From e5322c8beeeb6d34b955bd9616d211792712bd67 Mon Sep 17 00:00:00 2001 From: jsteube Date: Tue, 2 Apr 2019 18:39:42 +0200 Subject: [PATCH] Fix --remove handling in -m 16800 and -m 16801 with new outfile format --- include/shared.h | 2 +- src/modules/module_16800.c | 115 ++++++++++++++++++++----------------- src/modules/module_16801.c | 85 ++++++++++++++++++++++----- src/shared.c | 6 +- 4 files changed, 138 insertions(+), 70 deletions(-) diff --git a/include/shared.h b/include/shared.h index 79a68f03c..e22f66654 100644 --- a/include/shared.h +++ b/include/shared.h @@ -38,7 +38,7 @@ char *filename_from_filepath (char *filepath); void naive_replace (char *s, const char key_char, const char replace_char); void naive_escape (char *s, size_t s_max, const char key_char, const char escape_char); -__attribute__ ((format (printf, 2, 3))) void hc_asprintf (char **strp, const char *fmt, ...); +__attribute__ ((format (printf, 2, 3))) int hc_asprintf (char **strp, const char *fmt, ...); void setup_environment_variables (void); void setup_umask (void); diff --git a/src/modules/module_16800.c b/src/modules/module_16800.c index 92ee27486..e3715088c 100644 --- a/src/modules/module_16800.c +++ b/src/modules/module_16800.c @@ -189,6 +189,46 @@ int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return line_len; } +int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, char **buf) +{ + const salt_t *salts_buf = hashes->salts_buf; + const void *esalts_buf = hashes->esalts_buf; + + const salt_t *salt = &salts_buf[salt_pos]; + + const u32 digest_cur = salt->digests_offset + digest_pos; + + const wpa_pmkid_t *wpa_pmkids = (const wpa_pmkid_t *) esalts_buf; + const wpa_pmkid_t *wpa_pmkid = &wpa_pmkids[digest_cur]; + + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa_pmkid->essid_buf, wpa_pmkid->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + const int len = hc_asprintf (buf, "%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s" EOL, + byte_swap_32 (wpa_pmkid->pmkid[0]), + byte_swap_32 (wpa_pmkid->pmkid[1]), + byte_swap_32 (wpa_pmkid->pmkid[2]), + byte_swap_32 (wpa_pmkid->pmkid[3]), + wpa_pmkid->orig_mac_ap[0], + wpa_pmkid->orig_mac_ap[1], + wpa_pmkid->orig_mac_ap[2], + wpa_pmkid->orig_mac_ap[3], + wpa_pmkid->orig_mac_ap[4], + wpa_pmkid->orig_mac_ap[5], + wpa_pmkid->orig_mac_sta[0], + wpa_pmkid->orig_mac_sta[1], + wpa_pmkid->orig_mac_sta[2], + wpa_pmkid->orig_mac_sta[3], + wpa_pmkid->orig_mac_sta[4], + wpa_pmkid->orig_mac_sta[5], + tmp_buf); + + return len; +} + u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) { return KERN_RUN_AUX1; @@ -344,14 +384,9 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *essid_buf = token.buf[3]; const int essid_len = token.len[3]; - u8 *essid_ptr = (u8 *) wpa_pmkid->essid_buf; - - for (int i = 0, j = 0; i < essid_len; i += 2, j += 1) - { - essid_ptr[j] = hex_to_u8 (essid_buf + i); - } + if (essid_len & 1) return (PARSER_SALT_VALUE); - wpa_pmkid->essid_len = essid_len / 2; + wpa_pmkid->essid_len = hex_decode (essid_buf, essid_len, (u8 *) wpa_pmkid->essid_buf); // pmkid_data @@ -397,50 +432,26 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { const wpa_pmkid_t *wpa_pmkid = (const wpa_pmkid_t *) esalt_buf; - int line_len = 0; - - if (wpa_pmkid->essid_len) - { - char tmp_buf[128]; - - exec_hexify ((const u8*) wpa_pmkid->essid_buf, wpa_pmkid->essid_len, (u8 *) tmp_buf); - - int tmp_len = wpa_pmkid->essid_len * 2; - - tmp_buf[tmp_len] = 0; - - line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", - wpa_pmkid->orig_mac_ap[0], - wpa_pmkid->orig_mac_ap[1], - wpa_pmkid->orig_mac_ap[2], - wpa_pmkid->orig_mac_ap[3], - wpa_pmkid->orig_mac_ap[4], - wpa_pmkid->orig_mac_ap[5], - wpa_pmkid->orig_mac_sta[0], - wpa_pmkid->orig_mac_sta[1], - wpa_pmkid->orig_mac_sta[2], - wpa_pmkid->orig_mac_sta[3], - wpa_pmkid->orig_mac_sta[4], - wpa_pmkid->orig_mac_sta[5], - tmp_buf); - } - else - { - line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", - wpa_pmkid->orig_mac_ap[0], - wpa_pmkid->orig_mac_ap[1], - wpa_pmkid->orig_mac_ap[2], - wpa_pmkid->orig_mac_ap[3], - wpa_pmkid->orig_mac_ap[4], - wpa_pmkid->orig_mac_ap[5], - wpa_pmkid->orig_mac_sta[0], - wpa_pmkid->orig_mac_sta[1], - wpa_pmkid->orig_mac_sta[2], - wpa_pmkid->orig_mac_sta[3], - wpa_pmkid->orig_mac_sta[4], - wpa_pmkid->orig_mac_sta[5], - (const u8 *) wpa_pmkid->essid_buf); - } + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa_pmkid->essid_buf, wpa_pmkid->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + const int line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + wpa_pmkid->orig_mac_ap[0], + wpa_pmkid->orig_mac_ap[1], + wpa_pmkid->orig_mac_ap[2], + wpa_pmkid->orig_mac_ap[3], + wpa_pmkid->orig_mac_ap[4], + wpa_pmkid->orig_mac_ap[5], + wpa_pmkid->orig_mac_sta[0], + wpa_pmkid->orig_mac_sta[1], + wpa_pmkid->orig_mac_sta[2], + wpa_pmkid->orig_mac_sta[3], + wpa_pmkid->orig_mac_sta[4], + wpa_pmkid->orig_mac_sta[5], + tmp_buf); return line_len; } @@ -469,7 +480,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_forced_outfile_format = MODULE_DEFAULT; module_ctx->module_hash_binary_count = MODULE_DEFAULT; module_ctx->module_hash_binary_parse = MODULE_DEFAULT; - module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = module_hash_binary_save; module_ctx->module_hash_decode_potfile = module_hash_decode_potfile; module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; module_ctx->module_hash_decode = module_hash_decode; diff --git a/src/modules/module_16801.c b/src/modules/module_16801.c index feee9fb2f..e46691bcf 100644 --- a/src/modules/module_16801.c +++ b/src/modules/module_16801.c @@ -186,6 +186,71 @@ int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return line_len; } +int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, char **buf) +{ + const salt_t *salts_buf = hashes->salts_buf; + const void *esalts_buf = hashes->esalts_buf; + + const salt_t *salt = &salts_buf[salt_pos]; + + const u32 digest_cur = salt->digests_offset + digest_pos; + + const wpa_pmkid_t *wpa_pmkids = (const wpa_pmkid_t *) esalts_buf; + const wpa_pmkid_t *wpa_pmkid = &wpa_pmkids[digest_cur]; + + int len = 0; + + if (wpa_pmkid->essid_len) + { + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa_pmkid->essid_buf, wpa_pmkid->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + len = hc_asprintf (buf, "%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s" EOL, + byte_swap_32 (wpa_pmkid->pmkid[0]), + byte_swap_32 (wpa_pmkid->pmkid[1]), + byte_swap_32 (wpa_pmkid->pmkid[2]), + byte_swap_32 (wpa_pmkid->pmkid[3]), + wpa_pmkid->orig_mac_ap[0], + wpa_pmkid->orig_mac_ap[1], + wpa_pmkid->orig_mac_ap[2], + wpa_pmkid->orig_mac_ap[3], + wpa_pmkid->orig_mac_ap[4], + wpa_pmkid->orig_mac_ap[5], + wpa_pmkid->orig_mac_sta[0], + wpa_pmkid->orig_mac_sta[1], + wpa_pmkid->orig_mac_sta[2], + wpa_pmkid->orig_mac_sta[3], + wpa_pmkid->orig_mac_sta[4], + wpa_pmkid->orig_mac_sta[5], + tmp_buf); + } + else + { + len = hc_asprintf (buf, "%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x" EOL, + byte_swap_32 (wpa_pmkid->pmkid[0]), + byte_swap_32 (wpa_pmkid->pmkid[1]), + byte_swap_32 (wpa_pmkid->pmkid[2]), + byte_swap_32 (wpa_pmkid->pmkid[3]), + wpa_pmkid->orig_mac_ap[0], + wpa_pmkid->orig_mac_ap[1], + wpa_pmkid->orig_mac_ap[2], + wpa_pmkid->orig_mac_ap[3], + wpa_pmkid->orig_mac_ap[4], + wpa_pmkid->orig_mac_ap[5], + wpa_pmkid->orig_mac_sta[0], + wpa_pmkid->orig_mac_sta[1], + wpa_pmkid->orig_mac_sta[2], + wpa_pmkid->orig_mac_sta[3], + wpa_pmkid->orig_mac_sta[4], + wpa_pmkid->orig_mac_sta[5]); + } + + return len; +} + u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) { return KERN_RUN_AUX1; @@ -338,14 +403,9 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *essid_buf = token.buf[3]; const int essid_len = token.len[3]; - u8 *essid_ptr = (u8 *) wpa_pmkid->essid_buf; - - for (int i = 0, j = 0; i < essid_len; i += 2, j += 1) - { - essid_ptr[j] = hex_to_u8 (essid_buf + i); - } + if (essid_len & 1) return (PARSER_SALT_VALUE); - wpa_pmkid->essid_len = essid_len / 2; + wpa_pmkid->essid_len = hex_decode (essid_buf, essid_len, (u8 *) wpa_pmkid->essid_buf); } // pmkid @@ -435,9 +495,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { char tmp_buf[128]; - exec_hexify ((const u8*) wpa_pmkid->essid_buf, wpa_pmkid->essid_len, (u8 *) tmp_buf); - - int tmp_len = wpa_pmkid->essid_len * 2; + const int tmp_len = hex_encode ((const u8 *) wpa_pmkid->essid_buf, wpa_pmkid->essid_len, (u8 *) tmp_buf); tmp_buf[tmp_len] = 0; @@ -458,7 +516,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE } else { - line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x", wpa_pmkid->orig_mac_ap[0], wpa_pmkid->orig_mac_ap[1], wpa_pmkid->orig_mac_ap[2], @@ -470,8 +528,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE wpa_pmkid->orig_mac_sta[2], wpa_pmkid->orig_mac_sta[3], wpa_pmkid->orig_mac_sta[4], - wpa_pmkid->orig_mac_sta[5], - (const u8 *) wpa_pmkid->essid_buf); + wpa_pmkid->orig_mac_sta[5]); } return line_len; @@ -501,7 +558,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_forced_outfile_format = MODULE_DEFAULT; module_ctx->module_hash_binary_count = MODULE_DEFAULT; module_ctx->module_hash_binary_parse = MODULE_DEFAULT; - module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = module_hash_binary_save; module_ctx->module_hash_decode_potfile = module_hash_decode_potfile; module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; module_ctx->module_hash_decode = module_hash_decode; diff --git a/src/shared.c b/src/shared.c index 7beb0e367..b06992862 100644 --- a/src/shared.c +++ b/src/shared.c @@ -229,13 +229,13 @@ void naive_escape (char *s, size_t s_max, const char key_char, const char escape strncpy (s, s_escaped, s_max - 1); } -void hc_asprintf (char **strp, const char *fmt, ...) +int hc_asprintf (char **strp, const char *fmt, ...) { va_list args; va_start (args, fmt); - int rc __attribute__((unused)); - rc = vasprintf (strp, fmt, args); + int rc = vasprintf (strp, fmt, args); va_end (args); + return rc; } #if defined (_WIN)