#!/usr/bin/env bash ## ## Author......: See docs/credits.txt ## License.....: MIT ## OPTS="--quiet --potfile-disable --runtime 400 --hwmon-disable" TDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # List of TrueCrypt modes which have test containers TC_MODES="6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243" # List of VeraCrypt modes which have test containers VC_MODES="13711 13712 13713 13721 13722 13723 13731 13732 13733 13741 13742 13743 13751 13752 13753 13761 13762 13763 13771 13772 13773" # List of modes which either are OPTS_TYPE_PT_NEVERCRACK or produce collisions NEVER_CRACK="9720 9820 14900 18100" # List of modes which return a different output hash format than the input hash format NOCHECK_ENCODING="16800 22000" # LUKS mode has test containers LUKS_MODE="14600" # Cryptoloop mode which have test containers CL_MODES="14511 14512 14513 14521 14522 14523 14531 14532 14533 14541 14542 14543 14551 14552 14553" # missing hash types: 5200 HASH_TYPES=$(ls "${TDIR}"/test_modules/*.pm | sed -E 's/.*m0*([0-9]+).pm/\1/') HASH_TYPES="${HASH_TYPES} ${TC_MODES} ${VC_MODES} ${LUKS_MODE} ${CL_MODES}" HASH_TYPES=$(echo -n "${HASH_TYPES}" | tr ' ' '\n' | sort -u -n | tr '\n' ' ') VECTOR_WIDTHS="1 2 4 8 16" HASHFILE_ONLY=$(grep -l OPTS_TYPE_BINARY_HASHFILE "${TDIR}"/../src/modules/module_*.c | sed -E 's/.*module_0*([0-9]+).c/\1/' | tr '\n' ' ') SLOW_ALGOS=$(grep -l ATTACK_EXEC_OUTSIDE_KERNEL "${TDIR}"/../src/modules/module_*.c | sed -E 's/.*module_0*([0-9]+).c/\1/' | tr '\n' ' ') OUTD="test_$(date +%s)" PACKAGE_CMD="7z a" PACKAGE_FOLDER="" EXTRACT_CMD="7z x" mask_3[0]="" mask_3[1]="?d" mask_3[2]="?d?d" mask_3[3]="?d?d?d" mask_3[4]="?d?d?d?d" mask_3[5]="?d?d?d?d?d" mask_3[6]="?d?d?d?d?d?d" mask_3[7]="?d?d?d?d?d?d?d" mask_3[8]="?d?d?d?d?d?d?d?d" mask_3[9]="?d?d?d?d?d?d?d?d?d" mask_3[10]="?d?d?d?d?d?d?d?d?d?d" mask_3[11]="?d?d?d?d?d?d?d?d?d?d?d" mask_3[12]="?d?d?d?d?d?d?d?d?d?d?d?d" mask_3[13]="?d?d?d?d?d?d?d?d?d?d?d?d?d" mask_3[14]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d" mask_3[15]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d" mask_3[16]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d0" mask_3[17]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d00" mask_3[18]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d000" mask_3[19]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d0000" mask_3[20]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d00000" mask_3[21]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d000000" mask_3[22]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d0000000" mask_3[23]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d00000000" mask_3[24]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d000000000" mask_3[25]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d0000000000" mask_3[26]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d00000000000" mask_3[27]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d000000000000" mask_3[28]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d0000000000000" mask_3[29]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d00000000000000" mask_3[30]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d000000000000000" mask_3[31]="?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d0000000000000000" mask_6[0]="" mask_6[1]="" mask_6[2]="?d" mask_6[3]="?d?d" mask_6[4]="?d?d" mask_6[5]="?d?d?d" mask_6[6]="?d?d?d" mask_6[7]="?d?d?d?d" mask_6[8]="?d?d?d?d" mask_6[9]="?d?d?d?d?d" mask_6[10]="?d?d?d?d?d" mask_6[11]="?d?d?d?d?d?d" mask_6[12]="?d?d?d?d?d?d" mask_6[13]="?d?d?d?d?d?d?d" mask_6[14]="?d?d?d?d?d?d?d" mask_6[15]="?d?d?d?d?d?d?d?d" mask_6[16]="?d?d?d?d?d?d?d?d" mask_6[17]="?d?d?d?d?d?d?d?d0" mask_6[18]="?d?d?d?d?d?d?d?d0" mask_6[19]="?d?d?d?d?d?d?d?d00" mask_6[20]="?d?d?d?d?d?d?d?d00" mask_6[21]="?d?d?d?d?d?d?d?d000" mask_6[22]="?d?d?d?d?d?d?d?d000" mask_6[23]="?d?d?d?d?d?d?d?d0000" mask_6[24]="?d?d?d?d?d?d?d?d0000" mask_6[25]="?d?d?d?d?d?d?d?d00000" mask_6[26]="?d?d?d?d?d?d?d?d00000" mask_6[27]="?d?d?d?d?d?d?d?d000000" mask_6[28]="?d?d?d?d?d?d?d?d000000" mask_6[29]="?d?d?d?d?d?d?d?d0000000" mask_6[30]="?d?d?d?d?d?d?d?d0000000" mask_6[31]="?d?d?d?d?d?d?d?d00000000" mask_7[0]="" mask_7[1]="" mask_7[2]="?d" mask_7[3]="?d" mask_7[4]="?d?d" mask_7[5]="?d?d" mask_7[6]="?d?d?d" mask_7[7]="?d?d?d" mask_7[8]="?d?d?d?d" mask_7[9]="?d?d?d?d" mask_7[10]="?d?d?d?d?d" mask_7[11]="?d?d?d?d?d" mask_7[12]="?d?d?d?d?d?d" mask_7[13]="?d?d?d?d?d?d" mask_7[14]="?d?d?d?d?d?d?d" mask_7[15]="?d?d?d?d?d?d?d" mask_7[16]="?d?d?d?d?d?d?d?d" mask_7[17]="?d?d?d?d?d?d?d?d" mask_7[18]="?d?d?d?d?d?d?d?d0" mask_7[19]="?d?d?d?d?d?d?d?d0" mask_7[20]="?d?d?d?d?d?d?d?d00" mask_7[21]="?d?d?d?d?d?d?d?d00" mask_7[22]="?d?d?d?d?d?d?d?d000" mask_7[23]="?d?d?d?d?d?d?d?d000" mask_7[24]="?d?d?d?d?d?d?d?d0000" mask_7[25]="?d?d?d?d?d?d?d?d0000" mask_7[26]="?d?d?d?d?d?d?d?d00000" mask_7[27]="?d?d?d?d?d?d?d?d00000" mask_7[28]="?d?d?d?d?d?d?d?d000000" mask_7[29]="?d?d?d?d?d?d?d?d000000" mask_7[30]="?d?d?d?d?d?d?d?d0000000" mask_7[31]="?d?d?d?d?d?d?d?d0000000" # Array lookup # $1: value # $2: array # Returns 0 (SUCCESS) if the value is found, 1 otherwise function is_in_array() { for e in "${@:2}"; do [ "$e" = "$1" ] && return 0 done return 1 } function init() { if [ "${PACKAGE}" -eq 1 ]; then echo "[ ${OUTD} ] > Generate tests for hash type $hash_type." else echo "[ ${OUTD} ] > Init test for hash type $hash_type." fi rm -rf "${OUTD}/${hash_type}.sh" "${OUTD}/${hash_type}_passwords.txt" "${OUTD}/${hash_type}_hashes.txt" # Exclude TrueCrypt, VeraCrypt and CryptoLoop testing modes if is_in_array "${hash_type}" ${TC_MODES}; then return 0 fi if is_in_array "${hash_type}" ${VC_MODES}; then return 0 fi if is_in_array "${hash_type}" ${CL_MODES}; then return 0 fi if [ "${hash_type}" -eq ${LUKS_MODE} ]; then luks_tests_folder="${TDIR}/luks_tests/" if [ ! -d "${luks_tests_folder}" ]; then mkdir -p "${luks_tests_folder}" fi luks_first_test_file="${luks_tests_folder}/hashcat_ripemd160_aes_cbc-essiv_128.luks" if [ ! -f "${luks_first_test_file}" ]; then luks_tests="hashcat_luks_testfiles.7z" luks_tests_url="https://hashcat.net/misc/example_hashes/${luks_tests}" cd "${TDIR}" || exit # if the file already exists, but was not successfully extracted, we assume it's a broken # downloaded file and therefore it should be deleted if [ -f "${luks_tests}" ]; then rm -f "${luks_tests}" fi echo "" echo "ATTENTION: the luks test files (for -m ${hash_type}) are currently missing on your system." echo "They will be fetched from ${luks_tests_url}" echo "Note: this needs to be done only once and could take a little bit to download/extract." echo "These luks test files are not shipped directly with hashcat because the file sizes are" echo "particularily large and therefore a bandwidth burner for users who do not run these tests." echo "" # download: if ! wget -q "${luks_tests_url}" >/dev/null 2>/dev/null; then cd - >/dev/null echo "ERROR: Could not fetch the luks test files from this url: ${luks_tests_url}" exit 1 fi # extract: ${EXTRACT_CMD} "${luks_tests}" >/dev/null 2>/dev/null # cleanup: rm -f "${luks_tests}" cd - >/dev/null || exit # just to be very sure, check again that (one of) the files now exist: if [ ! -f "${luks_first_test_file}" ]; then echo "ERROR: downloading and extracting ${luks_tests} into ${luks_tests_folder} did not complete successfully" exit 1 fi fi return 0 fi # create list of password and hashes of same type cmd_file=${OUTD}/${hash_type}.sh grep " ${hash_type} '" "${OUTD}/all.sh" > "${cmd_file}" 2>/dev/null # create separate list of password and hashes sed 's/^echo *|.*$//' "${cmd_file}" | awk '{print $2}' > "${OUTD}/${hash_type}_passwords.txt" sed 's/^echo *|/echo "" |/' "${cmd_file}" | awk '{print $10}' | cut -d"'" -f2 > "${OUTD}/${hash_type}_hashes.txt" if [ "${hash_type}" -eq 10300 ]; then #cat ${OUTD}/${hash_type}.sh | cut -d' ' -f11- | cut -d"'" -f2 > ${OUTD}/${hash_type}_hashes.txt cut -d"'" -f2 "${OUTD}/${hash_type}.sh" > "${OUTD}/${hash_type}_hashes.txt" fi # truncate dicts rm -rf "${OUTD}/${hash_type}_dict1" "${OUTD}/${hash_type}_dict2" touch "${OUTD}/${hash_type}_dict1" "${OUTD}/${hash_type}_dict2" # minimum password length min=1 # minimum line number from start of the file min_offset=0 # minimum offset starting from ${min} lines if [ "${hash_type}" -eq 2500 ]; then min_offset=7 # means length 8, since we start with 0 elif [ "${hash_type}" -eq 14000 ]; then min=0 min_offset=4 elif [ "${hash_type}" -eq 14100 ]; then min=0 min_offset=3 elif [ "${hash_type}" -eq 14900 ]; then min=0 min_offset=5 elif [ "${hash_type}" -eq 15400 ]; then min=0 min_offset=3 elif [ "${hash_type}" -eq 16800 ]; then min_offset=7 # means length 8, since we start with 0 elif [ "${hash_type}" -eq 22000 ]; then min_offset=7 # means length 8, since we start with 0 fi # foreach password entry split password in 2 (skip first entry, is len 1) i=1 while read -r -u 9 pass; do if [ ${i} -gt ${min} ]; then # split password, 'i' is the len p0=$((i / 2)) p1=$((p0 + 1)) # special case (passwords longer than expected) pass_len=${#pass} if [ "${pass_len}" -gt 1 ] then p1=$((p1 + min_offset)) p0=$((p0 + min_offset)) if [ "${p1}" -gt "${pass_len}" ]; then p1=${pass_len} p0=$((p1 - 1)) fi # add splitted password to dicts echo "${pass}" | cut -c -${p0} >> "${OUTD}/${hash_type}_dict1" echo "${pass}" | cut -c ${p1}- >> "${OUTD}/${hash_type}_dict2" elif [ "${pass_len}" -eq 1 ]; then echo "${pass}" >> "${OUTD}/${hash_type}_dict1" echo >> "${OUTD}/${hash_type}_dict2" else echo >> "${OUTD}/${hash_type}_dict1" echo >> "${OUTD}/${hash_type}_dict2" fi fi i=$((i + 1)) done 9< "${OUTD}/${hash_type}_passwords.txt" min_len=0 if [ "${hash_type}" -eq 2500 ]; then min_len=7 # means length 8, since we start with 0 elif [ "${hash_type}" -eq 14000 ]; then min_len=7 elif [ "${hash_type}" -eq 14100 ]; then min_len=23 elif [ "${hash_type}" -eq 14900 ]; then min_len=9 elif [ "${hash_type}" -eq 15400 ]; then min_len=31 elif [ "${hash_type}" -eq 16800 ]; then min_len=7 # means length 8, since we start with 0 elif [ "${hash_type}" -eq 22000 ]; then min_len=7 # means length 8, since we start with 0 fi # generate multiple pass/hash foreach len (2 to 8) if [ "${MODE}" -ge 1 ]; then i=2 while [ "$i" -lt 9 ]; do cmd_file=${OUTD}/${hash_type}_multi_${i}.txt rm -rf "${cmd_file}" "${OUTD}/${hash_type}_passwords_multi_${i}.txt" "${OUTD}/${hash_type}_hashes_multi_${i}.txt" rm -rf "${OUTD}/${hash_type}_dict1_multi_${i}" "${OUTD}/${hash_type}_dict2_multi_${i}" touch "${OUTD}/${hash_type}_dict1_multi_${i}" "${OUTD}/${hash_type}_dict2_multi_${i}" perl tools/test.pl single "${hash_type}" ${i} > "${cmd_file}" sed 's/^echo *|.*$//' "${cmd_file}" | awk '{print $2}' > "${OUTD}/${hash_type}_passwords_multi_${i}.txt" sed 's/^echo *|/echo "" |/' "${cmd_file}" | awk '{print $10}' | cut -d"'" -f2 > "${OUTD}/${hash_type}_hashes_multi_${i}.txt" if [ "${hash_type}" -eq 10300 ]; then #cat ${OUTD}/${hash_type}_multi_${i}.txt | cut -d' ' -f11- | cut -d"'" -f2 > ${OUTD}/${hash_type}_hashes_multi_${i}.txt cut -d"'" -f2 "${OUTD}/${hash_type}_multi_${i}.txt" > "${OUTD}/${hash_type}_hashes_multi_${i}.txt" fi # split password, 'i' is the len p0=$((i / 2)) p1=$((p0 + 1)) p0=$((p0 + min_len)) p1=$((p1 + min_len)) while read -r -u 9 pass; do # add splitted password to dicts echo "${pass}" | cut -c -${p0} >> "${OUTD}/${hash_type}_dict1_multi_${i}" echo "${pass}" | cut -c ${p1}- >> "${OUTD}/${hash_type}_dict2_multi_${i}" done 9< "${OUTD}/${hash_type}_passwords_multi_${i}.txt" i=$((i + 1)) done fi } function status() { RET=$1 cnt=$((cnt + 1)) if [ "${RET}" -ne 0 ]; then case ${RET} in 1) if ! is_in_array "${hash_type}" ${NEVER_CRACK_ALGOS}; then echo "password not found, cmdline : ${CMD}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" e_nf=$((e_nf + 1)) fi ;; 4) echo "timeout reached, cmdline : ${CMD}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" e_to=$((e_to + 1)) ;; 10) if is_in_array "${hash_type}" ${NEVER_CRACK_ALGOS}; then return fi if [ "${pass_only}" -eq 1 ]; then echo "plains not found in output, cmdline : ${CMD}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" else echo "hash:plains not matched in output, cmdline : ${CMD}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.tx"t fi e_nm=$((e_nm + 1)) ;; *) echo "! unhandled return code ${RET}, cmdline : ${CMD}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" echo "! unhandled return code, see ${OUTD}/logfull.txt for details." e_nf=$((e_nf + 1)) ;; esac fi } function attack_0() { file_only=0 if is_in_array "${hash_type}" ${FILE_BASED_ALGOS}; then file_only=1 fi # single hash if [ "${MODE}" -ne 1 ]; then e_to=0 e_nf=0 e_nm=0 cnt=0 echo "> Testing hash type $hash_type with attack mode 0, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" max=32 if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then max=12 fi i=0 while read -r -u 9 line; do if [ "${i}" -ge ${max} ]; then break fi hash="$(echo "${line}" | cut -d\' -f2)" pass="$(echo "${line}" | cut -d' ' -f2)" if [ -z "${hash}" ]; then break fi if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" if [ "${hash_type}" -ne 22000 ]; then echo "${hash}" | base64 -d > "${temp_file}" else echo "${hash}" > "${temp_file}" fi hash="${temp_file}" fi pass_old=${pass} if [ "${hash_type}" -eq 20510 ]; then # special case for PKZIP Master Key pass=$(echo "${pass}" | cut -b 7-) # skip the first 6 chars fi CMD="echo ${pass} | ./${BIN} ${OPTS} -a 0 -m ${hash_type} '${hash}'" echo -n "[ len $((i + 1)) ] " >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(echo "${pass}" | ./${BIN} ${OPTS} -a 0 -m ${hash_type} "${hash}" 2>&1) ret=${?} pass=${pass_old} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then if [ "${pass_only}" -eq 1 ]; then search=":${pass}" else search="${hash}:${pass}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 fi fi status ${ret} i=$((i + 1)) done 9< "${OUTD}/${hash_type}.sh" msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 0, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" fi # multihash if [ "${MODE}" -ne 0 ]; then e_to=0 e_nf=0 e_nm=0 cnt=0 echo "> Testing hash type $hash_type with attack mode 0, markov ${MARKOV}, multi hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" hash_file=${OUTD}/${hash_type}_hashes.txt # if file_only -> decode all base64 "hashes" and put them in the temporary file if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" rm -f "${temp_file}" hash_file=${temp_file} while read -r file_only_hash; do if [ "${hash_type}" -ne 22000 ]; then echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" else echo "${file_only_hash}" >> "${temp_file}" fi done < "${OUTD}/${hash_type}_hashes.txt" fi CMD="cat ${OUTD}/${hash_type}_passwords.txt | ./${BIN} ${OPTS} -a 0 -m ${hash_type} ${hash_file}" output=$(./${BIN} ${OPTS} -a 0 -m ${hash_type} ${hash_file} < ${OUTD}/${hash_type}_passwords.txt 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then i=1 while read -r -u 9 hash; do pass=$(sed -n ${i}p "${OUTD}/${hash_type}_passwords.txt") if [ "${pass_only}" -eq 1 ]; then search=":${pass}" else search="${hash}:${pass}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 break fi i=$((i + 1)) done 9< "${OUTD}/${hash_type}_hashes.txt" fi status ${ret} msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 0, Mode multi, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" fi } function attack_1() { file_only=0 if is_in_array "${hash_type}" ${FILE_BASED_ALGOS}; then file_only=1 fi # single hash if [ "${MODE}" -ne 1 ]; then e_to=0 e_nf=0 e_nm=0 cnt=0 min=1 max=8 if [ "${hash_type}" -eq 14000 ]; then min=0 max=5 elif [ "${hash_type}" -eq 14100 ]; then min=0 max=5 elif [ "${hash_type}" -eq 14900 ]; then min=0 max=5 elif [ "${hash_type}" -eq 15400 ]; then min=0 max=5 fi echo "> Testing hash type $hash_type with attack mode 1, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" i=1 while read -r -u 9 hash; do if [ $i -gt ${min} ]; then if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" if [ "${hash_type}" -ne 22000 ]; then echo "${hash}" | base64 -d > "${temp_file}" else echo "${hash}" > "${temp_file}" fi hash="${temp_file}" fi line_nr=1 if [ "$min" -eq 0 ]; then line_nr=$i elif [ "${i}" -gt 1 ]; then line_nr=$((i - 1)) fi dict1="${OUTD}/${hash_type}_dict1" dict2="${OUTD}/${hash_type}_dict2" if [ "${hash_type}" -eq 20510 ]; then # special case for PKZIP Master Key line_dict1=$(sed -n ${line_nr}p "${dict1}") line_dict2=$(sed -n ${line_nr}p "${dict2}") line_num=$(wc -l "${dict1}" | sed -E 's/ *([0-9]+) .*$/\1/') line_dict1_orig=${line_dict1} line_dict2_orig=${line_dict2} if [ "${#line_dict1}" -ge 6 ]; then line_dict1=$(echo "${line_dict1}" | cut -b 7-) # skip the first 6 chars else # we need to also "steal" some chars from the second dict num_to_steal=$((6 - ${#line_dict1})) num_steal_start=$((num_to_steal + 1)) if [ "${#line_dict2}" -ge 6 ]; then num_to_steal_new=$(((${#line_dict2} - num_to_steal) / 2)) if [ "${num_to_steal_new}" -gt ${num_to_steal} ]; then num_to_steal=${num_to_steal_new} fi fi line_chars_stolen=$(echo "${line_dict2}" | cut -b -${num_to_steal} | cut -b ${num_steal_start}-) line_dict1="${line_chars_stolen}" line_dict2=$(echo "${line_dict2}" | cut -b $((num_to_steal + 1))-) fi # finally, modify the dicts accordingly: tmp_file="${dict1}_mod" head -n $((line_nr - 1)) "${dict1}" > "${tmp_file}" echo "${line_dict1}" >> "${tmp_file}" tail -n $((line_num - line_nr - 1)) "${dict1}" >> "${tmp_file}" dict1=${tmp_file} tmp_file="${dict2}_mod" head -n $((line_nr - 1)) "${dict2}" > "${tmp_file}" echo "${line_dict2}" >> "${tmp_file}" tail -n $((line_num - line_nr - 1)) "${dict2}" >> "${tmp_file}" dict2=${tmp_file} fi CMD="./${BIN} ${OPTS} -a 1 -m ${hash_type} '${hash}' ${dict1} ${dict2}" echo -n "[ len $i ] " >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(./${BIN} ${OPTS} -a 1 -m ${hash_type} "${hash}" ${dict1} ${dict2} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then line_dict1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") line_dict2=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict2") if [ "${pass_only}" -eq 1 ]; then search=":${line_dict1}${line_dict2}" else search="${hash}:${line_dict1}${line_dict2}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 fi fi status ${ret} fi if [ $i -eq ${max} ]; then break; fi i=$((i + 1)) done 9< "${OUTD}/${hash_type}_hashes.txt" msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 1, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" fi # multihash if [ "${MODE}" -ne 0 ]; then # no multi hash checks for these modes (because we only have 1 hash for each of them) if [ "${hash_type}" -eq 14000 ]; then return elif [ "${hash_type}" -eq 14100 ]; then return elif [ "${hash_type}" -eq 14900 ]; then return elif [ "${hash_type}" -eq 15400 ]; then return fi e_to=0 e_nf=0 e_nm=0 cnt=0 offset=7 if [ "${hash_type}" -eq 5800 ]; then offset=6 elif [ "${hash_type}" -eq 3000 ]; then offset=6 fi hash_file=${OUTD}/${hash_type}_multihash_combi.txt tail -n ${offset} "${OUTD}/${hash_type}_hashes.txt" > "${hash_file}" # if file_only -> decode all base64 "hashes" and put them in the temporary file if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" rm -f "${temp_file}" hash_file=${temp_file} while read -r file_only_hash; do if [ "${hash_type}" -ne 22000 ]; then echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" else echo "${file_only_hash}" >> "${temp_file}" fi done < "${OUTD}/${hash_type}_multihash_combi.txt" fi CMD="./${BIN} ${OPTS} -a 1 -m ${hash_type} ${hash_file} ${OUTD}/${hash_type}_dict1 ${OUTD}/${hash_type}_dict2" echo "> Testing hash type $hash_type with attack mode 1, markov ${MARKOV}, multi hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(./${BIN} ${OPTS} -a 1 -m ${hash_type} ${hash_file} ${OUTD}/${hash_type}_dict1 ${OUTD}/${hash_type}_dict2 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then i=0 while read -r -u 9 hash; do line_nr=1 if [ "${offset}" -gt ${i} ]; then line_nr=$((offset - i)) fi line_dict1=$(tail -n ${line_nr} "${OUTD}/${hash_type}_dict1" | head -1) line_dict2=$(tail -n ${line_nr} "${OUTD}/${hash_type}_dict2" | head -1) if [ "${pass_only}" -eq 1 ]; then search=":${line_dict1}${line_dict2}" else search="${hash}:${line_dict1}${line_dict2}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 break fi i=$((i + 1)) done 9< "${OUTD}/${hash_type}_multihash_combi.txt" fi status ${ret} msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 1, Mode multi, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" fi } function attack_3() { file_only=0 if is_in_array "${hash_type}" ${FILE_BASED_ALGOS}; then file_only=1 fi # single hash if [ "${MODE}" -ne 1 ]; then e_to=0 e_nf=0 e_nm=0 cnt=0 echo "> Testing hash type $hash_type with attack mode 3, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" max=8 # some algos have a minimum password length if [ "${hash_type}" -eq 2500 ]; then max=7 elif [ "${hash_type}" -eq 14000 ]; then max=1 elif [ "${hash_type}" -eq 14100 ]; then max=1 elif [ "${hash_type}" -eq 14900 ]; then max=1 elif [ "${hash_type}" -eq 15400 ]; then max=1 elif [ "${hash_type}" -eq 16800 ]; then max=7 elif [ "${hash_type}" -eq 22000 ]; then max=7 fi i=1 while read -r -u 9 hash; do if [ "${i}" -gt 6 ]; then if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then break fi fi if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" if [ "${hash_type}" -ne 22000 ]; then echo "${hash}" | base64 -d > "${temp_file}" else echo "${hash}" > "${temp_file}" fi hash="${temp_file}" fi # construct a meaningful mask from the password itself: dict="${OUTD}/${hash_type}_passwords.txt" pass=$(sed -n ${i}p "${dict}") # passwords can't be smaller than mask in -a 3 = mask attack if [ "${#pass}" -lt ${i} ]; then i=$((i + 1)) continue fi pass_part_2=$(echo -n "${pass}" | cut -b $((i + 1))-) mask="" if [ "${hash_type}" -eq 14000 ]; then mask="${pass}" elif [ "${hash_type}" -eq 14100 ]; then mask="${pass}" else for i in $(seq 1 ${i}); do mask="${mask}?d" done mask="${mask}${pass_part_2}" fi if [ "${hash_type}" -eq 20510 ]; then # special case for PKZIP Master Key if [ "${i}" -le 1 ]; then i=$((i + 1)) continue fi cut_pos=$((i * 2 + 6 - i + 1)) # skip it in groups of 2 ("?d"), at least 6, offset +1 for cut to work if [ "${i}" -gt 6 ]; then cut_pos=13 # 6 * ?d + 1 (6 * 2 + 1) fi mask=$(echo "${mask}" | cut -b ${cut_pos}-) fi CMD="./${BIN} ${OPTS} -a 3 -m ${hash_type} '${hash}' ${mask}" echo -n "[ len $i ] " >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(./${BIN} ${OPTS} -a 3 -m ${hash_type} "${hash}" ${mask} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then line_dict=$(sed -n ${i}p "${dict}") if [ "${pass_only}" -eq 1 ]; then search=":${line_dict}" else search="${hash}:${line_dict}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 fi fi status ${ret} if [ $i -eq ${max} ]; then break; fi i=$((i + 1)) done 9< "${OUTD}/${hash_type}_hashes.txt" msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 3, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" fi # multihash if [ "${MODE}" -ne 0 ]; then # no multi hash checks for these modes (because we only have 1 hash for each of them) if [ "${hash_type}" -eq 14000 ]; then return elif [ "${hash_type}" -eq 14100 ]; then return elif [ "${hash_type}" -eq 14900 ]; then return elif [ "${hash_type}" -eq 15400 ]; then return fi e_to=0 e_nf=0 e_nm=0 cnt=0 increment_max=8 if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then increment_max=5 fi increment_min=1 if [ "${hash_type}" -eq 2500 ]; then increment_min=8 increment_max=9 fi if [ "${hash_type}" -eq 16800 ]; then increment_min=8 increment_max=9 fi if [ "${hash_type}" -eq 22000 ]; then increment_min=8 increment_max=9 fi # if file_only -> decode all base64 "hashes" and put them in the temporary file if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" rm -f "${temp_file}" hash_file=${temp_file} while read -r file_only_hash; do if [ "${hash_type}" -ne 22000 ]; then echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" else echo "${file_only_hash}" >> "${temp_file}" fi done < "${OUTD}/${hash_type}_multihash_bruteforce.txt" fi hash_file=${OUTD}/${hash_type}_multihash_bruteforce.txt tail_hashes=$(awk "length >= ${increment_min} && length <= ${increment_max}" "${OUTD}/${hash_type}_passwords.txt" | wc -l) head_hashes=$(awk "length <= ${increment_max}" "${OUTD}/${hash_type}_passwords.txt" | wc -l) # in very rare cases (e.g. without -O and long passwords) we need to use .hcmask files with the passwords in it # otherwise there are no good masks we can test for such long passwords need_hcmask=0 if [ "${tail_hashes}" -gt "${head_hashes}" ]; then need_hcmask=1 fi if [ "${tail_hashes}" -lt 1 ]; then need_hcmask=1 fi if [ ${need_hcmask} -eq 0 ]; then head -n "${head_hashes}" "${OUTD}/${hash_type}_hashes.txt" | tail -n "${tail_hashes}" > "${hash_file}" else tail_hashes=$(awk "length >= ${increment_min}" "${OUTD}/${hash_type}_passwords.txt" | wc -l) if [ "${tail_hashes}" -lt 1 ]; then return fi tail -n "${tail_hashes}" "${OUTD}/${hash_type}_hashes.txt" > "${hash_file}" fi mask_pos=8 if [ "${increment_min}" -gt ${mask_pos} ]; then mask_pos=${increment_min} fi mask="" cracks_offset=0 if [ ${need_hcmask} -eq 0 ]; then cracks_offset=$((head_hashes - tail_hashes)) mask=${mask_3[${mask_pos}]} else num_hashes=$(wc -l < "${OUTD}/${hash_type}_hashes.txt") cracks_offset=$((num_hashes - tail_hashes)) mask=${OUTD}/${hash_type}_passwords.txt # fake hcmask file (i.e. the original dict) fi custom_charsets="" # modify "default" mask if needed (and set custom charset to reduce keyspace) if [ "${hash_type}" -eq 2500 ]; then mask="?d?d?d?d?d?1?2?3?4" charset_1="" charset_2="" charset_3="" charset_4="" # check positions (here we assume that mask is always composed of non literal chars # i.e. something like ?d?l?u?s?1 is possible, but ?d?dsuffix not charset_1_pos=$(expr index "${mask}" 1) charset_2_pos=$(expr index "${mask}" 2) charset_3_pos=$(expr index "${mask}" 3) charset_4_pos=$(expr index "${mask}" 4) # divide each charset position by 2 since each of them occupies 2 positions in the mask charset_1_pos=$((charset_1_pos / 2)) charset_2_pos=$((charset_2_pos / 2)) charset_3_pos=$((charset_3_pos / 2)) charset_4_pos=$((charset_4_pos / 2)) i=1 while read -r -u 9 hash; do pass=$(sed -n ${i}p "${OUTD}/${hash_type}_passwords.txt") # charset 1 char=$(echo "${pass}" | cut -b ${charset_1_pos}) charset_1=$(printf "%s\n%s\n" "${charset_1}" "${char}") # charset 2 char=$(echo "${pass}" | cut -b ${charset_2_pos}) charset_2=$(printf "%s\n%s\n" "${charset_2}" "${char}") # charset 3 char=$(echo "${pass}" | cut -b ${charset_3_pos}) charset_3=$(printf "%s\n%s\n" "${charset_3}" "${char}") # charset 4 char=$(echo "${pass}" | cut -b ${charset_4_pos}) charset_4=$(printf "%s\n%s\n" "${charset_4}" "${char}") i=$((i + 1)) done 9< "${OUTD}/${hash_type}_multihash_bruteforce.txt" # just make sure that all custom charset fields are initialized if [ -z "${charset_1}" ]; then charset_1="1" fi if [ -z "${charset_2}" ]; then charset_2="2" fi if [ -z "${charset_3}" ]; then charset_3="3" fi if [ -z "${charset_4}" ]; then charset_4="4" fi # unique and remove new lines charset_1=$(echo "${charset_1}" | sort -u | tr -d '\n') charset_2=$(echo "${charset_2}" | sort -u | tr -d '\n') charset_3=$(echo "${charset_3}" | sort -u | tr -d '\n') charset_4=$(echo "${charset_4}" | sort -u | tr -d '\n') custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}" fi if [ "${hash_type}" -eq 16800 ]; then mask="?d?d?d?d?d?1?2?3?4" charset_1="" charset_2="" charset_3="" charset_4="" # check positions (here we assume that mask is always composed of non literal chars # i.e. something like ?d?l?u?s?1 is possible, but ?d?dsuffix not charset_1_pos=$(expr index "${mask}" 1) charset_2_pos=$(expr index "${mask}" 2) charset_3_pos=$(expr index "${mask}" 3) charset_4_pos=$(expr index "${mask}" 4) # divide each charset position by 2 since each of them occupies 2 positions in the mask charset_1_pos=$((charset_1_pos / 2)) charset_2_pos=$((charset_2_pos / 2)) charset_3_pos=$((charset_3_pos / 2)) charset_4_pos=$((charset_4_pos / 2)) i=1 while read -r -u 9 hash; do pass=$(sed -n ${i}p "${OUTD}/${hash_type}_passwords.txt") # charset 1 char=$(echo "${pass}" | cut -b ${charset_1_pos}) charset_1=$(printf "%s\n%s\n" "${charset_1}" "${char}") # charset 2 char=$(echo "${pass}" | cut -b ${charset_2_pos}) charset_2=$(printf "%s\n%s\n" "${charset_2}" "${char}") # charset 3 char=$(echo "${pass}" | cut -b ${charset_3_pos}) charset_3=$(printf "%s\n%s\n" "${charset_3}" "${char}") # charset 4 char=$(echo "${pass}" | cut -b ${charset_4_pos}) charset_4=$(printf "%s\n%s\n" "${charset_4}" "${char}") i=$((i + 1)) done 9< "${OUTD}/${hash_type}_multihash_bruteforce.txt" # just make sure that all custom charset fields are initialized if [ -z "${charset_1}" ]; then charset_1="1" fi if [ -z "${charset_2}" ]; then charset_2="2" fi if [ -z "${charset_3}" ]; then charset_3="3" fi if [ -z "${charset_4}" ]; then charset_4="4" fi # unique and remove new lines charset_1=$(echo "${charset_1}" | sort -u | tr -d '\n') charset_2=$(echo "${charset_2}" | sort -u | tr -d '\n') charset_3=$(echo "${charset_3}" | sort -u | tr -d '\n') charset_4=$(echo "${charset_4}" | sort -u | tr -d '\n') custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}" fi if [ "${hash_type}" -eq 22000 ]; then mask="?d?d?d?d?d?1?2?3?4" charset_1="" charset_2="" charset_3="" charset_4="" # check positions (here we assume that mask is always composed of non literal chars # i.e. something like ?d?l?u?s?1 is possible, but ?d?dsuffix not charset_1_pos=$(expr index "${mask}" 1) charset_2_pos=$(expr index "${mask}" 2) charset_3_pos=$(expr index "${mask}" 3) charset_4_pos=$(expr index "${mask}" 4) # divide each charset position by 2 since each of them occupies 2 positions in the mask charset_1_pos=$((charset_1_pos / 2)) charset_2_pos=$((charset_2_pos / 2)) charset_3_pos=$((charset_3_pos / 2)) charset_4_pos=$((charset_4_pos / 2)) i=1 while read -r -u 9 hash; do pass=$(sed -n ${i}p "${OUTD}/${hash_type}_passwords.txt") # charset 1 char=$(echo "${pass}" | cut -b ${charset_1_pos}) charset_1=$(printf "%s\n%s\n" "${charset_1}" "${char}") # charset 2 char=$(echo "${pass}" | cut -b ${charset_2_pos}) charset_2=$(printf "%s\n%s\n" "${charset_2}" "${char}") # charset 3 char=$(echo "${pass}" | cut -b ${charset_3_pos}) charset_3=$(printf "%s\n%s\n" "${charset_3}" "${char}") # charset 4 char=$(echo "${pass}" | cut -b ${charset_4_pos}) charset_4=$(printf "%s\n%s\n" "${charset_4}" "${char}") i=$((i + 1)) done 9< "${OUTD}/${hash_type}_multihash_bruteforce.txt" # just make sure that all custom charset fields are initialized if [ -z "${charset_1}" ]; then charset_1="1" fi if [ -z "${charset_2}" ]; then charset_2="2" fi if [ -z "${charset_3}" ]; then charset_3="3" fi if [ -z "${charset_4}" ]; then charset_4="4" fi # unique and remove new lines charset_1=$(echo "${charset_1}" | sort -u | tr -d '\n') charset_2=$(echo "${charset_2}" | sort -u | tr -d '\n') charset_3=$(echo "${charset_3}" | sort -u | tr -d '\n') charset_4=$(echo "${charset_4}" | sort -u | tr -d '\n') custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}" fi increment_charset_opts="" if [ ${need_hcmask} -eq 0 ]; then # the "normal" case without .hcmask file increment_charset_opts="--increment --increment-min ${increment_min} --increment-max ${increment_max}" if [ -n "${custom_charsets}" ]; then increment_charset_opts="${increment_charset_opts} ${custom_charsets}" fi fi CMD="./${BIN} ${OPTS} -a 3 -m ${hash_type} ${increment_charset_opts} ${hash_file} ${mask} " echo "> Testing hash type $hash_type with attack mode 3, markov ${MARKOV}, multi hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(./${BIN} ${OPTS} -a 3 -m ${hash_type} ${increment_charset_opts} ${hash_file} ${mask} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then i=1 while read -r -u 9 hash; do line_nr=$((i + cracks_offset)) pass=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_passwords.txt") if [ "${pass_only}" -eq 1 ]; then search=":${pass}" else search="${hash}:${pass}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 break fi i=$((i + 1)) done 9< "${OUTD}/${hash_type}_multihash_bruteforce.txt" fi status ${ret} msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 3, Mode multi, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" fi } function attack_6() { file_only=0 if is_in_array "${hash_type}" ${FILE_BASED_ALGOS}; then file_only=1 fi # single hash if [ "${MODE}" -ne 1 ]; then e_to=0 e_nf=0 e_nm=0 cnt=0 echo "> Testing hash type $hash_type with attack mode 6, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" min=1 max=8 mask_offset=0 if [ "${hash_type}" -eq 2500 ]; then max=6 elif [ "${hash_type}" -eq 14000 ]; then min=0 max=1 mask_offset=4 elif [ "${hash_type}" -eq 14100 ]; then min=0 max=1 mask_offset=21 elif [ "${hash_type}" -eq 14900 ]; then min=0 max=1 mask_offset=5 elif [ "${hash_type}" -eq 15400 ]; then min=0 max=1 mask_offset=29 elif [ "${hash_type}" -eq 16800 ]; then max=6 elif [ "${hash_type}" -eq 22000 ]; then max=6 fi # special case: we need to split the first line if [ "${min}" -eq 0 ]; then pass_part_1=$(sed -n 1p "${OUTD}/${hash_type}_dict1") pass_part_2=$(sed -n 1p "${OUTD}/${hash_type}_dict2") pass="${pass_part_1}${pass_part_2}" echo -n "${pass}" | cut -b -$((mask_offset + 0)) > "${OUTD}/${hash_type}_dict1_custom" echo -n "${pass}" | cut -b $((mask_offset + 1))- > "${OUTD}/${hash_type}_dict2_custom" mask_custom="" for i in $(seq 1 $((${#pass} - mask_offset))); do if [ "${hash_type}" -eq 14000 ]; then char=$(echo -n "${pass}" | cut -b $((i + mask_offset))) mask_custom="${mask_custom}${char}" elif [ "${hash_type}" -eq 14100 ]; then char=$(echo -n "${pass}" | cut -b $((i + mask_offset))) mask_custom="${mask_custom}${char}" else mask_custom="${mask_custom}?d" fi done fi i=1 while read -r -u 9 hash; do if [ "${i}" -gt 6 ]; then if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then break fi fi if [ ${i} -gt ${min} ]; then if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" if [ "${hash_type}" -ne 22000 ]; then echo "${hash}" | base64 -d > "${temp_file}" else echo "${hash}" > "${temp_file}" fi hash="${temp_file}" fi dict1=${OUTD}/${hash_type}_dict1 dict2=${OUTD}/${hash_type}_dict2 dict1_a6=${OUTD}/${hash_type}_dict1_a6 cp "${dict1}" "${dict1_a6}" pass=$(sed -n ${i}p "${OUTD}/${hash_type}_passwords.txt") if [ "${hash_type}" -eq 20510 ]; then # special case for PKZIP Master Key pass=$(echo "${pass}" | cut -b 7-) # skip the first 6 chars fi if [ ${#pass} -le ${i} ]; then i=$((i + 1)) continue fi echo "${pass}" | cut -b -$((${#pass} - i)) >> "${dict1_a6}" # the block below is just a fancy way to do a "shuf" (or sort -R) because macOS doesn't really support it natively # we do not really need a shuf, but it's actually better for testing purposes rm -f "${dict1_a6}.txt" # temporary file line_num=$(wc -l "${dict1_a6}" | sed -E 's/ *([0-9]+) .*$/\1/') sorted_lines=$(seq 1 "${line_num}") for lines in $(seq 1 "${line_num}"); do random_num=$((RANDOM % line_num)) random_num=$((random_num + 1)) # sed -n [n]p starts counting with 1 (not 0) random_line=$(echo -n "${sorted_lines}" | sed -n ${random_num}p) sed -n ${random_line}p "${dict1_a6}" >> "${dict1_a6}.txt" # update the temp list of lines sorted_lines=$(echo -n "${sorted_lines}" | grep -v "^${random_line}$") line_num=$((line_num - 1)) done mv "${dict1_a6}.txt" "${dict1_a6}" # end of shuf/sort -R mask="" for j in $(seq 1 ${i}); do mask="${mask}?d" done CMD="./${BIN} ${OPTS} -a 6 -m ${hash_type} '${hash}' ${dict1_a6} ${mask}" echo -n "[ len $i ] " >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(./${BIN} ${OPTS} -a 6 -m ${hash_type} "${hash}" ${dict1_a6} ${mask} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then line_nr=1 if [ "${i}" -gt 1 ]; then line_nr=$((i - 1)) fi line_dict1=$(sed -n ${line_nr}p "${dict1}") line_dict2=$(sed -n ${line_nr}p "${dict2}") if [ "${pass_only}" -eq 1 ]; then search=":${line_dict1}${line_dict2}" else search="${hash}:${line_dict1}${line_dict2}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 fi fi status ${ret} fi if [ "${i}" -eq ${max} ]; then break; fi i=$((i + 1)) done 9< "${OUTD}/${hash_type}_hashes.txt" msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 6, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" rm -f "${OUTD}/${hash_type}_dict1_custom" rm -f "${OUTD}/${hash_type}_dict2_custom" fi # multihash if [ "${MODE}" -ne 0 ]; then # no multi hash checks for these modes (because we only have 1 hash for each of them) if [ "${hash_type}" -eq 14000 ]; then return elif [ "${hash_type}" -eq 14100 ]; then return elif [ "${hash_type}" -eq 14900 ]; then return elif [ "${hash_type}" -eq 15400 ]; then return fi e_to=0 e_nf=0 e_nm=0 cnt=0 max=9 if [ "${hash_type}" -eq 2500 ]; then max=5 elif [ "${hash_type}" -eq 3000 ]; then max=8 elif [ "${hash_type}" -eq 7700 ] || [ "${hash_type}" -eq 7701 ]; then max=8 elif [ "${hash_type}" -eq 8500 ]; then max=8 elif [ "${hash_type}" -eq 16800 ]; then max=5 elif [ "${hash_type}" -eq 22000 ]; then max=5 fi if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then max=5 if [ "${hash_type}" -eq 3200 ]; then max=3 fi fi i=2 while [ "$i" -lt "$max" ]; do hash_file=${OUTD}/${hash_type}_hashes_multi_${i}.txt # if file_only -> decode all base64 "hashes" and put them in the temporary file if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" rm -f "${temp_file}" hash_file=${temp_file} while read -r file_only_hash; do if [ "${hash_type}" -ne 22000 ]; then echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" else echo "${file_only_hash}" >> "${temp_file}" fi done < "${OUTD}/${hash_type}_hashes_multi_${i}.txt" fi mask=${mask_6[$i]} CMD="./${BIN} ${OPTS} -a 6 -m ${hash_type} ${hash_file} ${OUTD}/${hash_type}_dict1_multi_${i} ${mask}" echo "> Testing hash type $hash_type with attack mode 6, markov ${MARKOV}, multi hash with word len ${i}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(./${BIN} ${OPTS} -a 6 -m ${hash_type} ${hash_file} ${OUTD}/${hash_type}_dict1_multi_${i} ${mask} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then j=1 while read -r -u 9 hash; do line_dict1=$(sed -n ${j}p "${OUTD}/${hash_type}_dict1_multi_${i}") line_dict2=$(sed -n ${j}p "${OUTD}/${hash_type}_dict2_multi_${i}") if [ "${pass_only}" -eq 1 ]; then search=":${line_dict1}${line_dict2}" else search="${hash}:${line_dict1}${line_dict2}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 break fi j=$((j + 1)) done 9< "${OUTD}/${hash_type}_hashes_multi_${i}.txt" fi status ${ret} i=$((i + 1)) done msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 6, Mode multi, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" fi } function attack_7() { file_only=0 if is_in_array "${hash_type}" ${FILE_BASED_ALGOS}; then file_only=1 fi # single hash if [ "${MODE}" -ne 1 ]; then e_to=0 e_nf=0 e_nm=0 cnt=0 echo "> Testing hash type $hash_type with attack mode 7, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" min=1 max=8 mask_offset=0 if [ "${hash_type}" -eq 2500 ]; then max=5 elif [ "${hash_type}" -eq 14000 ]; then mask_offset=4 min=0 max=1 elif [ "${hash_type}" -eq 14100 ]; then mask_offset=3 min=0 max=1 elif [ "${hash_type}" -eq 14900 ]; then mask_offset=5 min=0 max=1 elif [ "${hash_type}" -eq 15400 ]; then mask_offset=3 min=0 max=1 elif [ "${hash_type}" -eq 16800 ]; then max=5 elif [ "${hash_type}" -eq 22000 ]; then max=5 fi # special case: we need to split the first line if [ "${min}" -eq 0 ]; then pass_part_1=$(sed -n 1p "${OUTD}/${hash_type}_dict1") pass_part_2=$(sed -n 1p "${OUTD}/${hash_type}_dict2") pass="${pass_part_1}${pass_part_2}" echo -n "${pass}" | cut -b -$((mask_offset + 0)) > "${OUTD}/${hash_type}_dict1_custom" echo -n "${pass}" | cut -b $((mask_offset + 1))- > "${OUTD}/${hash_type}_dict2_custom" mask_custom="" for i in $(seq 1 ${mask_offset}); do if [ "${hash_type}" -eq 14000 ]; then char=$(echo -n "${pass}" | cut -b ${i}) mask_custom="${mask_custom}${char}" elif [ "${hash_type}" -eq 14100 ]; then char=$(echo -n "${pass}" | cut -b ${i}) mask_custom="${mask_custom}${char}" else mask_custom="${mask_custom}?d" fi done fi i=1 while read -r -u 9 hash; do if [ ${i} -gt ${min} ]; then if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" if [ "${hash_type}" -ne 22000 ]; then echo "${hash}" | base64 -d > "${temp_file}" else echo "${hash}" > "${temp_file}" fi hash="${temp_file}" fi mask=${mask_7[$i]} # adjust mask if needed line_nr=1 if [ "${i}" -gt 1 ]; then line_nr=$((i - 1)) fi if [ "${hash_type}" -eq 2500 ]; then pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") pass_part_2=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict2") pass_part_2_len=${#pass_part_2} pass=${pass_part_1}${pass_part_2} pass_len=${#pass} # add first x chars of password to mask and append the (old) mask mask_len=${#mask} mask_len=$((mask_len / 2)) mask_prefix=$(echo ${pass} | cut -b -$((pass_len - mask_len - pass_part_2_len))) mask=${mask_prefix}${mask} fi if [ "${hash_type}" -eq 16800 ]; then pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") pass_part_2=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict2") pass_part_2_len=${#pass_part_2} pass=${pass_part_1}${pass_part_2} pass_len=${#pass} # add first x chars of password to mask and append the (old) mask mask_len=${#mask} mask_len=$((mask_len / 2)) mask_prefix=$(echo "${pass}" | cut -b -$((pass_len - mask_len - pass_part_2_len))) mask=${mask_prefix}${mask} fi if [ "${hash_type}" -eq 22000 ]; then pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") pass_part_2=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict2") pass_part_2_len=${#pass_part_2} pass=${pass_part_1}${pass_part_2} pass_len=${#pass} # add first x chars of password to mask and append the (old) mask mask_len=${#mask} mask_len=$((mask_len / 2)) mask_prefix=$(echo "${pass}" | cut -b -$((pass_len - mask_len - pass_part_2_len))) mask=${mask_prefix}${mask} fi if [ "${hash_type}" -eq 20510 ]; then pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") pass_part_2=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict2") pass=${pass_part_1}${pass_part_2} pass_len=${#pass} if [ "${pass_len}" -le 6 ]; then i=$((i + 1)) continue fi pass_old=${pass} pass=$(echo "${pass}" | cut -b 7-) # skip the first 6 chars mask_len=$((${#mask} / 2)) echo "${pass_old}" | cut -b -$((6 + mask_len)) > "${OUTD}/${hash_type}_dict1_custom" echo "${pass}" | cut -b $((mask_len + 1))- > "${OUTD}/${hash_type}_dict2_custom" min=0 # hack to use the custom dict mask_custom=${mask} fi dict1=${OUTD}/${hash_type}_dict1 dict2=${OUTD}/${hash_type}_dict2 if [ "${min}" -eq 0 ]; then mask=${mask_custom} dict1=${OUTD}/${hash_type}_dict1_custom dict2=${OUTD}/${hash_type}_dict2_custom fi CMD="./${BIN} ${OPTS} -a 7 -m ${hash_type} '${hash}' ${mask} ${dict2}" echo -n "[ len $i ] " >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(./${BIN} ${OPTS} -a 7 -m ${hash_type} "${hash}" ${mask} ${dict2} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then line_nr=1 if [ "${i}" -gt 1 ]; then line_nr=$((i - 1)) fi line_dict1=$(sed -n ${line_nr}p "${dict1}") line_dict2=$(sed -n ${line_nr}p "${dict2}") if [ "${pass_only}" -eq 1 ]; then search=":${line_dict1}${line_dict2}" else search="${hash}:${line_dict1}${line_dict2}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 fi fi status ${ret} fi if [ $i -eq ${max} ]; then break; fi i=$((i + 1)) done 9< "${OUTD}/${hash_type}_hashes.txt" msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 7, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" rm -f "${OUTD}/${hash_type}_dict1_custom" rm -f "${OUTD}/${hash_type}_dict2_custom" fi # multihash if [ "${MODE}" -ne 0 ]; then # no multi hash checks for these modes (because we only have 1 hash for each of them) if [ "${hash_type}" -eq 14000 ]; then return elif [ "${hash_type}" -eq 14100 ]; then return elif [ "${hash_type}" -eq 14900 ]; then return elif [ "${hash_type}" -eq 15400 ]; then return fi e_to=0 e_nf=0 e_nm=0 cnt=0 max=9 if [ "${hash_type}" -eq 2500 ]; then max=5 elif [ "${hash_type}" -eq 3000 ]; then max=8 elif [ "${hash_type}" -eq 7700 ] || [ "${hash_type}" -eq 7701 ]; then max=8 elif [ "${hash_type}" -eq 8500 ]; then max=8 elif [ "${hash_type}" -eq 14000 ]; then max=5 elif [ "${hash_type}" -eq 14100 ]; then max=5 elif [ "${hash_type}" -eq 14900 ]; then max=5 elif [ "${hash_type}" -eq 15400 ]; then max=5 elif [ "${hash_type}" -eq 16800 ]; then max=5 elif [ "${hash_type}" -eq 22000 ]; then max=5 fi if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then max=7 if [ "${hash_type}" -eq 3200 ]; then max=4 fi fi i=2 while [ "$i" -lt "$max" ]; do hash_file=${OUTD}/${hash_type}_hashes_multi_${i}.txt dict_file=${OUTD}/${hash_type}_dict2_multi_${i} mask=${mask_7[$i]} # if file_only -> decode all base64 "hashes" and put them in the temporary file if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" rm -f "${temp_file}" hash_file=${temp_file} while read -r file_only_hash; do if [ "${hash_type}" -ne 22000 ]; then echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" else echo "${file_only_hash}" >> "${temp_file}" fi done < "${OUTD}/${hash_type}_hashes_multi_${i}.txt" # a little hack: since we don't want to have a very large mask (and wpa has minimum length of 8), # we need to create a temporary dict file on-the-fly and use it like this: [small mask] [long(er) words in dict] dict_file=${OUTD}/${hash_type}_dict2_multi_${i}_longer rm -f "${dict_file}" mask_len=${#mask} mask_len=$((mask_len / 2)) j=1 while read -r -u 9 hash; do pass_part_1=$(sed -n ${j}p "${OUTD}/${hash_type}_dict1_multi_${i}") pass_part_2=$(sed -n ${j}p "${OUTD}/${hash_type}_dict2_multi_${i}") pass="${pass_part_1}${pass_part_2}" pass_suffix=$(echo "${pass}" | cut -b $((mask_len + 1))-) echo "${pass_suffix}" >> "${dict_file}" j=$((j + 1)) done 9< "${OUTD}/${hash_type}_hashes_multi_${i}.txt" fi CMD="./${BIN} ${OPTS} -a 7 -m ${hash_type} ${hash_file} ${mask} ${dict_file}" echo "> Testing hash type $hash_type with attack mode 7, markov ${MARKOV}, multi hash with word len ${i}." >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(./${BIN} ${OPTS} -a 7 -m ${hash_type} ${hash_file} ${mask} ${dict_file} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then j=1 while read -r -u 9 hash; do line_dict1=$(sed -n ${j}p "${OUTD}/${hash_type}_dict1_multi_${i}") line_dict2=$(sed -n ${j}p "${OUTD}/${hash_type}_dict2_multi_${i}") if [ "${pass_only}" -eq 1 ]; then search=":${line_dict1}${line_dict2}" else search="${hash}:${line_dict1}${line_dict2}" fi echo "${output}" | grep -F "${search}" >/dev/null 2>/dev/null if [ "${?}" -ne 0 ]; then ret=10 break fi j=$((j + 1)) done 9< "${OUTD}/${hash_type}_hashes_multi_${i}.txt" fi status ${ret} i=$((i + 1)) done msg="OK" if [ "${e_nf}" -ne 0 ] || [ "${e_nm}" -ne 0 ]; then msg="Error" elif [ "${e_to}" -ne 0 ]; then msg="Warning" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 7, Mode multi, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR} ] > $msg : ${e_nf}/${cnt} not found, ${e_nm}/${cnt} not matched, ${e_to}/${cnt} timeout" fi } function cryptoloop_test() { hashType=$1 keySize=$2 CMD="unset" mkdir -p ${OUTD}/cl_tests chmod u+x ${TDIR}/cryptoloop2hashcat.py case $hashType in 14511) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha1_aes_${keySize}.img --hash sha1 --cipher aes --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha1_aes_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha1_aes_${keySize}.hash hashca?l" ;; esac ;; 14512) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha1_serpent_${keySize}.img --hash sha1 --cipher serpent --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha1_serpent_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha1_serpent_${keySize}.hash hashca?l" ;; esac ;; 14513) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha1_twofish_${keySize}.img --hash sha1 --cipher twofish --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha1_twofish_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha1_twofish_${keySize}.hash hashca?l" ;; esac ;; 14521) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha256_aes_${keySize}.img --hash sha256 --cipher aes --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha256_aes_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha256_aes_${keySize}.hash hashca?l" ;; esac ;; 14522) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha256_serpent_${keySize}.img --hash sha256 --cipher serpent --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha256_serpent_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha256_serpent_${keySize}.hash hashca?l" ;; esac ;; 14523) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha256_twofish_${keySize}.img --hash sha256 --cipher twofish --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha256_twofish_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha256_twofish_${keySize}.hash hashca?l" ;; esac ;; 14531) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha512_aes_${keySize}.img --hash sha512 --cipher aes --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha512_aes_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha512_aes_${keySize}.hash hashca?l" ;; esac ;; 14532) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha512_serpent_${keySize}.img --hash sha512 --cipher serpent --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha512_serpent_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha512_serpent_${keySize}.hash hashca?l" ;; esac ;; 14533) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_sha512_twofish_${keySize}.img --hash sha512 --cipher twofish --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_sha512_twofish_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_sha512_twofish_${keySize}.hash hashca?l" ;; esac ;; 14541) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_ripemd160_aes_${keySize}.img --hash ripemd160 --cipher aes --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_ripemd160_aes_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_ripemd160_aes_${keySize}.hash hashca?l" ;; esac ;; 14542) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_ripemd160_serpent_${keySize}.img --hash ripemd160 --cipher serpent --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_ripemd160_serpent_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_ripemd160_serpent_${keySize}.hash hashca?l" ;; esac ;; 14543) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_ripemd160_twofish_${keySize}.img --hash ripemd160 --cipher twofish --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_ripemd160_twofish_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_ripemd160_twofish_${keySize}.hash hashca?l" ;; esac ;; 14551) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_whirlpool_aes_${keySize}.img --hash whirlpool --cipher aes --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_whirlpool_aes_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_whirlpool_aes_${keySize}.hash hashca?l" ;; esac ;; 14552) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_whirlpool_serpent_${keySize}.img --hash whirlpool --cipher serpent --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_whirlpool_serpent_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_whirlpool_serpent_${keySize}.hash hashca?l" ;; esac ;; 14553) case $keySize in 128|192|256) ${TDIR}/cryptoloop2hashcat.py --source ${TDIR}/cl_tests/hashcat_whirlpool_twofish_${keySize}.img --hash whirlpool --cipher twofish --keysize ${keySize} > ${OUTD}/cl_tests/hashcat_whirlpool_twofish_${keySize}.hash CMD="./${BIN} ${OPTS} -a 3 -m 14500 ${OUTD}/cl_tests/hashcat_whirlpool_twofish_${keySize}.hash hashca?l" ;; esac ;; esac if [ ${#CMD} -gt 5 ]; then echo "> Testing hash type $hashType with attack mode 3, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}, Key-Size ${keySize}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(${CMD} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" cnt=1 e_nf=0 msg="OK" if [ ${ret} -ne 0 ]; then e_nf=1 msg="Error" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 3, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}, Key-Size ${keySize} ] > $msg : ${e_nf}/${cnt} not found" status ${ret} fi } function truecrypt_test() { hashType=$1 tcMode=$2 CMD="unset" case $hashType in 6211) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6211 ${TDIR}/tc_tests/hashcat_ripemd160_aes.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6211 ${TDIR}/tc_tests/hashcat_ripemd160_serpent.tc hashca?l" ;; 2) CMD="./${BIN} ${OPTS} -a 3 -m 6211 ${TDIR}/tc_tests/hashcat_ripemd160_twofish.tc hashca?l" ;; esac ;; 6212) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6212 ${TDIR}/tc_tests/hashcat_ripemd160_aes-twofish.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6212 ${TDIR}/tc_tests/hashcat_ripemd160_serpent-aes.tc hashca?l" ;; 2) CMD="./${BIN} ${OPTS} -a 3 -m 6212 ${TDIR}/tc_tests/hashcat_ripemd160_twofish-serpent.tc hashca?l" ;; esac ;; 6213) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6213 ${TDIR}/tc_tests/hashcat_ripemd160_aes-twofish-serpent.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6213 ${TDIR}/tc_tests/hashcat_ripemd160_serpent-twofish-aes.tc hashca?l" ;; esac ;; 6221) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6221 ${TDIR}/tc_tests/hashcat_sha512_aes.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6221 ${TDIR}/tc_tests/hashcat_sha512_serpent.tc hashca?l" ;; 2) CMD="./${BIN} ${OPTS} -a 3 -m 6221 ${TDIR}/tc_tests/hashcat_sha512_twofish.tc hashca?l" ;; esac ;; 6222) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6222 ${TDIR}/tc_tests/hashcat_sha512_aes-twofish.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6222 ${TDIR}/tc_tests/hashcat_sha512_serpent-aes.tc hashca?l" ;; 2) CMD="./${BIN} ${OPTS} -a 3 -m 6222 ${TDIR}/tc_tests/hashcat_sha512_twofish-serpent.tc hashca?l" ;; esac ;; 6223) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6223 ${TDIR}/tc_tests/hashcat_sha512_aes-twofish-serpent.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6223 ${TDIR}/tc_tests/hashcat_sha512_serpent-twofish-aes.tc hashca?l" ;; esac ;; 6231) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6231 ${TDIR}/tc_tests/hashcat_whirlpool_aes.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6231 ${TDIR}/tc_tests/hashcat_whirlpool_serpent.tc hashca?l" ;; 2) CMD="./${BIN} ${OPTS} -a 3 -m 6231 ${TDIR}/tc_tests/hashcat_whirlpool_twofish.tc hashca?l" ;; esac ;; 6232) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6232 ${TDIR}/tc_tests/hashcat_whirlpool_aes-twofish.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6232 ${TDIR}/tc_tests/hashcat_whirlpool_serpent-aes.tc hashca?l" ;; 2) CMD="./${BIN} ${OPTS} -a 3 -m 6232 ${TDIR}/tc_tests/hashcat_whirlpool_twofish-serpent.tc hashca?l" ;; esac ;; 6233) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6233 ${TDIR}/tc_tests/hashcat_whirlpool_aes-twofish-serpent.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6233 ${TDIR}/tc_tests/hashcat_whirlpool_serpent-twofish-aes.tc hashca?l" ;; esac ;; 6241) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6241 ${TDIR}/tc_tests/hashcat_ripemd160_aes_boot.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6241 ${TDIR}/tc_tests/hashcat_ripemd160_serpent_boot.tc hashca?l" ;; 2) CMD="./${BIN} ${OPTS} -a 3 -m 6241 ${TDIR}/tc_tests/hashcat_ripemd160_twofish_boot.tc hashca?l" ;; esac ;; 6242) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6242 ${TDIR}/tc_tests/hashcat_ripemd160_aes-twofish_boot.tc hashca?l" ;; 1) CMD="./${BIN} ${OPTS} -a 3 -m 6242 ${TDIR}/tc_tests/hashcat_ripemd160_serpent-aes_boot.tc hashca?l" ;; esac ;; 6243) case $tcMode in 0) CMD="./${BIN} ${OPTS} -a 3 -m 6243 ${TDIR}/tc_tests/hashcat_ripemd160_aes-twofish-serpent_boot.tc hashca?l" ;; esac ;; esac if [ ${#CMD} -gt 5 ]; then echo "> Testing hash type $hashType with attack mode 3, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}, tcMode ${tcMode}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(${CMD} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" cnt=1 e_nf=0 msg="OK" if [ ${ret} -ne 0 ]; then e_nf=1 msg="Error" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 3, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}, tcMode ${tcMode} ] > $msg : ${e_nf}/${cnt} not found" status ${ret} fi } # Compose and execute hashcat command on a VeraCrypt test container # Must not be called for hash types other than 137XY # $1: cipher variation, can be 0-6 function veracrypt_test() { cipher_variation=$1 hash_function="" hash_digit="${hash_type:3:1}" [ "$hash_digit" -eq "1" ] && hash_function="ripemd160" [ "$hash_digit" -eq "2" ] && hash_function="sha512" [ "$hash_digit" -eq "3" ] && hash_function="whirlpool" [ "$hash_digit" -eq "5" ] && hash_function="sha256" [ "$hash_digit" -eq "7" ] && hash_function="streebog" [ -n "$hash_function" ] || return cipher_cascade="" cipher_digit="${hash_type:4:1}" case $cipher_digit in 1) [ "$cipher_variation" -eq "0" ] && cipher_cascade="aes" [ "$cipher_variation" -eq "1" ] && cipher_cascade="serpent" [ "$cipher_variation" -eq "2" ] && cipher_cascade="twofish" [ "$cipher_variation" -eq "3" ] && cipher_cascade="camellia" [ "$cipher_variation" -eq "5" ] && cipher_cascade="kuznyechik" ;; 2) [ "$cipher_variation" -eq "0" ] && cipher_cascade="aes-twofish" [ "$cipher_variation" -eq "1" ] && cipher_cascade="serpent-aes" [ "$cipher_variation" -eq "2" ] && cipher_cascade="twofish-serpent" [ "$cipher_variation" -eq "3" ] && cipher_cascade="camellia-kuznyechik" [ "$cipher_variation" -eq "4" ] && cipher_cascade="camellia-serpent" [ "$cipher_variation" -eq "5" ] && cipher_cascade="kuznyechik-aes" [ "$cipher_variation" -eq "6" ] && cipher_cascade="kuznyechik-twofish" ;; 3) [ "$cipher_variation" -eq "0" ] && cipher_cascade="aes-twofish-serpent" [ "$cipher_variation" -eq "1" ] && cipher_cascade="serpent-twofish-aes" [ "$cipher_variation" -eq "5" ] && cipher_cascade="kuznyechik-serpent-camellia" ;; esac [ -n "$cipher_cascade" ] || return filename="${TDIR}/vc_tests/hashcat_${hash_function}_${cipher_cascade}.vc" # The hash-cipher combination might be invalid (e.g. RIPEMD-160 + Kuznyechik) [ -f "${filename}" ] || return CMD="./${BIN} ${OPTS} -a 3 -m ${hash_type} ${filename} hashc?lt" echo "> Testing hash type ${hash_type} with attack mode 0, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}, Cipher ${cipher_cascade}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(${CMD} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" cnt=1 e_nf=0 msg="OK" if [ ${ret} -ne 0 ]; then e_nf=1 msg="Error" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack 0, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}, Cipher ${cipher_cascade} ] > $msg : ${e_nf}/${cnt} not found" status ${ret} } function luks_test() { hashType=$1 attackType=$2 # if -m all was set let us default to -a 3 only. You could specify the attack type directly, e.g. -m 0 # the problem with defaulting to all=0,1,3,6,7 is that it could take way too long if [ "${attackType}" -eq 65535 ]; then attackType=3 fi #LUKS_HASHES="sha1 sha256 sha512 ripemd160 whirlpool" LUKS_HASHES="sha1 sha256 sha512 ripemd160" LUKS_CIPHERS="aes serpent twofish" LUKS_MODES="cbc-essiv cbc-plain64 xts-plain64" LUKS_KEYSIZES="128 256 512" LUKS_PASSWORD=$(cat "${TDIR}/luks_tests/pw") for luks_h in ${LUKS_HASHES}; do for luks_c in ${LUKS_CIPHERS}; do for luks_m in ${LUKS_MODES}; do for luks_k in ${LUKS_KEYSIZES}; do CMD="" # filter out not supported combinations: case "${luks_k}" in 128) case "${luks_m}" in cbc-essiv|cbc-plain64) ;; *) continue ;; esac ;; 256) case "${luks_m}" in cbc-essiv|cbc-plain64|xts-plain64) ;; *) continue ;; esac ;; 512) case "${luks_m}" in xts-plain64) ;; *) continue ;; esac ;; esac luks_mode="${luks_h}-${luks_c}-${luks_m}-${luks_k}" luks_file="${TDIR}/luks_tests/hashcat_${luks_h}_${luks_c}_${luks_m}_${luks_k}.luks" luks_main_mask="?l" luks_mask="${luks_main_mask}" # for combination or hybrid attacks luks_pass_part_file1="${OUTD}/${hashType}_dict1" luks_pass_part_file2="${OUTD}/${hashType}_dict2" case $attackType in 0) CMD="./${BIN} ${OPTS} -a 0 -m ${hashType} ${luks_file} ${TDIR}/luks_tests/pw" ;; 1) luks_pass_part1_len=$((${#LUKS_PASSWORD} / 2)) luks_pass_part2_start=$((luks_pass_part1_len + 1)) echo "${LUKS_PASSWORD}" | cut -c-${luks_pass_part1_len} > "${luks_pass_part_file1}" echo "${LUKS_PASSWORD}" | cut -c${luks_pass_part2_start}- > "${luks_pass_part_file2}" CMD="./${BIN} ${OPTS} -a 6 -m ${hashType} ${luks_file} ${luks_pass_part_file1} ${luks_pass_part_file2}" ;; 3) luks_mask_fixed_len=$((${#LUKS_PASSWORD} - 1)) luks_mask="$(echo "${LUKS_PASSWORD}" | cut -c-${luks_mask_fixed_len})" luks_mask="${luks_mask}${luks_main_mask}" CMD="./${BIN} ${OPTS} -a 3 -m ${hashType} ${luks_file} ${luks_mask}" ;; 6) luks_pass_part1_len=$((${#LUKS_PASSWORD} - 1)) echo "${LUKS_PASSWORD}" | cut -c-${luks_pass_part1_len} > "${luks_pass_part_file1}" CMD="./${BIN} ${OPTS} -a 6 -m ${hashType} ${luks_file} ${luks_pass_part_file1} ${luks_mask}" ;; 7) echo "${LUKS_PASSWORD}" | cut -c2- > "${luks_pass_part_file1}" CMD="./${BIN} ${OPTS} -a 7 -m ${hashType} ${luks_file} ${luks_mask} ${luks_pass_part_file1}" ;; esac if [ -n "${CMD}" ]; then echo "> Testing hash type ${hashType} with attack mode ${attackType}, markov ${MARKOV}, single hash, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}, luksMode ${luks_mode}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" output=$(${CMD} 2>&1) ret=${?} echo "${output}" >> "${OUTD}/logfull.txt" cnt=1 e_nf=0 msg="OK" if [ ${ret} -ne 0 ]; then e_nf=1 msg="Error" fi echo "[ ${OUTD} ] [ Type ${hash_type}, Attack ${attackType}, Mode single, Device-Type ${TYPE}, Kernel-Type ${KERNEL_TYPE}, Vector-Width ${VECTOR}, luksMode ${luks_mode} ] > $msg : ${e_nf}/${cnt} not found" status ${ret} fi done done done done } function usage() { cat << EOF > Usage : ${0} OPTIONS: -V Backend vector-width (either 1, 2, 4 or 8), overrides value from device query : '1' => vector-width 1 '2' => vector-width 2 (default) '4' => vector-width 4 '8' => vector-width 8 'all' => test sequentially vector-width ${VECTOR_WIDTHS} -t Select test mode : 'single' => single hash (default) 'multi' => multi hash 'all' => single and multi hash -m Select hash type : 'all' => all hash type supported (int) => hash type integer code (default : 0) (int)-(int) => hash type integer range -a Select attack mode : 'all' => all attack modes (int) => attack mode integer code (default : 0) -x Select cpu architecture : '32' => 32 bit architecture '64' => 64 bit architecture (default) -o Select operating system : 'win' => Windows operating system (use .exe file extension) 'linux' => Linux operating system (use .bin file extension) 'macos' => macOS operating system (use .app file extension) -d Select the Backend device : (int)[,int] => comma separated list of devices (default : 1) -D Select the OpenCL device types : '1' => CPU '2' => GPU (default) '3' => FPGA, DSP, Co-Processor (int)[,int] => multiple comma separated device types from the list above -O Use optimized kernels (default : -O) -P Use pure kernels instead of optimized kernels (default : -O) -s Use this session name instead of the default one (default : "hashcat") -c Disables markov-chains -p Package the tests into a .7z file -F Use this folder as test folder instead of the default one (string) => path to folder -I Use this folder as input/output folder for packaged tests (string) => path to folder -h Show this help EOF exit 1 } BIN="hashcat" MARKOV="enabled" ATTACK=0 MODE=0 TYPE="null" KERNEL_TYPE="Optimized" VECTOR="default" HT=0 PACKAGE=0 OPTIMIZED=1 while getopts "V:t:m:a:b:hcpd:x:o:d:D:F:POI:s:" opt; do case ${opt} in "V") if [ "${OPTARG}" = "1" ]; then VECTOR=1 elif [ "${OPTARG}" = "2" ]; then VECTOR=2 elif [ "${OPTARG}" = "4" ]; then VECTOR=4 elif [ "${OPTARG}" = "8" ]; then VECTOR=8 elif [ "${OPTARG}" = "16" ]; then VECTOR=16 elif [ "${OPTARG}" = "all" ]; then VECTOR="all" else usage fi ;; "t") if [ "${OPTARG}" = "single" ]; then MODE=0 elif [ "${OPTARG}" = "multi" ]; then MODE=1 elif [ "${OPTARG}" = "all" ]; then MODE=2 else usage fi ;; "m") if [ "${OPTARG}" = "all" ]; then HT=65535 else HT=${OPTARG} fi ;; "a") if [ "${OPTARG}" = "all" ]; then ATTACK=65535 elif [ "${OPTARG}" = "0" ]; then ATTACK=0 elif [ "${OPTARG}" = "1" ]; then ATTACK=1 elif [ "${OPTARG}" = "3" ]; then ATTACK=3 elif [ "${OPTARG}" = "6" ]; then ATTACK=6 elif [ "${OPTARG}" = "7" ]; then ATTACK=7 else usage fi ;; "c") OPTS="${OPTS} --markov-disable" MARKOV="disabled" ;; "I") PACKAGE_FOLDER=$( echo "${OPTARG}" | sed 's!/$!!g' ) ;; "s") OPTS="${OPTS} --session \"${OPTARG}\"" ;; "p") PACKAGE=1 ;; "x") if [ "${OPTARG}" = "32" ]; then ARCHITECTURE=32 elif [ "${OPTARG}" = "64" ]; then ARCHITECTURE=64 else usage fi ;; "o") if [ "${OPTARG}" = "win" ]; then EXTENSION="exe" elif [ "${OPTARG}" = "linux" ]; then EXTENSION="bin" elif [ "${OPTARG}" = "macos" ]; then EXTENSION="app" else usage fi ;; "O") # optimized is already default, ignore it ;; "d") OPTS="${OPTS} -d ${OPTARG}" ;; "D") if [ "${OPTARG}" = "1" ]; then OPTS="${OPTS} -D 1" TYPE="Cpu" elif [ "${OPTARG}" = "2" ]; then OPTS="${OPTS} -D 2" TYPE="Gpu" else OPTS="${OPTS} -D ${OPTARG}" TYPE="Cpu + Gpu" fi ;; "F") OUTD=$( echo "${OPTARG}" | sed 's!/$!!g' ) ;; "P") OPTIMIZED=0 KERNEL_TYPE="Pure" ;; \?) usage ;; "h") usage ;; esac done export IS_OPTIMIZED=${OPTIMIZED} if [ "${OPTIMIZED}" -eq 1 ]; then OPTS="${OPTS} -O" fi if [ "${TYPE}" = "null" ]; then OPTS="${OPTS} -D 2" TYPE="Gpu" fi if [ -n "${ARCHITECTURE}" ]; then BIN="${BIN}${ARCHITECTURE}" fi if [ -n "${EXTENSION}" ]; then BIN="${BIN}.${EXTENSION}" fi if [ -n "${PACKAGE_FOLDER}" ]; then if [ ! -e "${PACKAGE_FOLDER}" ]; then echo "! folder '${PACKAGE_FOLDER}' does not exist" exit 1 fi fi if [ "${PACKAGE}" -eq 0 ] || [ -z "${PACKAGE_FOLDER}" ]; then # check existence of binary if [ ! -e "${BIN}" ]; then echo "! ${BIN} not found, please build binary before run test." exit 1 fi HT_MIN=0 HT_MAX=0 if echo -n "${HT}" | grep -q '^[0-9]\+$'; then HT_MIN=${HT} HT_MAX=${HT} elif echo -n "${HT}" | grep -q '^[0-9]\+-[1-9][0-9]*$'; then HT_MIN=$(echo -n ${HT} | sed "s/-.*//") HT_MAX=$(echo -n ${HT} | sed "s/.*-//") if [ "${HT_MIN}" -gt "${HT_MAX}" ]; then echo "! hash type range -m ${HT} is not valid ..." usage fi else echo "! hash type is not a number ..." usage fi HT=${HT_MIN} # filter by hash_type if [ "${HT}" -ne 65535 ]; then # validate filter if ! is_in_array "${HT_MIN}" ${HASH_TYPES}; then echo "! invalid hash type selected ..." usage fi if ! is_in_array "${HT_MAX}" ${HASH_TYPES}; then echo "! invalid hash type selected ..." usage fi fi if [ -z "${PACKAGE_FOLDER}" ]; then # make new dir mkdir -p "${OUTD}" # generate random test entry if [ "${HT}" -eq 65535 ]; then for TMP_HT in ${HASH_TYPES}; do if [ "${TMP_HT}" -ne ${LUKS_MODE} ]; then if ! is_in_array "${TMP_HT}" ${TC_MODES}; then if ! is_in_array "${TMP_HT}" ${VC_MODES}; then if ! is_in_array "${TMP_HT}" ${CL_MODES}; then perl tools/test.pl single "${TMP_HT}" >> "${OUTD}/all.sh" fi fi fi fi done else for TMP_HT in $(seq "${HT_MIN}" "${HT_MAX}"); do if ! is_in_array "${TMP_HT}" ${HASH_TYPES}; then continue fi if [ "${TMP_HT}" -ne ${LUKS_MODE} ]; then # Exclude TrueCrypt and VeraCrypt testing modes if ! is_in_array "${TMP_HT}" ${TC_MODES}; then if ! is_in_array "${TMP_HT}" ${VC_MODES}; then if ! is_in_array "${TMP_HT}" ${CL_MODES}; then perl tools/test.pl single "${TMP_HT}" >> "${OUTD}/all.sh" fi fi fi fi done fi else OUTD=${PACKAGE_FOLDER} fi rm -rf "${OUTD}/logfull.txt" && touch "${OUTD}/logfull.txt" # populate array of hash types where we only should check if pass is in output (not both hash:pass) IFS=';' read -ra PASS_ONLY <<< "${HASHFILE_ONLY} ${NOCHECK_ENCODING}" IFS=';' read -ra TIMEOUT_ALGOS <<< "${SLOW_ALGOS}" IFS=';' read -ra NEVER_CRACK_ALGOS <<< "${NEVER_CRACK}" # for these particular algos we need to save the output to a temporary file IFS=';' read -ra FILE_BASED_ALGOS <<< "${HASHFILE_ONLY}" for hash_type in $HASH_TYPES; do if [ "${HT}" -ne 65535 ]; then # check if the loop variable "hash_type" is between HT_MIN and HT_MAX (both included) if [ "${hash_type}" -lt "${HT_MIN}" ]; then continue elif [ "${hash_type}" -gt "${HT_MAX}" ]; then # we are done because hash_type is larger than range: break fi fi if [ "${hash_type}" -eq 20510 ]; then # special case for PKZIP Master Key if [ "${MODE}" -eq 1 ]; then # if "multi" was forced we need to skip it if [ "${HT_MIN}" -eq 20510 ]; then if [ "${HT_MAX}" -eq 20510 ]; then echo "ERROR: -m 20510 = PKZIP Master Key can only be run with a single hash" fi fi continue fi fi if [ -z "${PACKAGE_FOLDER}" ]; then # init test data init else echo "[ ${OUTD} ] > Run packaged test for hash type $hash_type." fi if [ "${PACKAGE}" -eq 0 ]; then # should we check only the pass? pass_only=0 is_in_array "${hash_type}" ${PASS_ONLY} && pass_only=1 IS_SLOW=0 is_in_array "${hash_type}" ${SLOW_ALGOS} && IS_SLOW=1 # we use phpass as slow hash for testing the AMP kernel [ "${hash_type}" -eq 400 ] && IS_SLOW=0 OPTS_OLD=${OPTS} VECTOR_OLD=${VECTOR} MODE_OLD=${MODE} if [ "${hash_type}" -eq 20510 ]; then # special case for PKZIP Master Key if [ "${MODE}" -eq 1 ]; then # if "multi" was forced we need to skip it continue fi MODE=0 # force single only fi for CUR_WIDTH in $VECTOR_WIDTHS; do if [ "${VECTOR_OLD}" = "all" ] || [ "${VECTOR_OLD}" = "default" ] || [ "${VECTOR_OLD}" = "${CUR_WIDTH}" ]; then if [ "${VECTOR_OLD}" = "default" ] && \ [ "${CUR_WIDTH}" != "1" ] && \ [ "${CUR_WIDTH}" != "4" ]; then continue fi VECTOR=${CUR_WIDTH} OPTS="${OPTS_OLD} --backend-vector-width ${VECTOR}" if [ ${IS_SLOW} -eq 1 ]; then # Look up if this is one of supported VeraCrypt modes if is_in_array "${hash_type}" ${VC_MODES}; then veracrypt_test 0 # aes veracrypt_test 1 # serpent veracrypt_test 2 # twofish veracrypt_test 3 # camellia veracrypt_test 4 # camellia (alternative cascade) veracrypt_test 5 # kuznyechik veracrypt_test 6 # kuznyechik (alternative cascade) elif is_in_array "${hash_type}" ${TC_MODES}; then # run truecrypt tests truecrypt_test "${hash_type}" 0 truecrypt_test "${hash_type}" 1 truecrypt_test "${hash_type}" 2 elif [ "${hash_type}" -eq ${LUKS_MODE} ]; then # run luks tests luks_test "${hash_type}" ${ATTACK} else # run attack mode 0 (stdin) if [ ${ATTACK} -eq 65535 ] || [ ${ATTACK} -eq 0 ]; then attack_0; fi fi else if is_in_array "${hash_type}" ${CL_MODES}; then # run cryptoloop tests cryptoloop_test "${hash_type}" 128 cryptoloop_test "${hash_type}" 192 cryptoloop_test "${hash_type}" 256 else # run attack mode 0 (stdin) if [ ${ATTACK} -eq 65535 ] || [ ${ATTACK} -eq 0 ]; then attack_0; fi # run attack mode 1 (combinator) if [ ${ATTACK} -eq 65535 ] || [ ${ATTACK} -eq 1 ]; then attack_1; fi # run attack mode 3 (bruteforce) if [ ${ATTACK} -eq 65535 ] || [ ${ATTACK} -eq 3 ]; then attack_3; fi # run attack mode 6 (dict+mask) if [ ${ATTACK} -eq 65535 ] || [ ${ATTACK} -eq 6 ]; then attack_6; fi # run attack mode 7 (mask+dict) if [ ${ATTACK} -eq 65535 ] || [ ${ATTACK} -eq 7 ]; then attack_7; fi fi fi fi done OPTS="${OPTS_OLD}" VECTOR="${VECTOR_OLD}" MODE=${MODE_OLD} fi done else OUTD=${PACKAGE_FOLDER} fi # fix logfile if [ "${PACKAGE}" -eq 0 ]; then cat -vet "${OUTD}/logfull.txt" | sed -e 's/\^M \^M//g' | sed -e 's/\$$//g' > "${OUTD}/test_report.log" fi rm -rf "${OUTD}/logfull.txt" if [ "${PACKAGE}" -eq 1 ]; then echo "[ ${OUTD} ] > Generate package ${OUTD}/${OUTD}.7z" cp "${BASH_SOURCE[0]}" "${OUTD}/test.sh" copy_luks_dir=0 copy_tc_dir=0 copy_vc_dir=0 copy_cl_dir=0 if [ "${HT}" -eq 65535 ]; then copy_luks_dir=1 copy_tc_dir=1 copy_vc_dir=1 copy_cl_dir=1 else for TMP_HT in $(seq "${HT_MIN}" "${HT_MAX}"); do if [ "${TMP_HT}" -eq "${LUKS_MODE}" ]; then copy_luks_dir=1 elif is_in_array "${TMP_HT}" ${TC_MODES}; then copy_tc_dir=1 elif is_in_array "${TMP_HT}" ${VC_MODES}; then copy_vc_dir=1 elif is_in_array "${TMP_HT}" ${CL_MODES}; then copy_cl_dir=1 fi done fi if [ "${copy_luks_dir}" -eq 1 ]; then mkdir "${OUTD}/luks_tests/" cp ${TDIR}/luks_tests/* "${OUTD}/luks_tests/" fi if [ "${copy_tc_dir}" -eq 1 ]; then mkdir "${OUTD}/tc_tests/" cp ${TDIR}/tc_tests/* "${OUTD}/tc_tests/" fi if [ "${copy_vc_dir}" -eq 1 ]; then mkdir "${OUTD}/vc_tests/" cp ${TDIR}/vc_tests/* "${OUTD}/vc_tests/" fi if [ "${copy_cl_dir}" -eq 1 ]; then mkdir "${OUTD}/cl_tests/" cp ${TDIR}/cl_tests/* "${OUTD}/cl_tests/" fi # if we package from a given folder, we need to check if e.g. the files needed for multi mode are there if [ -n "${PACKAGE_FOLDER}" ]; then MODE=2 ls "${PACKAGE_FOLDER}"/*multi* >/dev/null 2>/dev/null if [ "${?}" -ne 0 ] then MODE=0 fi HT=$(grep -o -- "-m *[0-9]*" "${PACKAGE_FOLDER}/all.sh" | sort -u | sed 's/-m //' 2> /dev/null) if [ -n "${HT}" ]; then HT_COUNT=$(echo "${HT}" | wc -l) if [ "${HT_COUNT}" -gt 1 ]; then HT=65535 fi fi #ATTACK=65535 # more appropriate ? fi # for convenience: 'run package' is default action for packaged test.sh ( + add other defaults too ) SED_IN_PLACE='-i' UNAME=$(uname -s) # of course macOS requires us to implement a special case (sed -i "" for the backup file) if [ "${UNAME}" = "Darwin" ] ; then SED_IN_PLACE='-i ""' fi HT_PACKAGED=${HT} if [ "${HT_MIN}" -ne "${HT_MAX}" ]; then HT_PACKAGED=${HT_MIN}-${HT_MAX} fi HASH_TYPES_PACKAGED=$( echo "${HASH_TYPES}" | tr '\n' ' ' | sed 's/ $//') HASHFILE_ONLY_PACKAGED=$(echo "${HASHFILE_ONLY}" | tr '\n' ' ' | sed 's/ $//') NEVER_CRACK_PACKAGED=$( echo "${NEVER_CRACK}" | tr '\n' ' ' | sed 's/ $//') SLOW_ALGOS_PACKAGED=$( echo "${SLOW_ALGOS}" | tr '\n' ' ' | sed 's/ $//') sed "${SED_IN_PLACE}" -e 's/^\(PACKAGE_FOLDER\)=""/\1="$( echo "${BASH_SOURCE[0]}" | sed \"s!test.sh\\$!!\" )"/' \ -e "s/^\(HASH_TYPES\)=\$(.*/\1=\"${HASH_TYPES_PACKAGED}\"/" \ -e "s/^\(HASHFILE_ONLY\)=\$(.*/\1=\"${HASHFILE_ONLY_PACKAGED}\"/" \ -e "s/^\(NEVER_CRACK\)=\$(.*/\1=\"${NEVER_CRACK_PACKAGED}\"/" \ -e "s/^\(SLOW_ALGOS\)=\$(.*/\1=\"${SLOW_ALGOS_PACKAGED}\"/" \ -e "s/^\(HT\)=0/\1=${HT_PACKAGED}/" \ -e "s/^\(MODE\)=0/\1=${MODE}/" \ -e "s/^\(ATTACK\)=0/\1=${ATTACK}/" \ "${OUTD}/test.sh" ${PACKAGE_CMD} "${OUTD}/${OUTD}.7z" "${OUTD}/" >/dev/null 2>/dev/null fi