diff --git a/OpenCL/inc_types.cl b/OpenCL/inc_types.cl index 84a81bb61..46819ad64 100644 --- a/OpenCL/inc_types.cl +++ b/OpenCL/inc_types.cl @@ -1063,6 +1063,20 @@ typedef struct } dpapimk_t; +typedef struct ethereum_pbkdf2 +{ + u32 salt_buf[16]; + u32 ciphertext[8]; + +} ethereum_pbkdf2_t; + +typedef struct ethereum_scrypt +{ + u32 salt_buf[16]; + u32 ciphertext[8]; + +} ethereum_scrypt_t; + typedef struct { u32 digest[4]; diff --git a/OpenCL/m15600.cl b/OpenCL/m15600.cl new file mode 100644 index 000000000..458922554 --- /dev/null +++ b/OpenCL/m15600.cl @@ -0,0 +1,848 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#include "inc_vendor.cl" +#include "inc_hash_constants.h" +#include "inc_hash_functions.cl" +#include "inc_types.cl" +#include "inc_common.cl" +#include "inc_simd.cl" + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +__constant u64a keccakf_rndc[24] = +{ + 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, + 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, + 0x8000000080008081, 0x8000000000008009, 0x000000000000008a, + 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, + 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, + 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, + 0x000000000000800a, 0x800000008000000a, 0x8000000080008081, + 0x8000000000008080, 0x0000000080000001, 0x8000000080008008 +}; + +#ifndef KECCAK_ROUNDS +#define KECCAK_ROUNDS 24 +#endif + +#define Theta1(s) (st[0 + s] ^ st[5 + s] ^ st[10 + s] ^ st[15 + s] ^ st[20 + s]) + +#define Theta2(s) \ +{ \ + st[ 0 + s] ^= t; \ + st[ 5 + s] ^= t; \ + st[10 + s] ^= t; \ + st[15 + s] ^= t; \ + st[20 + s] ^= t; \ +} + +#define Rho_Pi(s) \ +{ \ + u32 j = keccakf_piln[s]; \ + u32 k = keccakf_rotc[s]; \ + bc0 = st[j]; \ + st[j] = rotl64_S (t, k); \ + t = bc0; \ +} + +#define Chi(s) \ +{ \ + bc0 = st[0 + s]; \ + bc1 = st[1 + s]; \ + bc2 = st[2 + s]; \ + bc3 = st[3 + s]; \ + bc4 = st[4 + s]; \ + st[0 + s] ^= ~bc1 & bc2; \ + st[1 + s] ^= ~bc2 & bc3; \ + st[2 + s] ^= ~bc3 & bc4; \ + st[3 + s] ^= ~bc4 & bc0; \ + st[4 + s] ^= ~bc0 & bc1; \ +} + +__constant u32a k_sha256[64] = +{ + SHA256C00, SHA256C01, SHA256C02, SHA256C03, + SHA256C04, SHA256C05, SHA256C06, SHA256C07, + SHA256C08, SHA256C09, SHA256C0a, SHA256C0b, + SHA256C0c, SHA256C0d, SHA256C0e, SHA256C0f, + SHA256C10, SHA256C11, SHA256C12, SHA256C13, + SHA256C14, SHA256C15, SHA256C16, SHA256C17, + SHA256C18, SHA256C19, SHA256C1a, SHA256C1b, + SHA256C1c, SHA256C1d, SHA256C1e, SHA256C1f, + SHA256C20, SHA256C21, SHA256C22, SHA256C23, + SHA256C24, SHA256C25, SHA256C26, SHA256C27, + SHA256C28, SHA256C29, SHA256C2a, SHA256C2b, + SHA256C2c, SHA256C2d, SHA256C2e, SHA256C2f, + SHA256C30, SHA256C31, SHA256C32, SHA256C33, + SHA256C34, SHA256C35, SHA256C36, SHA256C37, + SHA256C38, SHA256C39, SHA256C3a, SHA256C3b, + SHA256C3c, SHA256C3d, SHA256C3e, SHA256C3f, +}; + +void keccak_transform_S (u64 st[25]) +{ + const u8 keccakf_rotc[24] = + { + 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, + 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44 + }; + + const u8 keccakf_piln[24] = + { + 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, + 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 + }; + + /** + * Keccak + */ + + int round; + + for (round = 0; round < KECCAK_ROUNDS; round++) + { + // Theta + + u64 bc0 = Theta1 (0); + u64 bc1 = Theta1 (1); + u64 bc2 = Theta1 (2); + u64 bc3 = Theta1 (3); + u64 bc4 = Theta1 (4); + + u64 t; + + t = bc4 ^ rotl64_S (bc1, 1); Theta2 (0); + t = bc0 ^ rotl64_S (bc2, 1); Theta2 (1); + t = bc1 ^ rotl64_S (bc3, 1); Theta2 (2); + t = bc2 ^ rotl64_S (bc4, 1); Theta2 (3); + t = bc3 ^ rotl64_S (bc0, 1); Theta2 (4); + + // Rho Pi + + t = st[1]; + + Rho_Pi (0); + Rho_Pi (1); + Rho_Pi (2); + Rho_Pi (3); + Rho_Pi (4); + Rho_Pi (5); + Rho_Pi (6); + Rho_Pi (7); + Rho_Pi (8); + Rho_Pi (9); + Rho_Pi (10); + Rho_Pi (11); + Rho_Pi (12); + Rho_Pi (13); + Rho_Pi (14); + Rho_Pi (15); + Rho_Pi (16); + Rho_Pi (17); + Rho_Pi (18); + Rho_Pi (19); + Rho_Pi (20); + Rho_Pi (21); + Rho_Pi (22); + Rho_Pi (23); + + // Chi + + Chi (0); + Chi (5); + Chi (10); + Chi (15); + Chi (20); + + // Iota + + st[0] ^= keccakf_rndc[round]; + } +} + +void sha256_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[8]) +{ + u32 a = digest[0]; + u32 b = digest[1]; + u32 c = digest[2]; + u32 d = digest[3]; + u32 e = digest[4]; + u32 f = digest[5]; + u32 g = digest[6]; + u32 h = digest[7]; + + u32 w0_t = w0[0]; + u32 w1_t = w0[1]; + u32 w2_t = w0[2]; + u32 w3_t = w0[3]; + u32 w4_t = w1[0]; + u32 w5_t = w1[1]; + u32 w6_t = w1[2]; + u32 w7_t = w1[3]; + u32 w8_t = w2[0]; + u32 w9_t = w2[1]; + u32 wa_t = w2[2]; + u32 wb_t = w2[3]; + u32 wc_t = w3[0]; + u32 wd_t = w3[1]; + u32 we_t = w3[2]; + u32 wf_t = w3[3]; + + #define ROUND_EXPAND_S() \ + { \ + w0_t = SHA256_EXPAND_S (we_t, w9_t, w1_t, w0_t); \ + w1_t = SHA256_EXPAND_S (wf_t, wa_t, w2_t, w1_t); \ + w2_t = SHA256_EXPAND_S (w0_t, wb_t, w3_t, w2_t); \ + w3_t = SHA256_EXPAND_S (w1_t, wc_t, w4_t, w3_t); \ + w4_t = SHA256_EXPAND_S (w2_t, wd_t, w5_t, w4_t); \ + w5_t = SHA256_EXPAND_S (w3_t, we_t, w6_t, w5_t); \ + w6_t = SHA256_EXPAND_S (w4_t, wf_t, w7_t, w6_t); \ + w7_t = SHA256_EXPAND_S (w5_t, w0_t, w8_t, w7_t); \ + w8_t = SHA256_EXPAND_S (w6_t, w1_t, w9_t, w8_t); \ + w9_t = SHA256_EXPAND_S (w7_t, w2_t, wa_t, w9_t); \ + wa_t = SHA256_EXPAND_S (w8_t, w3_t, wb_t, wa_t); \ + wb_t = SHA256_EXPAND_S (w9_t, w4_t, wc_t, wb_t); \ + wc_t = SHA256_EXPAND_S (wa_t, w5_t, wd_t, wc_t); \ + wd_t = SHA256_EXPAND_S (wb_t, w6_t, we_t, wd_t); \ + we_t = SHA256_EXPAND_S (wc_t, w7_t, wf_t, we_t); \ + wf_t = SHA256_EXPAND_S (wd_t, w8_t, w0_t, wf_t); \ + } + + #define ROUND_STEP_S(i) \ + { \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \ + SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \ + } + + ROUND_STEP_S (0); + + #ifdef _unroll + #pragma unroll + #endif + for (int i = 16; i < 64; i += 16) + { + ROUND_EXPAND_S (); ROUND_STEP_S (i); + } + + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; + digest[5] += f; + digest[6] += g; + digest[7] += h; +} + +void hmac_sha256_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8]) +{ + w0[0] = w0[0] ^ 0x36363636; + w0[1] = w0[1] ^ 0x36363636; + w0[2] = w0[2] ^ 0x36363636; + w0[3] = w0[3] ^ 0x36363636; + w1[0] = w1[0] ^ 0x36363636; + w1[1] = w1[1] ^ 0x36363636; + w1[2] = w1[2] ^ 0x36363636; + w1[3] = w1[3] ^ 0x36363636; + w2[0] = w2[0] ^ 0x36363636; + w2[1] = w2[1] ^ 0x36363636; + w2[2] = w2[2] ^ 0x36363636; + w2[3] = w2[3] ^ 0x36363636; + w3[0] = w3[0] ^ 0x36363636; + w3[1] = w3[1] ^ 0x36363636; + w3[2] = w3[2] ^ 0x36363636; + w3[3] = w3[3] ^ 0x36363636; + + ipad[0] = SHA256M_A; + ipad[1] = SHA256M_B; + ipad[2] = SHA256M_C; + ipad[3] = SHA256M_D; + ipad[4] = SHA256M_E; + ipad[5] = SHA256M_F; + ipad[6] = SHA256M_G; + ipad[7] = SHA256M_H; + + sha256_transform_S (w0, w1, w2, w3, ipad); + + w0[0] = w0[0] ^ 0x6a6a6a6a; + w0[1] = w0[1] ^ 0x6a6a6a6a; + w0[2] = w0[2] ^ 0x6a6a6a6a; + w0[3] = w0[3] ^ 0x6a6a6a6a; + w1[0] = w1[0] ^ 0x6a6a6a6a; + w1[1] = w1[1] ^ 0x6a6a6a6a; + w1[2] = w1[2] ^ 0x6a6a6a6a; + w1[3] = w1[3] ^ 0x6a6a6a6a; + w2[0] = w2[0] ^ 0x6a6a6a6a; + w2[1] = w2[1] ^ 0x6a6a6a6a; + w2[2] = w2[2] ^ 0x6a6a6a6a; + w2[3] = w2[3] ^ 0x6a6a6a6a; + w3[0] = w3[0] ^ 0x6a6a6a6a; + w3[1] = w3[1] ^ 0x6a6a6a6a; + w3[2] = w3[2] ^ 0x6a6a6a6a; + w3[3] = w3[3] ^ 0x6a6a6a6a; + + opad[0] = SHA256M_A; + opad[1] = SHA256M_B; + opad[2] = SHA256M_C; + opad[3] = SHA256M_D; + opad[4] = SHA256M_E; + opad[5] = SHA256M_F; + opad[6] = SHA256M_G; + opad[7] = SHA256M_H; + + sha256_transform_S (w0, w1, w2, w3, opad); +} + +void hmac_sha256_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8], u32 digest[8]) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha256_transform_S (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha256_transform_S (w0, w1, w2, w3, digest); +} + +void sha256_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[8]) +{ + u32x a = digest[0]; + u32x b = digest[1]; + u32x c = digest[2]; + u32x d = digest[3]; + u32x e = digest[4]; + u32x f = digest[5]; + u32x g = digest[6]; + u32x h = digest[7]; + + u32x w0_t = w0[0]; + u32x w1_t = w0[1]; + u32x w2_t = w0[2]; + u32x w3_t = w0[3]; + u32x w4_t = w1[0]; + u32x w5_t = w1[1]; + u32x w6_t = w1[2]; + u32x w7_t = w1[3]; + u32x w8_t = w2[0]; + u32x w9_t = w2[1]; + u32x wa_t = w2[2]; + u32x wb_t = w2[3]; + u32x wc_t = w3[0]; + u32x wd_t = w3[1]; + u32x we_t = w3[2]; + u32x wf_t = w3[3]; + + #define ROUND_EXPAND() \ + { \ + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); \ + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); \ + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); \ + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); \ + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); \ + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); \ + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); \ + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); \ + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); \ + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); \ + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); \ + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); \ + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); \ + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); \ + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); \ + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); \ + } + + #define ROUND_STEP(i) \ + { \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \ + } + + ROUND_STEP (0); + + #ifdef _unroll + #pragma unroll + #endif + for (int i = 16; i < 64; i += 16) + { + ROUND_EXPAND (); ROUND_STEP (i); + } + + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; + digest[5] += f; + digest[6] += g; + digest[7] += h; +} + +void hmac_sha256_pad_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[8], u32x opad[8]) +{ + w0[0] = w0[0] ^ 0x36363636; + w0[1] = w0[1] ^ 0x36363636; + w0[2] = w0[2] ^ 0x36363636; + w0[3] = w0[3] ^ 0x36363636; + w1[0] = w1[0] ^ 0x36363636; + w1[1] = w1[1] ^ 0x36363636; + w1[2] = w1[2] ^ 0x36363636; + w1[3] = w1[3] ^ 0x36363636; + w2[0] = w2[0] ^ 0x36363636; + w2[1] = w2[1] ^ 0x36363636; + w2[2] = w2[2] ^ 0x36363636; + w2[3] = w2[3] ^ 0x36363636; + w3[0] = w3[0] ^ 0x36363636; + w3[1] = w3[1] ^ 0x36363636; + w3[2] = w3[2] ^ 0x36363636; + w3[3] = w3[3] ^ 0x36363636; + + ipad[0] = SHA256M_A; + ipad[1] = SHA256M_B; + ipad[2] = SHA256M_C; + ipad[3] = SHA256M_D; + ipad[4] = SHA256M_E; + ipad[5] = SHA256M_F; + ipad[6] = SHA256M_G; + ipad[7] = SHA256M_H; + + sha256_transform_V (w0, w1, w2, w3, ipad); + + w0[0] = w0[0] ^ 0x6a6a6a6a; + w0[1] = w0[1] ^ 0x6a6a6a6a; + w0[2] = w0[2] ^ 0x6a6a6a6a; + w0[3] = w0[3] ^ 0x6a6a6a6a; + w1[0] = w1[0] ^ 0x6a6a6a6a; + w1[1] = w1[1] ^ 0x6a6a6a6a; + w1[2] = w1[2] ^ 0x6a6a6a6a; + w1[3] = w1[3] ^ 0x6a6a6a6a; + w2[0] = w2[0] ^ 0x6a6a6a6a; + w2[1] = w2[1] ^ 0x6a6a6a6a; + w2[2] = w2[2] ^ 0x6a6a6a6a; + w2[3] = w2[3] ^ 0x6a6a6a6a; + w3[0] = w3[0] ^ 0x6a6a6a6a; + w3[1] = w3[1] ^ 0x6a6a6a6a; + w3[2] = w3[2] ^ 0x6a6a6a6a; + w3[3] = w3[3] ^ 0x6a6a6a6a; + + opad[0] = SHA256M_A; + opad[1] = SHA256M_B; + opad[2] = SHA256M_C; + opad[3] = SHA256M_D; + opad[4] = SHA256M_E; + opad[5] = SHA256M_F; + opad[6] = SHA256M_G; + opad[7] = SHA256M_H; + + sha256_transform_V (w0, w1, w2, w3, opad); +} + +void hmac_sha256_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[8], u32x opad[8], u32x digest[8]) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha256_transform_V (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha256_transform_V (w0, w1, w2, w3, digest); +} + +__kernel void m15600_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global pbkdf2_sha256_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ethereum_pbkdf2_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + /** + * base + */ + + const u32 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = swap32_S (pws[gid].i[ 0]); + w0[1] = swap32_S (pws[gid].i[ 1]); + w0[2] = swap32_S (pws[gid].i[ 2]); + w0[3] = swap32_S (pws[gid].i[ 3]); + + u32 w1[4]; + + w1[0] = swap32_S (pws[gid].i[ 4]); + w1[1] = swap32_S (pws[gid].i[ 5]); + w1[2] = swap32_S (pws[gid].i[ 6]); + w1[3] = swap32_S (pws[gid].i[ 7]); + + u32 w2[4]; + + w2[0] = swap32_S (pws[gid].i[ 8]); + w2[1] = swap32_S (pws[gid].i[ 9]); + w2[2] = swap32_S (pws[gid].i[10]); + w2[3] = swap32_S (pws[gid].i[11]); + + u32 w3[4]; + + w3[0] = swap32_S (pws[gid].i[12]); + w3[1] = swap32_S (pws[gid].i[13]); + w3[2] = swap32_S (pws[gid].i[14]); + w3[3] = swap32_S (pws[gid].i[15]); + + /** + * salt + */ + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + u32 esalt_buf0[4]; + u32 esalt_buf1[4]; + u32 esalt_buf2[4]; + u32 esalt_buf3[4]; + + esalt_buf0[0] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 0]); + esalt_buf0[1] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 1]); + esalt_buf0[2] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 2]); + esalt_buf0[3] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 3]); + esalt_buf1[0] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 4]); + esalt_buf1[1] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 5]); + esalt_buf1[2] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 6]); + esalt_buf1[3] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 7]); + esalt_buf2[0] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 8]); + esalt_buf2[1] = swap32_S (esalt_bufs[digests_offset].salt_buf[ 9]); + esalt_buf2[2] = swap32_S (esalt_bufs[digests_offset].salt_buf[10]); + esalt_buf2[3] = swap32_S (esalt_bufs[digests_offset].salt_buf[11]); + esalt_buf3[0] = swap32_S (esalt_bufs[digests_offset].salt_buf[12]); + esalt_buf3[1] = swap32_S (esalt_bufs[digests_offset].salt_buf[13]); + esalt_buf3[2] = 0; + esalt_buf3[3] = (64 + salt_len + 4) * 8; + + u32 ipad[8]; + u32 opad[8]; + + hmac_sha256_pad_S (w0, w1, w2, w3, ipad, opad); + + tmps[gid].ipad[0] = ipad[0]; + tmps[gid].ipad[1] = ipad[1]; + tmps[gid].ipad[2] = ipad[2]; + tmps[gid].ipad[3] = ipad[3]; + tmps[gid].ipad[4] = ipad[4]; + tmps[gid].ipad[5] = ipad[5]; + tmps[gid].ipad[6] = ipad[6]; + tmps[gid].ipad[7] = ipad[7]; + + tmps[gid].opad[0] = opad[0]; + tmps[gid].opad[1] = opad[1]; + tmps[gid].opad[2] = opad[2]; + tmps[gid].opad[3] = opad[3]; + tmps[gid].opad[4] = opad[4]; + tmps[gid].opad[5] = opad[5]; + tmps[gid].opad[6] = opad[6]; + tmps[gid].opad[7] = opad[7]; + + for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) + { + u32 dgst[8]; + + hmac_sha256_run_S (esalt_buf0, esalt_buf1, esalt_buf2, esalt_buf3, ipad, opad, dgst); + + tmps[gid].dgst[i + 0] = dgst[0]; + tmps[gid].dgst[i + 1] = dgst[1]; + tmps[gid].dgst[i + 2] = dgst[2]; + tmps[gid].dgst[i + 3] = dgst[3]; + tmps[gid].dgst[i + 4] = dgst[4]; + tmps[gid].dgst[i + 5] = dgst[5]; + tmps[gid].dgst[i + 6] = dgst[6]; + tmps[gid].dgst[i + 7] = dgst[7]; + + tmps[gid].out[i + 0] = dgst[0]; + tmps[gid].out[i + 1] = dgst[1]; + tmps[gid].out[i + 2] = dgst[2]; + tmps[gid].out[i + 3] = dgst[3]; + tmps[gid].out[i + 4] = dgst[4]; + tmps[gid].out[i + 5] = dgst[5]; + tmps[gid].out[i + 6] = dgst[6]; + tmps[gid].out[i + 7] = dgst[7]; + } +} + +__kernel void m15600_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global pbkdf2_sha256_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ethereum_pbkdf2_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + const u32 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + u32x ipad[8]; + u32x opad[8]; + + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); + ipad[5] = packv (tmps, ipad, gid, 5); + ipad[6] = packv (tmps, ipad, gid, 6); + ipad[7] = packv (tmps, ipad, gid, 7); + + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); + opad[5] = packv (tmps, opad, gid, 5); + opad[6] = packv (tmps, opad, gid, 6); + opad[7] = packv (tmps, opad, gid, 7); + + for (u32 i = 0; i < 8; i += 8) + { + u32x dgst[8]; + u32x out[8]; + + dgst[0] = packv (tmps, dgst, gid, 0); + dgst[1] = packv (tmps, dgst, gid, 1); + dgst[2] = packv (tmps, dgst, gid, 2); + dgst[3] = packv (tmps, dgst, gid, 3); + dgst[4] = packv (tmps, dgst, gid, 4); + dgst[5] = packv (tmps, dgst, gid, 5); + dgst[6] = packv (tmps, dgst, gid, 6); + dgst[7] = packv (tmps, dgst, gid, 7); + + out[0] = packv (tmps, out, gid, 0); + out[1] = packv (tmps, out, gid, 1); + out[2] = packv (tmps, out, gid, 2); + out[3] = packv (tmps, out, gid, 3); + out[4] = packv (tmps, out, gid, 4); + out[5] = packv (tmps, out, gid, 5); + out[6] = packv (tmps, out, gid, 6); + out[7] = packv (tmps, out, gid, 7); + + for (u32 j = 0; j < loop_cnt; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = dgst[0]; + w0[1] = dgst[1]; + w0[2] = dgst[2]; + w0[3] = dgst[3]; + w1[0] = dgst[4]; + w1[1] = dgst[5]; + w1[2] = dgst[6]; + w1[3] = dgst[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; + } + + unpackv (tmps, dgst, gid, 0, dgst[0]); + unpackv (tmps, dgst, gid, 1, dgst[1]); + unpackv (tmps, dgst, gid, 2, dgst[2]); + unpackv (tmps, dgst, gid, 3, dgst[3]); + unpackv (tmps, dgst, gid, 4, dgst[4]); + unpackv (tmps, dgst, gid, 5, dgst[5]); + unpackv (tmps, dgst, gid, 6, dgst[6]); + unpackv (tmps, dgst, gid, 7, dgst[7]); + + unpackv (tmps, out, gid, 0, out[0]); + unpackv (tmps, out, gid, 1, out[1]); + unpackv (tmps, out, gid, 2, out[2]); + unpackv (tmps, out, gid, 3, out[3]); + unpackv (tmps, out, gid, 4, out[4]); + unpackv (tmps, out, gid, 5, out[5]); + unpackv (tmps, out, gid, 6, out[6]); + unpackv (tmps, out, gid, 7, out[7]); + } +} + +__kernel void m15600_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global pbkdf2_sha256_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ethereum_pbkdf2_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + /** + * base + */ + + const u32 gid = get_global_id (0); + + if (gid >= gid_max) return; + + const u32 lid = get_local_id (0); + + /** + * keccak + */ + + u32 ciphertext[8]; + + ciphertext[0] = esalt_bufs[digests_offset].ciphertext[0]; + ciphertext[1] = esalt_bufs[digests_offset].ciphertext[1]; + ciphertext[2] = esalt_bufs[digests_offset].ciphertext[2]; + ciphertext[3] = esalt_bufs[digests_offset].ciphertext[3]; + ciphertext[4] = esalt_bufs[digests_offset].ciphertext[4]; + ciphertext[5] = esalt_bufs[digests_offset].ciphertext[5]; + ciphertext[6] = esalt_bufs[digests_offset].ciphertext[6]; + ciphertext[7] = esalt_bufs[digests_offset].ciphertext[7]; + + u32 key[4]; + + key[0] = swap32_S (tmps[gid].out[4]); + key[1] = swap32_S (tmps[gid].out[5]); + key[2] = swap32_S (tmps[gid].out[6]); + key[3] = swap32_S (tmps[gid].out[7]); + + u64 st[25]; + + st[ 0] = hl32_to_64_S (key[1], key[0]); + st[ 1] = hl32_to_64_S (key[3], key[2]); + st[ 2] = hl32_to_64_S (ciphertext[1], ciphertext[0]); + st[ 3] = hl32_to_64_S (ciphertext[3], ciphertext[2]); + st[ 4] = hl32_to_64_S (ciphertext[5], ciphertext[4]); + st[ 5] = hl32_to_64_S (ciphertext[7], ciphertext[6]); + st[ 6] = 0x01; + st[ 7] = 0; + st[ 8] = 0; + st[ 9] = 0; + st[10] = 0; + st[11] = 0; + st[12] = 0; + st[13] = 0; + st[14] = 0; + st[15] = 0; + st[16] = 0; + st[17] = 0; + st[18] = 0; + st[19] = 0; + st[20] = 0; + st[21] = 0; + st[22] = 0; + st[23] = 0; + st[24] = 0; + + const u32 mdlen = 32; + + const u32 rsiz = 200 - (2 * mdlen); + + const u32 add80w = (rsiz - 1) / 8; + + st[add80w] |= 0x8000000000000000; + + keccak_transform_S (st); + + const u32 r0 = l32_from_64_S (st[0]); + const u32 r1 = h32_from_64_S (st[0]); + const u32 r2 = l32_from_64_S (st[1]); + const u32 r3 = h32_from_64_S (st[1]); + + #define il_pos 0 + + #include COMPARE_M +} diff --git a/OpenCL/m15700.cl b/OpenCL/m15700.cl new file mode 100644 index 000000000..73999518d --- /dev/null +++ b/OpenCL/m15700.cl @@ -0,0 +1,1247 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "inc_vendor.cl" +#include "inc_hash_constants.h" +#include "inc_hash_functions.cl" +#include "inc_types.cl" +#include "inc_common.cl" + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +__constant u64a keccakf_rndc[24] = +{ + 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, + 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, + 0x8000000080008081, 0x8000000000008009, 0x000000000000008a, + 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, + 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, + 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, + 0x000000000000800a, 0x800000008000000a, 0x8000000080008081, + 0x8000000000008080, 0x0000000080000001, 0x8000000080008008 +}; + +#ifndef KECCAK_ROUNDS +#define KECCAK_ROUNDS 24 +#endif + +#define Theta1(s) (st[0 + s] ^ st[5 + s] ^ st[10 + s] ^ st[15 + s] ^ st[20 + s]) + +#define Theta2(s) \ +{ \ + st[ 0 + s] ^= t; \ + st[ 5 + s] ^= t; \ + st[10 + s] ^= t; \ + st[15 + s] ^= t; \ + st[20 + s] ^= t; \ +} + +#define Rho_Pi(s) \ +{ \ + u32 j = keccakf_piln[s]; \ + u32 k = keccakf_rotc[s]; \ + bc0 = st[j]; \ + st[j] = rotl64_S (t, k); \ + t = bc0; \ +} + +#define Chi(s) \ +{ \ + bc0 = st[0 + s]; \ + bc1 = st[1 + s]; \ + bc2 = st[2 + s]; \ + bc3 = st[3 + s]; \ + bc4 = st[4 + s]; \ + st[0 + s] ^= ~bc1 & bc2; \ + st[1 + s] ^= ~bc2 & bc3; \ + st[2 + s] ^= ~bc3 & bc4; \ + st[3 + s] ^= ~bc4 & bc0; \ + st[4 + s] ^= ~bc0 & bc1; \ +} + +__constant u32a k_sha256[64] = +{ + SHA256C00, SHA256C01, SHA256C02, SHA256C03, + SHA256C04, SHA256C05, SHA256C06, SHA256C07, + SHA256C08, SHA256C09, SHA256C0a, SHA256C0b, + SHA256C0c, SHA256C0d, SHA256C0e, SHA256C0f, + SHA256C10, SHA256C11, SHA256C12, SHA256C13, + SHA256C14, SHA256C15, SHA256C16, SHA256C17, + SHA256C18, SHA256C19, SHA256C1a, SHA256C1b, + SHA256C1c, SHA256C1d, SHA256C1e, SHA256C1f, + SHA256C20, SHA256C21, SHA256C22, SHA256C23, + SHA256C24, SHA256C25, SHA256C26, SHA256C27, + SHA256C28, SHA256C29, SHA256C2a, SHA256C2b, + SHA256C2c, SHA256C2d, SHA256C2e, SHA256C2f, + SHA256C30, SHA256C31, SHA256C32, SHA256C33, + SHA256C34, SHA256C35, SHA256C36, SHA256C37, + SHA256C38, SHA256C39, SHA256C3a, SHA256C3b, + SHA256C3c, SHA256C3d, SHA256C3e, SHA256C3f, +}; + +void keccak_transform_S (u64 st[25]) +{ + const u8 keccakf_rotc[24] = + { + 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, + 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44 + }; + + const u8 keccakf_piln[24] = + { + 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, + 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 + }; + + /** + * Keccak + */ + + int round; + + for (round = 0; round < KECCAK_ROUNDS; round++) + { + // Theta + + u64 bc0 = Theta1 (0); + u64 bc1 = Theta1 (1); + u64 bc2 = Theta1 (2); + u64 bc3 = Theta1 (3); + u64 bc4 = Theta1 (4); + + u64 t; + + t = bc4 ^ rotl64_S (bc1, 1); Theta2 (0); + t = bc0 ^ rotl64_S (bc2, 1); Theta2 (1); + t = bc1 ^ rotl64_S (bc3, 1); Theta2 (2); + t = bc2 ^ rotl64_S (bc4, 1); Theta2 (3); + t = bc3 ^ rotl64_S (bc0, 1); Theta2 (4); + + // Rho Pi + + t = st[1]; + + Rho_Pi (0); + Rho_Pi (1); + Rho_Pi (2); + Rho_Pi (3); + Rho_Pi (4); + Rho_Pi (5); + Rho_Pi (6); + Rho_Pi (7); + Rho_Pi (8); + Rho_Pi (9); + Rho_Pi (10); + Rho_Pi (11); + Rho_Pi (12); + Rho_Pi (13); + Rho_Pi (14); + Rho_Pi (15); + Rho_Pi (16); + Rho_Pi (17); + Rho_Pi (18); + Rho_Pi (19); + Rho_Pi (20); + Rho_Pi (21); + Rho_Pi (22); + Rho_Pi (23); + + // Chi + + Chi (0); + Chi (5); + Chi (10); + Chi (15); + Chi (20); + + // Iota + + st[0] ^= keccakf_rndc[round]; + } +} + +void sha256_transform (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[8]) +{ + u32 a = digest[0]; + u32 b = digest[1]; + u32 c = digest[2]; + u32 d = digest[3]; + u32 e = digest[4]; + u32 f = digest[5]; + u32 g = digest[6]; + u32 h = digest[7]; + + u32 w0_t = w0[0]; + u32 w1_t = w0[1]; + u32 w2_t = w0[2]; + u32 w3_t = w0[3]; + u32 w4_t = w1[0]; + u32 w5_t = w1[1]; + u32 w6_t = w1[2]; + u32 w7_t = w1[3]; + u32 w8_t = w2[0]; + u32 w9_t = w2[1]; + u32 wa_t = w2[2]; + u32 wb_t = w2[3]; + u32 wc_t = w3[0]; + u32 wd_t = w3[1]; + u32 we_t = w3[2]; + u32 wf_t = w3[3]; + + #define ROUND_EXPAND() \ + { \ + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); \ + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); \ + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); \ + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); \ + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); \ + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); \ + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); \ + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); \ + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); \ + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); \ + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); \ + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); \ + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); \ + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); \ + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); \ + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); \ + } + + #define ROUND_STEP(i) \ + { \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \ + } + + ROUND_STEP (0); + + #ifdef _unroll + #pragma unroll + #endif + for (int i = 16; i < 64; i += 16) + { + ROUND_EXPAND (); ROUND_STEP (i); + } + + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; + digest[5] += f; + digest[6] += g; + digest[7] += h; +} + +void hmac_sha256_pad (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8]) +{ + w0[0] = w0[0] ^ 0x36363636; + w0[1] = w0[1] ^ 0x36363636; + w0[2] = w0[2] ^ 0x36363636; + w0[3] = w0[3] ^ 0x36363636; + w1[0] = w1[0] ^ 0x36363636; + w1[1] = w1[1] ^ 0x36363636; + w1[2] = w1[2] ^ 0x36363636; + w1[3] = w1[3] ^ 0x36363636; + w2[0] = w2[0] ^ 0x36363636; + w2[1] = w2[1] ^ 0x36363636; + w2[2] = w2[2] ^ 0x36363636; + w2[3] = w2[3] ^ 0x36363636; + w3[0] = w3[0] ^ 0x36363636; + w3[1] = w3[1] ^ 0x36363636; + w3[2] = w3[2] ^ 0x36363636; + w3[3] = w3[3] ^ 0x36363636; + + ipad[0] = SHA256M_A; + ipad[1] = SHA256M_B; + ipad[2] = SHA256M_C; + ipad[3] = SHA256M_D; + ipad[4] = SHA256M_E; + ipad[5] = SHA256M_F; + ipad[6] = SHA256M_G; + ipad[7] = SHA256M_H; + + sha256_transform (w0, w1, w2, w3, ipad); + + w0[0] = w0[0] ^ 0x6a6a6a6a; + w0[1] = w0[1] ^ 0x6a6a6a6a; + w0[2] = w0[2] ^ 0x6a6a6a6a; + w0[3] = w0[3] ^ 0x6a6a6a6a; + w1[0] = w1[0] ^ 0x6a6a6a6a; + w1[1] = w1[1] ^ 0x6a6a6a6a; + w1[2] = w1[2] ^ 0x6a6a6a6a; + w1[3] = w1[3] ^ 0x6a6a6a6a; + w2[0] = w2[0] ^ 0x6a6a6a6a; + w2[1] = w2[1] ^ 0x6a6a6a6a; + w2[2] = w2[2] ^ 0x6a6a6a6a; + w2[3] = w2[3] ^ 0x6a6a6a6a; + w3[0] = w3[0] ^ 0x6a6a6a6a; + w3[1] = w3[1] ^ 0x6a6a6a6a; + w3[2] = w3[2] ^ 0x6a6a6a6a; + w3[3] = w3[3] ^ 0x6a6a6a6a; + + opad[0] = SHA256M_A; + opad[1] = SHA256M_B; + opad[2] = SHA256M_C; + opad[3] = SHA256M_D; + opad[4] = SHA256M_E; + opad[5] = SHA256M_F; + opad[6] = SHA256M_G; + opad[7] = SHA256M_H; + + sha256_transform (w0, w1, w2, w3, opad); +} + +void hmac_sha256_run (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8], u32 digest[8]) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha256_transform (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha256_transform (w0, w1, w2, w3, digest); +} + +void memcat8 (u32 block0[4], u32 block1[4], u32 block2[4], u32 block3[4], const u32 block_len, const u32 append[2]) +{ + switch (block_len) + { + case 0: + block0[0] = append[0]; + block0[1] = append[1]; + break; + + case 1: + block0[0] = block0[0] | append[0] << 8; + block0[1] = append[0] >> 24 | append[1] << 8; + block0[2] = append[1] >> 24; + break; + + case 2: + block0[0] = block0[0] | append[0] << 16; + block0[1] = append[0] >> 16 | append[1] << 16; + block0[2] = append[1] >> 16; + break; + + case 3: + block0[0] = block0[0] | append[0] << 24; + block0[1] = append[0] >> 8 | append[1] << 24; + block0[2] = append[1] >> 8; + break; + + case 4: + block0[1] = append[0]; + block0[2] = append[1]; + break; + + case 5: + block0[1] = block0[1] | append[0] << 8; + block0[2] = append[0] >> 24 | append[1] << 8; + block0[3] = append[1] >> 24; + break; + + case 6: + block0[1] = block0[1] | append[0] << 16; + block0[2] = append[0] >> 16 | append[1] << 16; + block0[3] = append[1] >> 16; + break; + + case 7: + block0[1] = block0[1] | append[0] << 24; + block0[2] = append[0] >> 8 | append[1] << 24; + block0[3] = append[1] >> 8; + break; + + case 8: + block0[2] = append[0]; + block0[3] = append[1]; + break; + + case 9: + block0[2] = block0[2] | append[0] << 8; + block0[3] = append[0] >> 24 | append[1] << 8; + block1[0] = append[1] >> 24; + break; + + case 10: + block0[2] = block0[2] | append[0] << 16; + block0[3] = append[0] >> 16 | append[1] << 16; + block1[0] = append[1] >> 16; + break; + + case 11: + block0[2] = block0[2] | append[0] << 24; + block0[3] = append[0] >> 8 | append[1] << 24; + block1[0] = append[1] >> 8; + break; + + case 12: + block0[3] = append[0]; + block1[0] = append[1]; + break; + + case 13: + block0[3] = block0[3] | append[0] << 8; + block1[0] = append[0] >> 24 | append[1] << 8; + block1[1] = append[1] >> 24; + break; + + case 14: + block0[3] = block0[3] | append[0] << 16; + block1[0] = append[0] >> 16 | append[1] << 16; + block1[1] = append[1] >> 16; + break; + + case 15: + block0[3] = block0[3] | append[0] << 24; + block1[0] = append[0] >> 8 | append[1] << 24; + block1[1] = append[1] >> 8; + break; + + case 16: + block1[0] = append[0]; + block1[1] = append[1]; + break; + + case 17: + block1[0] = block1[0] | append[0] << 8; + block1[1] = append[0] >> 24 | append[1] << 8; + block1[2] = append[1] >> 24; + break; + + case 18: + block1[0] = block1[0] | append[0] << 16; + block1[1] = append[0] >> 16 | append[1] << 16; + block1[2] = append[1] >> 16; + break; + + case 19: + block1[0] = block1[0] | append[0] << 24; + block1[1] = append[0] >> 8 | append[1] << 24; + block1[2] = append[1] >> 8; + break; + + case 20: + block1[1] = append[0]; + block1[2] = append[1]; + break; + + case 21: + block1[1] = block1[1] | append[0] << 8; + block1[2] = append[0] >> 24 | append[1] << 8; + block1[3] = append[1] >> 24; + break; + + case 22: + block1[1] = block1[1] | append[0] << 16; + block1[2] = append[0] >> 16 | append[1] << 16; + block1[3] = append[1] >> 16; + break; + + case 23: + block1[1] = block1[1] | append[0] << 24; + block1[2] = append[0] >> 8 | append[1] << 24; + block1[3] = append[1] >> 8; + break; + + case 24: + block1[2] = append[0]; + block1[3] = append[1]; + break; + + case 25: + block1[2] = block1[2] | append[0] << 8; + block1[3] = append[0] >> 24 | append[1] << 8; + block2[0] = append[1] >> 24; + break; + + case 26: + block1[2] = block1[2] | append[0] << 16; + block1[3] = append[0] >> 16 | append[1] << 16; + block2[0] = append[1] >> 16; + break; + + case 27: + block1[2] = block1[2] | append[0] << 24; + block1[3] = append[0] >> 8 | append[1] << 24; + block2[0] = append[1] >> 8; + break; + + case 28: + block1[3] = append[0]; + block2[0] = append[1]; + break; + + case 29: + block1[3] = block1[3] | append[0] << 8; + block2[0] = append[0] >> 24 | append[1] << 8; + block2[1] = append[1] >> 24; + break; + + case 30: + block1[3] = block1[3] | append[0] << 16; + block2[0] = append[0] >> 16 | append[1] << 16; + block2[1] = append[1] >> 16; + break; + + case 31: + block1[3] = block1[3] | append[0] << 24; + block2[0] = append[0] >> 8 | append[1] << 24; + block2[1] = append[1] >> 8; + break; + + case 32: + block2[0] = append[0]; + block2[1] = append[1]; + break; + + case 33: + block2[0] = block2[0] | append[0] << 8; + block2[1] = append[0] >> 24 | append[1] << 8; + block2[2] = append[1] >> 24; + break; + + case 34: + block2[0] = block2[0] | append[0] << 16; + block2[1] = append[0] >> 16 | append[1] << 16; + block2[2] = append[1] >> 16; + break; + + case 35: + block2[0] = block2[0] | append[0] << 24; + block2[1] = append[0] >> 8 | append[1] << 24; + block2[2] = append[1] >> 8; + break; + + case 36: + block2[1] = append[0]; + block2[2] = append[1]; + break; + + case 37: + block2[1] = block2[1] | append[0] << 8; + block2[2] = append[0] >> 24 | append[1] << 8; + block2[3] = append[1] >> 24; + break; + + case 38: + block2[1] = block2[1] | append[0] << 16; + block2[2] = append[0] >> 16 | append[1] << 16; + block2[3] = append[1] >> 16; + break; + + case 39: + block2[1] = block2[1] | append[0] << 24; + block2[2] = append[0] >> 8 | append[1] << 24; + block2[3] = append[1] >> 8; + break; + + case 40: + block2[2] = append[0]; + block2[3] = append[1]; + break; + + case 41: + block2[2] = block2[2] | append[0] << 8; + block2[3] = append[0] >> 24 | append[1] << 8; + block3[0] = append[1] >> 24; + break; + + case 42: + block2[2] = block2[2] | append[0] << 16; + block2[3] = append[0] >> 16 | append[1] << 16; + block3[0] = append[1] >> 16; + break; + + case 43: + block2[2] = block2[2] | append[0] << 24; + block2[3] = append[0] >> 8 | append[1] << 24; + block3[0] = append[1] >> 8; + break; + + case 44: + block2[3] = append[0]; + block3[0] = append[1]; + break; + + case 45: + block2[3] = block2[3] | append[0] << 8; + block3[0] = append[0] >> 24 | append[1] << 8; + block3[1] = append[1] >> 24; + break; + + case 46: + block2[3] = block2[3] | append[0] << 16; + block3[0] = append[0] >> 16 | append[1] << 16; + block3[1] = append[1] >> 16; + break; + + case 47: + block2[3] = block2[3] | append[0] << 24; + block3[0] = append[0] >> 8 | append[1] << 24; + block3[1] = append[1] >> 8; + break; + + case 48: + block3[0] = append[0]; + block3[1] = append[1]; + break; + + case 49: + block3[0] = block3[0] | append[0] << 8; + block3[1] = append[0] >> 24 | append[1] << 8; + block3[2] = append[1] >> 24; + break; + + case 50: + block3[0] = block3[0] | append[0] << 16; + block3[1] = append[0] >> 16 | append[1] << 16; + block3[2] = append[1] >> 16; + break; + + case 51: + block3[0] = block3[0] | append[0] << 24; + block3[1] = append[0] >> 8 | append[1] << 24; + block3[2] = append[1] >> 8; + break; + + case 52: + block3[1] = append[0]; + block3[2] = append[1]; + break; + + case 53: + block3[1] = block3[1] | append[0] << 8; + block3[2] = append[0] >> 24 | append[1] << 8; + block3[3] = append[1] >> 24; + break; + + case 54: + block3[1] = block3[1] | append[0] << 16; + block3[2] = append[0] >> 16 | append[1] << 16; + block3[3] = append[1] >> 16; + break; + + case 55: + block3[1] = block3[1] | append[0] << 24; + block3[2] = append[0] >> 8 | append[1] << 24; + block3[3] = append[1] >> 8; + break; + + case 56: + block3[2] = append[0]; + block3[3] = append[1]; + break; + } +} + +uint4 swap32_4 (uint4 v) +{ + return (rotate ((v & 0x00FF00FF), 24u) | rotate ((v & 0xFF00FF00), 8u)); +} + +#define GET_SCRYPT_CNT(r,p) (2 * (r) * 16 * (p)) +#define GET_SMIX_CNT(r,N) (2 * (r) * 16 * (N)) +#define GET_STATE_CNT(r) (2 * (r) * 16) + +#define SCRYPT_CNT GET_SCRYPT_CNT (SCRYPT_R, SCRYPT_P) +#define SCRYPT_CNT4 (SCRYPT_CNT / 4) +#define STATE_CNT GET_STATE_CNT (SCRYPT_R) +#define STATE_CNT4 (STATE_CNT / 4) + +#define ADD_ROTATE_XOR(r,i1,i2,s) (r) ^= rotate ((i1) + (i2), (s)); + +#define SALSA20_2R() \ +{ \ + ADD_ROTATE_XOR (X1, X0, X3, 7); \ + ADD_ROTATE_XOR (X2, X1, X0, 9); \ + ADD_ROTATE_XOR (X3, X2, X1, 13); \ + ADD_ROTATE_XOR (X0, X3, X2, 18); \ + \ + X1 = X1.s3012; \ + X2 = X2.s2301; \ + X3 = X3.s1230; \ + \ + ADD_ROTATE_XOR (X3, X0, X1, 7); \ + ADD_ROTATE_XOR (X2, X3, X0, 9); \ + ADD_ROTATE_XOR (X1, X2, X3, 13); \ + ADD_ROTATE_XOR (X0, X1, X2, 18); \ + \ + X1 = X1.s1230; \ + X2 = X2.s2301; \ + X3 = X3.s3012; \ +} + +#define SALSA20_8_XOR() \ +{ \ + R0 = R0 ^ Y0; \ + R1 = R1 ^ Y1; \ + R2 = R2 ^ Y2; \ + R3 = R3 ^ Y3; \ + \ + uint4 X0 = R0; \ + uint4 X1 = R1; \ + uint4 X2 = R2; \ + uint4 X3 = R3; \ + \ + SALSA20_2R (); \ + SALSA20_2R (); \ + SALSA20_2R (); \ + SALSA20_2R (); \ + \ + R0 = R0 + X0; \ + R1 = R1 + X1; \ + R2 = R2 + X2; \ + R3 = R3 + X3; \ +} + +void salsa_r (uint4 *TI) +{ + uint4 R0 = TI[STATE_CNT4 - 4]; + uint4 R1 = TI[STATE_CNT4 - 3]; + uint4 R2 = TI[STATE_CNT4 - 2]; + uint4 R3 = TI[STATE_CNT4 - 1]; + + uint4 TO[STATE_CNT4]; + + int idx_y = 0; + int idx_r1 = 0; + int idx_r2 = SCRYPT_R * 4; + + for (int i = 0; i < SCRYPT_R; i++) + { + uint4 Y0; + uint4 Y1; + uint4 Y2; + uint4 Y3; + + Y0 = TI[idx_y++]; + Y1 = TI[idx_y++]; + Y2 = TI[idx_y++]; + Y3 = TI[idx_y++]; + + SALSA20_8_XOR (); + + TO[idx_r1++] = R0; + TO[idx_r1++] = R1; + TO[idx_r1++] = R2; + TO[idx_r1++] = R3; + + Y0 = TI[idx_y++]; + Y1 = TI[idx_y++]; + Y2 = TI[idx_y++]; + Y3 = TI[idx_y++]; + + SALSA20_8_XOR (); + + TO[idx_r2++] = R0; + TO[idx_r2++] = R1; + TO[idx_r2++] = R2; + TO[idx_r2++] = R3; + } + + #pragma unroll + for (int i = 0; i < STATE_CNT4; i++) + { + TI[i] = TO[i]; + } +} + +void scrypt_smix (uint4 *X, uint4 *T, __global uint4 *V0, __global uint4 *V1, __global uint4 *V2, __global uint4 *V3) +{ + #define Coord(xd4,y,z) (((xd4) * ySIZE * zSIZE) + ((y) * zSIZE) + (z)) + #define CO Coord(xd4,y,z) + + const u32 ySIZE = SCRYPT_N / SCRYPT_TMTO; + const u32 zSIZE = STATE_CNT4; + + const u32 x = get_global_id (0); + + const u32 xd4 = x / 4; + const u32 xm4 = x & 3; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < STATE_CNT4; i += 4) + { + T[0] = (uint4) (X[i + 0].x, X[i + 1].y, X[i + 2].z, X[i + 3].w); + T[1] = (uint4) (X[i + 1].x, X[i + 2].y, X[i + 3].z, X[i + 0].w); + T[2] = (uint4) (X[i + 2].x, X[i + 3].y, X[i + 0].z, X[i + 1].w); + T[3] = (uint4) (X[i + 3].x, X[i + 0].y, X[i + 1].z, X[i + 2].w); + + X[i + 0] = T[0]; + X[i + 1] = T[1]; + X[i + 2] = T[2]; + X[i + 3] = T[3]; + } + + for (u32 y = 0; y < ySIZE; y++) + { + switch (xm4) + { + case 0: for (u32 z = 0; z < zSIZE; z++) V0[CO] = X[z]; break; + case 1: for (u32 z = 0; z < zSIZE; z++) V1[CO] = X[z]; break; + case 2: for (u32 z = 0; z < zSIZE; z++) V2[CO] = X[z]; break; + case 3: for (u32 z = 0; z < zSIZE; z++) V3[CO] = X[z]; break; + } + + for (u32 i = 0; i < SCRYPT_TMTO; i++) salsa_r (X); + } + + for (u32 i = 0; i < SCRYPT_N; i++) + { + const u32 k = X[zSIZE - 4].x & (SCRYPT_N - 1); + + const u32 y = k / SCRYPT_TMTO; + + const u32 km = k - (y * SCRYPT_TMTO); + + switch (xm4) + { + case 0: for (u32 z = 0; z < zSIZE; z++) T[z] = V0[CO]; break; + case 1: for (u32 z = 0; z < zSIZE; z++) T[z] = V1[CO]; break; + case 2: for (u32 z = 0; z < zSIZE; z++) T[z] = V2[CO]; break; + case 3: for (u32 z = 0; z < zSIZE; z++) T[z] = V3[CO]; break; + } + + for (u32 i = 0; i < km; i++) salsa_r (T); + + for (u32 z = 0; z < zSIZE; z++) X[z] ^= T[z]; + + salsa_r (X); + } + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < STATE_CNT4; i += 4) + { + T[0] = (uint4) (X[i + 0].x, X[i + 3].y, X[i + 2].z, X[i + 1].w); + T[1] = (uint4) (X[i + 1].x, X[i + 0].y, X[i + 3].z, X[i + 2].w); + T[2] = (uint4) (X[i + 2].x, X[i + 1].y, X[i + 0].z, X[i + 3].w); + T[3] = (uint4) (X[i + 3].x, X[i + 2].y, X[i + 1].z, X[i + 0].w); + + X[i + 0] = T[0]; + X[i + 1] = T[1]; + X[i + 2] = T[2]; + X[i + 3] = T[3]; + } +} + +__kernel void m15700_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global scrypt_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ethereum_scrypt_t *esalt_bufs, __global u32 *d_return_buf, __global uint4 *d_scryptV0_buf, __global uint4 *d_scryptV1_buf, __global uint4 *d_scryptV2_buf, __global uint4 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + /** + * base + */ + + const u32 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = pws[gid].i[ 8]; + w2[1] = pws[gid].i[ 9]; + w2[2] = pws[gid].i[10]; + w2[3] = pws[gid].i[11]; + + u32 w3[4]; + + w3[0] = pws[gid].i[12]; + w3[1] = pws[gid].i[13]; + w3[2] = pws[gid].i[14]; + w3[3] = pws[gid].i[15]; + + /** + * salt + */ + + u32 salt_buf0[4]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; + salt_buf0[2] = salt_bufs[salt_pos].salt_buf[2]; + salt_buf0[3] = salt_bufs[salt_pos].salt_buf[3]; + + u32 salt_buf1[4]; + + salt_buf1[0] = salt_bufs[salt_pos].salt_buf[4]; + salt_buf1[1] = salt_bufs[salt_pos].salt_buf[5]; + salt_buf1[2] = salt_bufs[salt_pos].salt_buf[6]; + salt_buf1[3] = salt_bufs[salt_pos].salt_buf[7]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * 1st pbkdf2, creates B + */ + + w0[0] = swap32 (w0[0]); + w0[1] = swap32 (w0[1]); + w0[2] = swap32 (w0[2]); + w0[3] = swap32 (w0[3]); + w1[0] = swap32 (w1[0]); + w1[1] = swap32 (w1[1]); + w1[2] = swap32 (w1[2]); + w1[3] = swap32 (w1[3]); + w2[0] = swap32 (w2[0]); + w2[1] = swap32 (w2[1]); + w2[2] = swap32 (w2[2]); + w2[3] = swap32 (w2[3]); + w3[0] = swap32 (w3[0]); + w3[1] = swap32 (w3[1]); + w3[2] = swap32 (w3[2]); + w3[3] = swap32 (w3[3]); + + u32 ipad[8]; + u32 opad[8]; + + hmac_sha256_pad (w0, w1, w2, w3, ipad, opad); + + for (u32 i = 0, j = 0, k = 0; i < SCRYPT_CNT; i += 8, j += 1, k += 2) + { + w0[0] = salt_buf0[0]; + w0[1] = salt_buf0[1]; + w0[2] = salt_buf0[2]; + w0[3] = salt_buf0[3]; + w1[0] = salt_buf1[0]; + w1[1] = salt_buf1[1]; + w1[2] = salt_buf1[2]; + w1[3] = salt_buf1[3]; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + u32 append[2]; + + append[0] = swap32 (j + 1); + append[1] = 0x80; + + memcat8 (w0, w1, w2, w3, salt_len, append); + + w0[0] = swap32 (w0[0]); + w0[1] = swap32 (w0[1]); + w0[2] = swap32 (w0[2]); + w0[3] = swap32 (w0[3]); + w1[0] = swap32 (w1[0]); + w1[1] = swap32 (w1[1]); + w1[2] = swap32 (w1[2]); + w1[3] = swap32 (w1[3]); + w2[0] = swap32 (w2[0]); + w2[1] = swap32 (w2[1]); + w2[2] = swap32 (w2[2]); + w2[3] = swap32 (w2[3]); + w3[0] = swap32 (w3[0]); + w3[1] = swap32 (w3[1]); + w3[2] = 0; + w3[3] = (64 + salt_len + 4) * 8; + + u32 digest[8]; + + hmac_sha256_run (w0, w1, w2, w3, ipad, opad, digest); + + const uint4 tmp0 = (uint4) (digest[0], digest[1], digest[2], digest[3]); + const uint4 tmp1 = (uint4) (digest[4], digest[5], digest[6], digest[7]); + + barrier (CLK_GLOBAL_MEM_FENCE); + + tmps[gid].P[k + 0] = tmp0; + tmps[gid].P[k + 1] = tmp1; + } +} + +__kernel void m15700_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global scrypt_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ethereum_scrypt_t *esalt_bufs, __global u32 *d_return_buf, __global uint4 *d_scryptV0_buf, __global uint4 *d_scryptV1_buf, __global uint4 *d_scryptV2_buf, __global uint4 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + const u32 gid = get_global_id (0); + + if (gid >= gid_max) return; + + uint4 X[STATE_CNT4]; + uint4 T[STATE_CNT4]; + + #ifdef _unroll + #pragma unroll + #endif + for (int z = 0; z < STATE_CNT4; z++) X[z] = swap32_4 (tmps[gid].P[z]); + + scrypt_smix (X, T, d_scryptV0_buf, d_scryptV1_buf, d_scryptV2_buf, d_scryptV3_buf); + + #ifdef _unroll + #pragma unroll + #endif + for (int z = 0; z < STATE_CNT4; z++) tmps[gid].P[z] = swap32_4 (X[z]); + + #if SCRYPT_P >= 1 + for (int i = STATE_CNT4; i < SCRYPT_CNT4; i += STATE_CNT4) + { + for (int z = 0; z < STATE_CNT4; z++) X[z] = swap32_4 (tmps[gid].P[i + z]); + + scrypt_smix (X, T, d_scryptV0_buf, d_scryptV1_buf, d_scryptV2_buf, d_scryptV3_buf); + + for (int z = 0; z < STATE_CNT4; z++) tmps[gid].P[i + z] = swap32_4 (X[z]); + } + #endif +} + +__kernel void m15700_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global scrypt_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ethereum_scrypt_t *esalt_bufs, __global u32 *d_return_buf, __global uint4 *d_scryptV0_buf, __global uint4 *d_scryptV1_buf, __global uint4 *d_scryptV2_buf, __global uint4 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) +{ + /** + * base + */ + + const u32 gid = get_global_id (0); + const u32 lid = get_local_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = pws[gid].i[ 8]; + w2[1] = pws[gid].i[ 9]; + w2[2] = pws[gid].i[10]; + w2[3] = pws[gid].i[11]; + + u32 w3[4]; + + w3[0] = pws[gid].i[12]; + w3[1] = pws[gid].i[13]; + w3[2] = pws[gid].i[14]; + w3[3] = pws[gid].i[15]; + + /** + * 2nd pbkdf2, creates B + */ + + w0[0] = swap32 (w0[0]); + w0[1] = swap32 (w0[1]); + w0[2] = swap32 (w0[2]); + w0[3] = swap32 (w0[3]); + w1[0] = swap32 (w1[0]); + w1[1] = swap32 (w1[1]); + w1[2] = swap32 (w1[2]); + w1[3] = swap32 (w1[3]); + w2[0] = swap32 (w2[0]); + w2[1] = swap32 (w2[1]); + w2[2] = swap32 (w2[2]); + w2[3] = swap32 (w2[3]); + w3[0] = swap32 (w3[0]); + w3[1] = swap32 (w3[1]); + w3[2] = swap32 (w3[2]); + w3[3] = swap32 (w3[3]); + + u32 ipad[8]; + u32 opad[8]; + + hmac_sha256_pad (w0, w1, w2, w3, ipad, opad); + + for (u32 l = 0; l < SCRYPT_CNT4; l += 4) + { + barrier (CLK_GLOBAL_MEM_FENCE); + + uint4 tmp; + + tmp = tmps[gid].P[l + 0]; + + w0[0] = tmp.s0; + w0[1] = tmp.s1; + w0[2] = tmp.s2; + w0[3] = tmp.s3; + + tmp = tmps[gid].P[l + 1]; + + w1[0] = tmp.s0; + w1[1] = tmp.s1; + w1[2] = tmp.s2; + w1[3] = tmp.s3; + + tmp = tmps[gid].P[l + 2]; + + w2[0] = tmp.s0; + w2[1] = tmp.s1; + w2[2] = tmp.s2; + w2[3] = tmp.s3; + + tmp = tmps[gid].P[l + 3]; + + w3[0] = tmp.s0; + w3[1] = tmp.s1; + w3[2] = tmp.s2; + w3[3] = tmp.s3; + + sha256_transform (w0, w1, w2, w3, ipad); + } + + w0[0] = 0x00000001; + w0[1] = 0x80000000; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + (SCRYPT_CNT * 4) + 4) * 8; + + u32 digest[8]; + + hmac_sha256_run (w0, w1, w2, w3, ipad, opad, digest); + + /** + * keccak + */ + + u32 ciphertext[8]; + + ciphertext[0] = esalt_bufs[digests_offset].ciphertext[0]; + ciphertext[1] = esalt_bufs[digests_offset].ciphertext[1]; + ciphertext[2] = esalt_bufs[digests_offset].ciphertext[2]; + ciphertext[3] = esalt_bufs[digests_offset].ciphertext[3]; + ciphertext[4] = esalt_bufs[digests_offset].ciphertext[4]; + ciphertext[5] = esalt_bufs[digests_offset].ciphertext[5]; + ciphertext[6] = esalt_bufs[digests_offset].ciphertext[6]; + ciphertext[7] = esalt_bufs[digests_offset].ciphertext[7]; + + u32 key[4]; + + key[0] = swap32_S (digest[4]); + key[1] = swap32_S (digest[5]); + key[2] = swap32_S (digest[6]); + key[3] = swap32_S (digest[7]); + + u64 st[25]; + + st[ 0] = hl32_to_64_S (key[1], key[0]); + st[ 1] = hl32_to_64_S (key[3], key[2]); + st[ 2] = hl32_to_64_S (ciphertext[1], ciphertext[0]); + st[ 3] = hl32_to_64_S (ciphertext[3], ciphertext[2]); + st[ 4] = hl32_to_64_S (ciphertext[5], ciphertext[4]); + st[ 5] = hl32_to_64_S (ciphertext[7], ciphertext[6]); + st[ 6] = 0x01; + st[ 7] = 0; + st[ 8] = 0; + st[ 9] = 0; + st[10] = 0; + st[11] = 0; + st[12] = 0; + st[13] = 0; + st[14] = 0; + st[15] = 0; + st[16] = 0; + st[17] = 0; + st[18] = 0; + st[19] = 0; + st[20] = 0; + st[21] = 0; + st[22] = 0; + st[23] = 0; + st[24] = 0; + + const u32 mdlen = 32; + + const u32 rsiz = 200 - (2 * mdlen); + + const u32 add80w = (rsiz - 1) / 8; + + st[add80w] |= 0x8000000000000000; + + keccak_transform_S (st); + + const u32 r0 = l32_from_64_S (st[0]); + const u32 r1 = h32_from_64_S (st[0]); + const u32 r2 = l32_from_64_S (st[1]); + const u32 r3 = h32_from_64_S (st[1]); + + #define il_pos 0 + + #include COMPARE_M +} diff --git a/docs/changes.txt b/docs/changes.txt index 25b20eb40..eba24eb32 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -8,6 +8,8 @@ - Added hash-mode 15200 = Blockchain, My Wallet, V2 - Added hash-mode 15300 = DPAPI masterkey file v1 and v2 - Added hash-mode 15400 = Chacha20 +- Added hash-mode 15600 = Ethereum Wallet, PBKDF2-HMAC-SHA256 +- Added hash-mode 15700 = Ethereum Wallet, PBKDF2-SCRYPT ## ## Features diff --git a/docs/readme.txt b/docs/readme.txt index 9a2ce512e..dd383f606 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -222,6 +222,8 @@ NVIDIA GPUs require "NVIDIA Driver" (367.x or later) - Password Safe v2 - Password Safe v3 - KeePass 1 (AES/Twofish) and KeePass 2 (AES) +- Ethereum Wallet, PBKDF2-HMAC-SHA256 +- Ethereum Wallet, SCRYPT - eCryptfs - Android FDE <= 4.3 - Android FDE (Samsung DEK) diff --git a/hashcat.hctune b/hashcat.hctune index de83b3c19..076256a3f 100644 --- a/hashcat.hctune +++ b/hashcat.hctune @@ -471,5 +471,8 @@ DEVICE_TYPE_GPU * 14800 1 2 DEVICE_TYPE_CPU * 8900 1 1 1 DEVICE_TYPE_CPU * 9300 1 1 1 +DEVICE_TYPE_CPU * 15700 1 1 1 + DEVICE_TYPE_GPU * 8900 1 8 1 DEVICE_TYPE_GPU * 9300 1 8 1 +DEVICE_TYPE_GPU * 15700 1 1 1 diff --git a/include/interface.h b/include/interface.h index 96fe1d64d..91fd38807 100644 --- a/include/interface.h +++ b/include/interface.h @@ -441,6 +441,20 @@ typedef struct dpapimk } dpapimk_t; +typedef struct ethereum_pbkdf2 +{ + u32 salt_buf[16]; + u32 ciphertext[8]; + +} ethereum_pbkdf2_t; + +typedef struct ethereum_scrypt +{ + u32 salt_buf[16]; + u32 ciphertext[8]; + +} ethereum_scrypt_t; + typedef struct pdf14_tmp { u32 digest[4]; @@ -1228,6 +1242,10 @@ typedef enum display_len DISPLAY_LEN_MAX_15300 = 1 + 7 + 1 + 1 + 1 + 1 + 1 + 100 + 1 + 6 + 1 + 6 + 1 + 10 + 1 + 32 + 1 + 4 + 1 + 512, DISPLAY_LEN_MIN_15400 = 10 + 1 + 16 + 1 + 1 + 1 + 16 + 1 + 16 + 1 + 16, DISPLAY_LEN_MAX_15400 = 10 + 1 + 16 + 1 + 2 + 1 + 16 + 1 + 16 + 1 + 16, + DISPLAY_LEN_MIN_15600 = 11 + 1 + 1 + 1 + 32 + 1 + 64 + 1 + 64, + DISPLAY_LEN_MAX_15600 = 11 + 1 + 6 + 1 + 64 + 1 + 64 + 1 + 64, + DISPLAY_LEN_MIN_15700 = 11 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 64 + 1 + 64 + 1 + 64, + DISPLAY_LEN_MAX_15700 = 11 + 1 + 6 + 1 + 1 + 1 + 1 + 1 + 64 + 1 + 64 + 1 + 64, DISPLAY_LEN_MIN_99999 = 1, DISPLAY_LEN_MAX_99999 = 55, @@ -1560,6 +1578,8 @@ typedef enum kern_type KERN_TYPE_NETBSD_SHA1CRYPT = 15100, KERN_TYPE_DPAPIMK = 15300, KERN_TYPE_CHACHA20 = 15400, + KERN_TYPE_ETHEREUM_PBKDF2 = 15600, + KERN_TYPE_ETHEREUM_SCRYPT = 15700, KERN_TYPE_PLAINTEXT = 99999, } kern_type_t; @@ -1631,6 +1651,7 @@ typedef enum rounds_count ROUNDS_ATLASSIAN = 10000, ROUNDS_NETBSD_SHA1CRYPT = 20000, ROUNDS_DPAPIMK = 24000 - 1, // from 4000 to 24000 (possibly more) + ROUNDS_ETHEREUM_PBKDF2 = 262144 - 1, ROUNDS_STDOUT = 0 } rounds_count_t; @@ -1811,6 +1832,8 @@ int filezilla_server_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu int netbsd_sha1crypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); int dpapimk_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); +int ethereum_pbkdf2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); +int ethereum_scrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig); /** * hook functions diff --git a/src/benchmark.c b/src/benchmark.c index 20cbfb5bc..65feea0e1 100644 --- a/src/benchmark.c +++ b/src/benchmark.c @@ -6,7 +6,7 @@ #include "common.h" #include "benchmark.h" -const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_CNT = 152; +const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_CNT = 153; const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] = { @@ -160,6 +160,7 @@ const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] = 12700, 15200, 13400, + 15600, 125, 15400 }; diff --git a/src/interface.c b/src/interface.c index 499571bb7..397538b6e 100644 --- a/src/interface.c +++ b/src/interface.c @@ -242,7 +242,8 @@ static const char HT_15100[] = "Juniper/NetBSD sha1crypt"; static const char HT_15200[] = "Blockchain, My Wallet, V2"; static const char HT_15300[] = "DPAPI masterkey file v1 and v2"; static const char HT_15400[] = "Chacha20"; - +static const char HT_15600[] = "Ethereum Wallet, PBKDF2-HMAC-SHA256"; +static const char HT_15700[] = "Ethereum Wallet, SCRYPT"; static const char HT_99999[] = "Plaintext"; static const char HT_00011[] = "Joomla < 2.5.18"; @@ -384,6 +385,8 @@ static const char SIGNATURE_ATLASSIAN[] = "{PKCS5S2}"; static const char SIGNATURE_NETBSD_SHA1CRYPT[] = "$sha1$"; static const char SIGNATURE_BLAKE2B[] = "$BLAKE2$"; static const char SIGNATURE_CHACHA20[] = "$Chacha20$"; +static const char SIGNATURE_ETHEREUM_PBKDF2[] = "$ethereum$p"; +static const char SIGNATURE_ETHEREUM_SCRYPT[] = "$ethereum$s"; /** * decoder / encoder @@ -14829,6 +14832,263 @@ int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_ return (PARSER_OK); } +int ethereum_pbkdf2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig) +{ + if ((input_len < DISPLAY_LEN_MIN_15600) || (input_len > DISPLAY_LEN_MAX_15600)) return (PARSER_GLOBAL_LENGTH); + + if (memcmp (SIGNATURE_ETHEREUM_PBKDF2, input_buf, 11)) return (PARSER_SIGNATURE_UNMATCHED); + + u32 *digest = (u32 *) hash_buf->digest; + + salt_t *salt = hash_buf->salt; + + ethereum_pbkdf2_t *ethereum_pbkdf2 = (ethereum_pbkdf2_t *) hash_buf->esalt; + + /** + * parse line + */ + + // iter + + u8 *iter_pos = input_buf + 11 + 1; + + // salt + + u8 *salt_pos = (u8 *) strchr ((const char *) iter_pos, '*'); + + if (salt_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + u32 iter_len = salt_pos - iter_pos; + + salt_pos++; + + // ciphertext + + u8 *ciphertext_pos = (u8 *) strchr ((const char *) salt_pos, '*'); + + if (ciphertext_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + u32 salt_len = ciphertext_pos - salt_pos; + + ciphertext_pos++; + + // hash + + u8 *hash_pos = (u8 *) strchr ((const char *) ciphertext_pos, '*'); + + if (hash_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + u32 ciphertext_len = hash_pos - ciphertext_pos; + + hash_pos++; + + u32 hash_len = input_len - 11 - 1 - iter_len - 1 - salt_len - 1 - ciphertext_len - 1; + + /** + * verify some data + */ + + const u32 iter = atoi ((const char *) iter_pos); + + if (iter < 1) return (PARSER_SALT_ITERATION); + + if ((salt_len != 32) && (salt_len != 64)) return (PARSER_SALT_LENGTH); + if (ciphertext_len != 64) return (PARSER_SALT_LENGTH); + if (hash_len != 64) return (PARSER_SALT_LENGTH); + + if (is_valid_hex_string (salt_pos, salt_len) == false) return (PARSER_SALT_ENCODING); + if (is_valid_hex_string (ciphertext_pos, ciphertext_len) == false) return (PARSER_HASH_ENCODING); + if (is_valid_hex_string (hash_pos, hash_len) == false) return (PARSER_HASH_ENCODING); + + /** + * store data + */ + + u8 *salt_buf_ptr = (u8 *) ethereum_pbkdf2->salt_buf; + + salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + + salt_buf_ptr[salt_len + 3] = 0x01; + salt_buf_ptr[salt_len + 4] = 0x80; + + // salt + + salt->salt_buf[0] = ethereum_pbkdf2->salt_buf[0]; + salt->salt_buf[1] = ethereum_pbkdf2->salt_buf[1]; + salt->salt_buf[2] = ethereum_pbkdf2->salt_buf[2]; + salt->salt_buf[3] = ethereum_pbkdf2->salt_buf[3]; + salt->salt_buf[4] = ethereum_pbkdf2->salt_buf[4]; + salt->salt_buf[5] = ethereum_pbkdf2->salt_buf[5]; + salt->salt_buf[6] = ethereum_pbkdf2->salt_buf[6]; + salt->salt_buf[7] = ethereum_pbkdf2->salt_buf[7]; + + salt->salt_len = salt_len; + salt->salt_iter = iter - 1; + + // ciphtertext + + ethereum_pbkdf2->ciphertext[0] = hex_to_u32 ((const u8 *) &ciphertext_pos[ 0]); + ethereum_pbkdf2->ciphertext[1] = hex_to_u32 ((const u8 *) &ciphertext_pos[ 8]); + ethereum_pbkdf2->ciphertext[2] = hex_to_u32 ((const u8 *) &ciphertext_pos[16]); + ethereum_pbkdf2->ciphertext[3] = hex_to_u32 ((const u8 *) &ciphertext_pos[24]); + ethereum_pbkdf2->ciphertext[4] = hex_to_u32 ((const u8 *) &ciphertext_pos[32]); + ethereum_pbkdf2->ciphertext[5] = hex_to_u32 ((const u8 *) &ciphertext_pos[40]); + ethereum_pbkdf2->ciphertext[6] = hex_to_u32 ((const u8 *) &ciphertext_pos[48]); + ethereum_pbkdf2->ciphertext[7] = hex_to_u32 ((const u8 *) &ciphertext_pos[56]); + + // hash + + digest[0] = hex_to_u32 ((const u8 *) &hash_pos[ 0]); + digest[1] = hex_to_u32 ((const u8 *) &hash_pos[ 8]); + digest[2] = hex_to_u32 ((const u8 *) &hash_pos[16]); + digest[3] = hex_to_u32 ((const u8 *) &hash_pos[24]); + digest[4] = hex_to_u32 ((const u8 *) &hash_pos[32]); + digest[5] = hex_to_u32 ((const u8 *) &hash_pos[40]); + digest[6] = hex_to_u32 ((const u8 *) &hash_pos[48]); + digest[7] = hex_to_u32 ((const u8 *) &hash_pos[56]); + + return (PARSER_OK); +} + +int ethereum_scrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig) +{ + if ((input_len < DISPLAY_LEN_MIN_15700) || (input_len > DISPLAY_LEN_MAX_15700)) return (PARSER_GLOBAL_LENGTH); + + if (memcmp (SIGNATURE_ETHEREUM_SCRYPT, input_buf, 11)) return (PARSER_SIGNATURE_UNMATCHED); + + u32 *digest = (u32 *) hash_buf->digest; + + salt_t *salt = hash_buf->salt; + + ethereum_scrypt_t *ethereum_scrypt = (ethereum_scrypt_t *) hash_buf->esalt; + + /** + * parse line + */ + + // scryptN + + u8 *scryptN_pos = input_buf + 11 + 1; + + // scryptr + + u8 *scryptr_pos = (u8 *) strchr ((const char *) scryptN_pos, '*'); + + if (scryptr_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + u32 scryptN_len = scryptr_pos - scryptN_pos; + + scryptr_pos++; + + // scryptp + + u8 *scryptp_pos = (u8 *) strchr ((const char *) scryptr_pos, '*'); + + if (scryptp_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + u32 scryptr_len = scryptp_pos - scryptr_pos; + + scryptp_pos++; + + // salt + + u8 *salt_pos = (u8 *) strchr ((const char *) scryptp_pos, '*'); + + if (salt_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + u32 scryptp_len = salt_pos - scryptp_pos; + + salt_pos++; + + // ciphertext + + u8 *ciphertext_pos = (u8 *) strchr ((const char *) salt_pos, '*'); + + if (ciphertext_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + u32 salt_len = ciphertext_pos - salt_pos; + + ciphertext_pos++; + + // hash + + u8 *hash_pos = (u8 *) strchr ((const char *) ciphertext_pos, '*'); + + if (hash_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + u32 ciphertext_len = hash_pos - ciphertext_pos; + + hash_pos++; + + u32 hash_len = input_len - 11 - 1 - scryptN_len - 1 - scryptr_len - 1 - scryptp_len - 1 - salt_len - 1 - ciphertext_len - 1; + + /** + * verify some data + */ + + const u32 scrypt_N = atoi ((const char *) scryptN_pos); + const u32 scrypt_r = atoi ((const char *) scryptr_pos); + const u32 scrypt_p = atoi ((const char *) scryptp_pos); + + if (salt_len != 64) return (PARSER_SALT_LENGTH); + if (ciphertext_len != 64) return (PARSER_SALT_LENGTH); + if (hash_len != 64) return (PARSER_SALT_LENGTH); + + if (is_valid_hex_string (salt_pos, salt_len) == false) return (PARSER_SALT_ENCODING); + if (is_valid_hex_string (ciphertext_pos, ciphertext_len) == false) return (PARSER_HASH_ENCODING); + if (is_valid_hex_string (hash_pos, hash_len) == false) return (PARSER_HASH_ENCODING); + + /** + * store data + */ + + u8 *salt_buf_ptr = (u8 *) ethereum_scrypt->salt_buf; + + salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + + // salt + + salt->salt_buf[0] = ethereum_scrypt->salt_buf[0]; + salt->salt_buf[1] = ethereum_scrypt->salt_buf[1]; + salt->salt_buf[2] = ethereum_scrypt->salt_buf[2]; + salt->salt_buf[3] = ethereum_scrypt->salt_buf[3]; + salt->salt_buf[4] = ethereum_scrypt->salt_buf[4]; + salt->salt_buf[5] = ethereum_scrypt->salt_buf[5]; + salt->salt_buf[6] = ethereum_scrypt->salt_buf[6]; + salt->salt_buf[7] = ethereum_scrypt->salt_buf[7]; + + salt->salt_len = salt_len; + salt->salt_iter = 1; + + salt->scrypt_N = scrypt_N; + salt->scrypt_r = scrypt_r; + salt->scrypt_p = scrypt_p; + + // ciphtertext + + ethereum_scrypt->ciphertext[0] = hex_to_u32 ((const u8 *) &ciphertext_pos[ 0]); + ethereum_scrypt->ciphertext[1] = hex_to_u32 ((const u8 *) &ciphertext_pos[ 8]); + ethereum_scrypt->ciphertext[2] = hex_to_u32 ((const u8 *) &ciphertext_pos[16]); + ethereum_scrypt->ciphertext[3] = hex_to_u32 ((const u8 *) &ciphertext_pos[24]); + ethereum_scrypt->ciphertext[4] = hex_to_u32 ((const u8 *) &ciphertext_pos[32]); + ethereum_scrypt->ciphertext[5] = hex_to_u32 ((const u8 *) &ciphertext_pos[40]); + ethereum_scrypt->ciphertext[6] = hex_to_u32 ((const u8 *) &ciphertext_pos[48]); + ethereum_scrypt->ciphertext[7] = hex_to_u32 ((const u8 *) &ciphertext_pos[56]); + + // hash + + digest[0] = hex_to_u32 ((const u8 *) &hash_pos[ 0]); + digest[1] = hex_to_u32 ((const u8 *) &hash_pos[ 8]); + digest[2] = hex_to_u32 ((const u8 *) &hash_pos[16]); + digest[3] = hex_to_u32 ((const u8 *) &hash_pos[24]); + digest[4] = hex_to_u32 ((const u8 *) &hash_pos[32]); + digest[5] = hex_to_u32 ((const u8 *) &hash_pos[40]); + digest[6] = hex_to_u32 ((const u8 *) &hash_pos[48]); + digest[7] = hex_to_u32 ((const u8 *) &hash_pos[56]); + + return (PARSER_OK); +} + /** * hook functions */ @@ -15251,6 +15511,8 @@ char *strhashtype (const u32 hash_mode) case 15200: return ((char *) HT_15200); case 15300: return ((char *) HT_15300); case 15400: return ((char *) HT_15400); + case 15600: return ((char *) HT_15600); + case 15700: return ((char *) HT_15700); case 99999: return ((char *) HT_99999); } @@ -18449,6 +18711,62 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le contents_len, contents); } + else if (hash_mode == 15600) + { + ethereum_pbkdf2_t *ethereum_pbkdf2s = (ethereum_pbkdf2_t *) esalts_buf; + ethereum_pbkdf2_t *ethereum_pbkdf2 = ðereum_pbkdf2s[digest_cur]; + + snprintf (out_buf, out_len - 1, "%s*%d*%s*%08x%08x%08x%08x%08x%08x%08x%08x*%08x%08x%08x%08x%08x%08x%08x%08x", + SIGNATURE_ETHEREUM_PBKDF2, + salt.salt_iter + 1, + (char *) salt.salt_buf, + byte_swap_32 (ethereum_pbkdf2->ciphertext[0]), + byte_swap_32 (ethereum_pbkdf2->ciphertext[1]), + byte_swap_32 (ethereum_pbkdf2->ciphertext[2]), + byte_swap_32 (ethereum_pbkdf2->ciphertext[3]), + byte_swap_32 (ethereum_pbkdf2->ciphertext[4]), + byte_swap_32 (ethereum_pbkdf2->ciphertext[5]), + byte_swap_32 (ethereum_pbkdf2->ciphertext[6]), + byte_swap_32 (ethereum_pbkdf2->ciphertext[7]), + digest_buf[0], + digest_buf[1], + digest_buf[2], + digest_buf[3], + digest_buf[4], + digest_buf[5], + digest_buf[6], + digest_buf[7] + ); + } + else if (hash_mode == 15700) + { + ethereum_scrypt_t *ethereum_scrypts = (ethereum_scrypt_t *) esalts_buf; + ethereum_scrypt_t *ethereum_scrypt = ðereum_scrypts[digest_cur]; + + snprintf (out_buf, out_len - 1, "%s*%d*%d*%d*%s*%08x%08x%08x%08x%08x%08x%08x%08x*%08x%08x%08x%08x%08x%08x%08x%08x", + SIGNATURE_ETHEREUM_SCRYPT, + salt.scrypt_N, + salt.scrypt_r, + salt.scrypt_p, + (char *) salt.salt_buf, + byte_swap_32 (ethereum_scrypt->ciphertext[0]), + byte_swap_32 (ethereum_scrypt->ciphertext[1]), + byte_swap_32 (ethereum_scrypt->ciphertext[2]), + byte_swap_32 (ethereum_scrypt->ciphertext[3]), + byte_swap_32 (ethereum_scrypt->ciphertext[4]), + byte_swap_32 (ethereum_scrypt->ciphertext[5]), + byte_swap_32 (ethereum_scrypt->ciphertext[6]), + byte_swap_32 (ethereum_scrypt->ciphertext[7]), + digest_buf[0], + digest_buf[1], + digest_buf[2], + digest_buf[3], + digest_buf[4], + digest_buf[5], + digest_buf[6], + digest_buf[7] + ); + } else if (hash_mode == 99999) { char *ptr = (char *) digest_buf; @@ -22795,6 +23113,37 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->dgst_pos3 = 3; break; + case 15600: hashconfig->hash_type = HASH_TYPE_PBKDF2_SHA256; + hashconfig->salt_type = SALT_TYPE_EMBEDDED; + hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_HEX; + hashconfig->kern_type = KERN_TYPE_ETHEREUM_PBKDF2; + hashconfig->dgst_size = DGST_SIZE_4_8; + hashconfig->parse_func = ethereum_pbkdf2_parse_hash; + hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD; + hashconfig->dgst_pos0 = 0; + hashconfig->dgst_pos1 = 1; + hashconfig->dgst_pos2 = 2; + hashconfig->dgst_pos3 = 3; + break; + + case 15700: hashconfig->hash_type = HASH_TYPE_SCRYPT; + hashconfig->salt_type = SALT_TYPE_EMBEDDED; + hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_HEX; + hashconfig->kern_type = KERN_TYPE_ETHEREUM_SCRYPT; + hashconfig->dgst_size = DGST_SIZE_4_8; + hashconfig->parse_func = ethereum_scrypt_parse_hash; + hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE; + hashconfig->dgst_pos0 = 0; + hashconfig->dgst_pos1 = 1; + hashconfig->dgst_pos2 = 2; + hashconfig->dgst_pos3 = 3; + break; + case 99999: hashconfig->hash_type = HASH_TYPE_PLAINTEXT; hashconfig->salt_type = SALT_TYPE_NONE; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -22933,6 +23282,8 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 14800: hashconfig->esalt_size = sizeof (itunes_backup_t); break; case 15300: hashconfig->esalt_size = sizeof (dpapimk_t); break; case 15400: hashconfig->esalt_size = sizeof (chacha20_t); break; + case 15600: hashconfig->esalt_size = sizeof (ethereum_pbkdf2_t); break; + case 15700: hashconfig->esalt_size = sizeof (ethereum_scrypt_t); break; } // hook_salt_size @@ -23037,6 +23388,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 15100: hashconfig->tmp_size = sizeof (pbkdf1_sha1_tmp_t); break; case 15200: hashconfig->tmp_size = sizeof (mywallet_tmp_t); break; case 15300: hashconfig->tmp_size = sizeof (dpapimk_tmp_t); break; + case 15600: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; }; // hook_size @@ -23165,6 +23517,7 @@ u32 hashconfig_get_kernel_threads (hashcat_ctx_t *hashcat_ctx, const hc_device_p if (hashconfig->hash_mode == 8900) kernel_threads = 64; // Scrypt if (hashconfig->hash_mode == 9300) kernel_threads = 64; // Scrypt + if (hashconfig->hash_mode == 15700) kernel_threads = 64; // Scrypt if (device_param->device_type & CL_DEVICE_TYPE_CPU) { @@ -23234,6 +23587,11 @@ u32 hashconfig_get_kernel_loops (hashcat_ctx_t *hashcat_ctx) kernel_loops_fixed = 1024; } + if (hashconfig->hash_mode == 15700) + { + kernel_loops_fixed = 1; + } + return kernel_loops_fixed; } @@ -23381,6 +23739,13 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo break; case 15100: salt->salt_len = 8; break; + case 15600: salt->salt_len = 32; + break; + case 15700: salt->salt_len = 32; + salt->scrypt_N = 262144; + salt->scrypt_r = 1; + salt->scrypt_p = 8; + break; } // special esalt handling @@ -23641,6 +24006,10 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo break; case 15300: salt->salt_iter = ROUNDS_DPAPIMK; break; + case 15600: salt->salt_iter = ROUNDS_ETHEREUM_PBKDF2; + break; + case 15700: salt->salt_iter = 1; + break; } } diff --git a/src/opencl.c b/src/opencl.c index 3e7d03bd6..108e47d59 100644 --- a/src/opencl.c +++ b/src/opencl.c @@ -3412,6 +3412,10 @@ int opencl_session_begin (hashcat_ctx_t *hashcat_ctx) { opencl_ctx->force_jit_compilation = 8900; } + else if (hashconfig->hash_mode == 15700) + { + opencl_ctx->force_jit_compilation = 15700; + } else if (hashconfig->hash_mode == 1500 && user_options->attack_mode == ATTACK_MODE_BF && hashes->salts_cnt == 1) { opencl_ctx->force_jit_compilation = 1500; @@ -3656,7 +3660,7 @@ int opencl_session_begin (hashcat_ctx_t *hashcat_ctx) size_t size_scrypt = 4; - if ((hashconfig->hash_mode == 8900) || (hashconfig->hash_mode == 9300)) + if ((hashconfig->hash_mode == 8900) || (hashconfig->hash_mode == 9300) || (hashconfig->hash_mode == 15700)) { // we need to check that all hashes have the same scrypt settings @@ -3714,6 +3718,17 @@ int opencl_session_begin (hashcat_ctx_t *hashcat_ctx) tmto_start = 4; } } + else if (hashconfig->hash_mode == 15700) + { + if (device_param->device_vendor_id == VENDOR_ID_AMD) + { + tmto_start = 5; + } + else if (device_param->device_vendor_id == VENDOR_ID_NV) + { + tmto_start = 6; + } + } } const u32 kernel_power_max = device_param->hardware_power * device_param->kernel_accel_max; @@ -4146,7 +4161,7 @@ int opencl_session_begin (hashcat_ctx_t *hashcat_ctx) { snprintf (build_opts_update, sizeof (build_opts_update) - 1, "%s -DDESCRYPT_SALT=%u", build_opts, hashes->salts_buf[0].salt_buf[0]); } - else if (opencl_ctx->force_jit_compilation == 8900) + else if ((opencl_ctx->force_jit_compilation == 8900) || (opencl_ctx->force_jit_compilation == 15700)) { snprintf (build_opts_update, sizeof (build_opts_update) - 1, "%s -DSCRYPT_N=%u -DSCRYPT_R=%u -DSCRYPT_P=%u -DSCRYPT_TMTO=%u -DSCRYPT_TMP_ELEM=%u", build_opts, hashes->salts_buf[0].scrypt_N, hashes->salts_buf[0].scrypt_r, hashes->salts_buf[0].scrypt_p, 1u << scrypt_tmto_final, scrypt_tmp_size / 16); } diff --git a/src/usage.c b/src/usage.c index 14c5692f8..3a5da741a 100644 --- a/src/usage.c +++ b/src/usage.c @@ -350,6 +350,8 @@ static const char *USAGE_BIG[] = " 12700 | Blockchain, My Wallet | Password Managers", " 15200 | Blockchain, My Wallet, V2 | Password Managers", " 13400 | KeePass 1 (AES/Twofish) and KeePass 2 (AES) | Password Managers", + " 15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256 | Password Managers", + " 15700 | Ethereum Wallet, SCRYPT | Password Managers", " 99999 | Plaintext | Plaintext", "", "- [ Outfile Formats ] -", diff --git a/tools/test.pl b/tools/test.pl index 0104de5aa..85ed82cb6 100755 --- a/tools/test.pl +++ b/tools/test.pl @@ -25,7 +25,7 @@ use Crypt::Eksblowfish::Bcrypt qw (bcrypt en_base64); use Crypt::Digest::RIPEMD160 qw (ripemd160_hex); use Crypt::Digest::Whirlpool qw (whirlpool_hex); use Crypt::RC4; -use Crypt::ScryptKDF qw (scrypt_hash scrypt_b64); +use Crypt::ScryptKDF qw (scrypt_hash scrypt_raw scrypt_b64); use Crypt::Rijndael; use Crypt::Twofish; use Crypt::Mode::ECB; @@ -48,7 +48,7 @@ my $hashcat = "./hashcat"; my $MAX_LEN = 55; -my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 99999); +my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15600, 15700, 99999); my %is_unicode = map { $_ => 1 } qw (30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500 13800); my %less_fifteen = map { $_ => 1 } qw (500 1600 1800 2400 2410 3200 6300 7400 10500 10700); @@ -2676,6 +2676,60 @@ sub verify next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))); } + # Ethereum - PBKDF2 + elsif ($mode == 15600) + { + my $index1 = index ($line, ':'); + + next if ($index1 < 0); + + $hash_in = substr ($line, 0, $index1); + $word = substr ($line, $index1 + 1); + + next if (length ($hash_in) < 12); + + next unless (substr ($hash_in, 0, 12) eq "\$ethereum\$p\*"); + + my @data = split ('\*', $hash_in); + + next unless (scalar (@data) == 5); + + $iter = $data[1]; + + $salt = pack ("H*", $data[2]); + + $param = pack ("H*", $data[3]); # ciphertext + + next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))); + } + # Ethereum - Scrypt + elsif ($mode == 15700) + { + my $index1 = index ($line, ':'); + + next if ($index1 < 0); + + $hash_in = substr ($line, 0, $index1); + $word = substr ($line, $index1 + 1); + + next if (length ($hash_in) < 12); + + next unless (substr ($hash_in, 0, 12) eq "\$ethereum\$s\*"); + + my @data = split ('\*', $hash_in); + + next unless (scalar (@data) == 7); + + $param = $data[1]; # scrypt_N + $param2 = $data[2]; # scrypt_r + $param3 = $data[3]; # scrypt_p + + $salt = pack ("H*", $data[4]); + + $param4 = pack ("H*", $data[5]); # ciphertext + + next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))); + } else { print "ERROR: hash mode is not supported\n"; @@ -3055,7 +3109,23 @@ sub verify { $hash_out = gen_hash ($mode, $word, $salt, $iter, $param); - $len = length $hash_out; + $len = length $hash_out; + + return unless (substr ($line, 0, $len) eq $hash_out); + } + elsif ($mode == 15600) + { + $hash_out = gen_hash ($mode, $word, $salt, $iter, $param); + + $len = length $hash_out; + + return unless (substr ($line, 0, $len) eq $hash_out); + } + elsif ($mode == 15700) + { + $hash_out = gen_hash ($mode, $word, $salt, 0, $param, $param2, $param3, $param4); + + $len = length $hash_out; return unless (substr ($line, 0, $len) eq $hash_out); } @@ -3254,7 +3324,7 @@ sub passthrough { $tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 10)); } - elsif ($mode == 3200 || $mode == 5800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 3300 || $mode == 8000 || $mode == 9100 || $mode == 12001 || $mode == 12200) + elsif ($mode == 3200 || $mode == 5800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 3300 || $mode == 8000 || $mode == 9100 || $mode == 12001 || $mode == 12200 || $mode == 15600) { $tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 16)); } @@ -3270,7 +3340,7 @@ sub passthrough $tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, $salt_len)); } - elsif ($mode == 4521) + elsif ($mode == 4521 || $mode == 15700) { $tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 32)); } @@ -3689,7 +3759,7 @@ sub single } } } - elsif ($mode == 141 || $mode == 3300 || $mode == 1441 || $mode == 1800 || $mode == 3200 || $mode == 4800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 8000 || $mode == 9100 || $mode == 12001 || $mode == 12200) + elsif ($mode == 141 || $mode == 3300 || $mode == 1441 || $mode == 1800 || $mode == 3200 || $mode == 4800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 8000 || $mode == 9100 || $mode == 12001 || $mode == 12200 || $mode == 15600) { for (my $i = 1; $i < 32; $i++) { @@ -3890,7 +3960,7 @@ sub single } } } - elsif ($mode == 4521) + elsif ($mode == 4521 || $mode == 15700) { for (my $i = 1; $i < 32; $i++) { @@ -8516,6 +8586,68 @@ END_CODE $tmp_hash = sprintf ("\$Chacha20\$\*%s\*%d\*%s\*%s\*%s", $counter, $offset, $iv, unpack("H*", substr($plaintext, $offset, 8)), unpack("H*", $enc_offset)); } + elsif ($mode == 15600) + { + my $iterations; + my $ciphertext; + + if (defined $additional_param) + { + $iterations = $iter; + $ciphertext = $additional_param; + } + else + { + $iterations = 1024; # 262144 originally + $ciphertext = randbytes (32); + } + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256), + iterations => $iterations, + out_len => 32 + ); + + my $derived_key = $pbkdf2->PBKDF2 ($salt_buf, $word_buf); + + my $derived_key_cropped = substr ($derived_key, 16, 16); + + $hash_buf = keccak_256_hex ($derived_key_cropped . $ciphertext); + + $tmp_hash = sprintf ("\$ethereum\$p*%i*%s*%s*%s", $iterations, unpack ("H*", $salt_buf), unpack ("H*", $ciphertext), $hash_buf); + } + elsif ($mode == 15700) + { + my $scrypt_N; + my $scrypt_r; + my $scrypt_p; + + my $ciphertext; + + if (defined $additional_param) + { + $scrypt_N = $additional_param; + $scrypt_r = $additional_param2; + $scrypt_p = $additional_param3; + $ciphertext = $additional_param4; + } + else + { + $scrypt_N = 1024; # 262144 originally + $scrypt_r = 1; # 8 originally + $scrypt_p = 1; + $ciphertext = randbytes (32); + } + + my $derived_key = scrypt_raw ($word_buf, $salt_buf, $scrypt_N, $scrypt_r, $scrypt_p, 32); + + my $derived_key_cropped = substr ($derived_key, 16, 16); + + $hash_buf = keccak_256_hex ($derived_key_cropped . $ciphertext); + + $tmp_hash = sprintf ("\$ethereum\$s*%i*%i*%i*%s*%s*%s", $scrypt_N, $scrypt_r, $scrypt_p, unpack ("H*", $salt_buf), unpack ("H*", $ciphertext), $hash_buf); + } elsif ($mode == 99999) { $tmp_hash = sprintf ("%s", $word_buf); diff --git a/tools/test.sh b/tools/test.sh index 60344cf10..f0e4d3463 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -9,7 +9,7 @@ TDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # missing hash types: 5200,6251,6261,6271,6281 -HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 15400 99999" +HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 15400 15600 15700 99999" #ATTACK_MODES="0 1 3 6 7" ATTACK_MODES="0 1 3 7" @@ -22,7 +22,7 @@ HASHFILE_ONLY="2500" NEVER_CRACK="11600 14900" -SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 14600 14700 14800 15100 15200 15300" +SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 14600 14700 14800 15100 15200 15300 15600 15700" OPTS="--quiet --force --potfile-disable --runtime 400 --gpu-temp-disable --weak-hash-threshold=0"