1
mirror of https://github.com/hashcat/hashcat synced 2024-12-27 05:13:45 +01:00

Fix some code in -m 21500

This commit is contained in:
Jens Steube 2019-08-08 10:47:09 +02:00
parent dd262a9aa9
commit cadf20b4b9
3 changed files with 80 additions and 49 deletions

View File

@ -18,7 +18,7 @@
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
typedef struct pbkdf2_sha1_tmp
typedef struct solarwinds_tmp
{
u32 ipad[5];
u32 opad[5];
@ -26,13 +26,13 @@ typedef struct pbkdf2_sha1_tmp
u32 dgst[260];
u32 out[260];
} pbkdf2_sha1_tmp_t;
} solarwinds_tmp_t;
typedef struct pbkdf2_sha1
typedef struct solarwinds
{
u32 salt_buf[64];
u32 salt_buf[64 + 1];
} pbkdf2_sha1_t;
} solarwinds_t;
DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest)
{
@ -70,7 +70,7 @@ DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipa
sha1_transform_vector (w0, w1, w2, w3, digest);
}
KERNEL_FQ void m21500_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, pbkdf2_sha1_t))
KERNEL_FQ void m21500_init (KERN_ATTR_TMPS_ESALT (solarwinds_tmp_t, solarwinds_t))
{
/**
* base
@ -96,7 +96,7 @@ KERNEL_FQ void m21500_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, pbkdf2_sha1
tmps[gid].opad[3] = sha1_hmac_ctx.opad.h[3];
tmps[gid].opad[4] = sha1_hmac_ctx.opad.h[4];
sha1_hmac_update_global_swap (&sha1_hmac_ctx, esalt_bufs[digests_offset].salt_buf, salt_bufs[salt_pos].salt_len);
sha1_hmac_update_global_swap (&sha1_hmac_ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len);
for (u32 i = 0, j = 1; i < 256; i += 5, j += 1)
{
@ -142,7 +142,7 @@ KERNEL_FQ void m21500_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, pbkdf2_sha1
}
}
KERNEL_FQ void m21500_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, pbkdf2_sha1_t))
KERNEL_FQ void m21500_loop (KERN_ATTR_TMPS_ESALT (solarwinds_tmp_t, solarwinds_t))
{
const u64 gid = get_global_id (0);
@ -227,7 +227,7 @@ KERNEL_FQ void m21500_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, pbkdf2_sha1
}
}
KERNEL_FQ void m21500_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, pbkdf2_sha1_t))
KERNEL_FQ void m21500_comp (KERN_ATTR_TMPS_ESALT (solarwinds_tmp_t, solarwinds_t))
{
/**
* base

View File

@ -22,14 +22,10 @@ static const u64 KERN_TYPE = 21500;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_USES_BITS_64
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_ST_BASE64
| OPTS_TYPE_HASH_COPY;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$solarwinds$0$hashcat1$Dnz04T9ptYINnj9mckXTuk80w6f1vkZLwv02HiufklgnDw53BU1bgn4gsHia/Q6kxYSqK4PDbxRMwa6HB5KA/w==";
static const char *SALT_PADDING = "1244352345234";
static const char *ST_HASH = "$solarwinds$0$admin$fj4EBQewCQUZ7IYHl0qL8uj9kQSBb3m7N4u0crkKK0Uj9rbbAnSrBZMXO7oWx9KqL3sCzwncvPZ9hyDV9QCFTg==";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
@ -46,7 +42,7 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig,
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
typedef struct pbkdf2_sha1_tmp
typedef struct solarwinds_tmp
{
u32 ipad[5];
u32 opad[5];
@ -54,13 +50,13 @@ typedef struct pbkdf2_sha1_tmp
u32 dgst[260];
u32 out[260];
} pbkdf2_sha1_tmp_t;
} solarwinds_tmp_t;
typedef struct pbkdf2_sha1
typedef struct solarwinds
{
u32 salt_buf[64];
u32 salt_buf[64 + 1];
} pbkdf2_sha1_t;
} solarwinds_t;
static const u32 ROUNDS_SOLARWINDS_ORION = 1000;
@ -68,14 +64,14 @@ static const char *SIGNATURE_SOLARWINDS_ORION = "$solarwinds$0$";
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (pbkdf2_sha1_t);
const u64 esalt_size = (const u64) sizeof (solarwinds_t);
return esalt_size;
}
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 tmp_size = (const u64) sizeof (pbkdf2_sha1_tmp_t);
const u64 tmp_size = (const u64) sizeof (solarwinds_tmp_t);
return tmp_size;
}
@ -106,7 +102,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
{
u64 *digest = (u64 *) digest_buf;
pbkdf2_sha1_t *pbkdf2_sha1 = (pbkdf2_sha1_t *) esalt_buf;
solarwinds_t *solarwinds = (solarwinds_t *) esalt_buf;
token_t token;
@ -121,12 +117,12 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
token.sep[1] = '$';
token.len_min[1] = 0;
token.len_max[1] = 16;
token.len_max[1] = 256;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
token.sep[2] = '$';
token.len_min[2] = 64;
token.len_max[2] = 256;
token.len_min[2] = 88;
token.len_max[2] = 88;
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_BASE64A;
@ -138,30 +134,34 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_iter = ROUNDS_SOLARWINDS_ORION - 1;
// salt
// save original salt for encode function
// this is the only reason why we have an esalt in this hash-mode
const char *salt_pos = (char *) token.buf[1];
const int salt_len = token.len[1];
int salt_len = token.len[1];
memcpy (solarwinds->salt_buf, salt_pos, salt_len);
char custom_salt[17];
// for pbkdf2 salt we need to do hash-mode specific modifications
memset (custom_salt, 0, sizeof (custom_salt));
#define FIXED_SALT_LEN 8
strncpy (custom_salt, salt_pos, salt_len);
char custom_salt[FIXED_SALT_LEN];
lowercase ((u8 *) custom_salt, salt_len);
memcpy (custom_salt, salt_pos, MIN (FIXED_SALT_LEN, salt_len));
if (salt_len < 8)
if (salt_len < FIXED_SALT_LEN)
{
strncat (custom_salt, SALT_PADDING, 8 - salt_len);
salt_len = 8;
static const char *SALT_PADDING = "1244352345234";
memcpy (custom_salt + salt_len, SALT_PADDING, FIXED_SALT_LEN - salt_len);
}
memcpy ((char *) pbkdf2_sha1->salt_buf, custom_salt, salt_len);
memcpy (salt->salt_buf, custom_salt, salt_len);
lowercase ((u8 *) custom_salt, FIXED_SALT_LEN);
salt->salt_len = salt_len;
memcpy (salt->salt_buf, custom_salt, FIXED_SALT_LEN);
salt->salt_len = FIXED_SALT_LEN;
// hash
@ -192,7 +192,32 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
return snprintf (line_buf, line_size, "%s", hash_info->orighash);
const u64 *digest = (u64 *) digest_buf;
const solarwinds_t *solarwinds = (const solarwinds_t *) esalt_buf;
// hash
u64 tmp[9];
tmp[0] = byte_swap_64 (digest[0]);
tmp[1] = byte_swap_64 (digest[1]);
tmp[2] = byte_swap_64 (digest[2]);
tmp[3] = byte_swap_64 (digest[3]);
tmp[4] = byte_swap_64 (digest[4]);
tmp[5] = byte_swap_64 (digest[5]);
tmp[6] = byte_swap_64 (digest[6]);
tmp[7] = byte_swap_64 (digest[7]);
tmp[8] = 0;
char hash_enc[256] = { 0 };
base64_encode (int_to_base64, (const u8 *) tmp, 64, (u8 *) hash_enc);
// output
const int line_len = snprintf (line_buf, line_size, "%s%s$%s", SIGNATURE_SOLARWINDS_ORION, (const char *) solarwinds->salt_buf, hash_enc);
return line_len;
}
void module_init (module_ctx_t *module_ctx)

View File

@ -13,24 +13,30 @@ use Crypt::PBKDF2;
use Digest::SHA qw (sha512);
use Encode;
sub module_constraints { [[0, 256], [8, 16], [-1, -1], [-1, -1], [-1, -1]] }
sub module_constraints { [[0, 256], [0, 256], [-1, -1], [-1, -1], [-1, -1]] }
sub module_generate_hash
{
my $word = shift;
my $salt = shift;
my $iter = 1000;
my $kdf = Crypt::PBKDF2->new
(
hash_class => 'HMACSHA1',
iterations => $iter,
iterations => 1000,
output_len => 1024
);
my $key = $kdf->PBKDF2 ($salt, $word);
my $custom_salt = substr ($salt, 0, 8);
my $key_b64 = encode_base64 (sha512($key), "");
if (length $custom_salt < 8)
{
$custom_salt = substr ($custom_salt . "1244352345234", 0, 8);
}
my $key = $kdf->PBKDF2 ($custom_salt, $word);
my $key_b64 = encode_base64 (sha512 ($key), "");
my $hash = sprintf ("\$solarwinds\$0\$%s\$%s", $salt, $key_b64);
@ -48,20 +54,20 @@ sub module_verify_hash
my @data = split ('\$', $hash);
return unless scalar @data == 4;
return unless scalar @data == 5;
shift @data;
my $signature = shift @data;
my $sig_dec = shift @data;
my $salt = shift @data;
my $hash_b64 = shift @data;
my $hash_raw = decode_base64 ($hash_b64);
my $digest = shift @data;
return unless ($signature eq "solarwinds");
return unless ($sig_dec eq "0");
return unless (length ($salt) > 16);
return unless (length ($hash_raw) != 128);
return if length ($salt) > 256;
return unless length ($digest) == 88;
my $word_packed = pack_if_HEX_notation ($word);