github/hashcat
1
Fork 0
mirror of https://github.com/hashcat/hashcat synced 2025-02-14 15:24:28 +01:00
Code Releases Activity

New mode 22000 WPA-PBKDF2-PMKID+EAPOL to replace -m 2500 and -m 16800. NOTE: missing support for message_pair and nonce_error_corrections handling

Browse Source
This commit is contained in:
Jens Steube 2019-12-15 21:09:04 +01:00
parent f9e5dcc133
commit 2a04354401
5 changed files with 2696 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1035
OpenCL/m22000-pure.cl Normal file
View File

File diff suppressed because it is too large Load Diff

952
src/modules/module_22000.c Normal file
View File

@ -0,0 +1,952 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#include "common.h"
#include "types.h"
#include "modules.h"
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
#define DGST_ELEM 4
#include "emu_general.h"
#include "emu_inc_cipher_aes.h"
#include "emu_inc_hash_md5.h"
#include "m22000-pure.cl"
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 1;
static const u32 DGST_POS2 = 2;
static const u32 DGST_POS3 = 3;
static const u32 DGST_SIZE = DGST_SIZE_4_4;
static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL;
static const char *HASH_NAME = "WPA-PBKDF2-PMKID+EAPOL";
static const u64 KERN_TYPE = 22000;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_AUX1
| OPTS_TYPE_AUX2
| OPTS_TYPE_AUX3
| OPTS_TYPE_AUX4
| OPTS_TYPE_DEEP_COMP_KERNEL
| OPTS_TYPE_COPY_TMPS;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat!";
static const char *ST_HASH = "WPA:01:9d42bfc4ab79cf3a3a85761efd2a0cf0:e8e61d2bfe07:e21f445660bb:3c3429452aba22e9a7a6:::";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
static const u32 ROUNDS_WPA_PBKDF2 = 4096;
struct auth_packet
{
u8 version;
u8 type;
u16 length;
u8 key_descriptor;
u16 key_information;
u16 key_length;
u64 replay_counter;
u8 wpa_key_nonce[32];
u8 wpa_key_iv[16];
u8 wpa_key_rsc[8];
u8 wpa_key_id[8];
u8 wpa_key_mic[16];
u16 wpa_key_data_length;
} __attribute__((packed));
typedef struct auth_packet auth_packet_t;
const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const char *mask = "?a?a?a?a?a?a?a?a";
return mask;
}
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 tmp_size = (const u64) sizeof (wpa_pbkdf2_tmp_t);
return tmp_size;
}
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (wpa_t);
return esalt_size;
}
bool module_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const bool hlfmt_disable = true;
return hlfmt_disable;
}
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_min = 8;
return pw_min;
}
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_max = 63;
return pw_max;
}
int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len, MAYBE_UNUSED void *tmps)
{
wpa_t *wpa = (wpa_t *) esalt_buf;
wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (wpa_pbkdf2_tmp_t *) tmps;
// here we have in line_hash_buf: PMK*essid:password
// but we don't care about the password
// PMK
wpa_pbkdf2_tmp->out[0] = hex_to_u32 ((const u8 *) line_buf + 0);
wpa_pbkdf2_tmp->out[1] = hex_to_u32 ((const u8 *) line_buf + 8);
wpa_pbkdf2_tmp->out[2] = hex_to_u32 ((const u8 *) line_buf + 16);
wpa_pbkdf2_tmp->out[3] = hex_to_u32 ((const u8 *) line_buf + 24);
wpa_pbkdf2_tmp->out[4] = hex_to_u32 ((const u8 *) line_buf + 32);
wpa_pbkdf2_tmp->out[5] = hex_to_u32 ((const u8 *) line_buf + 40);
wpa_pbkdf2_tmp->out[6] = hex_to_u32 ((const u8 *) line_buf + 48);
wpa_pbkdf2_tmp->out[7] = hex_to_u32 ((const u8 *) line_buf + 56);
// essid
char *sep_pos = strrchr (line_buf, ':');
if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
if ((line_buf + 64) != sep_pos) return (PARSER_HASH_LENGTH);
char *essid_pos = sep_pos + 1;
const int essid_len = strlen (essid_pos);
if (essid_len & 1) return (PARSER_SALT_VALUE);
if (essid_len > 64) return (PARSER_SALT_VALUE);
wpa->essid_len = hex_decode ((const u8 *) essid_pos, essid_len, (u8 *) wpa->essid_buf);
return PARSER_OK;
}
int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size, MAYBE_UNUSED const void *tmps)
{
const wpa_t *wpa = (const wpa_t *) esalt_buf;
const wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (const wpa_pbkdf2_tmp_t *) tmps;
char tmp_buf[128];
const int tmp_len = hex_encode ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf);
tmp_buf[tmp_len] = 0;
const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s",
wpa_pbkdf2_tmp->out[0],
wpa_pbkdf2_tmp->out[1],
wpa_pbkdf2_tmp->out[2],
wpa_pbkdf2_tmp->out[3],
wpa_pbkdf2_tmp->out[4],
wpa_pbkdf2_tmp->out[5],
wpa_pbkdf2_tmp->out[6],
wpa_pbkdf2_tmp->out[7],
tmp_buf);
return line_len;
}
int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, char **buf)
{
const salt_t *salts_buf = hashes->salts_buf;
const void *esalts_buf = hashes->esalts_buf;
const salt_t *salt = &salts_buf[salt_pos];
const u32 digest_cur = salt->digests_offset + digest_pos;
const wpa_t *wpas = (const wpa_t *) esalts_buf;
const wpa_t *wpa = &wpas[digest_cur];
char tmp_buf[128];
const int tmp_len = hex_encode ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf);
tmp_buf[tmp_len] = 0;
if (wpa->type == 1)
{
const int len = hc_asprintf (buf, "WPA:01:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:::" EOL,
byte_swap_32 (wpa->pmkid[0]),
byte_swap_32 (wpa->pmkid[1]),
byte_swap_32 (wpa->pmkid[2]),
byte_swap_32 (wpa->pmkid[3]),
wpa->orig_mac_ap[0],
wpa->orig_mac_ap[1],
wpa->orig_mac_ap[2],
wpa->orig_mac_ap[3],
wpa->orig_mac_ap[4],
wpa->orig_mac_ap[5],
wpa->orig_mac_sta[0],
wpa->orig_mac_sta[1],
wpa->orig_mac_sta[2],
wpa->orig_mac_sta[3],
wpa->orig_mac_sta[4],
wpa->orig_mac_sta[5],
tmp_buf);
return len;
}
else if (wpa->type == 2)
{
u32 eapol_swapped[64 + 2];
for (int i = 0; i < 64; i++)
{
eapol_swapped[i] = wpa->eapol[i];
if (wpa->keyver == 2)
{
eapol_swapped[i] = byte_swap_32 (eapol_swapped[i]);
}
}
eapol_swapped[64] = 0;
eapol_swapped[65] = 0;
char tmp2_buf[384];
const int tmp2_len = hex_encode ((const u8 *) eapol_swapped, wpa->eapol_len, (u8 *) tmp2_buf);
tmp2_buf[tmp2_len] = 0;
const int len = hc_asprintf (buf, "WPA:02:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:%08x%08x%08x%08x%08x%08x%08x%08x:%s:%02x" EOL,
wpa->keymic[0],
wpa->keymic[1],
wpa->keymic[2],
wpa->keymic[3],
wpa->orig_mac_ap[0],
wpa->orig_mac_ap[1],
wpa->orig_mac_ap[2],
wpa->orig_mac_ap[3],
wpa->orig_mac_ap[4],
wpa->orig_mac_ap[5],
wpa->orig_mac_sta[0],
wpa->orig_mac_sta[1],
wpa->orig_mac_sta[2],
wpa->orig_mac_sta[3],
wpa->orig_mac_sta[4],
wpa->orig_mac_sta[5],
tmp_buf,
byte_swap_32 (wpa->anonce[0]),
byte_swap_32 (wpa->anonce[1]),
byte_swap_32 (wpa->anonce[2]),
byte_swap_32 (wpa->anonce[3]),
byte_swap_32 (wpa->anonce[4]),
byte_swap_32 (wpa->anonce[5]),
byte_swap_32 (wpa->anonce[6]),
byte_swap_32 (wpa->anonce[7]),
tmp2_buf,
wpa->extra);
return len;
}
return 0;
}
u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos)
{
const u32 digests_offset = hashes->salts_buf[salt_pos].digests_offset;
wpa_t *wpas = (wpa_t *) hashes->esalts_buf;
wpa_t *wpa = &wpas[digests_offset + digest_pos];
if (wpa->type == 1)
{
return KERN_RUN_AUX4;
}
else if (wpa->type == 2)
{
if (wpa->keyver == 1)
{
return KERN_RUN_AUX1;
}
else if (wpa->keyver == 2)
{
return KERN_RUN_AUX2;
}
else if (wpa->keyver == 3)
{
return KERN_RUN_AUX3;
}
}
return 0;
}
bool module_potfile_custom_check (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hash_t *db, MAYBE_UNUSED const hash_t *entry_hash, MAYBE_UNUSED const void *entry_tmps)
{
const wpa_t *wpa_entry = (const wpa_t *) entry_hash->esalt;
const wpa_t *wpa_db = (const wpa_t *) db->esalt;
if (wpa_db->essid_len != wpa_entry->essid_len) return false;
if (strcmp ((const char *) wpa_db->essid_buf, (const char *) wpa_entry->essid_buf)) return false;
const wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (const wpa_pbkdf2_tmp_t *) entry_tmps;
wpa_pbkdf2_tmp_t tmps;
tmps.out[0] = byte_swap_32 (wpa_pbkdf2_tmp->out[0]);
tmps.out[1] = byte_swap_32 (wpa_pbkdf2_tmp->out[1]);
tmps.out[2] = byte_swap_32 (wpa_pbkdf2_tmp->out[2]);
tmps.out[3] = byte_swap_32 (wpa_pbkdf2_tmp->out[3]);
tmps.out[4] = byte_swap_32 (wpa_pbkdf2_tmp->out[4]);
tmps.out[5] = byte_swap_32 (wpa_pbkdf2_tmp->out[5]);
tmps.out[6] = byte_swap_32 (wpa_pbkdf2_tmp->out[6]);
tmps.out[7] = byte_swap_32 (wpa_pbkdf2_tmp->out[7]);
plain_t plains_buf;
u32 hashes_shown = 0;
u32 d_return_buf = 0;
void (*m22000_aux) (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t));
if (wpa_db->type == 1)
{
m22000_aux = m22000_aux4;
}
else if (wpa_db->type == 2)
{
if (wpa_db->keyver == 1)
{
m22000_aux = m22000_aux1;
}
else if (wpa_db->keyver == 2)
{
m22000_aux = m22000_aux2;
}
else if (wpa_db->keyver == 3)
{
m22000_aux = m22000_aux3;
}
else
{
return false;
}
}
else
{
return false;
}
m22000_aux
(
NULL, // pws
NULL, // rules_buf
NULL, // combs_buf
NULL, // bfs_buf
&tmps, // tmps
NULL, // hooks
NULL, // bitmaps_buf_s1_a
NULL, // bitmaps_buf_s1_b
NULL, // bitmaps_buf_s1_c
NULL, // bitmaps_buf_s1_d
NULL, // bitmaps_buf_s2_a
NULL, // bitmaps_buf_s2_b
NULL, // bitmaps_buf_s2_c
NULL, // bitmaps_buf_s2_d
&plains_buf, // plains_buf
db->digest, // digests_buf
&hashes_shown, // hashes_shown
db->salt, // salt_bufs
db->esalt, // esalt_bufs
&d_return_buf, // d_return_buf
NULL, // d_extra0_buf
NULL, // d_extra1_buf
NULL, // d_extra2_buf
NULL, // d_extra3_buf
0, // bitmap_mask
0, // bitmap_shift1
0, // bitmap_shift2
0, // salt_pos
0, // loop_pos
0, // loop_cnt
0, // il_cnt
1, // digests_cnt
0, // digests_offset
0, // combs_mode
1 // gid_max
);
const bool r = (d_return_buf == 0) ? false : true;
return r;
}
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
{
u32 *digest = (u32 *) digest_buf;
wpa_t *wpa = (wpa_t *) esalt_buf;
// start normal parsing
token_t token;
token.token_cnt = 9;
token.signatures_cnt = 1;
token.signatures_buf[0] = "WPA";
token.sep[0] = ':';
token.len_min[0] = 3;
token.len_max[0] = 3;
token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
token.sep[1] = ':';
token.len_min[1] = 2;
token.len_max[1] = 2;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[2] = ':';
token.len_min[2] = 32;
token.len_max[2] = 32;
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[3] = ':';
token.len_min[3] = 12;
token.len_max[3] = 12;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[4] = ':';
token.len_min[4] = 12;
token.len_max[4] = 12;
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[5] = ':';
token.len_min[5] = 0;
token.len_max[5] = 64;
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[6] = ':';
token.len_min[6] = 0;
token.len_max[6] = 64;
token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[7] = ':';
token.len_min[7] = 0;
token.len_max[7] = 512;
token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[8] = ':';
token.len_min[8] = 0;
token.len_max[8] = 2;
token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
// mac_ap
const u8 *macap_buf = token.buf[3];
wpa->orig_mac_ap[0] = hex_to_u8 (macap_buf + 0);
wpa->orig_mac_ap[1] = hex_to_u8 (macap_buf + 2);
wpa->orig_mac_ap[2] = hex_to_u8 (macap_buf + 4);
wpa->orig_mac_ap[3] = hex_to_u8 (macap_buf + 6);
wpa->orig_mac_ap[4] = hex_to_u8 (macap_buf + 8);
wpa->orig_mac_ap[5] = hex_to_u8 (macap_buf + 10);
// mac_sta
const u8 *macsta_buf = token.buf[4];
wpa->orig_mac_sta[0] = hex_to_u8 (macsta_buf + 0);
wpa->orig_mac_sta[1] = hex_to_u8 (macsta_buf + 2);
wpa->orig_mac_sta[2] = hex_to_u8 (macsta_buf + 4);
wpa->orig_mac_sta[3] = hex_to_u8 (macsta_buf + 6);
wpa->orig_mac_sta[4] = hex_to_u8 (macsta_buf + 8);
wpa->orig_mac_sta[5] = hex_to_u8 (macsta_buf + 10);
// essid
const u8 *essid_buf = token.buf[5];
const int essid_len = token.len[5];
if (essid_len & 1) return (PARSER_SALT_VALUE);
wpa->essid_len = hex_decode (essid_buf, essid_len, (u8 *) wpa->essid_buf);
// salt
memcpy (salt->salt_buf, wpa->essid_buf, wpa->essid_len);
salt->salt_len = wpa->essid_len;
salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1;
// type
const u8 *type_buf = token.buf[1];
const u8 type = hex_to_u8 (type_buf);
if ((type != 1) && (type != 2)) return (PARSER_SALT_VALUE);
wpa->type = type;
// PMKID specific code
if (type == 1)
{
// pmkid
const u8 *pmkid_buf = token.buf[2];
wpa->pmkid[0] = hex_to_u32 (pmkid_buf + 0);
wpa->pmkid[1] = hex_to_u32 (pmkid_buf + 8);
wpa->pmkid[2] = hex_to_u32 (pmkid_buf + 16);
wpa->pmkid[3] = hex_to_u32 (pmkid_buf + 24);
// pmkid_data
wpa->pmkid_data[0] = 0x204b4d50; // "PMK "
wpa->pmkid_data[1] = 0x656d614e; // "Name"
wpa->pmkid_data[2] = (wpa->orig_mac_ap[0] << 0)
| (wpa->orig_mac_ap[1] << 8)
| (wpa->orig_mac_ap[2] << 16)
| (wpa->orig_mac_ap[3] << 24);
wpa->pmkid_data[3] = (wpa->orig_mac_ap[4] << 0)
| (wpa->orig_mac_ap[5] << 8)
| (wpa->orig_mac_sta[0] << 16)
| (wpa->orig_mac_sta[1] << 24);
wpa->pmkid_data[4] = (wpa->orig_mac_sta[2] << 0)
| (wpa->orig_mac_sta[3] << 8)
| (wpa->orig_mac_sta[4] << 16)
| (wpa->orig_mac_sta[5] << 24);
// hash
digest[0] = wpa->pmkid[0];
digest[1] = wpa->pmkid[1];
digest[2] = wpa->pmkid[2];
digest[3] = wpa->pmkid[3];
digest[0] = byte_swap_32 (digest[0]);
digest[1] = byte_swap_32 (digest[1]);
digest[2] = byte_swap_32 (digest[2]);
digest[3] = byte_swap_32 (digest[3]);
}
// EAPOL specific code
if (type == 2)
{
// checks
if (token.len[6] != 64) return (PARSER_SALT_LENGTH);
if (token.len[7] < (int) sizeof (auth_packet_t) * 2) return (PARSER_SALT_LENGTH);
if (token.len[8] != 2) return (PARSER_SALT_LENGTH);
// anonce
const u8 *anonce_pos = token.buf[6];
wpa->anonce[0] = hex_to_u32 (anonce_pos + 0);
wpa->anonce[1] = hex_to_u32 (anonce_pos + 8);
wpa->anonce[2] = hex_to_u32 (anonce_pos + 16);
wpa->anonce[3] = hex_to_u32 (anonce_pos + 24);
wpa->anonce[4] = hex_to_u32 (anonce_pos + 32);
wpa->anonce[5] = hex_to_u32 (anonce_pos + 40);
wpa->anonce[6] = hex_to_u32 (anonce_pos + 48);
wpa->anonce[7] = hex_to_u32 (anonce_pos + 56);
// eapol
const u8 *eapol_pos = token.buf[7];
u8 *eapol_ptr = (u8 *) wpa->eapol;
wpa->eapol_len = hex_decode ((const u8 *) eapol_pos, token.len[7], eapol_ptr);
memset (eapol_ptr + wpa->eapol_len, 0, (256 + 64) - wpa->eapol_len);
auth_packet_t *auth_packet = (auth_packet_t *) wpa->eapol;
// keyver
const u16 key_information = byte_swap_16 (auth_packet->key_information);
wpa->keyver = key_information & 3;
if ((wpa->keyver != 1) && (wpa->keyver != 2) && (wpa->keyver != 3)) return (PARSER_SALT_VALUE);
// pke
u8 *pke_ptr = (u8 *) wpa->pke;
memset (pke_ptr, 0, 128);
if ((wpa->keyver == 1) || (wpa->keyver == 2))
{
memcpy (pke_ptr, "Pairwise key expansion\x00", 23);
if (memcmp (wpa->orig_mac_ap, wpa->orig_mac_sta, 6) < 0)
{
memcpy (pke_ptr + 23, wpa->orig_mac_ap, 6);
memcpy (pke_ptr + 29, wpa->orig_mac_sta, 6);
}
else
{
memcpy (pke_ptr + 23, wpa->orig_mac_sta, 6);
memcpy (pke_ptr + 29, wpa->orig_mac_ap, 6);
}
wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32);
if (wpa->nonce_compare < 0)
{
memcpy (pke_ptr + 35, wpa->anonce, 32);
memcpy (pke_ptr + 67, auth_packet->wpa_key_nonce, 32);
}
else
{
memcpy (pke_ptr + 35, auth_packet->wpa_key_nonce, 32);
memcpy (pke_ptr + 67, wpa->anonce, 32);
}
}
else if (wpa->keyver == 3)
{
pke_ptr[0] = 1;
pke_ptr[1] = 0;
memcpy (pke_ptr + 2, "Pairwise key expansion", 22);
if (memcmp (wpa->orig_mac_ap, wpa->orig_mac_sta, 6) < 0)
{
memcpy (pke_ptr + 24, wpa->orig_mac_ap, 6);
memcpy (pke_ptr + 30, wpa->orig_mac_sta, 6);
}
else
{
memcpy (pke_ptr + 24, wpa->orig_mac_sta, 6);
memcpy (pke_ptr + 30, wpa->orig_mac_ap, 6);
}
wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32);
if (wpa->nonce_compare < 0)
{
memcpy (pke_ptr + 36, wpa->anonce, 32);
memcpy (pke_ptr + 68, auth_packet->wpa_key_nonce, 32);
}
else
{
memcpy (pke_ptr + 36, auth_packet->wpa_key_nonce, 32);
memcpy (pke_ptr + 68, wpa->anonce, 32);
}
pke_ptr[100] = 0x80;
pke_ptr[101] = 1;
}
for (int i = 0; i < 32; i++)
{
wpa->pke[i] = byte_swap_32 (wpa->pke[i]);
}
if (wpa->keyver == 2)
{
for (int i = 0; i < 64; i++)
{
wpa->eapol[i] = byte_swap_32 (wpa->eapol[i]);
}
}
if (wpa->keyver == 3)
{
eapol_ptr[wpa->eapol_len] = 0x80;
}
// extra
const u8 *extra_pos = token.buf[8];
wpa->extra = hex_to_u8 (extra_pos);
// todo stuff
wpa->message_pair = wpa->extra;
wpa->message_pair_chgd = 0;
wpa->nonce_error_corrections = 0;
wpa->detected_le = 0;
wpa->detected_be = 0;
// mic
const u8 *mic_pos = token.buf[2];
wpa->keymic[0] = hex_to_u32 (mic_pos + 0);
wpa->keymic[1] = hex_to_u32 (mic_pos + 8);
wpa->keymic[2] = hex_to_u32 (mic_pos + 16);
wpa->keymic[3] = hex_to_u32 (mic_pos + 24);
wpa->keymic[0] = byte_swap_32 (wpa->keymic[0]);
wpa->keymic[1] = byte_swap_32 (wpa->keymic[1]);
wpa->keymic[2] = byte_swap_32 (wpa->keymic[2]);
wpa->keymic[3] = byte_swap_32 (wpa->keymic[3]);
// Create a hash of the nonce as ESSID is not unique enough
// Not a regular MD5 but good enough
// We can also ignore cases where we should bzero the work buffer
u32 hash[4];
hash[0] = 0;
hash[1] = 1;
hash[2] = 2;
hash[3] = 3;
u32 block[16];
memset (block, 0, sizeof (block));
u8 *block_ptr = (u8 *) block;
for (int i = 0; i < 16; i++) block[i] = salt->salt_buf[i];
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 0];
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 16];
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 0];
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 16];
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 32];
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 48];
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
memcpy (block_ptr + 0, wpa->orig_mac_ap, 6);
memcpy (block_ptr + 6, wpa->orig_mac_sta, 6);
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
memcpy (block_ptr + 0, wpa->anonce, 32);
memcpy (block_ptr + 32, auth_packet->wpa_key_nonce, 32);
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
block[0] = wpa->keymic[0];
block[1] = wpa->keymic[1];
block[2] = wpa->keymic[2];
block[3] = wpa->keymic[3];
md5_transform (block + 0, block + 4, block + 8, block + 12, hash);
// make all this stuff unique
digest[0] = hash[0];
digest[1] = hash[1];
digest[2] = hash[2];
digest[3] = hash[3];
}
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
const wpa_t *wpa = (const wpa_t *) esalt_buf;
int line_len = 0;
if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true)
{
char tmp_buf[128];
int tmp_len = 0;
tmp_buf[tmp_len++] = '$';
tmp_buf[tmp_len++] = 'H';
tmp_buf[tmp_len++] = 'E';
tmp_buf[tmp_len++] = 'X';
tmp_buf[tmp_len++] = '[';
exec_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf + tmp_len);
tmp_len += wpa->essid_len * 2;
tmp_buf[tmp_len++] = ']';
tmp_buf[tmp_len++] = 0;
line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s",
wpa->orig_mac_ap[0],
wpa->orig_mac_ap[1],
wpa->orig_mac_ap[2],
wpa->orig_mac_ap[3],
wpa->orig_mac_ap[4],
wpa->orig_mac_ap[5],
wpa->orig_mac_sta[0],
wpa->orig_mac_sta[1],
wpa->orig_mac_sta[2],
wpa->orig_mac_sta[3],
wpa->orig_mac_sta[4],
wpa->orig_mac_sta[5],
tmp_buf);
}
else
{
line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s",
wpa->orig_mac_ap[0],
wpa->orig_mac_ap[1],
wpa->orig_mac_ap[2],
wpa->orig_mac_ap[3],
wpa->orig_mac_ap[4],
wpa->orig_mac_ap[5],
wpa->orig_mac_sta[0],
wpa->orig_mac_sta[1],
wpa->orig_mac_sta[2],
wpa->orig_mac_sta[3],
wpa->orig_mac_sta[4],
wpa->orig_mac_sta[5],
(const char *) wpa->essid_buf);
}
return line_len;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = module_benchmark_mask;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = module_deep_comp_kernel;
module_ctx->module_dgst_pos0 = module_dgst_pos0;
module_ctx->module_dgst_pos1 = module_dgst_pos1;
module_ctx->module_dgst_pos2 = module_dgst_pos2;
module_ctx->module_dgst_pos3 = module_dgst_pos3;
module_ctx->module_dgst_size = module_dgst_size;
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
module_ctx->module_esalt_size = module_esalt_size;
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
module_ctx->module_hash_binary_save = module_hash_binary_save;
module_ctx->module_hash_decode_potfile = module_hash_decode_potfile;
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
module_ctx->module_hash_decode = module_hash_decode;
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
module_ctx->module_hash_encode_potfile = module_hash_encode_potfile;
module_ctx->module_hash_encode = module_hash_encode;
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
module_ctx->module_hash_mode = MODULE_DEFAULT;
module_ctx->module_hash_category = module_hash_category;
module_ctx->module_hash_name = module_hash_name;
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
module_ctx->module_hlfmt_disable = module_hlfmt_disable;
module_ctx->module_hook12 = MODULE_DEFAULT;
module_ctx->module_hook23 = MODULE_DEFAULT;
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
module_ctx->module_hook_size = MODULE_DEFAULT;
module_ctx->module_jit_build_options = MODULE_DEFAULT;
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
module_ctx->module_kern_type = module_kern_type;
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
module_ctx->module_opti_type = module_opti_type;
module_ctx->module_opts_type = module_opts_type;
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
module_ctx->module_potfile_custom_check = module_potfile_custom_check;
module_ctx->module_potfile_disable = MODULE_DEFAULT;
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = module_pw_max;
module_ctx->module_pw_min = module_pw_min;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;
module_ctx->module_separator = MODULE_DEFAULT;
module_ctx->module_st_hash = module_st_hash;
module_ctx->module_st_pass = module_st_pass;
module_ctx->module_tmp_size = module_tmp_size;
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}

29
src/selftest.c
View File

@ -542,9 +542,34 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param
device_param->kernel_params_buf32[28] = 0;
device_param->kernel_params_buf32[29] = 1;
const u32 deep_comp_kernel = module_ctx->module_deep_comp_kernel (hashes, 0, 0);
bool test_ok = false;
if (run_kernel (hashcat_ctx, device_param, deep_comp_kernel, 1, false, 0) == -1) return -1;
if (hashconfig->opts_type & OPTS_TYPE_AUX1)
{
if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX1, 1, false, 0) == 0) test_ok = true;
}
if (hashconfig->opts_type & OPTS_TYPE_AUX2)
{
if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX2, 1, false, 0) == 0) test_ok = true;
}
if (hashconfig->opts_type & OPTS_TYPE_AUX3)
{
if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX3, 1, false, 0) == 0) test_ok = true;
}
if (hashconfig->opts_type & OPTS_TYPE_AUX4)
{
if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX4, 1, false, 0) == 0) test_ok = true;
}
else
{
if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, 1, false, 0) == -1) return -1;
}
if (test_ok == false) return -1;
}
else
{

126
tools/test.sh
View File

@ -19,7 +19,7 @@ VC_MODES="13711 13712 13713 13721 13722 13723 13731 13732 13733 13741 13742 1374
NEVER_CRACK="9720 9820 14900 18100"
# List of modes which return a different output hash format than the input hash format
NOCHECK_ENCODING="16800"
NOCHECK_ENCODING="16800 22000"
# LUKS mode has test containers
LUKS_MODE="14600"
@ -273,6 +273,8 @@ function init()
min_offset=3
elif [ "${hash_type}" -eq 16800 ]; then
min_offset=7 # means length 8, since we start with 0
elif [ "${hash_type}" -eq 22000 ]; then
min_offset=7 # means length 8, since we start with 0
fi
# foreach password entry split password in 2 (skip first entry, is len 1)
@ -334,6 +336,8 @@ function init()
min_len=31
elif [ "${hash_type}" -eq 16800 ]; then
min_len=7 # means length 8, since we start with 0
elif [ "${hash_type}" -eq 22000 ]; then
min_len=7 # means length 8, since we start with 0
fi
# generate multiple pass/hash foreach len (2 to 8)
@ -925,6 +929,8 @@ function attack_3()
max=1
elif [ "${hash_type}" -eq 16800 ]; then
max=7
elif [ "${hash_type}" -eq 22000 ]; then
max=7
fi
i=1
@ -1094,6 +1100,11 @@ function attack_3()
increment_max=9
fi
if [ "${hash_type}" -eq 22000 ]; then
increment_min=8
increment_max=9
fi
# if file_only -> decode all base64 "hashes" and put them in the temporary file
if [ "${file_only}" -eq 1 ]; then
@ -1335,6 +1346,91 @@ function attack_3()
custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}"
fi
if [ "${hash_type}" -eq 22000 ]; then
mask="?d?d?d?d?d?1?2?3?4"
charset_1=""
charset_2=""
charset_3=""
charset_4=""
# check positions (here we assume that mask is always composed of non literal chars
# i.e. something like ?d?l?u?s?1 is possible, but ?d?dsuffix not
charset_1_pos=$(expr index "${mask}" 1)
charset_2_pos=$(expr index "${mask}" 2)
charset_3_pos=$(expr index "${mask}" 3)
charset_4_pos=$(expr index "${mask}" 4)
# divide each charset position by 2 since each of them occupies 2 positions in the mask
charset_1_pos=$((charset_1_pos / 2))
charset_2_pos=$((charset_2_pos / 2))
charset_3_pos=$((charset_3_pos / 2))
charset_4_pos=$((charset_4_pos / 2))
i=1
while read -r -u 9 hash; do
pass=$(sed -n ${i}p "${OUTD}/${hash_type}_passwords.txt")
# charset 1
char=$(echo "${pass}" | cut -b ${charset_1_pos})
charset_1=$(printf "%s\n%s\n" "${charset_1}" "${char}")
# charset 2
char=$(echo "${pass}" | cut -b ${charset_2_pos})
charset_2=$(printf "%s\n%s\n" "${charset_2}" "${char}")
# charset 3
char=$(echo "${pass}" | cut -b ${charset_3_pos})
charset_3=$(printf "%s\n%s\n" "${charset_3}" "${char}")
# charset 4
char=$(echo "${pass}" | cut -b ${charset_4_pos})
charset_4=$(printf "%s\n%s\n" "${charset_4}" "${char}")
i=$((i + 1))
done 9< "${OUTD}/${hash_type}_multihash_bruteforce.txt"
# just make sure that all custom charset fields are initialized
if [ -z "${charset_1}" ]; then
charset_1="1"
fi
if [ -z "${charset_2}" ]; then
charset_2="2"
fi
if [ -z "${charset_3}" ]; then
charset_3="3"
fi
if [ -z "${charset_4}" ]; then
charset_4="4"
fi
# unique and remove new lines
charset_1=$(echo "${charset_1}" | sort -u | tr -d '\n')
charset_2=$(echo "${charset_2}" | sort -u | tr -d '\n')
charset_3=$(echo "${charset_3}" | sort -u | tr -d '\n')
charset_4=$(echo "${charset_4}" | sort -u | tr -d '\n')
custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}"
fi
increment_charset_opts=""
if [ ${need_hcmask} -eq 0 ]; then # the "normal" case without .hcmask file
@ -1449,6 +1545,8 @@ function attack_6()
mask_offset=29
elif [ "${hash_type}" -eq 16800 ]; then
max=6
elif [ "${hash_type}" -eq 22000 ]; then
max=6
fi
# special case: we need to split the first line
@ -1667,6 +1765,8 @@ function attack_6()
max=8
elif [ "${hash_type}" -eq 16800 ]; then
max=5
elif [ "${hash_type}" -eq 22000 ]; then
max=5
fi
if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then
@ -1813,6 +1913,8 @@ function attack_7()
max=1
elif [ "${hash_type}" -eq 16800 ]; then
max=5
elif [ "${hash_type}" -eq 22000 ]; then
max=5
fi
# special case: we need to split the first line
@ -1916,6 +2018,26 @@ function attack_7()
fi
if [ "${hash_type}" -eq 22000 ]; then
pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1")
pass_part_2=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict2")
pass_part_2_len=${#pass_part_2}
pass=${pass_part_1}${pass_part_2}
pass_len=${#pass}
# add first x chars of password to mask and append the (old) mask
mask_len=${#mask}
mask_len=$((mask_len / 2))
mask_prefix=$(echo "${pass}" | cut -b -$((pass_len - mask_len - pass_part_2_len)))
mask=${mask_prefix}${mask}
fi
if [ "${hash_type}" -eq 20510 ]; then
pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1")
@ -2060,6 +2182,8 @@ function attack_7()
max=5
elif [ "${hash_type}" -eq 16800 ]; then
max=5
elif [ "${hash_type}" -eq 22000 ]; then
max=5
fi
if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then

557
tools/test_modules/m22000.pm Normal file
View File

@ -0,0 +1,557 @@
#!/usr/bin/env perl
##
## Author......: See docs/credits.txt
## License.....: MIT
##
use strict;
use warnings;
use Crypt::PBKDF2;
use Digest::MD5 qw (md5);
use Digest::SHA qw (sha1 sha256);
use Digest::HMAC qw (hmac hmac_hex);
use Digest::CMAC;
use MIME::Base64 qw (encode_base64);
sub module_constraints { [[8, 63], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] }
sub module_generate_hash
{
my $word = shift;
my $salt = shift;
my $type = shift // random_number (1, 2);
my $macap = shift;
my $macsta = shift;
my $essid = shift;
my $anonce = shift;
my $eapol = shift;
my $extra = shift;
my $hash;
if ($type == 1)
{
if (!defined ($macap))
{
$macap = unpack ("H*", random_bytes (6));
}
if (!defined ($macsta))
{
$macsta = unpack ("H*", random_bytes (6));
}
if (!defined ($essid))
{
$essid = unpack ("H*", random_bytes (random_number (0, 32) & 0x1e));
}
my $pbkdf2 = Crypt::PBKDF2->new
(
hash_class => 'HMACSHA1',
iterations => 4096,
output_len => 32,
);
my $essid_bin = pack ("H*", $essid);
my $pmk = $pbkdf2->PBKDF2 ($essid_bin, $word);
my $macap_bin = pack ("H*", $macap);
my $macsta_bin = pack ("H*", $macsta);
my $data = "PMK Name" . $macap_bin . $macsta_bin;
my $pmkid = hmac_hex ($data, $pmk, \&sha1);
$hash = sprintf ("WPA:%02x:%s:%s:%s:%s:::", $type, substr ($pmkid, 0, 32), $macap, $macsta, $essid);
}
elsif ($type == 2)
{
if (!defined ($macap))
{
$macap = random_bytes (6);
}
else
{
$macap = pack ("H*", $macap);
}
if (!defined ($macsta))
{
$macsta = random_bytes (6);
}
else
{
$macsta = pack ("H*", $macsta);
}
if (!defined ($extra))
{
$extra = "\x00";
}
else
{
$extra = pack ("H*", $extra);
}
my $keyver;
my $snonce;
if (!defined ($eapol))
{
$keyver = random_number (1, 3); # 1, 2 or 3
$snonce = random_bytes (32);
$eapol = gen_random_wpa_eapol ($keyver, $snonce);
}
else
{
$eapol = pack ("H*", $eapol);
my $key_info = unpack ("n*", substr ($eapol, 5, 2));
$keyver = $key_info & 3;
$snonce = substr ($eapol, 17, 32);
}
if (!defined ($anonce))
{
$anonce = random_bytes (32);
}
else
{
$anonce = pack ("H*", $anonce);
}
if (!defined ($essid))
{
$essid = unpack ("H*", random_bytes (random_number (0, 32) & 0x1e));
}
my $pbkdf2 = Crypt::PBKDF2->new
(
hash_class => 'HMACSHA1',
iterations => 4096,
output_len => 32,
);
my $essid_bin = pack ("H*", $essid);
my $pmk = $pbkdf2->PBKDF2 ($essid_bin, $word);
# Pairwise Transient Key (PTK) transformation
my $ptk = wpa_prf_512 ($keyver, $pmk, $macsta, $macap, $snonce, $anonce);
# generate the Message Integrity Code (MIC)
my $mic = "";
if ($keyver == 1) # WPA1 => MD5
{
$mic = hmac ($eapol, $ptk, \&md5);
}
elsif ($keyver == 2) # WPA2 => SHA1
{
$mic = hmac ($eapol, $ptk, \&sha1);
}
elsif ($keyver == 3) # WPA2 => SHA256 + AES-CMAC
{
my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael');
$omac1->add ($eapol);
$mic = $omac1->digest;
}
$mic = substr ($mic, 0, 16);
$hash = sprintf ("WPA:%02x:%s:%s:%s:%s:%s:%s:%s", $type, unpack ("H*", $mic), unpack ("H*", $macap), unpack ("H*", $macsta), $essid, unpack ("H*", $anonce), unpack ("H*", $eapol), unpack ("H*", $extra));
}
return $hash;
}
sub module_verify_hash
{
my $line = shift;
my @data = split (':', $line);
return unless scalar @data == 10;
my ($signature, $type, undef, $macap, $macsta, $essid, $anonce, $eapol, $extra, $word) = @data;
return unless ($signature eq "WPA");
my $word_packed = pack_if_HEX_notation ($word);
my $new_hash = module_generate_hash ($word_packed, undef, $type, $macap, $macsta, $essid, $anonce, $eapol, $extra);
return ($new_hash, $word);
}
sub gen_random_wpa_eapol
{
my $keyver = shift;
my $snonce = shift;
my $ret = "";
# version
my $version = 1; # 802.1X-2001
$ret .= pack ("C*", $version);
my $type = 3; # means that this EAPOL frame is used to transfer key information
$ret .= pack ("C*", $type);
my $length; # length of remaining data
if ($keyver == 1)
{
$length = 119;
}
else
{
$length = 117;
}
$ret .= pack ("n*", $length);
my $descriptor_type;
if ($keyver == 1)
{
$descriptor_type = 254; # EAPOL WPA key
}
else
{
$descriptor_type = 1; # EAPOL RSN key
}
$ret .= pack ("C*", $descriptor_type);
# key_info is a bit vector:
# generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3)
my $key_info = 0;
$key_info |= 1 << 8; # set key MIC
$key_info |= 1 << 3; # set if it is a pairwise key
if ($keyver == 1)
{
$key_info |= 1; # RC4 Cipher, HMAC-MD5 MIC
}
elsif ($keyver == 2)
{
$key_info |= 2; # AES Cipher, HMAC-SHA1 MIC
}
elsif ($keyver == 3)
{
$key_info |= 3; # AES-CMAC
}
$ret .= pack ("n*", $key_info);
my $key_length;
if ($keyver == 1)
{
$key_length = 32;
}
else
{
$key_length = 0;
}
$ret .= pack ("n*", $key_length);
my $replay_counter = 1;
$ret .= pack ("Q>*", $replay_counter);
$ret .= $snonce;
my $key_iv = "\x00" x 16;
$ret .= $key_iv;
my $key_rsc = "\x00" x 8;
$ret .= $key_rsc;
my $key_id = "\x00" x 8;
$ret .= $key_id;
my $key_mic = "\x00" x 16;
$ret .= $key_mic;
my $key_data_len;
if ($keyver == 1)
{
$key_data_len = 24; # length of the key_data (== WPA info)
}
else
{
$key_data_len = 22; # length of the key_data (== RSN info)
}
$ret .= pack ("n*", $key_data_len);
my $key_data = "";
if ($keyver == 1)
{
# wpa info
my $wpa_info = "";
my $vendor_specific_data = "";
my $tag_number = 221; # means it is a vendor specific tag
$vendor_specific_data .= pack ("C*", $tag_number);
my $tag_len = 22; # length of the remaining "tag data"
$vendor_specific_data .= pack ("C*", $tag_len);
my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft
$vendor_specific_data .= $vendor_specific_oui;
my $vendor_specific_oui_type = 1; # WPA Information Element
$vendor_specific_data .= pack ("C*", $vendor_specific_oui_type);
my $vendor_specific_wpa_version = 1;
$vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version);
# multicast
my $vendor_specific_multicast_oui = pack ("H*", "0050f2");
$vendor_specific_data .= $vendor_specific_multicast_oui;
my $vendor_specific_multicast_type = 2; # TKIP
$vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type);
# unicast
my $vendor_specific_unicast_count = 1;
$vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count);
my $vendor_specific_unicast_oui = pack ("H*", "0050f2");
$vendor_specific_data .= $vendor_specific_unicast_oui;
my $vendor_specific_unicast_type = 2; # TKIP
$vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type);
# Auth Key Management (AKM)
my $auth_key_management_count = 1;
$vendor_specific_data .= pack ("v*", $auth_key_management_count);
my $auth_key_management_oui = pack ("H*", "0050f2");
$vendor_specific_data .= $auth_key_management_oui;
my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
$vendor_specific_data .= pack ("C*", $auth_key_management_type);
$wpa_info = $vendor_specific_data;
$key_data = $wpa_info;
}
else
{
# rsn info
my $rsn_info = "";
my $tag_number = 48; # RSN info
$rsn_info .= pack ("C*", $tag_number);
my $tag_len = 20; # length of the remaining "tag_data"
$rsn_info .= pack ("C*", $tag_len);
my $rsn_version = 1;
$rsn_info .= pack ("v*", $rsn_version);
# group cipher suite
my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
$rsn_info .= $group_cipher_suite_oui;
my $group_cipher_suite_type = 4; # AES (CCM)
$rsn_info .= pack ("C*", $group_cipher_suite_type);
# pairwise cipher suite
my $pairwise_cipher_suite_count = 1;
$rsn_info .= pack ("v*", $pairwise_cipher_suite_count);
my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
$rsn_info .= $pairwise_cipher_suite_oui;
my $pairwise_cipher_suite_type = 4; # AES (CCM)
$rsn_info .= pack ("C*", $pairwise_cipher_suite_type);
# Auth Key Management (AKM)
my $auth_key_management_count = 1;
$rsn_info .= pack ("v*", $auth_key_management_count);
my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021
$rsn_info .= $auth_key_management_oui;
my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
$rsn_info .= pack ("C*", $auth_key_management_type);
# RSN Capabilities
# bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required,
# RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities
my $rsn_capabilities = pack ("H*", "0000");
$rsn_info .= $rsn_capabilities;
$key_data = $rsn_info;
}
$ret .= $key_data;
return $ret;
}
sub wpa_prf_512
{
my $keyver = shift;
my $pmk = shift;
my $macsta = shift;
my $macap = shift;
my $snonce = shift;
my $anonce = shift;
my $data = "Pairwise key expansion";
if (($keyver == 1) || ($keyver == 2))
{
$data .= "\x00";
}
#
# Min(AA, SPA) || Max(AA, SPA)
#
# compare if greater: Min()/Max() on the MACs (6 bytes)
if (memcmp ($macsta, $macap, 6) < 0)
{
$data .= $macsta;
$data .= $macap;
}
else
{
$data .= $macap;
$data .= $macsta;
}
#
# Min(ANonce,SNonce) || Max(ANonce,SNonce)
#
# compare if greater: Min()/Max() on the nonces (32 bytes)
if (memcmp ($snonce, $anonce, 32) < 0)
{
$data .= $snonce;
$data .= $anonce;
}
else
{
$data .= $anonce;
$data .= $snonce;
}
my $prf_buf;
if (($keyver == 1) || ($keyver == 2))
{
$data .= "\x00";
$prf_buf = hmac ($data, $pmk, \&sha1);
}
else
{
my $data3 = "\x01\x00" . $data . "\x80\x01";
$prf_buf = hmac ($data3, $pmk, \&sha256);
}
$prf_buf = substr ($prf_buf, 0, 16);
return $prf_buf;
}
sub memcmp
{
my $str1 = shift;
my $str2 = shift;
my $len = shift;
my $len_str1 = length ($str1);
my $len_str2 = length ($str2);
if (($len > $len_str1) || ($len > $len_str2))
{
print "ERROR: memcmp () lengths wrong";
exit (1);
}
for (my $i = 0; $i < $len; $i++)
{
my $c_1 = ord (substr ($str1, $i, 1));
my $c_2 = ord (substr ($str2, $i, 1));
return -1 if ($c_1 < $c_2);
return 1 if ($c_1 > $c_2);
}
return 0;
}
1;