From fc100a852b3c034d037fb419091251af78de5215 Mon Sep 17 00:00:00 2001 From: jsteube Date: Mon, 3 Jul 2017 16:11:57 +0200 Subject: [PATCH] Added hash-mode 2501 = WPA/WPA2 PMK Fixes https://github.com/hashcat/hashcat/issues/1287 Limited hash-mode 2500 to max length 63 Fixes https://github.com/hashcat/hashcat/issues/1286 --- OpenCL/inc_types.cl | 6 + OpenCL/m02501.cl | 463 ++++++++++++++++++++++++++++++++ docs/changes.txt | 6 + docs/readme.txt | 4 +- extra/tab_completion/hashcat.sh | 2 +- include/interface.h | 12 +- src/benchmark.c | 3 +- src/hashes.c | 10 +- src/interface.c | 44 ++- src/opencl.c | 2 +- src/outfile_check.c | 4 +- src/potfile.c | 4 +- src/selftest.c | 2 +- src/status.c | 2 +- src/usage.c | 1 + src/user_options.c | 1 + 16 files changed, 543 insertions(+), 23 deletions(-) create mode 100644 OpenCL/m02501.cl diff --git a/OpenCL/inc_types.cl b/OpenCL/inc_types.cl index f2b2e7042..848e73b86 100644 --- a/OpenCL/inc_types.cl +++ b/OpenCL/inc_types.cl @@ -1153,6 +1153,12 @@ typedef struct wpa_tmp } wpa_tmp_t; +typedef struct wpapmk_tmp +{ + u32 out[8]; + +} wpapmk_tmp_t; + typedef struct bitcoin_wallet_tmp { u64 dgst[8]; diff --git a/OpenCL/m02501.cl b/OpenCL/m02501.cl new file mode 100644 index 000000000..f521e8348 --- /dev/null +++ b/OpenCL/m02501.cl @@ -0,0 +1,463 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#include "inc_vendor.cl" +#include "inc_hash_constants.h" +#include "inc_hash_functions.cl" +#include "inc_types.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_md5.cl" +#include "inc_hash_sha1.cl" + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +inline u8 hex_convert (const u8 c) +{ + return (c & 15) + (c >> 6) * 9; +} + +inline u8 hex_to_u8 (const u8 hex[2]) +{ + u8 v = 0; + + v |= ((u8) hex_convert (hex[1]) << 0); + v |= ((u8) hex_convert (hex[0]) << 4); + + return (v); +} + +__kernel void m02501_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpapmk_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + const u32 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 in[16]; + + in[ 0] = pws[gid].i[ 0]; + in[ 1] = pws[gid].i[ 1]; + in[ 2] = pws[gid].i[ 2]; + in[ 3] = pws[gid].i[ 3]; + in[ 4] = pws[gid].i[ 4]; + in[ 5] = pws[gid].i[ 5]; + in[ 6] = pws[gid].i[ 6]; + in[ 7] = pws[gid].i[ 7]; + in[ 8] = pws[gid].i[ 8]; + in[ 9] = pws[gid].i[ 9]; + in[10] = pws[gid].i[10]; + in[11] = pws[gid].i[11]; + in[12] = pws[gid].i[12]; + in[13] = pws[gid].i[13]; + in[14] = pws[gid].i[14]; + in[15] = pws[gid].i[15]; + + u8 *in_ptr = (u8 *) in; + + u32 out[8]; + + u8 *out_ptr = (u8 *) out; + + for (int i = 0, j = 0; i < 32; i += 1, j += 2) + { + out_ptr[i] = hex_to_u8 (in_ptr + j); + } + + tmps[gid].out[0] = swap32 (out[0]); + tmps[gid].out[1] = swap32 (out[1]); + tmps[gid].out[2] = swap32 (out[2]); + tmps[gid].out[3] = swap32 (out[3]); + tmps[gid].out[4] = swap32 (out[4]); + tmps[gid].out[5] = swap32 (out[5]); + tmps[gid].out[6] = swap32 (out[6]); + tmps[gid].out[7] = swap32 (out[7]); +} + +__kernel void m02501_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpapmk_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + const u32 gid = get_global_id (0); + + if (gid >= gid_max) return; + +} + +__kernel void m02501_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpapmk_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + const u32 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out[8]; + + out[0] = tmps[gid].out[0]; + out[1] = tmps[gid].out[1]; + out[2] = tmps[gid].out[2]; + out[3] = tmps[gid].out[3]; + out[4] = tmps[gid].out[4]; + out[5] = tmps[gid].out[5]; + out[6] = tmps[gid].out[6]; + out[7] = tmps[gid].out[7]; + + const u32 lid = get_local_id (0); + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + __global const wpa_t *wpa = &wpa_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = 0; + pke[26] = 0; + pke[27] = 0; + pke[28] = 0; + pke[29] = 0; + pke[30] = 0; + pke[31] = 0; + + u32 to; + + if (wpa->nonce_compare < 0) + { + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + to = pke[23] << 24 + | pke[24] >> 8; + } + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + u32 t = to; + + t = swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = swap32_S (t); + + if (wpa->nonce_compare < 0) + { + pke[15] = (pke[15] & ~0x000000ff) | (t >> 24); + pke[16] = (pke[16] & ~0xffffff00) | (t << 8); + } + else + { + pke[23] = (pke[23] & ~0x000000ff) | (t >> 24); + pke[24] = (pke[24] & ~0xffffff00) | (t << 8); + } + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = out[0]; + w0[1] = out[1]; + w0[2] = out[2]; + w0[3] = out[3]; + w1[0] = out[4]; + w1[1] = out[5]; + w1[2] = out[6]; + w1[3] = out[7]; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha1_hmac_ctx_t ctx1; + + sha1_hmac_init (&ctx1, w0, w1, w2, w3); + + sha1_hmac_update (&ctx1, pke, 100); + + sha1_hmac_final (&ctx1); + + u32 digest[4]; + + digest[0] = ctx1.opad.h[0]; + digest[1] = ctx1.opad.h[1]; + digest[2] = ctx1.opad.h[2]; + digest[3] = ctx1.opad.h[3]; + + if (wpa->keyver == 1) + { + u32 t0[4]; + u32 t1[4]; + u32 t2[4]; + u32 t3[4]; + + t0[0] = swap32_S (digest[0]); + t0[1] = swap32_S (digest[1]); + t0[2] = swap32_S (digest[2]); + t0[3] = swap32_S (digest[3]); + t1[0] = 0; + t1[1] = 0; + t1[2] = 0; + t1[3] = 0; + t2[0] = 0; + t2[1] = 0; + t2[2] = 0; + t2[3] = 0; + t3[0] = 0; + t3[1] = 0; + t3[2] = 0; + t3[3] = 0; + + md5_hmac_ctx_t ctx2; + + md5_hmac_init (&ctx2, t0, t1, t2, t3); + + md5_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + md5_hmac_final (&ctx2); + + digest[0] = ctx2.opad.h[0]; + digest[1] = ctx2.opad.h[1]; + digest[2] = ctx2.opad.h[2]; + digest[3] = ctx2.opad.h[3]; + } + else + { + u32 t0[4]; + u32 t1[4]; + u32 t2[4]; + u32 t3[4]; + + t0[0] = digest[0]; + t0[1] = digest[1]; + t0[2] = digest[2]; + t0[3] = digest[3]; + t1[0] = 0; + t1[1] = 0; + t1[2] = 0; + t1[3] = 0; + t2[0] = 0; + t2[1] = 0; + t2[2] = 0; + t2[3] = 0; + t3[0] = 0; + t3[1] = 0; + t3[2] = 0; + t3[3] = 0; + + sha1_hmac_ctx_t ctx2; + + sha1_hmac_init (&ctx2, t0, t1, t2, t3); + + sha1_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + sha1_hmac_final (&ctx2); + + digest[0] = ctx2.opad.h[0]; + digest[1] = ctx2.opad.h[1]; + digest[2] = ctx2.opad.h[2]; + digest[3] = ctx2.opad.h[3]; + } + + /** + * final compare + */ + + if ((digest[0] == wpa->keymic[0]) + && (digest[1] == wpa->keymic[1]) + && (digest[2] == wpa->keymic[2]) + && (digest[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0); + } + } + } + + // the same code again, but with BE order for the t++ + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + u32 t = to; + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + if (t == to) continue; // we already had this checked in the LE loop + + if (wpa->nonce_compare < 0) + { + pke[15] = (pke[15] & ~0x000000ff) | (t >> 24); + pke[16] = (pke[16] & ~0xffffff00) | (t << 8); + } + else + { + pke[23] = (pke[23] & ~0x000000ff) | (t >> 24); + pke[24] = (pke[24] & ~0xffffff00) | (t << 8); + } + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = out[0]; + w0[1] = out[1]; + w0[2] = out[2]; + w0[3] = out[3]; + w1[0] = out[4]; + w1[1] = out[5]; + w1[2] = out[6]; + w1[3] = out[7]; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha1_hmac_ctx_t ctx1; + + sha1_hmac_init (&ctx1, w0, w1, w2, w3); + + sha1_hmac_update (&ctx1, pke, 100); + + sha1_hmac_final (&ctx1); + + u32 digest[4]; + + digest[0] = ctx1.opad.h[0]; + digest[1] = ctx1.opad.h[1]; + digest[2] = ctx1.opad.h[2]; + digest[3] = ctx1.opad.h[3]; + + if (wpa->keyver == 1) + { + u32 t0[4]; + u32 t1[4]; + u32 t2[4]; + u32 t3[4]; + + t0[0] = swap32_S (digest[0]); + t0[1] = swap32_S (digest[1]); + t0[2] = swap32_S (digest[2]); + t0[3] = swap32_S (digest[3]); + t1[0] = 0; + t1[1] = 0; + t1[2] = 0; + t1[3] = 0; + t2[0] = 0; + t2[1] = 0; + t2[2] = 0; + t2[3] = 0; + t3[0] = 0; + t3[1] = 0; + t3[2] = 0; + t3[3] = 0; + + md5_hmac_ctx_t ctx2; + + md5_hmac_init (&ctx2, t0, t1, t2, t3); + + md5_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + md5_hmac_final (&ctx2); + + digest[0] = ctx2.opad.h[0]; + digest[1] = ctx2.opad.h[1]; + digest[2] = ctx2.opad.h[2]; + digest[3] = ctx2.opad.h[3]; + } + else + { + u32 t0[4]; + u32 t1[4]; + u32 t2[4]; + u32 t3[4]; + + t0[0] = digest[0]; + t0[1] = digest[1]; + t0[2] = digest[2]; + t0[3] = digest[3]; + t1[0] = 0; + t1[1] = 0; + t1[2] = 0; + t1[3] = 0; + t2[0] = 0; + t2[1] = 0; + t2[2] = 0; + t2[3] = 0; + t3[0] = 0; + t3[1] = 0; + t3[2] = 0; + t3[3] = 0; + + sha1_hmac_ctx_t ctx2; + + sha1_hmac_init (&ctx2, t0, t1, t2, t3); + + sha1_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + sha1_hmac_final (&ctx2); + + digest[0] = ctx2.opad.h[0]; + digest[1] = ctx2.opad.h[1]; + digest[2] = ctx2.opad.h[2]; + digest[3] = ctx2.opad.h[3]; + } + + /** + * final compare + */ + + if ((digest[0] == wpa->keymic[0]) + && (digest[1] == wpa->keymic[1]) + && (digest[2] == wpa->keymic[2]) + && (digest[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0); + } + } + } +} diff --git a/docs/changes.txt b/docs/changes.txt index 5795a73ea..28cab2257 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -1,5 +1,11 @@ * changes v3.6.0 -> xxx: +## +## Algorithms +## + +- Added hash-mode 2501 = WPA/WPA2 PMK + ## ## Features ## diff --git a/docs/readme.txt b/docs/readme.txt index 595e4e5cc..b2d011f59 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -133,8 +133,8 @@ NVIDIA GPUs require "NVIDIA Driver" (367.x or later) - MySQL CRAM (SHA1) - PostgreSQL CRAM (MD5) - SIP digest authentication (MD5) -- WPA -- WPA2 +- WPA/WPA2 +- WPA/WPA2 PMK - NetNTLMv1 - NetNTLMv1+ESS - NetNTLMv2 diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index f805fbcac..94c3367f7 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -176,7 +176,7 @@ _hashcat () { local VERSION=3.6.0 - local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700" + local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2501 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700" local ATTACK_MODES="0 1 3 6 7" local HCCAPX_MESSAGE_PAIR="0 1 2 3 4 5" local OUTFILE_FORMATS="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15" diff --git a/include/interface.h b/include/interface.h index 130010ed6..3712a2b8e 100644 --- a/include/interface.h +++ b/include/interface.h @@ -551,6 +551,12 @@ typedef struct wpa_tmp } wpa_tmp_t; +typedef struct wpapmk_tmp +{ + u32 out[8]; + +} wpapmk_tmp_t; + typedef struct bitcoin_wallet_tmp { u64 dgst[8]; @@ -1062,8 +1068,6 @@ typedef enum display_len DISPLAY_LEN_MAX_2410 = 16 + 1 + 16, DISPLAY_LEN_MIN_2410H = 16 + 1 + 0, DISPLAY_LEN_MAX_2410H = 16 + 1 + 32, - DISPLAY_LEN_MIN_2500 = 64 + 1 + 0, - DISPLAY_LEN_MAX_2500 = 64 + 1 + 15, DISPLAY_LEN_MIN_2600 = 32, DISPLAY_LEN_MAX_2600 = 32, DISPLAY_LEN_MIN_3000 = 16, @@ -1476,6 +1480,7 @@ typedef enum kern_type KERN_TYPE_MD5PIX = 2400, KERN_TYPE_MD5ASA = 2410, KERN_TYPE_WPA = 2500, + KERN_TYPE_WPAPMK = 2501, KERN_TYPE_MD55 = 2600, KERN_TYPE_MD55_PWSLT1 = 2610, KERN_TYPE_MD55_PWSLT2 = 2710, @@ -1632,7 +1637,8 @@ typedef enum rounds_count { ROUNDS_PHPASS = (1 << 11), // $P$B ROUNDS_DCC2 = 10240, - ROUNDS_WPA2 = 4096, + ROUNDS_WPA = 4096, + ROUNDS_WPAPMK = 1, ROUNDS_BCRYPT = (1 << 5), ROUNDS_PSAFE3 = 2048, ROUNDS_ANDROIDPIN = 1024, diff --git a/src/benchmark.c b/src/benchmark.c index 2d9421882..87384e28a 100644 --- a/src/benchmark.c +++ b/src/benchmark.c @@ -6,7 +6,7 @@ #include "common.h" #include "benchmark.h" -const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_CNT = 154; +const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_CNT = 155; const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] = { @@ -35,6 +35,7 @@ const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] = 12100, 23, 2500, + 2501, 5300, 5400, 5500, diff --git a/src/hashes.c b/src/hashes.c index fabe68eb4..16a7d6cb5 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -165,7 +165,7 @@ int save_hash (hashcat_ctx_t *hashcat_ctx) if (hashconfig->opts_type & OPTS_TYPE_BINARY_HASHFILE) { - if (hashconfig->hash_mode == 2500) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { hccapx_t hccapx; @@ -467,7 +467,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) if (hashlist_mode == HL_MODE_ARG) { - if (hashconfig->hash_mode == 2500) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { hc_stat_t st; @@ -734,7 +734,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) int parser_status = PARSER_OK; - if (hashconfig->hash_mode == 2500) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { hashlist_mode = HL_MODE_FILE; @@ -773,7 +773,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) { memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size); - if (user_options->hash_mode == 2500) + if ((user_options->hash_mode == 2500) || (user_options->hash_mode == 2501)) { wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt; @@ -1556,7 +1556,7 @@ int hashes_init_selftest (hashcat_ctx_t *hashcat_ctx) int parser_status; - if (hashconfig->hash_mode == 2500) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { char *tmpdata = (char *) hcmalloc (sizeof (hccapx_t)); diff --git a/src/interface.c b/src/interface.c index 9c49ca6fb..d92b14c90 100644 --- a/src/interface.c +++ b/src/interface.c @@ -26,6 +26,7 @@ static char ST_PASS_HASHCAT_EXCL[] = "hashcat!"; static char ST_PASS_HASHCAT_EXCL3[] = "hashcat!!!"; static char ST_PASS_HASHCAT_ONE[] = "hashcat1"; static char ST_PASS_HASHCAT_ONET3[] = "hashcat1hashcat1hashcat1"; +static char ST_PASS_HEX_02501[] = "d57c2900bd83d5098003bf803ad7e204260a84ac164f12e03552d92280a6943e"; static char ST_PASS_BIN_09710[] = "\x91\xb2\xe0\x62\xb9"; static char ST_PASS_BIN_09810[] = "\xb8\xf6\x36\x19\xca"; static char ST_PASS_BIN_10410[] = "\x6a\x8a\xed\xcc\xb7"; @@ -105,6 +106,7 @@ static char ST_HASH_01800[] = "$6$72820166$U4DVzpcYxgw7MVVDGGvB2/H5lRistD5.Ah4up static char ST_HASH_02100[] = "$DCC2$10240#6848#e2829c8af2232fa53797e2f0e35e4626"; static char ST_HASH_02400[] = "dRRVnUmUHXOTt9nk"; static char ST_HASH_02500[] = "4843505804000000000235380000000000000000000000000000000000000000000000000000000000000151aecc428f182acefbd1a9e62d369a079265784da83ba4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b823a1cd402aed449cced04f552c5b5acfebf06ae96a09c96d9a01c443a17aa62258c4f651a68aa67b0001030077fe010900200000000000000001a4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b8230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f20200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; +static char ST_HASH_02501[] = "48435058040000000013303638353333303430353632363637323238330000000000000000000000000002aa8c03531d05376358e25a5248ba2b45e2a2c5d4cf88d71258a797ac501653bbbb4512d8f1ab32584641df9e40e098c5df48acc3baa9ba60ea99968f9377d8a596d33fd762366677b37683fc00693899edc9569c284cbe15c570f56379000103007501010a00000000000000000001d71258a797ac501653bbbb4512d8f1ab32584641df9e40e098c5df48acc3baa9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; static char ST_HASH_02410[] = "YjDBNr.A0AN7DA8s:4684"; static char ST_HASH_02600[] = "a936af92b0ae20b1ff6c3347a72e5fbe"; static char ST_HASH_02611[] = "28f9975808ae2bdc5847b1cda26033ea:308"; @@ -365,6 +367,7 @@ static const char HT_02100[] = "Domain Cached Credentials 2 (DCC2), MS Cache 2"; static const char HT_02400[] = "Cisco-PIX MD5"; static const char HT_02410[] = "Cisco-ASA MD5"; static const char HT_02500[] = "WPA/WPA2"; +static const char HT_02501[] = "WPA/WPA2 PMK"; static const char HT_02600[] = "md5(md5($pass))"; static const char HT_03000[] = "LM"; static const char HT_03100[] = "Oracle H: Type (Oracle 7+)"; @@ -3304,7 +3307,7 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED salt->salt_len = salt_len; - salt->salt_iter = ROUNDS_WPA2 - 1; + salt->salt_iter = ROUNDS_WPA - 1; memcpy (wpa->essid, in.essid, in.essid_len); @@ -15910,6 +15913,7 @@ char *strhashtype (const u32 hash_mode) case 2400: return ((char *) HT_02400); case 2410: return ((char *) HT_02410); case 2500: return ((char *) HT_02500); + case 2501: return ((char *) HT_02501); case 2600: return ((char *) HT_02600); case 2611: return ((char *) HT_02611); case 2612: return ((char *) HT_02612); @@ -16947,7 +16951,7 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le out_buf[16] = 0; } - else if (hash_mode == 2500) + else if ((hash_mode == 2500) || (hash_mode == 2501)) { wpa_t *wpas = (wpa_t *) esalts_buf; @@ -21258,6 +21262,24 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_EXCL; break; + case 2501: hashconfig->hash_type = HASH_TYPE_WPA; + hashconfig->salt_type = SALT_TYPE_EMBEDDED; + hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_BINARY_HASHFILE; + hashconfig->kern_type = KERN_TYPE_WPAPMK; + hashconfig->dgst_size = DGST_SIZE_4_4; + hashconfig->parse_func = wpa_parse_hash; + hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; + hashconfig->dgst_pos0 = 0; + hashconfig->dgst_pos1 = 1; + hashconfig->dgst_pos2 = 2; + hashconfig->dgst_pos3 = 3; + hashconfig->st_hash = ST_HASH_02501; + hashconfig->st_pass = ST_PASS_HEX_02501; + break; + case 2600: hashconfig->hash_type = HASH_TYPE_MD5; hashconfig->salt_type = SALT_TYPE_VIRTUAL; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -24322,6 +24344,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) { case 600: hashconfig->esalt_size = sizeof (blake2_t); break; case 2500: hashconfig->esalt_size = sizeof (wpa_t); break; + case 2501: hashconfig->esalt_size = sizeof (wpa_t); break; case 5300: hashconfig->esalt_size = sizeof (ikepsk_t); break; case 5400: hashconfig->esalt_size = sizeof (ikepsk_t); break; case 5500: hashconfig->esalt_size = sizeof (netntlm_t); break; @@ -24426,6 +24449,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 1800: hashconfig->tmp_size = sizeof (sha512crypt_tmp_t); break; case 2100: hashconfig->tmp_size = sizeof (dcc2_tmp_t); break; case 2500: hashconfig->tmp_size = sizeof (wpa_tmp_t); break; + case 2501: hashconfig->tmp_size = sizeof (wpapmk_tmp_t); break; case 3200: hashconfig->tmp_size = sizeof (bcrypt_tmp_t); break; case 5200: hashconfig->tmp_size = sizeof (pwsafe3_tmp_t); break; case 5800: hashconfig->tmp_size = sizeof (androidpin_tmp_t); break; @@ -24526,6 +24550,8 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) { case 2500: hashconfig->pw_min = 8; // WPA min break; + case 2501: hashconfig->pw_min = 64; // WPA PMK min + break; case 9710: hashconfig->pw_min = 5; // RC4-40 min break; case 9810: hashconfig->pw_min = 5; // RC4-40 min @@ -24612,7 +24638,9 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) break; case 2100: hashconfig->pw_max = 64; // PBKDF2-HMAC-SHA1 max break; - case 2500: hashconfig->pw_max = 64; // PBKDF2-HMAC-SHA1 max + case 2500: hashconfig->pw_max = 63; // WPA max + break; + case 2501: hashconfig->pw_max = 64; // WPA PMK max break; case 3000: hashconfig->pw_max = 7; // LM half max break; @@ -24848,6 +24876,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo break; case 2500: memcpy (salt->salt_buf, "hashcat.net", 11); break; + case 2501: memcpy (salt->salt_buf, "hashcat.net", 11); + break; case 3100: salt->salt_len = 1; break; case 5000: salt->keccak_mdlen = 32; @@ -24931,6 +24961,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo { case 2500: ((wpa_t *) esalt)->eapol_len = 128; break; + case 2501: ((wpa_t *) esalt)->eapol_len = 128; + break; case 5300: ((ikepsk_t *) esalt)->nr_len = 1; ((ikepsk_t *) esalt)->msg_len = 1; break; @@ -25016,7 +25048,9 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo break; case 2100: salt->salt_iter = ROUNDS_DCC2; break; - case 2500: salt->salt_iter = ROUNDS_WPA2; + case 2500: salt->salt_iter = ROUNDS_WPA; + break; + case 2501: salt->salt_iter = ROUNDS_WPAPMK; break; case 3200: salt->salt_iter = ROUNDS_BCRYPT; break; @@ -25200,6 +25234,8 @@ const char *hashconfig_benchmark_mask (hashcat_ctx_t *hashcat_ctx) { case 2500: mask = "?a?a?a?a?a?a?a?a"; break; + case 2501: mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; + break; case 9710: mask = "?b?b?b?b?b"; break; case 9810: mask = "?b?b?b?b?b"; diff --git a/src/opencl.c b/src/opencl.c index f1fd75da4..b700b0b63 100644 --- a/src/opencl.c +++ b/src/opencl.c @@ -1350,7 +1350,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, { u32 loops_cnt = 1; - if (hashconfig->hash_mode == 2500) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { loops_cnt = hashes->salts_buf[salt_pos].digests_cnt; } diff --git a/src/outfile_check.c b/src/outfile_check.c index 009b17e4d..1cfa5ee52 100644 --- a/src/outfile_check.c +++ b/src/outfile_check.c @@ -179,7 +179,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx) int parser_status = PARSER_OK; - if ((hash_mode != 2500) && (hash_mode != 6800)) + if ((hash_mode != 2500) && (hash_mode != 2501) && (hash_mode != 6800)) { parser_status = hashconfig->parse_func ((u8 *) line_buf, line_len - 1, &hash_buf, hashconfig); } @@ -209,7 +209,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx) cracked = (memcmp (line_buf, salt_buf->salt_buf, salt_buf->salt_len) == 0); } } - else if (hash_mode == 2500) + else if ((hash_mode == 2500) || (hash_mode == 2501)) { // this comparison is a bit inaccurate as we compare only ESSID // call it a bug, but it's good enough for a special case used in a special case diff --git a/src/potfile.c b/src/potfile.c index 00be82cad..1c7ec4fcb 100644 --- a/src/potfile.c +++ b/src/potfile.c @@ -449,7 +449,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx) found = (hash_t *) bsearch (&hash_buf, hashes_buf, hashes_cnt, sizeof (hash_t), sort_by_hash_t_salt); } } - else if (hashconfig->hash_mode == 2500) + else if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { // here we have in line_hash_buf: hash:macap:macsta:essid:password @@ -483,7 +483,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx) memcpy (hash_buf.salt->salt_buf, essid_pos, essid_len); hash_buf.salt->salt_len = essid_len; - hash_buf.salt->salt_iter = ROUNDS_WPA2 - 1; + hash_buf.salt->salt_iter = ROUNDS_WPA - 1; u32 hash[4]; diff --git a/src/selftest.c b/src/selftest.c index c6f9e9896..34b9bbce5 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -412,7 +412,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param if (CL_rc == -1) return -1; } - if (hashconfig->hash_mode == 2500) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { device_param->kernel_params_buf32[28] = 0; device_param->kernel_params_buf32[29] = 1; diff --git a/src/status.c b/src/status.c index f7af5c5f4..548b47fe8 100644 --- a/src/status.c +++ b/src/status.c @@ -249,7 +249,7 @@ const char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx) if (hashes->digests_cnt == 1) { - if (hashconfig->hash_mode == 2500) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { char *tmp_buf = (char *) malloc (HCBUFSIZ_TINY); diff --git a/src/usage.c b/src/usage.c index c71ce51ba..e9affcd68 100644 --- a/src/usage.c +++ b/src/usage.c @@ -183,6 +183,7 @@ static const char *USAGE_BIG[] = " 12100 | PBKDF2-HMAC-SHA512 | Generic KDF", " 23 | Skype | Network Protocols", " 2500 | WPA/WPA2 | Network Protocols", + " 2501 | WPA/WPA2 PMK | Network Protocols", " 4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocols", " 5300 | IKE-PSK MD5 | Network Protocols", " 5400 | IKE-PSK SHA1 | Network Protocols", diff --git a/src/user_options.c b/src/user_options.c index 5dc5a20bd..90c375c37 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -512,6 +512,7 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) if (user_options->username == true) { if ((user_options->hash_mode == 2500) + || (user_options->hash_mode == 2501) || (user_options->hash_mode == 5200) || ((user_options->hash_mode >= 6200) && (user_options->hash_mode <= 6299)) || ((user_options->hash_mode >= 13700) && (user_options->hash_mode <= 13799))