1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-05 23:10:00 +00:00

Electrum Wallet: Added new entropy-based check to test whether the decryption was successful or not

This commit is contained in:
Jens Steube 2021-11-18 11:41:55 +01:00
parent 49a7bb227b
commit eb4b9d8c99
2 changed files with 45 additions and 6 deletions

View File

@ -35,6 +35,9 @@ typedef struct electrum_tmp
} electrum_tmp_t;
#define MIN_ENTROPY 3.0
#define MAX_ENTROPY 6.0
DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w4, u32x *w5, u32x *w6, u32x *w7, u64x *ipad, u64x *opad, u64x *digest)
{
digest[0] = ipad[0];
@ -489,8 +492,8 @@ KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t))
// #define AES_LEN 1024
// in my tests it also worked with only 128 input bytes !
#define AES_LEN 128
#define AES_LEN_DIV_4 32
#define AES_LEN 1024
#define AES_LEN_DIV_4 256
u32 buf_full[AES_LEN_DIV_4];
@ -513,7 +516,11 @@ KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t))
// early reject
if ((buf[0] & 0x0006ffff) != 0x00049c78) return; // allow 0b100 or 0b101 at the end of 3rd byte
// changed: 17.11.2021
// I had not cracked some sample Salt Type 5 wallets with known passwords provided by the owner.
// It was necessary to remove this early rejection and add a new signature
// The decrypted data was this: {"seed_version": ...
//if ((buf[0] & 0x0006ffff) != 0x00049c78) return; // allow 0b100 or 0b101 at the end of 3rd byte
buf[1] ^= iv[1];
buf[2] ^= iv[2];
@ -556,7 +563,6 @@ KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t))
buf_full[j + 3] = buf[3];
}
/*
* zlib inflate/decompress:
*/
@ -572,9 +578,9 @@ KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t))
// output:
#define OUT_SIZE 16
#define OUT_SIZE 1024
u8 tmp[OUT_SIZE];
u8 tmp[OUT_SIZE] = { 0 };
infstream.avail_out = OUT_SIZE;
infstream.next_out = tmp;
@ -593,6 +599,38 @@ KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t))
return;
}
/*
* Check with some strange signature.
* The main problem is that the (invalid) decrypted data processed by zlib often results in random patterns but with low entropy,
* so that a simple entropy check is not sufficient
*/
if (tmp[0] == '{')
{
int qcnt = 0;
int ccnt = 0;
for (int i = 1; i < 1024; i++)
{
if (tmp[i] == '"') qcnt++;
if (tmp[i] == ':') ccnt++;
}
if ((qcnt >= 3) && (ccnt >= 3))
{
const float entropy = hc_get_entropy ((const u32 *) tmp, 256);
if ((entropy >= MIN_ENTROPY) && (entropy <= MAX_ENTROPY))
{
if (hc_atomic_inc (&hashes_shown[DIGESTS_OFFSET]) == 0)
{
mark_hash (plains_buf, d_return_buf, SALT_POS, digests_cnt, 0, DIGESTS_OFFSET + 0, gid, 0, 0, 0);
}
return;
}
}
}
/*
* Verify if decompressed data is either:

View File

@ -36,6 +36,7 @@
- Backend devices: In non -S mode, limit the number of workitems so that no more than 4GB of host memory is required per backend device
- Backend types: The default filter for the device types is now set so that only the GPU is used, except for APPLE, where we set CPU
- Benchmark: Update benchmark_deep.pl with new hash modes added (also new hash modes which were added with v6.2.3)
- Electrum Wallet: Added new entropy-based check to test whether the decryption was successful or not
- Module Optimizers: Added OPTS_TYPE_MAXIMUM_THREADS to deactivate the else branch route in the section to find -T before compilation
- Makefile: Added wildcard include src/modules/module_*.mk directive so that plugin developers can add 3rd party libraries for their plugins
- Rejects: Disabled checking of the minimum and maximum length of the password candidate in attack-mode 9 because they are incompatible