - hashconfig->st_pass = ST_PASS_BIN_09710; - break; - - case 9720: hashconfig->hash_type = HASH_TYPE_OLDOFFICE01; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_ADD80 - | OPTS_TYPE_PT_UTF16LE - | OPTS_TYPE_PT_NEVERCRACK; - hashconfig->kern_type = KERN_TYPE_OLDOFFICE01CM2; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = oldoffice01cm2_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09720; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 9800: hashconfig->hash_type = HASH_TYPE_OLDOFFICE34; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_BE - | OPTS_TYPE_PT_ADD80 - | OPTS_TYPE_PT_UTF16LE; - hashconfig->kern_type = KERN_TYPE_OLDOFFICE34; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = oldoffice34_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09800; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 9810: hashconfig->hash_type = HASH_TYPE_OLDOFFICE34; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_ALWAYS_HEXIFY; - hashconfig->kern_type = KERN_TYPE_OLDOFFICE34CM1; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = oldoffice34cm1_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09810; - hashconfig->st_pass = ST_PASS_BIN_09810; - break; - - case 9820: hashconfig->hash_type = HASH_TYPE_OLDOFFICE34; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_BE - | OPTS_TYPE_PT_ADD80 - | OPTS_TYPE_PT_UTF16LE - | OPTS_TYPE_PT_NEVERCRACK; - hashconfig->kern_type = KERN_TYPE_OLDOFFICE34CM2; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = oldoffice34cm2_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09820; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 9900: hashconfig->hash_type = HASH_TYPE_MD5; hashconfig->salt_type = SALT_TYPE_NONE; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -18209,75 +14484,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 10400: hashconfig->hash_type = HASH_TYPE_PDFU16; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE; - hashconfig->kern_type = KERN_TYPE_PDF11; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = pdf11_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_10400; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 10410: hashconfig->hash_type = HASH_TYPE_PDFU16; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_ALWAYS_HEXIFY; - hashconfig->kern_type = KERN_TYPE_PDF11CM1; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = pdf11cm1_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_10410; - hashconfig->st_pass = ST_PASS_BIN_10410; - break; - - case 10420: hashconfig->hash_type = HASH_TYPE_PDFU16; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE; - hashconfig->kern_type = KERN_TYPE_PDF11CM2; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = pdf11cm2_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_10420; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 10500: hashconfig->hash_type = HASH_TYPE_PDFU16; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE; - hashconfig->kern_type = KERN_TYPE_PDF14; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = pdf14_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_10500; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 10600: hashconfig->hash_type = HASH_TYPE_SHA256; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -18339,26 +14545,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 11000: hashconfig->hash_type = HASH_TYPE_MD5; - hashconfig->salt_type = SALT_TYPE_GENERIC; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_ADD80; - hashconfig->kern_type = KERN_TYPE_PRESTASHOP; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = prestashop_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_NOT_ITERATED - | OPTI_TYPE_PREPENDED_SALT; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 3; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 1; - hashconfig->st_hash = ST_HASH_11000; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 11100: hashconfig->hash_type = HASH_TYPE_MD5; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -18611,43 +14797,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 12400: hashconfig->hash_type = HASH_TYPE_BSDICRYPT; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE; - hashconfig->kern_type = KERN_TYPE_BSDICRYPT; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = bsdicrypt_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_PERMUT; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_12400; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 12600: hashconfig->hash_type = HASH_TYPE_SHA256; - hashconfig->salt_type = SALT_TYPE_GENERIC; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_BE - | OPTS_TYPE_PT_ADD80; - hashconfig->kern_type = KERN_TYPE_CF10; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = cf10_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_EARLY_SKIP - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 3; - hashconfig->dgst_pos1 = 7; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 6; - hashconfig->st_hash = ST_HASH_12600; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 12700: hashconfig->hash_type = HASH_TYPE_AES; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; @@ -18755,396 +14904,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 13711: hashconfig->hash_type = HASH_TYPE_RIPEMD160; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCRIPEMD160_XTS512; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = veracrypt_parse_hash_655331; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13711; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13712: hashconfig->hash_type = HASH_TYPE_RIPEMD160; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCRIPEMD160_XTS1024; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = veracrypt_parse_hash_655331; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13712; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13713: hashconfig->hash_type = HASH_TYPE_RIPEMD160; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCRIPEMD160_XTS1536; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = veracrypt_parse_hash_655331; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13713; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13721: hashconfig->hash_type = HASH_TYPE_SHA512; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCSHA512_XTS512; - hashconfig->dgst_size = DGST_SIZE_8_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP - | OPTI_TYPE_USES_BITS_64; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13721; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13722: hashconfig->hash_type = HASH_TYPE_SHA512; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCSHA512_XTS1024; - hashconfig->dgst_size = DGST_SIZE_8_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP - | OPTI_TYPE_USES_BITS_64; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13722; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13723: hashconfig->hash_type = HASH_TYPE_SHA512; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCSHA512_XTS1536; - hashconfig->dgst_size = DGST_SIZE_8_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP - | OPTI_TYPE_USES_BITS_64; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13723; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13731: hashconfig->hash_type = HASH_TYPE_WHIRLPOOL; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCWHIRLPOOL_XTS512; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13731; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13732: hashconfig->hash_type = HASH_TYPE_WHIRLPOOL; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCWHIRLPOOL_XTS1024; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13732; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13733: hashconfig->hash_type = HASH_TYPE_WHIRLPOOL; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_TCWHIRLPOOL_XTS1536; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13733; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13741: hashconfig->hash_type = HASH_TYPE_RIPEMD160; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE - | OPTS_TYPE_KEYBOARD_MAPPING; - hashconfig->kern_type = KERN_TYPE_TCRIPEMD160_XTS512; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = veracrypt_parse_hash_327661; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = NULL; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13742: hashconfig->hash_type = HASH_TYPE_RIPEMD160; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE - | OPTS_TYPE_KEYBOARD_MAPPING; - hashconfig->kern_type = KERN_TYPE_TCRIPEMD160_XTS1024; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = veracrypt_parse_hash_327661; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = NULL; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13743: hashconfig->hash_type = HASH_TYPE_RIPEMD160; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE - | OPTS_TYPE_KEYBOARD_MAPPING; - hashconfig->kern_type = KERN_TYPE_TCRIPEMD160_XTS1536; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = veracrypt_parse_hash_327661; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = NULL; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13751: hashconfig->hash_type = HASH_TYPE_SHA256; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_VCSHA256_XTS512; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13751; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13752: hashconfig->hash_type = HASH_TYPE_SHA256; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_VCSHA256_XTS1024; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13752; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13753: hashconfig->hash_type = HASH_TYPE_SHA256; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_VCSHA256_XTS1536; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13753; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13761: hashconfig->hash_type = HASH_TYPE_SHA256; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE - | OPTS_TYPE_KEYBOARD_MAPPING; - hashconfig->kern_type = KERN_TYPE_VCSHA256_XTS512; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_200000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = NULL; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13762: hashconfig->hash_type = HASH_TYPE_SHA256; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE - | OPTS_TYPE_KEYBOARD_MAPPING; - hashconfig->kern_type = KERN_TYPE_VCSHA256_XTS1024; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_200000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = NULL; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13763: hashconfig->hash_type = HASH_TYPE_SHA256; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE - | OPTS_TYPE_KEYBOARD_MAPPING; - hashconfig->kern_type = KERN_TYPE_VCSHA256_XTS1536; - hashconfig->dgst_size = DGST_SIZE_4_8; - hashconfig->parse_func = veracrypt_parse_hash_200000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = NULL; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13771: hashconfig->hash_type = HASH_TYPE_STREEBOG_512; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_VCSBOG512_XTS512; - hashconfig->dgst_size = DGST_SIZE_8_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP - | OPTI_TYPE_USES_BITS_64; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13771; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13772: hashconfig->hash_type = HASH_TYPE_STREEBOG_512; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_VCSBOG512_XTS1024; - hashconfig->dgst_size = DGST_SIZE_8_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP - | OPTI_TYPE_USES_BITS_64; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13772; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - - case 13773: hashconfig->hash_type = HASH_TYPE_STREEBOG_512; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_VCSBOG512_XTS1536; - hashconfig->dgst_size = DGST_SIZE_8_8; - hashconfig->parse_func = veracrypt_parse_hash_500000; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP - | OPTI_TYPE_USES_BITS_64; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_13773; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 13800: hashconfig->hash_type = HASH_TYPE_SHA256; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -19244,46 +15003,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 14900: hashconfig->hash_type = HASH_TYPE_SKIP32; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_ST_GENERATE_LE - | OPTS_TYPE_PT_NEVERCRACK; - hashconfig->kern_type = KERN_TYPE_SKIP32; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = skip32_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_14900; - hashconfig->st_pass = ST_PASS_HASHCAT_EXCL3; - break; - - case 15000: hashconfig->hash_type = HASH_TYPE_SHA512; - hashconfig->salt_type = SALT_TYPE_GENERIC; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_BE; // OPTS_TYPE_ST_ADD80 added within kernel - hashconfig->kern_type = KERN_TYPE_FILEZILLA_SERVER; - hashconfig->dgst_size = DGST_SIZE_8_8; - hashconfig->parse_func = filezilla_server_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_PRECOMPUTE_MERKLE - | OPTI_TYPE_EARLY_SKIP - | OPTI_TYPE_NOT_ITERATED - | OPTI_TYPE_USES_BITS_64 - | OPTI_TYPE_RAW_HASH; - hashconfig->dgst_pos0 = 14; - hashconfig->dgst_pos1 = 15; - hashconfig->dgst_pos2 = 6; - hashconfig->dgst_pos3 = 7; - hashconfig->st_hash = ST_HASH_15000; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 15100: hashconfig->hash_type = HASH_TYPE_SHA1; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; @@ -19318,24 +15037,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 15400: hashconfig->hash_type = HASH_TYPE_CHACHA20; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE; - hashconfig->kern_type = KERN_TYPE_CHACHA20; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = chacha20_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_USES_BITS_32 - | OPTI_TYPE_RAW_HASH; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_15400; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 15500: hashconfig->hash_type = HASH_TYPE_JKS_SHA1; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -19522,17 +15223,12 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_hash = ST_HASH_16700; hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - - - } // esalt_size switch (hashconfig->hash_mode) { - case 5300: hashconfig->esalt_size = sizeof (ikepsk_t); break; - case 5400: hashconfig->esalt_size = sizeof (ikepsk_t); break; case 6600: hashconfig->esalt_size = sizeof (agilekey_t); break; case 7200: hashconfig->esalt_size = sizeof (pbkdf2_sha512_t); break; case 7300: hashconfig->esalt_size = sizeof (rakp_t); break; @@ -19541,19 +15237,8 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 9200: hashconfig->esalt_size = sizeof (pbkdf2_sha256_t); break; case 9400: hashconfig->esalt_size = sizeof (office2007_t); break; case 9500: hashconfig->esalt_size = sizeof (office2010_t); break; - case 9600: hashconfig->esalt_size = sizeof (office2013_t); break; - case 9700: hashconfig->esalt_size = sizeof (oldoffice01_t); break; - case 9710: hashconfig->esalt_size = sizeof (oldoffice01_t); break; - case 9720: hashconfig->esalt_size = sizeof (oldoffice01_t); break; - case 9800: hashconfig->esalt_size = sizeof (oldoffice34_t); break; - case 9810: hashconfig->esalt_size = sizeof (oldoffice34_t); break; - case 9820: hashconfig->esalt_size = sizeof (oldoffice34_t); break; case 10000: hashconfig->esalt_size = sizeof (pbkdf2_sha256_t); break; case 10200: hashconfig->esalt_size = sizeof (cram_md5_t); break; - case 10400: hashconfig->esalt_size = sizeof (pdf_t); break; - case 10410: hashconfig->esalt_size = sizeof (pdf_t); break; - case 10420: hashconfig->esalt_size = sizeof (pdf_t); break; - case 10500: hashconfig->esalt_size = sizeof (pdf_t); break; case 10600: hashconfig->esalt_size = sizeof (pdf_t); break; case 10700: hashconfig->esalt_size = sizeof (pdf_t); break; case 10900: hashconfig->esalt_size = sizeof (pbkdf2_sha256_t); break; @@ -19562,31 +15247,9 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 12001: hashconfig->esalt_size = sizeof (pbkdf2_sha1_t); break; case 12100: hashconfig->esalt_size = sizeof (pbkdf2_sha512_t); break; case 13600: hashconfig->esalt_size = sizeof (zip2_t); break; - case 13711: hashconfig->esalt_size = sizeof (tc_t); break; - case 13712: hashconfig->esalt_size = sizeof (tc_t); break; - case 13713: hashconfig->esalt_size = sizeof (tc_t); break; - case 13721: hashconfig->esalt_size = sizeof (tc_t); break; - case 13722: hashconfig->esalt_size = sizeof (tc_t); break; - case 13723: hashconfig->esalt_size = sizeof (tc_t); break; - case 13731: hashconfig->esalt_size = sizeof (tc_t); break; - case 13732: hashconfig->esalt_size = sizeof (tc_t); break; - case 13733: hashconfig->esalt_size = sizeof (tc_t); break; - case 13741: hashconfig->esalt_size = sizeof (tc_t); break; - case 13742: hashconfig->esalt_size = sizeof (tc_t); break; - case 13743: hashconfig->esalt_size = sizeof (tc_t); break; - case 13751: hashconfig->esalt_size = sizeof (tc_t); break; - case 13752: hashconfig->esalt_size = sizeof (tc_t); break; - case 13753: hashconfig->esalt_size = sizeof (tc_t); break; - case 13761: hashconfig->esalt_size = sizeof (tc_t); break; - case 13762: hashconfig->esalt_size = sizeof (tc_t); break; - case 13763: hashconfig->esalt_size = sizeof (tc_t); break; - case 13771: hashconfig->esalt_size = sizeof (tc_t); break; - case 13772: hashconfig->esalt_size = sizeof (tc_t); break; - case 13773: hashconfig->esalt_size = sizeof (tc_t); break; case 13800: hashconfig->esalt_size = sizeof (win8phone_t); break; case 14700: hashconfig->esalt_size = sizeof (itunes_backup_t); break; case 14800: hashconfig->esalt_size = sizeof (itunes_backup_t); break; - case 15400: hashconfig->esalt_size = sizeof (chacha20_t); break; case 15500: hashconfig->esalt_size = sizeof (jks_sha1_t); break; case 15600: hashconfig->esalt_size = sizeof (ethereum_pbkdf2_t); break; case 16100: hashconfig->esalt_size = sizeof (tacacs_plus_t); break; @@ -19601,8 +15264,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) switch (hashconfig->hash_mode) { - case 2100: hashconfig->tmp_size = sizeof (dcc2_tmp_t); break; - case 5200: hashconfig->tmp_size = sizeof (pwsafe3_tmp_t); break; case 5800: hashconfig->tmp_size = sizeof (androidpin_tmp_t); break; case 6400: hashconfig->tmp_size = sizeof (sha256aix_tmp_t); break; case 6500: hashconfig->tmp_size = sizeof (sha512aix_tmp_t); break; @@ -19613,16 +15274,13 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 7900: hashconfig->tmp_size = sizeof (drupal7_tmp_t); break; case 8200: hashconfig->tmp_size = sizeof (pbkdf2_sha512_tmp_t); break; case 8800: hashconfig->tmp_size = sizeof (androidfde_tmp_t); break; - case 9000: hashconfig->tmp_size = sizeof (pwsafe2_tmp_t); break; case 9100: hashconfig->tmp_size = sizeof (lotus8_tmp_t); break; case 9200: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 9400: hashconfig->tmp_size = sizeof (office2007_tmp_t); break; case 9500: hashconfig->tmp_size = sizeof (office2010_tmp_t); break; - case 9600: hashconfig->tmp_size = sizeof (office2013_tmp_t); break; case 10000: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 10200: hashconfig->tmp_size = sizeof (cram_md5_t); break; case 10300: hashconfig->tmp_size = sizeof (saph_sha1_tmp_t); break; - case 10500: hashconfig->tmp_size = sizeof (pdf14_tmp_t); break; case 10700: hashconfig->tmp_size = sizeof (pdf17l8_tmp_t); break; case 10900: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 11900: hashconfig->tmp_size = sizeof (pbkdf2_md5_tmp_t); break; @@ -19630,33 +15288,11 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 12100: hashconfig->tmp_size = sizeof (pbkdf2_sha512_tmp_t); break; case 12200: hashconfig->tmp_size = sizeof (ecryptfs_tmp_t); break; case 12300: hashconfig->tmp_size = sizeof (oraclet_tmp_t); break; - case 12400: hashconfig->tmp_size = sizeof (bsdicrypt_tmp_t); break; case 12700: hashconfig->tmp_size = sizeof (mywallet_tmp_t); break; case 12800: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 12900: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 13200: hashconfig->tmp_size = sizeof (axcrypt_tmp_t); break; case 13600: hashconfig->tmp_size = sizeof (pbkdf2_sha1_tmp_t); break; - case 13711: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13712: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13713: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13721: hashconfig->tmp_size = sizeof (tc64_tmp_t); break; - case 13722: hashconfig->tmp_size = sizeof (tc64_tmp_t); break; - case 13723: hashconfig->tmp_size = sizeof (tc64_tmp_t); break; - case 13731: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13732: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13733: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13741: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13742: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13743: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13751: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13752: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13753: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13761: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13762: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13763: hashconfig->tmp_size = sizeof (tc_tmp_t); break; - case 13771: hashconfig->tmp_size = sizeof (vc64_sbog_tmp_t); break; - case 13772: hashconfig->tmp_size = sizeof (vc64_sbog_tmp_t); break; - case 13773: hashconfig->tmp_size = sizeof (vc64_sbog_tmp_t); break; case 14700: hashconfig->tmp_size = sizeof (pbkdf2_sha1_tmp_t); break; case 14800: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 15100: hashconfig->tmp_size = sizeof (pbkdf1_sha1_tmp_t); break; @@ -19666,25 +15302,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 16300: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 16700: hashconfig->tmp_size = sizeof (apple_secure_notes_tmp_t); break; }; - -} - -u32 default_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - // pw_min : should be set to default at the time this is executed - - u32 pw_min = hashconfig->pw_min; - - switch (hashconfig->hash_mode) - { - case 9710: pw_min = 5; break; // RC4-40 fixed - case 9810: pw_min = 5; break; // RC4-40 fixed - case 10410: pw_min = 5; break; // RC4-40 fixed - case 14900: pw_min = 10; break; // Skip32 fixed - case 15400: pw_min = 32; break; // ChaCha20 fixed - } - - return pw_min; } u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) @@ -19697,7 +15314,6 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co if (optimized_kernel == true) { - switch (hashconfig->hash_mode) { case 5800: pw_max = MIN (pw_max, 16); // pure kernel available @@ -19737,9 +15353,7 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co switch (hashconfig->hash_mode) { case 112: pw_max = 30; break; // https://www.toadworld.com/platforms/oracle/b/weblog/archive/2013/11/12/oracle-12c-passwords - case 2100: pw_max = PW_MAX; break; case 3100: pw_max = 30; break; // http://www.red-database-security.de/whitepaper/oracle_passwords.html - case 5200: pw_max = PW_MAX; break; case 6400: pw_max = PW_MAX; break; case 6500: pw_max = PW_MAX; break; case 6600: pw_max = PW_MAX; break; @@ -19750,7 +15364,6 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co case 7900: pw_max = PW_MAX; break; case 8000: pw_max = 30; break; // http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc31654.1570/html/sag1/CIHIBDBA.htm case 8200: pw_max = PW_MAX; break; - case 8500: pw_max = 8; break; // Underlaying DES max case 8600: pw_max = 16; break; // Lotus Notes/Domino 5 limits itself to 16 case 8700: pw_max = 64; break; // https://www.ibm.com/support/knowledgecenter/en/SSKTWP_8.5.3/com.ibm.notes85.client.doc/fram_limits_of_notes_r.html case 8800: pw_max = PW_MAX; break; @@ -19758,53 +15371,20 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co case 9200: pw_max = PW_MAX; break; case 9400: pw_max = PW_MAX; break; case 9500: pw_max = PW_MAX; break; - case 9600: pw_max = PW_MAX; break; - case 9700: pw_max = 15; break; // https://msdn.microsoft.com/en-us/library/dd772916(v=office.12).aspx - case 9710: pw_max = 5; break; // Underlaying RC4-40 max - case 9720: pw_max = 15; break; // https://msdn.microsoft.com/en-us/library/dd772916(v=office.12).aspx - case 9800: pw_max = 15; break; // https://msdn.microsoft.com/en-us/library/dd772916(v=office.12).aspx - case 9810: pw_max = 5; break; // Underlaying RC4-40 max - case 9820: pw_max = 15; break; // https://msdn.microsoft.com/en-us/library/dd772916(v=office.12).aspx case 9900: pw_max = 100; break; // RAdmin2 sets w[25] = 0x80 case 10000: pw_max = PW_MAX; break; case 10300: pw_max = 40; break; // https://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/ - case 10400: pw_max = 32; break; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ - case 10410: pw_max = 5; break; // Underlaying RC4-40 max - case 10420: pw_max = 32; break; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ - case 10500: pw_max = 32; break; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ case 10600: pw_max = 127; break; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ case 10900: pw_max = PW_MAX; break; case 11900: pw_max = PW_MAX; break; case 12001: pw_max = PW_MAX; break; case 12200: pw_max = PW_MAX; break; case 12300: pw_max = PW_MAX; break; - case 12400: pw_max = PW_MAX; break; case 12700: pw_max = PW_MAX; break; case 12800: pw_max = PW_MAX; break; case 12900: pw_max = PW_MAX; break; case 13200: pw_max = PW_MAX; break; case 13600: pw_max = PW_MAX; break; - case 13711: pw_max = 64; break; // VC limits itself to 64 - case 13712: pw_max = 64; break; // VC limits itself to 64 - case 13713: pw_max = 64; break; // VC limits itself to 64 - case 13721: pw_max = 64; break; // VC limits itself to 64 - case 13722: pw_max = 64; break; // VC limits itself to 64 - case 13723: pw_max = 64; break; // VC limits itself to 64 - case 13731: pw_max = 64; break; // VC limits itself to 64 - case 13732: pw_max = 64; break; // VC limits itself to 64 - case 13733: pw_max = 64; break; // VC limits itself to 64 - case 13741: pw_max = 64; break; // VC limits itself to 64 - case 13742: pw_max = 64; break; // VC limits itself to 64 - case 13743: pw_max = 64; break; // VC limits itself to 64 - case 13751: pw_max = 64; break; // VC limits itself to 64 - case 13752: pw_max = 64; break; // VC limits itself to 64 - case 13753: pw_max = 64; break; // VC limits itself to 64 - case 13761: pw_max = 64; break; // VC limits itself to 64 - case 13762: pw_max = 64; break; // VC limits itself to 64 - case 13763: pw_max = 64; break; // VC limits itself to 64 - case 13771: pw_max = 64; break; // VC limits itself to 64 - case 13772: pw_max = 64; break; // VC limits itself to 64 - case 13773: pw_max = 64; break; // VC limits itself to 64 case 14611: pw_max = PW_MAX; break; case 14612: pw_max = PW_MAX; break; case 14613: pw_max = PW_MAX; break; @@ -19819,393 +15399,10 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co case 14643: pw_max = PW_MAX; break; case 14700: pw_max = PW_MAX; break; case 14800: pw_max = PW_MAX; break; - case 14900: pw_max = 10; break; // Underlaying Skip32 fixed case 15100: pw_max = PW_MAX; break; - case 15400: pw_max = 32; break; // Underlaying ChaCha20 fixed case 15600: pw_max = PW_MAX; break; case 16000: pw_max = 8; break; // Underlaying DES max } return pw_max; } - -u32 default_salt_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - - // salt_min : should be set to default at the time this is executed - - u32 salt_min = hashconfig->salt_min; - - - - switch (hashconfig->hash_mode) - { - case 11000: salt_min = 56; break; - case 12600: salt_min = 64; break; - case 15000: salt_min = 64; break; - } - - return salt_min; -} - -u32 default_salt_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - - // salt_max : should be set to default at the time this is executed - - u32 salt_max = hashconfig->salt_max; - - - - switch (hashconfig->hash_mode) - { - case 11000: salt_max = 56; break; - case 12600: salt_max = 64; break; - case 15000: salt_max = 64; break; - } - - - return salt_max; -} - -const char *default_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - switch (hashconfig->hash_mode) - { - case 9710: mask = "?b?b?b?b?b"; - break; - case 9810: mask = "?b?b?b?b?b"; - break; - case 10410: mask = "?b?b?b?b?b"; - break; - case 14900: mask = "?b?b?b?b?bxxxxx"; - break; - default: mask = "?b?b?b?b?b?b?b"; - break; - } - -} - -bool default_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - - switch (hashconfig->hash_mode) - { - case 5300: return true; - case 5400: return true; - } - - -} - -u32 default_forced_outfile_format -{ - - if (hashconfig->hash_mode == 9710) - { - user_options->outfile_format = 5; - } - - if (hashconfig->hash_mode == 9810) - { - user_options->outfile_format = 5; - } - - if (hashconfig->hash_mode == 10410) - { - user_options->outfile_format = 5; - } - -} - - - -static void precompute_salt_md5 (const u32 *salt_buf, const u32 salt_len, u8 *salt_pc) -{ - u32 digest[4] = { 0 }; - - md5_complete_no_limit (digest, salt_buf, salt_len); - - u32_to_hex (digest[0], salt_pc + 0); - u32_to_hex (digest[1], salt_pc + 8); - u32_to_hex (digest[2], salt_pc + 16); - u32_to_hex (digest[3], salt_pc + 24); -} - - -bool outfile_check_disable -{ - - - if ((hashconfig->hash_mode == 5200) || - (hashconfig->hash_mode == 9000) || - ((hashconfig->hash_mode >= 13700) && (hashconfig->hash_mode <= 13799)) || - -} - -bool potfile_disable -{ - - if (hashconfig->hash_mode == 5200) return 0; - if (hashconfig->hash_mode == 9000) return 0; - if ((hashconfig->hash_mode >= 13700) - && (hashconfig->hash_mode <= 13799)) return 0; - -} - -int build_plain_postprocess (const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) -{ - // veracrypt boot only: - // we do some kernel internal substituations, so we need to do that here as well, if it cracks - - if (hashconfig->opts_type & OPTS_TYPE_KEYBOARD_MAPPING) - { - tc_t *tc = (tc_t *) hashes->esalts_buf; - - return execute_keyboard_layout_mapping (plain_buf, plain_len, tc->keyboard_layout_mapping_buf, tc->keyboard_layout_mapping_cnt); - } - - -} - - -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - - #if defined (__APPLE__) - - /** - * If '--force' is not set, we proceed to excluding unstable hash-modes, - * too high kernel runtime, even on -u1 -n1, therefore likely to run into trap 6 - */ - - if ( - || (hashconfig->hash_mode == 9800) - - { - return true; - } - - #endif // __APPLE__ - - return false; -} - -u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) -{ - else if (hashconfig->hash_mode == 9600) - { - return KERN_RUN_3; - } -} - - - - - -void decoder_apply_optimizer (const hashconfig_t *hashconfig, void *data) -{ - const u32 hash_type = hashconfig->hash_type; - const u32 opti_type = hashconfig->opti_type; - - u32 *digest_buf = (u32 *) data; - u64 *digest_buf64 = (u64 *) data; - - if (opti_type & OPTI_TYPE_PRECOMPUTE_PERMUT) - { - u32 tt; - - switch (hash_type) - { - case HASH_TYPE_DESRACF: - digest_buf[0] = rotl32 (digest_buf[0], 29); - digest_buf[1] = rotl32 (digest_buf[1], 29); - - IP (digest_buf[0], digest_buf[1], tt); - break; - - case HASH_TYPE_BSDICRYPT: - digest_buf[0] = rotl32 (digest_buf[0], 31); - digest_buf[1] = rotl32 (digest_buf[1], 31); - - IP (digest_buf[0], digest_buf[1], tt); - break; - } - } - -} - -void encoder_apply_optimizer (const hashconfig_t *hashconfig, void *data) -{ - const u32 hash_type = hashconfig->hash_type; - const u32 opti_type = hashconfig->opti_type; - - u32 *digest_buf = (u32 *) data; - u64 *digest_buf64 = (u64 *) data; - - if (opti_type & OPTI_TYPE_PRECOMPUTE_PERMUT) - { - u32 tt; - - // dont trust this too much, was created untested - - - case HASH_TYPE_NETNTLM: - - salt.salt_buf[0] = rotr32 (salt.salt_buf[0], 3); - salt.salt_buf[1] = rotr32 (salt.salt_buf[1], 3); - - u32 tt; - - FP (salt.salt_buf[1], salt.salt_buf[0], tt); - - break; - - - - switch (hash_type) - { - case HASH_TYPE_DESRACF: - digest_buf[0] = rotl32 (digest_buf[0], 29); - digest_buf[1] = rotl32 (digest_buf[1], 29); - - FP (digest_buf[1], digest_buf[0], tt); - break; - - case HASH_TYPE_BSDICRYPT: - digest_buf[0] = rotl32 (digest_buf[0], 31); - digest_buf[1] = rotl32 (digest_buf[1], 31); - - FP (digest_buf[1], digest_buf[0], tt); - break; - } - } - - -} - -void module_hash_binary_parse -{ - // some special initializations for rare hash-modes which have special user_options - - || ((hashconfig->hash_mode >= 13700) && (hashconfig->hash_mode == 13799))) - { - hashes_t *hashes = hashcat_ctx->hashes; - - tc_t *tc = (tc_t *) hashes->esalts_buf; - - char *optional_param1 = NULL; - - if (user_options->veracrypt_keyfiles) optional_param1 = user_options->veracrypt_keyfiles; - - if (optional_param1) - { - char *tcvc_keyfiles = optional_param1; - - char *keyfiles = hcstrdup (tcvc_keyfiles); - - if (keyfiles == NULL) return -1; - - char *saveptr = NULL; - - char *keyfile = strtok_r (keyfiles, ",", &saveptr); - - if (keyfile == NULL) - { - free (keyfiles); - - return -1; - } - - do - { - const int rc_crc32 = cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); - - if (rc_crc32 == -1) - { - free (keyfiles); - - return -1; - } - - } while ((keyfile = strtok_r ((char *) NULL, ",", &saveptr)) != NULL); - - free (keyfiles); - } - - // veracrypt boot only - if (hashconfig->opts_type & OPTS_TYPE_KEYBOARD_MAPPING) - { - if (user_options->keyboard_layout_mapping) - { - const bool rc = initialize_keyboard_layout_mapping (hashcat_ctx, user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); - - if (rc == false) return -1; - } - } - } - - // veracrypt only - if ((hashconfig->hash_mode >= 13700) && (hashconfig->hash_mode == 13799)) - { - if (user_options->veracrypt_pim) - { - // we can access salt directly here because in VC it's always just one salt not many - - hashes_t *hashes = hashcat_ctx->hashes; - - salt_t *salts_buf = hashes->salts_buf; - - salt_t *salt = &salts_buf[0]; - - switch (hashconfig->hash_mode) - { - case 13711: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13712: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13713: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13721: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13722: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13723: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13731: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13732: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13733: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13741: salt->salt_iter = user_options->veracrypt_pim * 2048; - break; - case 13742: salt->salt_iter = user_options->veracrypt_pim * 2048; - break; - case 13743: salt->salt_iter = user_options->veracrypt_pim * 2048; - break; - case 13751: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13752: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13753: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13761: salt->salt_iter = user_options->veracrypt_pim * 2048; - break; - case 13762: salt->salt_iter = user_options->veracrypt_pim * 2048; - break; - case 13763: salt->salt_iter = user_options->veracrypt_pim * 2048; - break; - case 13771: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13772: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - case 13773: salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); - break; - } - - salt->salt_iter -= 1; - } - } - -} diff --git a/src/modules/module_02100.c b/src/modules/module_02100.c new file mode 100644 index 000000000..fb6322080 --- /dev/null +++ b/src/modules/module_02100.c @@ -0,0 +1,231 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_OS; +static const char *HASH_NAME = "Domain Cached Credentials 2 (DCC2), MS Cache 2"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 2100; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_LOWER; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$DCC2$10240#6848#e2829c8af2232fa53797e2f0e35e4626"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct dcc2_tmp +{ + u32 ipad[5]; + u32 opad[5]; + + u32 dgst[5]; + u32 out[4]; + +} dcc2_tmp_t; + +static const char *SIGNATURE_DCC2 = "$DCC2$"; + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (dcc2_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 4; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_DCC2; + + token.len[0] = 6; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 6; + token.sep[1] = '#'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = SALT_MIN; + token.len_max[2] = SALT_MAX; + token.sep[2] = '#'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[3] = 32; + token.len_max[3] = 32; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[3]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + + const u8 *salt_pos = token.buf[2]; + const int salt_len = token.len[2]; + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + const u8 *iter_pos = token.buf[1]; + + u32 iter = hc_strtoul ((const char *) iter_pos, NULL, 10); + + salt->salt_iter = iter - 1; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + int line_len = 0; + + line_len += snprintf (line_buf + line_len, line_size - line_len, "%s%u#", SIGNATURE_DCC2, salt->salt_iter + 1); + + char *salt_ptr = (char *) salt->salt_buf; + + for (u32 i = 0; i < salt->salt_len; i++) + { + line_len += snprintf (line_buf + line_len, line_size - line_len, "%c", salt_ptr[i]); + } + + line_len += snprintf (line_buf + line_len, line_size - line_len, "#%08x%08x%08x%08x", + digest[0], + digest[1], + digest[2], + digest[3]); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_02811.c b/src/modules/module_02811.c new file mode 100644 index 000000000..ed982dc65 --- /dev/null +++ b/src/modules/module_02811.c @@ -0,0 +1,230 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "cpu_md5.h" +#include "inc_hash_constants.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 3; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 1; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FORUM_SOFTWARE; +static const char *HASH_NAME = "MyBB 1.2+, IPB2+ (Invision Power Board)"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 2810; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_EARLY_SKIP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_ADDBITS14; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "022f7e02b3314f7d0968f73c00ba759f:67588"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static void precompute_salt_md5 (const u32 *salt_buf, const u32 salt_len, u8 *salt_pc) +{ + u32 digest[4] = { 0 }; + + md5_complete_no_limit (digest, salt_buf, salt_len); + + u32_to_hex (digest[0], salt_pc + 0); + u32_to_hex (digest[1], salt_pc + 8); + u32_to_hex (digest[2], salt_pc + 16); + u32_to_hex (digest[3], salt_pc + 24); +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 2; + + token.sep[0] = hashconfig->separator; + token.len_min[0] = 32; + token.len_max[0] = 32; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = SALT_MIN; + token.len_max[1] = SALT_MAX; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + if (hashconfig->opts_type & OPTS_TYPE_ST_HEX) + { + token.len_min[1] *= 2; + token.len_max[1] *= 2; + + token.attr[1] |= TOKEN_ATTR_VERIFY_HEX; + } + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + + if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE) + { + digest[0] -= MD5M_A; + digest[1] -= MD5M_B; + digest[2] -= MD5M_C; + digest[3] -= MD5M_D; + } + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + precompute_salt_md5 (salt->salt_buf, salt->salt_len, (u8 *) salt->salt_buf_pc); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u32 tmp[4]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + + if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE) + { + tmp[0] += MD5M_A; + tmp[1] += MD5M_B; + tmp[2] += MD5M_C; + tmp[3] += MD5M_D; + } + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + u32_to_hex (tmp[0], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[1], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[2], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[3], out_buf + out_len); out_len += 8; + + out_buf[out_len] = hashconfig->separator; + + out_len += 1; + + memcpy (out_buf + out_len, salt->salt_buf, salt->salt_len); + + out_len += salt->salt_len; + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_03910.c b/src/modules/module_03910.c new file mode 100644 index 000000000..dfc8666a9 --- /dev/null +++ b/src/modules/module_03910.c @@ -0,0 +1,232 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "cpu_md5.h" +#include "inc_hash_constants.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 3; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 1; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_HASH_SALTED; +static const char *HASH_NAME = "md5(md5($pass).md5($salt))"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 3910; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_EARLY_SKIP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_ADDBITS14 + | OPTS_TYPE_ST_ADD80 + | OPTS_TYPE_ST_ADDBITS14; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "d8281daba5da597503d12fe31808b4a7:283053"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static void precompute_salt_md5 (const u32 *salt_buf, const u32 salt_len, u8 *salt_pc) +{ + u32 digest[4] = { 0 }; + + md5_complete_no_limit (digest, salt_buf, salt_len); + + u32_to_hex (digest[0], salt_pc + 0); + u32_to_hex (digest[1], salt_pc + 8); + u32_to_hex (digest[2], salt_pc + 16); + u32_to_hex (digest[3], salt_pc + 24); +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 2; + + token.sep[0] = hashconfig->separator; + token.len_min[0] = 32; + token.len_max[0] = 32; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = SALT_MIN; + token.len_max[1] = SALT_MAX; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + if (hashconfig->opts_type & OPTS_TYPE_ST_HEX) + { + token.len_min[1] *= 2; + token.len_max[1] *= 2; + + token.attr[1] |= TOKEN_ATTR_VERIFY_HEX; + } + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + + if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE) + { + digest[0] -= MD5M_A; + digest[1] -= MD5M_B; + digest[2] -= MD5M_C; + digest[3] -= MD5M_D; + } + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + precompute_salt_md5 (salt->salt_buf, salt->salt_len, (u8 *) salt->salt_buf_pc); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u32 tmp[4]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + + if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE) + { + tmp[0] += MD5M_A; + tmp[1] += MD5M_B; + tmp[2] += MD5M_C; + tmp[3] += MD5M_D; + } + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + u32_to_hex (tmp[0], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[1], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[2], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[3], out_buf + out_len); out_len += 8; + + out_buf[out_len] = hashconfig->separator; + + out_len += 1; + + memcpy (out_buf + out_len, salt->salt_buf, salt->salt_len); + + out_len += salt->salt_len; + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_05200.c b/src/modules/module_05200.c new file mode 100644 index 000000000..a41f1261a --- /dev/null +++ b/src/modules/module_05200.c @@ -0,0 +1,223 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "Password Safe v3"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 5200; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "50575333e4e2a590a5e5c8269f57ec04a8a1c0c03da55b311c51236dab8c6b96b0afca02000800005eaeee20c6cc10d5caa6522b3ca545c41d9133d630ca08f467b7aae8a2bbef51aa2df968d10b9c4cfb17a182c0add7acb8c153794f51337e12f472f451d10e6dcac664ed760606aabdbb6b794a80d6ce2a330100c76de0ff961a45cca21576b893d826c52f272b97cdf48aca6fbe6c74b039f81c61b7d632fb6fddd9f96162ab1effd69a4598a331e855e38792e5365272d4791bf991d248e1585a9ad20ea3d77b5d2ef9a711ef90a70ec6991cb578f1b8bdaa9efa7b0039e9ea96f777491713047bdd99fa1d78f06f23406a66046b387d3034e46b1f84129bba853cc18fa49f107dc0290547258d30566a4b1b363ff4c1c16cb2f5f400059833d4b651bfa508200cbdc7a75fc57ef90eb1d90b0deea8505753332d454f46505753332d454f466236710e2e2477878e738b60d0aa2834a96b01e97764fe980243a06ad16939d1"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct psafe3 +{ + char signature[4]; + u32 salt_buf[8]; + u32 iterations; + u32 hash_buf[8]; + +} psafe3_t; + +typedef struct pwsafe3_tmp +{ + u32 digest_buf[8]; + +} pwsafe3_tmp_t; + +static const char *SIGNATURE_PSAFE3 = "PWS3"; + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = PW_MAX; + + return pw_max; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pwsafe3_tmp_t); + + return tmp_size; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + if (line_len == 0) return (PARSER_HASH_LENGTH); + + FILE *fp = fopen ((const char *) line_buf, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + psafe3_t in; + + memset (&in, 0, sizeof (psafe3_t)); + + const size_t n = hc_fread (&in, sizeof (psafe3_t), 1, fp); + + fclose (fp); + + if (n != 1) return (PARSER_PSAFE3_FILE_SIZE); + + if (memcmp (SIGNATURE_PSAFE3, in.signature, 4) != 0) return (PARSER_SIGNATURE_UNMATCHED); + + salt->salt_iter = in.iterations + 1; + + salt->salt_buf[0] = in.salt_buf[0]; + salt->salt_buf[1] = in.salt_buf[1]; + salt->salt_buf[2] = in.salt_buf[2]; + salt->salt_buf[3] = in.salt_buf[3]; + salt->salt_buf[4] = in.salt_buf[4]; + salt->salt_buf[5] = in.salt_buf[5]; + salt->salt_buf[6] = in.salt_buf[6]; + salt->salt_buf[7] = in.salt_buf[7]; + + salt->salt_len = 32; + + digest[0] = in.hash_buf[0]; + digest[1] = in.hash_buf[1]; + digest[2] = in.hash_buf[2]; + digest[3] = in.hash_buf[3]; + digest[4] = in.hash_buf[4]; + digest[5] = in.hash_buf[5]; + digest[6] = in.hash_buf[6]; + digest[7] = in.hash_buf[7]; + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + digest[5] = byte_swap_32 (digest[5]); + digest[6] = byte_swap_32 (digest[6]); + digest[7] = byte_swap_32 (digest[7]); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_05300.c b/src/modules/module_05300.c new file mode 100644 index 000000000..7bded3bae --- /dev/null +++ b/src/modules/module_05300.c @@ -0,0 +1,308 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 3; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 1; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL; +static const char *HASH_NAME = "IKE-PSK MD5"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 5300; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_ADD80; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "50503326cac6e4bd892b8257805b5a59a285f464ad3f63dc01bd0335f8341ef52e00be0b8cb205422a3788f021e4e6e8ccbe34784bc85abe42f62545bac64888426a2f1264fa28cf384ff00b14cfa5eff562dda4fad2a31fd7a6715218cff959916deed856feea5bee2e773241c5fbebf202958f0ce0c432955e0f1f6d1259da:688a7bfa8d5819630a970ed6d27018021a15fbb3e2fdcc36ce9b563d8ff95f510c4b3236c014d1cde9c2f1a999b121bc3ab1bc8049c8ac1e8c167a84f53c867492723eb01ab4b38074b38f4297d6fea8f44e01ea828fce33c433430938b1551f60673ce8088e7d2f41e3b49315344046fefee1e3860064331417562761db3ba4:c66606d691eaade4:8bdc88a2cdb4a1cf:c3b13137fae9f66684d98709939e5c3454ee31a98c80a1c76427d805b5dea866eff045515e8fb42dd259b9448caba9d937f4b3b75ec1b092a92232b4c8c1e70a60a52076e907f887b731d0f66e19e09b535238169c74c04a4b393f9b815c54eef4558cd8a22c9018bb4f24ee6db0e32979f9a353361cdba948f9027551ee40b1c96ba81c28aa3e1a0fac105dc469efa83f6d3ee281b945c6fa8b4677bac26dda:53f757c5b08afad6:aa02d9289e1702e5d7ed1e4ebf35ab31c2688e00:aab8580015cf545ac0b7291d15a4f2c79e06defd:944a0df3939f3bd281c9d05fbc0e3d30"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct ikepsk +{ + u32 nr_buf[16]; + u32 nr_len; + + u32 msg_buf[128]; + u32 msg_len[6]; + +} ikepsk_t; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (ikepsk_t); + + return esalt_size; +} + +bool module_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool hlfmt_disable = true; + + return hlfmt_disable; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + ikepsk_t *ikepsk = (ikepsk_t *) esalt_buf; + + token_t token; + + token.token_cnt = 9; + + token.sep[0] = ':'; + token.len_min[0] = 0; + token.len_max[0] = 1024; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[1] = ':'; + token.len_min[1] = 0; + token.len_max[1] = 1024; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = ':'; + token.len_min[2] = 0; + token.len_max[2] = 1024; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = ':'; + token.len_min[3] = 0; + token.len_max[3] = 1024; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = ':'; + token.len_min[4] = 0; + token.len_max[4] = 1024; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = ':'; + token.len_min[5] = 0; + token.len_max[5] = 1024; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = ':'; + token.len_min[6] = 0; + token.len_max[6] = 128; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = ':'; + token.len_min[7] = 0; + token.len_max[7] = 128; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = ':'; + token.len_min[8] = 32; + token.len_max[8] = 32; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + ikepsk->msg_len[0] = token.len[0] / 2; + ikepsk->msg_len[1] = ikepsk->msg_len[0] + token.len[1] / 2; + ikepsk->msg_len[2] = ikepsk->msg_len[1] + token.len[2] / 2; + ikepsk->msg_len[3] = ikepsk->msg_len[2] + token.len[3] / 2; + ikepsk->msg_len[4] = ikepsk->msg_len[3] + token.len[4] / 2; + ikepsk->msg_len[5] = ikepsk->msg_len[4] + token.len[5] / 2; + ikepsk->nr_len = (token.len[6] + token.len[7]) / 2; + + if (ikepsk->msg_len[5] > 512) return (PARSER_SALT_LENGTH); + if (ikepsk->nr_len > 64) return (PARSER_SALT_LENGTH); + + u8 *ptr1 = (u8 *) ikepsk->msg_buf; + u8 *ptr2 = (u8 *) ikepsk->nr_buf; + + for (int i = 0; i < token.len[0]; i += 2) *ptr1++ = hex_to_u8 (token.buf[0] + i); + for (int i = 0; i < token.len[1]; i += 2) *ptr1++ = hex_to_u8 (token.buf[1] + i); + for (int i = 0; i < token.len[2]; i += 2) *ptr1++ = hex_to_u8 (token.buf[2] + i); + for (int i = 0; i < token.len[3]; i += 2) *ptr1++ = hex_to_u8 (token.buf[3] + i); + for (int i = 0; i < token.len[4]; i += 2) *ptr1++ = hex_to_u8 (token.buf[4] + i); + for (int i = 0; i < token.len[5]; i += 2) *ptr1++ = hex_to_u8 (token.buf[5] + i); + for (int i = 0; i < token.len[6]; i += 2) *ptr2++ = hex_to_u8 (token.buf[6] + i); + for (int i = 0; i < token.len[7]; i += 2) *ptr2++ = hex_to_u8 (token.buf[7] + i); + + *ptr1++ = 0x80; + *ptr2++ = 0x80; + + /** + * Store to database + */ + + const u8 *hash_pos = token.buf[8]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + + salt->salt_len = 32; + + salt->salt_buf[0] = ikepsk->nr_buf[0]; + salt->salt_buf[1] = ikepsk->nr_buf[1]; + salt->salt_buf[2] = ikepsk->nr_buf[2]; + salt->salt_buf[3] = ikepsk->nr_buf[3]; + salt->salt_buf[4] = ikepsk->nr_buf[4]; + salt->salt_buf[5] = ikepsk->nr_buf[5]; + salt->salt_buf[6] = ikepsk->nr_buf[6]; + salt->salt_buf[7] = ikepsk->nr_buf[7]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const ikepsk_t *ikepsk = (const ikepsk_t *) esalt_buf; + + int line_len = 0; + + // msg_buf + + const u32 ikepsk_msg_len = ikepsk->msg_len[5] / 4; + + for (u32 i = 0; i < ikepsk_msg_len; i++) + { + if ((i == ikepsk->msg_len[0] / 4) || (i == ikepsk->msg_len[1] / 4) || (i == ikepsk->msg_len[2] / 4) || (i == ikepsk->msg_len[3] / 4) || (i == ikepsk->msg_len[4] / 4)) + { + line_len += snprintf (line_buf + line_len, line_size - line_len, ":"); + } + + line_len += snprintf (line_buf + line_len, line_size - line_len, "%08x", byte_swap_32 (ikepsk->msg_buf[i])); + } + + // nr_buf + + const u32 ikepsk_nr_len = ikepsk->nr_len / 4; + + for (u32 i = 0; i < ikepsk_nr_len; i++) + { + if ((i == 0) || (i == 5)) + { + line_len += snprintf (line_buf + line_len, line_size - line_len, ":"); + } + + line_len += snprintf (line_buf + line_len, line_size - line_len, "%08x", byte_swap_32 (ikepsk->nr_buf[i])); + } + + // digest_buf + + for (u32 i = 0; i < 4; i++) + { + if (i == 0) + { + line_len += snprintf (line_buf + line_len, line_size - line_len, ":"); + } + + line_len += snprintf (line_buf + line_len, line_size - line_len, "%08x", byte_swap_32 (digest[i])); + } + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = module_hlfmt_disable; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_05400.c b/src/modules/module_05400.c new file mode 100644 index 000000000..bf935d927 --- /dev/null +++ b/src/modules/module_05400.c @@ -0,0 +1,314 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 3; +static const u32 DGST_POS1 = 4; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 1; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL; +static const char *HASH_NAME = "IKE-PSK SHA1"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 5400; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE + | OPTS_TYPE_ST_ADD80; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "266b43c54636c062b6696b71f24b30999c98bd4c3ba57e2de56a7ae50bb17ebcbca1abcd33e9ad466d4df6e6f2a407600f0c5a983f79d493b0a3694080a81143d4bac7a8b7b008ae5364a04688b3cfae44824885ca96ade1e395936567ecad519b502c3a786c72847f79c67b777feb8ba4f747303eb985709e92b3a5634f6513:60f861c6209c9c996ac0dcb49d6f6809faaaf0e8eb8041fe603a918170a801e94ab8ab10c5906d850f4282c0668029fa69dbc8576f7d86633dc2b21f0d79aa06342b02a4d2732841cd3266b84a7eb49ac489b307ba55562a17741142bac7712025f0a8cad59b11f19d9b756ce998176fd6b063df556957b257b3645549a138c2:f4dd079ed2b60e77:f1f8da1f38f76923:fd862602549f6949b33870f186d96cb8926a19d78442c02af823460740be719eba41a79388aeefb072e1ec7cb46b2f0b72e21fb30bd3a6568d2b041af7f9dc0c9cce27ed577e5aabb9ab6c405f1c4b189adbee8c9fb6abf4788b63a3ae05a02c192187b9d7246efe5e46db9b01bf8f4be05f7599ae52bf137743e41d90dceb85bd6ae07397dcc168bbc904adfebb08e6bc67e653edeee97a7e4ab9dab5e63fec:56e3f0d49ea70514:e754055008febe970053d795d26bfe609f42eda8:0c3283efd6396e7a2ecb008e1933fccb694a4ac0:8f79167724f4bdb2d76ee5d5e502b665e3445ea6"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct ikepsk +{ + u32 nr_buf[16]; + u32 nr_len; + + u32 msg_buf[128]; + u32 msg_len[6]; + +} ikepsk_t; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (ikepsk_t); + + return esalt_size; +} + +bool module_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool hlfmt_disable = true; + + return hlfmt_disable; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + ikepsk_t *ikepsk = (ikepsk_t *) esalt_buf; + + token_t token; + + token.token_cnt = 9; + + token.sep[0] = ':'; + token.len_min[0] = 0; + token.len_max[0] = 1024; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[1] = ':'; + token.len_min[1] = 0; + token.len_max[1] = 1024; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = ':'; + token.len_min[2] = 0; + token.len_max[2] = 1024; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = ':'; + token.len_min[3] = 0; + token.len_max[3] = 1024; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = ':'; + token.len_min[4] = 0; + token.len_max[4] = 1024; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = ':'; + token.len_min[5] = 0; + token.len_max[5] = 1024; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = ':'; + token.len_min[6] = 0; + token.len_max[6] = 128; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = ':'; + token.len_min[7] = 0; + token.len_max[7] = 128; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = ':'; + token.len_min[8] = 40; + token.len_max[8] = 40; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + ikepsk->msg_len[0] = token.len[0] / 2; + ikepsk->msg_len[1] = ikepsk->msg_len[0] + token.len[1] / 2; + ikepsk->msg_len[2] = ikepsk->msg_len[1] + token.len[2] / 2; + ikepsk->msg_len[3] = ikepsk->msg_len[2] + token.len[3] / 2; + ikepsk->msg_len[4] = ikepsk->msg_len[3] + token.len[4] / 2; + ikepsk->msg_len[5] = ikepsk->msg_len[4] + token.len[5] / 2; + ikepsk->nr_len = (token.len[6] + token.len[7]) / 2; + + if (ikepsk->msg_len[5] > 512) return (PARSER_SALT_LENGTH); + if (ikepsk->nr_len > 64) return (PARSER_SALT_LENGTH); + + u8 *ptr1 = (u8 *) ikepsk->msg_buf; + u8 *ptr2 = (u8 *) ikepsk->nr_buf; + + for (int i = 0; i < token.len[0]; i += 2) *ptr1++ = hex_to_u8 (token.buf[0] + i); + for (int i = 0; i < token.len[1]; i += 2) *ptr1++ = hex_to_u8 (token.buf[1] + i); + for (int i = 0; i < token.len[2]; i += 2) *ptr1++ = hex_to_u8 (token.buf[2] + i); + for (int i = 0; i < token.len[3]; i += 2) *ptr1++ = hex_to_u8 (token.buf[3] + i); + for (int i = 0; i < token.len[4]; i += 2) *ptr1++ = hex_to_u8 (token.buf[4] + i); + for (int i = 0; i < token.len[5]; i += 2) *ptr1++ = hex_to_u8 (token.buf[5] + i); + for (int i = 0; i < token.len[6]; i += 2) *ptr2++ = hex_to_u8 (token.buf[6] + i); + for (int i = 0; i < token.len[7]; i += 2) *ptr2++ = hex_to_u8 (token.buf[7] + i); + + *ptr1++ = 0x80; + *ptr2++ = 0x80; + + /** + * Store to database + */ + + const u8 *hash_pos = token.buf[8]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + digest[4] = hex_to_u32 (hash_pos + 32); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + + salt->salt_len = 32; + + salt->salt_buf[0] = ikepsk->nr_buf[0]; + salt->salt_buf[1] = ikepsk->nr_buf[1]; + salt->salt_buf[2] = ikepsk->nr_buf[2]; + salt->salt_buf[3] = ikepsk->nr_buf[3]; + salt->salt_buf[4] = ikepsk->nr_buf[4]; + salt->salt_buf[5] = ikepsk->nr_buf[5]; + salt->salt_buf[6] = ikepsk->nr_buf[6]; + salt->salt_buf[7] = ikepsk->nr_buf[7]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const ikepsk_t *ikepsk = (const ikepsk_t *) esalt_buf; + + int line_len = 0; + + // msg_buf + + const u32 ikepsk_msg_len = ikepsk->msg_len[5] / 4; + + for (u32 i = 0; i < ikepsk_msg_len; i++) + { + if ((i == ikepsk->msg_len[0] / 4) || (i == ikepsk->msg_len[1] / 4) || (i == ikepsk->msg_len[2] / 4) || (i == ikepsk->msg_len[3] / 4) || (i == ikepsk->msg_len[4] / 4)) + { + line_len += snprintf (line_buf + line_len, line_size - line_len, ":"); + } + + line_len += snprintf (line_buf + line_len, line_size - line_len, "%08x", byte_swap_32 (ikepsk->msg_buf[i])); + } + + // nr_buf + + const u32 ikepsk_nr_len = ikepsk->nr_len / 4; + + for (u32 i = 0; i < ikepsk_nr_len; i++) + { + if ((i == 0) || (i == 5)) + { + line_len += snprintf (line_buf + line_len, line_size - line_len, ":"); + } + + line_len += snprintf (line_buf + line_len, line_size - line_len, "%08x", byte_swap_32 (ikepsk->nr_buf[i])); + } + + // digest_buf + + for (u32 i = 0; i < 5; i++) + { + if (i == 0) + { + line_len += snprintf (line_buf + line_len, line_size - line_len, ":"); + } + + line_len += snprintf (line_buf + line_len, line_size - line_len, "%08x", digest[i]); + } + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = module_hlfmt_disable; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_08500.c b/src/modules/module_08500.c new file mode 100644 index 000000000..a3b8273a2 --- /dev/null +++ b/src/modules/module_08500.c @@ -0,0 +1,242 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "cpu_des.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; // originally DGST_SIZE_4_2; +static const u32 HASH_CATEGORY = HASH_CATEGORY_OS; +static const char *HASH_NAME = "RACF"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 8500; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_UPPER; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$racf$*8481*6095E8FCA59F8E3E"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static const char *SIGNATURE_RACF = "$racf$"; + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 8; // Underlaying DES max + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + const u8 ascii_to_ebcdic[] = + { + 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, 0x16, 0x05, 0x25, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, + 0x40, 0x4f, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, + 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, + 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0x4a, 0xe0, 0x5a, 0x5f, 0x6d, + 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, + 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xc0, 0x6a, 0xd0, 0xa1, 0x07, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x15, 0x06, 0x17, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x1b, + 0x30, 0x31, 0x1a, 0x33, 0x34, 0x35, 0x36, 0x08, 0x38, 0x39, 0x3a, 0x3b, 0x04, 0x14, 0x3e, 0xe1, + 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, + 0x76, 0x77, 0x78, 0x80, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, + 0x9f, 0xa0, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xda, 0xdb, + 0xdc, 0xdd, 0xde, 0xdf, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, + }; + + token_t token; + + token.token_cnt = 3; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_RACF; + + token.len_min[0] = 6; + token.len_max[0] = 6; + token.sep[0] = '*'; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 0; + token.len_max[1] = 8; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[2] = 2; + token.len_max[2] = 16; + token.sep[2] = '$'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // salt + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + // salt pc + + u8 *salt_buf_ptr = (u8 *) salt->salt_buf; + u8 *salt_buf_pc_ptr = (u8 *) salt->salt_buf_pc; + + for (u32 i = 0; i < salt->salt_len; i++) + { + salt_buf_pc_ptr[i] = ascii_to_ebcdic[(int) salt_buf_ptr[i]]; + } + + for (u32 i = salt_len; i < 8; i++) + { + salt_buf_pc_ptr[i] = 0x40; + } + + u32 tt; + + IP (salt->salt_buf_pc[0], salt->salt_buf_pc[1], tt); + + salt->salt_buf_pc[0] = rotl32 (salt->salt_buf_pc[0], 3u); + salt->salt_buf_pc[1] = rotl32 (salt->salt_buf_pc[1], 3u); + + // hash + + const u8 *hash_pos = token.buf[2]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + + IP (digest[0], digest[1], tt); + + digest[0] = rotr32 (digest[0], 29); + digest[1] = rotr32 (digest[1], 29); + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + u32 tmp[2]; + + tmp[0] = rotl32 (digest[0], 29); + tmp[1] = rotl32 (digest[1], 29); + + u32 tt; + + FP (tmp[1], tmp[0], tt); + + const int line_len = snprintf (line_buf, line_size, "%s*%s*%08X%08X", SIGNATURE_RACF, (char *) salt->salt_buf, byte_swap_32 (tmp[0]), byte_swap_32 (tmp[1])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_09000.c b/src/modules/module_09000.c new file mode 100644 index 000000000..d7bad846f --- /dev/null +++ b/src/modules/module_09000.c @@ -0,0 +1,214 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "Password Safe v2"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9000; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "0a3f352686e5eb5be173e668a4fff5cd5df420927e1da2d5d4052340160637e3e6a5a92841a188ed240e13b919f3d91694bd4c0acba79271e9c08a83ea5ad387cbb74d5884066a1cb5a8caa80d847079168f84823847c631dbe3a834f1bc496acfebac3bff1608bf1c857717f8f428e07b5e2cb12aaeddfa83d7dcb6d840234d08b84f8ca6c6e562af73eea13148f7902bcaf0220d3e36eeeff1d37283dc421483a2791182614ebb"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct struct_psafe2_hdr +{ + u32 random[2]; + u32 hash[5]; + u32 salt[5]; // unused, but makes better valid check + u32 iv[2]; // unused, but makes better valid check + +} psafe2_hdr; + +typedef struct pwsafe2_tmp +{ + u32 digest[2]; + + u32 P[18]; + + u32 S0[256]; + u32 S1[256]; + u32 S2[256]; + u32 S3[256]; + +} pwsafe2_tmp_t; + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pwsafe2_tmp_t); + + return tmp_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 8; // Blowfish + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 8; // Blowfish + + return kernel_threads_max; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + if (line_len == 0) return (PARSER_HASH_LENGTH); + + FILE *fp = fopen ((const char *) line_buf, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + psafe2_hdr buf; + + memset (&buf, 0, sizeof (psafe2_hdr)); + + const size_t n = hc_fread (&buf, sizeof (psafe2_hdr), 1, fp); + + fclose (fp); + + if (n != 1) return (PARSER_PSAFE2_FILE_SIZE); + + salt->salt_buf[0] = buf.random[0]; + salt->salt_buf[1] = buf.random[1]; + + salt->salt_len = 8; + salt->salt_iter = 1000; + + digest[0] = byte_swap_32 (buf.hash[0]); + digest[1] = byte_swap_32 (buf.hash[1]); + digest[2] = byte_swap_32 (buf.hash[2]); + digest[3] = byte_swap_32 (buf.hash[3]); + digest[4] = byte_swap_32 (buf.hash[4]); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_09600.c b/src/modules/module_09600.c new file mode 100644 index 000000000..bdf006561 --- /dev/null +++ b/src/modules/module_09600.c @@ -0,0 +1,334 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "MS Office 2013"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9600; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_DEEP_COMP_KERNEL; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$office$*2013*100000*256*16*67805436882475302087847656644837*0c392d3b9ca889656d1e615c54f9f3c9*612b79e33b96322c3253fc8a0f314463cd76bc4efe1352f7efffca0f374f7e4b"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct office2013 +{ + u32 encryptedVerifier[4]; + u32 encryptedVerifierHash[8]; + +} office2013_t; + +typedef struct office2013_tmp +{ + u64 out[8]; + +} office2013_tmp_t; + +static const char *SIGNATURE_OFFICE2013 = "$office$"; + +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + return KERN_RUN_3; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (office2013_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (office2013_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + office2013_t *office2013 = (office2013_t *) esalt_buf; + + token_t token; + + token.token_cnt = 8; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_OFFICE2013; + + token.len_min[0] = 8; + token.len_max[0] = 8; + token.sep[0] = '*'; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 4; + token.len_max[1] = 4; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 6; + token.len_max[2] = 6; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[3] = 3; + token.len_max[3] = 3; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[4] = 2; + token.len_max[4] = 2; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[5] = 32; + token.len_max[5] = 32; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[6] = 32; + token.len_max[6] = 32; + token.sep[6] = '*'; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[7] = 64; + token.len_max[7] = 64; + token.sep[7] = '*'; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + const u8 *spinCount_pos = token.buf[2]; + const u8 *keySize_pos = token.buf[3]; + const u8 *saltSize_pos = token.buf[4]; + const u8 *osalt_pos = token.buf[5]; + const u8 *encryptedVerifier_pos = token.buf[6]; + const u8 *encryptedVerifierHash_pos = token.buf[7]; + + const u32 version = hc_strtoul ((const char *) version_pos, NULL, 10); + const u32 spinCount = hc_strtoul ((const char *) spinCount_pos, NULL, 10); + const u32 keySize = hc_strtoul ((const char *) keySize_pos, NULL, 10); + const u32 saltSize = hc_strtoul ((const char *) saltSize_pos, NULL, 10); + + if (version != 2013) return (PARSER_SALT_VALUE); + if (spinCount != 100000) return (PARSER_SALT_VALUE); + if (keySize != 256) return (PARSER_SALT_VALUE); + if (saltSize != 16) return (PARSER_SALT_VALUE); + + /** + * salt + */ + + salt->salt_len = 16; + salt->salt_iter = spinCount; + + salt->salt_buf[0] = hex_to_u32 (osalt_pos + 0); + salt->salt_buf[1] = hex_to_u32 (osalt_pos + 8); + salt->salt_buf[2] = hex_to_u32 (osalt_pos + 16); + salt->salt_buf[3] = hex_to_u32 (osalt_pos + 24); + + salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); + salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); + salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); + salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + + /** + * esalt + */ + + office2013->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); + office2013->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); + office2013->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); + office2013->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); + + office2013->encryptedVerifier[0] = byte_swap_32 (office2013->encryptedVerifier[0]); + office2013->encryptedVerifier[1] = byte_swap_32 (office2013->encryptedVerifier[1]); + office2013->encryptedVerifier[2] = byte_swap_32 (office2013->encryptedVerifier[2]); + office2013->encryptedVerifier[3] = byte_swap_32 (office2013->encryptedVerifier[3]); + + office2013->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); + office2013->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); + office2013->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); + office2013->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); + office2013->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); + office2013->encryptedVerifierHash[5] = hex_to_u32 (encryptedVerifierHash_pos + 40); + office2013->encryptedVerifierHash[6] = hex_to_u32 (encryptedVerifierHash_pos + 48); + office2013->encryptedVerifierHash[7] = hex_to_u32 (encryptedVerifierHash_pos + 56); + + office2013->encryptedVerifierHash[0] = byte_swap_32 (office2013->encryptedVerifierHash[0]); + office2013->encryptedVerifierHash[1] = byte_swap_32 (office2013->encryptedVerifierHash[1]); + office2013->encryptedVerifierHash[2] = byte_swap_32 (office2013->encryptedVerifierHash[2]); + office2013->encryptedVerifierHash[3] = byte_swap_32 (office2013->encryptedVerifierHash[3]); + office2013->encryptedVerifierHash[4] = byte_swap_32 (office2013->encryptedVerifierHash[4]); + office2013->encryptedVerifierHash[5] = byte_swap_32 (office2013->encryptedVerifierHash[5]); + office2013->encryptedVerifierHash[6] = byte_swap_32 (office2013->encryptedVerifierHash[6]); + office2013->encryptedVerifierHash[7] = byte_swap_32 (office2013->encryptedVerifierHash[7]); + + /** + * digest + */ + + digest[0] = office2013->encryptedVerifierHash[0]; + digest[1] = office2013->encryptedVerifierHash[1]; + digest[2] = office2013->encryptedVerifierHash[2]; + digest[3] = office2013->encryptedVerifierHash[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const office2013_t *office2013 = (office2013_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "%s*%d*%d*%d*%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x%08x%08x%08x", + SIGNATURE_OFFICE2013, + 2013, + 100000, + 256, + 16, + salt->salt_buf[0], + salt->salt_buf[1], + salt->salt_buf[2], + salt->salt_buf[3], + office2013->encryptedVerifier[0], + office2013->encryptedVerifier[1], + office2013->encryptedVerifier[2], + office2013->encryptedVerifier[3], + office2013->encryptedVerifierHash[0], + office2013->encryptedVerifierHash[1], + office2013->encryptedVerifierHash[2], + office2013->encryptedVerifierHash[3], + office2013->encryptedVerifierHash[4], + office2013->encryptedVerifierHash[5], + office2013->encryptedVerifierHash[6], + office2013->encryptedVerifierHash[7]); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_09700.c b/src/modules/module_09700.c new file mode 100644 index 000000000..ecfb58ac3 --- /dev/null +++ b/src/modules/module_09700.c @@ -0,0 +1,283 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "MS Office <= 2003 $0/$1, MD5 + RC4"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9700; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_UTF16LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$oldoffice$0*55045061647456688860411218030058*e7e24d163fbd743992d4b8892bf3f2f7*493410dbc832557d3fe1870ace8397e2"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct oldoffice01 +{ + u32 version; + u32 encryptedVerifier[4]; + u32 encryptedVerifierHash[4]; + u32 rc4key[2]; + +} oldoffice01_t; + +static const char *SIGNATURE_OLDOFFICE = "$oldoffice$"; +static const char *SIGNATURE_OLDOFFICE0 = "$oldoffice$0"; +static const char *SIGNATURE_OLDOFFICE1 = "$oldoffice$1"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (oldoffice01_t); + + return esalt_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; // RC4 + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // RC4 + + return kernel_threads_max; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 15; // https://msdn.microsoft.com/en-us/library/dd772916(v=office.12).aspx + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + oldoffice01_t *oldoffice01 = (oldoffice01_t *) esalt_buf; + + token_t token; + + token.token_cnt = 5; + + token.signatures_cnt = 2; + token.signatures_buf[0] = SIGNATURE_OLDOFFICE0; + token.signatures_buf[1] = SIGNATURE_OLDOFFICE1; + + token.len[0] = 11; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 32; + token.len_max[2] = 32; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[3] = 32; + token.len_max[3] = 32; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[4] = 32; + token.len_max[4] = 32; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + const u8 *osalt_pos = token.buf[2]; + const u8 *encryptedVerifier_pos = token.buf[3]; + const u8 *encryptedVerifierHash_pos = token.buf[4]; + + // esalt + + const u32 version = *version_pos - 0x30; + + if (version != 0 && version != 1) return (PARSER_SALT_VALUE); + + oldoffice01->version = version; + + oldoffice01->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); + oldoffice01->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); + oldoffice01->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); + oldoffice01->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); + + oldoffice01->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); + oldoffice01->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); + oldoffice01->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); + oldoffice01->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); + + // salt + + salt->salt_len = 16; + + salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); + salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); + salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); + salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); + + // this is a workaround as office produces multiple documents with the same salt + + salt->salt_buf[ 4] = oldoffice01->encryptedVerifier[0]; + salt->salt_buf[ 5] = oldoffice01->encryptedVerifier[1]; + salt->salt_buf[ 6] = oldoffice01->encryptedVerifier[2]; + salt->salt_buf[ 7] = oldoffice01->encryptedVerifier[3]; + salt->salt_buf[ 8] = oldoffice01->encryptedVerifierHash[0]; + salt->salt_buf[ 9] = oldoffice01->encryptedVerifierHash[1]; + salt->salt_buf[10] = oldoffice01->encryptedVerifierHash[2]; + salt->salt_buf[11] = oldoffice01->encryptedVerifierHash[3]; + + salt->salt_len += 32; + + /** + * digest + */ + + digest[0] = oldoffice01->encryptedVerifierHash[0]; + digest[1] = oldoffice01->encryptedVerifierHash[1]; + digest[2] = oldoffice01->encryptedVerifierHash[2]; + digest[3] = oldoffice01->encryptedVerifierHash[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const oldoffice01_t *oldoffice01 = (const oldoffice01_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x", + SIGNATURE_OLDOFFICE, + oldoffice01->version, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + byte_swap_32 (salt->salt_buf[2]), + byte_swap_32 (salt->salt_buf[3]), + byte_swap_32 (oldoffice01->encryptedVerifier[0]), + byte_swap_32 (oldoffice01->encryptedVerifier[1]), + byte_swap_32 (oldoffice01->encryptedVerifier[2]), + byte_swap_32 (oldoffice01->encryptedVerifier[3]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[0]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[1]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[2]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[3])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_09710.c b/src/modules/module_09710.c new file mode 100644 index 000000000..d6a676099 --- /dev/null +++ b/src/modules/module_09710.c @@ -0,0 +1,302 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "MS Office <= 2003 $0/$1, MD5 + RC4, collider #1"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9710; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_ALWAYS_HEXIFY; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "\x91\xb2\xe0\x62\xb9"; +static const char *ST_HASH = "$oldoffice$0*55045061647456688860411218030058*e7e24d163fbd743992d4b8892bf3f2f7*493410dbc832557d3fe1870ace8397e2"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct oldoffice01 +{ + u32 version; + u32 encryptedVerifier[4]; + u32 encryptedVerifierHash[4]; + u32 rc4key[2]; + +} oldoffice01_t; + +static const char *SIGNATURE_OLDOFFICE = "$oldoffice$"; +static const char *SIGNATURE_OLDOFFICE0 = "$oldoffice$0"; +static const char *SIGNATURE_OLDOFFICE1 = "$oldoffice$1"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (oldoffice01_t); + + return esalt_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; // RC4 + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // RC4 + + return kernel_threads_max; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 5; // RC4-40 fixed + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 5; // RC4-40 fixed + + return pw_max; +} + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return "?b?b?b?b?b"; +} + +u32 module_forced_outfile_format (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 forced_outfile_format = 5; + + return forced_outfile_format; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + oldoffice01_t *oldoffice01 = (oldoffice01_t *) esalt_buf; + + token_t token; + + token.token_cnt = 5; + + token.signatures_cnt = 2; + token.signatures_buf[0] = SIGNATURE_OLDOFFICE0; + token.signatures_buf[1] = SIGNATURE_OLDOFFICE1; + + token.len[0] = 11; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 32; + token.len_max[2] = 32; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[3] = 32; + token.len_max[3] = 32; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[4] = 32; + token.len_max[4] = 32; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + const u8 *osalt_pos = token.buf[2]; + const u8 *encryptedVerifier_pos = token.buf[3]; + const u8 *encryptedVerifierHash_pos = token.buf[4]; + + // esalt + + const u32 version = *version_pos - 0x30; + + if (version != 0 && version != 1) return (PARSER_SALT_VALUE); + + oldoffice01->version = version; + + oldoffice01->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); + oldoffice01->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); + oldoffice01->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); + oldoffice01->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); + + oldoffice01->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); + oldoffice01->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); + oldoffice01->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); + oldoffice01->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); + + // salt + + salt->salt_len = 16; + + salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); + salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); + salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); + salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); + + // this is a workaround as office produces multiple documents with the same salt + + salt->salt_buf[ 4] = oldoffice01->encryptedVerifier[0]; + salt->salt_buf[ 5] = oldoffice01->encryptedVerifier[1]; + salt->salt_buf[ 6] = oldoffice01->encryptedVerifier[2]; + salt->salt_buf[ 7] = oldoffice01->encryptedVerifier[3]; + salt->salt_buf[ 8] = oldoffice01->encryptedVerifierHash[0]; + salt->salt_buf[ 9] = oldoffice01->encryptedVerifierHash[1]; + salt->salt_buf[10] = oldoffice01->encryptedVerifierHash[2]; + salt->salt_buf[11] = oldoffice01->encryptedVerifierHash[3]; + + salt->salt_len += 32; + + /** + * digest + */ + + digest[0] = oldoffice01->encryptedVerifierHash[0]; + digest[1] = oldoffice01->encryptedVerifierHash[1]; + digest[2] = oldoffice01->encryptedVerifierHash[2]; + digest[3] = oldoffice01->encryptedVerifierHash[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const oldoffice01_t *oldoffice01 = (const oldoffice01_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x", + SIGNATURE_OLDOFFICE, + oldoffice01->version, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + byte_swap_32 (salt->salt_buf[2]), + byte_swap_32 (salt->salt_buf[3]), + byte_swap_32 (oldoffice01->encryptedVerifier[0]), + byte_swap_32 (oldoffice01->encryptedVerifier[1]), + byte_swap_32 (oldoffice01->encryptedVerifier[2]), + byte_swap_32 (oldoffice01->encryptedVerifier[3]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[0]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[1]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[2]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[3])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = module_forced_outfile_format; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_09720.c b/src/modules/module_09720.c new file mode 100644 index 000000000..9fc5163a2 --- /dev/null +++ b/src/modules/module_09720.c @@ -0,0 +1,301 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "MS Office <= 2003 $0/$1, MD5 + RC4, collider #2"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9720; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_UTF16LE + | OPTS_TYPE_PT_NEVERCRACK; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$oldoffice$0*55045061647456688860411218030058*e7e24d163fbd743992d4b8892bf3f2f7*493410dbc832557d3fe1870ace8397e2:91b2e062b9"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct oldoffice01 +{ + u32 version; + u32 encryptedVerifier[4]; + u32 encryptedVerifierHash[4]; + u32 rc4key[2]; + +} oldoffice01_t; + +static const char *SIGNATURE_OLDOFFICE = "$oldoffice$"; +static const char *SIGNATURE_OLDOFFICE0 = "$oldoffice$0"; +static const char *SIGNATURE_OLDOFFICE1 = "$oldoffice$1"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (oldoffice01_t); + + return esalt_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 15; // https://msdn.microsoft.com/en-us/library/dd772916(v=office.12).aspx + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + oldoffice01_t *oldoffice01 = (oldoffice01_t *) esalt_buf; + + token_t token; + + token.token_cnt = 6; + + token.signatures_cnt = 2; + token.signatures_buf[0] = SIGNATURE_OLDOFFICE0; + token.signatures_buf[1] = SIGNATURE_OLDOFFICE1; + + token.len[0] = 11; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 32; + token.len_max[2] = 32; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[3] = 32; + token.len_max[3] = 32; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[4] = 32; + token.len_max[4] = 32; + token.sep[4] = ':'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[5] = 10; + token.len_max[5] = 10; + token.sep[5] = ':'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + const u8 *osalt_pos = token.buf[2]; + const u8 *encryptedVerifier_pos = token.buf[3]; + const u8 *encryptedVerifierHash_pos = token.buf[4]; + const u8 *rc4key_pos = token.buf[5]; + + // esalt + + const u32 version = *version_pos - 0x30; + + if (version != 0 && version != 1) return (PARSER_SALT_VALUE); + + oldoffice01->version = version; + + oldoffice01->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); + oldoffice01->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); + oldoffice01->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); + oldoffice01->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); + + oldoffice01->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); + oldoffice01->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); + oldoffice01->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); + oldoffice01->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); + + oldoffice01->rc4key[1] = 0; + oldoffice01->rc4key[0] = 0; + + oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[0]) << 28; + oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[1]) << 24; + oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[2]) << 20; + oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[3]) << 16; + oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[4]) << 12; + oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[5]) << 8; + oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[6]) << 4; + oldoffice01->rc4key[0] |= hex_convert (rc4key_pos[7]) << 0; + oldoffice01->rc4key[1] |= hex_convert (rc4key_pos[8]) << 28; + oldoffice01->rc4key[1] |= hex_convert (rc4key_pos[9]) << 24; + + oldoffice01->rc4key[0] = byte_swap_32 (oldoffice01->rc4key[0]); + oldoffice01->rc4key[1] = byte_swap_32 (oldoffice01->rc4key[1]); + + // salt + + salt->salt_len = 16; + + salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); + salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); + salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); + salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); + + // this is a workaround as office produces multiple documents with the same salt + + salt->salt_buf[ 4] = oldoffice01->encryptedVerifier[0]; + salt->salt_buf[ 5] = oldoffice01->encryptedVerifier[1]; + salt->salt_buf[ 6] = oldoffice01->encryptedVerifier[2]; + salt->salt_buf[ 7] = oldoffice01->encryptedVerifier[3]; + salt->salt_buf[ 8] = oldoffice01->encryptedVerifierHash[0]; + salt->salt_buf[ 9] = oldoffice01->encryptedVerifierHash[1]; + salt->salt_buf[10] = oldoffice01->encryptedVerifierHash[2]; + salt->salt_buf[11] = oldoffice01->encryptedVerifierHash[3]; + + salt->salt_len += 32; + + /** + * digest + */ + + digest[0] = oldoffice01->rc4key[0]; + digest[1] = oldoffice01->rc4key[1]; + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const oldoffice01_t *oldoffice01 = (const oldoffice01_t *) esalt_buf; + + const u8 *rc4key = (const u8 *) oldoffice01->rc4key; + + const int line_len = snprintf (line_buf, line_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x:%02x%02x%02x%02x%02x", + SIGNATURE_OLDOFFICE, + oldoffice01->version, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + byte_swap_32 (salt->salt_buf[2]), + byte_swap_32 (salt->salt_buf[3]), + byte_swap_32 (oldoffice01->encryptedVerifier[0]), + byte_swap_32 (oldoffice01->encryptedVerifier[1]), + byte_swap_32 (oldoffice01->encryptedVerifier[2]), + byte_swap_32 (oldoffice01->encryptedVerifier[3]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[0]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[1]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[2]), + byte_swap_32 (oldoffice01->encryptedVerifierHash[3]), + rc4key[0], + rc4key[1], + rc4key[2], + rc4key[3], + rc4key[4]); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_09800.c b/src/modules/module_09800.c new file mode 100644 index 000000000..5b9c6149e --- /dev/null +++ b/src/modules/module_09800.c @@ -0,0 +1,299 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "MS Office <= 2003 $3/$4, SHA1 + RC4"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9800; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_BE + | OPTS_TYPE_PT_GENERATE_BE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_UTF16LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$oldoffice$3*83328705222323020515404251156288*2855956a165ff6511bc7f4cd77b9e101*941861655e73a09c40f7b1e9dfd0c256ed285acd"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct oldoffice34 +{ + u32 version; + u32 encryptedVerifier[4]; + u32 encryptedVerifierHash[5]; + u32 rc4key[2]; + +} oldoffice34_t; + +static const char *SIGNATURE_OLDOFFICE = "$oldoffice$"; +static const char *SIGNATURE_OLDOFFICE3 = "$oldoffice$3"; +static const char *SIGNATURE_OLDOFFICE4 = "$oldoffice$4"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (oldoffice34_t); + + return esalt_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; // RC4 + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // RC4 + + return kernel_threads_max; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 15; // https://msdn.microsoft.com/en-us/library/dd772916(v=office.12).aspx + + return pw_max; +} + +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + #if defined (__APPLE__) + return true; + #endif // __APPLE__ + + return false; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + oldoffice34_t *oldoffice34 = (oldoffice34_t *) esalt_buf; + + token_t token; + + token.token_cnt = 5; + + token.signatures_cnt = 2; + token.signatures_buf[0] = SIGNATURE_OLDOFFICE3; + token.signatures_buf[1] = SIGNATURE_OLDOFFICE4; + + token.len[0] = 11; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 32; + token.len_max[2] = 32; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[3] = 32; + token.len_max[3] = 32; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[4] = 40; + token.len_max[4] = 40; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + const u8 *osalt_pos = token.buf[2]; + const u8 *encryptedVerifier_pos = token.buf[3]; + const u8 *encryptedVerifierHash_pos = token.buf[4]; + + // esalt + + const u32 version = *version_pos - 0x30; + + if (version != 3 && version != 4) return (PARSER_SALT_VALUE); + + oldoffice34->version = version; + + oldoffice34->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); + oldoffice34->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); + oldoffice34->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); + oldoffice34->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); + + oldoffice34->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); + oldoffice34->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); + oldoffice34->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); + oldoffice34->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); + oldoffice34->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); + + // salt + + salt->salt_len = 16; + + salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); + salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); + salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); + salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); + + salt->salt_buf[ 0] = byte_swap_32 (salt->salt_buf[0]); + salt->salt_buf[ 1] = byte_swap_32 (salt->salt_buf[1]); + salt->salt_buf[ 2] = byte_swap_32 (salt->salt_buf[2]); + salt->salt_buf[ 3] = byte_swap_32 (salt->salt_buf[3]); + + // this is a workaround as office produces multiple documents with the same salt + + salt->salt_buf[ 4] = oldoffice34->encryptedVerifier[0]; + salt->salt_buf[ 5] = oldoffice34->encryptedVerifier[1]; + salt->salt_buf[ 6] = oldoffice34->encryptedVerifier[2]; + salt->salt_buf[ 7] = oldoffice34->encryptedVerifier[3]; + salt->salt_buf[ 8] = oldoffice34->encryptedVerifierHash[0]; + salt->salt_buf[ 9] = oldoffice34->encryptedVerifierHash[1]; + salt->salt_buf[10] = oldoffice34->encryptedVerifierHash[2]; + salt->salt_buf[11] = oldoffice34->encryptedVerifierHash[3]; + + salt->salt_len += 32; + + /** + * digest + */ + + digest[0] = oldoffice34->encryptedVerifierHash[0]; + digest[1] = oldoffice34->encryptedVerifierHash[1]; + digest[2] = oldoffice34->encryptedVerifierHash[2]; + digest[3] = oldoffice34->encryptedVerifierHash[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const oldoffice34_t *oldoffice34 = (const oldoffice34_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x", + SIGNATURE_OLDOFFICE, + oldoffice34->version, + salt->salt_buf[0], + salt->salt_buf[1], + salt->salt_buf[2], + salt->salt_buf[3], + byte_swap_32 (oldoffice34->encryptedVerifier[0]), + byte_swap_32 (oldoffice34->encryptedVerifier[1]), + byte_swap_32 (oldoffice34->encryptedVerifier[2]), + byte_swap_32 (oldoffice34->encryptedVerifier[3]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[0]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[1]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[4])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_09810.c b/src/modules/module_09810.c new file mode 100644 index 000000000..1f34f02c6 --- /dev/null +++ b/src/modules/module_09810.c @@ -0,0 +1,308 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "MS Office <= 2003 $3, SHA1 + RC4, collider #1"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9810; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ALWAYS_HEXIFY; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "\xb8\xf6\x36\x19\xca"; +static const char *ST_HASH = "$oldoffice$3*83328705222323020515404251156288*2855956a165ff6511bc7f4cd77b9e101*941861655e73a09c40f7b1e9dfd0c256ed285acd"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct oldoffice34 +{ + u32 version; + u32 encryptedVerifier[4]; + u32 encryptedVerifierHash[5]; + u32 rc4key[2]; + +} oldoffice34_t; + +static const char *SIGNATURE_OLDOFFICE = "$oldoffice$"; +static const char *SIGNATURE_OLDOFFICE3 = "$oldoffice$3"; +static const char *SIGNATURE_OLDOFFICE4 = "$oldoffice$4"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (oldoffice34_t); + + return esalt_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; // RC4 + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // RC4 + + return kernel_threads_max; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 5; // RC4-40 fixed + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 5; // RC4-40 fixed + + return pw_max; +} + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return "?b?b?b?b?b"; +} + +u32 module_forced_outfile_format (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 forced_outfile_format = 5; + + return forced_outfile_format; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + oldoffice34_t *oldoffice34 = (oldoffice34_t *) esalt_buf; + + token_t token; + + token.token_cnt = 5; + + token.signatures_cnt = 2; + token.signatures_buf[0] = SIGNATURE_OLDOFFICE3; + token.signatures_buf[1] = SIGNATURE_OLDOFFICE4; + + token.len[0] = 11; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 32; + token.len_max[2] = 32; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[3] = 32; + token.len_max[3] = 32; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[4] = 40; + token.len_max[4] = 40; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + const u8 *osalt_pos = token.buf[2]; + const u8 *encryptedVerifier_pos = token.buf[3]; + const u8 *encryptedVerifierHash_pos = token.buf[4]; + + // esalt + + const u32 version = *version_pos - 0x30; + + if (version != 3 && version != 4) return (PARSER_SALT_VALUE); + + oldoffice34->version = version; + + oldoffice34->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); + oldoffice34->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); + oldoffice34->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); + oldoffice34->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); + + oldoffice34->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); + oldoffice34->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); + oldoffice34->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); + oldoffice34->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); + oldoffice34->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); + + // salt + + salt->salt_len = 16; + + salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); + salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); + salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); + salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); + + salt->salt_buf[ 0] = byte_swap_32 (salt->salt_buf[0]); + salt->salt_buf[ 1] = byte_swap_32 (salt->salt_buf[1]); + salt->salt_buf[ 2] = byte_swap_32 (salt->salt_buf[2]); + salt->salt_buf[ 3] = byte_swap_32 (salt->salt_buf[3]); + + // this is a workaround as office produces multiple documents with the same salt + + salt->salt_buf[ 4] = oldoffice34->encryptedVerifier[0]; + salt->salt_buf[ 5] = oldoffice34->encryptedVerifier[1]; + salt->salt_buf[ 6] = oldoffice34->encryptedVerifier[2]; + salt->salt_buf[ 7] = oldoffice34->encryptedVerifier[3]; + salt->salt_buf[ 8] = oldoffice34->encryptedVerifierHash[0]; + salt->salt_buf[ 9] = oldoffice34->encryptedVerifierHash[1]; + salt->salt_buf[10] = oldoffice34->encryptedVerifierHash[2]; + salt->salt_buf[11] = oldoffice34->encryptedVerifierHash[3]; + + salt->salt_len += 32; + + /** + * digest + */ + + digest[0] = oldoffice34->encryptedVerifierHash[0]; + digest[1] = oldoffice34->encryptedVerifierHash[1]; + digest[2] = oldoffice34->encryptedVerifierHash[2]; + digest[3] = oldoffice34->encryptedVerifierHash[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const oldoffice34_t *oldoffice34 = (const oldoffice34_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x", + SIGNATURE_OLDOFFICE, + oldoffice34->version, + salt->salt_buf[0], + salt->salt_buf[1], + salt->salt_buf[2], + salt->salt_buf[3], + byte_swap_32 (oldoffice34->encryptedVerifier[0]), + byte_swap_32 (oldoffice34->encryptedVerifier[1]), + byte_swap_32 (oldoffice34->encryptedVerifier[2]), + byte_swap_32 (oldoffice34->encryptedVerifier[3]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[0]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[1]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[4])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = module_forced_outfile_format; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_09820.c b/src/modules/module_09820.c new file mode 100644 index 000000000..4f507958c --- /dev/null +++ b/src/modules/module_09820.c @@ -0,0 +1,306 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "MS Office <= 2003 $3, SHA1 + RC4, collider #2"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9820; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_BE + | OPTS_TYPE_PT_GENERATE_BE + | OPTS_TYPE_PT_ADD80 + | OPTS_TYPE_PT_UTF16LE + | OPTS_TYPE_PT_NEVERCRACK; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$oldoffice$3*83328705222323020515404251156288*2855956a165ff6511bc7f4cd77b9e101*941861655e73a09c40f7b1e9dfd0c256ed285acd:b8f63619ca"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct oldoffice34 +{ + u32 version; + u32 encryptedVerifier[4]; + u32 encryptedVerifierHash[5]; + u32 rc4key[2]; + +} oldoffice34_t; + +static const char *SIGNATURE_OLDOFFICE = "$oldoffice$"; +static const char *SIGNATURE_OLDOFFICE3 = "$oldoffice$3"; +static const char *SIGNATURE_OLDOFFICE4 = "$oldoffice$4"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (oldoffice34_t); + + return esalt_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 15; // https://msdn.microsoft.com/en-us/library/dd772916(v=office.12).aspx + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + oldoffice34_t *oldoffice34 = (oldoffice34_t *) esalt_buf; + + token_t token; + + token.token_cnt = 6; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_OLDOFFICE3; + + token.len[0] = 11; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 32; + token.len_max[2] = 32; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[3] = 32; + token.len_max[3] = 32; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[4] = 40; + token.len_max[4] = 40; + token.sep[4] = ':'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[5] = 10; + token.len_max[5] = 10; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + const u8 *osalt_pos = token.buf[2]; + const u8 *encryptedVerifier_pos = token.buf[3]; + const u8 *encryptedVerifierHash_pos = token.buf[4]; + const u8 *rc4key_pos = token.buf[5]; + + // esalt + + const u32 version = *version_pos - 0x30; + + if (version != 3 && version != 4) return (PARSER_SALT_VALUE); + + oldoffice34->version = version; + + oldoffice34->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); + oldoffice34->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); + oldoffice34->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); + oldoffice34->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); + + oldoffice34->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); + oldoffice34->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); + oldoffice34->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); + oldoffice34->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); + oldoffice34->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); + + oldoffice34->rc4key[1] = 0; + oldoffice34->rc4key[0] = 0; + + oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[0]) << 28; + oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[1]) << 24; + oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[2]) << 20; + oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[3]) << 16; + oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[4]) << 12; + oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[5]) << 8; + oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[6]) << 4; + oldoffice34->rc4key[0] |= hex_convert (rc4key_pos[7]) << 0; + oldoffice34->rc4key[1] |= hex_convert (rc4key_pos[8]) << 28; + oldoffice34->rc4key[1] |= hex_convert (rc4key_pos[9]) << 24; + + oldoffice34->rc4key[0] = byte_swap_32 (oldoffice34->rc4key[0]); + oldoffice34->rc4key[1] = byte_swap_32 (oldoffice34->rc4key[1]); + + // salt + + salt->salt_len = 16; + + salt->salt_buf[ 0] = hex_to_u32 (osalt_pos + 0); + salt->salt_buf[ 1] = hex_to_u32 (osalt_pos + 8); + salt->salt_buf[ 2] = hex_to_u32 (osalt_pos + 16); + salt->salt_buf[ 3] = hex_to_u32 (osalt_pos + 24); + + salt->salt_buf[ 0] = byte_swap_32 (salt->salt_buf[0]); + salt->salt_buf[ 1] = byte_swap_32 (salt->salt_buf[1]); + salt->salt_buf[ 2] = byte_swap_32 (salt->salt_buf[2]); + salt->salt_buf[ 3] = byte_swap_32 (salt->salt_buf[3]); + + // this is a workaround as office produces multiple documents with the same salt + + salt->salt_buf[ 4] = oldoffice34->encryptedVerifier[0]; + salt->salt_buf[ 5] = oldoffice34->encryptedVerifier[1]; + salt->salt_buf[ 6] = oldoffice34->encryptedVerifier[2]; + salt->salt_buf[ 7] = oldoffice34->encryptedVerifier[3]; + salt->salt_buf[ 8] = oldoffice34->encryptedVerifierHash[0]; + salt->salt_buf[ 9] = oldoffice34->encryptedVerifierHash[1]; + salt->salt_buf[10] = oldoffice34->encryptedVerifierHash[2]; + salt->salt_buf[11] = oldoffice34->encryptedVerifierHash[3]; + + salt->salt_len += 32; + + /** + * digest + */ + + digest[0] = oldoffice34->rc4key[0]; + digest[1] = oldoffice34->rc4key[1]; + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const oldoffice34_t *oldoffice34 = (const oldoffice34_t *) esalt_buf; + + const u8 *rc4key = (const u8 *) oldoffice34->rc4key; + + const int line_len = snprintf (line_buf, line_size, "%s%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x:%02x%02x%02x%02x%02x", + SIGNATURE_OLDOFFICE, + oldoffice34->version, + salt->salt_buf[0], + salt->salt_buf[1], + salt->salt_buf[2], + salt->salt_buf[3], + byte_swap_32 (oldoffice34->encryptedVerifier[0]), + byte_swap_32 (oldoffice34->encryptedVerifier[1]), + byte_swap_32 (oldoffice34->encryptedVerifier[2]), + byte_swap_32 (oldoffice34->encryptedVerifier[3]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[0]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[1]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), + byte_swap_32 (oldoffice34->encryptedVerifierHash[4]), + rc4key[0], + rc4key[1], + rc4key[2], + rc4key[3], + rc4key[4]); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_10400.c b/src/modules/module_10400.c new file mode 100644 index 000000000..d0d07cf3d --- /dev/null +++ b/src/modules/module_10400.c @@ -0,0 +1,376 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "PDF 1.1 - 1.3 (Acrobat 2 - 4)"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 10400; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$pdf$1*2*40*-1*0*16*01221086741440841668371056103222*32*27c3fecef6d46a78eb61b8b4dbc690f5f8a2912bbb9afc842c12d79481568b74*32*0000000000000000000000000000000000000000000000000000000000000000"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pdf +{ + int V; + int R; + int P; + + int enc_md; + + u32 id_buf[8]; + u32 u_buf[32]; + u32 o_buf[32]; + + int id_len; + int o_len; + int u_len; + + u32 rc4key[2]; + u32 rc4data[2]; + +} pdf_t; + +static const char *SIGNATURE_PDF = "$pdf$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pdf_t); + + return esalt_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; // RC4 + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // RC4 + + return kernel_threads_max; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 32; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pdf_t *pdf = (pdf_t *) esalt_buf; + + token_t token; + + token.token_cnt = 12; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PDF; + + token.len[0] = 5; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 1; + token.len_max[2] = 1; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[3] = 2; + token.len_max[3] = 2; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[4] = 1; + token.len_max[4] = 6; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[5] = 1; + token.len_max[5] = 1; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[6] = 2; + token.len_max[6] = 2; + token.sep[6] = '*'; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[7] = 32; + token.len_max[7] = 32; + token.sep[7] = '*'; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[8] = 2; + token.len_max[8] = 2; + token.sep[8] = '*'; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[9] = 64; + token.len_max[9] = 64; + token.sep[9] = '*'; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[10] = 2; + token.len_max[10] = 2; + token.sep[10] = '*'; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[11] = 64; + token.len_max[11] = 64; + token.sep[11] = '*'; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *V_pos = token.buf[1]; + const u8 *R_pos = token.buf[2]; + const u8 *bits_pos = token.buf[3]; + const u8 *P_pos = token.buf[4]; + const u8 *enc_md_pos = token.buf[5]; + const u8 *id_len_pos = token.buf[6]; + const u8 *id_buf_pos = token.buf[7]; + const u8 *u_len_pos = token.buf[8]; + const u8 *u_buf_pos = token.buf[9]; + const u8 *o_len_pos = token.buf[10]; + const u8 *o_buf_pos = token.buf[11]; + + // validate data + + const int V = strtol ((const char *) V_pos, NULL, 10); + const int R = strtol ((const char *) R_pos, NULL, 10); + const int P = strtol ((const char *) P_pos, NULL, 10); + + if (V != 1) return (PARSER_SALT_VALUE); + if (R != 2) return (PARSER_SALT_VALUE); + + const int enc_md = strtol ((const char *) enc_md_pos, NULL, 10); + + if ((enc_md != 0) && (enc_md != 1)) return (PARSER_SALT_VALUE); + + const int id_len = strtol ((const char *) id_len_pos, NULL, 10); + const int u_len = strtol ((const char *) u_len_pos, NULL, 10); + const int o_len = strtol ((const char *) o_len_pos, NULL, 10); + + if (id_len != 16) return (PARSER_SALT_VALUE); + if (u_len != 32) return (PARSER_SALT_VALUE); + if (o_len != 32) return (PARSER_SALT_VALUE); + + const int bits = strtol ((const char *) bits_pos, NULL, 10); + + if (bits != 40) return (PARSER_SALT_VALUE); + + // copy data to esalt + + pdf->V = V; + pdf->R = R; + pdf->P = P; + + pdf->enc_md = enc_md; + + pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0); + pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8); + pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16); + pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24); + pdf->id_len = id_len; + + pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0); + pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8); + pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16); + pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24); + pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32); + pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40); + pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48); + pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56); + pdf->u_len = u_len; + + pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0); + pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8); + pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16); + pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24); + pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32); + pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40); + pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48); + pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56); + pdf->o_len = o_len; + + // we use ID for salt, maybe needs to change, we will see... + + salt->salt_buf[0] = pdf->id_buf[0]; + salt->salt_buf[1] = pdf->id_buf[1]; + salt->salt_buf[2] = pdf->id_buf[2]; + salt->salt_buf[3] = pdf->id_buf[3]; + salt->salt_len = pdf->id_len; + + digest[0] = pdf->u_buf[0]; + digest[1] = pdf->u_buf[1]; + digest[2] = pdf->u_buf[2]; + digest[3] = pdf->u_buf[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const pdf_t *pdf = (const pdf_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", + pdf->V, + pdf->R, + 40, + pdf->P, + pdf->enc_md, + pdf->id_len, + byte_swap_32 (pdf->id_buf[0]), + byte_swap_32 (pdf->id_buf[1]), + byte_swap_32 (pdf->id_buf[2]), + byte_swap_32 (pdf->id_buf[3]), + pdf->u_len, + byte_swap_32 (pdf->u_buf[0]), + byte_swap_32 (pdf->u_buf[1]), + byte_swap_32 (pdf->u_buf[2]), + byte_swap_32 (pdf->u_buf[3]), + byte_swap_32 (pdf->u_buf[4]), + byte_swap_32 (pdf->u_buf[5]), + byte_swap_32 (pdf->u_buf[6]), + byte_swap_32 (pdf->u_buf[7]), + pdf->o_len, + byte_swap_32 (pdf->o_buf[0]), + byte_swap_32 (pdf->o_buf[1]), + byte_swap_32 (pdf->o_buf[2]), + byte_swap_32 (pdf->o_buf[3]), + byte_swap_32 (pdf->o_buf[4]), + byte_swap_32 (pdf->o_buf[5]), + byte_swap_32 (pdf->o_buf[6]), + byte_swap_32 (pdf->o_buf[7]) + ); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_10410.c b/src/modules/module_10410.c new file mode 100644 index 000000000..b304432a9 --- /dev/null +++ b/src/modules/module_10410.c @@ -0,0 +1,396 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 10410; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ALWAYS_HEXIFY; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "\x6a\x8a\xed\xcc\xb7"; +static const char *ST_HASH = "$pdf$1*2*40*-1*0*16*01221086741440841668371056103222*32*27c3fecef6d46a78eb61b8b4dbc690f5f8a2912bbb9afc842c12d79481568b74*32*0000000000000000000000000000000000000000000000000000000000000000"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pdf +{ + int V; + int R; + int P; + + int enc_md; + + u32 id_buf[8]; + u32 u_buf[32]; + u32 o_buf[32]; + + int id_len; + int o_len; + int u_len; + + u32 rc4key[2]; + u32 rc4data[2]; + +} pdf_t; + +static const char *SIGNATURE_PDF = "$pdf$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pdf_t); + + return esalt_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; // RC4 + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // RC4 + + return kernel_threads_max; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 5; // RC4-40 fixed + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 5; // RC4-40 fixed + + return pw_max; +} + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return "?b?b?b?b?b"; +} + +u32 module_forced_outfile_format (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 forced_outfile_format = 5; + + return forced_outfile_format; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pdf_t *pdf = (pdf_t *) esalt_buf; + + token_t token; + + token.token_cnt = 12; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PDF; + + token.len[0] = 5; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 1; + token.len_max[2] = 1; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[3] = 2; + token.len_max[3] = 2; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[4] = 1; + token.len_max[4] = 6; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[5] = 1; + token.len_max[5] = 1; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[6] = 2; + token.len_max[6] = 2; + token.sep[6] = '*'; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[7] = 32; + token.len_max[7] = 32; + token.sep[7] = '*'; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[8] = 2; + token.len_max[8] = 2; + token.sep[8] = '*'; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[9] = 64; + token.len_max[9] = 64; + token.sep[9] = '*'; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[10] = 2; + token.len_max[10] = 2; + token.sep[10] = '*'; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[11] = 64; + token.len_max[11] = 64; + token.sep[11] = '*'; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *V_pos = token.buf[1]; + const u8 *R_pos = token.buf[2]; + const u8 *bits_pos = token.buf[3]; + const u8 *P_pos = token.buf[4]; + const u8 *enc_md_pos = token.buf[5]; + const u8 *id_len_pos = token.buf[6]; + const u8 *id_buf_pos = token.buf[7]; + const u8 *u_len_pos = token.buf[8]; + const u8 *u_buf_pos = token.buf[9]; + const u8 *o_len_pos = token.buf[10]; + const u8 *o_buf_pos = token.buf[11]; + + // validate data + + const int V = strtol ((const char *) V_pos, NULL, 10); + const int R = strtol ((const char *) R_pos, NULL, 10); + const int P = strtol ((const char *) P_pos, NULL, 10); + + if (V != 1) return (PARSER_SALT_VALUE); + if (R != 2) return (PARSER_SALT_VALUE); + + const int enc_md = strtol ((const char *) enc_md_pos, NULL, 10); + + if ((enc_md != 0) && (enc_md != 1)) return (PARSER_SALT_VALUE); + + const int id_len = strtol ((const char *) id_len_pos, NULL, 10); + const int u_len = strtol ((const char *) u_len_pos, NULL, 10); + const int o_len = strtol ((const char *) o_len_pos, NULL, 10); + + if (id_len != 16) return (PARSER_SALT_VALUE); + if (u_len != 32) return (PARSER_SALT_VALUE); + if (o_len != 32) return (PARSER_SALT_VALUE); + + const int bits = strtol ((const char *) bits_pos, NULL, 10); + + if (bits != 40) return (PARSER_SALT_VALUE); + + // copy data to esalt + + pdf->V = V; + pdf->R = R; + pdf->P = P; + + pdf->enc_md = enc_md; + + pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0); + pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8); + pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16); + pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24); + pdf->id_len = id_len; + + pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0); + pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8); + pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16); + pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24); + pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32); + pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40); + pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48); + pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56); + pdf->u_len = u_len; + + pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0); + pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8); + pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16); + pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24); + pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32); + pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40); + pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48); + pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56); + pdf->o_len = o_len; + + // we use ID for salt, maybe needs to change, we will see... + + salt->salt_buf[0] = pdf->id_buf[0]; + salt->salt_buf[1] = pdf->id_buf[1]; + salt->salt_buf[2] = pdf->id_buf[2]; + salt->salt_buf[3] = pdf->id_buf[3]; + salt->salt_len = pdf->id_len; + + digest[0] = pdf->u_buf[0]; + digest[1] = pdf->u_buf[1]; + digest[2] = pdf->u_buf[2]; + digest[3] = pdf->u_buf[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const pdf_t *pdf = (const pdf_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", + pdf->V, + pdf->R, + 40, + pdf->P, + pdf->enc_md, + pdf->id_len, + byte_swap_32 (pdf->id_buf[0]), + byte_swap_32 (pdf->id_buf[1]), + byte_swap_32 (pdf->id_buf[2]), + byte_swap_32 (pdf->id_buf[3]), + pdf->u_len, + byte_swap_32 (pdf->u_buf[0]), + byte_swap_32 (pdf->u_buf[1]), + byte_swap_32 (pdf->u_buf[2]), + byte_swap_32 (pdf->u_buf[3]), + byte_swap_32 (pdf->u_buf[4]), + byte_swap_32 (pdf->u_buf[5]), + byte_swap_32 (pdf->u_buf[6]), + byte_swap_32 (pdf->u_buf[7]), + pdf->o_len, + byte_swap_32 (pdf->o_buf[0]), + byte_swap_32 (pdf->o_buf[1]), + byte_swap_32 (pdf->o_buf[2]), + byte_swap_32 (pdf->o_buf[3]), + byte_swap_32 (pdf->o_buf[4]), + byte_swap_32 (pdf->o_buf[5]), + byte_swap_32 (pdf->o_buf[6]), + byte_swap_32 (pdf->o_buf[7]) + ); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = module_forced_outfile_format; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_10420.c b/src/modules/module_10420.c new file mode 100644 index 000000000..326204aef --- /dev/null +++ b/src/modules/module_10420.c @@ -0,0 +1,397 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 10420; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$pdf$1*2*40*-1*0*16*01221086741440841668371056103222*32*27c3fecef6d46a78eb61b8b4dbc690f5f8a2912bbb9afc842c12d79481568b74*32*0000000000000000000000000000000000000000000000000000000000000000:6a8aedccb7"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pdf +{ + int V; + int R; + int P; + + int enc_md; + + u32 id_buf[8]; + u32 u_buf[32]; + u32 o_buf[32]; + + int id_len; + int o_len; + int u_len; + + u32 rc4key[2]; + u32 rc4data[2]; + +} pdf_t; + +static const char *SIGNATURE_PDF = "$pdf$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pdf_t); + + return esalt_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 32; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pdf_t *pdf = (pdf_t *) esalt_buf; + + token_t token; + + token.token_cnt = 13; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PDF; + + token.len[0] = 5; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 1; + token.len_max[2] = 1; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[3] = 2; + token.len_max[3] = 2; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[4] = 1; + token.len_max[4] = 6; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[5] = 1; + token.len_max[5] = 1; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[6] = 2; + token.len_max[6] = 2; + token.sep[6] = '*'; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[7] = 32; + token.len_max[7] = 32; + token.sep[7] = '*'; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[8] = 2; + token.len_max[8] = 2; + token.sep[8] = '*'; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[9] = 64; + token.len_max[9] = 64; + token.sep[9] = '*'; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[10] = 2; + token.len_max[10] = 2; + token.sep[10] = '*'; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[11] = 64; + token.len_max[11] = 64; + token.sep[11] = ':'; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[12] = 10; + token.len_max[12] = 10; + token.sep[12] = '*'; + token.attr[12] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *V_pos = token.buf[1]; + const u8 *R_pos = token.buf[2]; + const u8 *bits_pos = token.buf[3]; + const u8 *P_pos = token.buf[4]; + const u8 *enc_md_pos = token.buf[5]; + const u8 *id_len_pos = token.buf[6]; + const u8 *id_buf_pos = token.buf[7]; + const u8 *u_len_pos = token.buf[8]; + const u8 *u_buf_pos = token.buf[9]; + const u8 *o_len_pos = token.buf[10]; + const u8 *o_buf_pos = token.buf[11]; + const u8 *rc4key_pos = token.buf[12]; + + // validate data + + const int V = strtol ((const char *) V_pos, NULL, 10); + const int R = strtol ((const char *) R_pos, NULL, 10); + const int P = strtol ((const char *) P_pos, NULL, 10); + + if (V != 1) return (PARSER_SALT_VALUE); + if (R != 2) return (PARSER_SALT_VALUE); + + const int enc_md = strtol ((const char *) enc_md_pos, NULL, 10); + + if ((enc_md != 0) && (enc_md != 1)) return (PARSER_SALT_VALUE); + + const int id_len = strtol ((const char *) id_len_pos, NULL, 10); + const int u_len = strtol ((const char *) u_len_pos, NULL, 10); + const int o_len = strtol ((const char *) o_len_pos, NULL, 10); + + if (id_len != 16) return (PARSER_SALT_VALUE); + if (u_len != 32) return (PARSER_SALT_VALUE); + if (o_len != 32) return (PARSER_SALT_VALUE); + + const int bits = strtol ((const char *) bits_pos, NULL, 10); + + if (bits != 40) return (PARSER_SALT_VALUE); + + // copy data to esalt + + pdf->V = V; + pdf->R = R; + pdf->P = P; + + pdf->enc_md = enc_md; + + pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0); + pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8); + pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16); + pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24); + pdf->id_len = id_len; + + pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0); + pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8); + pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16); + pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24); + pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32); + pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40); + pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48); + pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56); + pdf->u_len = u_len; + + pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0); + pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8); + pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16); + pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24); + pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32); + pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40); + pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48); + pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56); + pdf->o_len = o_len; + + pdf->rc4key[1] = 0; + pdf->rc4key[0] = 0; + + pdf->rc4key[0] |= hex_convert (rc4key_pos[0]) << 28; + pdf->rc4key[0] |= hex_convert (rc4key_pos[1]) << 24; + pdf->rc4key[0] |= hex_convert (rc4key_pos[2]) << 20; + pdf->rc4key[0] |= hex_convert (rc4key_pos[3]) << 16; + pdf->rc4key[0] |= hex_convert (rc4key_pos[4]) << 12; + pdf->rc4key[0] |= hex_convert (rc4key_pos[5]) << 8; + pdf->rc4key[0] |= hex_convert (rc4key_pos[6]) << 4; + pdf->rc4key[0] |= hex_convert (rc4key_pos[7]) << 0; + pdf->rc4key[1] |= hex_convert (rc4key_pos[8]) << 28; + pdf->rc4key[1] |= hex_convert (rc4key_pos[9]) << 24; + + pdf->rc4key[0] = byte_swap_32 (pdf->rc4key[0]); + pdf->rc4key[1] = byte_swap_32 (pdf->rc4key[1]); + + // we use ID for salt, maybe needs to change, we will see... + + salt->salt_buf[0] = pdf->id_buf[0]; + salt->salt_buf[1] = pdf->id_buf[1]; + salt->salt_buf[2] = pdf->id_buf[2]; + salt->salt_buf[3] = pdf->id_buf[3]; + salt->salt_buf[4] = pdf->u_buf[0]; + salt->salt_buf[5] = pdf->u_buf[1]; + salt->salt_buf[6] = pdf->o_buf[0]; + salt->salt_buf[7] = pdf->o_buf[1]; + salt->salt_len = pdf->id_len + 16; + + digest[0] = pdf->rc4key[0]; + digest[1] = pdf->rc4key[1]; + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const pdf_t *pdf = (const pdf_t *) esalt_buf; + + const u8 *rc4key = (const u8 *) pdf->rc4key; + + const int line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x:%02x%02x%02x%02x%02x", + pdf->V, + pdf->R, + 40, + pdf->P, + pdf->enc_md, + pdf->id_len, + byte_swap_32 (pdf->id_buf[0]), + byte_swap_32 (pdf->id_buf[1]), + byte_swap_32 (pdf->id_buf[2]), + byte_swap_32 (pdf->id_buf[3]), + pdf->u_len, + byte_swap_32 (pdf->u_buf[0]), + byte_swap_32 (pdf->u_buf[1]), + byte_swap_32 (pdf->u_buf[2]), + byte_swap_32 (pdf->u_buf[3]), + byte_swap_32 (pdf->u_buf[4]), + byte_swap_32 (pdf->u_buf[5]), + byte_swap_32 (pdf->u_buf[6]), + byte_swap_32 (pdf->u_buf[7]), + pdf->o_len, + byte_swap_32 (pdf->o_buf[0]), + byte_swap_32 (pdf->o_buf[1]), + byte_swap_32 (pdf->o_buf[2]), + byte_swap_32 (pdf->o_buf[3]), + byte_swap_32 (pdf->o_buf[4]), + byte_swap_32 (pdf->o_buf[5]), + byte_swap_32 (pdf->o_buf[6]), + byte_swap_32 (pdf->o_buf[7]), + rc4key[0], + rc4key[1], + rc4key[2], + rc4key[3], + rc4key[4] + ); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_10500.c b/src/modules/module_10500.c new file mode 100644 index 000000000..35217a8e3 --- /dev/null +++ b/src/modules/module_10500.c @@ -0,0 +1,486 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "cpu_md5.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "PDF 1.4 - 1.6 (Acrobat 5 - 8)"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 10500; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$pdf$2*3*128*-4*1*16*62888255846156252261477183186121*32*6879919b1afd520bd3b7dbcc0868a0a500000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pdf +{ + int V; + int R; + int P; + + int enc_md; + + u32 id_buf[8]; + u32 u_buf[32]; + u32 o_buf[32]; + + int id_len; + int o_len; + int u_len; + + u32 rc4key[2]; + u32 rc4data[2]; + +} pdf_t; + +typedef struct pdf14_tmp +{ + u32 digest[4]; + u32 out[4]; + +} pdf14_tmp_t; + +static const char *SIGNATURE_PDF = "$pdf$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pdf_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pdf14_tmp_t); + + return tmp_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; // RC4 + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // RC4 + + return kernel_threads_max; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 32; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pdf_t *pdf = (pdf_t *) esalt_buf; + + token_t token; + + token.token_cnt = 12; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PDF; + + token.len[0] = 5; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 1; + token.len_max[2] = 1; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[3] = 3; + token.len_max[3] = 3; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[4] = 1; + token.len_max[4] = 6; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[5] = 1; + token.len_max[5] = 1; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[6] = 2; + token.len_max[6] = 2; + token.sep[6] = '*'; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[7] = 32; + token.len_max[7] = 64; + token.sep[7] = '*'; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[8] = 2; + token.len_max[8] = 2; + token.sep[8] = '*'; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[9] = 64; + token.len_max[9] = 64; + token.sep[9] = '*'; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[10] = 2; + token.len_max[10] = 2; + token.sep[10] = '*'; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[11] = 64; + token.len_max[11] = 64; + token.sep[11] = '*'; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *V_pos = token.buf[1]; + const u8 *R_pos = token.buf[2]; + const u8 *bits_pos = token.buf[3]; + const u8 *P_pos = token.buf[4]; + const u8 *enc_md_pos = token.buf[5]; + const u8 *id_len_pos = token.buf[6]; + const u8 *id_buf_pos = token.buf[7]; + const u8 *u_len_pos = token.buf[8]; + const u8 *u_buf_pos = token.buf[9]; + const u8 *o_len_pos = token.buf[10]; + const u8 *o_buf_pos = token.buf[11]; + + // validate data + + const int V = strtol ((const char *) V_pos, NULL, 10); + const int R = strtol ((const char *) R_pos, NULL, 10); + const int P = strtol ((const char *) P_pos, NULL, 10); + + int vr_ok = 0; + + if ((V == 2) && (R == 3)) vr_ok = 1; + if ((V == 4) && (R == 4)) vr_ok = 1; + + if (vr_ok == 0) return (PARSER_SALT_VALUE); + + const int id_len = strtol ((const char *) id_len_pos, NULL, 10); + const int u_len = strtol ((const char *) u_len_pos, NULL, 10); + const int o_len = strtol ((const char *) o_len_pos, NULL, 10); + + if ((id_len != 16) && (id_len != 32)) return (PARSER_SALT_VALUE); + + if (u_len != 32) return (PARSER_SALT_VALUE); + if (o_len != 32) return (PARSER_SALT_VALUE); + + const int bits = strtol ((const char *) bits_pos, NULL, 10); + + if (bits != 128) return (PARSER_SALT_VALUE); + + int enc_md = 1; + + if (R >= 4) + { + enc_md = strtol ((const char *) enc_md_pos, NULL, 10); + } + + // copy data to esalt + + pdf->V = V; + pdf->R = R; + pdf->P = P; + + pdf->enc_md = enc_md; + + pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0); + pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8); + pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16); + pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24); + + if (id_len == 32) + { + pdf->id_buf[4] = hex_to_u32 (id_buf_pos + 32); + pdf->id_buf[5] = hex_to_u32 (id_buf_pos + 40); + pdf->id_buf[6] = hex_to_u32 (id_buf_pos + 48); + pdf->id_buf[7] = hex_to_u32 (id_buf_pos + 56); + } + + pdf->id_len = id_len; + + pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0); + pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8); + pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16); + pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24); + pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32); + pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40); + pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48); + pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56); + pdf->u_len = u_len; + + pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0); + pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8); + pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16); + pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24); + pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32); + pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40); + pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48); + pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56); + pdf->o_len = o_len; + + // precompute rc4 data for later use + + u32 padding[8] = + { + 0x5e4ebf28, + 0x418a754e, + 0x564e0064, + 0x0801faff, + 0xb6002e2e, + 0x803e68d0, + 0xfea90c2f, + 0x7a695364 + }; + + // md5 + + u32 salt_pc_block[32] = { 0 }; + + u8 *salt_pc_ptr = (u8 *) salt_pc_block; + + memcpy (salt_pc_ptr, padding, 32); + memcpy (salt_pc_ptr + 32, pdf->id_buf, pdf->id_len); + + u32 salt_pc_digest[4] = { 0 }; + + md5_complete_no_limit (salt_pc_digest, salt_pc_block, 32 + pdf->id_len); + + pdf->rc4data[0] = salt_pc_digest[0]; + pdf->rc4data[1] = salt_pc_digest[1]; + + // we use ID for salt, maybe needs to change, we will see... + + salt->salt_buf[0] = pdf->id_buf[0]; + salt->salt_buf[1] = pdf->id_buf[1]; + salt->salt_buf[2] = pdf->id_buf[2]; + salt->salt_buf[3] = pdf->id_buf[3]; + salt->salt_buf[4] = pdf->u_buf[0]; + salt->salt_buf[5] = pdf->u_buf[1]; + salt->salt_buf[6] = pdf->o_buf[0]; + salt->salt_buf[7] = pdf->o_buf[1]; + salt->salt_len = pdf->id_len + 16; + + salt->salt_iter = (50 + 20); + + digest[0] = pdf->u_buf[0]; + digest[1] = pdf->u_buf[1]; + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const pdf_t *pdf = (const pdf_t *) esalt_buf; + + int line_len = 0; + + if (pdf->id_len == 32) + { + line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", + pdf->V, + pdf->R, + 128, + pdf->P, + pdf->enc_md, + pdf->id_len, + byte_swap_32 (pdf->id_buf[0]), + byte_swap_32 (pdf->id_buf[1]), + byte_swap_32 (pdf->id_buf[2]), + byte_swap_32 (pdf->id_buf[3]), + byte_swap_32 (pdf->id_buf[4]), + byte_swap_32 (pdf->id_buf[5]), + byte_swap_32 (pdf->id_buf[6]), + byte_swap_32 (pdf->id_buf[7]), + pdf->u_len, + byte_swap_32 (pdf->u_buf[0]), + byte_swap_32 (pdf->u_buf[1]), + byte_swap_32 (pdf->u_buf[2]), + byte_swap_32 (pdf->u_buf[3]), + byte_swap_32 (pdf->u_buf[4]), + byte_swap_32 (pdf->u_buf[5]), + byte_swap_32 (pdf->u_buf[6]), + byte_swap_32 (pdf->u_buf[7]), + pdf->o_len, + byte_swap_32 (pdf->o_buf[0]), + byte_swap_32 (pdf->o_buf[1]), + byte_swap_32 (pdf->o_buf[2]), + byte_swap_32 (pdf->o_buf[3]), + byte_swap_32 (pdf->o_buf[4]), + byte_swap_32 (pdf->o_buf[5]), + byte_swap_32 (pdf->o_buf[6]), + byte_swap_32 (pdf->o_buf[7]) + ); + } + else + { + line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", + pdf->V, + pdf->R, + 128, + pdf->P, + pdf->enc_md, + pdf->id_len, + byte_swap_32 (pdf->id_buf[0]), + byte_swap_32 (pdf->id_buf[1]), + byte_swap_32 (pdf->id_buf[2]), + byte_swap_32 (pdf->id_buf[3]), + pdf->u_len, + byte_swap_32 (pdf->u_buf[0]), + byte_swap_32 (pdf->u_buf[1]), + byte_swap_32 (pdf->u_buf[2]), + byte_swap_32 (pdf->u_buf[3]), + byte_swap_32 (pdf->u_buf[4]), + byte_swap_32 (pdf->u_buf[5]), + byte_swap_32 (pdf->u_buf[6]), + byte_swap_32 (pdf->u_buf[7]), + pdf->o_len, + byte_swap_32 (pdf->o_buf[0]), + byte_swap_32 (pdf->o_buf[1]), + byte_swap_32 (pdf->o_buf[2]), + byte_swap_32 (pdf->o_buf[3]), + byte_swap_32 (pdf->o_buf[4]), + byte_swap_32 (pdf->o_buf[5]), + byte_swap_32 (pdf->o_buf[6]), + byte_swap_32 (pdf->o_buf[7]) + ); + } + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_11000.c b/src/modules/module_11000.c new file mode 100644 index 000000000..a9f92a68f --- /dev/null +++ b/src/modules/module_11000.c @@ -0,0 +1,204 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 3; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 1; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FORUM_SOFTWARE; +static const char *HASH_NAME = "PrestaShop"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 11000; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_NOT_ITERATED + | OPTI_TYPE_PREPENDED_SALT; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_ADD80; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "f22cade043e7214200206dbffca49fd9:27167508161455764247627144160038845437138252877014827848"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +u32 module_salt_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 salt_min = 56; + + return salt_min; +} + +u32 module_salt_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 salt_max = 56; + + return salt_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 2; + + token.sep[0] = hashconfig->separator; + token.len_min[0] = 32; + token.len_max[0] = 32; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = 56; + token.len_max[1] = 56; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u32 tmp[4]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + u32_to_hex (tmp[0], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[1], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[2], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[3], out_buf + out_len); out_len += 8; + + out_buf[out_len] = hashconfig->separator; + + out_len += 1; + + memcpy (out_buf + out_len, salt->salt_buf, salt->salt_len); + + out_len += salt->salt_len; + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = module_salt_max; + module_ctx->module_salt_min = module_salt_min; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_12400.c b/src/modules/module_12400.c new file mode 100644 index 000000000..2cbb60a34 --- /dev/null +++ b/src/modules/module_12400.c @@ -0,0 +1,265 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "cpu_des.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_OS; +static const char *HASH_NAME = "BSDi Crypt, Extended DES"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 12400; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "_GW..8841inaTltazRsQ"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct bsdicrypt_tmp +{ + u32 Kc[16]; + u32 Kd[16]; + + u32 iv[2]; + +} bsdicrypt_tmp_t; + +static const char *SIGNATURE_BSDICRYPT = "_"; + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 pw_max = (const u64) sizeof (bsdicrypt_tmp_t); + + return pw_max; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 4; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_BSDICRYPT; + + token.len[0] = 1; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len[1] = 4; + token.attr[1] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + token.len[2] = 4; + token.attr[2] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + token.len[3] = 11; + token.attr[3] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // iteration count + + const u8 *iter_pos = token.buf[1]; + + salt->salt_iter = itoa64_to_int (iter_pos[0]) + | itoa64_to_int (iter_pos[1]) << 6 + | itoa64_to_int (iter_pos[2]) << 12 + | itoa64_to_int (iter_pos[3]) << 18; + + // set salt + + const u8 *salt_pos = token.buf[2]; + + salt->salt_buf[0] = itoa64_to_int (salt_pos[0]) + | itoa64_to_int (salt_pos[1]) << 6 + | itoa64_to_int (salt_pos[2]) << 12 + | itoa64_to_int (salt_pos[3]) << 18; + + salt->salt_len = 4; + + // hash + + const u8 *hash_pos = token.buf[3]; + const int hash_len = token.len[3]; + + unsigned char c19 = itoa64_to_int (hash_pos[10]); + + if (c19 & 3) return (PARSER_HASH_VALUE); + + u8 tmp_buf[100] = { 0 }; + + base64_decode (itoa64_to_int, hash_pos, hash_len, tmp_buf); + + memcpy (digest, tmp_buf, 8); + + u32 tt; + + IP (digest[0], digest[1], tt); + + digest[0] = rotr32 (digest[0], 31); + digest[1] = rotr32 (digest[1], 31); + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + // encode iteration count + + char salt_iter[5]; + + salt_iter[0] = int_to_itoa64 ((salt->salt_iter ) & 0x3f); + salt_iter[1] = int_to_itoa64 ((salt->salt_iter >> 6) & 0x3f); + salt_iter[2] = int_to_itoa64 ((salt->salt_iter >> 12) & 0x3f); + salt_iter[3] = int_to_itoa64 ((salt->salt_iter >> 18) & 0x3f); + salt_iter[4] = 0; + + // encode salt + + char ptr_salt[5]; + + ptr_salt[0] = int_to_itoa64 ((salt->salt_buf[0] ) & 0x3f); + ptr_salt[1] = int_to_itoa64 ((salt->salt_buf[0] >> 6) & 0x3f); + ptr_salt[2] = int_to_itoa64 ((salt->salt_buf[0] >> 12) & 0x3f); + ptr_salt[3] = int_to_itoa64 ((salt->salt_buf[0] >> 18) & 0x3f); + ptr_salt[4] = 0; + + // encode digest + + u32 tmp[2]; + + tmp[0] = rotl32 (digest[0], 31); + tmp[1] = rotl32 (digest[1], 31); + + u32 tt; + + FP (tmp[1], tmp[0], tt); + + char ptr_plain[12]; + + base64_encode (int_to_itoa64, (const u8 *) tmp, 8, (u8 *) ptr_plain); + + ptr_plain[11] = 0; + + // fill the resulting buffer + + const int line_len = snprintf (line_buf, line_size, "_%s%s%s", salt_iter, ptr_salt, ptr_plain); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_12600.c b/src/modules/module_12600.c new file mode 100644 index 000000000..7e793f24b --- /dev/null +++ b/src/modules/module_12600.c @@ -0,0 +1,285 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "cpu_sha256.h" +#include "inc_hash_constants.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 3; +static const u32 DGST_POS1 = 7; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 6; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_SERVER; +static const char *HASH_NAME = "ColdFusion 10+"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 12600; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_EARLY_SKIP + | OPTI_TYPE_NOT_ITERATED; +static const u32 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE + | OPTS_TYPE_PT_ADD80; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "3f3473a071b1fb955544e80c81853ca0f1e4f9ee4ca3bf4d2a8a10b5ef5be1f6:6058321484538505215534207835727413038041028036676832416353152201"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +u32 module_salt_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 salt_min = 64; + + return salt_min; +} + +u32 module_salt_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 salt_max = 64; + + return salt_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 2; + + token.sep[0] = hashconfig->separator; + token.len_min[0] = 64; + token.len_max[0] = 64; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = 64; + token.len_max[1] = 64; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // hash + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + digest[4] = hex_to_u32 (hash_pos + 32); + digest[5] = hex_to_u32 (hash_pos + 40); + digest[6] = hex_to_u32 (hash_pos + 48); + digest[7] = hex_to_u32 (hash_pos + 56); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + digest[5] = byte_swap_32 (digest[5]); + digest[6] = byte_swap_32 (digest[6]); + digest[7] = byte_swap_32 (digest[7]); + + // salt + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + /** + * we can precompute the first sha256 transform + */ + + u32 w[16] = { 0 }; + + w[ 0] = byte_swap_32 (salt->salt_buf[ 0]); + w[ 1] = byte_swap_32 (salt->salt_buf[ 1]); + w[ 2] = byte_swap_32 (salt->salt_buf[ 2]); + w[ 3] = byte_swap_32 (salt->salt_buf[ 3]); + w[ 4] = byte_swap_32 (salt->salt_buf[ 4]); + w[ 5] = byte_swap_32 (salt->salt_buf[ 5]); + w[ 6] = byte_swap_32 (salt->salt_buf[ 6]); + w[ 7] = byte_swap_32 (salt->salt_buf[ 7]); + w[ 8] = byte_swap_32 (salt->salt_buf[ 8]); + w[ 9] = byte_swap_32 (salt->salt_buf[ 9]); + w[10] = byte_swap_32 (salt->salt_buf[10]); + w[11] = byte_swap_32 (salt->salt_buf[11]); + w[12] = byte_swap_32 (salt->salt_buf[12]); + w[13] = byte_swap_32 (salt->salt_buf[13]); + w[14] = byte_swap_32 (salt->salt_buf[14]); + w[15] = byte_swap_32 (salt->salt_buf[15]); + + u32 pc256[8] = { SHA256M_A, SHA256M_B, SHA256M_C, SHA256M_D, SHA256M_E, SHA256M_F, SHA256M_G, SHA256M_H }; + + sha256_64 (w, pc256); + + salt->salt_buf_pc[0] = pc256[0]; + salt->salt_buf_pc[1] = pc256[1]; + salt->salt_buf_pc[2] = pc256[2]; + salt->salt_buf_pc[3] = pc256[3]; + salt->salt_buf_pc[4] = pc256[4]; + salt->salt_buf_pc[5] = pc256[5]; + salt->salt_buf_pc[6] = pc256[6]; + salt->salt_buf_pc[7] = pc256[7]; + + digest[0] -= pc256[0]; + digest[1] -= pc256[1]; + digest[2] -= pc256[2]; + digest[3] -= pc256[3]; + digest[4] -= pc256[4]; + digest[5] -= pc256[5]; + digest[6] -= pc256[6]; + digest[7] -= pc256[7]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u32 tmp[8]; + + tmp[0] = digest[0] + salt->salt_buf_pc[0]; + tmp[1] = digest[1] + salt->salt_buf_pc[1]; + tmp[2] = digest[2] + salt->salt_buf_pc[2]; + tmp[3] = digest[3] + salt->salt_buf_pc[3]; + tmp[4] = digest[4] + salt->salt_buf_pc[4]; + tmp[5] = digest[5] + salt->salt_buf_pc[5]; + tmp[6] = digest[6] + salt->salt_buf_pc[6]; + tmp[7] = digest[7] + salt->salt_buf_pc[7]; + + tmp[0] = byte_swap_32 (tmp[0]); + tmp[1] = byte_swap_32 (tmp[1]); + tmp[2] = byte_swap_32 (tmp[2]); + tmp[3] = byte_swap_32 (tmp[3]); + tmp[4] = byte_swap_32 (tmp[4]); + tmp[5] = byte_swap_32 (tmp[5]); + tmp[6] = byte_swap_32 (tmp[6]); + tmp[7] = byte_swap_32 (tmp[7]); + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + u32_to_hex (tmp[0], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[1], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[2], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[3], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[4], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[5], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[6], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[7], out_buf + out_len); out_len += 8; + + out_buf[out_len] = hashconfig->separator; + + out_len += 1; + + memcpy (out_buf + out_len, salt->salt_buf, salt->salt_len); + + out_len += salt->salt_len; + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = module_salt_max; + module_ctx->module_salt_min = module_salt_min; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13711.c b/src/modules/module_13711.c new file mode 100644 index 000000000..79a034d79 --- /dev/null +++ b/src/modules/module_13711.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 512 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6211; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "531aca1fa6db5118506320114cb11a9f00dade61720533fc12982b28ec71a1a3856ac6ee44b4acc207c8230352208d5f0dc37bf755bd98830279d6befcb6001cdf025f816a0aa1baf3b9b51be00fadb451ffbe9bdfc381115eeceeef778e29a8761f853b7c99e0ea9ec452ba77677f888ea40a39cf65db74d87147690684e273313dea15ff2039797e112006e5f80f2c5baf2c11eb62cb63cfb45883f8885fc7cd5bdb74ef57ec4fe3cec5c2025364582380366169d9419ac41b6f6e878429239e52538f9698e73700b920e7b58c56a4563f5aa512e334ddc56909ac2a0ad4146833f050edd78b7954e6549d0fa2e3b26ed2a769a6c029bfa4de62d49575acce078ef035e366ec13b6092cb205e481bc822f87972bfbe4a3915fad620c4b8645e96bcc468d5804208ae251a560068a09455657f4539dc7e80637fa85fbce058ffee421a98d85b2ae1118d9bd4f24e1e810627cc9893b7166e199dc91fd7f79740530a472df0948f285293478042b28cd2caef086a6ce9d5f656f97adde7d68924ef477fdf2a0c0b107671a1f94b2906d8fb58114836982e4e130e6944df8b42288512376553a1fa6526f9e46dc19b99bb568b30269d9f5d7db2d70a9aa85371b0ac71a6f6f564aaef26a0508c16bf03934973504a5188de37b18a689a020bc37a54d2863879e12902b43bc71c057fa47cbaac1e0100696af365e8226daeba346"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_655331 = 655331; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_655331 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13712.c b/src/modules/module_13712.c new file mode 100644 index 000000000..9b5b9ab45 --- /dev/null +++ b/src/modules/module_13712.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 1024 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6212; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "531aca1fa6db5118506320114cb11a9f00dade61720533fc12982b28ec71a1a3856ac6ee44b4acc207c8230352208d5f0dc37bf755bd98830279d6befcb6001cdf025f816a0aa1baf3b9b51be00fadb451ffbe9bdfc381115eeceeef778e29a8761f853b7c99e0ea9ec452ba77677f888ea40a39cf65db74d87147690684e273313dea15ff2039797e112006e5f80f2c5baf2c11eb62cb63cfb45883f8885fc7cd5bdb74ef57ec4fe3cec5c2025364582380366169d9419ac41b6f6e878429239e52538f9698e73700b920e7b58c56a4563f5aa512e334ddc56909ac2a0ad4146833f050edd78b7954e6549d0fa2e3b26ed2a769a6c029bfa4de62d49575acce078ef035e366ec13b6092cb205e481bc822f87972bfbe4a3915fad620c4b8645e96bcc468d5804208ae251a560068a09455657f4539dc7e80637fa85fbce058ffee421a98d85b2ae1118d9bd4f24e1e810627cc9893b7166e199dc91fd7f79740530a472df0948f285293478042b28cd2caef086a6ce9d5f656f97adde7d68924ef477fdf2a0c0b107671a1f94b2906d8fb58114836982e4e130e6944df8b42288512376553a1fa6526f9e46dc19b99bb568b30269d9f5d7db2d70a9aa85371b0ac71a6f6f564aaef26a0508c16bf03934973504a5188de37b18a689a020bc37a54d2863879e12902b43bc71c057fa47cbaac1e0100696af365e8226daeba346"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_655331 = 655331; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_655331 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13713.c b/src/modules/module_13713.c new file mode 100644 index 000000000..bd2595890 --- /dev/null +++ b/src/modules/module_13713.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 1536 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6213; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "531aca1fa6db5118506320114cb11a9f00dade61720533fc12982b28ec71a1a3856ac6ee44b4acc207c8230352208d5f0dc37bf755bd98830279d6befcb6001cdf025f816a0aa1baf3b9b51be00fadb451ffbe9bdfc381115eeceeef778e29a8761f853b7c99e0ea9ec452ba77677f888ea40a39cf65db74d87147690684e273313dea15ff2039797e112006e5f80f2c5baf2c11eb62cb63cfb45883f8885fc7cd5bdb74ef57ec4fe3cec5c2025364582380366169d9419ac41b6f6e878429239e52538f9698e73700b920e7b58c56a4563f5aa512e334ddc56909ac2a0ad4146833f050edd78b7954e6549d0fa2e3b26ed2a769a6c029bfa4de62d49575acce078ef035e366ec13b6092cb205e481bc822f87972bfbe4a3915fad620c4b8645e96bcc468d5804208ae251a560068a09455657f4539dc7e80637fa85fbce058ffee421a98d85b2ae1118d9bd4f24e1e810627cc9893b7166e199dc91fd7f79740530a472df0948f285293478042b28cd2caef086a6ce9d5f656f97adde7d68924ef477fdf2a0c0b107671a1f94b2906d8fb58114836982e4e130e6944df8b42288512376553a1fa6526f9e46dc19b99bb568b30269d9f5d7db2d70a9aa85371b0ac71a6f6f564aaef26a0508c16bf03934973504a5188de37b18a689a020bc37a54d2863879e12902b43bc71c057fa47cbaac1e0100696af365e8226daeba346"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_655331 = 655331; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_655331 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13721.c b/src/modules/module_13721.c new file mode 100644 index 000000000..b6e9fb554 --- /dev/null +++ b/src/modules/module_13721.c @@ -0,0 +1,315 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_8_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA512 + XTS 512 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6221; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP + | OPTI_TYPE_USES_BITS_64; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "2be25b279d8d2694e0ad1e5049902e717f1bdf741bbd678bf307d510741b649d78c54dca46fb2c92723afd9a40769b295e66d445ec232af5bddf91481ee41256e56b77839e8bf55265077bab405901218ac7933f74073f1208f1de72aace5da4e07d5f83ca580c0216d36c200b54570a1d58e9d8e5c98a597dec23b74a465aeac572a99af70e1a1e20fd29c7c296099e4eed5b715cb470617ea4f20140b62ec4694af67d9158deac3ce846718e10518875ce8cea0286a487a295979e67159d06e871789bf5535b75c809b340f8627e18679e3dab839a1c9823ea14a07d5cc4251b777dddb408da147c70e7cc788a01c27b0ba4f4700d3248f59fa8217874ae4958ea4518522b44f7191ec19459faef7678422adecd58777487ef54a5305ff2caaa545dcb82f7e7a3eb30bd9f7ebab542d0964a367f9c710cf26bbd704e841d591428da3486db31c57f91c6167bf99e31839363cb93bc60d755031f96f2d2c964e1d85b7eaa104985ef801a21d99352c025d7415d5b2f1aa37dc513345d0ff6a1bca92ad7b8c265f322d04f2992895de32636c9b03318cf7154632d547debc1c5e0c8f8730a045efcf3d16ff956cf803716eee22168bc5a5ab72ddb5087436722cb0f59a5b7b03bc557ffb50e8757d1a5639e2bcddd8060de4ee5535fb614b4fc159c6a39040dcbe83889b9c6fac1c9364a7bea930d916ea23fafa0fde07ef609"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc64_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[32]; + u64 out[32]; + +} tc64_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc64_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + // parse + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13722.c b/src/modules/module_13722.c new file mode 100644 index 000000000..cf4d29255 --- /dev/null +++ b/src/modules/module_13722.c @@ -0,0 +1,313 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_8_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA512 + XTS 1024 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6222; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP + | OPTI_TYPE_USES_BITS_64; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "37e6db10454a5d74c1e75eca0bc8a70e67ac032357e4bd6a4315c0174cf9780f92210dfc0a3e977969f2890828d446aecc317dc40fb3162915998cc703e49257a950a1603342913900052011a7fa85fb0b1fd4489f17237ac1a8bbfd644e871ab95a4019f14b2b938d627646b9958b530dd0739760024ad323d36962b60ba92908e55a876fc392ac2dce6a2410bcdd30a01cba90427f02ccb96e222ab1381266a6f626aa00b0f59e743c1a77433cbb28648f04c91853bdf9b8b29917b2341bf7deb013131ad228ea0c7f9435985318431dae59faff46db3726341b97a956da4ad11766124cd06644c1ba1083b36d3f380f20c272e460b958841fc23be1820ad2e0e6db66eaf4ea171035add0ab543ce8e853e3119ceb9d7f32c0948b81604b81075bcb33efe747fec300a7c68ec383d28d560cccce713c0acf51d74c0db718ba93a9e720b657dda2409adf1ce35aa7e1c0d7ed3df98dd0b6d455a355ce02bda8bea8afc0a8341ac78214efd4372b4430270009ec65badf186e5f0d815dcf597b4703af95e3bfc03313125d2a88b9bb3788b6bbc3c7212713cd584a226b155a2e6872b33730af6fba29aa3dccdb0ec35b5d6e3d981faf39c8dd35fdcff502d14736bc6a47af6e4d7f3518f8ef5e0a4e5d521589a761757f86e2bef471d9867e9b532903c479e4966dcc99189fcdfa3d676f50ccd33fb7cc0aa3e85542ff2648c9"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc64_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[32]; + u64 out[32]; + +} tc64_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc64_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13723.c b/src/modules/module_13723.c new file mode 100644 index 000000000..77edea06a --- /dev/null +++ b/src/modules/module_13723.c @@ -0,0 +1,313 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_8_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA512 + XTS 1536 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6223; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP + | OPTI_TYPE_USES_BITS_64; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "d44f26d1742260f88023d825729cc5a64cf8475d887632a2fb4a84af27af138cfadc4bcbb122f6ba68339ae8427d1f72c0c4aeef041291492ae0a7d8677d8da43227ae2a26d9a433076b44458b14f52766cf0e4baeb473a789180660d62e42bbea7c042379a5a74e259463e1c18381fa13aee27141264be381de71c12f8f704913f211c45fda0295e963d90fc35272e907858c0522601f6e7a73b43ff222663f149a485fc6c464e5f3b7cc0b6508f30621385365ca8a4e0bff4061f64f5fbdb11f70f19d77e56fa6ff015ad76ecaaccd759d30da05d2a6fbf00ac9673ac3c23efd339313c2a99511e928f976bf9b2664d97685498d5931af2d453edc6fb1129e324eaba64264711fbe21d0d202b3659106e8100634f09c38cd15b1b3acba79d7f31d31fe23c166392e300db09f10550c83187566dc0fdf768b872555851b34e3c15ad7e7438a72e6126c895cf1204987df4b42cb7bc2fe03c5777867d269378c6e496df2a1a3457b907f7143a139d800868ad95e2901723c6ebb991054b4e991c67fe4c17702d9829d9dc1fe8bf4a956460721c858e31dbcbe56850a4ed31558c6ee89ba2cba2ef4bde77fed11848f9f92e0add54964a683c3686dbab4695ebc42554da922a08c6fff32cac936ea447e771aa74a689eb269ffef677294ef297600dfd73bbbb734d2968e38a98b4a8a77ff0eec8246d93b542e3521a3eb636101"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc64_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[32]; + u64 out[32]; + +} tc64_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc64_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13731.c b/src/modules/module_13731.c new file mode 100644 index 000000000..42adaa095 --- /dev/null +++ b/src/modules/module_13731.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt Whirlpool + XTS 512 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6231; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "48f79476aa0aa8327a8a9056e61450f4e2883c9e9669142f2e2f022c2f85303b897d088dea03d64329f6c402a56fed05b3919715929090a25c8ae84c67dbdb364ebfa3e9ccc0b391c130a4c3dd6495a1d6eb5d2eab72f8009096f7475ecb736bb3225b6da144e1596d859dad159fae5a739beea88ea074771e9d0b2d7c48ae302606a60d7cff6db54f3e460c548c06a4f47dc1ac203a8c8349fbff6a652219a63f27bc76327543e22be4f8dab8e4f90a4283fbf1552119fe24114ce8869eb20ce87dd72300f7aad3f7b4a26a355f16517725449151cf0373dbd0b281f6ac753485a14a5361cc75d40928e241a6b4684658801774843238048cf8c7f2fd88950abac040e12b0c41fdcaca3702907e951ec11c061a91b3050a4855abe6f3b50b4bd0b17c4be1f5b50b873eadc2d8446cd72c4fcac576bbce3acea769f740c5322ee8c927ffd4dd11c8a9e66f06e58df2e5d4d85c13b44c412bab839c9512b7a0acdd97b37dcccc4b70854eda0f36de12d62dd10cc13bc6154103d083bf6540bc78e5d0aad5d063cc74dad4cbe6e060febda2a9fd79c238f99dcb0766ff4addcfd0c03e619c765f65b1c75d5d22c6536958bcda78077ff44b64c4da741bf50154df310d4e0724238a777b524237b9478277e400ad8146dc3ca1da83e3d2f1c5115a4b7fcdc71dd7d56ba86a2f9b721c9a4137aabb07c3c5fedcf5342c4fae4898c9"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13732.c b/src/modules/module_13732.c new file mode 100644 index 000000000..5d230e57a --- /dev/null +++ b/src/modules/module_13732.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt Whirlpool + XTS 1024 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6232; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "1b721942019ebe8cedddbed7744a0702c0e053281a467e0ed69bf875c7406407d72eb8f2aea21270e41898c0a2c14382f86e04c15e7bc019d1d9dd813eabee0ae5173e3cb1d927859d3e6de1006335a5184ae12b4c8dc2db2b1cd785063152a776f4dc5cacc1856a919b880d704b7450f5a0e0c9521bc9b4d67213c36a50e6664a1cbcea33f997b858e654111c7e9fca74f361528e85a28880381ec2600e3c1cd508c3833dd21cc91978185cba53caefd7b3c82d219d49f0b41e536d32e8d3ce194ad7923ca742213e19dcebdbd9687979d5a594654a5c611e8b829c4019e90a3cfb14e5fd7f8ed91e0fc79eed182399f02a3e3e202d4becaa6730e1f05f99ce06ce16dba7777ccddac72e85f2d3be5ecc9c808ac273f10ceb71cad666166abc327c4061a5f47424a5b6d9d093782f34b49924342a2e8cea663446ed4232a9a415ee2dfde988fa827b06d7438fec20ad0689543c3ee4602ce3ec3806fc7d668ef7e34330edd1e077b329a7627fa3ae5c89308258a17ecefbee114c80c2ab06f8271f14de8f2d13d1d6e5a119b71a6bae88ab151f76cdb2442284bc481d0df7e2163c3acfe763d3968195450d275af9034a00184a30cefed163e636626bffe6a35df3472508a49cb2b9b4c4a95d11c5d17e4e0539e9f13112125515778bcd1c2813c62a02673663062ad60583ec6a02c8a572865829e5b8c767b285728bea4907"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13733.c b/src/modules/module_13733.c new file mode 100644 index 000000000..6bdb30e2b --- /dev/null +++ b/src/modules/module_13733.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt Whirlpool + XTS 1536 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6233; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "5eb128daef63eff7e6db6aa10a8858f89964f47844acca68df82ebb2e73866fa75e3b7a53f9d2ff1ecdd1f4dc90e9c0fdf51f60d11b1992cd2971b4889edfc8920bbf346fd7693f675b617cb9e4e9a43e6f445021068fc13453b130f2eb1d753ee83ecc61dabec293e88b62110cf6a8fab670e171f6aba2226550b54893263f5fa086b3cc41dd3db2eae07b585e5162c7a0d9723a426d408d83266c4d6018dc1b8b456d28a224033a30bfe62b1e58c2ddf596e07f7ff31849a6f5cfcc1c977b82d8484c270d44ededb0afdb781295e92968fc8cc69766af0ce1e72f02d6b4e124ba4b1af71519dcaade857bb3f371f93a350da6e65ee46c2ac782f134c75c10fe9d653fccc08c614dc362871911af8b83bdfc479f770dfe4b3c86b5d895842c53852fe4912738f848bf7c3e10b8189d25faceab9ef30b6fa0284edaa471752ac2b65335179b8d605417709f64fded7d94383618a921660d4cdb190bbb3769a8e56d2cd1ee07078ebc3b68ebeb016893f7099018e40cb326e32b29a62806eaf1a3fd382f4f876bf721eadfc019c5545813e81fd7168995f743663b136762b07910a63b6eec5b728a4ad07a689cceecb14c2802f334401a0a4fd2ec49e2da7f3cb24d6181f01ceed93ee73dedc3378133c83c9a71155c86785ff20dd5a64323d2fd4bf076bab3c17a1bb45edf81c30a7bd7dbbb097ece0dca83fff9138d56ae668"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13741.c b/src/modules/module_13741.c new file mode 100644 index 000000000..f94f52a0f --- /dev/null +++ b/src/modules/module_13741.c @@ -0,0 +1,325 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6211; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "528c2997054ce1d22cbc5233463df8119a0318ab94aa715e6e686c898f36690b443221a18f578fb893e0db1e4b875cc711eab542e70e13b55d6aa26134e1a8d34f5ae6caaea7390a5e2f50130e85f9e551216dd0895f4fb0bcdec219246c249236771e1f2a1f447054d363c398ab367ed7f9574eb0611211e742f429cd53b56fcdb42d2eb183c134847dc6efc7c8293d6481aa53406f0446398591956f79ca3ce76e80208fd409d0f6f14c68312fc119ab4292972338b1457c73585ae2fc863bf202f141495de50253799cbc27010fba6de6b0a36888d12f4e3964aaaf43a830097aee7d40c5e79e5e80e7b0228a67a95bb4969dd8afa0d51d6fff340f82e824547c708b5aa59274009d7d847c53a8019e73c068c6e96a4c3c6c27d0e9f4a8c3a9c52c964eebc00128e9a539f4f569606c92bfc2d4662494a1a6aca239d73399645c86bd66b8985b5bf217b29eeba0507a388aeec85fe94f6b42a1b805ecb90a08b2c8081fe51e76bc1d97f73ae10c72a9b2db694304e04807820c088f91bb97d4585493f3e6cc392a7e56a64a66b8e11b51898b4f956d1b5fe8cf55772fd6f8c0f2a2bb2d9fef05ab2bb90f251ff2e6aa0dfffeac9e045be2ec44ebc8dd4d260748e308205475dcc2cef369e869bfc1e6d7335620c694f524260770838c768346d83af7b467cdc80814d8f55a535dbac35fc278d0d1f6101db95019cee097bb"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_327661 = 327661; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) +{ + const tc_t *tc = (const tc_t *) hashes->esalts_buf; + + if (src_len < (int) dst_sz) + { + memcpy (dst_buf, src_buf, src_len); + } + + return execute_keyboard_layout_mapping (dst_buf, src_len, tc->keyboard_layout_mapping_buf, tc->keyboard_layout_mapping_cnt); +} + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = user_options->veracrypt_pim * 2048; + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_327661 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = module_build_plain_postprocess; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13742.c b/src/modules/module_13742.c new file mode 100644 index 000000000..372ff6829 --- /dev/null +++ b/src/modules/module_13742.c @@ -0,0 +1,325 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6212; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "a3c0fa44ec59bf7a3eed64bf70b8a60623664503eeb972eb51fa25ee921d813f8e45d3e1ab1c0088a62482bb78c6e07308d2308d3d66831505b0cb02fe214fbac8a51cf9be2ada3c46045afa7df810f2e7b57792150de63b111a9aa78d70e25d832b3d6901aa455b32da240ff68380d66da27f4f7ccc5fadc6b3ff68e27b6d5c48e6512865e3b9fbe2a64a55454cfc333d7850603ecf8e1cf19abaaf8c1581a6fa14c5091ebe70e6338081d72d6a95b542764f3865946edc8e626e166cc2e0f6260032f8decdd98f9a82aa2b065a41e9b42ce8c33d3f935706431d19888bd5b2bd4d34d9bceb8596b15994f247169ee7f8cd34b6955362b60f37a4167c7b63bab8af65e7c592e9ba4535c255b4b3d93b302aa017ea335af20f9d9696f1eb37770ca87b0245d29887cc4611a3a43d11170219c509814eb1fc122a189c08394f22309dd48a996cbfc70cf67f76b6b19e46407a12ef001b2c360501dbd63d1c9f85132204709204992078318920b32aac917bb98d8eeefb60abef47571404d069a6df7881f8e7815c18789f23561d7d33f47e1aa97fb4a60bac0332b0e742a9b0498e5641401567615fd6dbd0fcfff07aebce0d543f2c498486f15f38dcf1dd55d7144d3fc51bf1f491798b183a84f3f49a72944c8054cdab915e19dc376ae3fa681d4afcd7b13f425e96340a696a4f11929b2e769ba207c5bf2c2976a3834c499d"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_327661 = 327661; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) +{ + const tc_t *tc = (const tc_t *) hashes->esalts_buf; + + if (src_len < (int) dst_sz) + { + memcpy (dst_buf, src_buf, src_len); + } + + return execute_keyboard_layout_mapping (dst_buf, src_len, tc->keyboard_layout_mapping_buf, tc->keyboard_layout_mapping_cnt); +} + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = user_options->veracrypt_pim * 2048; + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_327661 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = module_build_plain_postprocess; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13743.c b/src/modules/module_13743.c new file mode 100644 index 000000000..59359b2a6 --- /dev/null +++ b/src/modules/module_13743.c @@ -0,0 +1,325 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6213; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "1a8c0135fa94567aa866740cb27c5b9763c95be3ac0b7b5c744a36e48c08ae38d6d06ae5db926c64d05295cef134fb4d8eaa96a7b5673a1439f55c8ab829390ea945babc464e63f3aa33dcfed72c1bcf4051af13da96a2601a060d8c8be0343a7a4f0394b2bdd419b019bd10c3d39f0b6d9afd833816ee9ee5a8afada52db174a85ee029c46b706f8f96e937bb71569b65c2339a3ac8d831733888717fe08029013931ebed1fe932ceb16e52a5d54204e181057584d06991b8e9b16ba557d38f00e7c2be5ea864473e5e35d00a58b7ef8888c78d52ac1933011ca6c447bd16751024186657d1e314540e2c847115b70a51a23e61426ae09e646d715f807eed85e5c14ab2130da0ba86ddc40d3cdce035b454fceb969094d8d1b66e69f34e24d642dc244a81d163c395837d4cd9e2d581f4bb470ad4e5a2037068947f14676796f4adf208621c3db4629b3fec9a24edebfc37f97ea657295a2efbdd18fc44a0cc04f429d4da374db3ba2f3fc7dece70b64ac2c2a94ce5334b20b4251534f9ff3f60b1b252019d2617379bba68a4bc621cbd070881301beb0300bee243d113347d2f0a52fa79fb9fb349eba0056678618c006287e9730a0af32daa17841d88b99e25a9afcedd292a0592565f0ba533f1022ed4d6e51e64b98bab390fee3646133a0e02a5724bb14203fd50006e4be86544b62a9cb64188fbbf4ccd90a32022aa7c"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_327661 = 327661; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) +{ + const tc_t *tc = (const tc_t *) hashes->esalts_buf; + + if (src_len < (int) dst_sz) + { + memcpy (dst_buf, src_buf, src_len); + } + + return execute_keyboard_layout_mapping (dst_buf, src_len, tc->keyboard_layout_mapping_buf, tc->keyboard_layout_mapping_cnt); +} + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = user_options->veracrypt_pim * 2048; + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_327661 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = module_build_plain_postprocess; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13751.c b/src/modules/module_13751.c new file mode 100644 index 000000000..31234c6b9 --- /dev/null +++ b/src/modules/module_13751.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 512 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13751; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "b8a19a544414e540172595aef79e6616f504799b40a407edfb69d40534e93f0bdb3187876f0b7a21739b3a9bb02bd4752eac4d2021e65a2a9413cc389964fad46e2cd37f337eb3fe3c75909fe9911609d084fb8c09543f949e738fc2fcfa4825ca5f1e08678e711142553f95b19ba720fa6c8ae5d325be0b36b93c1b2683b0944d2ad4e858c1d83f21a302ef721b9a570233219b9fcf95919fef9ca353af32d7ceb0b3058986c4ed9580b8058325403d45048e43d9e94a1e8fbaa0658f82f81940ea821e1bd526829ee6478a32da4095ab9e7c04dac3b6cc08f99348467a5bf068ba54d0aededdf6005c18ee37e21ee8d980cabe470be49d332661761934f5c07126001c290002587ba4b49982fefaac41b62f7e74ce943bb40a2d78094f734d1bc2aa3dedff43ee2a7b8f3525743c76194637da9ebc2794bac14601e03aa98e9118023a184970b6b8f84f546af88b81e2fde836e286b57cbcbdd7d39334860571a5cc612b77f0c51c741854abeb320bf961aea99b88798199bf826970f2b1b8027499955f68e15328080289d8cf0569057e1ed887f956ce72b14dd13a1f61134e1195d13c68d9c298ae0183107e3a93dd13ee0730f1fabe3935ee70f4c6a1923abb3e0d0c8ecf45260c1444e7e73386acf29d3239d0160e097e6193099e10cc98f61bfda49df6b0635e73a9ccc7bdcc543306b40dd12b91023f61b21418af91"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13752.c b/src/modules/module_13752.c new file mode 100644 index 000000000..7441d21a3 --- /dev/null +++ b/src/modules/module_13752.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 1024 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13752; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "1c3197f32dc5b72b4d60474a7a43afefb0d2e856a8fc4957c3fb1188b62cb0ca002f585c125bb33c5a5e85a665afae9fce15cb127c2fd9b5ee074a48fd95b3a58364dfd645968187d546443ba234f5cc40e78c4bdcd1e0c6d0a1208dd892442bc1dfe2a45bc4821e843bb6d9f4adf742c48c432daf0d4a51d42cafdfca281f0fab0caabde8005405840383bbfd8dbf227384891ffa501531549e0b9562c2dd77f0e6552d253acb20cbee9a75d17ec283a46006ee89cd53e3b538e054952ae6db7aac9f2f190590e697a2a8e22d080e88c32f4d27b5afe100647da2a5c80cfcb69e5a3db67cb2fcd86d89c1c53fab1bf3a287bb9002d092e75eb1fe6269a1603545dbf97b9d7fcc9485b6400f7b0abaccc31642cefd83f037e7314c6990c51af24ae894cc1c49a09d18f3ad91b3ef37ae5414fef280ec776d9c0bf84b2eb312c8cb0046bedf6f29b4aab30cdb34333f613000a39bf650341cbf33bdd47ba7bd9be8108a1254390b045d82b208d21aa45de7ca399f8e91845b9ffb47d9e6eeb506965622a2e842ec6897277388cbb6ca2a50117e228e84bebd98f9aba40f38dc3bce3b576cb08596836e50ef276ee3a76b8ce76735fd172e9bae284aa83e2677dac56e4624e66604a90e2e3ae704c64a0f27b51ce9e472891bbc212b4a6055e4482b2e6963507f9ffb477224372289fcfee5764a5f4bc7307a509e7c37c69b4857"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13753.c b/src/modules/module_13753.c new file mode 100644 index 000000000..e2475b3d0 --- /dev/null +++ b/src/modules/module_13753.c @@ -0,0 +1,312 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 1536 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13753; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "f421bdc1087b8319c12d84a680ceab0102e8e41c9ccffe76dbe0215dcfcb7b543f3e1bbedd099e88646823dae5bad8468b72436961ea8e0449a6b92b8bda7b9ba1fe215e997ec3be2ee5eb3b4d47c41d50998df2f883404fb66270f72b5ce666e7d5ca7847c4a8b2762723da1ad088b0ad75c4fd2ccbbfa4e3adf091b6af4f44f5484ce0c89a5b0db0cbe99b3a9d43d7ff6c4ddbc9636cacfedb26b59340c6eb3e8c587db41fc01f10da2974af96531b2bee5f0b9818c3b86a3cac4ba20e08c49be84af65eb40d51626161f4eef187bf5776a89e791f3f5cbcfaa510df201fb2bf35ff03e81d0572af9abbed3cac82681925a3d1954440a6037df78f7a1e63bea81c852571a21fb550f9fe114b82bf7b94290e362cef233186f17396488c0f259c83c50ac4f8cc27d3a134ddc98f14c2fe0dd6e7d6f5eec63848314dc5984979eeb79df326f80ee0e7f671072117903cb72bbbce4f750fca3f008dadf532241e05913704df6ca03edb9641775c3b6e3e328fd078c6d70298512118312cab8316bb6ddc0b860952c621b2bb4cec1b3c7da9b1cb4c494fec382fe85aefdc56570b54845a14651535d261db519be0e860a4e20c30c86cff6f9de6e16b68d09a0e9593d271df2740950e65f1fb16e3fee034183e540e2a3b0f76156f06946b5d1bfc62fe0cab3daa14603a8d21eb03a4d266e965b010c265c9a0e093084d262a8c03"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c new file mode 100644 index 000000000..4cc78e383 --- /dev/null +++ b/src/modules/module_13761.c @@ -0,0 +1,325 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 512 bit + boot-mode"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13751; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "c8a5f07efc320ecd797ac2c5b911b0f7ee688f859890dd3fa39b4808eb3113219e2bf1517f46a20feba286a3f3e997c80361132262bc0dacb6e9f7088bec9f5689a0b989ad9d4cc847170422ecd3384c9ee5ccf813fa8fe8ba4d2e6a993c99032337032b83471e9e0aa2531d85481c6d66f3a0d24688e1a17b5e81b3f68736ed05279ac05bcb83bea0c813d807e8c5547f11774c93a0e9de280c1ac5b5f170c0a4b5234f7d0d35a8ec7ec69454607cd35be24428a7be1799beed0ccd6a2af49b920446ebb0cb0bebda4a86c386fcffbb61cb93894ad74819a288c6e5b2e12111011e9f149d165b91f79897f71a96bc17c2b7a5e184147a90e9289d143b597ea98797c560e91b454461d03182f1a6c0bfd2b332829f30f0f18c8253d3194aac7996d4c401a3c1de7b266962a7dd8bc0b071a357121f00bafda835584a119f8fa23306545c413856ad3b2784b8de8ce9377f180baeb0f41590eb603110ff0a82f67349711d6f1b5d707f9c655318af88530962b9127fcf3c73b4d26319a9760cd795cd5ecba203dade9e1c79af14a9e06b9b56ce0af024e6ac582bd3ced1051fb865b55b4b6eaa65789a0c31c04cc4f2fc7b458fda188907f16810f4ce6e12a264cdcb264f1c26533758b92f585a3bbc2cac84731d74e9603d1c43b321ca36b01e5724e0e5558bcba56b57c8d59ded93c12d2664350cf6a048bcfc5d62aa85c590"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_200000 = 200000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) +{ + const tc_t *tc = (const tc_t *) hashes->esalts_buf; + + if (src_len < (int) dst_sz) + { + memcpy (dst_buf, src_buf, src_len); + } + + return execute_keyboard_layout_mapping (dst_buf, src_len, tc->keyboard_layout_mapping_buf, tc->keyboard_layout_mapping_cnt); +} + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = user_options->veracrypt_pim * 2048; + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_200000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = module_build_plain_postprocess; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c new file mode 100644 index 000000000..8cc390c29 --- /dev/null +++ b/src/modules/module_13762.c @@ -0,0 +1,325 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 1024 bit + boot-mode"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13752; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "6bb6eef1af55eb2b2849e1fc9c90c08f705010efa6443581111216b3e145201374bb8e626e4d94a4ce7ecabb11aa57610063fceed38ca9873b0e1194bd12121d2f6b8a71994c5982049c4517ca7178a55b68cee773e06532b46d68810ede1b18783d7bca98bebf1778d14ecc18e0791190402c6a82bf3ec93e715e65997812363cc6e6bcad4f751fce16f37bbc1d6ac1d0a24c5685e85501a7c46d1cd5b04c55c605357906e5957b99230e2e9834a206e6ff48270ddf3c08c39e5c8390b2a7b7e6064719dbac29ef7513ea78c0edf420eb7ac6db684e890c5fcacfb230996f335f48f4472eaa33f3abe59943a8e3bc27ff4c24fd42015fdacd5e2eaf448049b4aa5ef1c038ca853871fc7f2573aace0874cdd1f3e01140803c1ad036b801cc1a54d619064b9b31e70e7e2601fd7b40f67814320c56721e86ddb3c62ec8cb9680ca7d2504b9decf360e32497ace8171dd9602f01db3be1541f659643e1bdc5139815acdf4debf0186707569c9b57c0fd0031ce03a5091d7937bca8f37015fa35af5f44968176164c0b9194f895a2346dacc51f5e3e7be5682ea7860c4b4302a0f22edecc7ccaebb1c824c5ca4ed4c5e674e742a1d55a7d3e732e40f0107ffad1e3876ec909fac58f1ee21ac99de2c8c29272b1df9dd7f724ff497925898506c4f6e2ae81e285239e5260b119af959338340876b5b8fdd6fede67ae37d3c750265"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_200000 = 200000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) +{ + const tc_t *tc = (const tc_t *) hashes->esalts_buf; + + if (src_len < (int) dst_sz) + { + memcpy (dst_buf, src_buf, src_len); + } + + return execute_keyboard_layout_mapping (dst_buf, src_len, tc->keyboard_layout_mapping_buf, tc->keyboard_layout_mapping_cnt); +} + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = user_options->veracrypt_pim * 2048; + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_200000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = module_build_plain_postprocess; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c new file mode 100644 index 000000000..4b3f021d9 --- /dev/null +++ b/src/modules/module_13763.c @@ -0,0 +1,325 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 1536 bit + boot-mode"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13753; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "f95b222552195378a228d932f7df38ca459b6d812899be43944ba2e9bf47967ba35da17bf69cc3f424521983989a66fd3c7865af6dd8ac2aeb82e10c92cae66f62c89b7053d2ba18ee5adcebcf426cc7720f029f7ea5409b3b7182593afbee99f6a3828887d9da6438fafd766589c35c210de60b013d9f816f9a1c8e7e76159347611c3dba00f433aa419dcb9eaf59af6886fccd7d12ae09c2b3d7a8a6102c511e8a34b4c39df8b1938dd5fe037d7087cf2a33b5410df9a6d83d218819b32bc13999c2dd7e96eb740902699ffe5fbaa47270cf1a7e3488198495059e1520ad4ad8beec0c63827286c300555a30febfe29a359d7e364c0b52613d9cff9348152f6871b6210681ab8cfdf24b96c4793c546083197d6e5377a59d7fcab9aa679fddf550ac1ab04249d0d679e8a39ddcca26f9b8b21f7f8b71d64a0ad3d9e3ed9e2e41abd6a9b4ff4d4a7ab29c27882487909fb1118a91de8e2e2d0dea7501a63b7553fd4ff26a5f64964031c9aa3fabbc09e3f58b09ce42bbf3f05afe0f9ea18331c7ba1a887afe307fedc2be93568fe80def12e97d5e129c373814a560573ee6350f59b329352e28137aa31688c499ae1c20b25c91506c520cae56c969790204de1ba46773197fb6a72fd4742712375e89cb5ee41f3ec8b64f3322ba389c947e671b0414e981fe582898af8a5bab09e094f03cb4cab047e7547313a7d1ddba7b70"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct tc_tmp +{ + u32 ipad[16]; + u32 opad[16]; + + u32 dgst[64]; + u32 out[64]; + +} tc_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_200000 = 200000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) +{ + const tc_t *tc = (const tc_t *) hashes->esalts_buf; + + if (src_len < (int) dst_sz) + { + memcpy (dst_buf, src_buf, src_len); + } + + return execute_keyboard_layout_mapping (dst_buf, src_len, tc->keyboard_layout_mapping_buf, tc->keyboard_layout_mapping_cnt); +} + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (tc_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = user_options->veracrypt_pim * 2048; + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_200000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = module_build_plain_postprocess; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13771.c b/src/modules/module_13771.c new file mode 100644 index 000000000..10aa57d4f --- /dev/null +++ b/src/modules/module_13771.c @@ -0,0 +1,316 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_8_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt Streebog-512 + XTS 512 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13771; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP + | OPTI_TYPE_USES_BITS_64; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "444ec71554f0a2989b34bd8a5750ae7b5ed8b1ccdead29120fc030bd5186f312a7fa18ab4f4389d7798e43c073afd1e71dda2052db38dec04a700e8d6b488802ead0cf95d6e6cecc8eaf6464baf94a64acbbd1a86f826333115b6380bda18cf936150efd6ffc2a344bb78b0b4875781a8c5079772429ef50ddf148f35895496d2e39f32ffaf68a007b070b0beaad316c4b3adf43c0c58ad24430a34abf168ed455b64958ca5465cae0684adadc00f7b9c13fc7671b4520892d23aebff49ea92bc15e804cc650dc3bbd5b8f5122051636f0c576977d4b64ba355bf6e6a8e042fc5165f2a8affa51aa12ff718cee4c543976bf565997b4b57c74e79584e317f4bdb3920f2937c4251af87f432bb8ce78dcb30675246f0303db4aaea913c93be5a26d16dbf8d4d20773aa2a4608d2151491ca6593b51965baeaf9b58f78905df522bf88976fe9436a916c8de38d5a6ca7ca7f436e7982a36335a404298304322ebe194bb34e91e8f7ee7c6541679bb0ce9d80bf4431d1c475b1a785e943e57f8e27a4e665940389b6da2771bd27d943955185379f83ca6a124ec55b2b63d4ef2e2ad6ee27de25f959708f3a64facfe07f06e29459a14f02699751d530f258d0c744a759c188de4f9423f2bd21d3d999ea28df4f3a93a2c47a7e788fe43ccbfbe267277b048002da1ef8c1e7b26690230285675a3a8fdc0f2acf46a4cb24141b3ad1"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct vc64_sbog_tmp +{ + u64 ipad_raw[8]; + u64 opad_raw[8]; + + u64 ipad_hash[8]; + u64 opad_hash[8]; + + u64 dgst[32]; + u64 out[32]; + +} vc64_sbog_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (vc64_sbog_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13772.c b/src/modules/module_13772.c new file mode 100644 index 000000000..21543ebf4 --- /dev/null +++ b/src/modules/module_13772.c @@ -0,0 +1,316 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_8_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt Streebog-512 + XTS 1024 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13772; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP + | OPTI_TYPE_USES_BITS_64; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "0f5da0b17c60edcd392058752ec29c389b140b54cd1f94de43dccea703b1fd37936e75a500b7f9d4e94e7f214c4696c051be9697792a856ebf9c0f5a598cf8ba5621e49c7505eba3b4738acdc860b6ed648f52e5b673ae06bb04616de438a090ab19abea11c30984ead06859de9b7aec8e436c40816f67a56cb53d5f125e58c42225315a4bf494da8128f0df924bcf6ad4b91c9efc5cb0be67cb0cd753c392388d780f57aba39197513a191cc684e9ebee41bc901dd99e9a625141cf98e55e8f74d838baea3bf8f411b85c14eff8cddd1720c2539eef7a38a72c4ed9745a05476b6a16bcda2a5391c94b6f499e3bea64ff412d03d060741e938ed3dc905d8bd6dbb2420e9277251ebe3421be389ea8b02782baeb258b9ec7e0732b3817ee6da58209871aee4e16d57a132c6215782364570238157d8a7fdcd29f54ab2295f68d027dc9f2e0c951afad7500cafe3219e6530699918ac55f4fa1141bc3596155b05bae2fdc8b0a5438edeb5bb0cfac592565b20645be90b406a1fd59846957e7539fd8423bfd4c7ae7d608aacb084ae887baa1a83b14afff8d2063565086c66e293234a8667af39642b90a38c3a5bd4fa8a787c60f73882535c9b34cb7b243465dcc32aff29cee0e741ff059c6acd8ddcbdb3cfafecdcd0f45c84dd871be4fbffd5ac2ab9e01898009adcf7d932c37d6568ad875e4d6ea15db29a1e8ba5a4e86bd"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct vc64_sbog_tmp +{ + u64 ipad_raw[8]; + u64 opad_raw[8]; + + u64 ipad_hash[8]; + u64 opad_hash[8]; + + u64 dgst[32]; + u64 out[32]; + +} vc64_sbog_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (vc64_sbog_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13773.c b/src/modules/module_13773.c new file mode 100644 index 000000000..a86065ac4 --- /dev/null +++ b/src/modules/module_13773.c @@ -0,0 +1,316 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "cpu_crc32.h" +#include "keyboard_layout.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_8_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "VeraCrypt Streebog-512 + XTS 1536 bit"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13773; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP + | OPTI_TYPE_USES_BITS_64; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "18d2e8314961850f8fc26d2bc6f896db9c4eee301b5fa7295615166552b2422042c6cf6212187ec9c0234908e7934009c23ceed0c4858a7a4deecbc59b50a303afdc7d583cde1b0c06f0bf56162ef1d6d8df8f194aadcbe395780b3d1d7127faf39910eb10f4805abdd1c3ef7a66972603124a475e2b9224699e60a9e12f4096597f20c5fb0528f590d7bd317e41dc6a2128cf5e58a99803a28c213feb8286350b1d7ab56d43bb52e511f3c860e5002472a4454a549509c8ce0c34f17ece23d5b61aa7c63389c8ca44ed10c2caae03e7ed30b3ef98565926d7e4f3a2a9abf03b278083bed7aaadd78d5bffb7cd45ffae92990c06d9e9f375a77a94226035d1f90e177c46a04dab416dfb7ed7c4ed9ee7e84580bed65c5fee9f4b1545b9a7cf6af533870d393eced609aebe308ec1eee3729da09eb7df7a8d1282b15c4a1b8266a456c06b4ea20c209c549d5d6b58a861f8e15cca3b6cef114accbf470ec76d717f6d7d416d7a32f064ab560c1167f9ef4e93310fbd927b088bffbb0cf5d5c2e271c9cad4c604e489e9983a990b23e1a2f973682fdfe38df385474f73ecdc9bce701d01d627192d3051240f4b96bbdcf2346b275e05aa75add4acb97b286cc00e830fee95d0f86a8b1e315ccb6f3f8642180392b3baac01ed2c97c200489b5e5ca4dcb0a6417e622b6196482a10e640b2b6b08e3f62acac3d45dfc6b88c666205"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct vc64_sbog_tmp +{ + u64 ipad_raw[8]; + u64 opad_raw[8]; + + u64 ipad_hash[8]; + u64 opad_hash[8]; + + u64 dgst[32]; + u64 out[32]; + +} vc64_sbog_tmp_t; + +typedef struct tc +{ + u32 salt_buf[32]; + u32 data_buf[112]; + u32 keyfile_buf[16]; + u32 signature; + + keyboard_layout_mapping_t keyboard_layout_mapping_buf[256]; + int keyboard_layout_mapping_cnt; + +} tc_t; + +static const int ROUNDS_VERACRYPT_500000 = 500000; +static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; + +bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool potfile_disable = true; + + return potfile_disable; +} + +bool module_outfile_check_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool outfile_check_disable = true; + + return outfile_check_disable; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (tc_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (vc64_sbog_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 64 + + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const size_t st_hash_len = strlen (hashconfig->st_hash); + + char *tmpdata = (char *) hcmalloc (st_hash_len / 2); + + for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2) + { + const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j); + + tmpdata[i] = c; + } + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); + + hcfree (tmpdata); + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + // note: if module_hash_binary_parse exists, then module_hash_decode is not called + + FILE *fp = fopen (hashes->hashfile, "rb"); + + if (fp == NULL) return (PARSER_HASH_FILE); + + #define VC_HEADER_SIZE 512 + + char *in = (char *) hcmalloc (VC_HEADER_SIZE); + + const size_t n = hc_fread (in, 1, VC_HEADER_SIZE, fp); + + fclose (fp); + + if (n != VC_HEADER_SIZE) return (PARSER_VC_FILE_SIZE); + + hash_t *hashes_buf = hashes->hashes_buf; + + hash_t *hash = &hashes_buf[0]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, VC_HEADER_SIZE); + + if (parser_status != PARSER_OK) return 0; + + hcfree (in); + + // keyfiles + + tc_t *tc = (tc_t *) hash->esalt; + + if (user_options->veracrypt_keyfiles) + { + char *keyfiles = hcstrdup (user_options->veracrypt_keyfiles); + + char *saveptr = NULL; + + char *keyfile = strtok_r (keyfiles, ",", &saveptr); + + while (keyfile) + { + if (hc_path_read (keyfile)) + { + cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); + } + + keyfile = strtok_r ((char *) NULL, ",", &saveptr); + } + + free (keyfiles); + } + + // keyboard layout mapping + + if (user_options->keyboard_layout_mapping) + { + if (hc_path_read (user_options->keyboard_layout_mapping)) + { + initialize_keyboard_layout_mapping (user_options->keyboard_layout_mapping, tc->keyboard_layout_mapping_buf, &tc->keyboard_layout_mapping_cnt); + } + } + + // veracrypt PIM + + salt_t *salt = hash->salt; + + if (user_options->veracrypt_pim) + { + salt->salt_iter = 15000 + (user_options->veracrypt_pim * 1000); + + salt->salt_iter--; + } + + return 1; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + tc_t *tc = (tc_t *) esalt_buf; + + const float entropy = get_entropy ((const u8 *) line_buf, line_len); + + if (entropy < MIN_SUFFICIENT_ENTROPY_FILE) return (PARSER_INSUFFICIENT_ENTROPY); + + memcpy (tc->salt_buf, line_buf, 64); + + memcpy (tc->data_buf, line_buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + line_buf[0] = 0; + + return 0; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = module_outfile_check_disable; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = module_potfile_disable; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_14900.c b/src/modules/module_14900.c new file mode 100644 index 000000000..070404293 --- /dev/null +++ b/src/modules/module_14900.c @@ -0,0 +1,188 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_CIPHER_KPA; +static const char *HASH_NAME = "Skip32 (PT = $salt, key = $pass)"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 14900; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_GENERATE_LE + | OPTS_TYPE_PT_NEVERCRACK; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat!!!"; +static const char *ST_HASH = "7090b6b9:04223875"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 10; // Skip32 fixed + + return pw_max; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 10; // Skip32 fixed + + return pw_min; +} + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return "?b?b?b?b?bxxxxx"; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 2; + + token.len_min[0] = 8; + token.len_max[0] = 8; + token.sep[0] = hashconfig->separator; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = 8; + token.len_max[1] = 8; + token.sep[1] = hashconfig->separator; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // digest + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u32 ((const u8 *) &hash_pos[0]); + digest[1] = 0; + digest[2] = 0; + digest[3] = 0; + + // salt + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + salt->salt_buf[0] = hex_to_u32 ((const u8 *) &salt_pos[0]); + + salt->salt_len = salt_len / 2; // 4 + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const int line_len = snprintf (line_buf, line_size, "%08x:%08x", byte_swap_32 (digest[0]), byte_swap_32 (salt->salt_buf[0])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_15000.c b/src/modules/module_15000.c new file mode 100644 index 000000000..133e9ade7 --- /dev/null +++ b/src/modules/module_15000.c @@ -0,0 +1,261 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "inc_hash_constants.h" + + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 14; +static const u32 DGST_POS1 = 15; +static const u32 DGST_POS2 = 6; +static const u32 DGST_POS3 = 7; +static const u32 DGST_SIZE = DGST_SIZE_8_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_SERVER; +static const char *HASH_NAME = "FileZilla Server >= 0.9.55"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 15000; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_PRECOMPUTE_MERKLE + | OPTI_TYPE_EARLY_SKIP + | OPTI_TYPE_NOT_ITERATED + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_RAW_HASH; +static const u32 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE; // OPTS_TYPE_ST_ADD80 added within kernel +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "bfa9fe5a404faff8b0d200385e26b783a163e475869336029d3ebaccaf02b5f16e4949279e8a33b942ab647f8f19a83dbe89a6d39dd6d8f84812de7d2e556767:6422386434050716105781561510557063652302782465168686858312232148"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +u32 module_salt_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 salt_min = 64; + + return salt_min; +} + +u32 module_salt_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 salt_max = 64; + + return salt_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u64 *digest = (u64 *) digest_buf; + + token_t token; + + token.token_cnt = 2; + + token.sep[0] = hashconfig->separator; + token.len_min[0] = 128; + token.len_max[0] = 128; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = 64; + token.len_max[1] = 64; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u64 (hash_pos + 0); + digest[1] = hex_to_u64 (hash_pos + 16); + digest[2] = hex_to_u64 (hash_pos + 32); + digest[3] = hex_to_u64 (hash_pos + 48); + digest[4] = hex_to_u64 (hash_pos + 64); + digest[5] = hex_to_u64 (hash_pos + 80); + digest[6] = hex_to_u64 (hash_pos + 96); + digest[7] = hex_to_u64 (hash_pos + 112); + + digest[0] = byte_swap_64 (digest[0]); + digest[1] = byte_swap_64 (digest[1]); + digest[2] = byte_swap_64 (digest[2]); + digest[3] = byte_swap_64 (digest[3]); + digest[4] = byte_swap_64 (digest[4]); + digest[5] = byte_swap_64 (digest[5]); + digest[6] = byte_swap_64 (digest[6]); + digest[7] = byte_swap_64 (digest[7]); + + if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE) + { + digest[0] -= SHA512M_A; + digest[1] -= SHA512M_B; + digest[2] -= SHA512M_C; + digest[3] -= SHA512M_D; + digest[4] -= SHA512M_E; + digest[5] -= SHA512M_F; + digest[6] -= SHA512M_G; + digest[7] -= SHA512M_H; + } + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u64 *digest = (const u64 *) digest_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u64 tmp[8]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + tmp[4] = digest[4]; + tmp[5] = digest[5]; + tmp[6] = digest[6]; + tmp[7] = digest[7]; + + if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE) + { + tmp[0] += SHA512M_A; + tmp[1] += SHA512M_B; + tmp[2] += SHA512M_C; + tmp[3] += SHA512M_D; + tmp[4] += SHA512M_E; + tmp[5] += SHA512M_F; + tmp[6] += SHA512M_G; + tmp[7] += SHA512M_H; + } + + tmp[0] = byte_swap_64 (tmp[0]); + tmp[1] = byte_swap_64 (tmp[1]); + tmp[2] = byte_swap_64 (tmp[2]); + tmp[3] = byte_swap_64 (tmp[3]); + tmp[4] = byte_swap_64 (tmp[4]); + tmp[5] = byte_swap_64 (tmp[5]); + tmp[6] = byte_swap_64 (tmp[6]); + tmp[7] = byte_swap_64 (tmp[7]); + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + u64_to_hex (tmp[0], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[1], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[2], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[3], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[4], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[5], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[6], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[7], out_buf + out_len); out_len += 16; + + out_buf[out_len] = hashconfig->separator; + + out_len += 1; + + memcpy (out_buf + out_len, salt->salt_buf, salt->salt_len); + + out_len += salt->salt_len; + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = module_salt_max; + module_ctx->module_salt_min = module_salt_min; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_15400.c b/src/modules/module_15400.c new file mode 100644 index 000000000..4f461591f --- /dev/null +++ b/src/modules/module_15400.c @@ -0,0 +1,273 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_CIPHER_KPA; +static const char *HASH_NAME = "ChaCha20"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 15400; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_32 + | OPTI_TYPE_RAW_HASH; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$chacha20$*0400000000000003*35*0200000000000001*3961626364656667*8a152c57a7a856a8"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct chacha20 +{ + u32 iv[2]; + u32 plain[2]; + u32 position[2]; + u32 offset; + +} chacha20_t; + +static const char *SIGNATURE_CHACHA20 = "$chacha20$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (chacha20_t); + + return esalt_size; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 32; // ChaCha20 fixed + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 32; // ChaCha20 fixed + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + chacha20_t *chacha20 = (chacha20_t *) esalt_buf; + + token_t token; + + token.token_cnt = 6; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_CHACHA20; + + token.sep[0] = '*'; + token.len_min[0] = 10; + token.len_max[0] = 10; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '*'; + token.len_min[1] = 16; + token.len_max[1] = 16; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = '*'; + token.len_min[2] = 1; + token.len_max[2] = 2; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.sep[3] = '*'; + token.len_min[3] = 16; + token.len_max[3] = 16; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = '*'; + token.len_min[4] = 16; + token.len_max[4] = 16; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = '*'; + token.len_min[5] = 16; + token.len_max[5] = 16; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // offset + + const u8 *offset_marker = token.buf[2]; + + const int offset = strtol ((const char *) offset_marker, NULL, 10); + + if (offset > 63) return (PARSER_SALT_VALUE); + + chacha20->offset = offset; + + // position + + const u8 *position_marker = token.buf[1]; + + chacha20->position[0] = hex_to_u32 ((const u8 *) position_marker + 0); + chacha20->position[1] = hex_to_u32 ((const u8 *) position_marker + 8); + + // iv + + const u8 *iv_marker = token.buf[3]; + + chacha20->iv[0] = hex_to_u32 ((const u8 *) iv_marker + 8); + chacha20->iv[1] = hex_to_u32 ((const u8 *) iv_marker + 0); + + // plain + + const u8 *plain_marker = token.buf[4]; + + chacha20->plain[0] = hex_to_u32 ((const u8 *) plain_marker + 0); + chacha20->plain[1] = hex_to_u32 ((const u8 *) plain_marker + 8); + + /* some fake salt for the sorting mechanisms */ + + salt->salt_buf[0] = chacha20->iv[0]; + salt->salt_buf[1] = chacha20->iv[1]; + salt->salt_buf[2] = chacha20->plain[0]; + salt->salt_buf[3] = chacha20->plain[1]; + salt->salt_buf[4] = chacha20->position[0]; + salt->salt_buf[5] = chacha20->position[1]; + salt->salt_buf[6] = chacha20->offset; + salt->salt_buf[7] = 0; + salt->salt_len = 32; + + /* Store cipher for search mechanism */ + + const u8 *cipher_marker = token.buf[5]; + + digest[0] = hex_to_u32 ((const u8 *) cipher_marker + 8); + digest[1] = hex_to_u32 ((const u8 *) cipher_marker + 0); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const chacha20_t *chacha20 = (const chacha20_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "%s*%08x%08x*%u*%08x%08x*%08x%08x*%08x%08x", + SIGNATURE_CHACHA20, + byte_swap_32 (chacha20->position[0]), + byte_swap_32 (chacha20->position[1]), + chacha20->offset, + byte_swap_32 (chacha20->iv[1]), + byte_swap_32 (chacha20->iv[0]), + byte_swap_32 (chacha20->plain[0]), + byte_swap_32 (chacha20->plain[1]), + digest[1], + digest[0]); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_16000.c b/src/modules/module_16000.c new file mode 100644 index 000000000..5d7ecbd01 --- /dev/null +++ b/src/modules/module_16000.c @@ -0,0 +1,167 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +// TODO: Auto-generated module. Please review and finish. +#if 0 + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; // originally DGST_SIZE_4_; +static const u32 HASH_CATEGORY = HASH_CATEGORY_; +static const char *HASH_NAME = "Tripcode"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 16000; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_NONE; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "pfaRCwDe0U"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 1; + + token.len[0] = 10; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[0]; + + unsigned char c9 = itoa64_to_int (hash_pos[9]); + + if (c9 & 3) return (PARSER_HASH_VALUE); + + u8 add_leading_zero[12]; + + add_leading_zero[0] = '.'; + + memcpy (add_leading_zero + 1, input_buf, 10); + + u8 tmp_buf[100] = { 0 }; + + base64_decode (itoa64_to_int, (const u8 *) add_leading_zero, 11, tmp_buf); + + memcpy (digest, tmp_buf, 8); + + u32 tt; + + IP (digest[0], digest[1], tt); + + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + //TODO +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} + +#endif diff --git a/tools/test_modules/m08500.pm b/tools/test_modules/m08500.pm new file mode 100644 index 000000000..1838885f0 --- /dev/null +++ b/tools/test_modules/m08500.pm @@ -0,0 +1,88 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Convert::EBCDIC qw (ascii2ebcdic); +use Crypt::DES; + +sub module_constraints { [[1, 8], [1, 8], [1, 8], [1, 8], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + + my $hash_buf = racf_hash (uc $salt, $word); + + my $tmp_hash = sprintf ('$racf$*%s*%s', uc $salt, uc $hash_buf); + + return $tmp_hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my @line_elements = split (":", $line); + + return if scalar @line_elements < 2; + + # get hash and word + + my $hash_in = shift @line_elements; + + my $word = join (":", @line_elements); + + # get signature + + my @hash_elements = split ('\*', $hash_in); + + return unless ($hash_elements[0] eq '$racf$'); + + my $salt = $hash_elements[1]; + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt); + + return ($new_hash, $word); +} + +sub racf_hash +{ + my ($username, $password) = @_; + + $username = substr ($username . " " x 8, 0, 8); + $password = substr ($password . " " x 8, 0, 8); + + my $username_ebc = ascii2ebcdic ($username); + my $password_ebc = ascii2ebcdic ($password); + + my @pw = split ("", $password_ebc); + + for (my $i = 0; $i < 8; $i++) + { + $pw[$i] = unpack ("C", $pw[$i]); + $pw[$i] ^= 0x55; + $pw[$i] <<= 1; + $pw[$i] = pack ("C", $pw[$i] & 0xff); + } + + my $key = join ("", @pw); + + my $cipher = new Crypt::DES $key; + + my $ciphertext = $cipher->encrypt ($username_ebc); + + my $ct = unpack ("H16", $ciphertext); + + return $ct; +} + +1; diff --git a/tools/test_modules/m12400.pm b/tools/test_modules/m12400.pm new file mode 100644 index 000000000..7efd8998e --- /dev/null +++ b/tools/test_modules/m12400.pm @@ -0,0 +1,65 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::UnixCrypt_XS qw (crypt_rounds fold_password base64_to_int24 block_to_base64 int24_to_base64); + +sub module_constraints { [[1, 31], [4, 4], [1, 31], [4, 4], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $iter = shift // random_number (1, 5000); + + my $key_value = fold_password ($word); + + my $data = "\x00\x00\x00\x00\x00\x00\x00\x00"; + + my $salt_value = base64_to_int24 ($salt); + + my $hash_buf = crypt_rounds ($key_value, $iter, $salt_value, $data); + + my $tmp_hash = sprintf ("_%s%s%s", int24_to_base64 ($iter), $salt, block_to_base64 ($hash_buf)); + + return $tmp_hash; +} + +sub module_verify_hash +{ + my $line = shift; + + return unless (substr ($line, 0, 1) eq '_'); + + my $index1 = index ($line, ':', 20); + + return if ($index1 != 20); + + # iter + + my $iter = substr ($line, 1, 4); + + $iter = base64_to_int24 ($iter); + + # salt + + my $salt = substr ($line, 5, 4); + + # word / hash + + my $word = substr ($line, $index1 + 1); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt, $iter); + + return ($new_hash, $word); +} + +1;