mirror of
https://github.com/hashcat/hashcat.git
synced 2024-11-22 08:08:10 +00:00
Add a mode to crack mega.nz password-protected links
This commit is contained in:
parent
6716447dfc
commit
f9cc329a3c
420
OpenCL/m33400-pure.cl
Normal file
420
OpenCL/m33400-pure.cl
Normal file
@ -0,0 +1,420 @@
|
||||
/**
|
||||
* Author......: See docs/credits.txt
|
||||
* License.....: MIT
|
||||
*/
|
||||
|
||||
#define NEW_SIMD_CODE
|
||||
|
||||
#ifdef KERNEL_STATIC
|
||||
#include M2S(INCLUDE_PATH/inc_vendor.h)
|
||||
#include M2S(INCLUDE_PATH/inc_types.h)
|
||||
#include M2S(INCLUDE_PATH/inc_platform.cl)
|
||||
#include M2S(INCLUDE_PATH/inc_common.cl)
|
||||
#include M2S(INCLUDE_PATH/inc_simd.cl)
|
||||
#include M2S(INCLUDE_PATH/inc_hash_sha256.cl)
|
||||
#include M2S(INCLUDE_PATH/inc_hash_sha512.cl)
|
||||
#include M2S(INCLUDE_PATH/inc_cipher_aes.cl)
|
||||
#endif
|
||||
|
||||
#define COMPARE_S M2S(INCLUDE_PATH/inc_comp_single.cl)
|
||||
#define COMPARE_M M2S(INCLUDE_PATH/inc_comp_multi.cl)
|
||||
|
||||
typedef struct mega_tmp
|
||||
{
|
||||
u64 ipad[8];
|
||||
u64 opad[8];
|
||||
|
||||
u64 dgst[16];
|
||||
u64 out [16];
|
||||
|
||||
} mega_tmp_t;
|
||||
|
||||
typedef struct mega
|
||||
{
|
||||
u32 hmacced_len;
|
||||
u32 data[80];
|
||||
} mega_t;
|
||||
|
||||
DECLSPEC void hmac_sha512_run_V (PRIVATE_AS u32x *w0, PRIVATE_AS u32x *w1, PRIVATE_AS u32x *w2, PRIVATE_AS u32x *w3, PRIVATE_AS u32x *w4, PRIVATE_AS u32x *w5, PRIVATE_AS u32x *w6, PRIVATE_AS u32x *w7, PRIVATE_AS u64x *ipad, PRIVATE_AS u64x *opad, PRIVATE_AS u64x *digest)
|
||||
{
|
||||
digest[0] = ipad[0];
|
||||
digest[1] = ipad[1];
|
||||
digest[2] = ipad[2];
|
||||
digest[3] = ipad[3];
|
||||
digest[4] = ipad[4];
|
||||
digest[5] = ipad[5];
|
||||
digest[6] = ipad[6];
|
||||
digest[7] = ipad[7];
|
||||
|
||||
sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest);
|
||||
|
||||
w0[0] = h32_from_64 (digest[0]);
|
||||
w0[1] = l32_from_64 (digest[0]);
|
||||
w0[2] = h32_from_64 (digest[1]);
|
||||
w0[3] = l32_from_64 (digest[1]);
|
||||
w1[0] = h32_from_64 (digest[2]);
|
||||
w1[1] = l32_from_64 (digest[2]);
|
||||
w1[2] = h32_from_64 (digest[3]);
|
||||
w1[3] = l32_from_64 (digest[3]);
|
||||
w2[0] = h32_from_64 (digest[4]);
|
||||
w2[1] = l32_from_64 (digest[4]);
|
||||
w2[2] = h32_from_64 (digest[5]);
|
||||
w2[3] = l32_from_64 (digest[5]);
|
||||
w3[0] = h32_from_64 (digest[6]);
|
||||
w3[1] = l32_from_64 (digest[6]);
|
||||
w3[2] = h32_from_64 (digest[7]);
|
||||
w3[3] = l32_from_64 (digest[7]);
|
||||
w4[0] = 0x80000000;
|
||||
w4[1] = 0;
|
||||
w4[2] = 0;
|
||||
w4[3] = 0;
|
||||
w5[0] = 0;
|
||||
w5[1] = 0;
|
||||
w5[2] = 0;
|
||||
w5[3] = 0;
|
||||
w6[0] = 0;
|
||||
w6[1] = 0;
|
||||
w6[2] = 0;
|
||||
w6[3] = 0;
|
||||
w7[0] = 0;
|
||||
w7[1] = 0;
|
||||
w7[2] = 0;
|
||||
w7[3] = (128 + 64) * 8;
|
||||
|
||||
digest[0] = opad[0];
|
||||
digest[1] = opad[1];
|
||||
digest[2] = opad[2];
|
||||
digest[3] = opad[3];
|
||||
digest[4] = opad[4];
|
||||
digest[5] = opad[5];
|
||||
digest[6] = opad[6];
|
||||
digest[7] = opad[7];
|
||||
|
||||
sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest);
|
||||
}
|
||||
|
||||
KERNEL_FQ void m33400_init (KERN_ATTR_TMPS_ESALT (mega_tmp_t, mega_t))
|
||||
{
|
||||
/**
|
||||
* base
|
||||
*/
|
||||
|
||||
const u64 gid = get_global_id (0);
|
||||
|
||||
if (gid >= GID_CNT) return;
|
||||
|
||||
sha512_hmac_ctx_t sha512_hmac_ctx;
|
||||
|
||||
// printf("pwd %08x%08x\n", pws[gid].i[0], pws[gid].i[1]);
|
||||
sha512_hmac_init_global_swap (&sha512_hmac_ctx, pws[gid].i, pws[gid].pw_len);
|
||||
|
||||
tmps[gid].ipad[0] = sha512_hmac_ctx.ipad.h[0];
|
||||
tmps[gid].ipad[1] = sha512_hmac_ctx.ipad.h[1];
|
||||
tmps[gid].ipad[2] = sha512_hmac_ctx.ipad.h[2];
|
||||
tmps[gid].ipad[3] = sha512_hmac_ctx.ipad.h[3];
|
||||
tmps[gid].ipad[4] = sha512_hmac_ctx.ipad.h[4];
|
||||
tmps[gid].ipad[5] = sha512_hmac_ctx.ipad.h[5];
|
||||
tmps[gid].ipad[6] = sha512_hmac_ctx.ipad.h[6];
|
||||
tmps[gid].ipad[7] = sha512_hmac_ctx.ipad.h[7];
|
||||
|
||||
tmps[gid].opad[0] = sha512_hmac_ctx.opad.h[0];
|
||||
tmps[gid].opad[1] = sha512_hmac_ctx.opad.h[1];
|
||||
tmps[gid].opad[2] = sha512_hmac_ctx.opad.h[2];
|
||||
tmps[gid].opad[3] = sha512_hmac_ctx.opad.h[3];
|
||||
tmps[gid].opad[4] = sha512_hmac_ctx.opad.h[4];
|
||||
tmps[gid].opad[5] = sha512_hmac_ctx.opad.h[5];
|
||||
tmps[gid].opad[6] = sha512_hmac_ctx.opad.h[6];
|
||||
tmps[gid].opad[7] = sha512_hmac_ctx.opad.h[7];
|
||||
|
||||
// printf("ipad %016lx\n", tmps[gid].ipad[0]);
|
||||
// printf("opad %016lx\n", tmps[gid].opad[0]);
|
||||
//
|
||||
// printf("salt %08x%08x %08x%08x %08x%08x %08x%08x\n",
|
||||
// salt_bufs[SALT_POS_HOST].salt_buf[0], salt_bufs[SALT_POS_HOST].salt_buf[1], salt_bufs[SALT_POS_HOST].salt_buf[2], salt_bufs[SALT_POS_HOST].salt_buf[3],
|
||||
// salt_bufs[SALT_POS_HOST].salt_buf[4], salt_bufs[SALT_POS_HOST].salt_buf[5], salt_bufs[SALT_POS_HOST].salt_buf[6], salt_bufs[SALT_POS_HOST].salt_buf[7]
|
||||
// );
|
||||
sha512_hmac_update_global(&sha512_hmac_ctx, salt_bufs[SALT_POS_HOST].salt_buf, salt_bufs[SALT_POS_HOST].salt_len);
|
||||
|
||||
for (u32 i = 0, j = 1; i < 8; i += 8, j += 1)
|
||||
{
|
||||
sha512_hmac_ctx_t sha512_hmac_ctx2 = sha512_hmac_ctx;
|
||||
|
||||
u32 w0[4];
|
||||
u32 w1[4];
|
||||
u32 w2[4];
|
||||
u32 w3[4];
|
||||
u32 w4[4];
|
||||
u32 w5[4];
|
||||
u32 w6[4];
|
||||
u32 w7[4];
|
||||
|
||||
w0[0] = j;
|
||||
w0[1] = 0;
|
||||
w0[2] = 0;
|
||||
w0[3] = 0;
|
||||
w1[0] = 0;
|
||||
w1[1] = 0;
|
||||
w1[2] = 0;
|
||||
w1[3] = 0;
|
||||
w2[0] = 0;
|
||||
w2[1] = 0;
|
||||
w2[2] = 0;
|
||||
w2[3] = 0;
|
||||
w3[0] = 0;
|
||||
w3[1] = 0;
|
||||
w3[2] = 0;
|
||||
w3[3] = 0;
|
||||
w4[0] = 0;
|
||||
w4[1] = 0;
|
||||
w4[2] = 0;
|
||||
w4[3] = 0;
|
||||
w5[0] = 0;
|
||||
w5[1] = 0;
|
||||
w5[2] = 0;
|
||||
w5[3] = 0;
|
||||
w6[0] = 0;
|
||||
w6[1] = 0;
|
||||
w6[2] = 0;
|
||||
w6[3] = 0;
|
||||
w7[0] = 0;
|
||||
w7[1] = 0;
|
||||
w7[2] = 0;
|
||||
w7[3] = 0;
|
||||
|
||||
sha512_hmac_update_128 (&sha512_hmac_ctx2, w0, w1, w2, w3, w4, w5, w6, w7, 4);
|
||||
|
||||
sha512_hmac_final (&sha512_hmac_ctx2);
|
||||
|
||||
tmps[gid].dgst[i + 0] = sha512_hmac_ctx2.opad.h[0];
|
||||
tmps[gid].dgst[i + 1] = sha512_hmac_ctx2.opad.h[1];
|
||||
tmps[gid].dgst[i + 2] = sha512_hmac_ctx2.opad.h[2];
|
||||
tmps[gid].dgst[i + 3] = sha512_hmac_ctx2.opad.h[3];
|
||||
tmps[gid].dgst[i + 4] = sha512_hmac_ctx2.opad.h[4];
|
||||
tmps[gid].dgst[i + 5] = sha512_hmac_ctx2.opad.h[5];
|
||||
tmps[gid].dgst[i + 6] = sha512_hmac_ctx2.opad.h[6];
|
||||
tmps[gid].dgst[i + 7] = sha512_hmac_ctx2.opad.h[7];
|
||||
|
||||
tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0];
|
||||
tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1];
|
||||
tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2];
|
||||
tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3];
|
||||
tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4];
|
||||
tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5];
|
||||
tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6];
|
||||
tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7];
|
||||
}
|
||||
|
||||
// printf("out %016lx %016lx %016lx %016lx %016lx %016lx %016lx %016lx\n",
|
||||
// tmps[gid].out[0], tmps[gid].out[1], tmps[gid].out[2], tmps[gid].out[3],
|
||||
// tmps[gid].out[4], tmps[gid].out[5], tmps[gid].out[6], tmps[gid].out[7]
|
||||
// );
|
||||
// printf("dgst %016lx %016lx %016lx %016lx %016lx %016lx %016lx %016lx\n",
|
||||
// tmps[gid].dgst[0], tmps[gid].dgst[1], tmps[gid].dgst[2], tmps[gid].dgst[3],
|
||||
// tmps[gid].dgst[4], tmps[gid].dgst[5], tmps[gid].dgst[6], tmps[gid].dgst[7]
|
||||
// );
|
||||
}
|
||||
|
||||
KERNEL_FQ void m33400_loop (KERN_ATTR_TMPS_ESALT (mega_tmp_t, mega_t))
|
||||
{
|
||||
const u64 gid = get_global_id (0);
|
||||
|
||||
if ((gid * VECT_SIZE) >= GID_CNT) return;
|
||||
|
||||
u64x ipad[8];
|
||||
u64x opad[8];
|
||||
|
||||
ipad[0] = pack64v (tmps, ipad, gid, 0);
|
||||
ipad[1] = pack64v (tmps, ipad, gid, 1);
|
||||
ipad[2] = pack64v (tmps, ipad, gid, 2);
|
||||
ipad[3] = pack64v (tmps, ipad, gid, 3);
|
||||
ipad[4] = pack64v (tmps, ipad, gid, 4);
|
||||
ipad[5] = pack64v (tmps, ipad, gid, 5);
|
||||
ipad[6] = pack64v (tmps, ipad, gid, 6);
|
||||
ipad[7] = pack64v (tmps, ipad, gid, 7);
|
||||
|
||||
opad[0] = pack64v (tmps, opad, gid, 0);
|
||||
opad[1] = pack64v (tmps, opad, gid, 1);
|
||||
opad[2] = pack64v (tmps, opad, gid, 2);
|
||||
opad[3] = pack64v (tmps, opad, gid, 3);
|
||||
opad[4] = pack64v (tmps, opad, gid, 4);
|
||||
opad[5] = pack64v (tmps, opad, gid, 5);
|
||||
opad[6] = pack64v (tmps, opad, gid, 6);
|
||||
opad[7] = pack64v (tmps, opad, gid, 7);
|
||||
|
||||
for (u32 i = 0; i < 8; i += 8)
|
||||
{
|
||||
u64x dgst[8];
|
||||
u64x out[8];
|
||||
|
||||
dgst[0] = pack64v (tmps, dgst, gid, i + 0);
|
||||
dgst[1] = pack64v (tmps, dgst, gid, i + 1);
|
||||
dgst[2] = pack64v (tmps, dgst, gid, i + 2);
|
||||
dgst[3] = pack64v (tmps, dgst, gid, i + 3);
|
||||
dgst[4] = pack64v (tmps, dgst, gid, i + 4);
|
||||
dgst[5] = pack64v (tmps, dgst, gid, i + 5);
|
||||
dgst[6] = pack64v (tmps, dgst, gid, i + 6);
|
||||
dgst[7] = pack64v (tmps, dgst, gid, i + 7);
|
||||
|
||||
out[0] = pack64v (tmps, out, gid, i + 0);
|
||||
out[1] = pack64v (tmps, out, gid, i + 1);
|
||||
out[2] = pack64v (tmps, out, gid, i + 2);
|
||||
out[3] = pack64v (tmps, out, gid, i + 3);
|
||||
out[4] = pack64v (tmps, out, gid, i + 4);
|
||||
out[5] = pack64v (tmps, out, gid, i + 5);
|
||||
out[6] = pack64v (tmps, out, gid, i + 6);
|
||||
out[7] = pack64v (tmps, out, gid, i + 7);
|
||||
|
||||
for (u32 j = 0; j < LOOP_CNT; j++)
|
||||
{
|
||||
u32x w0[4];
|
||||
u32x w1[4];
|
||||
u32x w2[4];
|
||||
u32x w3[4];
|
||||
u32x w4[4];
|
||||
u32x w5[4];
|
||||
u32x w6[4];
|
||||
u32x w7[4];
|
||||
|
||||
w0[0] = h32_from_64 (dgst[0]);
|
||||
w0[1] = l32_from_64 (dgst[0]);
|
||||
w0[2] = h32_from_64 (dgst[1]);
|
||||
w0[3] = l32_from_64 (dgst[1]);
|
||||
w1[0] = h32_from_64 (dgst[2]);
|
||||
w1[1] = l32_from_64 (dgst[2]);
|
||||
w1[2] = h32_from_64 (dgst[3]);
|
||||
w1[3] = l32_from_64 (dgst[3]);
|
||||
w2[0] = h32_from_64 (dgst[4]);
|
||||
w2[1] = l32_from_64 (dgst[4]);
|
||||
w2[2] = h32_from_64 (dgst[5]);
|
||||
w2[3] = l32_from_64 (dgst[5]);
|
||||
w3[0] = h32_from_64 (dgst[6]);
|
||||
w3[1] = l32_from_64 (dgst[6]);
|
||||
w3[2] = h32_from_64 (dgst[7]);
|
||||
w3[3] = l32_from_64 (dgst[7]);
|
||||
w4[0] = 0x80000000;
|
||||
w4[1] = 0;
|
||||
w4[2] = 0;
|
||||
w4[3] = 0;
|
||||
w5[0] = 0;
|
||||
w5[1] = 0;
|
||||
w5[2] = 0;
|
||||
w5[3] = 0;
|
||||
w6[0] = 0;
|
||||
w6[1] = 0;
|
||||
w6[2] = 0;
|
||||
w6[3] = 0;
|
||||
w7[0] = 0;
|
||||
w7[1] = 0;
|
||||
w7[2] = 0;
|
||||
w7[3] = (128 + 64) * 8;
|
||||
|
||||
hmac_sha512_run_V (w0, w1, w2, w3, w4, w5, w6, w7, ipad, opad, dgst);
|
||||
|
||||
out[0] ^= dgst[0];
|
||||
out[1] ^= dgst[1];
|
||||
out[2] ^= dgst[2];
|
||||
out[3] ^= dgst[3];
|
||||
out[4] ^= dgst[4];
|
||||
out[5] ^= dgst[5];
|
||||
out[6] ^= dgst[6];
|
||||
out[7] ^= dgst[7];
|
||||
}
|
||||
|
||||
unpack64v (tmps, dgst, gid, i + 0, dgst[0]);
|
||||
unpack64v (tmps, dgst, gid, i + 1, dgst[1]);
|
||||
unpack64v (tmps, dgst, gid, i + 2, dgst[2]);
|
||||
unpack64v (tmps, dgst, gid, i + 3, dgst[3]);
|
||||
unpack64v (tmps, dgst, gid, i + 4, dgst[4]);
|
||||
unpack64v (tmps, dgst, gid, i + 5, dgst[5]);
|
||||
unpack64v (tmps, dgst, gid, i + 6, dgst[6]);
|
||||
unpack64v (tmps, dgst, gid, i + 7, dgst[7]);
|
||||
|
||||
unpack64v (tmps, out, gid, i + 0, out[0]);
|
||||
unpack64v (tmps, out, gid, i + 1, out[1]);
|
||||
unpack64v (tmps, out, gid, i + 2, out[2]);
|
||||
unpack64v (tmps, out, gid, i + 3, out[3]);
|
||||
unpack64v (tmps, out, gid, i + 4, out[4]);
|
||||
unpack64v (tmps, out, gid, i + 5, out[5]);
|
||||
unpack64v (tmps, out, gid, i + 6, out[6]);
|
||||
unpack64v (tmps, out, gid, i + 7, out[7]);
|
||||
}
|
||||
}
|
||||
|
||||
KERNEL_FQ void m33400_comp (KERN_ATTR_TMPS_ESALT (mega_tmp_t, mega_t))
|
||||
{
|
||||
const u64 gid = get_global_id (0);
|
||||
const u64 lid = get_local_id (0);
|
||||
const u64 lsz = get_local_size (0);
|
||||
|
||||
// printf("out %016lx %016lx %016lx %016lx %016lx %016lx %016lx %016lx\n",
|
||||
// tmps[gid].out[0], tmps[gid].out[1], tmps[gid].out[2], tmps[gid].out[3],
|
||||
// tmps[gid].out[4], tmps[gid].out[5], tmps[gid].out[6], tmps[gid].out[7]
|
||||
// );
|
||||
// printf("dgst %016lx %016lx %016lx %016lx %016lx %016lx %016lx %016lx\n",
|
||||
// tmps[gid].dgst[0], tmps[gid].dgst[1], tmps[gid].dgst[2], tmps[gid].dgst[3],
|
||||
// tmps[gid].dgst[4], tmps[gid].dgst[5], tmps[gid].dgst[6], tmps[gid].dgst[7]
|
||||
// );
|
||||
|
||||
u32 w0[4];
|
||||
u32 w1[4];
|
||||
u32 w2[4];
|
||||
u32 w3[4];
|
||||
|
||||
// the first half of the derived key goes to decrypt the link data_key
|
||||
// the other half goes to the verification HMAC key (what we actually want)
|
||||
w0[0] = h32_from_64_S (tmps[gid].out[4]);
|
||||
w0[1] = l32_from_64_S (tmps[gid].out[4]);
|
||||
w0[2] = h32_from_64_S (tmps[gid].out[5]);
|
||||
w0[3] = l32_from_64_S (tmps[gid].out[5]);
|
||||
w1[0] = h32_from_64_S (tmps[gid].out[6]);
|
||||
w1[1] = l32_from_64_S (tmps[gid].out[6]);
|
||||
w1[2] = h32_from_64_S (tmps[gid].out[7]);
|
||||
w1[3] = l32_from_64_S (tmps[gid].out[7]);
|
||||
w2[0] = 0;
|
||||
w2[1] = 0;
|
||||
w2[2] = 0;
|
||||
w2[3] = 0;
|
||||
w3[0] = 0;
|
||||
w3[1] = 0;
|
||||
w3[2] = 0;
|
||||
w3[3] = 0;
|
||||
|
||||
// printf("hkey %08x%08x %08x%08x %08x%08x %08x%08x\n",
|
||||
// w0[0], w0[1], w0[2], w0[3],
|
||||
// w1[0], w1[1], w1[2], w1[3]
|
||||
// );
|
||||
|
||||
|
||||
sha256_hmac_ctx_t sha256_hmac_ctx;
|
||||
|
||||
sha256_hmac_init_64 (&sha256_hmac_ctx, w0, w1, w2, w3);
|
||||
|
||||
// printf("data ");
|
||||
// for (int i = 0, j = 0; i < esalt_bufs[DIGESTS_OFFSET_HOST].hmacced_len; i += 8, j += 2) {
|
||||
// printf("%08x%08x ", esalt_bufs[DIGESTS_OFFSET_HOST].data[j], esalt_bufs[DIGESTS_OFFSET_HOST].data[j + 1]);
|
||||
// }
|
||||
// printf("\n");
|
||||
sha256_hmac_update_global(&sha256_hmac_ctx, esalt_bufs[DIGESTS_OFFSET_HOST].data, esalt_bufs[DIGESTS_OFFSET_HOST].hmacced_len);
|
||||
|
||||
sha256_hmac_final (&sha256_hmac_ctx);
|
||||
|
||||
// printf("hmac %08x%08x %08x%08x %08x%08x %08x%08x\n",
|
||||
// sha256_hmac_ctx.opad.h[0], sha256_hmac_ctx.opad.h[1], sha256_hmac_ctx.opad.h[2], sha256_hmac_ctx.opad.h[3],
|
||||
// sha256_hmac_ctx.opad.h[4], sha256_hmac_ctx.opad.h[5], sha256_hmac_ctx.opad.h[6], sha256_hmac_ctx.opad.h[7]
|
||||
// );
|
||||
|
||||
/* compare tag */
|
||||
|
||||
const u32 r0 = sha256_hmac_ctx.opad.h[0];
|
||||
const u32 r1 = sha256_hmac_ctx.opad.h[1];
|
||||
const u32 r2 = sha256_hmac_ctx.opad.h[2];
|
||||
const u32 r3 = sha256_hmac_ctx.opad.h[3];
|
||||
|
||||
// verify:
|
||||
|
||||
#define il_pos 0
|
||||
|
||||
#ifdef KERNEL_STATIC
|
||||
#include COMPARE_M
|
||||
#endif
|
||||
}
|
@ -55,6 +55,7 @@
|
||||
- Added hash-mode: md5(sha1($salt.$pass))
|
||||
- Added hash-mode: sha512(sha512($pass).$salt)
|
||||
- Added hash-mode: sha512(sha512_bin($pass).$salt)
|
||||
- Addad hash-mode: mega.nz password-protected link (PBKDF2-HMAC-SHA512)
|
||||
|
||||
##
|
||||
## Features
|
||||
|
@ -480,6 +480,7 @@ NVIDIA GPUs require "NVIDIA Driver" (440.64 or later) and "CUDA Toolkit" (9.0 or
|
||||
- ENCsecurity Datavault (MD5/no keychain)
|
||||
- ENCsecurity Datavault (MD5/keychain)
|
||||
- SecureCRT MasterPassphrase v2
|
||||
- mega.nz password-protected link (PBKDF2-HMAC-SHA512)
|
||||
|
||||
##
|
||||
## Attack-Modes
|
||||
|
295
src/modules/module_33400.c
Normal file
295
src/modules/module_33400.c
Normal file
@ -0,0 +1,295 @@
|
||||
/**
|
||||
* Author......: See docs/credits.txt
|
||||
* License.....: MIT
|
||||
*/
|
||||
|
||||
/*
|
||||
* Implements cracking of a password-protected mega.nz link
|
||||
* The algorithm is described at https://github.com/meganz/webclient/blob/4790e52b1eb1856a47e60b52615ffc58242c2d1c/js/ui/export.js#L1
|
||||
* The module expects the link tag as an input (everything starting with P!)
|
||||
*/
|
||||
|
||||
#include "common.h"
|
||||
#include "types.h"
|
||||
#include "modules.h"
|
||||
#include "bitops.h"
|
||||
#include "convert.h"
|
||||
#include "shared.h"
|
||||
|
||||
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
|
||||
static const u32 DGST_POS0 = 0;
|
||||
static const u32 DGST_POS1 = 1;
|
||||
static const u32 DGST_POS2 = 2;
|
||||
static const u32 DGST_POS3 = 3;
|
||||
static const u32 DGST_SIZE = DGST_SIZE_4_8;
|
||||
// TODO: not sure about this choice
|
||||
static const u32 HASH_CATEGORY = HASH_CATEGORY_APPLICATION_DATABASE;
|
||||
static const char *HASH_NAME = "mega.nz password-protected link (PBKDF2-HMAC-SHA512)";
|
||||
static const u64 KERN_TYPE = 33400;
|
||||
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
|
||||
| OPTI_TYPE_USES_BITS_64
|
||||
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
|
||||
static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE
|
||||
| OPTS_TYPE_PT_GENERATE_LE
|
||||
| OPTS_TYPE_MP_MULTI_DISABLE;
|
||||
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
|
||||
// A fake link generated by the same algorithm. It has a dummy public id (ffffffffffff) and a dummy encrypted key (ffffffffffffffffffffffffffffffff), but the seed is properly random and HMAC is valid.
|
||||
static const char *ST_PASS = "hashcat";
|
||||
static const char *ST_HASH = "P!AgD________U2XVjJi1vxkJgMPf5rkQYUn1H_6WI_sKtiic69mqBKP_____________________O_PDG0Om7BSapL1QoRAgUrz9vzaZmrYnU8t-Au6hteg";
|
||||
|
||||
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
|
||||
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
|
||||
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
|
||||
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
|
||||
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
|
||||
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
|
||||
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
|
||||
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
|
||||
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
|
||||
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
|
||||
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
|
||||
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
|
||||
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
|
||||
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
|
||||
|
||||
typedef struct mega_tmp
|
||||
{
|
||||
u64 ipad[8];
|
||||
u64 opad[8];
|
||||
|
||||
u64 dgst[24];
|
||||
u64 out [24];
|
||||
} mega_tmp_t;
|
||||
|
||||
typedef struct mega
|
||||
{
|
||||
// data that is HMACed, padded with zeroes to the next 16-byte boundary
|
||||
// (because the GPU implementation of HMAC-SHA256 requires that)
|
||||
u32 hmacced_len;
|
||||
u32 data[80];
|
||||
} mega_t;
|
||||
|
||||
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 esalt_size = (const u64) sizeof (mega_t);
|
||||
|
||||
return esalt_size;
|
||||
}
|
||||
|
||||
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 tmp_size = (const u64) sizeof (mega_tmp_t);
|
||||
|
||||
return tmp_size;
|
||||
}
|
||||
|
||||
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
// this overrides the reductions of PW_MAX in case optimized kernel is selected
|
||||
// IOW, even in optimized kernel mode it supports length 256
|
||||
|
||||
const u32 pw_max = PW_MAX;
|
||||
|
||||
return pw_max;
|
||||
}
|
||||
|
||||
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
|
||||
{
|
||||
u32 *digest = (u32 *) digest_buf;
|
||||
|
||||
mega_t *mega = (mega_t *) esalt_buf;
|
||||
|
||||
if (line_buf[0] != 'P' || line_buf[1] != '!') return (PARSER_SIGNATURE_UNMATCHED);
|
||||
|
||||
// the base64-decoded data after the P! is either 88 or 104 bytes, depending on whether it is a folder or a file link
|
||||
u8 decoded_buf[0x100];
|
||||
|
||||
if (line_len > 142) return (PARSER_GLOBAL_LENGTH);
|
||||
const size_t base64_decode_len = base64_decode (base64url_to_int, (u8 *)line_buf + 2, line_len - 2, decoded_buf);
|
||||
/*
|
||||
* An extract from the mega.nz source code:
|
||||
*
|
||||
* In constructing the protected link, the format is as follows:
|
||||
* algorithm || file/folder || public handle || salt || encrypted key || MAC tag
|
||||
*
|
||||
* algorithm = 1 byte - A byte to identify which algorithm was used (for future upgradability), initially is set to 0
|
||||
* file/folder = 1 byte - A byte to identify if the link is a file or folder link (0 = folder, 1 = file)
|
||||
* public handle = 6 bytes - The public folder/file handle
|
||||
* salt = 32 bytes - A 256 bit randomly generated salt
|
||||
* encrypted key = 16 or 32 bytes - The encrypted actual folder or file key (folder key is 16 bytes, file key is 32 bytes)
|
||||
* MAC tag = 32 bytes - The MAC of all the previous data to ensure integrity of the link i.e. calculated as:
|
||||
* HMAC-SHA256(MAC key, (algorithm || file/folder || public handle || salt || encrypted key))
|
||||
*/
|
||||
|
||||
if (base64_decode_len < 88) return (PARSER_GLOBAL_LENGTH);
|
||||
|
||||
// this is the "algorithm" field
|
||||
// we only support version 2 for now
|
||||
if (decoded_buf[0] != 2) return (PARSER_SALT_VALUE);
|
||||
|
||||
// this is the "file/folder" field
|
||||
if (decoded_buf[1] != 0 && decoded_buf[1] != 1) return (PARSER_SALT_VALUE);
|
||||
|
||||
const size_t expected_len = 1 + 1 + 6 + 32 + (decoded_buf[1] == 0 ? 16 : 32) + 32;
|
||||
if (base64_decode_len != expected_len) return (PARSER_GLOBAL_LENGTH);
|
||||
|
||||
|
||||
salt->salt_iter = 100000 - 1;
|
||||
|
||||
// salt
|
||||
|
||||
const u8 *salt_pos = decoded_buf + 8;
|
||||
memcpy(salt->salt_buf, salt_pos, 32);
|
||||
salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]);
|
||||
salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]);
|
||||
salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]);
|
||||
salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]);
|
||||
salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]);
|
||||
salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]);
|
||||
salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]);
|
||||
salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]);
|
||||
salt->salt_len = 32;
|
||||
|
||||
// digest (mac tag)
|
||||
|
||||
const u8 *mac_pos = decoded_buf + 8 + 32 + (decoded_buf[1] == 0 ? 16 : 32);
|
||||
memcpy(digest, mac_pos, 32);
|
||||
digest[0] = byte_swap_32 (digest[0]);
|
||||
digest[1] = byte_swap_32 (digest[1]);
|
||||
digest[2] = byte_swap_32 (digest[2]);
|
||||
digest[3] = byte_swap_32 (digest[3]);
|
||||
digest[4] = byte_swap_32 (digest[4]);
|
||||
digest[5] = byte_swap_32 (digest[5]);
|
||||
digest[6] = byte_swap_32 (digest[6]);
|
||||
digest[7] = byte_swap_32 (digest[7]);
|
||||
|
||||
// data
|
||||
|
||||
// all the data except hmac is hmacced
|
||||
// this is how we determine that the password is correct
|
||||
const u32 hmacced_len = 1 + 1 + 6 + 32 + (decoded_buf[1] == 0 ? 16 : 32);
|
||||
// hmacced data, padded with zeroes to the next 16-byte boundary
|
||||
memset(mega->data, 0, sizeof(mega->data));
|
||||
memcpy(mega->data, decoded_buf, hmacced_len);
|
||||
mega->hmacced_len = hmacced_len;
|
||||
for (size_t i = 0; i < hmacced_len / 4; i++)
|
||||
{
|
||||
mega->data[i] = byte_swap_32 (mega->data[i]);
|
||||
}
|
||||
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
|
||||
{
|
||||
const mega_t *mega = (const mega_t *) esalt_buf;
|
||||
|
||||
const size_t hmacced_len = mega->hmacced_len;
|
||||
const size_t data_len = hmacced_len + 32;
|
||||
|
||||
u32 unswap_buffer [104];
|
||||
for (size_t i = 0; i < hmacced_len / 4; i++)
|
||||
{
|
||||
unswap_buffer[i] = mega->data[i];
|
||||
}
|
||||
// the "data" does not include the HMAC tag, it is stored in the digest
|
||||
// copy it over
|
||||
memcpy(unswap_buffer + hmacced_len / 4, digest_buf, 32);
|
||||
// swap the bytes back
|
||||
for (size_t i = 0; i < data_len / 4; i++)
|
||||
{
|
||||
unswap_buffer[i] = byte_swap_32 (unswap_buffer[i]);
|
||||
}
|
||||
|
||||
char base64_buf [0x100];
|
||||
size_t base64_len = base64_encode(int_to_base64url, (const u8 *) unswap_buffer, data_len, (u8 *)base64_buf);
|
||||
|
||||
// trim the base64 padding
|
||||
while (base64_len > 0 && base64_buf[base64_len - 1] == '=') {
|
||||
base64_buf[base64_len - 1] = '\0';
|
||||
base64_len--;
|
||||
}
|
||||
|
||||
const int line_len = snprintf (line_buf, line_size, "P!%s", base64_buf);
|
||||
return line_len;
|
||||
}
|
||||
|
||||
void module_init (module_ctx_t *module_ctx)
|
||||
{
|
||||
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
|
||||
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
|
||||
|
||||
module_ctx->module_attack_exec = module_attack_exec;
|
||||
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_charset = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
|
||||
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
|
||||
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
|
||||
module_ctx->module_deprecated_notice = MODULE_DEFAULT;
|
||||
module_ctx->module_dgst_pos0 = module_dgst_pos0;
|
||||
module_ctx->module_dgst_pos1 = module_dgst_pos1;
|
||||
module_ctx->module_dgst_pos2 = module_dgst_pos2;
|
||||
module_ctx->module_dgst_pos3 = module_dgst_pos3;
|
||||
module_ctx->module_dgst_size = module_dgst_size;
|
||||
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_esalt_size = module_esalt_size;
|
||||
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
|
||||
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
|
||||
module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT;
|
||||
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode = module_hash_decode;
|
||||
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_encode = module_hash_encode;
|
||||
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_mode = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_category = module_hash_category;
|
||||
module_ctx->module_hash_name = module_hash_name;
|
||||
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
|
||||
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
|
||||
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
|
||||
module_ctx->module_hook12 = MODULE_DEFAULT;
|
||||
module_ctx->module_hook23 = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_size = MODULE_DEFAULT;
|
||||
module_ctx->module_jit_build_options = MODULE_DEFAULT;
|
||||
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kern_type = module_kern_type;
|
||||
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
|
||||
module_ctx->module_opti_type = module_opti_type;
|
||||
module_ctx->module_opts_type = module_opts_type;
|
||||
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
|
||||
module_ctx->module_pwdump_column = MODULE_DEFAULT;
|
||||
module_ctx->module_pw_max = module_pw_max;
|
||||
module_ctx->module_pw_min = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_max = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_min = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_type = module_salt_type;
|
||||
module_ctx->module_separator = MODULE_DEFAULT;
|
||||
module_ctx->module_st_hash = module_st_hash;
|
||||
module_ctx->module_st_pass = module_st_pass;
|
||||
module_ctx->module_tmp_size = module_tmp_size;
|
||||
module_ctx->module_unstable_warning = MODULE_DEFAULT;
|
||||
module_ctx->module_warmup_disable = MODULE_DEFAULT;
|
||||
}
|
Loading…
Reference in New Issue
Block a user