From c4bb788ad5cda4f656680f67e3caa0c84a57d175 Mon Sep 17 00:00:00 2001 From: its5Q Date: Thu, 22 Feb 2024 03:39:05 +1000 Subject: [PATCH 1/6] Add hashmodes 26620 and 26630 with dynamic iteration count --- OpenCL/m26620-pure.cl | 375 +++++++++++++++++++++++++++++++++ OpenCL/m26630-pure.cl | 413 ++++++++++++++++++++++++++++++++++++ src/modules/module_26620.c | 415 +++++++++++++++++++++++++++++++++++++ src/modules/module_26630.c | 395 +++++++++++++++++++++++++++++++++++ tools/metamask2hashcat.py | 16 +- 5 files changed, 1612 insertions(+), 2 deletions(-) create mode 100644 OpenCL/m26620-pure.cl create mode 100644 OpenCL/m26630-pure.cl create mode 100644 src/modules/module_26620.c create mode 100644 src/modules/module_26630.c mode change 100755 => 100644 tools/metamask2hashcat.py diff --git a/OpenCL/m26620-pure.cl b/OpenCL/m26620-pure.cl new file mode 100644 index 000000000..26ad55595 --- /dev/null +++ b/OpenCL/m26620-pure.cl @@ -0,0 +1,375 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_simd.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_cipher_aes.cl) +#include M2S(INCLUDE_PATH/inc_cipher_aes-gcm.cl) +#endif + +#define COMPARE_S M2S(INCLUDE_PATH/inc_comp_single.cl) +#define COMPARE_M M2S(INCLUDE_PATH/inc_comp_multi.cl) + +typedef struct pbkdf2_sha256_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[32]; + u32 out[32]; + +} pbkdf2_sha256_tmp_t; + +typedef struct pbkdf2_sha256_aes_gcm +{ + u32 salt_buf[64]; + u32 iv_buf[4]; + u32 iv_len; + u32 ct_buf[784]; + u32 ct_len; + +} pbkdf2_sha256_aes_gcm_t; + +DECLSPEC void hmac_sha256_run_V (PRIVATE_AS u32x *w0, PRIVATE_AS u32x *w1, PRIVATE_AS u32x *w2, PRIVATE_AS u32x *w3, PRIVATE_AS u32x *ipad, PRIVATE_AS u32x *opad, PRIVATE_AS u32x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha256_transform_vector (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha256_transform_vector (w0, w1, w2, w3, digest); +} + +KERNEL_FQ void m26620_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + sha256_hmac_ctx_t sha256_hmac_ctx; + + sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4]; + tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5]; + tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6]; + tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7]; + + tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4]; + tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5]; + tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6]; + tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7]; + + sha256_hmac_update_global_swap (&sha256_hmac_ctx, esalt_bufs[DIGESTS_OFFSET_HOST].salt_buf, salt_bufs[SALT_POS_HOST].salt_len); + + for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) + { + sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = j; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); + + sha256_hmac_final (&sha256_hmac_ctx2); + + tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0]; + tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1]; + tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2]; + tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3]; + tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4]; + tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5]; + tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6]; + tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7]; + + tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; + tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; + tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; + tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; + tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; + tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5]; + tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6]; + tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7]; + } +} + +KERNEL_FQ void m26620_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= GID_CNT) return; + + u32x ipad[8]; + u32x opad[8]; + + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); + ipad[5] = packv (tmps, ipad, gid, 5); + ipad[6] = packv (tmps, ipad, gid, 6); + ipad[7] = packv (tmps, ipad, gid, 7); + + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); + opad[5] = packv (tmps, opad, gid, 5); + opad[6] = packv (tmps, opad, gid, 6); + opad[7] = packv (tmps, opad, gid, 7); + + for (u32 i = 0; i < 8; i += 8) + { + u32x dgst[8]; + u32x out[8]; + + dgst[0] = packv (tmps, dgst, gid, i + 0); + dgst[1] = packv (tmps, dgst, gid, i + 1); + dgst[2] = packv (tmps, dgst, gid, i + 2); + dgst[3] = packv (tmps, dgst, gid, i + 3); + dgst[4] = packv (tmps, dgst, gid, i + 4); + dgst[5] = packv (tmps, dgst, gid, i + 5); + dgst[6] = packv (tmps, dgst, gid, i + 6); + dgst[7] = packv (tmps, dgst, gid, i + 7); + + out[0] = packv (tmps, out, gid, i + 0); + out[1] = packv (tmps, out, gid, i + 1); + out[2] = packv (tmps, out, gid, i + 2); + out[3] = packv (tmps, out, gid, i + 3); + out[4] = packv (tmps, out, gid, i + 4); + out[5] = packv (tmps, out, gid, i + 5); + out[6] = packv (tmps, out, gid, i + 6); + out[7] = packv (tmps, out, gid, i + 7); + + for (u32 j = 0; j < LOOP_CNT; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = dgst[0]; + w0[1] = dgst[1]; + w0[2] = dgst[2]; + w0[3] = dgst[3]; + w1[0] = dgst[4]; + w1[1] = dgst[5]; + w1[2] = dgst[6]; + w1[3] = dgst[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; + } + + unpackv (tmps, dgst, gid, i + 0, dgst[0]); + unpackv (tmps, dgst, gid, i + 1, dgst[1]); + unpackv (tmps, dgst, gid, i + 2, dgst[2]); + unpackv (tmps, dgst, gid, i + 3, dgst[3]); + unpackv (tmps, dgst, gid, i + 4, dgst[4]); + unpackv (tmps, dgst, gid, i + 5, dgst[5]); + unpackv (tmps, dgst, gid, i + 6, dgst[6]); + unpackv (tmps, dgst, gid, i + 7, dgst[7]); + + unpackv (tmps, out, gid, i + 0, out[0]); + unpackv (tmps, out, gid, i + 1, out[1]); + unpackv (tmps, out, gid, i + 2, out[2]); + unpackv (tmps, out, gid, i + 3, out[3]); + unpackv (tmps, out, gid, i + 4, out[4]); + unpackv (tmps, out, gid, i + 5, out[5]); + unpackv (tmps, out, gid, i + 6, out[6]); + unpackv (tmps, out, gid, i + 7, out[7]); + } +} + +KERNEL_FQ void m26620_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= GID_CNT) return; + + // keys + + u32 ukey[8]; + + ukey[0] = tmps[gid].out[0]; + ukey[1] = tmps[gid].out[1]; + ukey[2] = tmps[gid].out[2]; + ukey[3] = tmps[gid].out[3]; + ukey[4] = tmps[gid].out[4]; + ukey[5] = tmps[gid].out[5]; + ukey[6] = tmps[gid].out[6]; + ukey[7] = tmps[gid].out[7]; + + u32 key_len = 32 * 8; + + u32 key[60] = { 0 }; + u32 subKey[4] = { 0 }; + + AES_GCM_Init (ukey, key_len, key, subKey, s_te0, s_te1, s_te2, s_te3, s_te4); + + // iv + + u32 iv[4]; + + iv[0] = esalt_bufs[DIGESTS_OFFSET_HOST].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET_HOST].iv_buf[1]; + iv[2] = esalt_bufs[DIGESTS_OFFSET_HOST].iv_buf[2]; + iv[3] = esalt_bufs[DIGESTS_OFFSET_HOST].iv_buf[3]; + + const u32 iv_len = esalt_bufs[DIGESTS_OFFSET_HOST].iv_len; + + u32 J0[4] = { 0 }; + + AES_GCM_Prepare_J0 (iv, iv_len, subKey, J0); + + // ct + + u32 T[4] = { 0 }; + u32 S[4] = { 0 }; + + u32 S_len = 16; + u32 aad_buf[4] = { 0 }; + u32 aad_len = 0; + + AES_GCM_GHASH_GLOBAL (subKey, aad_buf, aad_len, esalt_bufs[DIGESTS_OFFSET_HOST].ct_buf, esalt_bufs[DIGESTS_OFFSET_HOST].ct_len, S); + + AES_GCM_GCTR (key, J0, S, S_len, T, s_te0, s_te1, s_te2, s_te3, s_te4); + + /* compare tag */ + + const u32 r0 = T[0]; + const u32 r1 = T[1]; + const u32 r2 = T[2]; + const u32 r3 = T[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/OpenCL/m26630-pure.cl b/OpenCL/m26630-pure.cl new file mode 100644 index 000000000..39727b730 --- /dev/null +++ b/OpenCL/m26630-pure.cl @@ -0,0 +1,413 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_simd.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_cipher_aes.cl) +#include M2S(INCLUDE_PATH/inc_cipher_aes-gcm.cl) +#endif + +#define COMPARE_S M2S(INCLUDE_PATH/inc_comp_single.cl) +#define COMPARE_M M2S(INCLUDE_PATH/inc_comp_multi.cl) + +typedef struct pbkdf2_sha256_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[32]; + u32 out[32]; + +} pbkdf2_sha256_tmp_t; + +typedef struct pbkdf2_sha256_aes_gcm +{ + u32 salt_buf[64]; + u32 iv_buf[4]; + u32 iv_len; + u32 ct_buf[16]; + u32 ct_len; + +} pbkdf2_sha256_aes_gcm_t; + +DECLSPEC void hmac_sha256_run_V (PRIVATE_AS u32x *w0, PRIVATE_AS u32x *w1, PRIVATE_AS u32x *w2, PRIVATE_AS u32x *w3, PRIVATE_AS u32x *ipad, PRIVATE_AS u32x *opad, PRIVATE_AS u32x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha256_transform_vector (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha256_transform_vector (w0, w1, w2, w3, digest); +} + +KERNEL_FQ void m26630_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + sha256_hmac_ctx_t sha256_hmac_ctx; + + sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4]; + tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5]; + tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6]; + tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7]; + + tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4]; + tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5]; + tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6]; + tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7]; + + sha256_hmac_update_global_swap (&sha256_hmac_ctx, esalt_bufs[DIGESTS_OFFSET_HOST].salt_buf, salt_bufs[SALT_POS_HOST].salt_len); + + for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) + { + sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = j; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); + + sha256_hmac_final (&sha256_hmac_ctx2); + + tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0]; + tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1]; + tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2]; + tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3]; + tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4]; + tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5]; + tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6]; + tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7]; + + tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; + tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; + tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; + tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; + tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; + tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5]; + tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6]; + tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7]; + } +} + +KERNEL_FQ void m26630_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= GID_CNT) return; + + u32x ipad[8]; + u32x opad[8]; + + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); + ipad[5] = packv (tmps, ipad, gid, 5); + ipad[6] = packv (tmps, ipad, gid, 6); + ipad[7] = packv (tmps, ipad, gid, 7); + + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); + opad[5] = packv (tmps, opad, gid, 5); + opad[6] = packv (tmps, opad, gid, 6); + opad[7] = packv (tmps, opad, gid, 7); + + for (u32 i = 0; i < 8; i += 8) + { + u32x dgst[8]; + u32x out[8]; + + dgst[0] = packv (tmps, dgst, gid, i + 0); + dgst[1] = packv (tmps, dgst, gid, i + 1); + dgst[2] = packv (tmps, dgst, gid, i + 2); + dgst[3] = packv (tmps, dgst, gid, i + 3); + dgst[4] = packv (tmps, dgst, gid, i + 4); + dgst[5] = packv (tmps, dgst, gid, i + 5); + dgst[6] = packv (tmps, dgst, gid, i + 6); + dgst[7] = packv (tmps, dgst, gid, i + 7); + + out[0] = packv (tmps, out, gid, i + 0); + out[1] = packv (tmps, out, gid, i + 1); + out[2] = packv (tmps, out, gid, i + 2); + out[3] = packv (tmps, out, gid, i + 3); + out[4] = packv (tmps, out, gid, i + 4); + out[5] = packv (tmps, out, gid, i + 5); + out[6] = packv (tmps, out, gid, i + 6); + out[7] = packv (tmps, out, gid, i + 7); + + for (u32 j = 0; j < LOOP_CNT; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = dgst[0]; + w0[1] = dgst[1]; + w0[2] = dgst[2]; + w0[3] = dgst[3]; + w1[0] = dgst[4]; + w1[1] = dgst[5]; + w1[2] = dgst[6]; + w1[3] = dgst[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; + } + + unpackv (tmps, dgst, gid, i + 0, dgst[0]); + unpackv (tmps, dgst, gid, i + 1, dgst[1]); + unpackv (tmps, dgst, gid, i + 2, dgst[2]); + unpackv (tmps, dgst, gid, i + 3, dgst[3]); + unpackv (tmps, dgst, gid, i + 4, dgst[4]); + unpackv (tmps, dgst, gid, i + 5, dgst[5]); + unpackv (tmps, dgst, gid, i + 6, dgst[6]); + unpackv (tmps, dgst, gid, i + 7, dgst[7]); + + unpackv (tmps, out, gid, i + 0, out[0]); + unpackv (tmps, out, gid, i + 1, out[1]); + unpackv (tmps, out, gid, i + 2, out[2]); + unpackv (tmps, out, gid, i + 3, out[3]); + unpackv (tmps, out, gid, i + 4, out[4]); + unpackv (tmps, out, gid, i + 5, out[5]); + unpackv (tmps, out, gid, i + 6, out[6]); + unpackv (tmps, out, gid, i + 7, out[7]); + } +} + +KERNEL_FQ void m26630_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= GID_CNT) return; + + const u32 digest_pos = LOOP_POS; + + const u32 digest_cur = DIGESTS_OFFSET_HOST + digest_pos; + + GLOBAL_AS const pbkdf2_sha256_aes_gcm_t *pbkdf2_sha256_aes_gcm = &esalt_bufs[digest_cur]; + + // keys + + u32 ukey[8]; + + ukey[0] = tmps[gid].out[0]; + ukey[1] = tmps[gid].out[1]; + ukey[2] = tmps[gid].out[2]; + ukey[3] = tmps[gid].out[3]; + ukey[4] = tmps[gid].out[4]; + ukey[5] = tmps[gid].out[5]; + ukey[6] = tmps[gid].out[6]; + ukey[7] = tmps[gid].out[7]; + + u32 key_len = 32 * 8; + + u32 key[60] = { 0 }; + u32 subKey[4] = { 0 }; + + AES_GCM_Init (ukey, key_len, key, subKey, s_te0, s_te1, s_te2, s_te3, s_te4); + + // iv + + u32 iv[4]; + + iv[0] = pbkdf2_sha256_aes_gcm->iv_buf[0]; + iv[1] = pbkdf2_sha256_aes_gcm->iv_buf[1]; + iv[2] = pbkdf2_sha256_aes_gcm->iv_buf[2]; + iv[3] = pbkdf2_sha256_aes_gcm->iv_buf[3]; + + const u32 iv_len = pbkdf2_sha256_aes_gcm->iv_len; + + u32 J0[4] = { 0 }; + + AES_GCM_Prepare_J0 (iv, iv_len, subKey, J0); + + u32 ct[8]; + + ct[0] = pbkdf2_sha256_aes_gcm->ct_buf[0]; // first block of ciphertext + ct[1] = pbkdf2_sha256_aes_gcm->ct_buf[1]; + ct[2] = pbkdf2_sha256_aes_gcm->ct_buf[2]; + ct[3] = pbkdf2_sha256_aes_gcm->ct_buf[3]; + ct[4] = pbkdf2_sha256_aes_gcm->ct_buf[4]; // second block of ciphertext + ct[5] = pbkdf2_sha256_aes_gcm->ct_buf[5]; + ct[6] = pbkdf2_sha256_aes_gcm->ct_buf[6]; + ct[7] = pbkdf2_sha256_aes_gcm->ct_buf[7]; + + u32 pt[8] = { 0 }; + + AES_GCM_decrypt (key, J0, ct, 32, pt, s_te0, s_te1, s_te2, s_te3, s_te4); + + const int correct = is_valid_printable_32 (pt[0]) + + is_valid_printable_32 (pt[1]) + + is_valid_printable_32 (pt[2]) + + is_valid_printable_32 (pt[3]) + + is_valid_printable_32 (pt[4]) + + is_valid_printable_32 (pt[5]) + + is_valid_printable_32 (pt[6]) + + is_valid_printable_32 (pt[7]); + + if (correct != 8) return; + + /* + const int pt_len = 28; // not using 32 byte but 28 because our UTF8 allows up to 4 byte per character and since we decrypt 32 byte + // only we can't guarantee it is not in the middle of a UTF8 byte stream at that point + + if (hc_enc_scan (pt, pt_len)) + { + hc_enc_t hc_enc; + + hc_enc_init (&hc_enc); + + while (hc_enc_has_next (&hc_enc, pt_len)) + { + u32 enc_buf[16] = { 0 }; + + const int enc_len = hc_enc_next (&hc_enc, pt, pt_len, 32, enc_buf, sizeof (enc_buf)); + + if (enc_len == -1) return; + } + } + */ + + const u32 r0 = ct[0]; + const u32 r1 = ct[1]; + const u32 r2 = ct[2]; + const u32 r3 = ct[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/src/modules/module_26620.c b/src/modules/module_26620.c new file mode 100644 index 000000000..f3c4509ad --- /dev/null +++ b/src/modules/module_26620.c @@ -0,0 +1,415 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_CRYPTOCURRENCY_WALLET; +static const char *HASH_NAME = "MetaMask Wallet (needs all data, checks AES-GCM tag, dynamic iterations)"; +static const u64 KERN_TYPE = 26620; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat1"; +// hash generated using with python3 tools/metamask2hashcat.py --vault tools/2hashcat_tests/metamask2hashcat.json +static const char *ST_HASH = "$metamask$600000$MBdUsmTcBHGCASECYr3gmD8XaJROwjhOegSWweCFhco=$N1aDRjt2ZD5x15Q1X9zVUw==$G2Qsp8BtQNz9E1vFlSebykcGkps5iJ53fBjJV8GIE7eolAQpz5m25MTZv0b0t2tpqXvfgEYKYZKsoLvuWWRHqj2ommt+U0l6fEGPY6lTn5PYzDtMKNpPWHKCIS/QYhwEA9/X5RtyIwDL6VqcRp6owV+/icmRlQa+TI5buHWZ+99Z1kBbpTDVYLBwhMRsODM1vYizQDg0vFIo3cQDtpRWUqpAKXhFcpgRD+9grS3pP/zdlIUn//87DZ3ue6Sn6WFOe08EvuY8sYZqTiN3GxcfESOltNbZJGcedMubt/jGsk+qIwUWC/f456UgeX9DN7i2pQBBI+L7qkY5v1WT5Y0i8uho1c2M2G8M9miO8HSm/j4bpMN1J6lPtjFhfAzEPS1go1w2vTmOtr1y+2A4M6HEOcxIrPJ8lUUH9pcN7Xpd+u/tQv8BYFxd6RlNYKLyA6OChbF+TD5Zz6oFZQtkprXqzZUFOlxeWJ373kHMISZtXOx44YGaiT2178fXgHFXavw="; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pbkdf2_sha256_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[32]; + u32 out[32]; + +} pbkdf2_sha256_tmp_t; + +typedef struct pbkdf2_sha256_aes_gcm +{ + u32 salt_buf[64]; + u32 iv_buf[4]; + u32 iv_len; + u32 ct_buf[784]; + u32 ct_len; + +} pbkdf2_sha256_aes_gcm_t; + +static const char *SIGNATURE_METAMASK_WALLET = "$metamask$"; + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // HIP + if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD_USE_HIP) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_aes_gcm_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pbkdf2_sha256_tmp_t); + + return tmp_size; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 8; + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pbkdf2_sha256_aes_gcm_t *metamask = (pbkdf2_sha256_aes_gcm_t *) esalt_buf; + + #define CT_MAX_LEN_BASE64 (((3136+16) * 8) / 6) + 3 + + hc_token_t token; + + memset (&token, 0, sizeof (hc_token_t)); + + token.token_cnt = 5; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_METAMASK_WALLET; + + token.len[0] = 10; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '$'; + token.len_min[1] = 1; + token.len_max[1] = 6; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '$'; + token.len[2] = 44; + token.attr[2] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_BASE64A; + + token.sep[3] = '$'; + token.len[3] = 24; + token.attr[3] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_BASE64A; + + token.sep[4] = '$'; + token.len_min[4] = 64; + token.len_max[4] = CT_MAX_LEN_BASE64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64A; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + u8 tmp_buf[CT_MAX_LEN_BASE64] = { 0 }; + + size_t tmp_len = 0; + + // iter + + const u8 *iter_pos = token.buf[1]; + + const int iter = strtol ((const char *) iter_pos, NULL, 10); + + if (iter < 1) return (PARSER_SALT_ITERATION); + + salt->salt_iter = iter - 1; + + // salt + + const u8 *salt_pos = token.buf[2]; + const int salt_len = token.len[2]; + + memset (tmp_buf, 0, sizeof (tmp_buf)); + + tmp_len = base64_decode (base64_to_int, salt_pos, salt_len, tmp_buf); + + if (tmp_len != 32) return (PARSER_SALT_LENGTH); + + memcpy (salt->salt_buf, tmp_buf, tmp_len); + + salt->salt_len = tmp_len; + + metamask->salt_buf[0] = salt->salt_buf[0]; + metamask->salt_buf[1] = salt->salt_buf[1]; + metamask->salt_buf[2] = salt->salt_buf[2]; + metamask->salt_buf[3] = salt->salt_buf[3]; + metamask->salt_buf[4] = salt->salt_buf[4]; + metamask->salt_buf[5] = salt->salt_buf[5]; + metamask->salt_buf[6] = salt->salt_buf[6]; + metamask->salt_buf[7] = salt->salt_buf[7]; + + // iv + + const u8 *iv_pos = token.buf[3]; + const int iv_len = token.len[3]; + + memset (tmp_buf, 0, sizeof (tmp_buf)); + + tmp_len = base64_decode (base64_to_int, iv_pos, iv_len, tmp_buf); + + if (tmp_len != 16) return (PARSER_IV_LENGTH); + + memcpy ((u8 *) metamask->iv_buf, tmp_buf, tmp_len); + + metamask->iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]); + metamask->iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]); + metamask->iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]); + metamask->iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]); + + metamask->iv_len = tmp_len; + + // ciphertext + + const u8 *ct_pos = token.buf[4]; + const int ct_len = token.len[4]; + + memset (tmp_buf, 0, sizeof (tmp_buf)); + + tmp_len = base64_decode (base64_to_int, ct_pos, ct_len, tmp_buf); + + if (tmp_len <= 16) return (PARSER_CT_LENGTH); + + tmp_len -= 16; + + if (tmp_len < 30 || tmp_len > 3136) return (PARSER_CT_LENGTH); + + memcpy ((u8 *) metamask->ct_buf, tmp_buf, tmp_len); + + u32 j = tmp_len / 4; + + if ((tmp_len % 4) > 0) j++; + + for (u32 i = 0; i < j; i++) metamask->ct_buf[i] = byte_swap_32 (metamask->ct_buf[i]); + + metamask->ct_len = tmp_len; + + // tag + + u32 tag_buf[4] = { 0 }; + + memcpy ((u8 *) tag_buf, tmp_buf+metamask->ct_len, 16); + + digest[0] = byte_swap_32 (tag_buf[0]); + digest[1] = byte_swap_32 (tag_buf[1]); + digest[2] = byte_swap_32 (tag_buf[2]); + digest[3] = byte_swap_32 (tag_buf[3]); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const pbkdf2_sha256_aes_gcm_t *metamask = (const pbkdf2_sha256_aes_gcm_t *) esalt_buf; + + // salt + + #define SALT_LEN_BASE64 ((32 * 8) / 6) + 3 + #define IV_LEN_BASE64 ((16 * 8) / 6) + 3 + #define CT_MAX_LEN_BASE64 (((3136+16) * 8) / 6) + 3 + + u8 salt_buf[SALT_LEN_BASE64] = { 0 }; + + base64_encode (int_to_base64, (const u8 *) salt->salt_buf, (const int) salt->salt_len, salt_buf); + + // iv + + u32 tmp_iv_buf[4] = { 0 }; + + tmp_iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]); + tmp_iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]); + tmp_iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]); + tmp_iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]); + + u8 iv_buf[IV_LEN_BASE64+1] = { 0 }; + + base64_encode (int_to_base64, (const u8 *) tmp_iv_buf, (const int) metamask->iv_len, iv_buf); + + // ct + + u32 ct_len = metamask->ct_len; + + u32 j = ct_len / 4; + + if ((ct_len % 4) > 0) j++; + + u32 tmp_buf[788] = { 0 }; + + for (u32 i = 0; i < j; i++) tmp_buf[i] = byte_swap_32 (metamask->ct_buf[i]); + + u32 tmp_tag[4] = { 0 }; + + tmp_tag[0] = byte_swap_32 (digest[0]); + tmp_tag[1] = byte_swap_32 (digest[1]); + tmp_tag[2] = byte_swap_32 (digest[2]); + tmp_tag[3] = byte_swap_32 (digest[3]); + + u8 *tmp_buf_str = (u8 *) tmp_buf; + u8 *tmp_tag_str = (u8 *) tmp_tag; + + memcpy (tmp_buf_str+metamask->ct_len, tmp_tag_str, 16); + + u8 ct_buf[CT_MAX_LEN_BASE64] = { 0 }; + + base64_encode (int_to_base64, (const u8 *) tmp_buf, (const int) metamask->ct_len+16, ct_buf); + + u8 *out_buf = (u8 *) line_buf; + + int out_len = snprintf ((char *) out_buf, line_size, "%s%s$%s$%s", + SIGNATURE_METAMASK_WALLET, + salt_buf, + iv_buf, + ct_buf); + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_charset = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deprecated_notice = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_26630.c b/src/modules/module_26630.c new file mode 100644 index 000000000..f6d6f596f --- /dev/null +++ b/src/modules/module_26630.c @@ -0,0 +1,395 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_CRYPTOCURRENCY_WALLET; +static const char *HASH_NAME = "MetaMask Wallet (short hash, plaintext check, dynamic iterations)"; +static const u64 KERN_TYPE = 26630; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_DEEP_COMP_KERNEL; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat1"; +static const char *ST_HASH = "$metamask-short$600000$MBdUsmTcBHGCASECYr3gmD8XaJROwjhOegSWweCFhco=$N1aDRjt2ZD5x15Q1X9zVUw==$G2Qsp8BtQNz9E1vFlSebykcGkps5iJ53fBjJV8GIE7eolAQpz5m25MTZv0b0t2tpqXvfgEYKYZKsoLvuWWRHqg=="; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pbkdf2_sha256_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[32]; + u32 out[32]; + +} pbkdf2_sha256_tmp_t; + +typedef struct pbkdf2_sha256_aes_gcm +{ + u32 salt_buf[64]; + u32 iv_buf[4]; + u32 iv_len; + u32 ct_buf[16]; + u32 ct_len; + +} pbkdf2_sha256_aes_gcm_t; + +static const char *SIGNATURE_METAMASK_WALLET = "$metamask-short$"; + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // HIP + if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD_USE_HIP) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + return KERN_RUN_3; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_aes_gcm_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pbkdf2_sha256_tmp_t); + + return tmp_size; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 8; + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pbkdf2_sha256_aes_gcm_t *metamask = (pbkdf2_sha256_aes_gcm_t *) esalt_buf; + + hc_token_t token; + + memset (&token, 0, sizeof (hc_token_t)); + + token.token_cnt = 5; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_METAMASK_WALLET; + + token.len[0] = 16; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '$'; + token.len_min[1] = 1; + token.len_max[1] = 6; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '$'; + token.len[2] = 44; + token.attr[2] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_BASE64A; + + token.sep[3] = '$'; + token.len[3] = 24; + token.attr[3] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_BASE64A; + + token.sep[4] = '$'; + token.len_min[4] = 88; + token.len_max[4] = 88; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64A; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // iter + + const u8 *iter_pos = token.buf[1]; + + const int iter = strtol ((const char *) iter_pos, NULL, 10); + + if (iter < 1) return (PARSER_SALT_ITERATION); + + salt->salt_iter = iter - 1; + + // salt + + const u8 *salt_pos = token.buf[2]; + const int salt_len = token.len[2]; + + u8 tmp_buf[88+1]; + + memset (tmp_buf, 0, sizeof (tmp_buf)); + + size_t tmp_len = base64_decode (base64_to_int, salt_pos, salt_len, tmp_buf); + + if (tmp_len != 32) return (PARSER_SALT_LENGTH); + + memcpy (salt->salt_buf, tmp_buf, tmp_len); + + salt->salt_len = tmp_len; + + metamask->salt_buf[0] = salt->salt_buf[0]; + metamask->salt_buf[1] = salt->salt_buf[1]; + metamask->salt_buf[2] = salt->salt_buf[2]; + metamask->salt_buf[3] = salt->salt_buf[3]; + metamask->salt_buf[4] = salt->salt_buf[4]; + metamask->salt_buf[5] = salt->salt_buf[5]; + metamask->salt_buf[6] = salt->salt_buf[6]; + metamask->salt_buf[7] = salt->salt_buf[7]; + + // iv + + const u8 *iv_pos = token.buf[3]; + const int iv_len = token.len[3]; + + memset (tmp_buf, 0, sizeof (tmp_buf)); + + tmp_len = base64_decode (base64_to_int, iv_pos, iv_len, tmp_buf); + + if (tmp_len != 16) return (PARSER_IV_LENGTH); + + memcpy ((u8 *) metamask->iv_buf, tmp_buf, tmp_len); + + metamask->iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]); + metamask->iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]); + metamask->iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]); + metamask->iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]); + + metamask->iv_len = tmp_len; + + // ciphertext + + const u8 *ct_pos = token.buf[4]; + const int ct_len = token.len[4]; + + memset (tmp_buf, 0, sizeof (tmp_buf)); + + tmp_len = base64_decode (base64_to_int, ct_pos, ct_len, tmp_buf); + + if (tmp_len != 64) return (PARSER_CT_LENGTH); + + memcpy ((u8 *) metamask->ct_buf, tmp_buf, tmp_len); + + u32 j = tmp_len / 4; + + for (u32 i = 0; i < j; i++) + { + metamask->ct_buf[i] = byte_swap_32 (metamask->ct_buf[i]); + } + + metamask->ct_len = tmp_len; + + digest[0] = metamask->ct_buf[0]; + digest[1] = metamask->ct_buf[1]; + digest[2] = metamask->ct_buf[2]; + digest[3] = metamask->ct_buf[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const pbkdf2_sha256_aes_gcm_t *metamask = (const pbkdf2_sha256_aes_gcm_t *) esalt_buf; + + // salt + + u8 salt_buf[44+1]; + + memset (salt_buf, 0, sizeof (salt_buf)); + + base64_encode (int_to_base64, (const u8 *) salt->salt_buf, (const int) salt->salt_len, salt_buf); + + // iv + + u32 tmp_iv_buf[4]; + + tmp_iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]); + tmp_iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]); + tmp_iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]); + tmp_iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]); + + u8 iv_buf[24+1]; + + memset (iv_buf, 0, sizeof (iv_buf)); + + base64_encode (int_to_base64, (const u8 *) tmp_iv_buf, (const int) metamask->iv_len, iv_buf); + + // ct + + u32 tmp_buf[16]; + + memset (tmp_buf, 0, sizeof (tmp_buf)); + + u32 ct_len = metamask->ct_len; + + u32 j = ct_len / 4; + + for (u32 i = 0; i < j; i++) tmp_buf[i] = byte_swap_32 (metamask->ct_buf[i]); + + u8 ct_buf[88+1]; + + memset (ct_buf, 0, sizeof (ct_buf)); + + base64_encode (int_to_base64, (const u8 *) tmp_buf, (const int) metamask->ct_len, ct_buf); + + u8 *out_buf = (u8 *) line_buf; + + int out_len = snprintf ((char *) out_buf, line_size, "%s%s$%s$%s", + SIGNATURE_METAMASK_WALLET, + salt_buf, + iv_buf, + ct_buf); + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_charset = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; + module_ctx->module_deprecated_notice = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/metamask2hashcat.py b/tools/metamask2hashcat.py old mode 100755 new mode 100644 index a2aa99774..6c32e82c7 --- a/tools/metamask2hashcat.py +++ b/tools/metamask2hashcat.py @@ -51,8 +51,14 @@ def metamask_parser(file, shortdata): parser.print_help() exit(1) + if isMobile is False: + if 'keyMetadata' in j and 'params' in j['keyMetadata'] and 'iterations' in j['keyMetadata']['params']: + iter_count = j['keyMetadata']['params']['iterations'] + else: + iter_count = 10000 + if((len(j['data']) > 3000) or shortdata): data_bin = base64.b64decode(j['data']) # TODO limit data to 16 bytes, we only check the first block of data, so we don't need more data. @@ -60,9 +66,15 @@ def metamask_parser(file, shortdata): # Still the pbkdf 10k iter will be taking the most time by far probably. j['data'] = base64.b64encode(data_bin[0:64]).decode("ascii") - print('$metamask-short$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) + if iter_count != 10000: + print('$metamask-short$' + str(iter_count) + '$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) + else: + print('$metamask-short$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) else: - print('$metamask$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) + if iter_count != 10000: + print('$metamask$' + str(iter_count) + '$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) + else: + print('$metamask$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) else: From 205e7f6e71da6509005b06dde2833584f8b84dbf Mon Sep 17 00:00:00 2001 From: its5Q Date: Thu, 22 Feb 2024 03:40:36 +1000 Subject: [PATCH 2/6] Update metamask2hashcat help string --- tools/metamask2hashcat.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/metamask2hashcat.py b/tools/metamask2hashcat.py index 6c32e82c7..1e4de119c 100644 --- a/tools/metamask2hashcat.py +++ b/tools/metamask2hashcat.py @@ -94,7 +94,7 @@ def metamask_parser(file, shortdata): if __name__ == "__main__": parser = argparse.ArgumentParser(description="metamask2hashcat.py extraction tool") parser.add_argument('--vault', required=True, help='set metamask vault (json) file from path', type=str) - parser.add_argument('--shortdata', help='force short data, can only be used with m26610, ', action='store_true') + parser.add_argument('--shortdata', help='force short data, can only be used with m26610/m26630, ', action='store_true') args = parser.parse_args() From 55406d8342732f6eafa86b92820ace5e4fe32912 Mon Sep 17 00:00:00 2001 From: its5Q Date: Thu, 22 Feb 2024 22:48:00 +1000 Subject: [PATCH 3/6] Cleaner JSON key handling in metamask2hashcat Co-authored-by: kgolawski --- tools/metamask2hashcat.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tools/metamask2hashcat.py b/tools/metamask2hashcat.py index 1e4de119c..a31d600f8 100644 --- a/tools/metamask2hashcat.py +++ b/tools/metamask2hashcat.py @@ -54,11 +54,10 @@ def metamask_parser(file, shortdata): if isMobile is False: - if 'keyMetadata' in j and 'params' in j['keyMetadata'] and 'iterations' in j['keyMetadata']['params']: + try: iter_count = j['keyMetadata']['params']['iterations'] - else: - iter_count = 10000 - + except KeyError: + iter_count = 10_000 if((len(j['data']) > 3000) or shortdata): data_bin = base64.b64decode(j['data']) # TODO limit data to 16 bytes, we only check the first block of data, so we don't need more data. From d725b4b928d5a0487a58c310235228e2b26ce0ab Mon Sep 17 00:00:00 2001 From: its5Q Date: Fri, 23 Feb 2024 06:22:27 +1000 Subject: [PATCH 4/6] Switch to using TOKEN_ATTR_OPTIONAL_ROUNDS for Metamask hashmodes --- src/modules/module_26600.c | 38 ++-- src/modules/module_26610.c | 36 +++- src/modules/module_26620.c | 415 ------------------------------------- src/modules/module_26630.c | 395 ----------------------------------- tools/metamask2hashcat.py | 2 +- 5 files changed, 52 insertions(+), 834 deletions(-) delete mode 100644 src/modules/module_26620.c delete mode 100644 src/modules/module_26630.c diff --git a/src/modules/module_26600.c b/src/modules/module_26600.c index 4f6d0de3b..1f211310d 100644 --- a/src/modules/module_26600.c +++ b/src/modules/module_26600.c @@ -29,6 +29,8 @@ static const char *ST_PASS = "hashcat1"; // hash generated using with python3 tools/metamask2hashcat.py --vault tools/2hashcat_tests/metamask2hashcat.json static const char *ST_HASH = "$metamask$jfGI3TXguhb8GPnKSXFrMzRk2NCEc131Gt5G3kZr5+s=$h+BoIf2CQ5BEjaIOShFE7g==$R95fzGt4UQ0uwrcrVYnIi4UcSlWn9wlmer+//526ZDwYAp50K82F1u1oacYcdjjhuEvbZnWk/uBG00UkgLLlO3WbINljqmu2QWdDEwjTgo/qWR6MU9d/82rxNiONHQE8UrZ8SV+htVr6XIB0ze3aCV0E+fwI93EeP79ZeDxuOEhuHoiYT0bHWMv5nA48AdluG4DbOo7SrDAWBVCBsEdXsOfYsS3/TIh0a/iFCMX4uhxY2824JwcWp4H36SFWyBYMZCJ3/U4DYFbbjWZtGRthoJlIik5BJq4FLu3Y1jEgza0AWlAvu4MKTEqrYSpUIghfxf1a1f+kPvxsHNq0as0kRwCXu09DObbdsiggbmeoBkxMZiFq0d9ar/3Gon0r3hfc3c124Wlivzbzu1JcZ3wURhLSsUS7b5cfG86aXHJkxmQDA5urBz6lw3bsIvlEUB2ErkQy/zD+cPwCG1Rs/WKt7KNh45lppCUkHccbf+xlpdc8OfUwj01Xp7BdH8LMR7Vx1C4hZCvSdtURVl0VaAMxHDX0MjRkwmqS"; +static const u32 ROUNDS_METAMASK = 10000; + u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } @@ -144,9 +146,10 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE | TOKEN_ATTR_VERIFY_SIGNATURE; token.sep[1] = '$'; - token.len[1] = 44; - token.attr[1] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; + token.len_min[1] = 0; + token.len_max[1] = 60; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_OPTIONAL_ROUNDS; token.sep[2] = '$'; token.len[2] = 24; @@ -169,7 +172,12 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // iter - salt->salt_iter = 10000 - 1; + salt->salt_iter = ROUNDS_METAMASK - 1; + + if (token.opt_len != -1) + { + salt->salt_iter = hc_strtoul ((const char *) token.opt_buf + 7, NULL, 10) - 1; // 7 = "rounds=" + } // salt @@ -312,14 +320,20 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE base64_encode (int_to_base64, (const u8 *) tmp_buf, (const int) metamask->ct_len+16, ct_buf); u8 *out_buf = (u8 *) line_buf; - - int out_len = snprintf ((char *) out_buf, line_size, "%s%s$%s$%s", - SIGNATURE_METAMASK_WALLET, - salt_buf, - iv_buf, - ct_buf); - - return out_len; + + if (salt->salt_iter + 1 != ROUNDS_METAMASK) + return snprintf ((char *) out_buf, line_size, "%srounds=%d$%s$%s$%s", + SIGNATURE_METAMASK_WALLET, + salt->salt_iter + 1, + salt_buf, + iv_buf, + ct_buf); + else + return snprintf ((char *) out_buf, line_size, "%s%s$%s$%s", + SIGNATURE_METAMASK_WALLET, + salt_buf, + iv_buf, + ct_buf); } void module_init (module_ctx_t *module_ctx) diff --git a/src/modules/module_26610.c b/src/modules/module_26610.c index 532246128..64cf20f4b 100644 --- a/src/modules/module_26610.c +++ b/src/modules/module_26610.c @@ -29,6 +29,8 @@ static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat1"; static const char *ST_HASH = "$metamask-short$jfGI3TXguhb8GPnKSXFrMzRk2NCEc131Gt5G3kZr5+s=$h+BoIf2CQ5BEjaIOShFE7g==$R95fzGt4UQ0uwrcrVYnIi4UcSlWn9wlmer+//526ZDwYAp50K82F1u1oacYcdjjhuEvbZnWk/uBG00UkgLLlOw=="; +static const u32 ROUNDS_METAMASK = 10000; + u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } @@ -147,9 +149,10 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE | TOKEN_ATTR_VERIFY_SIGNATURE; token.sep[1] = '$'; - token.len[1] = 44; - token.attr[1] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; + token.len_min[1] = 0; + token.len_max[1] = 60; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_OPTIONAL_ROUNDS; token.sep[2] = '$'; token.len[2] = 24; @@ -168,7 +171,12 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // iter - salt->salt_iter = 10000 - 1; + salt->salt_iter = ROUNDS_METAMASK - 1; + + if (token.opt_len != -1) + { + salt->salt_iter = hc_strtoul ((const char *) token.opt_buf + 7, NULL, 10) - 1; // 7 = "rounds=" + } // salt @@ -293,13 +301,19 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE u8 *out_buf = (u8 *) line_buf; - int out_len = snprintf ((char *) out_buf, line_size, "%s%s$%s$%s", - SIGNATURE_METAMASK_WALLET, - salt_buf, - iv_buf, - ct_buf); - - return out_len; + if (salt->salt_iter + 1 != ROUNDS_METAMASK) + return snprintf ((char *) out_buf, line_size, "%srounds=%d$%s$%s$%s", + SIGNATURE_METAMASK_WALLET, + salt->salt_iter + 1, + salt_buf, + iv_buf, + ct_buf); + else + return snprintf ((char *) out_buf, line_size, "%s%s$%s$%s", + SIGNATURE_METAMASK_WALLET, + salt_buf, + iv_buf, + ct_buf); } void module_init (module_ctx_t *module_ctx) diff --git a/src/modules/module_26620.c b/src/modules/module_26620.c deleted file mode 100644 index f3c4509ad..000000000 --- a/src/modules/module_26620.c +++ /dev/null @@ -1,415 +0,0 @@ -/** - * Author......: See docs/credits.txt - * License.....: MIT - */ - -#include "common.h" -#include "types.h" -#include "modules.h" -#include "bitops.h" -#include "convert.h" -#include "shared.h" -#include "memory.h" - -static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; -static const u32 DGST_POS0 = 0; -static const u32 DGST_POS1 = 1; -static const u32 DGST_POS2 = 2; -static const u32 DGST_POS3 = 3; -static const u32 DGST_SIZE = DGST_SIZE_4_4; -static const u32 HASH_CATEGORY = HASH_CATEGORY_CRYPTOCURRENCY_WALLET; -static const char *HASH_NAME = "MetaMask Wallet (needs all data, checks AES-GCM tag, dynamic iterations)"; -static const u64 KERN_TYPE = 26620; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; -static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE - | OPTS_TYPE_PT_GENERATE_LE; -static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; -static const char *ST_PASS = "hashcat1"; -// hash generated using with python3 tools/metamask2hashcat.py --vault tools/2hashcat_tests/metamask2hashcat.json -static const char *ST_HASH = "$metamask$600000$MBdUsmTcBHGCASECYr3gmD8XaJROwjhOegSWweCFhco=$N1aDRjt2ZD5x15Q1X9zVUw==$G2Qsp8BtQNz9E1vFlSebykcGkps5iJ53fBjJV8GIE7eolAQpz5m25MTZv0b0t2tpqXvfgEYKYZKsoLvuWWRHqj2ommt+U0l6fEGPY6lTn5PYzDtMKNpPWHKCIS/QYhwEA9/X5RtyIwDL6VqcRp6owV+/icmRlQa+TI5buHWZ+99Z1kBbpTDVYLBwhMRsODM1vYizQDg0vFIo3cQDtpRWUqpAKXhFcpgRD+9grS3pP/zdlIUn//87DZ3ue6Sn6WFOe08EvuY8sYZqTiN3GxcfESOltNbZJGcedMubt/jGsk+qIwUWC/f456UgeX9DN7i2pQBBI+L7qkY5v1WT5Y0i8uho1c2M2G8M9miO8HSm/j4bpMN1J6lPtjFhfAzEPS1go1w2vTmOtr1y+2A4M6HEOcxIrPJ8lUUH9pcN7Xpd+u/tQv8BYFxd6RlNYKLyA6OChbF+TD5Zz6oFZQtkprXqzZUFOlxeWJ373kHMISZtXOx44YGaiT2178fXgHFXavw="; - -u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } -u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } -u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } -u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } -u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } -u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } -u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } -const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } -u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } -u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } -u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } -u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } -const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } -const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } - -typedef struct pbkdf2_sha256_tmp -{ - u32 ipad[8]; - u32 opad[8]; - - u32 dgst[32]; - u32 out[32]; - -} pbkdf2_sha256_tmp_t; - -typedef struct pbkdf2_sha256_aes_gcm -{ - u32 salt_buf[64]; - u32 iv_buf[4]; - u32 iv_len; - u32 ct_buf[784]; - u32 ct_len; - -} pbkdf2_sha256_aes_gcm_t; - -static const char *SIGNATURE_METAMASK_WALLET = "$metamask$"; - -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // Extra treatment for Apple systems - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - return jit_build_options; - } - - // HIP - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD_USE_HIP) - { - hc_asprintf (&jit_build_options, "-D _unroll"); - } - - // ROCM - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D _unroll"); - } - - return jit_build_options; -} - -u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_aes_gcm_t); - - return esalt_size; -} - -u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 tmp_size = (const u64) sizeof (pbkdf2_sha256_tmp_t); - - return tmp_size; -} - -u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u32 pw_min = 8; - - return pw_min; -} - -u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - // this overrides the reductions of PW_MAX in case optimized kernel is selected - // IOW, even in optimized kernel mode it support length 256 - - const u32 pw_max = PW_MAX; - - return pw_max; -} - -int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) -{ - u32 *digest = (u32 *) digest_buf; - - pbkdf2_sha256_aes_gcm_t *metamask = (pbkdf2_sha256_aes_gcm_t *) esalt_buf; - - #define CT_MAX_LEN_BASE64 (((3136+16) * 8) / 6) + 3 - - hc_token_t token; - - memset (&token, 0, sizeof (hc_token_t)); - - token.token_cnt = 5; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_METAMASK_WALLET; - - token.len[0] = 10; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.sep[1] = '$'; - token.len_min[1] = 1; - token.len_max[1] = 6; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[2] = '$'; - token.len[2] = 44; - token.attr[2] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; - - token.sep[3] = '$'; - token.len[3] = 24; - token.attr[3] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; - - token.sep[4] = '$'; - token.len_min[4] = 64; - token.len_max[4] = CT_MAX_LEN_BASE64; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; - - const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - u8 tmp_buf[CT_MAX_LEN_BASE64] = { 0 }; - - size_t tmp_len = 0; - - // iter - - const u8 *iter_pos = token.buf[1]; - - const int iter = strtol ((const char *) iter_pos, NULL, 10); - - if (iter < 1) return (PARSER_SALT_ITERATION); - - salt->salt_iter = iter - 1; - - // salt - - const u8 *salt_pos = token.buf[2]; - const int salt_len = token.len[2]; - - memset (tmp_buf, 0, sizeof (tmp_buf)); - - tmp_len = base64_decode (base64_to_int, salt_pos, salt_len, tmp_buf); - - if (tmp_len != 32) return (PARSER_SALT_LENGTH); - - memcpy (salt->salt_buf, tmp_buf, tmp_len); - - salt->salt_len = tmp_len; - - metamask->salt_buf[0] = salt->salt_buf[0]; - metamask->salt_buf[1] = salt->salt_buf[1]; - metamask->salt_buf[2] = salt->salt_buf[2]; - metamask->salt_buf[3] = salt->salt_buf[3]; - metamask->salt_buf[4] = salt->salt_buf[4]; - metamask->salt_buf[5] = salt->salt_buf[5]; - metamask->salt_buf[6] = salt->salt_buf[6]; - metamask->salt_buf[7] = salt->salt_buf[7]; - - // iv - - const u8 *iv_pos = token.buf[3]; - const int iv_len = token.len[3]; - - memset (tmp_buf, 0, sizeof (tmp_buf)); - - tmp_len = base64_decode (base64_to_int, iv_pos, iv_len, tmp_buf); - - if (tmp_len != 16) return (PARSER_IV_LENGTH); - - memcpy ((u8 *) metamask->iv_buf, tmp_buf, tmp_len); - - metamask->iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]); - metamask->iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]); - metamask->iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]); - metamask->iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]); - - metamask->iv_len = tmp_len; - - // ciphertext - - const u8 *ct_pos = token.buf[4]; - const int ct_len = token.len[4]; - - memset (tmp_buf, 0, sizeof (tmp_buf)); - - tmp_len = base64_decode (base64_to_int, ct_pos, ct_len, tmp_buf); - - if (tmp_len <= 16) return (PARSER_CT_LENGTH); - - tmp_len -= 16; - - if (tmp_len < 30 || tmp_len > 3136) return (PARSER_CT_LENGTH); - - memcpy ((u8 *) metamask->ct_buf, tmp_buf, tmp_len); - - u32 j = tmp_len / 4; - - if ((tmp_len % 4) > 0) j++; - - for (u32 i = 0; i < j; i++) metamask->ct_buf[i] = byte_swap_32 (metamask->ct_buf[i]); - - metamask->ct_len = tmp_len; - - // tag - - u32 tag_buf[4] = { 0 }; - - memcpy ((u8 *) tag_buf, tmp_buf+metamask->ct_len, 16); - - digest[0] = byte_swap_32 (tag_buf[0]); - digest[1] = byte_swap_32 (tag_buf[1]); - digest[2] = byte_swap_32 (tag_buf[2]); - digest[3] = byte_swap_32 (tag_buf[3]); - - return (PARSER_OK); -} - -int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) -{ - const u32 *digest = (const u32 *) digest_buf; - - const pbkdf2_sha256_aes_gcm_t *metamask = (const pbkdf2_sha256_aes_gcm_t *) esalt_buf; - - // salt - - #define SALT_LEN_BASE64 ((32 * 8) / 6) + 3 - #define IV_LEN_BASE64 ((16 * 8) / 6) + 3 - #define CT_MAX_LEN_BASE64 (((3136+16) * 8) / 6) + 3 - - u8 salt_buf[SALT_LEN_BASE64] = { 0 }; - - base64_encode (int_to_base64, (const u8 *) salt->salt_buf, (const int) salt->salt_len, salt_buf); - - // iv - - u32 tmp_iv_buf[4] = { 0 }; - - tmp_iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]); - tmp_iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]); - tmp_iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]); - tmp_iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]); - - u8 iv_buf[IV_LEN_BASE64+1] = { 0 }; - - base64_encode (int_to_base64, (const u8 *) tmp_iv_buf, (const int) metamask->iv_len, iv_buf); - - // ct - - u32 ct_len = metamask->ct_len; - - u32 j = ct_len / 4; - - if ((ct_len % 4) > 0) j++; - - u32 tmp_buf[788] = { 0 }; - - for (u32 i = 0; i < j; i++) tmp_buf[i] = byte_swap_32 (metamask->ct_buf[i]); - - u32 tmp_tag[4] = { 0 }; - - tmp_tag[0] = byte_swap_32 (digest[0]); - tmp_tag[1] = byte_swap_32 (digest[1]); - tmp_tag[2] = byte_swap_32 (digest[2]); - tmp_tag[3] = byte_swap_32 (digest[3]); - - u8 *tmp_buf_str = (u8 *) tmp_buf; - u8 *tmp_tag_str = (u8 *) tmp_tag; - - memcpy (tmp_buf_str+metamask->ct_len, tmp_tag_str, 16); - - u8 ct_buf[CT_MAX_LEN_BASE64] = { 0 }; - - base64_encode (int_to_base64, (const u8 *) tmp_buf, (const int) metamask->ct_len+16, ct_buf); - - u8 *out_buf = (u8 *) line_buf; - - int out_len = snprintf ((char *) out_buf, line_size, "%s%s$%s$%s", - SIGNATURE_METAMASK_WALLET, - salt_buf, - iv_buf, - ct_buf); - - return out_len; -} - -void module_init (module_ctx_t *module_ctx) -{ - module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; - module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; - - module_ctx->module_attack_exec = module_attack_exec; - module_ctx->module_benchmark_esalt = MODULE_DEFAULT; - module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; - module_ctx->module_benchmark_mask = MODULE_DEFAULT; - module_ctx->module_benchmark_charset = MODULE_DEFAULT; - module_ctx->module_benchmark_salt = MODULE_DEFAULT; - module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; - module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; - module_ctx->module_deprecated_notice = MODULE_DEFAULT; - module_ctx->module_dgst_pos0 = module_dgst_pos0; - module_ctx->module_dgst_pos1 = module_dgst_pos1; - module_ctx->module_dgst_pos2 = module_dgst_pos2; - module_ctx->module_dgst_pos3 = module_dgst_pos3; - module_ctx->module_dgst_size = module_dgst_size; - module_ctx->module_dictstat_disable = MODULE_DEFAULT; - module_ctx->module_esalt_size = module_esalt_size; - module_ctx->module_extra_buffer_size = MODULE_DEFAULT; - module_ctx->module_extra_tmp_size = MODULE_DEFAULT; - module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; - module_ctx->module_forced_outfile_format = MODULE_DEFAULT; - module_ctx->module_hash_binary_count = MODULE_DEFAULT; - module_ctx->module_hash_binary_parse = MODULE_DEFAULT; - module_ctx->module_hash_binary_save = MODULE_DEFAULT; - module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; - module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; - module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; - module_ctx->module_hash_decode = module_hash_decode; - module_ctx->module_hash_encode_status = MODULE_DEFAULT; - module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; - module_ctx->module_hash_encode = module_hash_encode; - module_ctx->module_hash_init_selftest = MODULE_DEFAULT; - module_ctx->module_hash_mode = MODULE_DEFAULT; - module_ctx->module_hash_category = module_hash_category; - module_ctx->module_hash_name = module_hash_name; - module_ctx->module_hashes_count_min = MODULE_DEFAULT; - module_ctx->module_hashes_count_max = MODULE_DEFAULT; - module_ctx->module_hlfmt_disable = MODULE_DEFAULT; - module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; - module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; - module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; - module_ctx->module_hook12 = MODULE_DEFAULT; - module_ctx->module_hook23 = MODULE_DEFAULT; - module_ctx->module_hook_salt_size = MODULE_DEFAULT; - module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; - module_ctx->module_jit_cache_disable = MODULE_DEFAULT; - module_ctx->module_kernel_accel_max = MODULE_DEFAULT; - module_ctx->module_kernel_accel_min = MODULE_DEFAULT; - module_ctx->module_kernel_loops_max = MODULE_DEFAULT; - module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = MODULE_DEFAULT; - module_ctx->module_kernel_threads_min = MODULE_DEFAULT; - module_ctx->module_kern_type = module_kern_type; - module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; - module_ctx->module_opti_type = module_opti_type; - module_ctx->module_opts_type = module_opts_type; - module_ctx->module_outfile_check_disable = MODULE_DEFAULT; - module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; - module_ctx->module_potfile_custom_check = MODULE_DEFAULT; - module_ctx->module_potfile_disable = MODULE_DEFAULT; - module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; - module_ctx->module_pwdump_column = MODULE_DEFAULT; - module_ctx->module_pw_max = module_pw_max; - module_ctx->module_pw_min = module_pw_min; - module_ctx->module_salt_max = MODULE_DEFAULT; - module_ctx->module_salt_min = MODULE_DEFAULT; - module_ctx->module_salt_type = module_salt_type; - module_ctx->module_separator = MODULE_DEFAULT; - module_ctx->module_st_hash = module_st_hash; - module_ctx->module_st_pass = module_st_pass; - module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; - module_ctx->module_warmup_disable = MODULE_DEFAULT; -} diff --git a/src/modules/module_26630.c b/src/modules/module_26630.c deleted file mode 100644 index f6d6f596f..000000000 --- a/src/modules/module_26630.c +++ /dev/null @@ -1,395 +0,0 @@ -/** - * Author......: See docs/credits.txt - * License.....: MIT - */ - -#include "common.h" -#include "types.h" -#include "modules.h" -#include "bitops.h" -#include "convert.h" -#include "shared.h" -#include "memory.h" - -static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; -static const u32 DGST_POS0 = 0; -static const u32 DGST_POS1 = 1; -static const u32 DGST_POS2 = 2; -static const u32 DGST_POS3 = 3; -static const u32 DGST_SIZE = DGST_SIZE_4_4; -static const u32 HASH_CATEGORY = HASH_CATEGORY_CRYPTOCURRENCY_WALLET; -static const char *HASH_NAME = "MetaMask Wallet (short hash, plaintext check, dynamic iterations)"; -static const u64 KERN_TYPE = 26630; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; -static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE - | OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_DEEP_COMP_KERNEL; -static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; -static const char *ST_PASS = "hashcat1"; -static const char *ST_HASH = "$metamask-short$600000$MBdUsmTcBHGCASECYr3gmD8XaJROwjhOegSWweCFhco=$N1aDRjt2ZD5x15Q1X9zVUw==$G2Qsp8BtQNz9E1vFlSebykcGkps5iJ53fBjJV8GIE7eolAQpz5m25MTZv0b0t2tpqXvfgEYKYZKsoLvuWWRHqg=="; - -u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } -u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } -u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } -u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } -u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } -u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } -u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } -const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } -u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } -u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } -u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } -u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } -const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } -const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } - -typedef struct pbkdf2_sha256_tmp -{ - u32 ipad[8]; - u32 opad[8]; - - u32 dgst[32]; - u32 out[32]; - -} pbkdf2_sha256_tmp_t; - -typedef struct pbkdf2_sha256_aes_gcm -{ - u32 salt_buf[64]; - u32 iv_buf[4]; - u32 iv_len; - u32 ct_buf[16]; - u32 ct_len; - -} pbkdf2_sha256_aes_gcm_t; - -static const char *SIGNATURE_METAMASK_WALLET = "$metamask-short$"; - -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // Extra treatment for Apple systems - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - return jit_build_options; - } - - // HIP - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD_USE_HIP) - { - hc_asprintf (&jit_build_options, "-D _unroll"); - } - - // ROCM - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D _unroll"); - } - - return jit_build_options; -} - -u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) -{ - return KERN_RUN_3; -} - -u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_aes_gcm_t); - - return esalt_size; -} - -u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 tmp_size = (const u64) sizeof (pbkdf2_sha256_tmp_t); - - return tmp_size; -} - -u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u32 pw_min = 8; - - return pw_min; -} - -u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - // this overrides the reductions of PW_MAX in case optimized kernel is selected - // IOW, even in optimized kernel mode it support length 256 - - const u32 pw_max = PW_MAX; - - return pw_max; -} - -int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) -{ - u32 *digest = (u32 *) digest_buf; - - pbkdf2_sha256_aes_gcm_t *metamask = (pbkdf2_sha256_aes_gcm_t *) esalt_buf; - - hc_token_t token; - - memset (&token, 0, sizeof (hc_token_t)); - - token.token_cnt = 5; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_METAMASK_WALLET; - - token.len[0] = 16; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.sep[1] = '$'; - token.len_min[1] = 1; - token.len_max[1] = 6; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.sep[2] = '$'; - token.len[2] = 44; - token.attr[2] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; - - token.sep[3] = '$'; - token.len[3] = 24; - token.attr[3] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; - - token.sep[4] = '$'; - token.len_min[4] = 88; - token.len_max[4] = 88; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; - - const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - // iter - - const u8 *iter_pos = token.buf[1]; - - const int iter = strtol ((const char *) iter_pos, NULL, 10); - - if (iter < 1) return (PARSER_SALT_ITERATION); - - salt->salt_iter = iter - 1; - - // salt - - const u8 *salt_pos = token.buf[2]; - const int salt_len = token.len[2]; - - u8 tmp_buf[88+1]; - - memset (tmp_buf, 0, sizeof (tmp_buf)); - - size_t tmp_len = base64_decode (base64_to_int, salt_pos, salt_len, tmp_buf); - - if (tmp_len != 32) return (PARSER_SALT_LENGTH); - - memcpy (salt->salt_buf, tmp_buf, tmp_len); - - salt->salt_len = tmp_len; - - metamask->salt_buf[0] = salt->salt_buf[0]; - metamask->salt_buf[1] = salt->salt_buf[1]; - metamask->salt_buf[2] = salt->salt_buf[2]; - metamask->salt_buf[3] = salt->salt_buf[3]; - metamask->salt_buf[4] = salt->salt_buf[4]; - metamask->salt_buf[5] = salt->salt_buf[5]; - metamask->salt_buf[6] = salt->salt_buf[6]; - metamask->salt_buf[7] = salt->salt_buf[7]; - - // iv - - const u8 *iv_pos = token.buf[3]; - const int iv_len = token.len[3]; - - memset (tmp_buf, 0, sizeof (tmp_buf)); - - tmp_len = base64_decode (base64_to_int, iv_pos, iv_len, tmp_buf); - - if (tmp_len != 16) return (PARSER_IV_LENGTH); - - memcpy ((u8 *) metamask->iv_buf, tmp_buf, tmp_len); - - metamask->iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]); - metamask->iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]); - metamask->iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]); - metamask->iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]); - - metamask->iv_len = tmp_len; - - // ciphertext - - const u8 *ct_pos = token.buf[4]; - const int ct_len = token.len[4]; - - memset (tmp_buf, 0, sizeof (tmp_buf)); - - tmp_len = base64_decode (base64_to_int, ct_pos, ct_len, tmp_buf); - - if (tmp_len != 64) return (PARSER_CT_LENGTH); - - memcpy ((u8 *) metamask->ct_buf, tmp_buf, tmp_len); - - u32 j = tmp_len / 4; - - for (u32 i = 0; i < j; i++) - { - metamask->ct_buf[i] = byte_swap_32 (metamask->ct_buf[i]); - } - - metamask->ct_len = tmp_len; - - digest[0] = metamask->ct_buf[0]; - digest[1] = metamask->ct_buf[1]; - digest[2] = metamask->ct_buf[2]; - digest[3] = metamask->ct_buf[3]; - - return (PARSER_OK); -} - -int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) -{ - const pbkdf2_sha256_aes_gcm_t *metamask = (const pbkdf2_sha256_aes_gcm_t *) esalt_buf; - - // salt - - u8 salt_buf[44+1]; - - memset (salt_buf, 0, sizeof (salt_buf)); - - base64_encode (int_to_base64, (const u8 *) salt->salt_buf, (const int) salt->salt_len, salt_buf); - - // iv - - u32 tmp_iv_buf[4]; - - tmp_iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]); - tmp_iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]); - tmp_iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]); - tmp_iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]); - - u8 iv_buf[24+1]; - - memset (iv_buf, 0, sizeof (iv_buf)); - - base64_encode (int_to_base64, (const u8 *) tmp_iv_buf, (const int) metamask->iv_len, iv_buf); - - // ct - - u32 tmp_buf[16]; - - memset (tmp_buf, 0, sizeof (tmp_buf)); - - u32 ct_len = metamask->ct_len; - - u32 j = ct_len / 4; - - for (u32 i = 0; i < j; i++) tmp_buf[i] = byte_swap_32 (metamask->ct_buf[i]); - - u8 ct_buf[88+1]; - - memset (ct_buf, 0, sizeof (ct_buf)); - - base64_encode (int_to_base64, (const u8 *) tmp_buf, (const int) metamask->ct_len, ct_buf); - - u8 *out_buf = (u8 *) line_buf; - - int out_len = snprintf ((char *) out_buf, line_size, "%s%s$%s$%s", - SIGNATURE_METAMASK_WALLET, - salt_buf, - iv_buf, - ct_buf); - - return out_len; -} - -void module_init (module_ctx_t *module_ctx) -{ - module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; - module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; - - module_ctx->module_attack_exec = module_attack_exec; - module_ctx->module_benchmark_esalt = MODULE_DEFAULT; - module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; - module_ctx->module_benchmark_mask = MODULE_DEFAULT; - module_ctx->module_benchmark_charset = MODULE_DEFAULT; - module_ctx->module_benchmark_salt = MODULE_DEFAULT; - module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; - module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; - module_ctx->module_deprecated_notice = MODULE_DEFAULT; - module_ctx->module_dgst_pos0 = module_dgst_pos0; - module_ctx->module_dgst_pos1 = module_dgst_pos1; - module_ctx->module_dgst_pos2 = module_dgst_pos2; - module_ctx->module_dgst_pos3 = module_dgst_pos3; - module_ctx->module_dgst_size = module_dgst_size; - module_ctx->module_dictstat_disable = MODULE_DEFAULT; - module_ctx->module_esalt_size = module_esalt_size; - module_ctx->module_extra_buffer_size = MODULE_DEFAULT; - module_ctx->module_extra_tmp_size = MODULE_DEFAULT; - module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; - module_ctx->module_forced_outfile_format = MODULE_DEFAULT; - module_ctx->module_hash_binary_count = MODULE_DEFAULT; - module_ctx->module_hash_binary_parse = MODULE_DEFAULT; - module_ctx->module_hash_binary_save = MODULE_DEFAULT; - module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; - module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; - module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; - module_ctx->module_hash_decode = module_hash_decode; - module_ctx->module_hash_encode_status = MODULE_DEFAULT; - module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; - module_ctx->module_hash_encode = module_hash_encode; - module_ctx->module_hash_init_selftest = MODULE_DEFAULT; - module_ctx->module_hash_mode = MODULE_DEFAULT; - module_ctx->module_hash_category = module_hash_category; - module_ctx->module_hash_name = module_hash_name; - module_ctx->module_hashes_count_min = MODULE_DEFAULT; - module_ctx->module_hashes_count_max = MODULE_DEFAULT; - module_ctx->module_hlfmt_disable = MODULE_DEFAULT; - module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; - module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; - module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; - module_ctx->module_hook12 = MODULE_DEFAULT; - module_ctx->module_hook23 = MODULE_DEFAULT; - module_ctx->module_hook_salt_size = MODULE_DEFAULT; - module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; - module_ctx->module_jit_cache_disable = MODULE_DEFAULT; - module_ctx->module_kernel_accel_max = MODULE_DEFAULT; - module_ctx->module_kernel_accel_min = MODULE_DEFAULT; - module_ctx->module_kernel_loops_max = MODULE_DEFAULT; - module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = MODULE_DEFAULT; - module_ctx->module_kernel_threads_min = MODULE_DEFAULT; - module_ctx->module_kern_type = module_kern_type; - module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; - module_ctx->module_opti_type = module_opti_type; - module_ctx->module_opts_type = module_opts_type; - module_ctx->module_outfile_check_disable = MODULE_DEFAULT; - module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; - module_ctx->module_potfile_custom_check = MODULE_DEFAULT; - module_ctx->module_potfile_disable = MODULE_DEFAULT; - module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; - module_ctx->module_pwdump_column = MODULE_DEFAULT; - module_ctx->module_pw_max = module_pw_max; - module_ctx->module_pw_min = module_pw_min; - module_ctx->module_salt_max = MODULE_DEFAULT; - module_ctx->module_salt_min = MODULE_DEFAULT; - module_ctx->module_salt_type = module_salt_type; - module_ctx->module_separator = MODULE_DEFAULT; - module_ctx->module_st_hash = module_st_hash; - module_ctx->module_st_pass = module_st_pass; - module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; - module_ctx->module_warmup_disable = MODULE_DEFAULT; -} diff --git a/tools/metamask2hashcat.py b/tools/metamask2hashcat.py index 1e4de119c..6c32e82c7 100644 --- a/tools/metamask2hashcat.py +++ b/tools/metamask2hashcat.py @@ -94,7 +94,7 @@ def metamask_parser(file, shortdata): if __name__ == "__main__": parser = argparse.ArgumentParser(description="metamask2hashcat.py extraction tool") parser.add_argument('--vault', required=True, help='set metamask vault (json) file from path', type=str) - parser.add_argument('--shortdata', help='force short data, can only be used with m26610/m26630, ', action='store_true') + parser.add_argument('--shortdata', help='force short data, can only be used with m26610, ', action='store_true') args = parser.parse_args() From 5f9caed13db94572a00e1ba7831ad6da05abf2ad Mon Sep 17 00:00:00 2001 From: its5Q Date: Fri, 23 Feb 2024 06:24:24 +1000 Subject: [PATCH 5/6] Remove unused Metamask OpenCL kernels --- OpenCL/m26620-pure.cl | 375 -------------------------------------- OpenCL/m26630-pure.cl | 413 ------------------------------------------ 2 files changed, 788 deletions(-) delete mode 100644 OpenCL/m26620-pure.cl delete mode 100644 OpenCL/m26630-pure.cl diff --git a/OpenCL/m26620-pure.cl b/OpenCL/m26620-pure.cl deleted file mode 100644 index 26ad55595..000000000 --- a/OpenCL/m26620-pure.cl +++ /dev/null @@ -1,375 +0,0 @@ -/** - * Author......: See docs/credits.txt - * License.....: MIT - */ - -#define NEW_SIMD_CODE - -#ifdef KERNEL_STATIC -#include M2S(INCLUDE_PATH/inc_vendor.h) -#include M2S(INCLUDE_PATH/inc_types.h) -#include M2S(INCLUDE_PATH/inc_platform.cl) -#include M2S(INCLUDE_PATH/inc_common.cl) -#include M2S(INCLUDE_PATH/inc_simd.cl) -#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) -#include M2S(INCLUDE_PATH/inc_cipher_aes.cl) -#include M2S(INCLUDE_PATH/inc_cipher_aes-gcm.cl) -#endif - -#define COMPARE_S M2S(INCLUDE_PATH/inc_comp_single.cl) -#define COMPARE_M M2S(INCLUDE_PATH/inc_comp_multi.cl) - -typedef struct pbkdf2_sha256_tmp -{ - u32 ipad[8]; - u32 opad[8]; - - u32 dgst[32]; - u32 out[32]; - -} pbkdf2_sha256_tmp_t; - -typedef struct pbkdf2_sha256_aes_gcm -{ - u32 salt_buf[64]; - u32 iv_buf[4]; - u32 iv_len; - u32 ct_buf[784]; - u32 ct_len; - -} pbkdf2_sha256_aes_gcm_t; - -DECLSPEC void hmac_sha256_run_V (PRIVATE_AS u32x *w0, PRIVATE_AS u32x *w1, PRIVATE_AS u32x *w2, PRIVATE_AS u32x *w3, PRIVATE_AS u32x *ipad, PRIVATE_AS u32x *opad, PRIVATE_AS u32x *digest) -{ - digest[0] = ipad[0]; - digest[1] = ipad[1]; - digest[2] = ipad[2]; - digest[3] = ipad[3]; - digest[4] = ipad[4]; - digest[5] = ipad[5]; - digest[6] = ipad[6]; - digest[7] = ipad[7]; - - sha256_transform_vector (w0, w1, w2, w3, digest); - - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; - w1[1] = digest[5]; - w1[2] = digest[6]; - w1[3] = digest[7]; - w2[0] = 0x80000000; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = (64 + 32) * 8; - - digest[0] = opad[0]; - digest[1] = opad[1]; - digest[2] = opad[2]; - digest[3] = opad[3]; - digest[4] = opad[4]; - digest[5] = opad[5]; - digest[6] = opad[6]; - digest[7] = opad[7]; - - sha256_transform_vector (w0, w1, w2, w3, digest); -} - -KERNEL_FQ void m26620_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) -{ - /** - * base - */ - - const u64 gid = get_global_id (0); - - if (gid >= GID_CNT) return; - - sha256_hmac_ctx_t sha256_hmac_ctx; - - sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len); - - tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0]; - tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1]; - tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2]; - tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3]; - tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4]; - tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5]; - tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6]; - tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7]; - - tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0]; - tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1]; - tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2]; - tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3]; - tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4]; - tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5]; - tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6]; - tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7]; - - sha256_hmac_update_global_swap (&sha256_hmac_ctx, esalt_bufs[DIGESTS_OFFSET_HOST].salt_buf, salt_bufs[SALT_POS_HOST].salt_len); - - for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) - { - sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx; - - u32 w0[4]; - u32 w1[4]; - u32 w2[4]; - u32 w3[4]; - - w0[0] = j; - w0[1] = 0; - w0[2] = 0; - w0[3] = 0; - w1[0] = 0; - w1[1] = 0; - w1[2] = 0; - w1[3] = 0; - w2[0] = 0; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = 0; - - sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); - - sha256_hmac_final (&sha256_hmac_ctx2); - - tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0]; - tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1]; - tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2]; - tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3]; - tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4]; - tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5]; - tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6]; - tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7]; - - tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; - tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; - tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; - tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; - tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; - tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5]; - tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6]; - tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7]; - } -} - -KERNEL_FQ void m26620_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) -{ - const u64 gid = get_global_id (0); - - if ((gid * VECT_SIZE) >= GID_CNT) return; - - u32x ipad[8]; - u32x opad[8]; - - ipad[0] = packv (tmps, ipad, gid, 0); - ipad[1] = packv (tmps, ipad, gid, 1); - ipad[2] = packv (tmps, ipad, gid, 2); - ipad[3] = packv (tmps, ipad, gid, 3); - ipad[4] = packv (tmps, ipad, gid, 4); - ipad[5] = packv (tmps, ipad, gid, 5); - ipad[6] = packv (tmps, ipad, gid, 6); - ipad[7] = packv (tmps, ipad, gid, 7); - - opad[0] = packv (tmps, opad, gid, 0); - opad[1] = packv (tmps, opad, gid, 1); - opad[2] = packv (tmps, opad, gid, 2); - opad[3] = packv (tmps, opad, gid, 3); - opad[4] = packv (tmps, opad, gid, 4); - opad[5] = packv (tmps, opad, gid, 5); - opad[6] = packv (tmps, opad, gid, 6); - opad[7] = packv (tmps, opad, gid, 7); - - for (u32 i = 0; i < 8; i += 8) - { - u32x dgst[8]; - u32x out[8]; - - dgst[0] = packv (tmps, dgst, gid, i + 0); - dgst[1] = packv (tmps, dgst, gid, i + 1); - dgst[2] = packv (tmps, dgst, gid, i + 2); - dgst[3] = packv (tmps, dgst, gid, i + 3); - dgst[4] = packv (tmps, dgst, gid, i + 4); - dgst[5] = packv (tmps, dgst, gid, i + 5); - dgst[6] = packv (tmps, dgst, gid, i + 6); - dgst[7] = packv (tmps, dgst, gid, i + 7); - - out[0] = packv (tmps, out, gid, i + 0); - out[1] = packv (tmps, out, gid, i + 1); - out[2] = packv (tmps, out, gid, i + 2); - out[3] = packv (tmps, out, gid, i + 3); - out[4] = packv (tmps, out, gid, i + 4); - out[5] = packv (tmps, out, gid, i + 5); - out[6] = packv (tmps, out, gid, i + 6); - out[7] = packv (tmps, out, gid, i + 7); - - for (u32 j = 0; j < LOOP_CNT; j++) - { - u32x w0[4]; - u32x w1[4]; - u32x w2[4]; - u32x w3[4]; - - w0[0] = dgst[0]; - w0[1] = dgst[1]; - w0[2] = dgst[2]; - w0[3] = dgst[3]; - w1[0] = dgst[4]; - w1[1] = dgst[5]; - w1[2] = dgst[6]; - w1[3] = dgst[7]; - w2[0] = 0x80000000; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = (64 + 32) * 8; - - hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst); - - out[0] ^= dgst[0]; - out[1] ^= dgst[1]; - out[2] ^= dgst[2]; - out[3] ^= dgst[3]; - out[4] ^= dgst[4]; - out[5] ^= dgst[5]; - out[6] ^= dgst[6]; - out[7] ^= dgst[7]; - } - - unpackv (tmps, dgst, gid, i + 0, dgst[0]); - unpackv (tmps, dgst, gid, i + 1, dgst[1]); - unpackv (tmps, dgst, gid, i + 2, dgst[2]); - unpackv (tmps, dgst, gid, i + 3, dgst[3]); - unpackv (tmps, dgst, gid, i + 4, dgst[4]); - unpackv (tmps, dgst, gid, i + 5, dgst[5]); - unpackv (tmps, dgst, gid, i + 6, dgst[6]); - unpackv (tmps, dgst, gid, i + 7, dgst[7]); - - unpackv (tmps, out, gid, i + 0, out[0]); - unpackv (tmps, out, gid, i + 1, out[1]); - unpackv (tmps, out, gid, i + 2, out[2]); - unpackv (tmps, out, gid, i + 3, out[3]); - unpackv (tmps, out, gid, i + 4, out[4]); - unpackv (tmps, out, gid, i + 5, out[5]); - unpackv (tmps, out, gid, i + 6, out[6]); - unpackv (tmps, out, gid, i + 7, out[7]); - } -} - -KERNEL_FQ void m26620_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) -{ - const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= GID_CNT) return; - - // keys - - u32 ukey[8]; - - ukey[0] = tmps[gid].out[0]; - ukey[1] = tmps[gid].out[1]; - ukey[2] = tmps[gid].out[2]; - ukey[3] = tmps[gid].out[3]; - ukey[4] = tmps[gid].out[4]; - ukey[5] = tmps[gid].out[5]; - ukey[6] = tmps[gid].out[6]; - ukey[7] = tmps[gid].out[7]; - - u32 key_len = 32 * 8; - - u32 key[60] = { 0 }; - u32 subKey[4] = { 0 }; - - AES_GCM_Init (ukey, key_len, key, subKey, s_te0, s_te1, s_te2, s_te3, s_te4); - - // iv - - u32 iv[4]; - - iv[0] = esalt_bufs[DIGESTS_OFFSET_HOST].iv_buf[0]; - iv[1] = esalt_bufs[DIGESTS_OFFSET_HOST].iv_buf[1]; - iv[2] = esalt_bufs[DIGESTS_OFFSET_HOST].iv_buf[2]; - iv[3] = esalt_bufs[DIGESTS_OFFSET_HOST].iv_buf[3]; - - const u32 iv_len = esalt_bufs[DIGESTS_OFFSET_HOST].iv_len; - - u32 J0[4] = { 0 }; - - AES_GCM_Prepare_J0 (iv, iv_len, subKey, J0); - - // ct - - u32 T[4] = { 0 }; - u32 S[4] = { 0 }; - - u32 S_len = 16; - u32 aad_buf[4] = { 0 }; - u32 aad_len = 0; - - AES_GCM_GHASH_GLOBAL (subKey, aad_buf, aad_len, esalt_bufs[DIGESTS_OFFSET_HOST].ct_buf, esalt_bufs[DIGESTS_OFFSET_HOST].ct_len, S); - - AES_GCM_GCTR (key, J0, S, S_len, T, s_te0, s_te1, s_te2, s_te3, s_te4); - - /* compare tag */ - - const u32 r0 = T[0]; - const u32 r1 = T[1]; - const u32 r2 = T[2]; - const u32 r3 = T[3]; - - #define il_pos 0 - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif -} diff --git a/OpenCL/m26630-pure.cl b/OpenCL/m26630-pure.cl deleted file mode 100644 index 39727b730..000000000 --- a/OpenCL/m26630-pure.cl +++ /dev/null @@ -1,413 +0,0 @@ -/** - * Author......: See docs/credits.txt - * License.....: MIT - */ - -#define NEW_SIMD_CODE - -#ifdef KERNEL_STATIC -#include M2S(INCLUDE_PATH/inc_vendor.h) -#include M2S(INCLUDE_PATH/inc_types.h) -#include M2S(INCLUDE_PATH/inc_platform.cl) -#include M2S(INCLUDE_PATH/inc_common.cl) -#include M2S(INCLUDE_PATH/inc_simd.cl) -#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) -#include M2S(INCLUDE_PATH/inc_cipher_aes.cl) -#include M2S(INCLUDE_PATH/inc_cipher_aes-gcm.cl) -#endif - -#define COMPARE_S M2S(INCLUDE_PATH/inc_comp_single.cl) -#define COMPARE_M M2S(INCLUDE_PATH/inc_comp_multi.cl) - -typedef struct pbkdf2_sha256_tmp -{ - u32 ipad[8]; - u32 opad[8]; - - u32 dgst[32]; - u32 out[32]; - -} pbkdf2_sha256_tmp_t; - -typedef struct pbkdf2_sha256_aes_gcm -{ - u32 salt_buf[64]; - u32 iv_buf[4]; - u32 iv_len; - u32 ct_buf[16]; - u32 ct_len; - -} pbkdf2_sha256_aes_gcm_t; - -DECLSPEC void hmac_sha256_run_V (PRIVATE_AS u32x *w0, PRIVATE_AS u32x *w1, PRIVATE_AS u32x *w2, PRIVATE_AS u32x *w3, PRIVATE_AS u32x *ipad, PRIVATE_AS u32x *opad, PRIVATE_AS u32x *digest) -{ - digest[0] = ipad[0]; - digest[1] = ipad[1]; - digest[2] = ipad[2]; - digest[3] = ipad[3]; - digest[4] = ipad[4]; - digest[5] = ipad[5]; - digest[6] = ipad[6]; - digest[7] = ipad[7]; - - sha256_transform_vector (w0, w1, w2, w3, digest); - - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; - w1[1] = digest[5]; - w1[2] = digest[6]; - w1[3] = digest[7]; - w2[0] = 0x80000000; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = (64 + 32) * 8; - - digest[0] = opad[0]; - digest[1] = opad[1]; - digest[2] = opad[2]; - digest[3] = opad[3]; - digest[4] = opad[4]; - digest[5] = opad[5]; - digest[6] = opad[6]; - digest[7] = opad[7]; - - sha256_transform_vector (w0, w1, w2, w3, digest); -} - -KERNEL_FQ void m26630_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) -{ - /** - * base - */ - - const u64 gid = get_global_id (0); - - if (gid >= GID_CNT) return; - - sha256_hmac_ctx_t sha256_hmac_ctx; - - sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len); - - tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0]; - tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1]; - tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2]; - tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3]; - tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4]; - tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5]; - tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6]; - tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7]; - - tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0]; - tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1]; - tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2]; - tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3]; - tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4]; - tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5]; - tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6]; - tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7]; - - sha256_hmac_update_global_swap (&sha256_hmac_ctx, esalt_bufs[DIGESTS_OFFSET_HOST].salt_buf, salt_bufs[SALT_POS_HOST].salt_len); - - for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) - { - sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx; - - u32 w0[4]; - u32 w1[4]; - u32 w2[4]; - u32 w3[4]; - - w0[0] = j; - w0[1] = 0; - w0[2] = 0; - w0[3] = 0; - w1[0] = 0; - w1[1] = 0; - w1[2] = 0; - w1[3] = 0; - w2[0] = 0; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = 0; - - sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); - - sha256_hmac_final (&sha256_hmac_ctx2); - - tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0]; - tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1]; - tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2]; - tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3]; - tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4]; - tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5]; - tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6]; - tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7]; - - tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; - tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; - tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; - tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; - tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; - tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5]; - tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6]; - tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7]; - } -} - -KERNEL_FQ void m26630_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) -{ - const u64 gid = get_global_id (0); - - if ((gid * VECT_SIZE) >= GID_CNT) return; - - u32x ipad[8]; - u32x opad[8]; - - ipad[0] = packv (tmps, ipad, gid, 0); - ipad[1] = packv (tmps, ipad, gid, 1); - ipad[2] = packv (tmps, ipad, gid, 2); - ipad[3] = packv (tmps, ipad, gid, 3); - ipad[4] = packv (tmps, ipad, gid, 4); - ipad[5] = packv (tmps, ipad, gid, 5); - ipad[6] = packv (tmps, ipad, gid, 6); - ipad[7] = packv (tmps, ipad, gid, 7); - - opad[0] = packv (tmps, opad, gid, 0); - opad[1] = packv (tmps, opad, gid, 1); - opad[2] = packv (tmps, opad, gid, 2); - opad[3] = packv (tmps, opad, gid, 3); - opad[4] = packv (tmps, opad, gid, 4); - opad[5] = packv (tmps, opad, gid, 5); - opad[6] = packv (tmps, opad, gid, 6); - opad[7] = packv (tmps, opad, gid, 7); - - for (u32 i = 0; i < 8; i += 8) - { - u32x dgst[8]; - u32x out[8]; - - dgst[0] = packv (tmps, dgst, gid, i + 0); - dgst[1] = packv (tmps, dgst, gid, i + 1); - dgst[2] = packv (tmps, dgst, gid, i + 2); - dgst[3] = packv (tmps, dgst, gid, i + 3); - dgst[4] = packv (tmps, dgst, gid, i + 4); - dgst[5] = packv (tmps, dgst, gid, i + 5); - dgst[6] = packv (tmps, dgst, gid, i + 6); - dgst[7] = packv (tmps, dgst, gid, i + 7); - - out[0] = packv (tmps, out, gid, i + 0); - out[1] = packv (tmps, out, gid, i + 1); - out[2] = packv (tmps, out, gid, i + 2); - out[3] = packv (tmps, out, gid, i + 3); - out[4] = packv (tmps, out, gid, i + 4); - out[5] = packv (tmps, out, gid, i + 5); - out[6] = packv (tmps, out, gid, i + 6); - out[7] = packv (tmps, out, gid, i + 7); - - for (u32 j = 0; j < LOOP_CNT; j++) - { - u32x w0[4]; - u32x w1[4]; - u32x w2[4]; - u32x w3[4]; - - w0[0] = dgst[0]; - w0[1] = dgst[1]; - w0[2] = dgst[2]; - w0[3] = dgst[3]; - w1[0] = dgst[4]; - w1[1] = dgst[5]; - w1[2] = dgst[6]; - w1[3] = dgst[7]; - w2[0] = 0x80000000; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = (64 + 32) * 8; - - hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst); - - out[0] ^= dgst[0]; - out[1] ^= dgst[1]; - out[2] ^= dgst[2]; - out[3] ^= dgst[3]; - out[4] ^= dgst[4]; - out[5] ^= dgst[5]; - out[6] ^= dgst[6]; - out[7] ^= dgst[7]; - } - - unpackv (tmps, dgst, gid, i + 0, dgst[0]); - unpackv (tmps, dgst, gid, i + 1, dgst[1]); - unpackv (tmps, dgst, gid, i + 2, dgst[2]); - unpackv (tmps, dgst, gid, i + 3, dgst[3]); - unpackv (tmps, dgst, gid, i + 4, dgst[4]); - unpackv (tmps, dgst, gid, i + 5, dgst[5]); - unpackv (tmps, dgst, gid, i + 6, dgst[6]); - unpackv (tmps, dgst, gid, i + 7, dgst[7]); - - unpackv (tmps, out, gid, i + 0, out[0]); - unpackv (tmps, out, gid, i + 1, out[1]); - unpackv (tmps, out, gid, i + 2, out[2]); - unpackv (tmps, out, gid, i + 3, out[3]); - unpackv (tmps, out, gid, i + 4, out[4]); - unpackv (tmps, out, gid, i + 5, out[5]); - unpackv (tmps, out, gid, i + 6, out[6]); - unpackv (tmps, out, gid, i + 7, out[7]); - } -} - -KERNEL_FQ void m26630_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t)) -{ - const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= GID_CNT) return; - - const u32 digest_pos = LOOP_POS; - - const u32 digest_cur = DIGESTS_OFFSET_HOST + digest_pos; - - GLOBAL_AS const pbkdf2_sha256_aes_gcm_t *pbkdf2_sha256_aes_gcm = &esalt_bufs[digest_cur]; - - // keys - - u32 ukey[8]; - - ukey[0] = tmps[gid].out[0]; - ukey[1] = tmps[gid].out[1]; - ukey[2] = tmps[gid].out[2]; - ukey[3] = tmps[gid].out[3]; - ukey[4] = tmps[gid].out[4]; - ukey[5] = tmps[gid].out[5]; - ukey[6] = tmps[gid].out[6]; - ukey[7] = tmps[gid].out[7]; - - u32 key_len = 32 * 8; - - u32 key[60] = { 0 }; - u32 subKey[4] = { 0 }; - - AES_GCM_Init (ukey, key_len, key, subKey, s_te0, s_te1, s_te2, s_te3, s_te4); - - // iv - - u32 iv[4]; - - iv[0] = pbkdf2_sha256_aes_gcm->iv_buf[0]; - iv[1] = pbkdf2_sha256_aes_gcm->iv_buf[1]; - iv[2] = pbkdf2_sha256_aes_gcm->iv_buf[2]; - iv[3] = pbkdf2_sha256_aes_gcm->iv_buf[3]; - - const u32 iv_len = pbkdf2_sha256_aes_gcm->iv_len; - - u32 J0[4] = { 0 }; - - AES_GCM_Prepare_J0 (iv, iv_len, subKey, J0); - - u32 ct[8]; - - ct[0] = pbkdf2_sha256_aes_gcm->ct_buf[0]; // first block of ciphertext - ct[1] = pbkdf2_sha256_aes_gcm->ct_buf[1]; - ct[2] = pbkdf2_sha256_aes_gcm->ct_buf[2]; - ct[3] = pbkdf2_sha256_aes_gcm->ct_buf[3]; - ct[4] = pbkdf2_sha256_aes_gcm->ct_buf[4]; // second block of ciphertext - ct[5] = pbkdf2_sha256_aes_gcm->ct_buf[5]; - ct[6] = pbkdf2_sha256_aes_gcm->ct_buf[6]; - ct[7] = pbkdf2_sha256_aes_gcm->ct_buf[7]; - - u32 pt[8] = { 0 }; - - AES_GCM_decrypt (key, J0, ct, 32, pt, s_te0, s_te1, s_te2, s_te3, s_te4); - - const int correct = is_valid_printable_32 (pt[0]) - + is_valid_printable_32 (pt[1]) - + is_valid_printable_32 (pt[2]) - + is_valid_printable_32 (pt[3]) - + is_valid_printable_32 (pt[4]) - + is_valid_printable_32 (pt[5]) - + is_valid_printable_32 (pt[6]) - + is_valid_printable_32 (pt[7]); - - if (correct != 8) return; - - /* - const int pt_len = 28; // not using 32 byte but 28 because our UTF8 allows up to 4 byte per character and since we decrypt 32 byte - // only we can't guarantee it is not in the middle of a UTF8 byte stream at that point - - if (hc_enc_scan (pt, pt_len)) - { - hc_enc_t hc_enc; - - hc_enc_init (&hc_enc); - - while (hc_enc_has_next (&hc_enc, pt_len)) - { - u32 enc_buf[16] = { 0 }; - - const int enc_len = hc_enc_next (&hc_enc, pt, pt_len, 32, enc_buf, sizeof (enc_buf)); - - if (enc_len == -1) return; - } - } - */ - - const u32 r0 = ct[0]; - const u32 r1 = ct[1]; - const u32 r2 = ct[2]; - const u32 r3 = ct[3]; - - #define il_pos 0 - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif -} From 9a14c99bb129fb6e67f4b5566b0d47a10c826499 Mon Sep 17 00:00:00 2001 From: its5Q Date: Sat, 24 Feb 2024 16:42:08 +1000 Subject: [PATCH 6/6] Update metamask2hashcat to use new format and add test vault JSON --- tools/2hashcat_tests/metamask2hashcat.withrounds.json | 1 + tools/metamask2hashcat.py | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 tools/2hashcat_tests/metamask2hashcat.withrounds.json diff --git a/tools/2hashcat_tests/metamask2hashcat.withrounds.json b/tools/2hashcat_tests/metamask2hashcat.withrounds.json new file mode 100644 index 000000000..b865647fd --- /dev/null +++ b/tools/2hashcat_tests/metamask2hashcat.withrounds.json @@ -0,0 +1 @@ +{"data":"G2Qsp8BtQNz9E1vFlSebykcGkps5iJ53fBjJV8GIE7eolAQpz5m25MTZv0b0t2tpqXvfgEYKYZKsoLvuWWRHqj2ommt+U0l6fEGPY6lTn5PYzDtMKNpPWHKCIS/QYhwEA9/X5RtyIwDL6VqcRp6owV+/icmRlQa+TI5buHWZ+99Z1kBbpTDVYLBwhMRsODM1vYizQDg0vFIo3cQDtpRWUqpAKXhFcpgRD+9grS3pP/zdlIUn//87DZ3ue6Sn6WFOe08EvuY8sYZqTiN3GxcfESOltNbZJGcedMubt/jGsk+qIwUWC/f456UgeX9DN7i2pQBBI+L7qkY5v1WT5Y0i8uho1c2M2G8M9miO8HSm/j4bpMN1J6lPtjFhfAzEPS1go1w2vTmOtr1y+2A4M6HEOcxIrPJ8lUUH9pcN7Xpd+u/tQv8BYFxd6RlNYKLyA6OChbF+TD5Zz6oFZQtkprXqzZUFOlxeWJ373kHMISZtXOx44YGaiT2178fXgHFXavw=","iv":"N1aDRjt2ZD5x15Q1X9zVUw==","keyMetadata":{"algorithm":"PBKDF2","params":{"iterations":600000}},"salt":"MBdUsmTcBHGCASECYr3gmD8XaJROwjhOegSWweCFhco="} diff --git a/tools/metamask2hashcat.py b/tools/metamask2hashcat.py index 823f528b6..319889c60 100644 --- a/tools/metamask2hashcat.py +++ b/tools/metamask2hashcat.py @@ -58,6 +58,7 @@ def metamask_parser(file, shortdata): iter_count = j['keyMetadata']['params']['iterations'] except KeyError: iter_count = 10_000 + if((len(j['data']) > 3000) or shortdata): data_bin = base64.b64decode(j['data']) # TODO limit data to 16 bytes, we only check the first block of data, so we don't need more data. @@ -66,12 +67,12 @@ def metamask_parser(file, shortdata): j['data'] = base64.b64encode(data_bin[0:64]).decode("ascii") if iter_count != 10000: - print('$metamask-short$' + str(iter_count) + '$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) + print('$metamask-short$rounds=' + str(iter_count) + '$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) else: print('$metamask-short$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) else: if iter_count != 10000: - print('$metamask$' + str(iter_count) + '$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) + print('$metamask$rounds=' + str(iter_count) + '$' + j['salt'] + '$' + j['iv'] + '$' + j['data']) else: print('$metamask$' + j['salt'] + '$' + j['iv'] + '$' + j['data'])