4 ## Author......: Jens Steube <jens.steube@gmail.com>
10 use Digest
::MD4 qw
(md4 md4_hex
);
11 use Digest
::MD5 qw
(md5 md5_hex
);
12 use Digest
::SHA qw
(sha1 sha256 sha384 sha512 sha1_hex sha256_hex sha384_hex sha512_hex
);
13 use Digest
::HMAC qw
(hmac hmac_hex
);
14 use Digest
::Keccak qw
(keccak_256_hex
);
15 use Crypt
::MySQL qw
(password41
);
16 use Digest
::GOST qw
(gost gost_hex
);
17 use Digest
::HMAC_MD5 qw
(hmac_md5
);
18 use Digest
::CRC qw
(crc32
);
21 use Crypt
::ECB qw
(encrypt
);
23 use Crypt
::Eksblowfish
::Bcrypt qw
(bcrypt en_base64
);
24 use Crypt
::Digest
::RIPEMD160 qw
(ripemd160_hex
);
25 use Crypt
::Digest
::Whirlpool qw
(whirlpool_hex
);
27 use Crypt
::ScryptKDF qw
(scrypt_hash scrypt_b64
);
31 use Crypt
::UnixCrypt_XS qw
(crypt_rounds fold_password base64_to_int24 block_to_base64 int24_to_base64
);
33 use Authen
::Passphrase
::NTHash
;
34 use Authen
::Passphrase
::MySQL323
;
35 use Authen
::Passphrase
::PHPass
;
36 use Authen
::Passphrase
::LANManager
;
38 use POSIX qw
(strftime
);
40 use Net
::DNS
::RR
::NSEC3
;
41 use Convert
::EBCDIC qw
(ascii2ebcdic
);
42 use Digest
::SipHash qw
/siphash/;
44 my $hashcat = "./oclHashcat";
48 my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500);
50 my %is_unicode = map { $_ => 1 } qw(30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500);
51 my %less_fifteen = map { $_ => 1 } qw(500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
52 my %allow_long_salt = map { $_ => 1 } qw(2500 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500);
54 my @lotus_magic_table =
56 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
57 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
58 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
59 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
60 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
61 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
62 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
63 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
64 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
65 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
66 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
67 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
68 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
69 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
70 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
71 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
72 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
73 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
74 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
75 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
76 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
77 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
78 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
79 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
80 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
81 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
82 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
83 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
84 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
85 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
86 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
87 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
92 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
93 0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
94 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
95 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a
98 my $CISCO_BASE64_MAPPING = {'A', '.', 'B', '/', 'C', '0', 'D', '1', 'E', '2', 'F', '3', 'G', '4', 'H', '5', 'I', '6', 'J', '7', 'K', '8', 'L', '9', 'M', 'A', 'N', 'B', 'O', 'C', 'P', 'D', 'Q', 'E', 'R', 'F', 'S', 'G', 'T', 'H', 'U', 'I', 'V', 'J', 'W', 'K', 'X', 'L', 'Y', 'M', 'Z', 'N', 'a', 'O', 'b', 'P', 'c', 'Q', 'd', 'R', 'e', 'S', 'f', 'T', 'g', 'U', 'h', 'V', 'i', 'W', 'j', 'X', 'k', 'Y', 'l', 'Z', 'm', 'a', 'n', 'b', 'o', 'c', 'p', 'd', 'q', 'e', 'r', 'f', 's', 'g', 't', 'h', 'u', 'i', 'v', 'j', 'w', 'k', 'x', 'l', 'y', 'm', 'z', 'n', '0', 'o', '1', 'p', '2', 'q', '3', 'r', '4', 's', '5', 't', '6', 'u', '7', 'v', '8', 'w', '9', 'x', '+', 'y', '/', 'z'};
100 if (scalar @ARGV < 1)
111 if ($type ne "verify")
113 if (scalar @ARGV > 1)
118 elsif (scalar @ARGV == 1)
128 if ($type eq "single")
132 elsif ($type eq "passthrough")
143 if (scalar @ARGV != 4)
148 my $mode = shift @ARGV;
149 my $hash_file = shift @ARGV;
150 my $in_file = shift @ARGV;
151 my $out_file = shift @ARGV;
155 open (IN
, "<", $hash_file) or die ("$hash_file: $!\n");
157 # clever ? the resulting database could be huge
158 # but we need some way to map lines in hashfile w/ cracks
159 # maybe rli2 way would be more clever (needs sorted input)
161 while (my $line = <IN
>)
163 $line =~ s/[\n\r]*$//;
165 $db->{$line} = undef;
170 verify
($mode, $db, $in_file, $out_file);
178 my $out_file = shift;
197 open (IN
, "<", $in_file) or die ("$in_file: $!\n");
198 open (OUT
, ">", $out_file) or die ("$out_file: $!\n");
202 my $base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
203 my $itoa64_1 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
204 my $itoa64_2 = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
206 while (my $line = <IN
>)
213 # remember always do "exists ($db->{$hash_in})" checks as soon as possible and don't forget it
216 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 133 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3000 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5700 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 8600 || $mode == 9900 || $mode == 10800 || $mode == 11500)
218 my $index = index ($line, ":");
222 $hash_in = substr ($line, 0, $index);
224 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
226 $word = substr ($line, $index + 1);
229 elsif ($mode == 10 || $mode == 11 || $mode == 12 || $mode == 20 || $mode == 21 || $mode == 22 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 112 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1100 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 2611 || $mode == 2711 || $mode == 2811 || $mode == 3100 || $mode == 3610 || $mode == 3710 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 5800 || $mode == 7600 || $mode == 8400 || $mode == 11000 || $mode == 12600 || $mode == 13500)
232 my $index1 = index ($line, ":");
236 $hash_in = substr ($line, 0, $index1);
238 # identify lenghts of both salt and plain
240 my $salt_plain = substr ($line, $index1 + 1);
242 my $num_cols = () = $salt_plain =~ /:/g;
251 foreach (my $i = 0; $i < $num_cols; $i++)
253 $index2 = index ($salt_plain, ":", $start);
257 $start = $index2 + 1;
259 $salt = substr ($salt_plain, 0, $index2);
260 $word = substr ($salt_plain, $index2 + 1);
262 # can't be true w/ wrong $hash:$salt, otherwise the
263 # algo must have many collisions
265 if (exists ($db->{$hash_in . ":" . $salt}))
267 $hash_in = $hash_in . ":" . $salt;
273 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
274 next unless (! defined ($db->{$hash_in}));
277 elsif ($mode == 2100)
280 my $index1 = index ($line, "\$DCC2\$");
282 next if $index1 != 0;
285 my $index2 = index ($line, "#", $index1 + 1);
289 $iter = substr ($line, $index1 + 6, $index2 - $index1 - 6);
292 $index1 = index ($line, "#");
296 $hash_in = substr ($line, 0, $index1 + 1);
298 # identify lenghts of both salt and plain
300 my $salt_plain = substr ($line, $index2 + 1);
302 my $num_cols = () = $salt_plain =~ /:/g;
312 foreach (my $i = 0; $i < $num_cols; $i++)
314 $index2 = index ($salt_plain, ":", $start);
318 $start = $index2 + 1;
320 $index3 = rindex ($salt_plain, "#", $index2);
322 $raw_hash = substr ($salt_plain, $index3 + 1, $index2 - $index3 - 1);
323 $salt = substr ($salt_plain, 0, $index3);
324 $word = substr ($salt_plain, $index2 + 1);
326 if (exists ($db->{$hash_in . $salt . "#" .$raw_hash}))
328 $hash_in = $hash_in . $salt . "#" . $raw_hash;
334 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
335 next unless (! defined ($db->{$hash_in}));
337 # salt:hash guaranteed only : because of hex salt
338 elsif ($mode == 7300)
340 # split hash and plain
341 my $index1 = index ($line, ":");
345 $salt = substr ($line, 0, $index1);
347 $salt = pack ("H*", $salt);
349 my $rest = substr ($line, $index1 + 1);
351 my $index2 = index ($rest, ":");
355 $hash_in = substr ($rest, 0, $index2);
357 $word = substr ($rest, $index2 + 1);
359 next unless (exists ($db->{$salt . ":" . $hash_in}) and (! defined ($db->{$hash_in})));
362 elsif ($mode == 8100)
364 # split hash and plain
365 $salt = substr ($line, 1, 8);
367 my $rest = substr ($line, 1 + 8);
369 my $index2 = index ($rest, ":");
373 $hash_in = substr ($rest, 0, $index2);
375 $word = substr ($rest, $index2 + 1);
377 next unless (exists ($db->{"1" . $salt . $hash_in}) and (! defined ($db->{$hash_in})));
379 # base64 and salt embedded SSHA1, salt length = total lenght - 20
382 # split hash and plain
383 my $index = index ($line, ":");
387 $hash_in = substr ($line, 0, $index);
388 $word = substr ($line, $index + 1);
390 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
393 my $plain_base64 = substr ($hash_in, 6);
395 # base64 decode to extract salt
396 my $decoded = decode_base64
($plain_base64);
398 $salt = substr ($decoded, 20);
400 # base64 and salt embedded SSHA512, salt length = total length - 64
401 elsif ($mode == 1711)
403 # split hash and plain
404 my $index = index ($line, ":");
408 $hash_in = substr ($line, 0, $index);
409 $word = substr ($line, $index + 1);
411 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
414 my $plain_base64 = substr ($hash_in, 9);
416 # base64 decode to extract salt
417 my $decoded = decode_base64
($plain_base64);
419 $salt = substr ($decoded, 64);
421 # OSX (first 8 hex chars is salt)
422 # ArubaOS (the signature gets added in gen_hash)
423 elsif ($mode == 122 || $mode == 1722 || $mode == 125)
425 my $index = index ($line, ":");
429 $hash_in = substr ($line, 0, $index);
430 $word = substr ($line, $index + 1);
432 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
434 $salt = substr ($hash_in, 0, 8);
436 # MSSQL (2000, 2005 AND 2012), salt after version number
437 elsif ($mode == 131 || $mode == 132 || $mode == 1731)
439 my $index = index ($line, ":");
443 $hash_in = substr ($line, 0, $index);
444 $word = substr ($line, $index + 1);
446 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
448 $salt = substr ($hash_in, 6, 8);
451 elsif ($mode == 8000)
453 my $index = index ($line, ":");
457 $hash_in = substr ($line, 0, $index);
458 $word = substr ($line, $index + 1);
460 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
462 $salt = substr ($hash_in, 6, 16);
465 elsif ($mode == 141 || $mode == 1441)
467 my $index1 = index ($line, ":");
471 $hash_in = substr ($line, 0, $index1);
472 $word = substr ($line, $index1 + 1);
474 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
476 my $index2 = index ($line, "*", 14);
478 #extract salt from base64
479 my $plain_base64 = substr ($hash_in, 14, $index2 - 14);
481 $salt = decode_base64
($plain_base64);
483 # phpass (first 8 after $P$/$H$ -- or $S$ with drupal7)
484 elsif ($mode == 400 || $mode == 7900)
486 my $index = index ($line, ":");
490 $hash_in = substr ($line, 0, $index);
491 $word = substr ($line, $index + 1);
493 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
495 $salt = substr ($hash_in, 4, 8);
497 # iterations = 2 ^ cost (where cost == $iter)
498 $iter = index ($itoa64_1, substr ($hash_in, 3, 1));
500 # $something$[rounds=iter$]salt$ (get last $, then check iter)
501 elsif ($mode == 500 || $mode == 1600 || $mode == 1800 || $mode == 3300 || $mode == 7400)
503 my $index1 = index ($line, ":", 30);
507 $hash_in = substr ($line, 0, $index1);
508 $word = substr ($line, $index1 + 1);
510 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
512 $index1 = index ($hash_in, ",", 1);
513 my $index2 = index ($hash_in, "\$", 1);
517 if ($index1 < $index2)
523 $param = substr ($hash_in, $index2, 1);
527 # rounds= if available
530 if (substr ($hash_in, $index2, 7) eq "rounds=")
532 my $old_index = $index2;
534 $index2 = index ($hash_in, "\$", $index2 + 1);
538 $iter = substr ($hash_in, $old_index + 7, $index2 - $old_index - 7);
544 my $index3 = rindex ($hash_in, "\$");
548 $salt = substr ($hash_in, $index2, $index3 - $index2);
550 # descrypt (salt in first 2 char)
551 elsif ($mode == 1500)
553 my $index = index ($line, ":");
557 $hash_in = substr ($line, 0, $index);
558 $word = substr ($line, $index + 1);
560 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
562 $salt = substr ($hash_in, 0, 2);
564 # bcrypt $something$something$salt.hash
565 elsif ($mode == 3200)
567 my $index1 = index ($line, ":", 33);
571 $hash_in = substr ($line, 0, $index1);
572 $word = substr ($line, $index1 + 1);
574 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
576 my $index2 = index ($hash_in, "\$", 4);
578 $iter = substr ($hash_in, 4, $index2 - 4);
580 my $plain_base64 = substr ($hash_in, $index2 + 1, 22);
585 for (my $i = 0; $i < length ($plain_base64); $i++)
587 my $char = substr ($plain_base64, $i, 1);
588 $encoded .= substr ($base64, index ($itoa64_2, $char), 1);
591 $salt = decode_base64
($encoded);
594 elsif ($mode == 4800)
596 my $index1 = index ($line, ":");
600 my $index2 = index ($line, ":", $index1 + 1);
604 my $index3 = index ($line, ":", $index2 + 1);
608 $salt = substr ($line, $index1 + 1, $index3 - $index1 - 1);
610 $word = substr ($line, $index3 + 1);
612 $hash_in = substr ($line, 0, $index3);
615 elsif ($mode == 5300 || $mode == 5400)
617 my $num_cols = () = $line =~ /:/g;
619 next unless ($num_cols >= 9);
624 for (my $j = 0; $j < 9; $j++)
626 $index1 = index ($line, ":", $index1 + 1);
637 $word = substr ($line, $index1 + 1);
639 $hash_in = substr ($line, 0, $index1);
641 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
643 my $index2 = rindex ($line, ":", $index1 - 1);
645 $salt = substr ($line, 0, $index2);
648 elsif ($mode == 5500)
650 my $index1 = index ($line, "::");
654 my $index2 = index ($line, ":", $index1 + 2);
658 $index2 = index ($line, ":", $index2 + 1);
662 $salt = substr ($line, 0, $index2);
664 $index2 = index ($line, ":", $index2 + 1);
668 $salt .= substr ($line, $index2 + 1, 16);
670 $index2 = index ($line, ":", $index2 + 1);
674 $hash_in = substr ($line, 0, $index2);
676 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
678 $word = substr ($line, $index2 + 1);
681 elsif ($mode == 5600)
683 my $index1 = index ($line, "::");
687 my $index2 = index ($line, ":", $index1 + 2);
691 $index2 = index ($line, ":", $index2 + 1);
695 $salt = substr ($line, 0, $index2);
697 $index1 = index ($line, ":", $index2 + 1);
701 $index2 = index ($line, ":", $index1 + 1);
705 $salt .= substr ($line, $index1 + 1, $index2 - $index1 - 1);
707 $hash_in = substr ($line, 0, $index2);
709 # do it later on for this hash mode:
710 # next unless ((exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))) or (exists ($db->{$mod}) and (! defined ($db->{$mod}))));
712 $word = substr ($line, $index2 + 1);
714 # AIX smd5 something BRACE salt$
715 elsif ($mode == 6300)
717 my $index1 = index ($line, ":");
721 $hash_in = substr ($line, 0, $index1);
722 $word = substr ($line, $index1 + 1);
724 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
726 my $index2 = index ($hash_in, "}");
727 my $index3 = rindex ($hash_in, "\$");
729 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
731 # AIX: something$salt$ (no $ at position 1)
732 elsif ($mode == 6400 || $mode == 6500 || $mode == 6700)
734 my $index1 = index ($line, ":");
738 $hash_in = substr ($line, 0, $index1);
739 $word = substr ($line, $index1 + 1);
741 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
743 my $index2 = index ($hash_in, "}");
744 my $index3 = index ($hash_in, "\$");
745 my $index4 = rindex ($hash_in, "\$");
747 $salt = substr ($hash_in, $index3 + 1, $index4 - $index3 - 1);
749 $iter = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
751 # 1Password, agilekeychain
752 elsif ($mode == 6600)
754 my $num_cols = () = $line =~ /:/g;
756 next unless ($num_cols > 2);
758 my $index1 = index ($line, ":");
762 $iter = substr ($line, 0, $index1);
764 my $index2 = index ($line, ":", $index1 + 1);
768 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
770 $index1 = index ($line, ":", $index2 + 1);
774 $salt .= substr ($line, $index2 + 1, $index1 - $index2 - 33);
776 $hash_in = substr ($line, 0, $index1);
778 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
780 $word = substr ($line, $index1 + 1);
782 # 1Password, cloudkeychain
783 elsif ($mode == 8200)
785 my @datas = split (":", $line);
787 next if scalar @datas < 4;
789 my $hash = shift @datas;
790 $salt = shift @datas;
791 $iter = shift @datas;
792 my $data = shift @datas;
794 $hash_in = $hash . ":" . $salt . ":" . $iter . ":" . $data;
798 $word = join (":", @datas);
800 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
802 # lastpass (hash:iter:salt)
803 elsif ($mode == 6800)
805 my $index1 = index ($line, ":", 34);
809 $hash_in = substr ($line, 0, $index1);
811 # identify lenghts of both salt and plain
813 my $salt_plain = substr ($line, $index1 + 1);
815 my $num_cols = () = $salt_plain =~ /:/g;
824 foreach (my $i = 0; $i < $num_cols; $i++)
826 $index2 = index ($salt_plain, ":", $start);
830 $start = $index2 + 1;
832 $salt = substr ($salt_plain, 0, $index2);
833 $word = substr ($salt_plain, $index2 + 1);
835 # can't be true w/ wrong $hash:$salt, otherwise the
836 # algo must have many collisions
838 if (exists ($db->{$hash_in . ":" . $salt}))
840 $hash_in = $hash_in . ":" . $salt;
846 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
847 next unless (! defined ($db->{$hash_in}));
849 $index1 = index ($hash_in, ":");
850 $index2 = index ($hash_in, ":", $index1 + 1);
852 $iter = substr ($hash_in, $index1 + 1, $index2 - $index1 - 1);
853 $salt = substr ($hash_in, $index2 + 1);
855 # OSX 10.* : $something$iter$salt$
856 elsif ($mode == 7100)
858 my $index1 = index ($line, ":");
862 $hash_in = substr ($line, 0, $index1);
863 $word = substr ($line, $index1 + 1);
865 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
867 my $index2 = index ($hash_in, "\$", 5);
871 my $index3 = index ($hash_in, "\$", $index2 + 1);
873 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
875 $iter = substr ($hash_in, 4, $index2 - 4);
877 next if (int ($iter) < 1);
879 # grub: something1.something2.something3.iter.salt.
880 elsif ($mode == 7200)
882 my $index1 = index ($line, ":");
886 $hash_in = substr ($line, 0, $index1);
887 $word = substr ($line, $index1 + 1);
889 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
891 my $index2 = index ($hash_in, ".", 19);
895 my $index3 = index ($hash_in, ".", $index2 + 1);
897 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
899 $iter = substr ($hash_in, 19, $index2 - 19);
901 next if (int ($iter) < 1);
903 # $something1$something2$something3$something4$salt$
904 elsif ($mode == 7500 )
906 my $index1 = index ($line, "\$", 11);
910 my $index2 = index ($line, "\$", $index1 + 1);
914 my $index3 = index ($line, "\$", $index2 + 1);
918 $index2 = index ($line, ":", $index3 + 1);
922 $hash_in = substr ($line, 0, $index2);
923 $word = substr ($line, $index2 + 1);
925 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
927 $salt = substr ($hash_in, 11, $index3 - 10);
928 $salt .= substr ($hash_in, $index2 - 32) . "\$\$";
929 $salt .= substr ($hash_in, $index3 + 1, $index2 - $index3 - 32 - 1);
932 elsif ($mode == 7700 || $mode == 7800)
934 my $index1 = index ($line, ":");
938 my @split1 = split (":", $line);
940 my @split2 = split ('\$', $split1[0]);
942 next unless scalar @split2 == 2;
944 $hash_in = $split1[0];
946 if (scalar @split1 > 1)
955 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
960 elsif ($mode == 8300)
962 my @datas = split (":", $line);
964 next if scalar @datas != 5;
969 ($hash, $domain, $salt, $iter, $word) = @datas;
971 $hash_in = $hash . ":" . $domain . ":" . $salt . ":" . $iter;
973 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
975 $salt = $domain . ":" . $salt;
978 elsif ($mode == 8500)
980 my @line_elements = split (":", $line);
982 next if scalar @line_elements < 2;
986 $hash_in = shift @line_elements;
988 $word = join (":", @line_elements);
992 my @hash_elements = split ('\*', $hash_in);
994 next unless ($hash_elements[0] eq '$racf$');
996 $salt = $hash_elements[1];
998 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1001 elsif ($mode == 8700)
1003 # split hash and plain
1004 my $index = index ($line, ":");
1008 $hash_in = substr ($line, 0, $index);
1009 $word = substr ($line, $index + 1);
1011 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1013 my $plain_base64 = substr ($hash_in, 2, -1);
1015 ($_, $salt, $param) = domino_decode
($plain_base64);
1018 elsif ($mode == 2612)
1020 next unless (substr ($line, 0, 6) eq '$PHPS$');
1023 my $index1 = index ($line, "\$", 6);
1025 next if $index1 < 1;
1027 $salt = substr ($line, 6, $index1 - 6);
1029 $salt = pack ("H*", $salt);
1031 my $index2 = index ($line, "\:", $index1 + 1);
1033 next if $index2 < 1;
1035 $word = substr ($line, $index2 + 1);
1037 $hash_in = substr ($line, 0, $index2);
1039 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1042 elsif ($mode == 3711)
1044 next unless (substr ($line, 0, 3) eq '$B$');
1047 my $index1 = index ($line, "\$", 3);
1049 next if $index1 < 1;
1051 $salt = substr ($line, 3, $index1 - 3);
1053 my $index2 = index ($line, ":", $index1 + 1);
1055 next if $index2 < 1;
1057 $word = substr ($line, $index2 + 1);
1059 $hash_in = substr ($line, 0, $index2);
1061 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1064 elsif ($mode == 8900)
1066 next unless (substr ($line, 0, 7) eq 'SCRYPT:');
1069 my $index1 = index ($line, ":", 7);
1071 next if $index1 < 1;
1074 my $N = substr ($line, 7, $index1 - 7);
1076 my $index2 = index ($line, ":", $index1 + 1);
1078 next if $index2 < 1;
1081 my $r = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1083 $index1 = index ($line, ":", $index2 + 1);
1085 next if $index1 < 1;
1088 my $p = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1094 $index2 = index ($line, ":", $index1 + 1);
1096 next if $index2 < 1;
1099 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1101 $salt = decode_base64
($salt);
1103 $index1 = index ($line, ":", $index2 + 1);
1105 next if $index1 < 1;
1109 $word = substr ($line, $index1 + 1);
1110 $hash_in = substr ($line, 0, $index1);
1112 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1115 elsif ($mode == 9100)
1117 # split hash and plain
1118 my $index = index ($line, ":");
1122 $hash_in = substr ($line, 0, $index);
1123 $word = substr ($line, $index + 1);
1125 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1127 my $base64_part = substr ($hash_in, 2, -1);
1129 ($_, $salt, $iter, $param) = domino_85x_decode
($base64_part);
1131 next if ($iter < 1);
1133 # Cisco $8$ - PBKDF2-HMAC-SHA256
1134 elsif ($mode == 9200)
1136 next unless (substr ($line, 0, 3) eq '$8$');
1139 my $index1 = index ($line, "\$", 3);
1141 next if $index1 != 17;
1143 my $index2 = index ($line, "\$", $index1 + 1);
1146 $salt = substr ($line, 3, $index1 - 3);
1148 $index1 = index ($line, ":", $index1 + 1);
1150 next if $index1 < 1;
1154 $word = substr ($line, $index1 + 1);
1155 $hash_in = substr ($line, 0, $index1);
1157 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1159 # Cisco $9$ - scrypt
1160 elsif ($mode == 9300)
1162 next unless (substr ($line, 0, 3) eq '$9$');
1165 my $index1 = index ($line, "\$", 3);
1167 next if $index1 != 17;
1169 my $index2 = index ($line, "\$", $index1 + 1);
1172 $salt = substr ($line, 3, $index1 - 3);
1174 $index1 = index ($line, ":", $index1 + 1);
1176 next if $index1 < 1;
1180 $word = substr ($line, $index1 + 1);
1181 $hash_in = substr ($line, 0, $index1);
1183 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1186 elsif ($mode == 9400)
1188 ($hash_in, $word) = split ":", $line;
1190 next unless defined $hash_in;
1191 next unless defined $word;
1193 my @data = split /\*/, $hash_in;
1195 next unless scalar @data == 8;
1197 next unless (shift @data eq '$office$');
1198 next unless (shift @data eq '2007');
1199 next unless (shift @data eq '20');
1201 my $aes_key_size = shift @data;
1203 next unless (($aes_key_size eq '128') || ($aes_key_size eq '256'));
1204 next unless (shift @data eq '16');
1206 next unless (length $data[0] == 32);
1207 next unless (length $data[1] == 32);
1208 next unless (length $data[2] == 40);
1210 $salt = shift @data;
1211 $param = shift @data;
1212 $param2 = $aes_key_size;
1214 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1217 elsif ($mode == 9500)
1219 ($hash_in, $word) = split ":", $line;
1221 next unless defined $hash_in;
1222 next unless defined $word;
1224 my @data = split /\*/, $hash_in;
1226 next unless scalar @data == 8;
1228 next unless (shift @data eq '$office$');
1229 next unless (shift @data eq '2010');
1230 next unless (shift @data eq '100000');
1231 next unless (shift @data eq '128');
1232 next unless (shift @data eq '16');
1234 next unless (length $data[0] == 32);
1235 next unless (length $data[1] == 32);
1236 next unless (length $data[2] == 64);
1238 $salt = shift @data;
1239 $param = shift @data;
1241 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1244 elsif ($mode == 9600)
1246 ($hash_in, $word) = split ":", $line;
1248 next unless defined $hash_in;
1249 next unless defined $word;
1251 my @data = split /\*/, $hash_in;
1253 next unless scalar @data == 8;
1255 next unless (shift @data eq '$office$');
1256 next unless (shift @data eq '2013');
1257 next unless (shift @data eq '100000');
1258 next unless (shift @data eq '256');
1259 next unless (shift @data eq '16');
1261 next unless (length $data[0] == 32);
1262 next unless (length $data[1] == 32);
1263 next unless (length $data[2] == 64);
1265 $salt = shift @data;
1266 $param = shift @data;
1268 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1271 elsif ($mode == 9700)
1273 ($hash_in, $word) = split ":", $line;
1275 next unless defined $hash_in;
1276 next unless defined $word;
1278 my @data = split /\*/, $hash_in;
1280 next unless scalar @data == 4;
1282 my $signature = shift @data;
1284 next unless (($signature eq '$oldoffice$0') || ($signature eq '$oldoffice$1'));
1286 next unless (length $data[0] == 32);
1287 next unless (length $data[1] == 32);
1288 next unless (length $data[2] == 32);
1290 $salt = shift @data;
1291 $param = shift @data;
1292 $param2 = substr ($signature, 11, 1);
1294 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1297 elsif ($mode == 9800)
1299 ($hash_in, $word) = split ":", $line;
1301 next unless defined $hash_in;
1302 next unless defined $word;
1304 my @data = split /\*/, $hash_in;
1306 next unless scalar @data == 4;
1308 my $signature = shift @data;
1310 next unless (($signature eq '$oldoffice$3') || ($signature eq '$oldoffice$4'));
1312 next unless (length $data[0] == 32);
1313 next unless (length $data[1] == 32);
1314 next unless (length $data[2] == 40);
1316 $salt = shift @data;
1317 $param = shift @data;
1318 $param2 = substr ($signature, 11, 1);
1320 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1322 # Django (PBKDF2-SHA256)
1323 elsif ($mode == 10000)
1325 next unless (substr ($line, 0, 14) eq 'pbkdf2_sha256$');
1328 my $index1 = index ($line, "\$", 14);
1330 next if $index1 < 1;
1332 my $index2 = index ($line, "\$", $index1 + 1);
1336 $iter = substr ($line, 14, $index1 - 14);
1340 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1344 $index1 = index ($line, ":", $index2 + 1);
1346 next if $index1 < 1;
1348 $word = substr ($line, $index1 + 1);
1349 $hash_in = substr ($line, 0, $index1);
1351 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1354 elsif ($mode == 10100)
1358 ($hash, undef, undef, $salt, $word) = split ":", $line;
1360 next unless defined $hash;
1361 next unless defined $salt;
1362 next unless defined $word;
1364 next unless (length $hash == 16);
1365 next unless (length $salt == 32);
1367 my $hash_in = sprintf ("%s:2:4:%s", $hash, $salt);
1369 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1372 elsif ($mode == 10200)
1374 next unless (substr ($line, 0, 10) eq '$cram_md5$');
1377 my $index1 = index ($line, "\$", 10);
1379 next if $index1 < 1;
1383 my $challengeb64 = substr ($line, 10, $index1 - 10);
1384 $salt = decode_base64
($challengeb64);
1388 my $index2 = index ($line, ":", $index1 + 1);
1390 next if $index2 < 1;
1392 my $responseb64 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1393 my $response = decode_base64
($responseb64);
1395 $param = substr ($response, 0, length ($response) - 32 - 1); # -1 is for space
1397 $word = substr ($line, $index2 + 1);
1398 $hash_in = substr ($line, 0, $index2);
1400 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1402 # SAP CODVN H (PWDSALTEDHASH) iSSHA-1
1403 elsif ($mode == 10300)
1405 next unless (substr ($line, 0, 10) eq '{x-issha, ');
1409 my $index1 = index ($line, "}", 10);
1411 next if $index1 < 1;
1413 $iter = substr ($line, 10, $index1 - 10);
1415 $iter = int ($iter);
1419 my $base64_encoded = substr ($line, $index1 + 1);
1420 my $base64_decoded = decode_base64
($base64_encoded);
1422 $salt = substr ($base64_decoded, 20);
1424 my $index2 = index ($line, ":", $index1 + 1);
1426 next if $index2 < 1;
1428 $word = substr ($line, $index2 + 1);
1429 $hash_in = substr ($line, 0, $index2);
1431 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1433 # PDF 1.1 - 1.3 (Acrobat 2 - 4)
1434 elsif ($mode == 10400)
1436 ($hash_in, $word) = split ":", $line;
1438 next unless defined $hash_in;
1439 next unless defined $word;
1441 my @data = split /\*/, $hash_in;
1443 next unless scalar @data == 11;
1445 next unless (shift @data eq '$pdf$1');
1446 next unless (shift @data eq '2');
1447 next unless (shift @data eq '40');
1448 my $P = shift @data;
1449 next unless (shift @data eq '0');
1450 next unless (shift @data eq '16');
1451 my $id = shift @data;
1452 next unless (shift @data eq '32');
1453 my $u = shift @data;
1454 next unless (shift @data eq '32');
1455 my $o = shift @data;
1462 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1464 # PDF 1.4 - 1.6 (Acrobat 5 - 8)
1465 elsif ($mode == 10500)
1467 ($hash_in, $word) = split ":", $line;
1469 next unless defined $hash_in;
1470 next unless defined $word;
1472 my @data = split /\*/, $hash_in;
1474 next unless scalar @data == 11;
1476 my $V = shift @data; $V = substr ($V, 5, 1);
1477 my $R = shift @data;
1478 next unless (shift @data eq '128');
1479 my $P = shift @data;
1480 my $enc = shift @data;
1481 next unless (shift @data eq '16');
1482 my $id = shift @data;
1483 next unless (shift @data eq '32');
1484 my $u = shift @data;
1485 next unless (shift @data eq '32');
1486 my $o = shift @data;
1496 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1498 # PDF 1.7 Level 3 (Acrobat 9)
1499 elsif ($mode == 10600)
1501 ($hash_in, $word) = split ":", $line;
1503 next unless defined $hash_in;
1504 next unless defined $word;
1506 my @data = split /\*/, $hash_in;
1508 next unless scalar @data >= 11;
1510 next unless (shift @data eq '$pdf$5');
1511 next unless (shift @data eq '5');
1512 next unless (shift @data eq '256');
1513 next unless (shift @data eq '-1028');
1514 next unless (shift @data eq '1');
1515 next unless (shift @data eq '16');
1516 my $id = shift @data;
1517 my $rest = join "*", @data;
1522 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1524 # PDF 1.7 Level 8 (Acrobat 10 - 11)
1525 elsif ($mode == 10700)
1527 ($hash_in, $word) = split ":", $line;
1529 next unless defined $hash_in;
1530 next unless defined $word;
1532 my @data = split /\*/, $hash_in;
1534 next unless scalar @data >= 11;
1536 next unless (shift @data eq '$pdf$5');
1537 next unless (shift @data eq '6');
1538 next unless (shift @data eq '256');
1539 next unless (shift @data eq '-1028');
1540 next unless (shift @data eq '1');
1541 next unless (shift @data eq '16');
1542 my $id = shift @data;
1543 my $rest = join "*", @data;
1548 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1550 # PBKDF2-HMAC-SHA256
1551 elsif ($mode == 10900)
1553 next unless (substr ($line, 0, 7) eq 'sha256:');
1556 my $index1 = index ($line, ":", 7);
1558 next if $index1 < 1;
1560 $iter = substr ($line, 7, $index1 - 7);
1564 my $index2 = index ($line, ":", $index1 + 1);
1566 next if $index2 < 1;
1568 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1570 $salt = decode_base64
($salt);
1574 $index1 = index ($line, ":", $index2 + 1);
1576 next if $index1 < 1;
1578 # additional param = output len of pbkdf2
1580 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1582 my $digest = decode_base64
($digest64_encoded);
1584 $param = length ($digest);
1588 $word = substr ($line, $index1 + 1);
1589 $hash_in = substr ($line, 0, $index1);
1591 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1593 # PostgreSQL MD5 Authentication
1594 elsif ($mode == 11100)
1596 next unless (substr ($line, 0, 10) eq '$postgres$');
1598 my $index1 = index ($line, "*", 10);
1600 next if $index1 < 1;
1604 $param = substr ($line, 10, $index1 - 10);
1606 # get the 4 byte salt
1608 my $index2 = index ($line, "*", $index1 + 1);
1610 next if $index2 < 1;
1612 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1616 $index1 = index ($line, ":", $index2 + 1);
1618 next if $index1 < 1;
1620 $word = substr ($line, $index1 + 1);
1621 $hash_in = substr ($line, 0, $index1);
1623 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1625 # MySQL MD5 Authentication
1626 elsif ($mode == 11200)
1628 next unless (substr ($line, 0, 9) eq '$mysqlna$');
1630 my $index1 = index ($line, "*", 9);
1632 next if $index1 < 1;
1636 $salt = substr ($line, 9, $index1 - 9);
1640 $index1 = index ($line, ":", $index1 + 1);
1642 next if $index1 < 1;
1644 $word = substr ($line, $index1 + 1);
1645 $hash_in = substr ($line, 0, $index1);
1647 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1650 elsif ($mode == 2500)
1652 print "ERROR: verify currently not supported for WPA/WPA2 (because of oclHashcat's output format)\n";
1656 # Bitcoin/Litecoin wallet.dat
1657 elsif ($mode == 11300)
1659 print "ERROR: verify currently not supported for Bitcoin/Litecoin wallet.dat because of unknown crypt data\n";
1663 # SIP digest authentication (MD5)
1664 elsif ($mode == 11400)
1666 next unless (substr ($line, 0, 6) eq '$sip$*');
1670 my $index1 = index ($line, "*", 6);
1672 next if $index1 < 0;
1674 $param10 = substr ($line, 6, $index1 - 6);
1676 next if (length ($param10) > 32);
1680 my $index2 = index ($line, "*", $index1 + 1);
1682 next if $index2 < 0;
1684 $param11 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1686 next if (length ($param11) > 32);
1690 $index1 = index ($line, "*", $index2 + 1);
1692 next if $index1 < 0;
1694 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1696 next if (length ($param) > 12);
1700 $index2 = index ($line, "*", $index1 + 1);
1702 next if $index2 < 0;
1704 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1706 next if (length ($param2) > 20);
1710 $index1 = index ($line, "*", $index2 + 1);
1712 next if $index1 < 0;
1714 $param6 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1716 next if (length ($param6) > 24);
1720 $index2 = index ($line, "*", $index1 + 1);
1722 next if $index2 < 0;
1724 $param7 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1726 next if (length ($param7) > 10);
1730 $index1 = index ($line, "*", $index2 + 1);
1732 next if $index1 < 0;
1734 $param8 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1736 next if (length ($param8) > 32);
1740 $index2 = index ($line, "*", $index1 + 1);
1742 next if $index2 < 0;
1744 $param9 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1746 next if (length ($param9) > 32);
1750 $index1 = index ($line, "*", $index2 + 1);
1752 next if $index1 < 0;
1754 $salt = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1756 next if (length ($salt) > 34);
1760 $index2 = index ($line, "*", $index1 + 1);
1762 next if $index2 < 0;
1764 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1766 next if (length ($param4) > 12);
1770 $index1 = index ($line, "*", $index2 + 1);
1772 next if $index1 < 0;
1774 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1776 next if (length ($param3) > 10);
1780 $index2 = index ($line, "*", $index1 + 1);
1782 next if $index2 < 0;
1784 $param5 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1786 next if (length ($param5) > 8);
1790 $index1 = index ($line, "*", $index2 + 1);
1792 next if $index1 < 0;
1794 my $directive = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1796 next unless ($directive eq "MD5");
1800 $index2 = index ($line, ":", $index1 + 1);
1802 next if $index2 < 0;
1804 my $hex_digest = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1806 next unless (length ($hex_digest) == 32);
1808 $word = substr ($line, $index2 + 1);
1809 $hash_in = substr ($line, 0, $index2);
1811 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1814 elsif ($mode == 11600)
1816 next unless (substr ($line, 0, 4) eq '$7z$');
1820 my $index1 = index ($line, '$', 4);
1822 next if $index1 < 0;
1824 my $p = substr ($line, 4, $index1 - 4);
1826 next unless ($p eq "0");
1830 my $index2 = index ($line, '$', $index1 + 1);
1832 next if $index2 < 0;
1834 $iter = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1836 # seven zip salt length
1838 $index1 = index ($line, '$', $index2 + 1);
1840 next if $index1 < 0;
1842 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1846 $index2 = index ($line, '$', $index1 + 1);
1848 next if $index2 < 0;
1850 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1854 $index1 = index ($line, '$', $index2 + 1);
1856 next if $index1 < 0;
1858 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1862 $index2 = index ($line, '$', $index1 + 1);
1864 next if $index2 < 0;
1866 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1868 $salt = pack ("H*", $salt);
1872 $index1 = index ($line, '$', $index2 + 1);
1874 next if $index1 < 0;
1876 my $crc = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1878 # ignore this crc, we don't need to pass it to gen_hash ()
1882 $index2 = index ($line, '$', $index1 + 1);
1884 next if $index2 < 0;
1886 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1890 $index1 = index ($line, '$', $index2 + 1);
1892 next if $index1 < 0;
1894 $param5 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1898 $index2 = index ($line, ':', $index1 + 1);
1900 next if $index2 < 0;
1902 $param6 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1903 $param6 = pack ("H*", $param6);
1905 $word = substr ($line, $index2 + 1);
1906 $hash_in = substr ($line, 0, $index2);
1908 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1911 elsif ($mode == 11900)
1913 next unless (substr ($line, 0, 4) eq 'md5:');
1916 my $index1 = index ($line, ":", 4);
1918 next if $index1 < 1;
1920 $iter = substr ($line, 4, $index1 - 4);
1924 my $index2 = index ($line, ":", $index1 + 1);
1926 next if $index2 < 1;
1928 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1930 $salt = decode_base64
($salt);
1934 $index1 = index ($line, ":", $index2 + 1);
1936 next if $index1 < 1;
1938 # additional param = output len of pbkdf2
1940 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1942 my $digest = decode_base64
($digest64_encoded);
1944 $param = length ($digest);
1948 $word = substr ($line, $index1 + 1);
1949 $hash_in = substr ($line, 0, $index1);
1951 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1954 elsif ($mode == 12000)
1956 next unless (substr ($line, 0, 5) eq 'sha1:');
1959 my $index1 = index ($line, ":", 5);
1961 next if $index1 < 1;
1963 $iter = substr ($line, 5, $index1 - 5);
1967 my $index2 = index ($line, ":", $index1 + 1);
1969 next if $index2 < 1;
1971 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1973 $salt = decode_base64
($salt);
1977 $index1 = index ($line, ":", $index2 + 1);
1979 next if $index1 < 1;
1981 # additional param = output len of pbkdf2
1983 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1985 my $digest = decode_base64
($digest64_encoded);
1987 $param = length ($digest);
1991 $word = substr ($line, $index1 + 1);
1992 $hash_in = substr ($line, 0, $index1);
1994 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1996 # PBKDF2-HMAC-SHA512
1997 elsif ($mode == 12100)
1999 next unless (substr ($line, 0, 7) eq 'sha512:');
2002 my $index1 = index ($line, ":", 7);
2004 next if $index1 < 1;
2006 $iter = substr ($line, 7, $index1 - 7);
2010 my $index2 = index ($line, ":", $index1 + 1);
2012 next if $index2 < 1;
2014 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2016 $salt = decode_base64
($salt);
2020 $index1 = index ($line, ":", $index2 + 1);
2022 next if $index1 < 1;
2024 # additional param = output len of pbkdf2
2026 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
2028 my $digest = decode_base64
($digest64_encoded);
2030 $param = length ($digest);
2034 $word = substr ($line, $index1 + 1);
2035 $hash_in = substr ($line, 0, $index1);
2037 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2040 elsif ($mode == 12200)
2042 next unless (substr ($line, 0, 12) eq '$ecryptfs$0$');
2044 # check if default salt
2048 $param = 0 if (substr ($line, 12, 2) eq '1$');
2056 if ($param == 0) # we need to extract the salt
2058 $index1 = index ($line, '$', $index1);
2060 next if $index1 < 1;
2062 my $index2 = index ($line, '$', $index1 + 1);
2064 next if $index2 < 1;
2066 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2071 $index1 = index ($line, ':', $index1 + 1);
2073 next if $index1 < 1;
2077 $word = substr ($line, $index1 + 1);
2078 $hash_in = substr ($line, 0, $index1);
2080 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2082 # Oracle T: Type (Oracle 12+)
2083 elsif ($mode == 12300)
2085 my $index1 = index ($line, ':');
2087 next if ($index1 != 160);
2091 $salt = substr ($line, 128, 32);
2095 $word = substr ($line, $index1 + 1);
2096 $hash_in = substr ($line, 0, $index1);
2098 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2100 # BSDiCrypt, Extended DES
2101 elsif ($mode == 12400)
2103 next unless (substr ($line, 0, 1) eq '_');
2105 my $index1 = index ($line, ':', 20);
2107 next if ($index1 != 20);
2111 $iter = substr ($line, 1, 4);
2113 $iter = base64_to_int24
($iter);
2117 $salt = substr ($line, 5, 4);
2121 $word = substr ($line, $index1 + 1);
2122 $hash_in = substr ($line, 0, $index1);
2124 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2126 # Blockchain, My Wallet
2127 elsif ($mode == 12700)
2129 my $index1 = index ($line, ':');
2131 next if ($index1 < 0);
2133 $hash_in = substr ($line, 0, $index1);
2134 $word = substr ($line, $index1 + 1);
2136 my (undef, $signature, $data_len, $data_buf) = split '\$', $hash_in;
2138 next unless ($signature eq "blockchain");
2140 next unless (($data_len * 2) == length $data_buf);
2142 $salt = substr ($data_buf, 0, 32);
2143 $param = substr ($data_buf, 32);
2145 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2147 elsif ($mode == 12800)
2149 ($hash_in, $word) = split ":", $line;
2151 next unless defined $hash_in;
2152 next unless defined $word;
2154 my @data = split /\,/, $hash_in;
2156 next unless scalar @data == 4;
2158 next unless (shift @data eq 'v1;PPH1_MD4');
2160 $salt = shift @data;
2161 $iter = shift @data;
2163 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2165 elsif ($mode == 12900)
2167 ($hash_in, $word) = split ":", $line;
2169 next unless defined $hash_in;
2170 next unless defined $word;
2172 next unless length $hash_in == 160;
2174 $param = substr ($hash_in, 0, 64);
2175 $salt = substr ($hash_in, 128, 32);
2178 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2180 elsif ($mode == 13000)
2184 ($hash_line, $word) = split ":", $line;
2186 next unless defined $hash_line;
2187 next unless defined $word;
2189 my @data = split ('\$', $hash_line);
2191 next unless scalar @data == 8;
2195 my $signature = shift @data;
2196 my $salt_len = shift @data;
2197 my $salt_buf = shift @data;
2198 my $iterations = shift @data;
2199 my $iv = shift @data;
2200 my $pswcheck_len = shift @data;
2201 my $pswcheck = shift @data;
2203 next unless ($signature eq "rar5");
2204 next unless ($salt_len == 16);
2205 next unless ($pswcheck_len == 8);
2208 $iter = $iterations;
2209 $hash_in = $pswcheck;
2212 next unless (exists ($db->{$hash_line}) and (! defined ($db->{$hash_line})));
2214 elsif ($mode == 13100 )
2216 ($hash_in, $word) = split ":", $line;
2218 next unless defined $hash_in;
2219 next unless defined $word;
2221 my @data = split ('\$', $hash_in);
2223 next unless scalar @data == 8;
2227 my $signature = shift @data;
2228 my $algorithm = shift @data;
2229 my $user = shift @data;
2230 $user = substr ($user, 1);
2231 my $realm = shift @data;
2232 my $spn = shift @data;
2233 $spn = substr ($spn, 0, length ($spn) - 1);
2234 my $checksum = shift @data;
2235 my $edata2 = shift @data;
2237 next unless ($signature eq "krb5tgs");
2238 next unless (length ($checksum) == 32);
2239 next unless (length ($edata2) >= 64);
2241 $salt = $user . '$' . $realm . '$' . $spn . '$' . substr ($edata2, 0, 16);
2243 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2245 elsif ($mode == 13200)
2247 ($hash_in, $word) = split ":", $line;
2249 next unless defined $hash_in;
2250 next unless defined $word;
2252 my @data = split ('\*', $hash_in);
2254 next unless scalar @data == 5;
2258 my $signature = shift @data;
2259 my $version = shift @data;
2260 my $iteration = shift @data;
2261 my $mysalt = shift @data;
2262 my $digest = shift @data;
2264 next unless ($signature eq '$axcrypt$');
2265 next unless (length ($mysalt) == 32);
2266 next unless (length ($digest) == 48);
2268 $salt = $iteration . '*' . $mysalt;
2270 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2272 elsif ($mode == 13300)
2274 ($hash_in, $word) = split ":", $line;
2276 next unless defined $hash_in;
2277 next unless defined $word;
2279 my @data = split ('\$', $hash_in);
2281 next unless scalar @data == 2;
2285 my $signature = shift @data;
2286 my $digest = shift @data;
2288 next unless ($signature eq '$axcrypt_sha1');
2289 next unless (length ($digest) == 32 || length ($digest) == 40);
2291 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2293 elsif ($mode == 13400)
2295 ($hash_in, $word) = split ":", $line;
2297 next unless defined $hash_in;
2298 next unless defined $word;
2300 my @data = split ('\*', $hash_in);
2302 next unless (scalar @data == 9
2303 || scalar @data == 11
2304 || scalar @data == 12
2305 || scalar @data == 14);
2307 my $signature = shift @data;
2308 next unless ($signature eq '$keepass$');
2310 my $version = shift @data;
2311 next unless ($version == 1 || $version == 2);
2313 my $iteration = shift @data;
2315 my $algorithm = shift @data;
2317 my $final_random_seed = shift @data;
2321 next unless (length ($final_random_seed) == 32);
2323 elsif ($version == 2)
2325 next unless (length ($final_random_seed) == 64);
2328 my $transf_random_seed = shift @data;
2329 next unless (length ($transf_random_seed) == 64);
2331 my $enc_iv = shift @data;
2332 next unless (length ($enc_iv) == 32);
2336 my $contents_hash = shift @data;
2337 next unless (length ($contents_hash) == 64);
2339 my $inline_flags = shift @data;
2340 next unless ($inline_flags == 1);
2342 my $contents_len = shift @data;
2344 my $contents = shift @data;
2345 next unless (length ($contents) == $contents_len * 2);
2347 elsif ($version == 2)
2349 my $expected_bytes = shift @data;
2350 next unless (length ($expected_bytes) == 64);
2352 my $contents_hash = shift @data;
2353 next unless (length ($contents_hash) == 64);
2356 if (scalar @data == 12 || scalar @data == 14)
2358 my $inline_flags = shift @data;
2359 next unless ($inline_flags == 1);
2361 my $keyfile_len = shift @data;
2362 next unless ($keyfile_len == 64);
2364 my $keyfile = shift @data;
2365 next unless (length ($keyfile) == $keyfile_len);
2368 $salt = substr ($hash_in, length ("*keepass*") + 1, length ($hash_in));
2370 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2374 print "ERROR: hash mode is not supported\n";
2379 if ($word =~ m/^\$HEX\[[0-9a-fA-F]*\]$/)
2381 $word = pack ("H*", substr ($word, 5, -1));
2384 # finally generate the hash
2389 # check both variations
2390 $hash_out = gen_hash
($mode, $word, $salt, $iter, 1);
2392 $len = length $hash_out; # == length $alternative
2394 if (substr ($line, 0, $len) ne $hash_out)
2396 my $alternative = gen_hash
($mode, $word, $salt, $iter, 2);
2398 return unless (substr ($line, 0, $len) eq $alternative);
2401 elsif ($mode == 8700)
2403 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2405 $len = length $hash_out;
2407 return unless (substr ($line, 0, $len) eq $hash_out);
2409 elsif ($mode == 8900)
2411 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2413 $len = length $hash_out;
2415 return unless (substr ($line, 0, $len) eq $hash_out);
2417 elsif ($mode == 9100)
2419 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2421 $len = length $hash_out;
2423 return unless (substr ($line, 0, $len) eq $hash_out);
2425 elsif ($mode == 190)
2427 $hash_out = gen_hash
($mode, $word, $salt, $iter, 0);
2429 $len = length $hash_out; # == length $alternative
2431 if (substr ($line, 0, $len) ne $hash_out)
2433 my $alternative = gen_hash
($mode, $word, $salt, $iter, 1);
2435 return unless (substr ($line, 0, $len) eq $alternative);
2438 elsif ($mode == 3300)
2440 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2442 $len = length $hash_out;
2444 return unless (substr ($line, 0, $len) eq $hash_out);
2446 elsif ($mode == 5100)
2448 # check 3 variants (start, middle, end)
2452 $hash_out = gen_hash
($mode, $word, $salt, $iter, $idx++);
2454 $len = length $hash_out; # == length $alternative
2456 if (substr ($line, 0, $len) ne $hash_out)
2458 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2460 if (substr ($line, 0, $len) ne $alternative)
2462 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2464 return unless (substr ($line, 0, $len) eq $alternative);
2468 elsif ($mode == 9400)
2470 $hash_out = gen_hash
($mode, $word, $salt, 50000, $param, $param2);
2472 $len = length $hash_out;
2474 return unless (substr ($line, 0, $len) eq $hash_out);
2476 elsif ($mode == 9500)
2478 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2480 $len = length $hash_out;
2482 return unless (substr ($line, 0, $len) eq $hash_out);
2484 elsif ($mode == 9600)
2486 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2488 $len = length $hash_out;
2490 return unless (substr ($line, 0, $len) eq $hash_out);
2492 elsif ($mode == 9700)
2494 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2496 $len = length $hash_out;
2498 return unless (substr ($line, 0, $len) eq $hash_out);
2500 elsif ($mode == 9800)
2502 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2504 $len = length $hash_out;
2506 return unless (substr ($line, 0, $len) eq $hash_out);
2508 elsif ($mode == 10400)
2510 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2512 $len = length $hash_out;
2514 return unless (substr ($line, 0, $len) eq $hash_out);
2516 elsif ($mode == 10500)
2518 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3, $param4, $param5, $param6);
2520 $len = length $hash_out;
2522 return unless (substr ($line, 0, $len) eq $hash_out);
2524 elsif ($mode == 10600)
2526 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2528 $len = length $hash_out;
2530 return unless (substr ($line, 0, $len) eq $hash_out);
2532 elsif ($mode == 10700)
2534 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2536 $len = length $hash_out;
2538 return unless (substr ($line, 0, $len) eq $hash_out);
2540 elsif ($mode == 10900)
2542 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2544 $len = length $hash_out;
2546 return unless (substr ($line, 0, $len) eq $hash_out);
2548 elsif ($mode == 11100)
2550 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2552 $len = length $hash_out;
2554 return unless (substr ($line, 0, $len) eq $hash_out);
2556 elsif ($mode == 11400)
2558 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6, $param7, $param8, $param9, $param10, $param11);
2560 $len = length $hash_out;
2562 return unless (substr ($line, 0, $len) eq $hash_out);
2564 elsif ($mode == 11600)
2566 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6);
2568 $len = length $hash_out;
2570 return unless (substr ($line, 0, $len) eq $hash_out);
2572 elsif ($mode == 11900)
2574 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2576 $len = length $hash_out;
2578 return unless (substr ($line, 0, $len) eq $hash_out);
2580 elsif ($mode == 12000)
2582 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2584 $len = length $hash_out;
2586 return unless (substr ($line, 0, $len) eq $hash_out);
2588 elsif ($mode == 12100)
2590 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2592 $len = length $hash_out;
2594 return unless (substr ($line, 0, $len) eq $hash_out);
2596 elsif ($mode == 12200)
2598 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2600 $len = length $hash_out;
2602 return unless (substr ($line, 0, $len) eq $hash_out);
2604 elsif ($mode == 12700)
2606 # this is very special, we can't call gen_hash () because the param part is not always the same
2607 # we only know that it should contain the letters "guid" at the beginning of the decryted string
2609 my $pbkdf2 = Crypt
::PBKDF2
->new (
2610 hash_class
=> 'HMACSHA1',
2615 my $salt_bin = pack ("H*", $salt);
2617 my $key = $pbkdf2->PBKDF2 ($salt_bin, $word);
2619 my $cipher = Crypt
::CBC
->new ({
2621 cipher
=> "Crypt::Rijndael",
2628 my $param_bin = pack ("H*", $param);
2630 my $decrypted = $cipher->decrypt ($param_bin);
2632 my $decrypted_part = substr ($decrypted, 1, 16);
2634 return unless ($decrypted_part =~ /"guid"/);
2636 $hash_out = $hash_in;
2638 elsif ($mode == 12900)
2640 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2642 $len = length $hash_out;
2644 return unless (substr ($line, 0, $len) eq $hash_out);
2646 elsif ($mode == 13000)
2648 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2650 $len = length $hash_out;
2652 return unless (substr ($line, 0, $len) eq $hash_out);
2654 elsif ($mode == 13100)
2656 $hash_out = gen_hash
($mode, $word, $salt);
2658 $len = length $hash_out;
2660 return unless (substr ($line, 0, $len) eq $hash_out);
2662 elsif ($mode == 13200)
2664 $hash_out = gen_hash
($mode, $word, $salt);
2666 $len = length $hash_out;
2668 return unless (substr ($line, 0, $len) eq $hash_out);
2670 elsif ($mode == 13400)
2672 $hash_out = gen_hash
($mode, $word, $salt);
2674 $len = length $hash_out;
2676 return unless (substr ($line, 0, $len) eq $hash_out);
2680 $hash_out = gen_hash
($mode, $word, $salt, $iter);
2682 $len = length $hash_out;
2687 # allow $P$ and $H$ for -m 400
2688 next unless (substr ($line, 3, $len - 3) eq substr ($hash_out, 3));
2690 elsif ($mode == 5600)
2692 # oclHashcat outputs the user name always upper-case, we need
2693 next unless (substr ($line, 0, $len) eq $hash_out);
2697 my $hash_out_lower = lc ($hash_out);
2699 for my $key (keys %{$db})
2701 if (lc ($key) eq $hash_out_lower)
2713 next unless (substr ($line, 0, $len) eq $hash_out);
2717 # do not forget "exists ($db->$hash_out)" should be done above!
2718 $db->{$hash_out} = $word;
2719 print OUT
$line . "\n";
2728 my $mode = shift || 0;
2730 while (my $word_buf = <>)
2734 next if length ($word_buf) > 31;
2742 for (my $i = 0; $i < 256; $i++)
2744 my $c = get_random_chr
(0x30, 0x39);
2746 push (@salt_arr, $c);
2749 my $salt_buf = join ("", @salt_arr);
2757 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 133 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 5700 || $mode == 9900 || $mode == 10800 || $mode == 11500 || $mode == 13300)
2759 $tmp_hash = gen_hash
($mode, $word_buf, "");
2761 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
2763 my $salt_len = get_random_num
(1, 15);
2765 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2767 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
2769 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2773 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2777 my $salt_len = get_random_num
(1, 11);
2779 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2781 elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 1800 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
2783 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 8));
2785 elsif ($mode == 112)
2787 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
2789 elsif ($mode == 121)
2791 my $salt_len = get_random_num
(1, 9);
2793 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2795 elsif ($mode == 125)
2797 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 10));
2799 elsif ($mode == 141 || $mode == 1441)
2801 my $salt_len = get_random_num
(1, 15);
2803 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2805 elsif ($mode == 1100)
2807 my $salt_len = get_random_num
(1, 19);
2809 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2811 elsif ($mode == 1500)
2813 next if length ($word_buf) > 8;
2815 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2817 elsif ($mode == 2100)
2819 next if length ($word_buf) > 13;
2821 my $salt_len = get_random_num
(1, 19);
2823 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2825 elsif ($mode == 2410)
2827 next if length ($word_buf) > 15;
2829 my $salt_len = get_random_num
(1, 15);
2831 my $word_len = length ($word_buf);
2833 $salt_len = min
($salt_len, 15 - $word_len);
2835 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2837 elsif ($mode == 2500)
2839 next if length ($word_buf) < 8;
2841 my $salt_len = get_random_num
(0, 32);
2843 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2845 elsif ($mode == 2611)
2847 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 3));
2849 elsif ($mode == 2612)
2851 my $salt_len = get_random_num
(1, 22);
2853 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2855 elsif ($mode == 2711)
2857 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 30));
2859 elsif ($mode == 2811)
2861 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2863 elsif ($mode == 3000)
2865 next if length ($word_buf) > 7;
2867 $tmp_hash = gen_hash
($mode, $word_buf, "");
2869 elsif ($mode == 3100)
2871 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 10));
2873 elsif ($mode == 3200 || $mode == 5800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 3300 || $mode == 8000 || $mode == 9100 || $mode == 12200)
2875 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
2877 elsif ($mode == 3800 || $mode == 4900)
2879 my $salt_len = get_random_num
(1, 11);
2881 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2883 elsif ($mode == 4800)
2885 $salt_buf = get_random_md5chap_salt
(substr ($salt_buf, 0, 16));
2887 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2889 elsif ($mode == 5300 || $mode == 5400)
2891 $salt_buf = get_random_ike_salt
();
2893 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2895 elsif ($mode == 5500)
2897 my $user_len = get_random_num
(0, 15);
2898 my $domain_len = get_random_num
(0, 15);
2900 $salt_buf = get_random_netntlmv1_salt
($user_len, $domain_len);
2902 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2904 elsif ($mode == 5600)
2906 my $user_len = get_random_num
(0, 15);
2907 my $domain_len = get_random_num
(0, 15);
2909 $salt_buf = get_random_netntlmv2_salt
($user_len, $domain_len);
2911 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2913 elsif ($mode == 6600)
2915 $salt_buf = get_random_agilekeychain_salt
();
2917 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2919 elsif ($mode == 6800)
2921 my $email_len = get_random_num
(1, 15);
2925 for (my $i = 0; $i < $email_len; $i++)
2927 $email .= get_random_chr
(0x61, 0x7a);
2930 $email .= '@trash-mail.com';
2932 $tmp_hash = gen_hash
($mode, $word_buf, $email);
2934 elsif ($mode == 7100)
2936 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
2938 elsif ($mode == 7200)
2940 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 128));
2942 elsif ($mode == 7300)
2944 my $salt_len = get_random_num
(32, 256);
2946 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2948 elsif ($mode == 7500)
2950 $salt_buf = get_random_kerberos5_salt
(substr ($salt_buf, 0, 16));
2952 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2954 elsif ($mode == 7700)
2956 next if length ($word_buf) > 8;
2958 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2960 elsif ($mode == 7800)
2962 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2964 elsif ($mode == 8200)
2966 $salt_buf = get_random_cloudkeychain_salt
();
2968 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2970 elsif ($mode == 8300)
2972 $salt_buf = get_random_dnssec_salt
();
2974 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2976 elsif ($mode == 8400 || $mode == 11200)
2978 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 40));
2980 elsif ($mode == 8500)
2982 next if length ($word_buf) > 8;
2984 my $salt_len = get_random_num
(1, 9);
2986 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2988 elsif ($mode == 8600)
2990 next if length ($word_buf) > 16;
2992 $tmp_hash = gen_hash
($mode, $word_buf, "");
2994 elsif ($mode == 8700)
2996 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2998 elsif ($mode == 9200 || $mode == 9300)
3002 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3004 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
3006 next if length ($word_buf) > 19;
3010 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3012 elsif ($mode == 10100)
3014 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
3016 elsif ($mode == 10300)
3018 my $salt_len = get_random_num
(4, 15);
3020 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3022 elsif ($mode == 10400)
3024 next if length ($word_buf) > 31;
3028 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3030 elsif ($mode == 10500)
3032 next if length ($word_buf) > 15;
3036 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3038 elsif ($mode == 10600)
3040 next if length ($word_buf) > 31;
3044 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3046 elsif ($mode == 10700)
3048 next if length ($word_buf) > 15;
3052 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3054 elsif ($mode == 11000)
3056 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 56));
3058 elsif ($mode == 11300)
3060 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
3062 elsif ($mode == 11400)
3064 next if length ($word_buf) > 24;
3066 my $salt_len = get_random_num
(1, 15);
3068 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3070 elsif ($mode == 11600)
3072 my $salt_len = get_random_num
(0, 16);
3074 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3076 elsif ($mode == 12400)
3078 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 4));
3080 elsif ($mode == 12600)
3082 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
3084 elsif ($mode == 12700)
3086 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
3088 elsif ($mode == 12800)
3090 next if length ($word_buf) > 24;
3092 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
3094 elsif ($mode == 12900)
3096 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
3098 elsif ($mode == 13000)
3100 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
3102 elsif ($mode == 13100)
3104 $salt_buf = get_random_kerberos5_tgs_salt
();
3106 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
3108 elsif ($mode == 13200)
3110 $salt_buf = get_random_axcrypt_salt
();
3112 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
3114 elsif ($mode == 13400)
3116 $salt_buf = get_random_keepass_salt
();
3118 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
3120 elsif ($mode == 13500)
3122 $salt_buf = get_pstoken_salt
();
3124 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
3128 print "ERROR: Unsupported hash type\n";
3133 print $tmp_hash, "\n";
3146 for (my $j = 0; $j < scalar @modes; $j++)
3148 my $mode = $modes[$j];
3150 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 133 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5300 || $mode == 5400 || $mode == 6000 || $mode == 6100 || $mode == 6600 || $mode == 6900 || $mode == 5700 || $mode == 8200 || $mode == 8300 || $mode == 9900 || $mode == 10800 || $mode == 11500 || $mode == 13300)
3152 for (my $i = 1; $i < 32; $i++)
3156 rnd
($mode, $len, 0);
3164 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
3166 my $salt_len = get_random_num
(1, 15);
3168 for (my $i = 1; $i < 32; $i++)
3172 rnd
($mode, $len, $salt_len);
3176 rnd
($mode, $i, $salt_len);
3180 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
3182 for (my $i = 1; $i < 32; $i++)
3186 rnd
($mode, $len, 32);
3190 rnd
($mode, $i, 32);
3194 elsif ($mode == 21 || $mode == 22)
3196 for (my $i = 1; $i < 32; $i++)
3200 rnd
($mode, $len, 2);
3208 elsif ($mode == 111 || $mode == 122 || $mode == 125 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
3210 for (my $i = 1; $i < 32; $i++)
3214 rnd
($mode, $len, 8);
3222 elsif ($mode == 112)
3224 for (my $i = 1; $i < 32; $i++)
3228 rnd
($mode, $len, 20);
3232 rnd
($mode, $i, 20);
3236 elsif ($mode == 141 || $mode == 3300 || $mode == 1441 || $mode == 1800 || $mode == 3200 || $mode == 4800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 8000 || $mode == 9100 || $mode == 12200)
3238 for (my $i = 1; $i < 32; $i++)
3242 rnd
($mode, $len, 16);
3246 rnd
($mode, $i, 16);
3252 my $salt_len = get_random_num
(1, 19);
3254 for (my $i = 1; $i < 32; $i++)
3258 rnd
($mode, $len, $salt_len);
3262 rnd
($mode, $i, $salt_len);
3266 elsif ($mode == 1500)
3268 for (my $i = 1; $i < 9; $i++)
3272 rnd
($mode, $len, 2);
3280 elsif ($mode == 2100)
3282 my $salt_len = get_random_num
(1, 19);
3284 for (my $i = 1; $i < 13; $i++)
3288 rnd
($mode, $len, $salt_len);
3292 rnd
($mode, $i, $salt_len);
3296 elsif ($mode == 2500)
3298 my $salt_len = get_random_num
(0, 32);
3300 for (my $i = 8; $i < 16; $i++)
3302 my $generate_from_len = 0;
3311 rnd
($mode, $len, $salt_len);
3315 rnd
($mode, $i, $salt_len);
3319 elsif ($mode == 2611)
3321 for (my $i = 1; $i < 32; $i++)
3325 rnd
($mode, $len, 3);
3333 elsif ($mode == 2612)
3335 my $salt_len = get_random_num
(1, 22);
3337 for (my $i = 1; $i < 32; $i++)
3341 rnd
($mode, $len, $salt_len);
3345 rnd
($mode, $i, $salt_len);
3349 elsif ($mode == 2711)
3351 for (my $i = 1; $i < 32; $i++)
3355 rnd
($mode, $len, 30);
3359 rnd
($mode, $i, 30);
3363 elsif ($mode == 2811)
3365 for (my $i = 1; $i < 32; $i++)
3369 rnd
($mode, $len, 5);
3377 elsif ($mode == 3000)
3379 for (my $i = 1; $i < 8; $i++)
3383 rnd
($mode, $len, 0);
3391 elsif ($mode == 3100)
3393 for (my $i = 1; $i < 32; $i++)
3397 rnd
($mode, $len, 10);
3401 rnd
($mode, $i, 10);
3405 elsif ($mode == 3800 || $mode == 4900)
3407 my $salt_len = get_random_num
(1, 11);
3409 for (my $i = 1; $i < 32; $i++)
3413 rnd
($mode, $len, $salt_len);
3417 rnd
($mode, $i, $salt_len);
3421 elsif ($mode == 5500 || $mode == 5600)
3425 for (my $i = 1; $i < 27; $i++)
3427 $salt_len = get_random_num
(1, 15);
3431 rnd
($mode, $len, $salt_len);
3435 rnd
($mode, $i, $salt_len);
3439 elsif ($mode == 5800)
3441 for (my $i = 1; $i < 14; $i++)
3445 rnd
($mode, $len, 16);
3449 rnd
($mode, $i, 16);
3453 elsif ($mode == 6800)
3455 my $salt_len = get_random_num
(8, 25);
3457 for (my $i = 1; $i < 32; $i++)
3461 rnd
($mode, $len, $salt_len);
3465 rnd
($mode, $i, $salt_len);
3469 elsif ($mode == 7100)
3471 for (my $i = 1; $i < 32; $i++)
3475 rnd
($mode, $len, 64);
3479 rnd
($mode, $i, 64);
3483 elsif ($mode == 7200)
3485 for (my $i = 1; $i < 32; $i++)
3489 rnd
($mode, $len, 128);
3493 rnd
($mode, $i, 128);
3497 elsif ($mode == 7300)
3499 my $salt_len = get_random_num
(32, 255);
3501 for (my $i = 1; $i < 32; $i++)
3505 rnd
($mode, $len, $salt_len);
3509 rnd
($mode, $i, $salt_len);
3513 elsif ($mode == 7500)
3515 for (my $i = 1; $i < 27; $i++)
3519 rnd
($mode, $len, 16);
3523 rnd
($mode, $i, 16);
3527 elsif ($mode == 7700)
3529 my $salt_len = get_random_num
(1, 12);
3531 for (my $i = 1; $i < 9; $i++)
3535 rnd
($mode, $len, $salt_len);
3539 rnd
($mode, $i, $salt_len);
3543 elsif ($mode == 7800)
3545 my $salt_len = get_random_num
(1, 12);
3547 for (my $i = 1; $i < 32; $i++)
3551 rnd
($mode, $len, $salt_len);
3555 rnd
($mode, $i, $salt_len);
3559 elsif ($mode == 8400 || $mode == 11200)
3561 for (my $i = 1; $i < 32; $i++)
3565 rnd
($mode, $len, 40);
3569 rnd
($mode, $i, 40);
3573 elsif ($mode == 8500)
3575 my $salt_len = get_random_num
(1, 8);
3577 for (my $i = 1; $i < 9; $i++)
3581 rnd
($mode, $len, $salt_len);
3585 rnd
($mode, $i, $salt_len);
3589 elsif ($mode == 8600)
3591 for (my $i = 1; $i < 17; $i++)
3595 rnd
($mode, $len, 0);
3603 elsif ($mode == 8700)
3605 for (my $i = 1; $i < 32; $i++)
3609 rnd
($mode, $len, 5);
3617 elsif ($mode == 9200 || $mode == 9300)
3621 for (my $i = 1; $i < 32; $i++)
3625 rnd
($mode, $len, $salt_len);
3629 rnd
($mode, $i, $salt_len);
3633 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
3637 for (my $i = 1; $i < 20; $i++)
3641 rnd
($mode, $len, $salt_len);
3645 rnd
($mode, $i, $salt_len);
3649 elsif ($mode == 10100)
3651 for (my $i = 1; $i < 32; $i++)
3655 rnd
($mode, $len, 32);
3659 rnd
($mode, $i, 32);
3663 elsif ($mode == 10300)
3665 my $salt_len = get_random_num
(4, 15);
3667 for (my $i = 1; $i < 32; $i++)
3671 rnd
($mode, $len, $salt_len);
3675 rnd
($mode, $i, $salt_len);
3679 elsif ($mode == 10400 || $mode == 10600)
3683 for (my $i = 1; $i < 32; $i++)
3687 rnd
($mode, $len, $salt_len);
3691 rnd
($mode, $i, $salt_len);
3695 elsif ($mode == 10500 || $mode == 10700)
3699 for (my $i = 1; $i < 16; $i++)
3703 rnd
($mode, $len, $salt_len);
3707 rnd
($mode, $i, $salt_len);
3711 elsif ($mode == 11000)
3713 for (my $i = 1; $i < 32; $i++)
3717 rnd
($mode, $len, 56);
3721 rnd
($mode, $i, 56);
3725 elsif ($mode == 11300)
3727 for (my $i = 1; $i < 32; $i++)
3731 rnd
($mode, $len, 16);
3735 rnd
($mode, $i, 16);
3739 elsif ($mode == 11400)
3741 for (my $i = 1; $i < 24; $i++)
3745 rnd
($mode, $len, 16);
3749 rnd
($mode, $i, 16);
3753 elsif ($mode == 11600)
3755 my $salt_len = get_random_num
(0, 16);
3757 for (my $i = 1; $i < 32; $i++)
3761 rnd
($mode, $len, $salt_len);
3765 rnd
($mode, $i, $salt_len);
3769 elsif ($mode == 12400)
3771 for (my $i = 1; $i < 32; $i++)
3775 rnd
($mode, $len, 4);
3783 elsif ($mode == 12600)
3785 for (my $i = 1; $i < 32; $i++)
3789 rnd
($mode, $len, 64);
3793 rnd
($mode, $i, 64);
3797 elsif ($mode == 12700)
3799 for (my $i = 1; $i < 32; $i++)
3803 rnd
($mode, $len, 32);
3807 rnd
($mode, $i, 32);
3811 elsif ($mode == 12800)
3813 for (my $i = 1; $i < 25; $i++)
3817 rnd
($mode, $len, 20);
3821 rnd
($mode, $i, 20);
3825 elsif ($mode == 12900)
3827 for (my $i = 1; $i < 32; $i++)
3831 rnd
($mode, $len, 32);
3835 rnd
($mode, $i, 32);
3839 elsif ($mode == 13000)
3841 for (my $i = 1; $i < 32; $i++)
3845 rnd
($mode, $len, 32);
3849 rnd
($mode, $i, 32);
3853 elsif ($mode == 13100)
3855 for (my $i = 1; $i < 27; $i++)
3859 rnd
($mode, $len, 16);
3863 rnd
($mode, $i, 16);
3867 elsif ($mode == 13200)
3869 for (my $i = 1; $i < 32; $i++)
3873 rnd
($mode, $len, 32);
3877 rnd
($mode, $i, 32);
3881 elsif ($mode == 13400)
3883 for (my $i = 1; $i < 16; $i++)
3887 rnd
($mode, $len, 16);
3891 rnd
($mode, $i, 16);
3895 elsif ($mode == 13500)
3897 for (my $i = 1; $i < 16; $i++)
3901 rnd
($mode, $len, 16);
3905 rnd
($mode, $i, 16);
3918 my $word_buf = shift;
3920 my $salt_buf = shift;
3924 my $additional_param = shift;
3926 my $additional_param2 = shift;
3928 my $additional_param3 = shift;
3930 my $additional_param4 = shift;
3932 my $additional_param5 = shift;
3934 my $additional_param6 = shift;
3936 my $additional_param7 = shift;
3938 my $additional_param8 = shift;
3940 my $additional_param9 = shift;
3942 my $additional_param10 = shift;
3944 my $additional_param11 = shift;
3956 $hash_buf = md5_hex
($word_buf);
3958 $tmp_hash = sprintf ("%s", $hash_buf);
3962 $hash_buf = md5_hex
($word_buf . $salt_buf);
3964 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3968 $hash_buf = md5_hex
($word_buf . $salt_buf);
3970 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3974 $hash_buf = md5_hex
($word_buf . $salt_buf);
3976 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3980 $hash_buf = md5_hex
($salt_buf . $word_buf);
3982 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3986 $hash_buf = md5_hex
($salt_buf . $word_buf);
3988 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3992 my $itoa64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
3993 my $salt_suffix = "Administration Tools";
3995 my $pass = sprintf ("%s:%s:%s", $salt_buf, $salt_suffix, $word_buf);
3997 $hash_buf = md5
($pass);
4001 for (my $pos = 0; $pos < 16; $pos += 2)
4003 my $octet1 = ord (substr ($hash_buf, $pos + 0, 1));
4004 my $octet2 = ord (substr ($hash_buf, $pos + 1, 1));
4006 my $num = ($octet1 <<8 & 0xff00) | ($octet2 & 0xff);
4008 my $idx1 = $num >> 12 & 0x0f;
4009 my $idx2 = $num >> 6 & 0x3f;
4010 my $idx3 = $num & 0x3f;
4012 $res = $res . substr ($itoa64, $idx1, 1) . substr ($itoa64, $idx2, 1) . substr ($itoa64, $idx3, 1);
4015 my $obfuscate_str = "nrcstn";
4016 my @obfuscate_pos = (0, 6, 12, 17, 23, 29);
4018 foreach my $pos (keys @obfuscate_pos)
4020 my $idx = $obfuscate_pos[$pos];
4021 my $before = substr ($res, 0, $idx);
4022 my $char = substr ($obfuscate_str, $pos, 1);
4023 my $after = substr ($res, $idx);
4025 $res = sprintf ("%s%s%s", $before, $char, $after);
4028 $tmp_hash = sprintf ("%s:%s", $res, $salt_buf);
4032 $hash_buf = md5_hex
($salt_buf . "\nskyper\n" . $word_buf);
4034 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4038 $hash_buf = md5_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4040 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4044 $hash_buf = md5_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4046 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4050 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
, 64);
4052 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4056 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&md5
, 64);
4058 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4060 elsif ($mode == 100)
4062 $hash_buf = sha1_hex
($word_buf);
4064 $tmp_hash = sprintf ("%s", $hash_buf);
4066 elsif ($mode == 101)
4068 $hash_buf = sha1
($word_buf);
4070 my $base64_buf = encode_base64
($hash_buf);
4072 chomp ($base64_buf);
4074 $tmp_hash = sprintf ("{SHA}%s", $base64_buf);
4076 elsif ($mode == 110)
4078 $hash_buf = sha1_hex
($word_buf . $salt_buf);
4080 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4082 elsif ($mode == 111)
4084 $hash_buf = sha1
($word_buf . $salt_buf);
4086 my $base64_buf = encode_base64
($hash_buf . $salt_buf);
4088 chomp ($base64_buf);
4090 $tmp_hash = sprintf ("{SSHA}%s", $base64_buf);
4092 elsif ($mode == 112)
4094 my $salt_buf_bin = pack ("H*", $salt_buf);
4096 $hash_buf = sha1_hex
($word_buf . $salt_buf_bin);
4098 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4100 elsif ($mode == 120)
4102 $hash_buf = sha1_hex
($salt_buf . $word_buf);
4104 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4106 elsif ($mode == 121)
4108 $hash_buf = sha1_hex
(lc ($salt_buf) . $word_buf);
4110 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4112 elsif ($mode == 122)
4114 my $salt_buf_bin = pack ("H*", $salt_buf);
4116 $hash_buf = sha1_hex
($salt_buf_bin . $word_buf);
4118 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
4120 elsif ($mode == 125)
4122 my $signature = "01";
4124 my $salt_buf_bin = pack ("H*", $salt_buf . $signature);
4126 $hash_buf = sha1_hex
($salt_buf_bin . $word_buf);
4128 $tmp_hash = sprintf ("%s%s%s", $salt_buf, $signature, $hash_buf);
4130 elsif ($mode == 130)
4132 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4134 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4136 elsif ($mode == 131)
4138 my $salt_buf_bin = pack ("H*", $salt_buf);
4140 $hash_buf = sha1_hex
(encode
("UTF-16LE", uc ($word_buf)) . $salt_buf_bin);
4142 $tmp_hash = sprintf ("0x0100%s%s%s", $salt_buf, "0" x
40, $hash_buf);
4144 elsif ($mode == 132)
4146 my $salt_buf_bin = pack ("H*", $salt_buf);
4148 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
4150 $tmp_hash = sprintf ("0x0100%s%s", $salt_buf, $hash_buf);
4152 elsif ($mode == 133)
4154 $hash_buf = sha1
(encode
("UTF-16LE", $word_buf));
4156 $hash_buf = encode_base64
($hash_buf);
4157 $hash_buf =~ s/[\r\n]//g;
4159 $tmp_hash = sprintf ("%s", $hash_buf);
4161 elsif ($mode == 140)
4163 $hash_buf = sha1_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4165 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4167 elsif ($mode == 141)
4169 $hash_buf = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
4171 my $base64_salt_buf = encode_base64
($salt_buf);
4173 chomp ($base64_salt_buf);
4175 my $base64_hash_buf = encode_base64
($hash_buf);
4177 $base64_hash_buf = substr ($base64_hash_buf, 0, 27);
4179 $tmp_hash = sprintf ("\$episerver\$*0*%s*%s", $base64_salt_buf, $base64_hash_buf);
4181 elsif ($mode == 150)
4183 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
, 64);
4185 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4187 elsif ($mode == 160)
4189 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha1
, 64);
4191 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4193 elsif ($mode == 190)
4195 $hash_buf = sha1_hex
($word_buf);
4197 my $variant = int (rand (2));
4199 if (defined ($additional_param))
4201 $variant = $additional_param;
4206 substr ($hash_buf, 0, 5) = "00000";
4209 $tmp_hash = sprintf ("%s", $hash_buf);
4211 elsif ($mode == 200)
4213 my $ppr = Authen
::Passphrase
::MySQL323
->new (passphrase
=> $word_buf);
4215 $hash_buf = $ppr->hash_hex;
4217 $tmp_hash = sprintf ("%s", $hash_buf);
4219 elsif ($mode == 300)
4221 $hash_buf = substr (password41
($word_buf), 1);
4223 $hash_buf = lc ($hash_buf); # useful for 'not matched' check only
4225 $tmp_hash = sprintf ("%s", $hash_buf);
4227 elsif ($mode == 400)
4236 my $ppr = Authen
::Passphrase
::PHPass
->new
4240 passphrase
=> $word_buf,
4243 $hash_buf = $ppr->as_rfc2307;
4245 $tmp_hash = sprintf ("%s", substr ($hash_buf, 7));
4247 elsif ($mode == 500)
4249 my $iterations = 1000;
4251 if (defined ($iter))
4255 $iterations = int ($iter);
4259 $hash_buf = md5_crypt
('$1$', $iterations, $word_buf, $salt_buf);
4261 $tmp_hash = sprintf ("%s", $hash_buf);
4263 elsif ($mode == 900)
4265 $hash_buf = md4_hex
($word_buf);
4267 $tmp_hash = sprintf ("%s", $hash_buf);
4269 elsif ($mode == 1000)
4271 $hash_buf = md4_hex
(encode
("UTF-16LE", $word_buf));
4273 $tmp_hash = sprintf ("%s", $hash_buf);
4275 elsif ($mode == 1100)
4277 $hash_buf = md4_hex
(md4
(encode
("UTF-16LE", $word_buf)) . encode
("UTF-16LE", lc ($salt_buf)));
4279 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4281 elsif ($mode == 1400)
4283 $hash_buf = sha256_hex
($word_buf);
4285 $tmp_hash = sprintf ("%s", $hash_buf);
4287 elsif ($mode == 1410)
4289 $hash_buf = sha256_hex
($word_buf . $salt_buf);
4291 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4293 elsif ($mode == 1420)
4295 $hash_buf = sha256_hex
($salt_buf . $word_buf);
4297 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4299 elsif ($mode == 1430)
4301 $hash_buf = sha256_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4303 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4305 elsif ($mode == 1440)
4307 $hash_buf = sha256_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4309 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4311 elsif ($mode == 1441)
4313 $hash_buf = sha256
($salt_buf . encode
("UTF-16LE", $word_buf));
4315 my $base64_salt_buf = encode_base64
($salt_buf);
4317 chomp ($base64_salt_buf);
4319 my $base64_hash_buf = encode_base64
($hash_buf);
4321 chomp ($base64_hash_buf);
4323 $base64_hash_buf = substr ($base64_hash_buf, 0, 43);
4325 $tmp_hash = sprintf ("\$episerver\$*1*%s*%s", $base64_salt_buf, $base64_hash_buf);
4327 elsif ($mode == 1450)
4329 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha256
, 64);
4331 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4333 elsif ($mode == 1460)
4335 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha256
, 64);
4337 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4339 elsif ($mode == 1500)
4341 $hash_buf = crypt ($word_buf, $salt_buf);
4343 $tmp_hash = sprintf ("%s", $hash_buf);
4345 elsif ($mode == 1600)
4347 my $iterations = 1000;
4349 if (defined ($iter))
4353 $iterations = int ($iter);
4357 $hash_buf = md5_crypt
('$apr1$', $iterations, $word_buf, $salt_buf);
4359 $tmp_hash = sprintf ("%s", $hash_buf);
4361 elsif ($mode == 1700)
4363 $hash_buf = sha512_hex
($word_buf);
4365 $tmp_hash = sprintf ("%s", $hash_buf);
4367 elsif ($mode == 1710)
4369 $hash_buf = sha512_hex
($word_buf . $salt_buf);
4371 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4373 elsif ($mode == 1711)
4375 $hash_buf = sha512_hex
($word_buf . $salt_buf);
4377 my $base64_buf = encode_base64
(pack ("H*", $hash_buf) . $salt_buf);
4379 $base64_buf =~ s/[ \n]//g;
4381 $tmp_hash = sprintf ("{SSHA512}%s", $base64_buf);
4383 elsif ($mode == 1720)
4385 $hash_buf = sha512_hex
($salt_buf . $word_buf);
4387 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4389 elsif ($mode == 1730)
4391 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4393 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4395 elsif ($mode == 1740)
4397 $hash_buf = sha512_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4399 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4401 elsif ($mode == 1722)
4403 my $salt_buf_bin = pack ("H*", $salt_buf);
4405 $hash_buf = sha512_hex
($salt_buf_bin . $word_buf);
4407 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
4409 elsif ($mode == 1731)
4411 my $salt_buf_bin = pack ("H*", $salt_buf);
4413 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
4415 $tmp_hash = sprintf ("0x0200%s%s", $salt_buf, $hash_buf);
4417 elsif ($mode == 1750)
4419 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha512
, 128);
4421 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4423 elsif ($mode == 1760)
4425 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha512
, 128);
4427 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4429 elsif ($mode == 1800)
4431 my $iterations = 5000;
4433 if (defined ($iter))
4437 $iterations = int ($iter);
4441 $hash_buf = sha512_crypt
($iterations, $word_buf, $salt_buf);
4443 $tmp_hash = sprintf ("%s", $hash_buf);
4445 elsif ($mode == 2100)
4447 my $iterations = 10240;
4451 $iterations = int ($iter);
4454 my $salt = encode
("UTF-16LE", lc ($salt_buf));
4456 my $pbkdf2 = Crypt
::PBKDF2
->new
4458 hash_class
=> 'HMACSHA1',
4459 iterations
=> $iterations,
4461 salt_len
=> length ($salt),
4464 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 ($salt, md4
(md4
(encode
("UTF-16LE", $word_buf)) . $salt)));
4466 $tmp_hash = sprintf ("\$DCC2\$%i#%s#%s", $iterations, $salt_buf, $hash_buf);
4468 elsif ($mode == 2400)
4470 $tmp_hash = sprintf ("%s", pseudo_base64
(Digest
::MD5
::md5
($word_buf . "\0" x
(16 - length ($word_buf)))));
4472 elsif ($mode == 2410)
4474 my $salt_len = length ($salt_buf);
4476 my $salt_len_max4 = ($salt_len < 4) ?
$salt_len : 4;
4478 my $hash_buf = pseudo_base64
(Digest
::MD5
::md5
($word_buf . substr ($salt_buf, 0, $salt_len_max4) . "\0" x
(16 - length ($word_buf) - $salt_len_max4)));
4480 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4482 elsif ($mode == 2500)
4484 my ($bssid, $stmac, $snonce, $anonce, $eapol, $keyver, $eapol_size);
4486 if (! defined ($additional_param))
4490 $bssid = randbytes
(6);
4491 $stmac = randbytes
(6);
4492 $snonce = randbytes
(32);
4493 $anonce = randbytes
(32);
4495 $keyver = get_random_num
(1, 3); # 1 or 2
4498 # should be "validly" generated, but in theory could be anything for us also:
4499 # $eapol = "\x00" x 121; # works too, but let's generate it correctly
4501 $eapol = gen_random_wpa_eapol
($keyver, $snonce);
4505 $bssid = $additional_param;
4506 $stmac = $additional_param2;
4507 $snonce = $additional_param3;
4508 $anonce = $additional_param4;
4509 $keyver = $additional_param5;
4510 $eapol = $additional_param6;
4513 $eapol_size = length ($eapol);
4517 my $iterations = 4096;
4523 # generate the Pairwise Master Key (PMK)
4525 my $pbkdf2 = Crypt
::PBKDF2
->new
4527 hash_class
=> 'HMACSHA1',
4528 iterations
=> $iterations,
4532 my $pmk = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
4534 # Pairwise Transient Key (PTK) transformation
4536 my $ptk = wpa_prf_512
($pmk, $stmac, $bssid, $snonce, $anonce);
4538 # generate the Message Integrity Code (MIC)
4542 if ($keyver == 1) # WPA1 => MD5
4544 $mic = hmac
($eapol, $ptk, \
&md5
);
4548 $mic = hmac
($eapol, $ptk, \
&sha1
);
4551 $mic = substr ($mic, 0, 16);
4554 # format the binary output
4559 # first the essid (NULL-padded up to the first 36 bytes)
4561 $hash_buf .= $salt_buf;
4562 $hash_buf .= "\x00" x
(36 - length ($salt_buf));
4564 # the 2 MAC addresses
4566 $hash_buf .= $bssid;
4567 $hash_buf .= $stmac;
4571 $hash_buf .= $snonce;
4572 $hash_buf .= $anonce;
4576 $hash_buf .= $eapol;
4577 $hash_buf .= "\x00" x
(256 - $eapol_size);
4581 $hash_buf .= pack ("L*", $eapol_size);
4585 $hash_buf .= pack ("L*", $keyver);
4587 # and finally: the key mic
4591 # base64 encode the output
4593 $tmp_hash = encode_base64
($hash_buf, '');
4595 elsif ($mode == 2600)
4597 $hash_buf = md5_hex
(md5_hex
($word_buf));
4599 $tmp_hash = sprintf ("%s", $hash_buf);
4601 elsif ($mode == 2611)
4603 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4605 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4607 elsif ($mode == 2612)
4609 my $salt_buf_hex = unpack ("H*", $salt_buf);
4611 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4613 $tmp_hash = sprintf ("\$PHPS\$%s\$%s", $salt_buf_hex, $hash_buf);
4615 elsif ($mode == 2711)
4617 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4619 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4621 elsif ($mode == 2811)
4623 $hash_buf = md5_hex
(md5_hex
($salt_buf) . md5_hex
($word_buf));
4625 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4627 elsif ($mode == 3000)
4629 my $ppr = Authen
::Passphrase
::LANManager
->new ("passphrase" => $word_buf);
4631 $hash_buf = $ppr->hash_hex;
4633 $tmp_hash = sprintf ("%s", substr ($hash_buf, 0, 16));
4635 elsif ($mode == 3100)
4637 $hash_buf = oracle_hash
($salt_buf, $word_buf);
4639 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4641 elsif ($mode == 3200)
4650 $tmp_hash = bcrypt
($word_buf, sprintf ('$2a$%s$%s$', $cost, en_base64
($salt_buf)));
4652 elsif ($mode == 3300)
4654 my $iterations = 904;
4658 $iterations = int ($iter);
4663 if (defined ($additional_param))
4665 $variant = $additional_param;
4668 my $prefix = sprintf ("\$md5%srounds=%i\$%s", $variant, $iterations, $salt_buf);
4670 $iterations += 4096;
4672 $hash_buf = sun_md5
($word_buf, $prefix, $iterations);
4674 $tmp_hash = sprintf ("%s\$%s", $prefix, $hash_buf);
4676 elsif ($mode == 3500)
4678 $hash_buf = md5_hex
(md5_hex
(md5_hex
($word_buf)));
4680 $tmp_hash = sprintf ("%s", $hash_buf);
4682 elsif ($mode == 3610)
4684 $hash_buf = md5_hex
(md5_hex
($salt_buf) . $word_buf);
4686 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4688 elsif ($mode == 3710)
4690 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf));
4692 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4694 elsif ($mode == 3711)
4696 $hash_buf = md5_hex
($salt_buf . "-" . md5_hex
($word_buf));
4698 $tmp_hash = sprintf ("\$B\$%s\$%s", $salt_buf, $hash_buf);
4700 elsif ($mode == 3720)
4702 $hash_buf = md5_hex
($word_buf . md5_hex
($salt_buf));
4704 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4706 elsif ($mode == 3800)
4708 $hash_buf = md5_hex
($salt_buf . $word_buf . $salt_buf);
4710 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4712 elsif ($mode == 3910)
4714 $hash_buf = md5_hex
(md5_hex
($word_buf) . md5_hex
($salt_buf));
4716 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4718 elsif ($mode == 4010)
4720 $hash_buf = md5_hex
($salt_buf . md5_hex
($salt_buf . $word_buf));
4722 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4724 elsif ($mode == 4110)
4726 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf . $salt_buf));
4728 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4730 elsif ($mode == 4210)
4732 $hash_buf = md5_hex
($salt_buf . "\x00" . $word_buf);
4734 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4736 elsif ($mode == 4300)
4738 $hash_buf = md5_hex
(uc (md5_hex
($word_buf)));
4740 $tmp_hash = sprintf ("%s", $hash_buf);
4742 elsif ($mode == 4400)
4744 $hash_buf = md5_hex
(sha1_hex
($word_buf));
4746 $tmp_hash = sprintf ("%s", $hash_buf);
4748 elsif ($mode == 4500)
4750 $hash_buf = sha1_hex
(sha1_hex
($word_buf));
4752 $tmp_hash = sprintf ("%s", $hash_buf);
4754 elsif ($mode == 4600)
4756 $hash_buf = sha1_hex
(sha1_hex
(sha1_hex
($word_buf)));
4758 $tmp_hash = sprintf ("%s", $hash_buf);
4760 elsif ($mode == 4700)
4762 $hash_buf = sha1_hex
(md5_hex
($word_buf));
4764 $tmp_hash = sprintf ("%s", $hash_buf);
4766 elsif ($mode == 4800)
4768 my $index = rindex ($salt_buf, ":");
4770 my $salt = substr ($salt_buf, 0, $index);
4771 my $salt_bin = pack ("H*", $salt);
4772 my $chap_sign = substr ($salt_buf, $index + 1);
4773 my $chap_sign_bin = pack ("H*", $chap_sign);
4775 $hash_buf = md5_hex
($chap_sign_bin . $word_buf . $salt_bin);
4777 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4779 elsif ($mode == 4900)
4781 $hash_buf = sha1_hex
($salt_buf . $word_buf . $salt_buf);
4783 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4785 elsif ($mode == 5000)
4787 $hash_buf = keccak_256_hex
($word_buf);
4789 $tmp_hash = sprintf ("%s", $hash_buf);
4791 elsif ($mode == 5100)
4795 if (! defined ($additional_param))
4801 $pos = $additional_param * 8 unless ($additional_param > 2);
4804 $hash_buf = md5_hex
($word_buf);
4806 $tmp_hash = sprintf ("%s", substr ($hash_buf, $pos, 16));
4808 elsif ($mode == 5300)
4810 my @salt_arr = split (":", $salt_buf);
4812 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4813 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4815 my $hash_buf = hmac
($nr_buf , $word_buf, \
&md5
, 64);
4816 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&md5
, 64);
4818 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4820 elsif ($mode == 5400)
4822 my @salt_arr = split (":", $salt_buf);
4824 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4825 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4827 my $hash_buf = hmac
($nr_buf , $word_buf, \
&sha1
, 64);
4828 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&sha1
, 64);
4830 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4832 elsif ($mode == 5500)
4834 my $index1 = index ($salt_buf, "::");
4835 my $user = substr ($salt_buf, 0, $index1);
4837 my $index2 = index ($salt_buf, ":", $index1 + 2);
4838 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4840 my $len = length (substr ($salt_buf, $index2 + 1));
4842 my $c_challenge_hex;
4846 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 48);
4851 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4852 $c_challenge_hex .= 00 x
32;
4855 my $c_challenge = pack ("H*", substr ($c_challenge_hex, 0, 16));
4856 my $s_challenge_hex = substr ($salt_buf, $index2 + 17, 16);
4857 my $s_challenge = pack ("H*", $s_challenge_hex);
4859 my $challenge = substr (md5
($s_challenge . $c_challenge), 0, 8);
4863 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash . "\x00" x
5;
4865 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 0, 7)), "DES", $challenge, "none");
4866 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 7, 7)), "DES", $challenge, "none");
4867 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 14, 7)), "DES", $challenge, "none");
4869 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $c_challenge_hex, unpack ("H*", $ntresp), $s_challenge_hex);
4871 elsif ($mode == 5600)
4873 my $index1 = index ($salt_buf, "::");
4874 my $user = substr ($salt_buf, 0, $index1);
4876 my $index2 = index ($salt_buf, ":", $index1 + 2);
4877 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4879 my $s_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4880 my $s_challenge = pack ("H*", $s_challenge_hex);
4882 my $temp_hex = substr ($salt_buf, $index2 + 17);
4883 my $temp = pack ("H*", $temp_hex);
4885 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash;
4886 my $identity = Encode
::encode
("UTF-16LE", uc ($user) . $domain);
4888 $hash_buf = hmac_hex
($s_challenge . $temp, hmac
($identity, $nthash, \
&md5
, 64), \
&md5
, 64);
4890 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $s_challenge_hex, $hash_buf, $temp_hex);
4892 elsif ($mode == 5700)
4894 $hash_buf = sha256
($word_buf);
4896 my $base64_buf = encode_base64
($hash_buf);
4900 for (my $i = 0; $i < 43; $i++)
4902 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($base64_buf, $i, 1)};
4905 elsif ($mode == 5800)
4907 $hash_buf = androidpin_hash
($word_buf, $salt_buf);
4909 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4911 elsif ($mode == 6000)
4913 $hash_buf = ripemd160_hex
($word_buf);
4915 $tmp_hash = sprintf ("%s", $hash_buf);
4917 elsif ($mode == 6100)
4919 $hash_buf = whirlpool_hex
($word_buf);
4921 $tmp_hash = sprintf ("%s", $hash_buf);
4923 elsif ($mode == 6300)
4925 my $iterations = 1000; # hard coded by the AIX format
4927 $hash_buf = md5_crypt
('', $iterations, $word_buf, $salt_buf);
4929 $tmp_hash = sprintf ("{smd5}%s", $hash_buf);
4931 elsif ($mode == 6400)
4933 my $iterations = 64;
4937 $iterations = 1 << int ($iter);
4940 $hash_buf = aix_ssha256_pbkdf2
($word_buf, $salt_buf, $iterations);
4942 $tmp_hash = sprintf ("{ssha256}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4944 elsif ($mode == 6500)
4946 my $iterations = 64;
4950 $iterations = 1 << int ($iter);
4953 $hash_buf = aix_ssha512_pbkdf2
($word_buf, $salt_buf, $iterations);
4955 $tmp_hash = sprintf ("{ssha512}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4957 elsif ($mode == 6600)
4959 my $iterations = 1000;
4963 $iterations = int ($iter);
4966 my $salt_hex = substr ($salt_buf, 0, 16);
4967 my $salt = pack ("H*", $salt_hex);
4969 my $prefix = substr ($salt_buf, 16, 2016);
4971 my $iv_hex = substr ($salt_buf, 2032);
4972 my $iv = pack ("H*", $iv_hex);
4974 my $data = pack ("H*", "10101010101010101010101010101010");
4976 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA1');
4978 my $pbkdf2 = Crypt
::PBKDF2
->new (
4980 iterations
=> $iterations,
4984 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
4986 my $cipher = Crypt
::CBC
->new ({
4988 cipher
=> "Crypt::Rijndael",
4995 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
4997 $hash_buf = substr ($encrypted, 0, 32);
4999 $tmp_hash = sprintf ("%i:%s:%s%s%s", $iterations, $salt_hex, $prefix, $iv_hex, $hash_buf);
5001 elsif ($mode == 6700)
5003 my $iterations = 64;
5007 $iterations = 1 << int ($iter);
5010 $hash_buf = aix_ssha1_pbkdf2
($word_buf, $salt_buf, $iterations);
5012 $tmp_hash = sprintf ("{ssha1}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
5014 elsif ($mode == 6800)
5016 my $variant = $additional_param;
5018 if (! defined ($variant))
5020 $variant = int (rand (2));
5023 my $iterations = 500;
5027 $iterations = int ($iter);
5030 my $iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
5032 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256);
5034 my $pbkdf2 = Crypt
::PBKDF2
->new (
5036 iterations
=> $iterations,
5040 my $key = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
5042 my $cipher = Crypt
::CBC
->new ({
5044 cipher
=> "Crypt::Rijndael",
5053 my $encrypt = $cipher->encrypt (substr ($salt_buf, 0, 16));
5055 $hash_buf = substr (unpack ("H*", $encrypt), 0, 32);
5059 my $verifier = "lastpass rocks\x02\x02";
5061 $hash_buf = unpack ("H*", substr ($cipher->encrypt ($verifier), 0, 16));
5064 $tmp_hash = sprintf ("%s:%i:%s", $hash_buf, $iterations, $salt_buf);
5066 elsif ($mode == 6900)
5068 $hash_buf = gost_hex
($word_buf);
5070 $tmp_hash = sprintf ("%s", $hash_buf);
5072 elsif ($mode == 7100)
5074 my $iterations = 1024;
5078 $iterations = int ($iter);
5081 my $pbkdf2 = Crypt
::PBKDF2
->new
5083 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
5084 iterations
=> $iterations
5087 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
5089 $tmp_hash = sprintf ("\$ml\$%i\$%s\$%0128s", $iterations, $salt_buf, $hash_buf);
5091 elsif ($mode == 7200)
5093 my $iterations = 1024;
5097 $iterations = int ($iter);
5100 my $pbkdf2 = Crypt
::PBKDF2
->new (
5101 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
5102 iterations
=> $iterations
5105 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
5107 $tmp_hash = sprintf ("grub.pbkdf2.sha512.%i.%s.%0128s", $iterations, $salt_buf, $hash_buf);
5109 elsif ($mode == 7300)
5111 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
);
5113 $tmp_hash = sprintf ("%s:%s", unpack ("H*", $salt_buf), $hash_buf);
5115 elsif ($mode == 7400)
5117 my $iterations = 5000;
5119 if (defined ($iter))
5123 $iterations = int ($iter);
5127 $hash_buf = sha256_crypt
($iterations, $word_buf, $salt_buf);
5129 $tmp_hash = sprintf ("%s", $hash_buf);
5131 elsif ($mode == 7500)
5133 my @salt_arr = split ("\\\$", $salt_buf);
5135 my $user = $salt_arr[0];
5137 my $realm = $salt_arr[1];
5139 my $salt = $salt_arr[2];
5141 my $hmac_salt = $salt_arr[3];
5142 my $hmac_salt_bin = pack ("H*", $hmac_salt);
5144 my $clear_data = $salt_arr[4];
5146 my $k = md4
(encode
("UTF-16LE", $word_buf));
5148 my $k1 = hmac_md5
("\x01\x00\x00\x00", $k);
5150 my $k3 = hmac_md5
($hmac_salt_bin, $k1);
5152 if (length ($clear_data) > 1)
5154 my $clear_data_bin = pack ("H*", $clear_data);
5156 $hash_buf = RC4
($k3, $clear_data_bin);
5160 my $hash = $salt_arr[5];
5162 my $hash_bin = pack ("H*", $hash);
5164 my $clear_data = RC4
($k3, $hash_bin);
5166 my $timestamp = substr ($clear_data, 14, 14);
5171 if ($timestamp !~ /^[[:digit:]]{14}$/)
5178 $hash_buf = "\x00" x
36;
5180 if ($hash_buf eq $hash_bin)
5182 $hash_buf = "\x01" x
36;
5187 $hash_buf = $hash_bin;
5191 $tmp_hash = sprintf ("\$krb5pa\$23\$%s\$%s\$%s\$%s%s", $user, $realm, $salt, unpack ("H*", $hash_buf), $hmac_salt);
5193 elsif ($mode == 7600)
5195 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($word_buf));
5197 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5199 elsif ($mode == 7700)
5201 $word_buf = uc $word_buf;
5202 $salt_buf = uc $salt_buf;
5204 my $word_buf_t = sapb_transcode
($word_buf);
5205 my $salt_buf_t = sapb_transcode
($salt_buf);
5207 my $digest1 = md5
($word_buf_t . $salt_buf_t);
5209 my $data = sapb_waldorf
($digest1, $word_buf_t, $salt_buf_t);
5211 my $digest2 = md5
($data);
5213 my ($a, $b, $c, $d) = unpack ("N4", $digest2);
5218 $tmp_hash = sprintf ("%s\$%08X%08X", $salt_buf, $a, $b);
5220 elsif ($mode == 7800)
5222 my $theMagicArray_s =
5223 "\x91\xac\x51\x14\x9f\x67\x54\x43\x24\xe7\x3b\xe0\x28\x74\x7b\xc2" .
5224 "\x86\x33\x13\xeb\x5a\x4f\xcb\x5c\x08\x0a\x73\x37\x0e\x5d\x1c\x2f" .
5225 "\x33\x8f\xe6\xe5\xf8\x9b\xae\xdd\x16\xf2\x4b\x8d\x2c\xe1\xd4\xdc" .
5226 "\xb0\xcb\xdf\x9d\xd4\x70\x6d\x17\xf9\x4d\x42\x3f\x9b\x1b\x11\x94" .
5227 "\x9f\x5b\xc1\x9b\x06\x05\x9d\x03\x9d\x5e\x13\x8a\x1e\x9a\x6a\xe8" .
5228 "\xd9\x7c\x14\x17\x58\xc7\x2a\xf6\xa1\x99\x63\x0a\xd7\xfd\x70\xc3" .
5229 "\xf6\x5e\x74\x13\x03\xc9\x0b\x04\x26\x98\xf7\x26\x8a\x92\x93\x25" .
5230 "\xb0\xa2\x0d\x23\xed\x63\x79\x6d\x13\x32\xfa\x3c\x35\x02\x9a\xa3" .
5231 "\xb3\xdd\x8e\x0a\x24\xbf\x51\xc3\x7c\xcd\x55\x9f\x37\xaf\x94\x4c" .
5232 "\x29\x08\x52\x82\xb2\x3b\x4e\x37\x9f\x17\x07\x91\x11\x3b\xfd\xcd";
5234 $salt_buf = uc $salt_buf;
5236 my $digest = sha1
($word_buf . $salt_buf);
5238 my ($a, $b, $c, $d, $e) = unpack ("I*", $digest);
5240 my $lengthMagicArray = 0x20;
5241 my $offsetMagicArray = 0;
5243 $lengthMagicArray += (($a >> 0) & 0xff) % 6;
5244 $lengthMagicArray += (($a >> 8) & 0xff) % 6;
5245 $lengthMagicArray += (($a >> 16) & 0xff) % 6;
5246 $lengthMagicArray += (($a >> 24) & 0xff) % 6;
5247 $lengthMagicArray += (($b >> 0) & 0xff) % 6;
5248 $lengthMagicArray += (($b >> 8) & 0xff) % 6;
5249 $lengthMagicArray += (($b >> 16) & 0xff) % 6;
5250 $lengthMagicArray += (($b >> 24) & 0xff) % 6;
5251 $lengthMagicArray += (($c >> 0) & 0xff) % 6;
5252 $lengthMagicArray += (($c >> 8) & 0xff) % 6;
5253 $offsetMagicArray += (($c >> 16) & 0xff) % 8;
5254 $offsetMagicArray += (($c >> 24) & 0xff) % 8;
5255 $offsetMagicArray += (($d >> 0) & 0xff) % 8;
5256 $offsetMagicArray += (($d >> 8) & 0xff) % 8;
5257 $offsetMagicArray += (($d >> 16) & 0xff) % 8;
5258 $offsetMagicArray += (($d >> 24) & 0xff) % 8;
5259 $offsetMagicArray += (($e >> 0) & 0xff) % 8;
5260 $offsetMagicArray += (($e >> 8) & 0xff) % 8;
5261 $offsetMagicArray += (($e >> 16) & 0xff) % 8;
5262 $offsetMagicArray += (($e >> 24) & 0xff) % 8;
5264 my $hash_buf = sha1_hex
($word_buf . substr ($theMagicArray_s, $offsetMagicArray, $lengthMagicArray) . $salt_buf);
5266 $tmp_hash = sprintf ("%s\$%s", $salt_buf, uc $hash_buf);
5268 elsif ($mode == 7900)
5277 my $phpass_it = 1 << $cost;
5279 $hash_buf = sha512
($salt_buf . $word_buf);
5281 for (my $i = 0; $i < $phpass_it; $i++)
5283 $hash_buf = sha512
($hash_buf . $word_buf);
5286 my $base64_buf = substr (Authen
::Passphrase
::PHPass
::_en_base64
($hash_buf), 0, 43);
5288 my $base64_digits = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
5290 my $cost_str = substr ($base64_digits , $cost, 1);
5292 $tmp_hash = sprintf ('$S$%s%s%s', $cost_str, $salt_buf, $base64_buf);
5294 elsif ($mode == 8000)
5296 my $salt_buf_bin = pack ("H*", $salt_buf);
5298 my $word_buf_utf = encode
("UTF-16BE", $word_buf);
5300 $hash_buf = sha256_hex
($word_buf_utf . "\x00" x
(510 - (length ($word_buf) * 2)) . $salt_buf_bin);
5302 $tmp_hash = sprintf ("0xc007%s%s", $salt_buf, $hash_buf);
5304 elsif ($mode == 8100)
5306 $hash_buf = sha1_hex
($salt_buf . $word_buf . "\x00");
5308 $tmp_hash = sprintf ("1%s%s", $salt_buf, $hash_buf);
5310 elsif ($mode == 8200)
5312 my $iterations = 40000;
5314 if (defined ($iter))
5316 $iterations = $iter;
5319 my $salt_hex = substr ($salt_buf, 0, 32);
5320 my $salt = pack ("H*", $salt_hex);
5322 my $data_hex = substr ($salt_buf, 32);
5323 my $data = pack ("H*", $data_hex);
5325 my $pbkdf2 = Crypt
::PBKDF2
->new
5327 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
5328 iterations
=> int $iterations
5331 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
5333 $hash_buf = hmac_hex
($data, substr ($key, 32, 32), \
&sha256
, 64);
5335 $tmp_hash = sprintf ("%s:%s:%d:%s", $hash_buf, $salt_hex, $iterations, $data_hex);
5337 elsif ($mode == 8300)
5339 my ($domain, $salt_hex) = split (":", $salt_buf);
5341 my $hashalg = Net
::DNS
::SEC
->digtype ("SHA1");
5343 my $salt = pack ("H*", $salt_hex);
5347 if (defined ($iter))
5349 $iterations = $iter;
5352 my $name = lc ($word_buf . $domain);
5354 my $hash_buf = Net
::DNS
::RR
::NSEC3
::name2hash
($hashalg, $name, $iterations, $salt);
5356 $tmp_hash = sprintf ("%s:%s:%s:%d", $hash_buf, $domain, $salt_hex, $iterations);
5358 elsif ($mode == 8400)
5360 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($salt_buf . sha1_hex
($word_buf)));
5362 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5364 elsif ($mode == 8500)
5366 $hash_buf = racf_hash
(uc $salt_buf, $word_buf);
5368 $tmp_hash = sprintf ('$racf$*%s*%s', uc $salt_buf, uc $hash_buf);
5370 elsif ($mode == 8600)
5372 my @saved_key = map { ord $_; } split "", $word_buf;
5374 my $len = scalar @saved_key;
5376 my @state = domino_big_md
(\
@saved_key, $len);
5378 $tmp_hash = sprintf ('%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x',
5397 elsif ($mode == 8700)
5399 my $domino_char = undef;
5401 if (defined ($additional_param))
5403 $domino_char = $additional_param;
5406 my @saved_key = map { ord $_; } split "", $word_buf;
5408 my $len = scalar @saved_key;
5410 my @state = domino_big_md
(\
@saved_key, $len);
5412 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5414 @saved_key = map { ord $_; } split "", $salt_buf . uc $str;
5416 @state = domino_big_md
(\
@saved_key, 34);
5418 $hash_buf = join ("", (map { chr $_; } @state));
5420 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_buf . $hash_buf, $domino_char));
5422 elsif ($mode == 8900)
5428 if (defined ($additional_param))
5430 $N = $additional_param;
5431 $r = $additional_param2;
5432 $p = $additional_param3;
5435 $hash_buf = scrypt_hash
($word_buf, $salt_buf, $N, $r, $p, 32);
5437 $tmp_hash = sprintf ('%s', $hash_buf);
5439 elsif ($mode == 9100)
5441 my $iterations = 5000;
5443 if (defined ($iter))
5445 $iterations = $iter;
5448 my $domino_char = undef;
5450 # domino 5 hash - SEC_pwddigest_V1 - -m 8600
5452 my @saved_key = map { ord $_; } split "", $word_buf;
5454 my $len = scalar @saved_key;
5456 my @state = domino_big_md
(\
@saved_key, $len);
5459 # domino 6 hash - SEC_pwddigest_V2 - -m 8700
5461 my $salt_part = substr ($salt_buf, 0, 5);
5463 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5465 @saved_key = map { ord $_; } split "", $salt_part . uc $str;
5467 @state = domino_big_md
(\
@saved_key, 34);
5469 $hash_buf = join ("", (map { chr $_; } @state));
5471 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_part . $hash_buf, $domino_char));
5474 # domino 8(.5.x) hash - SEC_pwddigest_V3 - -m 9100
5476 my $pbkdf2 = Crypt
::PBKDF2
->new
5478 hash_class
=> 'HMACSHA1',
5479 iterations
=> $iterations,
5486 if (defined ($additional_param))
5488 $chars = $additional_param;
5491 my $digest_new = $pbkdf2->PBKDF2 ($salt_buf, $tmp_hash);
5493 my $iteration_str = "" . $iterations;
5495 for (my $i = length ($iterations); $i < 10; $i++)
5497 $iterations = "0" . $iterations;
5500 $tmp_hash = sprintf ('(H%s)', domino_85x_encode
($salt_buf . $iterations . $chars . $digest_new, $domino_char));
5502 elsif ($mode == 9200)
5504 my $iterations = 20000;
5506 my $pbkdf2 = Crypt
::PBKDF2
->new
5508 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5509 iterations
=> $iterations
5512 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5516 for (my $i = 0; $i < 43; $i++)
5518 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5521 $tmp_hash = sprintf ("\$8\$%s\$%s", $salt_buf, $tmp_hash);
5523 elsif ($mode == 9300)
5529 $hash_buf = scrypt_b64
($word_buf, $salt_buf, $N, $r, $p, 32);
5533 for (my $i = 0; $i < 43; $i++)
5535 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5538 $tmp_hash = sprintf ('$9$%s$%s', $salt_buf, $tmp_hash);
5540 elsif ($mode == 9400)
5542 my $iterations = 50000;
5546 $iterations = int ($iter);
5549 my $aes_key_size = 128; # or 256
5551 if (defined ($additional_param2))
5553 $aes_key_size = $additional_param2;
5556 $salt_buf = pack ("H*", $salt_buf);
5558 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5560 for (my $i = 0; $i < $iterations; $i++)
5562 my $num32 = pack ("L", $i);
5564 $tmp = sha1
($num32 . $tmp);
5567 my $zero32 = pack ("L", 0x00);
5569 my $derivation_array1 = pack ("C", 0x36) x
64;
5570 my $derivation_array2 = pack ("C", 0x5C) x
64;
5572 $tmp = sha1
($tmp . $zero32);
5574 my $tmp2 = sha1
($derivation_array1 ^ $tmp);
5575 my $tmp3 = sha1
($derivation_array2 ^ $tmp);
5577 my $key = substr ($tmp2 . $tmp3, 0, $aes_key_size / 8);
5579 my $m = Crypt
::Mode
::ECB
->new ('AES', 0);
5583 if (defined $additional_param)
5585 $encdata = $m->decrypt (pack ("H*", $additional_param), $key);
5589 $encdata = "A" x
16; ## can be anything
5592 my $data1_buf = $encdata;
5593 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5595 $data1_buf = substr ($data1_buf . ("\x00" x
16), 0, 16);
5596 $data2_buf = substr ($data2_buf . ("\x00" x
16), 0, 32);
5598 my $encrypted1 = unpack ("H*", $m->encrypt ($data1_buf, $key));
5599 my $encrypted2 = unpack ("H*", $m->encrypt ($data2_buf, $key));
5601 $encrypted1 = substr ($encrypted1, 0, 32);
5602 $encrypted2 = substr ($encrypted2, 0, 40);
5604 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2007, 20, $aes_key_size, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5606 elsif ($mode == 9500)
5608 my $iterations = 100000;
5612 $iterations = int ($iter);
5615 $salt_buf = pack ("H*", $salt_buf);
5617 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5619 for (my $i = 0; $i < $iterations; $i++)
5621 my $num32 = pack ("L", $i);
5623 $tmp = sha1
($num32 . $tmp);
5626 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5627 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5629 my $final1 = sha1
($tmp . $encryptedVerifierHashInputBlockKey);
5630 my $final2 = sha1
($tmp . $encryptedVerifierHashValueBlockKey);
5632 my $key1 = substr ($final1, 0, 16);
5633 my $key2 = substr ($final2, 0, 16);
5635 my $cipher1 = Crypt
::CBC
->new ({
5637 cipher
=> "Crypt::Rijndael",
5645 my $cipher2 = Crypt
::CBC
->new ({
5647 cipher
=> "Crypt::Rijndael",
5657 if (defined $additional_param)
5659 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5663 $encdata = "A" x
16; ## can be anything
5666 my $data1_buf = $encdata;
5667 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5669 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5670 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5672 $encrypted2 = substr ($encrypted2, 0, 64);
5674 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2010, 100000, 128, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5676 elsif ($mode == 9600)
5678 my $iterations = 100000;
5682 $iterations = int ($iter);
5685 $salt_buf = pack ("H*", $salt_buf);
5687 my $tmp = sha512
($salt_buf . encode
("UTF-16LE", $word_buf));
5689 for (my $i = 0; $i < $iterations; $i++)
5691 my $num32 = pack ("L", $i);
5693 $tmp = sha512
($num32 . $tmp);
5696 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5697 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5699 my $final1 = sha512
($tmp . $encryptedVerifierHashInputBlockKey);
5700 my $final2 = sha512
($tmp . $encryptedVerifierHashValueBlockKey);
5702 my $key1 = substr ($final1, 0, 32);
5703 my $key2 = substr ($final2, 0, 32);
5705 my $cipher1 = Crypt
::CBC
->new ({
5707 cipher
=> "Crypt::Rijndael",
5715 my $cipher2 = Crypt
::CBC
->new ({
5717 cipher
=> "Crypt::Rijndael",
5727 if (defined $additional_param)
5729 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5733 $encdata = "A" x
16; ## can be anything
5736 my $data1_buf = $encdata;
5737 my $data2_buf = sha512
(substr ($data1_buf, 0, 16));
5739 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5740 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5742 $encrypted2 = substr ($encrypted2, 0, 64);
5744 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2013, 100000, 256, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5746 elsif ($mode == 9700)
5748 $salt_buf = pack ("H*", $salt_buf);
5750 my $tmp = md5
(encode
("UTF-16LE", $word_buf));
5752 $tmp = substr ($tmp, 0, 5);
5756 for (my $i = 0; $i < 16; $i++)
5764 $tmp = substr ($tmp, 0, 5);
5768 if (defined $additional_param2)
5770 $version = $additional_param2;
5774 $version = (unpack ("L", $tmp) & 1) ?
0 : 1;
5777 my $rc4_key = md5
($tmp . "\x00\x00\x00\x00");
5779 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5783 if (defined $additional_param)
5785 $encdata = $m->RC4 (pack ("H*", $additional_param));
5789 $encdata = "A" x
16; ## can be anything
5792 my $data1_buf = $encdata;
5793 my $data2_buf = md5
(substr ($data1_buf, 0, 16));
5795 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5797 my $encrypted1 = $m->RC4 ($data1_buf);
5798 my $encrypted2 = $m->RC4 ($data2_buf);
5800 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5802 elsif ($mode == 9800)
5804 $salt_buf = pack ("H*", $salt_buf);
5806 my $tmp = sha1
($salt_buf. encode
("UTF-16LE", $word_buf));
5810 if (defined $additional_param2)
5812 $version = $additional_param2;
5816 $version = (unpack ("L", $tmp) & 1) ?
3 : 4;
5819 my $rc4_key = sha1
($tmp . "\x00\x00\x00\x00");
5823 $rc4_key = substr ($rc4_key, 0, 5) . "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
5826 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5830 if (defined $additional_param)
5832 $encdata = $m->RC4 (pack ("H*", $additional_param));
5836 $encdata = "A" x
16; ## can be anything
5839 my $data1_buf = $encdata;
5840 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5842 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5844 my $encrypted1 = $m->RC4 ($data1_buf);
5845 my $encrypted2 = $m->RC4 ($data2_buf);
5847 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5849 elsif ($mode == 9900)
5851 $tmp_hash = sprintf ("%s", md5_hex
($word_buf . "\0" x
(100 - length ($word_buf))));
5853 elsif ($mode == 10000)
5855 my $iterations = 10000;
5859 $iterations = int ($iter);
5862 my $pbkdf2 = Crypt
::PBKDF2
->new
5864 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5865 iterations
=> $iterations
5868 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5869 $hash_buf =~ s/[\r\n]//g;
5871 $tmp_hash = sprintf ("pbkdf2_sha256\$%i\$%s\$%s", $iterations, $salt_buf, $hash_buf);
5873 elsif ($mode == 10100)
5875 my $seed = pack ("H*", $salt_buf);
5877 my ($hi, $lo) = siphash
($word_buf, $seed);
5879 my $hi_s = sprintf ("%08x", $hi);
5880 my $lo_s = sprintf ("%08x", $lo);
5882 $hi_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5883 $lo_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5885 $tmp_hash = sprintf ("%s%s:2:4:%s", $hi_s, $lo_s, $salt_buf);
5887 elsif ($mode == 10200)
5889 my $challengeb64 = encode_base64
($salt_buf);
5890 $challengeb64 =~ s/[\r\n]//g;
5894 if (defined $additional_param)
5896 $username = $additional_param;
5903 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
);
5905 my $responseb64 = encode_base64
($username . " " . $hash_buf);
5906 $responseb64 =~ s/[\r\n]//g;
5908 $tmp_hash = sprintf ('$cram_md5$%s$%s', $challengeb64, $responseb64);
5910 elsif ($mode == 10300)
5912 my $iterations = 1024;
5916 $iterations = int ($iter);
5919 my $hash_buf = $salt_buf;
5921 for (my $pos = 0; $pos < $iterations; $pos++)
5923 $hash_buf = sha1
($word_buf . $hash_buf);
5926 $hash_buf = encode_base64
($hash_buf . $salt_buf);
5927 $hash_buf =~ s/[\r\n]//g;
5929 $tmp_hash = sprintf ("{x-issha, %i}%s", $iterations, $hash_buf);
5931 elsif ($mode == 10400)
5934 my $u = $additional_param;
5935 my $o = $additional_param2;
5936 my $P = $additional_param3;
5938 if (defined $u == 0)
5943 if (defined $o == 0)
5948 if (defined $P == 0)
5955 for (my $i = 0; $i < 32; $i++)
5957 $padding .= pack ("C", $pdf_padding[$i]);
5960 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, 1, 2, 0);
5962 my $m = Crypt
::RC4
->new (substr ($res, 0, 5));
5964 $u = $m->RC4 ($padding);
5966 $tmp_hash = sprintf ('$pdf$%d*%d*40*%d*%d*16*%s*32*%s*32*%s', 1, 2, $P, 0, $id, unpack ("H*", $u), $o);
5968 elsif ($mode == 10500)
5971 my $u = $additional_param;
5972 my $o = $additional_param2;
5973 my $P = $additional_param3;
5974 my $V = $additional_param4;
5975 my $R = $additional_param5;
5976 my $enc = $additional_param6;
5978 if (defined $u == 0)
5985 if (defined $o == 0)
5990 if (defined $R == 0)
5992 $R = get_random_num
(3, 5);
5995 if (defined $V == 0)
5997 $V = ($R == 3) ?
2 : 4;
6000 if (defined $P == 0)
6002 $P = ($R == 3) ?
-4 : -1028;
6005 if (defined $enc == 0)
6007 $enc = ($R == 3) ?
1 : get_random_num
(0, 2);
6012 for (my $i = 0; $i < 32; $i++)
6014 $padding .= pack ("C", $pdf_padding[$i]);
6017 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, $V, $R, $enc);
6019 my $digest = md5
($padding . pack ("H*", $id));
6021 my $m = Crypt
::RC4
->new ($res);
6023 $u = $m->RC4 ($digest);
6025 my @ress = split "", $res;
6027 for (my $x = 1; $x <= 19; $x++)
6031 for (my $i = 0; $i < 16; $i++)
6033 $xor[$i] = chr (ord ($ress[$i]) ^ $x);
6036 my $s = join ("", @xor);
6038 my $m2 = Crypt
::RC4
->new ($s);
6043 $u .= substr (pack ("H*", $u_save), 16, 16);
6045 $tmp_hash = sprintf ('$pdf$%d*%d*128*%d*%d*16*%s*32*%s*32*%s', $V, $R, $P, $enc, $id, unpack ("H*", $u), $o);
6047 elsif ($mode == 10600)
6050 my $rest = $additional_param;
6052 if (defined $id == 0)
6057 if (defined $rest == 0)
6063 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
6066 my @data = split /\*/, $rest;
6068 my $u = pack ("H*", $data[1]);
6070 my $h = sha256
($word_buf . substr ($u, 32, 8));
6072 $data[1] = unpack ("H*", $h . substr ($u, 32));
6074 $rest = join ("*", @data);
6076 $tmp_hash = sprintf ('$pdf$5*5*256*-1028*1*16*%s*%s', $id, $rest);
6078 elsif ($mode == 10700)
6081 my $rest = $additional_param;
6083 if (defined $id == 0)
6088 if (defined $rest == 0)
6094 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
6097 my @datax = split /\*/, $rest;
6099 my $u = pack ("H*", $datax[1]);
6101 my $block = sha256
($word_buf . substr ($u, 32, 8));
6103 my $block_size = 32;
6105 my $data = 0x00 x
64;
6111 for (my $i = 0; $i < 64 || $i < $data63 + 32; $i++)
6113 $data = $word_buf . $block;
6115 $data_len = length ($data);
6117 for (my $k = 1; $k < 64; $k++)
6119 $data .= $word_buf . $block;
6122 my $aes = Crypt
::CBC
->new ({
6123 key
=> substr ($block, 0, 16),
6124 cipher
=> "Crypt::Rijndael",
6125 iv
=> substr ($block, 16, 16),
6132 my $data = $aes->encrypt ($data);
6136 for (my $j = 0; $j < 16; $j++)
6138 $sum += ord (substr ($data, $j, 1));
6141 $block_size = 32 + ($sum % 3) * 16;
6143 if ($block_size == 32)
6145 $block = sha256
(substr ($data, 0, $data_len * 64));
6147 elsif ($block_size == 48)
6149 $block = sha384
(substr ($data, 0, $data_len * 64));
6151 elsif ($block_size == 64)
6153 $block = sha512
(substr ($data, 0, $data_len * 64));
6156 $data63 = ord (substr ($data, $data_len * 64 - 1, 1));
6159 $datax[1] = unpack ("H*", substr ($block, 0, 32) . substr ($u, 32));
6161 $rest = join ("*", @datax);
6163 $tmp_hash = sprintf ('$pdf$5*6*256*-1028*1*16*%s*%s', $id, $rest);
6165 elsif ($mode == 10800)
6167 $hash_buf = sha384_hex
($word_buf);
6169 $tmp_hash = sprintf ("%s", $hash_buf);
6171 elsif ($mode == 10900)
6173 my $iterations = 1000;
6177 $iterations = int ($iter);
6182 if (defined $additional_param)
6184 $out_len = $additional_param;
6187 my $pbkdf2 = Crypt
::PBKDF2
->new
6189 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
6190 iterations
=> $iterations,
6191 output_len
=> $out_len
6194 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6195 $hash_buf =~ s/[\r\n]//g;
6197 my $base64_salt_buf = encode_base64
($salt_buf);
6199 chomp ($base64_salt_buf);
6201 $tmp_hash = sprintf ("sha256:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6203 elsif ($mode == 11000)
6205 $hash_buf = md5_hex
($salt_buf . $word_buf);
6207 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
6209 elsif ($mode == 11100)
6211 my $user = "postgres";
6213 if (defined $additional_param)
6215 $user = $additional_param;
6218 $hash_buf = md5_hex
(md5_hex
($word_buf . $user) . pack ("H*", $salt_buf));
6220 $tmp_hash = sprintf ("\$postgres\$%s*%s*%s", $user, $salt_buf, $hash_buf);
6222 elsif ($mode == 11200)
6224 my $sha1_pass = sha1
($word_buf);
6225 my $double_sha1 = sha1
($sha1_pass);
6227 my $xor_part1 = $sha1_pass;
6228 my $xor_part2 = sha1
(pack ("H*", $salt_buf) . $double_sha1);
6232 for (my $i = 0; $i < 20; $i++)
6234 my $first_byte = substr ($xor_part1, $i, 1);
6235 my $second_byte = substr ($xor_part2, $i, 1);
6237 my $xor_result = $first_byte ^ $second_byte;
6239 $hash_buf .= unpack ("H*", $xor_result);
6242 $tmp_hash = sprintf ("\$mysqlna\$%s*%s", $salt_buf, $hash_buf);
6244 elsif ($mode == 11300)
6246 my $ckey_buf = get_random_string
(96);
6248 if (length ($additional_param))
6250 $ckey_buf = $additional_param;
6253 my $public_key_buf = get_random_string
(66);
6255 if (length ($additional_param2))
6257 $public_key_buf = $additional_param2;
6260 my $salt_iter = get_random_num
(150000, 250000);
6264 $salt_iter = int ($iter);
6267 my $hash_buf = sha512
($word_buf . pack ("H*", $salt_buf));
6269 for (my $i = 1; $i < $salt_iter; $i++)
6271 $hash_buf = sha512
($hash_buf);
6274 my $data = get_random_string
(32);
6276 my $aes = Crypt
::CBC
->new ({
6277 key
=> substr ($hash_buf, 0, 32),
6278 cipher
=> "Crypt::Rijndael",
6279 iv
=> substr ($hash_buf, 32, 16),
6283 padding
=> "standard",
6286 my $cry_master_buf = (unpack ("H*", $aes->encrypt ($data)));
6288 $tmp_hash = sprintf ('$bitcoin$%d$%s$%d$%s$%d$%d$%s$%d$%s',
6289 length ($cry_master_buf),
6296 length ($public_key_buf),
6299 elsif ($mode == 11400)
6301 my ($directive, $URI_server, $URI_client, $user, $realm, $nonce, $nonce_count, $nonce_client, $qop, $method, $URI, $URI_prefix, $URI_resource, $URI_suffix);
6303 $directive = "MD5"; # only directive currently supported
6305 if (defined ($additional_param))
6307 $user = $additional_param;
6308 $realm = $additional_param2;
6310 $nonce_count = $additional_param3;
6311 $nonce_client = $additional_param4;
6312 $qop = $additional_param5;
6313 $method = $additional_param6;
6315 $URI_prefix = $additional_param7;
6316 $URI_resource = $additional_param8;
6317 $URI_suffix = $additional_param9;
6319 # not needed information
6321 $URI_server = $additional_param10;
6322 $URI_client = $additional_param11;
6326 $user = get_random_string
(get_random_num
(0, 12 + 1));
6328 # special limit: (user_len + 1 + realm_len + 1 + word_buf_len) < 56
6329 my $realm_max_len = 55 - length ($user) - 1 - length ($word_buf) - 1;
6331 if ($realm_max_len < 1) # should never happen
6336 $realm_max_len = min
(20, $realm_max_len);
6338 $realm = get_random_string
(get_random_num
(0, $realm_max_len + 1));
6342 if (get_random_num
(0, 1 + 1) == 1)
6346 $nonce_count = get_random_string
(get_random_num
(0, 10 + 1));
6347 $nonce_client = get_random_string
(get_random_num
(0, 12 + 1));
6357 $method = get_random_string
(get_random_num
(0, 24 + 1));
6359 $URI_prefix = get_random_string
(get_random_num
(0, 10 + 1));
6360 $URI_resource = get_random_string
(get_random_num
(1, 32 + 1));
6361 $URI_suffix = get_random_string
(get_random_num
(0, 32 + 1));
6363 # not needed information
6365 $URI_server = get_random_string
(get_random_num
(0, 32 + 1));
6366 $URI_client = $URI_resource; # simplification
6373 if (length ($URI_prefix) > 0)
6375 $URI = $URI_prefix . ":";
6378 $URI .= $URI_resource;
6380 if (length ($URI_suffix) > 0)
6382 $URI .= ":" . $URI_suffix;
6385 my $HA2 = md5_hex
($method . ":" . $URI);
6387 my $HA1 = md5_hex
($user . ":" . $realm . ":" . $word_buf);
6391 if (($qop eq "auth") || ($qop eq "auth-int"))
6393 $tmp_buf = $nonce . ":" . $nonce_count . ":" . $nonce_client . ":" . $qop;
6400 my $hash_buf = md5_hex
($HA1 . ":" . $tmp_buf . ":" . $HA2);
6402 $tmp_hash = sprintf ("\$sip\$*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s", $URI_server, $URI_resource, $user, $realm, $method, $URI_prefix, $URI_resource, $URI_suffix, $nonce, $nonce_client, $nonce_count, $qop, $directive, $hash_buf);
6404 elsif ($mode == 11500)
6406 $hash_buf = crc32
($word_buf);
6408 $tmp_hash = sprintf ("%08x:00000000", $hash_buf);
6410 elsif ($mode == 11600)
6412 my ($p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, $data_len, $unpack_size, $data_buf);
6416 my $validation_only = 0;
6418 $validation_only = 1 if (defined ($additional_param));
6420 if ($validation_only == 1)
6422 $num_cycle_power = int ($iter);
6423 $seven_zip_salt_len = $additional_param;
6424 $seven_zip_salt_buf = $additional_param2;
6425 $salt_len = $additional_param3;
6426 # $salt_buf set in parser
6427 # $hash_buf (resulting crc)
6428 $data_len = $additional_param4;
6429 $unpack_size = $additional_param5;
6430 $data_buf = $additional_param6;
6434 $num_cycle_power = 14; # by default it is 19
6435 $seven_zip_salt_len = 0;
6436 $seven_zip_salt_buf = "";
6437 $salt_len = length ($salt_buf);
6438 # $salt_buf set automatically
6439 # $hash_buf (resulting crc)
6440 # $data_len will be set when encrypting
6441 $unpack_size = get_random_num
(1, 32 + 1);
6442 $data_buf = get_random_string
($unpack_size);
6446 # 2 ^ NumCyclesPower "iterations" of SHA256 (only one final SHA256)
6449 $word_buf = encode
("UTF-16LE", $word_buf);
6451 my $rounds = 1 << $num_cycle_power;
6455 for (my $i = 0; $i < $rounds; $i++)
6459 $num_buf .= pack ("V", $i);
6460 $num_buf .= "\x00" x
4;
6462 # this would be better but only works on 64-bit systems:
6463 # $num_buf = pack ("q", $i);
6465 $pass_buf .= sprintf ("%s%s", $word_buf, $num_buf);
6468 my $key = sha256
($pass_buf);
6470 # the salt_buf is our IV for AES CBC
6473 my $salt_buf_len = length ($salt_buf);
6474 my $salt_padding_len = 0;
6476 if ($salt_buf_len < 16)
6478 $salt_padding_len = 16 - $salt_buf_len;
6481 $salt_buf .= "\x00" x
$salt_padding_len;
6483 my $aes = Crypt
::CBC
->new ({
6484 cipher
=> "Crypt::Rijndael",
6492 if ($validation_only == 1)
6496 my $decrypted_data = $aes->decrypt ($data_buf);
6498 $decrypted_data = substr ($decrypted_data, 0, $unpack_size);
6500 $hash_buf = crc32
($decrypted_data);
6506 $hash_buf = crc32
($data_buf);
6508 $data_buf = $aes->encrypt ($data_buf);
6510 $data_len = length ($data_buf);
6513 $tmp_hash = sprintf ("\$7z\$%i\$%i\$%i\$%s\$%i\$%08s\$%u\$%u\$%u\$%s", $p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, unpack ("H*", $salt_buf), $hash_buf, $data_len, $unpack_size, unpack ("H*", $data_buf));
6515 elsif ($mode == 11900)
6517 my $iterations = 1000;
6521 $iterations = int ($iter);
6526 if (defined $additional_param)
6528 $out_len = $additional_param;
6532 # call PHP here - WTF
6535 # sanitize $word_buf and $salt_buf:
6537 my $word_buf_base64 = encode_base64
($word_buf);
6538 $word_buf_base64 =~ s/[\r\n]//g;
6540 my $salt_buf_base64 = encode_base64
($salt_buf);
6541 $salt_buf_base64 =~ s/[\r\n]//g;
6545 $out_len = int ($out_len);
6547 # output is in hex encoding, otherwise it could be screwed (but shouldn't)
6549 my $php_code = <<'END_CODE';
6551 function pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
6553 $algorithm = strtolower ($algorithm);
6555 if (! in_array ($algorithm, hash_algos (), true))
6557 trigger_error ("PBKDF2 ERROR: Invalid hash algorithm.", E_USER_ERROR);
6560 if ($count <= 0 || $key_length <= 0)
6562 trigger_error ("PBKDF2 ERROR: Invalid parameters.", E_USER_ERROR);
6565 if (function_exists ("hash_pbkdf2"))
6569 $key_length = $key_length * 2;
6572 return hash_pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output);
6575 $hash_length = strlen (hash ($algorithm, "", true));
6576 $block_count = ceil ($key_length / $hash_length);
6580 for ($i = 1; $i <= $block_count; $i++)
6582 $last = $salt . pack ("N", $i);
6584 $last = $xorsum = hash_hmac ($algorithm, $last, $password, true);
6586 for ($j = 1; $j < $count; $j++)
6588 $xorsum ^= ($last = hash_hmac ($algorithm, $last, $password, true));
6596 return substr ($output, 0, $key_length);
6600 return bin2hex (substr ($output, 0, $key_length));
6604 print pbkdf2 ("md5", base64_decode ("$word_buf_base64"), base64_decode ("$salt_buf_base64"), $iterations, $out_len, False);
6608 # replace with these command line arguments
6610 $php_code =~ s/\$word_buf_base64/$word_buf_base64/;
6611 $php_code =~ s/\$salt_buf_base64/$salt_buf_base64/;
6612 $php_code =~ s/\$iterations/$iterations/;
6613 $php_code =~ s/\$out_len/$out_len/;
6615 my $php_output = `php -r '$php_code'`;
6617 $hash_buf = pack ("H*", $php_output);
6619 $hash_buf = encode_base64 ($hash_buf);
6620 $hash_buf =~ s/[\r\n]//g;
6622 my $base64_salt_buf = encode_base64 ($salt_buf);
6624 chomp ($base64_salt_buf);
6626 $tmp_hash = sprintf ("md5:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6628 elsif ($mode == 12000)
6630 my $iterations = 1000;
6634 $iterations = int ($iter);
6639 if (defined $additional_param)
6641 $out_len = $additional_param;
6644 my $pbkdf2 = Crypt::PBKDF2->new
6646 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1'),
6647 iterations => $iterations,
6648 output_len => $out_len
6651 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6652 $hash_buf =~ s/[\r\n]//g;
6654 my $base64_salt_buf = encode_base64 ($salt_buf);
6656 chomp ($base64_salt_buf);
6658 $tmp_hash = sprintf ("sha1:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6660 elsif ($mode == 12100)
6662 my $iterations = 1000;
6666 $iterations = int ($iter);
6671 if (defined $additional_param)
6673 $out_len = $additional_param;
6676 my $pbkdf2 = Crypt::PBKDF2->new
6678 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512),
6679 iterations => $iterations,
6680 output_len => $out_len
6683 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6684 $hash_buf =~ s/[\r\n]//g;
6686 my $base64_salt_buf = encode_base64 ($salt_buf);
6688 chomp ($base64_salt_buf);
6690 $tmp_hash = sprintf ("sha512:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6692 elsif ($mode == 12200)
6694 my $iterations = 65536;
6696 my $default_salt = 0;
6698 if (defined $additional_param)
6700 $default_salt = int ($additional_param);
6703 if ($default_salt == 1)
6705 $salt_buf = "0011223344556677";
6708 $hash_buf = sha512 (pack ("H*", $salt_buf) . $word_buf);
6710 for (my $i = 0; $i < $iterations; $i++)
6712 $hash_buf = sha512 ($hash_buf);
6715 $hash_buf = unpack ("H*", $hash_buf);
6716 $hash_buf = substr ($hash_buf, 0, 16);
6718 if ($default_salt == 0)
6720 $tmp_hash = sprintf ("\$ecryptfs\$0\$1\$%s\$%s", $salt_buf, $hash_buf);
6724 $tmp_hash = sprintf ("\$ecryptfs\$0\$%s", $hash_buf);
6727 elsif ($mode == 12300)
6729 my $iterations = 4096;
6731 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
6733 my $pbkdf2 = Crypt::PBKDF2->new (
6735 iterations => $iterations,
6739 my $salt_bin = pack ("H*", $salt_buf);
6741 my $key = $pbkdf2->PBKDF2 ($salt_bin. "AUTH_PBKDF2_SPEEDY_KEY", $word_buf);
6743 $hash_buf = sha512_hex ($key . $salt_bin);
6745 $tmp_hash = sprintf ("%s%s", uc ($hash_buf), uc ($salt_buf));
6747 elsif ($mode == 12400)
6753 $iterations = int ($iter);
6757 $iterations = get_random_num (1, 5001 + 1);
6760 my $key_value = fold_password ($word_buf);
6762 my $data = "\x00\x00\x00\x00\x00\x00\x00\x00";
6763 my $salt_value = base64_to_int24 ($salt_buf);
6765 $hash_buf = crypt_rounds ($key_value, $iterations, $salt_value, $data);
6767 $tmp_hash = sprintf ("_%s%s%s", int24_to_base64 ($iterations), $salt_buf, block_to_base64 ($hash_buf));
6769 elsif ($mode == 12600)
6771 $hash_buf = sha1_hex ($word_buf);
6773 $hash_buf = sha256_hex ($salt_buf . uc $hash_buf);
6775 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
6777 elsif ($mode == 12700)
6779 my $iterations = 10;
6782 "guid" : "00000000-0000-0000-0000-000000000000",
6783 "sharedKey" : "00000000-0000-0000-0000-000000000000",
6784 "options" : {"pbkdf2_iterations":10,"fee_policy":0,"html5_notifications":false,"logout_time":600000,"tx_display":0,"always_keep_local_backup":false}|;
6786 my $salt_buf_bin = pack ("H*", $salt_buf);
6788 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
6790 my $pbkdf2 = Crypt::PBKDF2->new (
6792 iterations => $iterations,
6796 my $key = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6798 my $cipher = Crypt::CBC->new ({
6800 cipher => "Crypt::Rijndael",
6801 iv => $salt_buf_bin,
6807 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
6809 $tmp_hash = sprintf ("\$blockchain\$%s\$%s", length ($salt_buf . $encrypted) / 2, $salt_buf . $encrypted);
6811 elsif ($mode == 12800)
6813 my $iterations = 100;
6817 $iterations = int ($iter);
6820 my $nt = md4_hex (encode ("UTF-16LE", $word_buf));
6822 my $pbkdf2 = Crypt::PBKDF2->new
6824 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6825 iterations => $iterations,
6829 my $salt_buf_bin = pack ("H*", $salt_buf);
6831 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, uc (encode ("UTF-16LE", $nt)));
6833 $tmp_hash = sprintf ("v1;PPH1_MD4,%s,%d,%s", $salt_buf, $iterations, unpack ("H*", $hash));
6835 elsif ($mode == 12900)
6837 my $iterations = 4096;
6841 $iterations = int ($iter);
6844 my $salt2 = $salt_buf . $salt_buf;
6846 if (defined $additional_param)
6848 $salt2 = $additional_param;
6851 my $pbkdf2 = Crypt::PBKDF2->new
6853 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6854 iterations => $iterations,
6858 my $salt_buf_bin = pack ("H*", $salt_buf);
6860 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6862 my $salt2_bin = pack ("H*", $salt2);
6864 my $hash_hmac = hmac_hex ($salt2_bin, $hash, \&sha256, 64);
6866 $tmp_hash = sprintf ("%s%s%s", $salt2, $hash_hmac, $salt_buf);
6868 elsif ($mode == 13000)
6870 my $iterations = 15;
6874 $iterations = int ($iter);
6879 if (defined $additional_param)
6881 $iv = $additional_param;
6884 my $pbkdf2 = Crypt::PBKDF2->new
6886 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6887 iterations => (1 << $iterations) + 32,
6891 my $salt_buf_bin = pack ("H*", $salt_buf);
6893 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6895 my $hash_final = substr ($hash, 0, 8)
6896 ^ substr ($hash, 8, 8)
6897 ^ substr ($hash, 16, 8)
6898 ^ substr ($hash, 24, 8);
6900 $tmp_hash = sprintf ('$rar5$16$%s$%d$%s$8$%s', $salt_buf, $iterations, $iv, unpack ("H*", $hash_final));
6902 elsif ($mode == 13100)
6904 my @salt_arr = split ('\$', $salt_buf);
6906 my $user = $salt_arr[0];
6908 my $realm = $salt_arr[1];
6910 my $spn = $salt_arr[2];
6912 my $nonce = $salt_arr[3];
6914 my $cleartext_ticket = '6381b03081ada00703050050a00000a11b3019a003020117a1'.
6915 '12041058e0d77776e8b8e03991f2966939222aa2171b154d594b5242544553542e434f4e5'.
6916 '44f534f2e434f4da3133011a003020102a10a30081b067472616e6365a40b3009a0030201'.
6917 '01a1020400a511180f32303136303231353134343735305aa611180f32303136303231353'.
6918 '134343735305aa711180f32303136303231363030343735305aa811180f32303136303232'.
6921 $cleartext_ticket = $nonce . $cleartext_ticket;
6923 my $k = md4 (encode ("UTF-16LE", $word_buf));
6925 my $k1 = hmac_md5 ("\x02\x00\x00\x00", $k);
6927 my $checksum = hmac_md5 (pack ("H*", $cleartext_ticket), $k1);
6929 my $k3 = hmac_md5 ($checksum, $k1);
6931 my $cipher = Crypt::RC4->new ($k3);
6933 my $edata2 = $cipher->RC4 (pack ("H*", $cleartext_ticket));
6935 $tmp_hash = sprintf ('$krb5tgs$23$*%s$%s$%s*$%s$%s', $user, $realm, $spn, unpack ("H*", $checksum), unpack ("H*", $edata2));
6937 elsif ($mode == 13200)
6939 my @salt_arr = split ('\*', $salt_buf);
6941 my $iteration = $salt_arr[0];
6943 my $mysalt = $salt_arr[1];
6945 $mysalt = pack ("H*", $mysalt);
6947 my $DEK = randbytes (16);
6949 my $iv = "a6a6a6a6a6a6a6a6";
6951 my $KEK = sha1($word_buf);
6953 $KEK = substr ($KEK ^ $mysalt, 0, 16);
6955 my $aes = Crypt::Mode::ECB->new ('AES');
6957 my @R = ('', substr(pack ("H*",$DEK),0,8), substr(pack ("H*",$DEK),8,16));
6961 my $A = pack ("H*", $iv);
6963 for (my $j = 0; $j < $iteration; $j++)
6965 $B = $aes->encrypt ($A . $R[1], $KEK);
6967 $A = substr ($B, 0, 8) ^ pack ("q", (2 * $j + 1));
6969 $R[1] = substr ($B, 8, 16);
6971 $B = $aes->encrypt ($A . $R[2], $KEK);
6973 $A = substr ($B, 0, 8) ^ pack ("q", (2 * $j + 2));
6975 $R[2] = substr ($B, 8, 16);
6978 my $wrapped_key = unpack ("H*", $A . substr ($R[1], 0 ,8) . substr ($R[2], 0 ,8));
6980 $mysalt = unpack ("H*", $mysalt);
6982 $tmp_hash = sprintf ('$axcrypt$*1*%s*%s*%s', $iteration, $mysalt, $wrapped_key);
6984 elsif ($mode == 13300)
6986 $hash_buf = sha1_hex ($word_buf);
6988 $tmp_hash = sprintf ('$axcrypt_sha1$%s', substr ($hash_buf, 0, 32));
6992 elsif ($mode == 13400)
6994 my @salt_arr = split ('\*', $salt_buf);
6996 my $version = $salt_arr[0];
6998 my $iteration = $salt_arr[1];
7000 my $algorithm = $salt_arr[2];
7002 my $final_random_seed = $salt_arr[3];
7004 my $transf_random_seed = $salt_arr[4];
7006 my $enc_iv = $salt_arr[5];
7010 # specific to version 1
7015 # specific to version 2
7018 # specific to keyfile handling
7019 my $inline_keyfile_flag;
7021 my $keyfile_content;
7022 my $keyfile_attributes = "";
7024 $final_random_seed = pack ("H*", $final_random_seed);
7026 $transf_random_seed = pack ("H*", $transf_random_seed);
7028 $enc_iv = pack ("H*", $enc_iv);
7030 my $intermediate_hash = sha256 ($word_buf);
7034 $contents_hash = $salt_arr[6];
7035 $contents_hash = pack ("H*", $contents_hash);
7037 $inline_flag = $salt_arr[7];
7039 $contents_len = $salt_arr[8];
7041 $contents = $salt_arr[9];
7042 $contents = pack ("H*", $contents);
7045 if (scalar @salt_arr == 13)
7047 $inline_keyfile_flag = $salt_arr[10];
7049 $keyfile_len = $salt_arr[11];
7051 $keyfile_content = $salt_arr[12];
7053 $keyfile_attributes = $keyfile_attributes
7054 . "*" . $inline_keyfile_flag
7055 . "*" . $keyfile_len
7056 . "*" . $keyfile_content;
7058 $intermediate_hash = $intermediate_hash . pack ("H*", $keyfile_content);
7059 $intermediate_hash = sha256 ($intermediate_hash);
7062 elsif ($version == 2)
7065 if (scalar @salt_arr == 11)
7067 $inline_keyfile_flag = $salt_arr[8];
7069 $keyfile_len = $salt_arr[9];
7071 $keyfile_content = $salt_arr[10];
7073 $intermediate_hash = $intermediate_hash . pack ("H*", $keyfile_content);
7075 $keyfile_attributes = $keyfile_attributes
7076 . "*" . $inline_keyfile_flag
7077 . "*" . $keyfile_len
7078 . "*" . $keyfile_content;
7081 $intermediate_hash = sha256 ($intermediate_hash);
7084 my $aes = Crypt::Mode::ECB->new ('AES', 1);
7086 for (my $j = 0; $j < $iteration; $j++)
7088 $intermediate_hash = $aes->encrypt ($intermediate_hash, $transf_random_seed);
7090 $intermediate_hash = substr ($intermediate_hash, 0, 32);
7093 $intermediate_hash = sha256 ($intermediate_hash);
7095 my $final_key = sha256 ($final_random_seed . $intermediate_hash);
7097 my $final_algorithm;
7099 if ($version == 1 && $algorithm == 1)
7101 $final_algorithm = "Crypt::Twofish";
7105 $final_algorithm = "Crypt::Rijndael";
7108 my $cipher = Crypt::CBC->new ({
7110 cipher => $final_algorithm,
7119 $contents_hash = sha256 ($contents);
7121 $contents = $cipher->encrypt($contents);
7123 $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%d*%d*%s%s',
7127 unpack ("H*", $final_random_seed),
7128 unpack ("H*", $transf_random_seed),
7129 unpack ("H*", $enc_iv),
7130 unpack ("H*", $contents_hash),
7133 unpack ("H*", $contents),
7134 $keyfile_attributes);
7138 $expected_bytes = $salt_arr[6];
7140 $contents_hash = $salt_arr[7];
7141 $contents_hash = pack ("H*", $contents_hash);
7143 $expected_bytes = $cipher->decrypt($contents_hash);
7145 $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%s%s',
7149 unpack ("H*", $final_random_seed),
7150 unpack ("H*", $transf_random_seed),
7151 unpack ("H*", $enc_iv),
7152 unpack ("H*", $expected_bytes),
7153 unpack ("H*", $contents_hash),
7154 $keyfile_attributes);
7157 elsif ($mode == 13500)
7159 $hash_buf = sha1_hex (pack ("H*", $salt_buf) . encode ("UTF-16LE", $word_buf));
7161 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
7171 my $word_len = shift;
7173 my $salt_len = shift;
7177 $max = 15 if ($mode == 2410);
7179 if ($is_unicode{$mode})
7181 if (! $allow_long_salt{$mode})
7183 $word_len = min ($word_len, int ($max / 2) - $salt_len);
7187 $word_len = min ($word_len, int ($max / 2));
7190 elsif ($less_fifteen{$mode})
7192 $word_len = min ($word_len, 15);
7196 $salt_len = min ($salt_len, 15 - $word_len);
7201 if (! $allow_long_salt{$mode})
7203 $word_len = min ($word_len, $max - $salt_len);
7222 for (my $i = 0; $i < $salt_len; $i++)
7224 my $c = get_random_chr (0x30, 0x39);
7226 push (@salt_arr, $c);
7229 $salt_buf = join ("", @salt_arr);
7231 $salt_buf = get_random_md5chap_salt ($salt_buf);
7233 elsif ($mode == 5300 || $mode == 5400)
7235 $salt_buf = get_random_ike_salt ();
7237 elsif ($mode == 5500)
7239 $salt_buf = get_random_netntlmv1_salt ($salt_len, $salt_len);
7241 elsif ($mode == 5600)
7243 $salt_buf = get_random_netntlmv2_salt ($salt_len, $salt_len);
7245 elsif ($mode == 6600)
7247 $salt_buf = get_random_agilekeychain_salt ();
7249 elsif ($mode == 8200)
7251 $salt_buf = get_random_cloudkeychain_salt ();
7253 elsif ($mode == 8300)
7255 $salt_buf = get_random_dnssec_salt ();
7257 elsif ($mode == 13100)
7259 $salt_buf = get_random_kerberos5_tgs_salt ();
7261 elsif ($mode == 13200)
7263 $salt_buf = get_random_axcrypt_salt ();
7265 elsif ($mode == 13400)
7267 $salt_buf = get_random_keepass_salt ();
7269 elsif ($mode == 13500)
7271 $salt_buf = get_pstoken_salt ();
7277 for (my $i = 0; $i < $salt_len; $i++)
7279 my $c = get_random_chr (0x30, 0x39);
7281 push (@salt_arr, $c);
7284 $salt_buf = join ("", @salt_arr);
7288 $salt_buf = get_random_kerberos5_salt ($salt_buf);
7298 for (my $i = 0; $i < $word_len; $i++)
7300 my $c = get_random_chr (0x30, 0x39);
7302 push (@word_arr, $c);
7305 my $word_buf = join ("", @word_arr);
7311 my $tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
7324 print sprintf ("echo -n %-20s | %s \${OPTS} %s %4d '%s'\n", $word_buf, @cmd);
7336 sub get_random_string
7342 for (my $i = 0; $i < $len; $i++)
7344 my $c = get_random_chr (0x30, 0x39);
7349 my $buf = join ("", @arr);
7359 return int ((rand ($max - $min)) + $min);
7364 return chr get_random_num (@_);
7373 for (my $i = 0; $i < length ($str); $i += 4)
7375 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
7377 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
7384 $salt = substr ($decoded, 0, 5);
7386 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
7390 $byte10 = 256 + $byte10;
7393 substr ($salt, 3, 1) = chr ($byte10);
7395 $digest = substr ($decoded, 5, 9);
7396 $char = substr ($str, 18, 1);
7398 return ($digest, $salt, $char);
7401 sub domino_85x_decode
7407 for (my $i = 0; $i < length ($str); $i += 4)
7409 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
7411 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
7416 my $iterations = -1;
7419 $salt = substr ($decoded, 0, 16); # longer than -m 8700 (5 vs 16 <- new)
7421 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
7425 $byte10 = 256 + $byte10;
7428 substr ($salt, 3, 1) = chr ($byte10);
7430 $iterations = substr ($decoded, 16, 10);
7432 if ($iterations =~ /^?d*$/)
7436 $iterations = $iterations + 0; # hack: make sure it is an int now (atoi ())
7437 $chars = substr ($decoded, 26, 2); # in my example it is "02"
7438 $digest = substr ($decoded, 28, 8); # only of length of 8 vs 20 SHA1 bytes
7441 return ($digest, $salt, $iterations, $chars);
7444 sub domino_base64_decode
7449 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
7457 my $idx = (index ($itoa64, substr ($v, $n - $i, 1))) & 0x3f;
7459 $ret += ($idx << (6 * ($i - 1)));
7472 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
7476 $byte10 = $byte10 - 256;
7479 substr ($final, 3, 1) = chr ($byte10);
7483 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
7484 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
7485 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
7486 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
7487 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
7489 if (defined ($char))
7491 substr ($passwd, 18, 1) = $char;
7493 substr ($passwd, 19, 1) = "";
7498 sub domino_85x_encode
7503 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
7507 $byte10 = $byte10 - 256;
7510 substr ($final, 3, 1) = chr ($byte10);
7514 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
7515 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
7516 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
7517 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
7518 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
7519 $passwd .= domino_base64_encode ((int (ord (substr ($final, 15, 1))) << 16) | (int (ord (substr ($final, 16, 1))) << 8) | (int (ord (substr ($final, 17, 1)))), 4);
7520 $passwd .= domino_base64_encode ((int (ord (substr ($final, 18, 1))) << 16) | (int (ord (substr ($final, 19, 1))) << 8) | (int (ord (substr ($final, 20, 1)))), 4);
7521 $passwd .= domino_base64_encode ((int (ord (substr ($final, 21, 1))) << 16) | (int (ord (substr ($final, 22, 1))) << 8) | (int (ord (substr ($final, 23, 1)))), 4);
7522 $passwd .= domino_base64_encode ((int (ord (substr ($final, 24, 1))) << 16) | (int (ord (substr ($final, 25, 1))) << 8) | (int (ord (substr ($final, 26, 1)))), 4);
7523 $passwd .= domino_base64_encode ((int (ord (substr ($final, 27, 1))) << 16) | (int (ord (substr ($final, 28, 1))) << 8) | (int (ord (substr ($final, 29, 1)))), 4);
7524 $passwd .= domino_base64_encode ((int (ord (substr ($final, 30, 1))) << 16) | (int (ord (substr ($final, 31, 1))) << 8) | (int (ord (substr ($final, 32, 1)))), 4);
7525 $passwd .= domino_base64_encode ((int (ord (substr ($final, 33, 1))) << 16) | (int (ord (substr ($final, 34, 1))) << 8) | (int (ord (substr ($final, 35, 1)))), 4);
7527 if (defined ($char))
7529 substr ($passwd, 18, 1) = $char;
7535 sub domino_base64_encode
7540 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
7544 while (($n - 1) >= 0)
7548 $ret = substr ($itoa64, $v & 0x3f, 1) . $ret;
7558 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7563 my $v = unpack "V", substr($md5, $i*4, 4);
7565 $s64 .= substr($itoa64, $v & 0x3f, 1);
7574 my ($username, $password) = @_;
7576 $username = substr ($username . " " x 8, 0, 8);
7577 $password = substr ($password . " " x 8, 0, 8);
7579 my $username_ebc = ascii2ebcdic ($username);
7580 my $password_ebc = ascii2ebcdic ($password);
7582 my @pw = split ("", $password_ebc);
7584 for (my $i = 0; $i < 8; $i++)
7586 $pw[$i] = unpack ("C", $pw[$i]);
7589 $pw[$i] = pack ("C", $pw[$i] & 0xff);
7592 my $key = join ("", @pw);
7594 my $cipher = new Crypt::DES $key;
7596 my $ciphertext = $cipher->encrypt ($username_ebc);
7598 my $ct = unpack ("H16", $ciphertext);
7605 my ($username, $password) = @_;
7607 my $userpass = pack('n*', unpack('C*', uc($username.$password)));
7608 $userpass .= pack('C', 0) while (length($userpass) % 8);
7610 my $key = pack('H*', "0123456789ABCDEF");
7611 my $iv = pack('H*', "0000000000000000");
7613 my $c = new Crypt::CBC(
7620 my $key2 = substr($c->encrypt($userpass), length($userpass)-8, 8);
7622 my $c2 = new Crypt::CBC(
7629 my $hash = substr($c2->encrypt($userpass), length($userpass)-8, 8);
7631 return uc(unpack('H*', $hash));
7636 my $word_buf = shift;
7638 my $salt_buf = shift;
7640 my $w = sprintf ("%d%s%s", 0, $word_buf, $salt_buf);
7642 my $digest = sha1 ($w);
7644 for (my $i = 1; $i < 1024; $i++)
7646 $w = $digest . sprintf ("%d%s%s", $i, $word_buf, $salt_buf);
7648 $digest = sha1 ($w);
7651 my ($A, $B, $C, $D, $E) = unpack ("N5", $digest);
7653 return sprintf ("%08x%08x%08x%08x%08x", $A, $B, $C, $D, $E);
7661 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7665 while (($n - 1) >= 0)
7669 $ret .= substr ($itoa64, $v & 0x3f, 1);
7685 my $hash = ""; # hash to be returned by this function
7687 my $final = md5 ($pass . $salt . $pass);
7689 $salt = substr ($salt, 0, 8);
7691 my $tmp = $pass . $magic . $salt;
7693 my $pass_len = length ($pass);
7697 for ($i = $pass_len; $i > 0; $i -= 16)
7706 $tmp .= substr ($final, 0, $len);
7719 $tmp .= substr ($pass, 0, 1);
7725 $final = md5 ($tmp);
7727 for ($i = 0; $i < $iter; $i++)
7759 $final = md5 ($tmp);
7763 # now format the output sting ("hash")
7767 $hash = to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 6, 1)) << 8) | (ord (substr ($final, 12, 1))), 4);
7768 $hash .= to64 ((ord (substr ($final, 1, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7769 $hash .= to64 ((ord (substr ($final, 2, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
7770 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 9, 1)) << 8) | (ord (substr ($final, 15, 1))), 4);
7771 $hash .= to64 ((ord (substr ($final, 4, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
7772 $hash .= to64 (ord (substr ($final, 11, 1)), 2);
7774 if ($iter == 1000) # default
7776 $hash_buf = sprintf ("%s%s\$%s", $magic , $salt , $hash);
7780 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7792 my $hash = ""; # hash to be returned by this function
7794 my $final = sha512 ($pass . $salt . $pass);
7796 $salt = substr ($salt, 0, 16);
7798 my $tmp = $pass . $salt;
7800 my $pass_len = length ($pass);
7801 my $salt_len = length ($salt);
7805 for ($i = $pass_len; $i > 0; $i -= 16)
7814 $tmp .= substr ($final, 0, $len);
7833 $final = sha512 ($tmp);
7839 for ($i = 0; $i < $pass_len; $i++)
7844 $p_bytes = sha512 ($p_bytes);
7845 $p_bytes = substr ($p_bytes, 0, $pass_len);
7849 my $final_first_byte = ord (substr ($final, 0, 1));
7853 for ($i = 0; $i < (16 + $final_first_byte); $i++)
7858 $s_bytes = sha512 ($s_bytes);
7859 $s_bytes = substr ($s_bytes, 0, $salt_len);
7861 for ($i = 0; $i < $iter; $i++)
7893 $final = sha512 ($tmp);
7897 # now format the output string ("hash")
7901 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 21, 1)) << 8) | (ord (substr ($final, 42, 1))), 4);
7902 $hash .= to64 ((ord (substr ($final, 22, 1)) << 16) | (ord (substr ($final, 43, 1)) << 8) | (ord (substr ($final, 1, 1))), 4);
7903 $hash .= to64 ((ord (substr ($final, 44, 1)) << 16) | (ord (substr ($final, 2, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
7904 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 24, 1)) << 8) | (ord (substr ($final, 45, 1))), 4);
7905 $hash .= to64 ((ord (substr ($final, 25, 1)) << 16) | (ord (substr ($final, 46, 1)) << 8) | (ord (substr ($final, 4, 1))), 4);
7906 $hash .= to64 ((ord (substr ($final, 47, 1)) << 16) | (ord (substr ($final, 5, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
7907 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 27, 1)) << 8) | (ord (substr ($final, 48, 1))), 4);
7908 $hash .= to64 ((ord (substr ($final, 28, 1)) << 16) | (ord (substr ($final, 49, 1)) << 8) | (ord (substr ($final, 7, 1))), 4);
7909 $hash .= to64 ((ord (substr ($final, 50, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
7910 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 30, 1)) << 8) | (ord (substr ($final, 51, 1))), 4);
7911 $hash .= to64 ((ord (substr ($final, 31, 1)) << 16) | (ord (substr ($final, 52, 1)) << 8) | (ord (substr ($final, 10, 1))), 4);
7912 $hash .= to64 ((ord (substr ($final, 53, 1)) << 16) | (ord (substr ($final, 11, 1)) << 8) | (ord (substr ($final, 32, 1))), 4);
7913 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 33, 1)) << 8) | (ord (substr ($final, 54, 1))), 4);
7914 $hash .= to64 ((ord (substr ($final, 34, 1)) << 16) | (ord (substr ($final, 55, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7915 $hash .= to64 ((ord (substr ($final, 56, 1)) << 16) | (ord (substr ($final, 14, 1)) << 8) | (ord (substr ($final, 35, 1))), 4);
7916 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 36, 1)) << 8) | (ord (substr ($final, 57, 1))), 4);
7917 $hash .= to64 ((ord (substr ($final, 37, 1)) << 16) | (ord (substr ($final, 58, 1)) << 8) | (ord (substr ($final, 16, 1))), 4);
7918 $hash .= to64 ((ord (substr ($final, 59, 1)) << 16) | (ord (substr ($final, 17, 1)) << 8) | (ord (substr ($final, 38, 1))), 4);
7919 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 39, 1)) << 8) | (ord (substr ($final, 60, 1))), 4);
7920 $hash .= to64 ((ord (substr ($final, 40, 1)) << 16) | (ord (substr ($final, 61, 1)) << 8) | (ord (substr ($final, 19, 1))), 4);
7921 $hash .= to64 ((ord (substr ($final, 62, 1)) << 16) | (ord (substr ($final, 20, 1)) << 8) | (ord (substr ($final, 41, 1))), 4);
7922 $hash .= to64 (ord (substr ($final, 63, 1)), 2);
7926 if ($iter == 5000) # default
7928 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
7932 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7944 my $hash = ""; # hash to be returned by this function
7946 my $final = sha256 ($pass . $salt . $pass);
7948 $salt = substr ($salt, 0, 16);
7950 my $tmp = $pass . $salt;
7952 my $pass_len = length ($pass);
7953 my $salt_len = length ($salt);
7957 for ($i = $pass_len; $i > 0; $i -= 16)
7966 $tmp .= substr ($final, 0, $len);
7985 $final = sha256 ($tmp);
7991 for ($i = 0; $i < $pass_len; $i++)
7996 $p_bytes = sha256 ($p_bytes);
7997 $p_bytes = substr ($p_bytes, 0, $pass_len);
8001 my $final_first_byte = ord (substr ($final, 0, 1));
8005 for ($i = 0; $i < (16 + $final_first_byte); $i++)
8010 $s_bytes = sha256 ($s_bytes);
8011 $s_bytes = substr ($s_bytes, 0, $salt_len);
8013 for ($i = 0; $i < $iter; $i++)
8045 $final = sha256 ($tmp);
8049 # now format the output string ("hash")
8053 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 20, 1))), 4);
8054 $hash .= to64 ((ord (substr ($final, 21, 1)) << 16) | (ord (substr ($final, 1, 1)) << 8) | (ord (substr ($final, 11, 1))), 4);
8055 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 22, 1)) << 8) | (ord (substr ($final, 2, 1))), 4);
8056 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 13, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
8057 $hash .= to64 ((ord (substr ($final, 24, 1)) << 16) | (ord (substr ($final, 4, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
8058 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 25, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
8059 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 16, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
8060 $hash .= to64 ((ord (substr ($final, 27, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 17, 1))), 4);
8061 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 28, 1)) << 8) | (ord (substr ($final, 8, 1))), 4);
8062 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 19, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
8063 $hash .= to64 ((ord (substr ($final, 31, 1)) << 8) | (ord (substr ($final, 30, 1))), 3);
8067 if ($iter == 5000) # default
8069 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
8073 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
8079 sub aix_ssha256_pbkdf2
8081 my $word_buf = shift;
8082 my $salt_buf = shift;
8083 my $iterations = shift;
8085 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256);
8087 my $pbkdf2 = Crypt::PBKDF2->new (
8089 iterations => $iterations,
8093 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
8097 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
8098 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8099 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
8100 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
8101 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8102 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
8103 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
8104 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
8105 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
8106 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
8107 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) , 3);
8112 sub aix_ssha512_pbkdf2
8114 my $word_buf = shift;
8115 my $salt_buf = shift;
8116 my $iterations = shift;
8118 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
8120 my $pbkdf2 = Crypt::PBKDF2->new (
8122 iterations => $iterations,
8125 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
8129 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
8130 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8131 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
8132 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
8133 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8134 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
8135 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
8136 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
8137 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
8138 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
8139 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) | (int (ord (substr ($hash_buf, 32, 1)))), 4);
8140 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 33, 1))) << 16) | (int (ord (substr ($hash_buf, 34, 1))) << 8) | (int (ord (substr ($hash_buf, 35, 1)))), 4);
8141 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 36, 1))) << 16) | (int (ord (substr ($hash_buf, 37, 1))) << 8) | (int (ord (substr ($hash_buf, 38, 1)))), 4);
8142 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 39, 1))) << 16) | (int (ord (substr ($hash_buf, 40, 1))) << 8) | (int (ord (substr ($hash_buf, 41, 1)))), 4);
8143 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 42, 1))) << 16) | (int (ord (substr ($hash_buf, 43, 1))) << 8) | (int (ord (substr ($hash_buf, 44, 1)))), 4);
8144 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 45, 1))) << 16) | (int (ord (substr ($hash_buf, 46, 1))) << 8) | (int (ord (substr ($hash_buf, 47, 1)))), 4);
8145 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 48, 1))) << 16) | (int (ord (substr ($hash_buf, 49, 1))) << 8) | (int (ord (substr ($hash_buf, 50, 1)))), 4);
8146 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 51, 1))) << 16) | (int (ord (substr ($hash_buf, 52, 1))) << 8) | (int (ord (substr ($hash_buf, 53, 1)))), 4);
8147 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 54, 1))) << 16) | (int (ord (substr ($hash_buf, 55, 1))) << 8) | (int (ord (substr ($hash_buf, 56, 1)))), 4);
8148 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 57, 1))) << 16) | (int (ord (substr ($hash_buf, 58, 1))) << 8) | (int (ord (substr ($hash_buf, 59, 1)))), 4);
8149 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 60, 1))) << 16) | (int (ord (substr ($hash_buf, 61, 1))) << 8) | (int (ord (substr ($hash_buf, 62, 1)))), 4);
8150 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 63, 1))) << 16) , 2);
8155 sub aix_ssha1_pbkdf2
8157 my $word_buf = shift;
8158 my $salt_buf = shift;
8159 my $iterations = shift;
8161 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
8163 my $pbkdf2 = Crypt::PBKDF2->new (
8165 iterations => $iterations,
8168 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
8172 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
8173 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8174 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
8175 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
8176 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8177 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
8178 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) , 3);
8187 my @data = split "", $data_s;
8190 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8191 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8192 "\x3f\x40\x41\x50\x43\x44\x45\x4b\x47\x48\x4d\x4e\x54\x51\x53\x46" .
8193 "\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x56\x55\x5c\x49\x5d\x4a" .
8194 "\x42\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
8195 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x58\x5b\x59\xff\x52" .
8196 "\x4c\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
8197 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x57\x5e\x5a\x4f\xff" .
8198 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8199 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8200 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8201 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8202 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8203 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8204 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8205 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
8207 my @transTable = unpack ("C256", $transTable_s);
8211 for (my $i = 0; $i < scalar @data; $i++)
8213 $out[$i] = $transTable[int (ord ($data[$i]))];
8216 return pack ("C*", @out);
8221 my $digest_s = shift;
8226 my @w = unpack "C*", $w_s;
8227 my @s = unpack "C*", $s_s;
8230 "\x14\x77\xf3\xd4\xbb\x71\x23\xd0\x03\xff\x47\x93\x55\xaa\x66\x91" .
8231 "\xf2\x88\x6b\x99\xbf\xcb\x32\x1a\x19\xd9\xa7\x82\x22\x49\xa2\x51" .
8232 "\xe2\xb7\x33\x71\x8b\x9f\x5d\x01\x44\x70\xae\x11\xef\x28\xf0\x0d";
8234 my @bcodeTable = unpack ("C48", $bcodeTable_s);
8236 my @abcd = unpack ("C16", $digest_s);
8238 my $sum20 = ($abcd[0] & 3)
8248 for (my $i2 = 0; $i2 < $sum20; $i2++)
8253 for (my $i1 = 0, my $i2 = 0, my $i3 = 0; $i2 < $sum20; $i2++, $i2++)
8255 if ($i1 < length $w_s)
8257 if ($abcd[15 - $i1] & 1)
8259 $out[$i2] = $bcodeTable[48 - 1 - $i1];
8264 $out[$i2] = $w[$i1];
8270 if ($i3 < length $s_s)
8272 $out[$i2] = $s[$i3];
8278 $out[$i2] = $bcodeTable[$i2 - $i1 - $i3];
8281 return substr (pack ("C*", @out), 0, $sum20);
8286 my @key_56 = split (//, shift);
8292 $key .= chr(((ord($key_56[0]) << 7) | (ord($key_56[1]) >> 1)) & 255);
8293 $key .= chr(((ord($key_56[1]) << 6) | (ord($key_56[2]) >> 2)) & 255);
8294 $key .= chr(((ord($key_56[2]) << 5) | (ord($key_56[3]) >> 3)) & 255);
8295 $key .= chr(((ord($key_56[3]) << 4) | (ord($key_56[4]) >> 4)) & 255);
8296 $key .= chr(((ord($key_56[4]) << 3) | (ord($key_56[5]) >> 5)) & 255);
8297 $key .= chr(((ord($key_56[5]) << 2) | (ord($key_56[6]) >> 6)) & 255);
8298 $key .= chr(( ord($key_56[6]) << 1) & 255);
8309 for (my $i = 0; $i < $len; $i++)
8311 my $c = get_random_chr (0, 255);
8316 return join ("", @arr);
8319 sub get_random_netntlmv1_salt
8321 my $len_user = shift;
8322 my $len_domain = shift;
8328 for (my $i = 0; $i < $len_user; $i++)
8330 $type = get_random_num (1, 3);
8334 $char = get_random_chr (0x30, 0x39);
8338 $char = get_random_chr (0x41, 0x5A);
8342 $char = get_random_chr (0x61, 0x7A);
8350 for (my $i = 0; $i < $len_domain; $i++)
8352 $type = get_random_num (1, 3);
8356 $char = get_random_chr (0x30, 0x39);
8360 $char = get_random_chr (0x41, 0x5A);
8364 $char = get_random_chr (0x61, 0x7A);
8370 my $c_challenge = randbytes (8);
8371 my $s_challenge = randbytes (8);
8373 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $c_challenge) . unpack ("H*", $s_challenge);
8378 sub get_random_netntlmv2_salt
8380 my $len_user = shift;
8381 my $len_domain = shift;
8387 if ($len_user + $len_domain > 27)
8389 if ($len_user > $len_domain)
8391 $len_user = 27 - $len_domain;
8395 $len_domain = 27 - $len_user;
8399 for (my $i = 0; $i < $len_user; $i++)
8401 $type = get_random_num (1, 3);
8405 $char = get_random_chr (0x30, 0x39);
8409 $char = get_random_chr (0x41, 0x5A);
8413 $char = get_random_chr (0x61, 0x7A);
8421 for (my $i = 0; $i < $len_domain; $i++)
8423 $type = get_random_num (1, 3);
8427 $char = get_random_chr (0x30, 0x39);
8431 $char = get_random_chr (0x41, 0x5A);
8435 $char = get_random_chr (0x61, 0x7A);
8441 my $c_challenge = randbytes (8);
8442 my $s_challenge = randbytes (8);
8444 my $temp = "\x01\x01" .
8449 randbytes (20 * rand () + 1) .
8452 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $s_challenge) . unpack ("H*", $temp);
8457 sub get_random_ike_salt
8461 for (my $i = 0; $i < 40; $i++)
8463 $nr_buf .= get_random_chr (0, 0xff);
8468 for (my $i = 0; $i < 440; $i++)
8470 $msg_buf .= get_random_chr (0, 0xff);
8473 my $nr_buf_hex = unpack ("H*", $nr_buf);
8474 my $msg_buf_hex = unpack ("H*", $msg_buf);
8476 my $salt_buf = sprintf ("%s:%s:%s:%s:%s:%s:%s:%s", substr ($msg_buf_hex, 0, 256), substr ($msg_buf_hex, 256, 256), substr ($msg_buf_hex, 512, 16), substr ($msg_buf_hex, 528, 16), substr ($msg_buf_hex, 544, 320), substr ($msg_buf_hex, 864, 16), substr ($nr_buf_hex, 0, 40), substr ($nr_buf_hex, 40, 40));
8481 sub get_random_agilekeychain_salt
8485 for (my $i = 0; $i < 8; $i++)
8487 $salt_buf .= get_random_chr (0x0, 0xff);
8492 for (my $i = 0; $i < 16; $i++)
8494 $iv .= get_random_chr (0x0, 0xff);
8497 my $prefix = "\x00" x 1008;
8499 my $ret = unpack ("H*", $salt_buf . $prefix . $iv);
8504 sub get_random_cloudkeychain_salt
8508 for (my $i = 0; $i < 16; $i++)
8510 $salt_buf .= get_random_chr (0x0, 0xff);
8513 for (my $i = 0; $i < 304; $i++)
8515 $salt_buf .= get_random_chr (0x0, 0xff);
8518 my $ret = unpack ("H*", $salt_buf);
8523 sub get_random_kerberos5_salt
8525 my $custom_salt = shift;
8527 my $clear_data = randbytes (14) .
8528 strftime ("%Y%m%d%H%M%S", localtime) .
8532 my $realm = "realm";
8535 my $salt_buf = $user . "\$" . $realm . "\$" . $salt . "\$" . unpack ("H*", $custom_salt) . "\$" . unpack ("H*", $clear_data) . "\$";
8540 sub get_random_kerberos5_tgs_salt
8542 my $nonce = randbytes (8);
8545 my $realm = "realm";
8546 my $spn = "test/spn";
8548 my $salt_buf = $user . "\$" . $realm . "\$" . $spn . "\$" . unpack ("H*",$nonce);
8553 sub get_random_axcrypt_salt
8555 my $mysalt = randbytes (16);
8557 $mysalt = unpack ("H*", $mysalt);
8559 my $iteration = get_random_num (6, 100000);
8561 my $salt_buf = $iteration . '*' . $mysalt;
8566 sub get_random_keepass_salt
8568 my $version = get_random_num (1, 3);
8574 my $final_random_seed;
8578 $algorithm = get_random_num (0, 2);
8580 $iteration = get_random_num (50000, 100000);
8582 $final_random_seed = randbytes (16);
8583 $final_random_seed = unpack ("H*", $final_random_seed);
8585 elsif ($version == 2)
8589 $iteration = get_random_num (6000, 100000);
8591 $final_random_seed = randbytes (32);
8592 $final_random_seed = unpack ("H*", $final_random_seed);
8595 my $transf_random_seed = randbytes (32);
8596 $transf_random_seed = unpack ("H*", $transf_random_seed);
8598 my $enc_iv = randbytes (16);
8599 $enc_iv = unpack ("H*", $enc_iv);
8601 my $contents_hash = randbytes (32);
8602 $contents_hash = unpack ("H*", $contents_hash);
8604 my $inline_flag = 1;
8606 my $contents_len = get_random_num (128, 500);
8608 my $contents = randbytes ($contents_len);
8610 $contents_len += 16 - $contents_len % 16;
8612 $contents = unpack ("H*", $contents);
8616 my $is_keyfile = get_random_num (0, 2);
8618 my $keyfile_attributes = "";
8620 if ($is_keyfile == 1)
8622 $keyfile_attributes = $keyfile_attributes
8624 . unpack ("H*", randbytes (32));
8629 $salt_buf = $version . '*' .
8632 $final_random_seed . '*' .
8633 $transf_random_seed . '*' .
8635 $contents_hash . '*' .
8636 $inline_flag . '*' .
8637 $contents_len . '*' .
8639 $keyfile_attributes;
8641 elsif ($version == 2)
8643 $contents = randbytes (32);
8644 $contents = unpack ("H*", $contents);
8646 $salt_buf = $version . '*' .
8649 $final_random_seed . '*' .
8650 $transf_random_seed . '*' .
8652 $contents_hash . '*' .
8654 $keyfile_attributes;
8660 sub get_pstoken_salt
8662 my $pstoken_length = get_random_num (16, 256);
8664 ## not a valid pstoken but a better test
8665 ## because of random length
8667 my $pstoken_const = randbytes ($pstoken_length);
8669 return unpack ("H*", $pstoken_const);
8672 sub get_random_md5chap_salt
8674 my $salt_buf = shift;
8676 my $salt = unpack ("H*", $salt_buf);
8680 $salt .= unpack ("H*", randbytes (1));
8685 sub get_random_dnssec_salt
8691 for (my $i = 0; $i < 8; $i++)
8693 $salt_buf .= get_random_chr (0x61, 0x7a);
8696 $salt_buf .= ".net";
8700 for (my $i = 0; $i < 8; $i++)
8702 $salt_buf .= get_random_chr (0x30, 0x39);
8715 my $byte_off = int ($bit / 8);
8716 my $bit_off = int ($bit % 8);
8718 my $char = substr ($digest, $byte_off, 1);
8719 my $num = ord ($char);
8721 return (($num & (1 << $bit_off)) ? 1 : 0);
8730 my $constant_phrase =
8731 "To be, or not to be,--that is the question:--\n" .
8732 "Whether 'tis nobler in the mind to suffer\n" .
8733 "The slings and arrows of outrageous fortune\n" .
8734 "Or to take arms against a sea of troubles,\n" .
8735 "And by opposing end them?--To die,--to sleep,--\n" .
8736 "No more; and by a sleep to say we end\n" .
8737 "The heartache, and the thousand natural shocks\n" .
8738 "That flesh is heir to,--'tis a consummation\n" .
8739 "Devoutly to be wish'd. To die,--to sleep;--\n" .
8740 "To sleep! perchance to dream:--ay, there's the rub;\n" .
8741 "For in that sleep of death what dreams may come,\n" .
8742 "When we have shuffled off this mortal coil,\n" .
8743 "Must give us pause: there's the respect\n" .
8744 "That makes calamity of so long life;\n" .
8745 "For who would bear the whips and scorns of time,\n" .
8746 "The oppressor's wrong, the proud man's contumely,\n" .
8747 "The pangs of despis'd love, the law's delay,\n" .
8748 "The insolence of office, and the spurns\n" .
8749 "That patient merit of the unworthy takes,\n" .
8750 "When he himself might his quietus make\n" .
8751 "With a bare bodkin? who would these fardels bear,\n" .
8752 "To grunt and sweat under a weary life,\n" .
8753 "But that the dread of something after death,--\n" .
8754 "The undiscover'd country, from whose bourn\n" .
8755 "No traveller returns,--puzzles the will,\n" .
8756 "And makes us rather bear those ills we have\n" .
8757 "Than fly to others that we know not of?\n" .
8758 "Thus conscience does make cowards of us all;\n" .
8759 "And thus the native hue of resolution\n" .
8760 "Is sicklied o'er with the pale cast of thought;\n" .
8761 "And enterprises of great pith and moment,\n" .
8762 "With this regard, their currents turn awry,\n" .
8763 "And lose the name of action.--Soft you now!\n" .
8764 "The fair Ophelia!--Nymph, in thy orisons\n" .
8765 "Be all my sins remember'd.\n\x00";
8767 my $constant_len = length ($constant_phrase);
8769 my $hash_buf = md5 ($pw . $salt);
8775 for (my $round = 0; $round < $iter; $round++)
8777 my $shift_a = md5bit ($hash_buf, $round + 0);
8778 my $shift_b = md5bit ($hash_buf, $round + 64);
8783 for (my $k = 0; $k < 16; $k++)
8785 my $s7shift = ord (substr ($hash_buf, $k, 1)) % 8;
8787 my $l = ($k + 3) % 16;
8789 my $num = ord (substr ($hash_buf, $l, 1));
8791 $shift_4[$k] = $num % 5;
8793 $shift_7[$k] = ($num >> $s7shift) & 1;
8798 for (my $k = 0; $k < 16; $k++)
8800 $indirect_4[$k] = (ord (substr ($hash_buf, $k, 1)) >> $shift_4[$k]) & 0xf;
8805 for (my $k = 0; $k < 16; $k++)
8807 $indirect_7[$k] = (ord (substr ($hash_buf, $indirect_4[$k], 1)) >> $shift_7[$k]) & 0x7f;
8813 for (my $k = 0; $k < 8; $k++)
8815 $indirect_a |= md5bit ($hash_buf, $indirect_7[$k + 0]) << $k;
8817 $indirect_b |= md5bit ($hash_buf, $indirect_7[$k + 8]) << $k;
8820 $indirect_a = ($indirect_a >> $shift_a) & 0x7f;
8821 $indirect_b = ($indirect_b >> $shift_b) & 0x7f;
8823 my $bit_a = md5bit ($hash_buf, $indirect_a);
8824 my $bit_b = md5bit ($hash_buf, $indirect_b);
8834 if ($bit_a ^ $bit_b)
8836 substr ($W, 16, 48) = substr ($constant_phrase, 0, 48);
8840 $to_hash .= substr ($W, 0, 64);
8844 for ($constant_off = 48; $constant_off < $constant_len - 64; $constant_off += 64)
8846 substr ($W, 0, 64) = substr ($constant_phrase, $constant_off, 64);
8850 $to_hash .= substr ($W, 0, 64);
8853 $pos = $constant_len - $constant_off;
8857 substr ($W, 0, $pos) = substr ($constant_phrase, $constant_off, $pos);
8872 my $round_div = int ($tmp / 10);
8873 my $round_mod = int ($tmp % 10);
8877 $a_buf[int ($a_len / 4)] = (($round_mod + 0x30) | ($a_buf[int ($a_len / 4)] << 8));
8887 for ($g = 0; $g < $a_len; $g++)
8889 my $remainder = $a_buf[$g];
8895 while ($remainder > 0)
8897 $sub = $remainder >> (8 * $factor);
8899 if ($started != 1 || $sub > 0)
8903 $tmp_str = chr ($sub) . $tmp_str;
8905 $remainder -= ($sub << (8 * $factor));
8913 substr ($W, $pos, $a_len) = $tmp_str;
8919 $to_hash .= substr ($W, 0, $pos);
8921 $to_hash = substr ($to_hash, 0, $total);
8923 $hash_buf = md5 ($to_hash);
8928 $passwd .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 6, 1))) << 8) | (int (ord (substr ($hash_buf, 12, 1)))), 4);
8929 $passwd .= to64 ((int (ord (substr ($hash_buf, 1, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 13, 1)))), 4);
8930 $passwd .= to64 ((int (ord (substr ($hash_buf, 2, 1))) << 16) | (int (ord (substr ($hash_buf, 8, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8931 $passwd .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 9, 1))) << 8) | (int (ord (substr ($hash_buf, 15, 1)))), 4);
8932 $passwd .= to64 ((int (ord (substr ($hash_buf, 4, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8933 $passwd .= to64 ((int (ord (substr ($hash_buf, 11, 1)))), 2);
8940 die ("usage: $0 single|passthrough| [mode] [len]\n" .
8942 " $0 verify [mode] [hashfile] [cracks] [outfile]\n");
8947 my $block_ref = shift;
8951 my $value = 16 - $offset;
8953 for (my $i = $offset; $i < 16; $i++)
8955 push @{$block_ref}, $value;
8965 for (my $i = 0; $i < 18; $i++)
8967 for (my $j = 0; $j < 48; $j++)
8969 $p = ($p + 48 - $j) & 0xff;
8971 my $c = $lotus_magic_table[$p];
8973 $p = $in_ref->[$j] ^ $c;
8980 sub lotus_transform_password
8983 my $out_ref = shift;
8985 my $t = $out_ref->[15];
8987 for (my $i = 0; $i < 16; $i++)
8989 $t ^= $in_ref->[$i];
8991 my $c = $lotus_magic_table[$t];
8993 $out_ref->[$i] ^= $c;
8995 $t = $out_ref->[$i];
8999 sub mdtransform_norecalc
9001 my $state_ref = shift;
9002 my $block_ref = shift;
9006 push (@x, @{$state_ref});
9007 push (@x, @{$block_ref});
9009 for (my $i = 0; $i < 16; $i++)
9011 push (@x, $x[0 + $i] ^ $x[16 + $i]);
9016 for (my $i = 0; $i < 16; $i++)
9018 $state_ref->[$i] = $x[$i];
9024 my $state_ref = shift;
9025 my $checksum_ref = shift;
9026 my $block_ref = shift;
9028 mdtransform_norecalc ($state_ref, $block_ref);
9030 lotus_transform_password ($block_ref, $checksum_ref);
9035 my $saved_key_ref = shift;
9039 @{$saved_key_ref} = splice (@{$saved_key_ref}, 0, $size);
9041 my @state = (0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
9047 for ($curpos = 0; $curpos + 16 < $size; $curpos += 16)
9049 my $curpos16 = $curpos + 16;
9051 my @block = splice (@{$saved_key_ref}, 0, 16);
9053 mdtransform (\@state, \@checksum, \@block);
9056 my $left = $size - $curpos;
9058 my @block = splice (@{$saved_key_ref}, 0, 16);
9060 pad16 (\@block, $left);
9062 mdtransform (\@state, \@checksum, \@block);
9064 mdtransform_norecalc (\@state, \@checksum);
9069 sub pdf_compute_encryption_key
9071 my $word_buf = shift;
9072 my $padding = shift;
9087 $data .= substr ($padding, 0, 32 - length $word_buf);
9089 $data .= pack ("H*", $o);
9091 $data .= pack ("I", $P);
9093 $data .= pack ("H*", $id);
9099 $data .= pack ("I", -1);
9103 my $res = md5 ($data);
9107 for (my $i = 0; $i < 50; $i++)
9116 sub gen_random_wpa_eapol
9125 my $version = 1; # 802.1X-2001
9127 $ret .= pack ("C*", $version);
9129 my $type = 3; # means that this EAPOL frame is used to transfer key information
9131 $ret .= pack ("C*", $type);
9133 my $length; # length of remaining data
9144 $ret .= pack ("n*", $length);
9146 my $descriptor_type;
9150 $descriptor_type = 254; # EAPOL WPA key
9154 $descriptor_type = 1; # EAPOL RSN key
9157 $ret .= pack ("C*", $descriptor_type);
9159 # key_info is a bit vector:
9160 # generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3)
9164 $key_info |= 1 << 8; # set key MIC
9165 $key_info |= 1 << 3; # set if it is a pairwise key
9169 $key_info |= 1 << 0; # RC4 Cipher, HMAC-MD5 MIC
9173 $key_info |= 1 << 1; # AES Cipher, HMAC-SHA1 MIC
9176 $ret .= pack ("n*", $key_info);
9189 $ret .= pack ("n*", $key_length);
9191 my $replay_counter = 1;
9193 $ret .= pack ("Q>*", $replay_counter);
9197 my $key_iv = "\x00" x 16;
9201 my $key_rsc = "\x00" x 8;
9205 my $key_id = "\x00" x 8;
9209 my $key_mic = "\x00" x 16;
9217 $key_data_len = 24; # length of the key_data (== WPA info)
9221 $key_data_len = 22; # length of the key_data (== RSN info)
9224 $ret .= pack ("n*", $key_data_len);
9234 my $vendor_specific_data = "";
9236 my $tag_number = 221; # means it is a vendor specific tag
9238 $vendor_specific_data .= pack ("C*", $tag_number);
9240 my $tag_len = 22; # length of the remaining "tag data"
9242 $vendor_specific_data .= pack ("C*", $tag_len);
9244 my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft
9246 $vendor_specific_data .= $vendor_specific_oui;
9248 my $vendor_specific_oui_type = 1; # WPA Information Element
9250 $vendor_specific_data .= pack ("C*", $vendor_specific_oui_type);
9252 my $vendor_specific_wpa_version = 1;
9254 $vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version);
9258 my $vendor_specific_multicast_oui = pack ("H*", "0050f2");
9260 $vendor_specific_data .= $vendor_specific_multicast_oui;
9262 my $vendor_specific_multicast_type = 2; # TKIP
9264 $vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type);
9268 my $vendor_specific_unicast_count = 1;
9270 $vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count);
9272 my $vendor_specific_unicast_oui = pack ("H*", "0050f2");
9274 $vendor_specific_data .= $vendor_specific_multicast_oui;
9276 my $vendor_specific_unicast_type = 2; # TKIP
9278 $vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type);
9280 # Auth Key Management (AKM)
9282 my $auth_key_management_count = 1;
9284 $vendor_specific_data .= pack ("v*", $auth_key_management_count);
9286 my $auth_key_management_oui = pack ("H*", "0050f2");
9288 $vendor_specific_data .= $auth_key_management_oui;
9290 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
9292 $vendor_specific_data .= pack ("C*", $auth_key_management_type);
9294 $wpa_info = $vendor_specific_data;
9296 $key_data = $wpa_info;
9304 my $tag_number = 48; # RSN info
9306 $rsn_info .= pack ("C*", $tag_number);
9308 my $tag_len = 20; # length of the remaining "tag_data"
9310 $rsn_info .= pack ("C*", $tag_len);
9312 my $rsn_version = 1;
9314 $rsn_info .= pack ("v*", $rsn_version);
9316 # group cipher suite
9318 my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
9320 $rsn_info .= $group_cipher_suite_oui;
9322 my $group_cipher_suite_type = 4; # AES (CCM)
9324 $rsn_info .= pack ("C*", $group_cipher_suite_type);
9326 # pairwise cipher suite
9328 my $pairwise_cipher_suite_count = 1;
9330 $rsn_info .= pack ("v*", $pairwise_cipher_suite_count);
9332 my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
9334 $rsn_info .= $pairwise_cipher_suite_oui;
9336 my $pairwise_cipher_suite_type = 4; # AES (CCM)
9338 $rsn_info .= pack ("C*", $pairwise_cipher_suite_type);
9340 # Auth Key Management (AKM)
9342 my $auth_key_management_count = 1;
9344 $rsn_info .= pack ("v*", $auth_key_management_count);
9346 my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021
9348 $rsn_info .= $auth_key_management_oui;
9350 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
9352 $rsn_info .= pack ("C*", $auth_key_management_type);
9356 # bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required,
9357 # RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities
9359 my $rsn_capabilities = pack ("H*", "0000");
9361 $rsn_info .= $rsn_capabilities;
9363 $key_data = $rsn_info;
9379 my $data = "Pairwise key expansion";
9384 # Min(AA, SPA) || Max(AA, SPA)
9387 # compare if greater: Min()/Max() on the MACs (6 bytes)
9389 if (memcmp ($stmac, $bssid, 6) < 0)
9401 # Min(ANonce,SNonce) || Max(ANonce,SNonce)
9404 # compare if greater: Min()/Max() on the nonces (32 bytes)
9406 if (memcmp ($snonce, $anonce, 32) < 0)
9419 my $prf_buf = hmac ($data, $pmk, \&sha1);
9421 $prf_buf = substr ($prf_buf, 0, 16);
9432 my $len_str1 = length ($str1);
9433 my $len_str2 = length ($str2);
9435 if (($len > $len_str1) || ($len > $len_str2))
9437 print "ERROR: memcmp () lengths wrong";
9442 for (my $i = 0; $i < $len; $i++)
9444 my $c_1 = ord (substr ($str1, $i, 1));
9445 my $c_2 = ord (substr ($str2, $i, 1));
9447 return -1 if ($c_1 < $c_2);
9448 return 1 if ($c_1 > $c_2);