4 ## Author......: Jens Steube <jens.steube@gmail.com>
10 use Digest
::MD4 qw
(md4 md4_hex
);
11 use Digest
::MD5 qw
(md5 md5_hex
);
12 use Digest
::SHA qw
(sha1 sha256 sha384 sha512 sha1_hex sha256_hex sha384_hex sha512_hex
);
13 use Digest
::HMAC qw
(hmac hmac_hex
);
14 use Digest
::Keccak qw
(keccak_256_hex
);
15 use Crypt
::MySQL qw
(password41
);
16 use Digest
::GOST qw
(gost gost_hex
);
17 use Digest
::HMAC_MD5 qw
(hmac_md5
);
18 use Digest
::CRC qw
(crc32
);
21 use Crypt
::ECB qw
(encrypt PADDING_AUTO PADDING_NONE
);
23 use Crypt
::Eksblowfish
::Bcrypt qw
(bcrypt en_base64
);
24 use Crypt
::Digest
::RIPEMD160 qw
(ripemd160_hex
);
25 use Crypt
::Digest
::Whirlpool qw
(whirlpool_hex
);
27 use Crypt
::ScryptKDF qw
(scrypt_hash scrypt_b64
);
30 use Crypt
::UnixCrypt_XS qw
(crypt_rounds fold_password base64_to_int24 block_to_base64 int24_to_base64
);
32 use Authen
::Passphrase
::NTHash
;
33 use Authen
::Passphrase
::MySQL323
;
34 use Authen
::Passphrase
::PHPass
;
35 use Authen
::Passphrase
::LANManager
;
37 use POSIX qw
(strftime
);
39 use Net
::DNS
::RR
::NSEC3
;
40 use Convert
::EBCDIC qw
(ascii2ebcdic
);
41 use Digest
::SipHash qw
/siphash/;
43 my $hashcat = "./oclHashcat64.bin";
47 my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 130, 131, 132, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800);
49 my %is_unicode = map { $_ => 1 } qw(30 40 130 131 132 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800);
50 my %less_fifteen = map { $_ => 1 } qw(500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
51 my %allow_long_salt = map { $_ => 1 } qw(2500 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600);
53 my @lotus_magic_table =
55 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
56 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
57 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
58 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
59 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
60 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
61 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
62 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
63 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
64 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
65 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
66 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
67 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
68 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
69 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
70 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
71 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
72 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
73 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
74 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
75 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
76 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
77 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
78 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
79 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
80 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
81 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
82 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
83 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
84 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
85 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
86 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
91 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
92 0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
93 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
94 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a
97 my $CISCO_BASE64_MAPPING = {'A', '.', 'B', '/', 'C', '0', 'D', '1', 'E', '2', 'F', '3', 'G', '4', 'H', '5', 'I', '6', 'J', '7', 'K', '8', 'L', '9', 'M', 'A', 'N', 'B', 'O', 'C', 'P', 'D', 'Q', 'E', 'R', 'F', 'S', 'G', 'T', 'H', 'U', 'I', 'V', 'J', 'W', 'K', 'X', 'L', 'Y', 'M', 'Z', 'N', 'a', 'O', 'b', 'P', 'c', 'Q', 'd', 'R', 'e', 'S', 'f', 'T', 'g', 'U', 'h', 'V', 'i', 'W', 'j', 'X', 'k', 'Y', 'l', 'Z', 'm', 'a', 'n', 'b', 'o', 'c', 'p', 'd', 'q', 'e', 'r', 'f', 's', 'g', 't', 'h', 'u', 'i', 'v', 'j', 'w', 'k', 'x', 'l', 'y', 'm', 'z', 'n', '0', 'o', '1', 'p', '2', 'q', '3', 'r', '4', 's', '5', 't', '6', 'u', '7', 'v', '8', 'w', '9', 'x', '+', 'y', '/', 'z'};
110 if ($type ne "verify")
112 if (scalar @ARGV > 1)
117 elsif (scalar @ARGV == 1)
127 if ($type eq "single")
131 elsif ($type eq "passthrough")
142 if (scalar @ARGV != 4)
147 my $mode = shift @ARGV;
148 my $hash_file = shift @ARGV;
149 my $in_file = shift @ARGV;
150 my $out_file = shift @ARGV;
154 open (IN
, "<", $hash_file) or die ("$hash_file: $!\n");
156 # clever ? the resulting database could be huge
157 # but we need some way to map lines in hashfile w/ cracks
158 # maybe rli2 way would be more clever (needs sorted input)
160 while (my $line = <IN
>)
162 $line =~ s/[\n\r]*$//;
164 $db->{$line} = undef;
169 verify
($mode, $db, $in_file, $out_file);
177 my $out_file = shift;
196 open (IN
, "<", $in_file) or die ("$in_file: $!\n");
197 open (OUT
, ">", $out_file) or die ("$out_file: $!\n");
201 my $base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
202 my $itoa64_1 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
203 my $itoa64_2 = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
205 while (my $line = <IN
>)
212 # remember always do "exists ($db->{$hash_in})" checks as soon as possible and don't forget it
215 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3000 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5700 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 8600 || $mode == 9900 || $mode == 10800 || $mode == 11500)
217 my $index = index ($line, ":");
221 $hash_in = substr ($line, 0, $index);
223 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
225 $word = substr ($line, $index + 1);
228 elsif ($mode == 10 || $mode == 11 || $mode == 12 || $mode == 20 || $mode == 21 || $mode == 22 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 112 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1100 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 2611 || $mode == 2711 || $mode == 2811 || $mode == 3100 || $mode == 3610 || $mode == 3710 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 5800 || $mode == 7600 || $mode == 8400 || $mode == 11000 || $mode == 12600)
231 my $index1 = index ($line, ":");
235 $hash_in = substr ($line, 0, $index1);
237 # identify lenghts of both salt and plain
239 my $salt_plain = substr ($line, $index1 + 1);
241 my $num_cols = () = $salt_plain =~ /:/g;
250 foreach (my $i = 0; $i < $num_cols; $i++)
252 $index2 = index ($salt_plain, ":", $start);
256 $start = $index2 + 1;
258 $salt = substr ($salt_plain, 0, $index2);
259 $word = substr ($salt_plain, $index2 + 1);
261 # can't be true w/ wrong $hash:$salt, otherwise the
262 # algo must have many collisions
264 if (exists ($db->{$hash_in . ":" . $salt}))
266 $hash_in = $hash_in . ":" . $salt;
272 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
273 next unless (! defined ($db->{$hash_in}));
276 elsif ($mode == 2100)
279 my $index1 = index ($line, "\$DCC2\$");
281 next if $index1 != 0;
284 my $index2 = index ($line, "#", $index1 + 1);
288 $iter = substr ($line, $index1 + 6, $index2 - $index1 - 6);
291 $index1 = index ($line, "#");
295 $hash_in = substr ($line, 0, $index1 + 1);
297 # identify lenghts of both salt and plain
299 my $salt_plain = substr ($line, $index2 + 1);
301 my $num_cols = () = $salt_plain =~ /:/g;
311 foreach (my $i = 0; $i < $num_cols; $i++)
313 $index2 = index ($salt_plain, ":", $start);
317 $start = $index2 + 1;
319 $index3 = rindex ($salt_plain, "#", $index2);
321 $raw_hash = substr ($salt_plain, $index3 + 1, $index2 - $index3 - 1);
322 $salt = substr ($salt_plain, 0, $index3);
323 $word = substr ($salt_plain, $index2 + 1);
325 if (exists ($db->{$hash_in . $salt . "#" .$raw_hash}))
327 $hash_in = $hash_in . $salt . "#" . $raw_hash;
333 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
334 next unless (! defined ($db->{$hash_in}));
336 # salt:hash guaranteed only : because of hex salt
337 elsif ($mode == 7300)
339 # split hash and plain
340 my $index1 = index ($line, ":");
344 $salt = substr ($line, 0, $index1);
346 $salt = pack ("H*", $salt);
348 my $rest = substr ($line, $index1 + 1);
350 my $index2 = index ($rest, ":");
354 $hash_in = substr ($rest, 0, $index2);
356 $word = substr ($rest, $index2 + 1);
358 next unless (exists ($db->{$salt . ":" . $hash_in}) and (! defined ($db->{$hash_in})));
361 elsif ($mode == 8100)
363 # split hash and plain
364 $salt = substr ($line, 1, 8);
366 my $rest = substr ($line, 1 + 8);
368 my $index2 = index ($rest, ":");
372 $hash_in = substr ($rest, 0, $index2);
374 $word = substr ($rest, $index2 + 1);
376 next unless (exists ($db->{"1" . $salt . $hash_in}) and (! defined ($db->{$hash_in})));
378 # base64 and salt embedded SSHA1, salt length = total lenght - 20
381 # split hash and plain
382 my $index = index ($line, ":");
386 $hash_in = substr ($line, 0, $index);
387 $word = substr ($line, $index + 1);
389 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
392 my $plain_base64 = substr ($hash_in, 6);
394 # base64 decode to extract salt
395 my $decoded = decode_base64
($plain_base64);
397 $salt = substr ($decoded, 20);
399 # base64 and salt embedded SSHA512, salt length = total length - 64
400 elsif ($mode == 1711)
402 # split hash and plain
403 my $index = index ($line, ":");
407 $hash_in = substr ($line, 0, $index);
408 $word = substr ($line, $index + 1);
410 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
413 my $plain_base64 = substr ($hash_in, 9);
415 # base64 decode to extract salt
416 my $decoded = decode_base64
($plain_base64);
418 $salt = substr ($decoded, 64);
420 # OSX (first 8 hex chars is salt)
421 elsif ($mode == 122 || $mode == 1722)
423 my $index = index ($line, ":");
427 $hash_in = substr ($line, 0, $index);
428 $word = substr ($line, $index + 1);
430 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
432 $salt = substr ($hash_in, 0, 8);
434 # MSSQL (2000, 2005 AND 2012), salt after version number
435 elsif ($mode == 131 || $mode == 132 || $mode == 1731)
437 my $index = index ($line, ":");
441 $hash_in = substr ($line, 0, $index);
442 $word = substr ($line, $index + 1);
444 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
446 $salt = substr ($hash_in, 6, 8);
449 elsif ($mode == 8000)
451 my $index = index ($line, ":");
455 $hash_in = substr ($line, 0, $index);
456 $word = substr ($line, $index + 1);
458 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
460 $salt = substr ($hash_in, 6, 16);
463 elsif ($mode == 141 || $mode == 1441)
465 my $index1 = index ($line, ":");
469 $hash_in = substr ($line, 0, $index1);
470 $word = substr ($line, $index1 + 1);
472 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
474 my $index2 = index ($line, "*", 14);
476 #extract salt from base64
477 my $plain_base64 = substr ($hash_in, 14, $index2 - 14);
479 $salt = decode_base64
($plain_base64);
481 # phpass (first 8 after $P$/$H$ -- or $S$ with drupal7)
482 elsif ($mode == 400 || $mode == 7900)
484 my $index = index ($line, ":");
488 $hash_in = substr ($line, 0, $index);
489 $word = substr ($line, $index + 1);
491 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
493 $salt = substr ($hash_in, 4, 8);
495 # iterations = 2 ^ cost (where cost == $iter)
496 $iter = index ($itoa64_1, substr ($hash_in, 3, 1));
498 # $something$[rounds=iter$]salt$ (get last $, then check iter)
499 elsif ($mode == 500 || $mode == 1600 || $mode == 1800 || $mode == 3300 || $mode == 7400)
501 my $index1 = index ($line, ":", 30);
505 $hash_in = substr ($line, 0, $index1);
506 $word = substr ($line, $index1 + 1);
508 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
510 $index1 = index ($hash_in, ",", 1);
511 my $index2 = index ($hash_in, "\$", 1);
515 if ($index1 < $index2)
521 $param = substr ($hash_in, $index2, 1);
525 # rounds= if available
528 if (substr ($hash_in, $index2, 7) eq "rounds=")
530 my $old_index = $index2;
532 $index2 = index ($hash_in, "\$", $index2 + 1);
536 $iter = substr ($hash_in, $old_index + 7, $index2 - $old_index - 7);
542 my $index3 = rindex ($hash_in, "\$");
546 $salt = substr ($hash_in, $index2, $index3 - $index2);
548 # descrypt (salt in first 2 char)
549 elsif ($mode == 1500)
551 my $index = index ($line, ":");
555 $hash_in = substr ($line, 0, $index);
556 $word = substr ($line, $index + 1);
558 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
560 $salt = substr ($hash_in, 0, 2);
562 # bcrypt $something$something$salt.hash
563 elsif ($mode == 3200)
565 my $index1 = index ($line, ":", 33);
569 $hash_in = substr ($line, 0, $index1);
570 $word = substr ($line, $index1 + 1);
572 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
574 my $index2 = index ($hash_in, "\$", 4);
576 $iter = substr ($hash_in, 4, $index2 - 4);
578 my $plain_base64 = substr ($hash_in, $index2 + 1, 22);
583 for (my $i = 0; $i < length ($plain_base64); $i++)
585 my $char = substr ($plain_base64, $i, 1);
586 $encoded .= substr ($base64, index ($itoa64_2, $char), 1);
589 $salt = decode_base64
($encoded);
592 elsif ($mode == 4800)
594 my $index1 = index ($line, ":");
598 my $index2 = index ($line, ":", $index1 + 1);
602 my $index3 = index ($line, ":", $index2 + 1);
606 $salt = substr ($line, $index1 + 1, $index3 - $index1 - 1);
608 $word = substr ($line, $index3 + 1);
610 $hash_in = substr ($line, 0, $index3);
613 elsif ($mode == 5300 || $mode == 5400)
615 my $num_cols = () = $line =~ /:/g;
617 next unless ($num_cols >= 9);
622 for (my $j = 0; $j < 9; $j++)
624 $index1 = index ($line, ":", $index1 + 1);
635 $word = substr ($line, $index1 + 1);
637 $hash_in = substr ($line, 0, $index1);
639 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
641 my $index2 = rindex ($line, ":", $index1 - 1);
643 $salt = substr ($line, 0, $index2);
646 elsif ($mode == 5500)
648 my $index1 = index ($line, "::");
652 my $index2 = index ($line, ":", $index1 + 2);
656 $index2 = index ($line, ":", $index2 + 1);
660 $salt = substr ($line, 0, $index2);
662 $index2 = index ($line, ":", $index2 + 1);
666 $salt .= substr ($line, $index2 + 1, 16);
668 $index2 = index ($line, ":", $index2 + 1);
672 $hash_in = substr ($line, 0, $index2);
674 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
676 $word = substr ($line, $index2 + 1);
679 elsif ($mode == 5600)
681 my $index1 = index ($line, "::");
685 my $index2 = index ($line, ":", $index1 + 2);
689 $index2 = index ($line, ":", $index2 + 1);
693 $salt = substr ($line, 0, $index2);
695 $index1 = index ($line, ":", $index2 + 1);
699 $index2 = index ($line, ":", $index1 + 1);
703 $salt .= substr ($line, $index1 + 1, $index2 - $index1 - 1);
705 $hash_in = substr ($line, 0, $index2);
707 # do it later on for this hash mode:
708 # next unless ((exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))) or (exists ($db->{$mod}) and (! defined ($db->{$mod}))));
710 $word = substr ($line, $index2 + 1);
712 # AIX smd5 something BRACE salt$
713 elsif ($mode == 6300)
715 my $index1 = index ($line, ":");
719 $hash_in = substr ($line, 0, $index1);
720 $word = substr ($line, $index1 + 1);
722 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
724 my $index2 = index ($hash_in, "}");
725 my $index3 = rindex ($hash_in, "\$");
727 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
729 # AIX: something$salt$ (no $ at position 1)
730 elsif ($mode == 6400 || $mode == 6500 || $mode == 6700)
732 my $index1 = index ($line, ":");
736 $hash_in = substr ($line, 0, $index1);
737 $word = substr ($line, $index1 + 1);
739 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
741 my $index2 = index ($hash_in, "}");
742 my $index3 = index ($hash_in, "\$");
743 my $index4 = rindex ($hash_in, "\$");
745 $salt = substr ($hash_in, $index3 + 1, $index4 - $index3 - 1);
747 $iter = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
749 # 1Password, agilekeychain
750 elsif ($mode == 6600)
752 my $num_cols = () = $line =~ /:/g;
754 next unless ($num_cols > 2);
756 my $index1 = index ($line, ":");
760 $iter = substr ($line, 0, $index1);
762 my $index2 = index ($line, ":", $index1 + 1);
766 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
768 $index1 = index ($line, ":", $index2 + 1);
772 $salt .= substr ($line, $index2 + 1, $index1 - $index2 - 33);
774 $hash_in = substr ($line, 0, $index1);
776 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
778 $word = substr ($line, $index1 + 1);
780 # 1Password, cloudkeychain
781 elsif ($mode == 8200)
783 my @datas = split (":", $line);
785 next if scalar @datas < 4;
787 my $hash = shift @datas;
788 $salt = shift @datas;
789 $iter = shift @datas;
790 my $data = shift @datas;
792 $hash_in = $hash . ":" . $salt . ":" . $iter . ":" . $data;
796 $word = join (":", @datas);
798 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
800 # lastpass (hash:iter:salt)
801 elsif ($mode == 6800)
803 my $index1 = index ($line, ":", 34);
807 $hash_in = substr ($line, 0, $index1);
809 # identify lenghts of both salt and plain
811 my $salt_plain = substr ($line, $index1 + 1);
813 my $num_cols = () = $salt_plain =~ /:/g;
822 foreach (my $i = 0; $i < $num_cols; $i++)
824 $index2 = index ($salt_plain, ":", $start);
828 $start = $index2 + 1;
830 $salt = substr ($salt_plain, 0, $index2);
831 $word = substr ($salt_plain, $index2 + 1);
833 # can't be true w/ wrong $hash:$salt, otherwise the
834 # algo must have many collisions
836 if (exists ($db->{$hash_in . ":" . $salt}))
838 $hash_in = $hash_in . ":" . $salt;
844 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
845 next unless (! defined ($db->{$hash_in}));
847 $index1 = index ($hash_in, ":");
848 $index2 = index ($hash_in, ":", $index1 + 1);
850 $iter = substr ($hash_in, $index1 + 1, $index2 - $index1 - 1);
851 $salt = substr ($hash_in, $index2 + 1);
853 # OSX 10.* : $something$iter$salt$
854 elsif ($mode == 7100)
856 my $index1 = index ($line, ":");
860 $hash_in = substr ($line, 0, $index1);
861 $word = substr ($line, $index1 + 1);
863 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
865 my $index2 = index ($hash_in, "\$", 5);
869 my $index3 = index ($hash_in, "\$", $index2 + 1);
871 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
873 $iter = substr ($hash_in, 4, $index2 - 4);
875 next if (int ($iter) < 1);
877 # grub: something1.something2.something3.iter.salt.
878 elsif ($mode == 7200)
880 my $index1 = index ($line, ":");
884 $hash_in = substr ($line, 0, $index1);
885 $word = substr ($line, $index1 + 1);
887 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
889 my $index2 = index ($hash_in, ".", 19);
893 my $index3 = index ($hash_in, ".", $index2 + 1);
895 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
897 $iter = substr ($hash_in, 19, $index2 - 19);
899 next if (int ($iter) < 1);
901 # $something1$something2$something3$something4$salt$
902 elsif ($mode == 7500 )
904 my $index1 = index ($line, "\$", 11);
908 my $index2 = index ($line, "\$", $index1 + 1);
912 my $index3 = index ($line, "\$", $index2 + 1);
916 $index2 = index ($line, ":", $index3 + 1);
920 $hash_in = substr ($line, 0, $index2);
921 $word = substr ($line, $index2 + 1);
923 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
925 $salt = substr ($hash_in, 11, $index3 - 10);
926 $salt .= substr ($hash_in, $index2 - 32) . "\$\$";
927 $salt .= substr ($hash_in, $index3 + 1, $index2 - $index3 - 32 - 1);
930 elsif ($mode == 7700 || $mode == 7800)
932 my @split1 = split (":", $line);
934 next unless scalar @split1 == 2;
936 my @split2 = split ('\$', $split1[0]);
938 next unless scalar @split2 == 2;
940 $hash_in = $split1[0];
944 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
949 elsif ($mode == 8300)
951 my @datas = split (":", $line);
953 next if scalar @datas != 5;
958 ($hash, $domain, $salt, $iter, $word) = @datas;
960 $hash_in = $hash . ":" . $domain . ":" . $salt . ":" . $iter;
962 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
964 $salt = $domain . ":" . $salt;
967 elsif ($mode == 8500)
969 my @line_elements = split (":", $line);
971 next if scalar @line_elements < 2;
975 $hash_in = shift @line_elements;
977 $word = join (":", @line_elements);
981 my @hash_elements = split ('\*', $hash_in);
983 next unless ($hash_elements[0] eq '$racf$');
985 $salt = $hash_elements[1];
987 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
990 elsif ($mode == 8700)
992 # split hash and plain
993 my $index = index ($line, ":");
997 $hash_in = substr ($line, 0, $index);
998 $word = substr ($line, $index + 1);
1000 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1002 my $plain_base64 = substr ($hash_in, 2, -1);
1004 ($_, $salt, $param) = domino_decode
($plain_base64);
1007 elsif ($mode == 2612)
1009 next unless (substr ($line, 0, 6) eq '$PHPS$');
1012 my $index1 = index ($line, "\$", 6);
1014 next if $index1 < 1;
1016 $salt = substr ($line, 6, $index1 - 6);
1018 $salt = pack ("H*", $salt);
1020 my $index2 = index ($line, "\:", $index1 + 1);
1022 next if $index2 < 1;
1024 $word = substr ($line, $index2 + 1);
1026 $hash_in = substr ($line, 0, $index2);
1028 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1031 elsif ($mode == 3711)
1033 next unless (substr ($line, 0, 3) eq '$B$');
1036 my $index1 = index ($line, "\$", 3);
1038 next if $index1 < 1;
1040 $salt = substr ($line, 3, $index1 - 3);
1042 my $index2 = index ($line, ":", $index1 + 1);
1044 next if $index2 < 1;
1046 $word = substr ($line, $index2 + 1);
1048 $hash_in = substr ($line, 0, $index2);
1050 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1053 elsif ($mode == 8900)
1055 next unless (substr ($line, 0, 7) eq 'SCRYPT:');
1058 my $index1 = index ($line, ":", 7);
1060 next if $index1 < 1;
1063 my $N = substr ($line, 7, $index1 - 7);
1065 my $index2 = index ($line, ":", $index1 + 1);
1067 next if $index2 < 1;
1070 my $r = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1072 $index1 = index ($line, ":", $index2 + 1);
1074 next if $index1 < 1;
1077 my $p = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1083 $index2 = index ($line, ":", $index1 + 1);
1085 next if $index2 < 1;
1088 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1090 $salt = decode_base64
($salt);
1092 $index1 = index ($line, ":", $index2 + 1);
1094 next if $index1 < 1;
1098 $word = substr ($line, $index1 + 1);
1099 $hash_in = substr ($line, 0, $index1);
1101 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1104 elsif ($mode == 9100)
1106 # split hash and plain
1107 my $index = index ($line, ":");
1111 $hash_in = substr ($line, 0, $index);
1112 $word = substr ($line, $index + 1);
1114 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1116 my $base64_part = substr ($hash_in, 2, -1);
1118 ($_, $salt, $iter, $param) = domino_85x_decode
($base64_part);
1120 next if ($iter < 1);
1122 # Cisco $8$ - PBKDF2-HMAC-SHA256
1123 elsif ($mode == 9200)
1125 next unless (substr ($line, 0, 3) eq '$8$');
1128 my $index1 = index ($line, "\$", 3);
1130 next if $index1 != 17;
1132 my $index2 = index ($line, "\$", $index1 + 1);
1135 $salt = substr ($line, 3, $index1 - 3);
1137 $index1 = index ($line, ":", $index1 + 1);
1139 next if $index1 < 1;
1143 $word = substr ($line, $index1 + 1);
1144 $hash_in = substr ($line, 0, $index1);
1146 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1148 # Cisco $9$ - scrypt
1149 elsif ($mode == 9300)
1151 next unless (substr ($line, 0, 3) eq '$9$');
1154 my $index1 = index ($line, "\$", 3);
1156 next if $index1 != 17;
1158 my $index2 = index ($line, "\$", $index1 + 1);
1161 $salt = substr ($line, 3, $index1 - 3);
1163 $index1 = index ($line, ":", $index1 + 1);
1165 next if $index1 < 1;
1169 $word = substr ($line, $index1 + 1);
1170 $hash_in = substr ($line, 0, $index1);
1172 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1175 elsif ($mode == 9400)
1177 ($hash_in, $word) = split ":", $line;
1179 next unless defined $hash_in;
1180 next unless defined $word;
1182 my @data = split /\*/, $hash_in;
1184 next unless scalar @data == 8;
1186 next unless (shift @data eq '$office$');
1187 next unless (shift @data eq '2007');
1188 next unless (shift @data eq '20');
1190 my $aes_key_size = shift @data;
1192 next unless (($aes_key_size eq '128') || ($aes_key_size eq '256'));
1193 next unless (shift @data eq '16');
1195 next unless (length $data[0] == 32);
1196 next unless (length $data[1] == 32);
1197 next unless (length $data[2] == 40);
1199 $salt = shift @data;
1200 $param = shift @data;
1201 $param2 = $aes_key_size;
1203 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1206 elsif ($mode == 9500)
1208 ($hash_in, $word) = split ":", $line;
1210 next unless defined $hash_in;
1211 next unless defined $word;
1213 my @data = split /\*/, $hash_in;
1215 next unless scalar @data == 8;
1217 next unless (shift @data eq '$office$');
1218 next unless (shift @data eq '2010');
1219 next unless (shift @data eq '100000');
1220 next unless (shift @data eq '128');
1221 next unless (shift @data eq '16');
1223 next unless (length $data[0] == 32);
1224 next unless (length $data[1] == 32);
1225 next unless (length $data[2] == 64);
1227 $salt = shift @data;
1228 $param = shift @data;
1230 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1233 elsif ($mode == 9600)
1235 ($hash_in, $word) = split ":", $line;
1237 next unless defined $hash_in;
1238 next unless defined $word;
1240 my @data = split /\*/, $hash_in;
1242 next unless scalar @data == 8;
1244 next unless (shift @data eq '$office$');
1245 next unless (shift @data eq '2013');
1246 next unless (shift @data eq '100000');
1247 next unless (shift @data eq '256');
1248 next unless (shift @data eq '16');
1250 next unless (length $data[0] == 32);
1251 next unless (length $data[1] == 32);
1252 next unless (length $data[2] == 64);
1254 $salt = shift @data;
1255 $param = shift @data;
1257 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1260 elsif ($mode == 9700)
1262 ($hash_in, $word) = split ":", $line;
1264 next unless defined $hash_in;
1265 next unless defined $word;
1267 my @data = split /\*/, $hash_in;
1269 next unless scalar @data == 4;
1271 my $signature = shift @data;
1273 next unless (($signature eq '$oldoffice$0') || ($signature eq '$oldoffice$1'));
1275 next unless (length $data[0] == 32);
1276 next unless (length $data[1] == 32);
1277 next unless (length $data[2] == 32);
1279 $salt = shift @data;
1280 $param = shift @data;
1281 $param2 = substr ($signature, 11, 1);
1283 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1286 elsif ($mode == 9800)
1288 ($hash_in, $word) = split ":", $line;
1290 next unless defined $hash_in;
1291 next unless defined $word;
1293 my @data = split /\*/, $hash_in;
1295 next unless scalar @data == 4;
1297 my $signature = shift @data;
1299 next unless (($signature eq '$oldoffice$3') || ($signature eq '$oldoffice$4'));
1301 next unless (length $data[0] == 32);
1302 next unless (length $data[1] == 32);
1303 next unless (length $data[2] == 40);
1305 $salt = shift @data;
1306 $param = shift @data;
1307 $param2 = substr ($signature, 11, 1);
1309 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1311 # Django (PBKDF2-SHA256)
1312 elsif ($mode == 10000)
1314 next unless (substr ($line, 0, 14) eq 'pbkdf2_sha256$');
1317 my $index1 = index ($line, "\$", 14);
1319 next if $index1 < 1;
1321 my $index2 = index ($line, "\$", $index1 + 1);
1325 $iter = substr ($line, 14, $index1 - 14);
1329 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1333 $index1 = index ($line, ":", $index2 + 1);
1335 next if $index1 < 1;
1337 $word = substr ($line, $index1 + 1);
1338 $hash_in = substr ($line, 0, $index1);
1340 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1343 elsif ($mode == 10100)
1347 ($hash, undef, undef, $salt, $word) = split ":", $line;
1349 next unless defined $hash;
1350 next unless defined $salt;
1351 next unless defined $word;
1353 next unless (length $hash == 16);
1354 next unless (length $salt == 32);
1356 my $hash_in = sprintf ("%s:2:4:%s", $hash, $salt);
1358 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1361 elsif ($mode == 10200)
1363 next unless (substr ($line, 0, 10) eq '$cram_md5$');
1366 my $index1 = index ($line, "\$", 10);
1368 next if $index1 < 1;
1372 my $challengeb64 = substr ($line, 10, $index1 - 10);
1373 $salt = decode_base64
($challengeb64);
1377 my $index2 = index ($line, ":", $index1 + 1);
1379 next if $index2 < 1;
1381 my $responseb64 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1382 my $response = decode_base64
($responseb64);
1384 $param = substr ($response, 0, length ($response) - 32 - 1); # -1 is for space
1386 $word = substr ($line, $index2 + 1);
1387 $hash_in = substr ($line, 0, $index2);
1389 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1391 # SAP CODVN H (PWDSALTEDHASH) iSSHA-1
1392 elsif ($mode == 10300)
1394 next unless (substr ($line, 0, 10) eq '{x-issha, ');
1398 my $index1 = index ($line, "}", 10);
1400 next if $index1 < 1;
1402 $iter = substr ($line, 10, $index1 - 10);
1404 $iter = int ($iter);
1408 my $base64_encoded = substr ($line, $index1 + 1);
1409 my $base64_decoded = decode_base64
($base64_encoded);
1411 $salt = substr ($base64_decoded, 20);
1413 my $index2 = index ($line, ":", $index1 + 1);
1415 next if $index2 < 1;
1417 $word = substr ($line, $index2 + 1);
1418 $hash_in = substr ($line, 0, $index2);
1420 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1422 # PDF 1.1 - 1.3 (Acrobat 2 - 4)
1423 elsif ($mode == 10400)
1425 ($hash_in, $word) = split ":", $line;
1427 next unless defined $hash_in;
1428 next unless defined $word;
1430 my @data = split /\*/, $hash_in;
1432 next unless scalar @data == 11;
1434 next unless (shift @data eq '$pdf$1');
1435 next unless (shift @data eq '2');
1436 next unless (shift @data eq '40');
1437 my $P = shift @data;
1438 next unless (shift @data eq '0');
1439 next unless (shift @data eq '16');
1440 my $id = shift @data;
1441 next unless (shift @data eq '32');
1442 my $u = shift @data;
1443 next unless (shift @data eq '32');
1444 my $o = shift @data;
1451 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1453 # PDF 1.4 - 1.6 (Acrobat 5 - 8)
1454 elsif ($mode == 10500)
1456 ($hash_in, $word) = split ":", $line;
1458 next unless defined $hash_in;
1459 next unless defined $word;
1461 my @data = split /\*/, $hash_in;
1463 next unless scalar @data == 11;
1465 my $V = shift @data; $V = substr ($V, 5, 1);
1466 my $R = shift @data;
1467 next unless (shift @data eq '128');
1468 my $P = shift @data;
1469 my $enc = shift @data;
1470 next unless (shift @data eq '16');
1471 my $id = shift @data;
1472 next unless (shift @data eq '32');
1473 my $u = shift @data;
1474 next unless (shift @data eq '32');
1475 my $o = shift @data;
1485 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1487 # PDF 1.7 Level 3 (Acrobat 9)
1488 elsif ($mode == 10600)
1490 ($hash_in, $word) = split ":", $line;
1492 next unless defined $hash_in;
1493 next unless defined $word;
1495 my @data = split /\*/, $hash_in;
1497 next unless scalar @data >= 11;
1499 next unless (shift @data eq '$pdf$5');
1500 next unless (shift @data eq '5');
1501 next unless (shift @data eq '256');
1502 next unless (shift @data eq '-1028');
1503 next unless (shift @data eq '1');
1504 next unless (shift @data eq '16');
1505 my $id = shift @data;
1506 my $rest = join "*", @data;
1511 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1513 # PDF 1.7 Level 8 (Acrobat 10 - 11)
1514 elsif ($mode == 10700)
1516 ($hash_in, $word) = split ":", $line;
1518 next unless defined $hash_in;
1519 next unless defined $word;
1521 my @data = split /\*/, $hash_in;
1523 next unless scalar @data >= 11;
1525 next unless (shift @data eq '$pdf$5');
1526 next unless (shift @data eq '6');
1527 next unless (shift @data eq '256');
1528 next unless (shift @data eq '-1028');
1529 next unless (shift @data eq '1');
1530 next unless (shift @data eq '16');
1531 my $id = shift @data;
1532 my $rest = join "*", @data;
1537 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1539 # PBKDF2-HMAC-SHA256
1540 elsif ($mode == 10900)
1542 next unless (substr ($line, 0, 7) eq 'sha256:');
1545 my $index1 = index ($line, ":", 7);
1547 next if $index1 < 1;
1549 $iter = substr ($line, 7, $index1 - 7);
1553 my $index2 = index ($line, ":", $index1 + 1);
1555 next if $index2 < 1;
1557 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1559 $salt = decode_base64
($salt);
1563 $index1 = index ($line, ":", $index2 + 1);
1565 next if $index1 < 1;
1567 # additional param = output len of pbkdf2
1569 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1571 my $digest = decode_base64
($digest64_encoded);
1573 $param = length ($digest);
1577 $word = substr ($line, $index1 + 1);
1578 $hash_in = substr ($line, 0, $index1);
1580 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1582 # PostgreSQL MD5 Authentication
1583 elsif ($mode == 11100)
1585 next unless (substr ($line, 0, 10) eq '$postgres$');
1587 my $index1 = index ($line, "*", 10);
1589 next if $index1 < 1;
1593 $param = substr ($line, 10, $index1 - 10);
1595 # get the 4 byte salt
1597 my $index2 = index ($line, "*", $index1 + 1);
1599 next if $index2 < 1;
1601 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1605 $index1 = index ($line, ":", $index2 + 1);
1607 next if $index1 < 1;
1609 $word = substr ($line, $index1 + 1);
1610 $hash_in = substr ($line, 0, $index1);
1612 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1614 # MySQL MD5 Authentication
1615 elsif ($mode == 11200)
1617 next unless (substr ($line, 0, 9) eq '$mysqlna$');
1619 my $index1 = index ($line, "*", 9);
1621 next if $index1 < 1;
1625 $salt = substr ($line, 9, $index1 - 9);
1629 $index1 = index ($line, ":", $index1 + 1);
1631 next if $index1 < 1;
1633 $word = substr ($line, $index1 + 1);
1634 $hash_in = substr ($line, 0, $index1);
1636 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1639 elsif ($mode == 2500)
1641 print "ERROR: verify currently not supported for WPA/WPA2 (because of oclHashcat's output format)\n";
1645 # Bitcoin/Litecoin wallet.dat
1646 elsif ($mode == 11300)
1648 print "ERROR: verify currently not supported for Bitcoin/Litecoin wallet.dat because of unknown crypt data\n";
1652 # SIP digest authentication (MD5)
1653 elsif ($mode == 11400)
1655 next unless (substr ($line, 0, 6) eq '$sip$*');
1659 my $index1 = index ($line, "*", 6);
1661 next if $index1 < 0;
1663 $param10 = substr ($line, 6, $index1 - 6);
1665 next if (length ($param10) > 32);
1669 my $index2 = index ($line, "*", $index1 + 1);
1671 next if $index2 < 0;
1673 $param11 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1675 next if (length ($param11) > 32);
1679 $index1 = index ($line, "*", $index2 + 1);
1681 next if $index1 < 0;
1683 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1685 next if (length ($param) > 12);
1689 $index2 = index ($line, "*", $index1 + 1);
1691 next if $index2 < 0;
1693 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1695 next if (length ($param2) > 20);
1699 $index1 = index ($line, "*", $index2 + 1);
1701 next if $index1 < 0;
1703 $param6 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1705 next if (length ($param6) > 24);
1709 $index2 = index ($line, "*", $index1 + 1);
1711 next if $index2 < 0;
1713 $param7 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1715 next if (length ($param7) > 10);
1719 $index1 = index ($line, "*", $index2 + 1);
1721 next if $index1 < 0;
1723 $param8 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1725 next if (length ($param8) > 32);
1729 $index2 = index ($line, "*", $index1 + 1);
1731 next if $index2 < 0;
1733 $param9 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1735 next if (length ($param9) > 32);
1739 $index1 = index ($line, "*", $index2 + 1);
1741 next if $index1 < 0;
1743 $salt = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1745 next if (length ($salt) > 34);
1749 $index2 = index ($line, "*", $index1 + 1);
1751 next if $index2 < 0;
1753 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1755 next if (length ($param4) > 12);
1759 $index1 = index ($line, "*", $index2 + 1);
1761 next if $index1 < 0;
1763 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1765 next if (length ($param3) > 10);
1769 $index2 = index ($line, "*", $index1 + 1);
1771 next if $index2 < 0;
1773 $param5 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1775 next if (length ($param5) > 8);
1779 $index1 = index ($line, "*", $index2 + 1);
1781 next if $index1 < 0;
1783 my $directive = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1785 next unless ($directive eq "MD5");
1789 $index2 = index ($line, ":", $index1 + 1);
1791 next if $index2 < 0;
1793 my $hex_digest = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1795 next unless (length ($hex_digest) == 32);
1797 $word = substr ($line, $index2 + 1);
1798 $hash_in = substr ($line, 0, $index2);
1800 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1803 elsif ($mode == 11600)
1805 next unless (substr ($line, 0, 4) eq '$7z$');
1809 my $index1 = index ($line, '$', 4);
1811 next if $index1 < 0;
1813 my $p = substr ($line, 4, $index1 - 4);
1815 next unless ($p eq "0");
1819 my $index2 = index ($line, '$', $index1 + 1);
1821 next if $index2 < 0;
1823 $iter = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1825 # seven zip salt length
1827 $index1 = index ($line, '$', $index2 + 1);
1829 next if $index1 < 0;
1831 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1835 $index2 = index ($line, '$', $index1 + 1);
1837 next if $index2 < 0;
1839 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1843 $index1 = index ($line, '$', $index2 + 1);
1845 next if $index1 < 0;
1847 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1851 $index2 = index ($line, '$', $index1 + 1);
1853 next if $index2 < 0;
1855 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1857 $salt = pack ("H*", $salt);
1861 $index1 = index ($line, '$', $index2 + 1);
1863 next if $index1 < 0;
1865 my $crc = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1867 # ignore this crc, we don't need to pass it to gen_hash ()
1871 $index2 = index ($line, '$', $index1 + 1);
1873 next if $index2 < 0;
1875 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1879 $index1 = index ($line, '$', $index2 + 1);
1881 next if $index1 < 0;
1883 $param5 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1887 $index2 = index ($line, ':', $index1 + 1);
1889 next if $index2 < 0;
1891 $param6 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1892 $param6 = pack ("H*", $param6);
1894 $word = substr ($line, $index2 + 1);
1895 $hash_in = substr ($line, 0, $index2);
1897 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1900 elsif ($mode == 11900)
1902 next unless (substr ($line, 0, 4) eq 'md5:');
1905 my $index1 = index ($line, ":", 4);
1907 next if $index1 < 1;
1909 $iter = substr ($line, 4, $index1 - 4);
1913 my $index2 = index ($line, ":", $index1 + 1);
1915 next if $index2 < 1;
1917 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1919 $salt = decode_base64
($salt);
1923 $index1 = index ($line, ":", $index2 + 1);
1925 next if $index1 < 1;
1927 # additional param = output len of pbkdf2
1929 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1931 my $digest = decode_base64
($digest64_encoded);
1933 $param = length ($digest);
1937 $word = substr ($line, $index1 + 1);
1938 $hash_in = substr ($line, 0, $index1);
1940 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1943 elsif ($mode == 12000)
1945 next unless (substr ($line, 0, 5) eq 'sha1:');
1948 my $index1 = index ($line, ":", 5);
1950 next if $index1 < 1;
1952 $iter = substr ($line, 5, $index1 - 5);
1956 my $index2 = index ($line, ":", $index1 + 1);
1958 next if $index2 < 1;
1960 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1962 $salt = decode_base64
($salt);
1966 $index1 = index ($line, ":", $index2 + 1);
1968 next if $index1 < 1;
1970 # additional param = output len of pbkdf2
1972 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1974 my $digest = decode_base64
($digest64_encoded);
1976 $param = length ($digest);
1980 $word = substr ($line, $index1 + 1);
1981 $hash_in = substr ($line, 0, $index1);
1983 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1985 # PBKDF2-HMAC-SHA512
1986 elsif ($mode == 12100)
1988 next unless (substr ($line, 0, 7) eq 'sha512:');
1991 my $index1 = index ($line, ":", 7);
1993 next if $index1 < 1;
1995 $iter = substr ($line, 7, $index1 - 7);
1999 my $index2 = index ($line, ":", $index1 + 1);
2001 next if $index2 < 1;
2003 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2005 $salt = decode_base64
($salt);
2009 $index1 = index ($line, ":", $index2 + 1);
2011 next if $index1 < 1;
2013 # additional param = output len of pbkdf2
2015 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
2017 my $digest = decode_base64
($digest64_encoded);
2019 $param = length ($digest);
2023 $word = substr ($line, $index1 + 1);
2024 $hash_in = substr ($line, 0, $index1);
2026 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2029 elsif ($mode == 12200)
2031 next unless (substr ($line, 0, 12) eq '$ecryptfs$0$');
2033 # check if default salt
2037 $param = 0 if (substr ($line, 12, 2) eq '1$');
2045 if ($param == 0) # we need to extract the salt
2047 $index1 = index ($line, '$', $index1);
2049 next if $index1 < 1;
2051 my $index2 = index ($line, '$', $index1 + 1);
2053 next if $index2 < 1;
2055 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2060 $index1 = index ($line, ':', $index1 + 1);
2062 next if $index1 < 1;
2066 $word = substr ($line, $index1 + 1);
2067 $hash_in = substr ($line, 0, $index1);
2069 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2071 # Oracle T: Type (Oracle 12+)
2072 elsif ($mode == 12300)
2074 my $index1 = index ($line, ':');
2076 next if ($index1 != 160);
2080 $salt = substr ($line, 128, 32);
2084 $word = substr ($line, $index1 + 1);
2085 $hash_in = substr ($line, 0, $index1);
2087 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2089 # BSDiCrypt, Extended DES
2090 elsif ($mode == 12400)
2092 next unless (substr ($line, 0, 1) eq '_');
2094 my $index1 = index ($line, ':', 20);
2096 next if ($index1 != 20);
2100 $iter = substr ($line, 1, 4);
2102 $iter = base64_to_int24
($iter);
2106 $salt = substr ($line, 5, 4);
2110 $word = substr ($line, $index1 + 1);
2111 $hash_in = substr ($line, 0, $index1);
2113 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2115 # Blockchain, My Wallet
2116 elsif ($mode == 12700)
2118 my $index1 = index ($line, ':');
2120 next if ($index1 < 0);
2122 $hash_in = substr ($line, 0, $index1);
2123 $word = substr ($line, $index1 + 1);
2125 my (undef, $signature, $data_len, $data_buf) = split '\$', $hash_in;
2127 next unless ($signature eq "blockchain");
2129 next unless (($data_len * 2) == length $data_buf);
2131 $salt = substr ($data_buf, 0, 32);
2132 $param = substr ($data_buf, 32);
2134 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2136 elsif ($mode == 12800)
2138 ($hash_in, $word) = split ":", $line;
2140 next unless defined $hash_in;
2141 next unless defined $word;
2143 my @data = split /\,/, $hash_in;
2145 next unless scalar @data == 4;
2147 next unless (shift @data eq 'v1;PPH1_MD4');
2149 $salt = shift @data;
2150 $iter = shift @data;
2152 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2156 print "ERROR: hash mode is not supported\n";
2161 if ($word =~ m/^\$HEX\[[0-9a-fA-F]*\]$/)
2163 $word = pack ("H*", substr ($word, 5, -1));
2166 # finally generate the hash
2171 # check both variations
2172 $hash_out = gen_hash
($mode, $word, $salt, $iter, 1);
2174 $len = length $hash_out; # == length $alternative
2176 if (substr ($line, 0, $len) ne $hash_out)
2178 my $alternative = gen_hash
($mode, $word, $salt, $iter, 2);
2180 return unless (substr ($line, 0, $len) eq $alternative);
2183 elsif ($mode == 8700)
2185 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2187 $len = length $hash_out;
2189 return unless (substr ($line, 0, $len) eq $hash_out);
2191 elsif ($mode == 8900)
2193 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2195 $len = length $hash_out;
2197 return unless (substr ($line, 0, $len) eq $hash_out);
2199 elsif ($mode == 9100)
2201 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2203 $len = length $hash_out;
2205 return unless (substr ($line, 0, $len) eq $hash_out);
2207 elsif ($mode == 190)
2209 $hash_out = gen_hash
($mode, $word, $salt, $iter, 0);
2211 $len = length $hash_out; # == length $alternative
2213 if (substr ($line, 0, $len) ne $hash_out)
2215 my $alternative = gen_hash
($mode, $word, $salt, $iter, 1);
2217 return unless (substr ($line, 0, $len) eq $alternative);
2220 elsif ($mode == 3300)
2222 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2224 $len = length $hash_out;
2226 return unless (substr ($line, 0, $len) eq $hash_out);
2228 elsif ($mode == 5100)
2230 # check 3 variants (start, middle, end)
2234 $hash_out = gen_hash
($mode, $word, $salt, $iter, $idx++);
2236 $len = length $hash_out; # == length $alternative
2238 if (substr ($line, 0, $len) ne $hash_out)
2240 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2242 if (substr ($line, 0, $len) ne $alternative)
2244 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2246 return unless (substr ($line, 0, $len) eq $alternative);
2250 elsif ($mode == 9400)
2252 $hash_out = gen_hash
($mode, $word, $salt, 50000, $param, $param2);
2254 $len = length $hash_out;
2256 return unless (substr ($line, 0, $len) eq $hash_out);
2258 elsif ($mode == 9500)
2260 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2262 $len = length $hash_out;
2264 return unless (substr ($line, 0, $len) eq $hash_out);
2266 elsif ($mode == 9600)
2268 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2270 $len = length $hash_out;
2272 return unless (substr ($line, 0, $len) eq $hash_out);
2274 elsif ($mode == 9700)
2276 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2278 $len = length $hash_out;
2280 return unless (substr ($line, 0, $len) eq $hash_out);
2282 elsif ($mode == 9800)
2284 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2286 $len = length $hash_out;
2288 return unless (substr ($line, 0, $len) eq $hash_out);
2290 elsif ($mode == 10400)
2292 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2294 $len = length $hash_out;
2296 return unless (substr ($line, 0, $len) eq $hash_out);
2298 elsif ($mode == 10500)
2300 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3, $param4, $param5, $param6);
2302 $len = length $hash_out;
2304 return unless (substr ($line, 0, $len) eq $hash_out);
2306 elsif ($mode == 10600)
2308 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2310 $len = length $hash_out;
2312 return unless (substr ($line, 0, $len) eq $hash_out);
2314 elsif ($mode == 10700)
2316 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2318 $len = length $hash_out;
2320 return unless (substr ($line, 0, $len) eq $hash_out);
2322 elsif ($mode == 10900)
2324 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2326 $len = length $hash_out;
2328 return unless (substr ($line, 0, $len) eq $hash_out);
2330 elsif ($mode == 11100)
2332 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2334 $len = length $hash_out;
2336 return unless (substr ($line, 0, $len) eq $hash_out);
2338 elsif ($mode == 11400)
2340 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6, $param7, $param8, $param9, $param10, $param11);
2342 $len = length $hash_out;
2344 return unless (substr ($line, 0, $len) eq $hash_out);
2346 elsif ($mode == 11600)
2348 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6);
2350 $len = length $hash_out;
2352 return unless (substr ($line, 0, $len) eq $hash_out);
2354 elsif ($mode == 11900)
2356 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2358 $len = length $hash_out;
2360 return unless (substr ($line, 0, $len) eq $hash_out);
2362 elsif ($mode == 12000)
2364 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2366 $len = length $hash_out;
2368 return unless (substr ($line, 0, $len) eq $hash_out);
2370 elsif ($mode == 12100)
2372 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2374 $len = length $hash_out;
2376 return unless (substr ($line, 0, $len) eq $hash_out);
2378 elsif ($mode == 12200)
2380 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2382 $len = length $hash_out;
2384 return unless (substr ($line, 0, $len) eq $hash_out);
2386 elsif ($mode == 12700)
2388 # this is very special, we can't call gen_hash () because the param part is not always the same
2389 # we only know that it should contain the letters "guid" at the beginning of the decryted string
2391 my $pbkdf2 = Crypt
::PBKDF2
->new (
2392 hash_class
=> 'HMACSHA1',
2397 my $salt_bin = pack ("H*", $salt);
2399 my $key = $pbkdf2->PBKDF2 ($salt_bin, $word);
2401 my $cipher = Crypt
::CBC
->new({
2403 cipher
=> "Crypt::Rijndael",
2410 my $param_bin = pack ("H*", $param);
2412 my $decrypted = $cipher->decrypt ($param_bin);
2414 my $decrypted_part = substr ($decrypted, 1, 16);
2416 return unless ($decrypted_part =~ /"guid"/);
2418 $hash_out = $hash_in;
2422 $hash_out = gen_hash
($mode, $word, $salt, $iter);
2424 $len = length $hash_out;
2429 # allow $P$ and $H$ for -m 400
2430 next unless (substr ($line, 3, $len - 3) eq substr ($hash_out, 3));
2432 elsif ($mode == 5600)
2434 # oclHashcat outputs the user name always upper-case, we need
2435 next unless (substr ($line, 0, $len) eq $hash_out);
2439 my $hash_out_lower = lc ($hash_out);
2441 for my $key (keys %{$db})
2443 if (lc ($key) eq $hash_out_lower)
2455 next unless (substr ($line, 0, $len) eq $hash_out);
2459 # do not forget "exists ($db->$hash_out)" should be done above!
2460 $db->{$hash_out} = $word;
2461 print OUT
$line . "\n";
2470 my $mode = shift || 0;
2472 while (my $word_buf = <>)
2476 next if length ($word_buf) > 31;
2484 for (my $i = 0; $i < 256; $i++)
2486 my $c = get_random_chr
(0x30, 0x39);
2488 push (@salt_arr, $c);
2491 my $salt_buf = join ("", @salt_arr);
2499 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 5700 || $mode == 9900 || $mode == 10800 || $mode == 11500)
2501 $tmp_hash = gen_hash
($mode, $word_buf, "");
2503 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
2505 my $salt_len = get_random_num
(1, 15);
2507 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2509 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
2511 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2515 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2519 my $salt_len = get_random_num
(1, 15);
2521 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2523 elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 1800 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
2525 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 8));
2527 elsif ($mode == 112)
2529 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
2531 elsif ($mode == 121)
2533 my $salt_len = get_random_num
(1, 9);
2535 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2537 elsif ($mode == 141 || $mode == 1441)
2539 my $salt_len = get_random_num
(1, 15);
2541 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2543 elsif ($mode == 1100)
2545 my $salt_len = get_random_num
(1, 19);
2547 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2549 elsif ($mode == 1500)
2551 next if length ($word_buf) > 8;
2553 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2555 elsif ($mode == 2100)
2557 next if length ($word_buf) > 13;
2559 my $salt_len = get_random_num
(1, 19);
2561 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2563 elsif ($mode == 2410)
2565 next if length ($word_buf) > 15;
2567 my $salt_len = get_random_num
(1, 15);
2569 my $word_len = length ($word_buf);
2571 $salt_len = min
($salt_len, 15 - $word_len);
2573 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2575 elsif ($mode == 2500)
2577 next if length ($word_buf) < 8;
2579 my $salt_len = get_random_num
(0, 32);
2581 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2583 elsif ($mode == 2611)
2585 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 3));
2587 elsif ($mode == 2612)
2589 my $salt_len = get_random_num
(1, 22);
2591 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2593 elsif ($mode == 2711)
2595 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 30));
2597 elsif ($mode == 2811)
2599 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2601 elsif ($mode == 3000)
2603 next if length ($word_buf) > 7;
2605 $tmp_hash = gen_hash
($mode, $word_buf, "");
2607 elsif ($mode == 3100)
2609 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 10));
2611 elsif ($mode == 3200 || $mode == 5800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 3300 || $mode == 8000 || $mode == 9100 || $mode == 12200)
2613 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
2615 elsif ($mode == 3800 || $mode == 4900)
2617 my $salt_len = get_random_num
(1, 11);
2619 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2621 elsif ($mode == 4800)
2623 $salt_buf = get_random_md5chap_salt
(substr ($salt_buf, 0, 16));
2625 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2627 elsif ($mode == 5300 || $mode == 5400)
2629 $salt_buf = get_random_ike_salt
();
2631 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2633 elsif ($mode == 5500)
2635 my $user_len = get_random_num
(0, 15);
2636 my $domain_len = get_random_num
(0, 15);
2638 $salt_buf = get_random_netntlmv1_salt
($user_len, $domain_len);
2640 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2642 elsif ($mode == 5600)
2644 my $user_len = get_random_num
(0, 15);
2645 my $domain_len = get_random_num
(0, 15);
2647 $salt_buf = get_random_netntlmv2_salt
($user_len, $domain_len);
2649 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2651 elsif ($mode == 6600)
2653 $salt_buf = get_random_agilekeychain_salt
();
2655 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2657 elsif ($mode == 6800)
2659 my $email_len = get_random_num
(1, 15);
2663 for (my $i = 0; $i < $email_len; $i++)
2665 $email .= get_random_chr
(0x61, 0x7a);
2668 $email .= '@trash-mail.com';
2670 $tmp_hash = gen_hash
($mode, $word_buf, $email);
2672 elsif ($mode == 7100)
2674 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
2676 elsif ($mode == 7200)
2678 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 128));
2680 elsif ($mode == 7300)
2682 my $salt_len = get_random_num
(32, 256);
2684 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2686 elsif ($mode == 7500)
2688 $salt_buf = get_random_kerberos5_salt
(substr ($salt_buf, 0, 16));
2690 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2692 elsif ($mode == 7700)
2694 next if length ($word_buf) > 8;
2696 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2698 elsif ($mode == 7800)
2700 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2702 elsif ($mode == 8200)
2704 $salt_buf = get_random_cloudkeychain_salt
();
2706 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2708 elsif ($mode == 8300)
2710 $salt_buf = get_random_dnssec_salt
();
2712 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2714 elsif ($mode == 8400 || $mode == 11200)
2716 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 40));
2718 elsif ($mode == 8500)
2720 next if length ($word_buf) > 8;
2722 my $salt_len = get_random_num
(1, 9);
2724 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2726 elsif ($mode == 8600)
2728 next if length ($word_buf) > 16;
2730 $tmp_hash = gen_hash
($mode, $word_buf, "");
2732 elsif ($mode == 8700)
2734 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2736 elsif ($mode == 9200 || $mode == 9300)
2740 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2742 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
2744 next if length ($word_buf) > 19;
2748 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2750 elsif ($mode == 10100)
2752 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2754 elsif ($mode == 10300)
2756 my $salt_len = get_random_num
(4, 15);
2758 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2760 elsif ($mode == 10400)
2762 next if length ($word_buf) > 31;
2766 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2768 elsif ($mode == 10500)
2770 next if length ($word_buf) > 15;
2774 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2776 elsif ($mode == 10600)
2778 next if length ($word_buf) > 31;
2782 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2784 elsif ($mode == 10700)
2786 next if length ($word_buf) > 15;
2790 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2792 elsif ($mode == 11000)
2794 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 56));
2796 elsif ($mode == 11300)
2798 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
2800 elsif ($mode == 11400)
2802 next if length ($word_buf) > 24;
2804 my $salt_len = get_random_num
(1, 15);
2806 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2808 elsif ($mode == 11600)
2810 my $salt_len = get_random_num
(0, 16);
2812 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2814 elsif ($mode == 12400)
2816 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 4));
2818 elsif ($mode == 12600)
2820 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
2822 elsif ($mode == 12700)
2824 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2826 elsif ($mode == 12800)
2828 next if length ($word_buf) > 24;
2830 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
2834 print "ERROR: Unsupported hash type\n";
2839 print $tmp_hash, "\n";
2852 for (my $j = 0; $j < scalar @modes; $j++)
2854 my $mode = $modes[$j];
2856 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5300 || $mode == 5400 || $mode == 6000 || $mode == 6100 || $mode == 6600 || $mode == 6900 || $mode == 5700 || $mode == 8200 || $mode == 8300 || $mode == 9900 || $mode == 10800 || $mode == 11500)
2858 for (my $i = 1; $i < 32; $i++)
2862 rnd
($mode, $len, 0);
2870 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
2872 my $salt_len = get_random_num
(1, 15);
2874 for (my $i = 1; $i < 32; $i++)
2878 rnd
($mode, $len, $salt_len);
2882 rnd
($mode, $i, $salt_len);
2886 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
2888 for (my $i = 1; $i < 32; $i++)
2892 rnd
($mode, $len, 32);
2896 rnd
($mode, $i, 32);
2900 elsif ($mode == 21 || $mode == 22)
2902 for (my $i = 1; $i < 32; $i++)
2906 rnd
($mode, $len, 2);
2914 elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
2916 for (my $i = 1; $i < 32; $i++)
2920 rnd
($mode, $len, 8);
2928 elsif ($mode == 112)
2930 for (my $i = 1; $i < 32; $i++)
2934 rnd
($mode, $len, 20);
2938 rnd
($mode, $i, 20);
2942 elsif ($mode == 141 || $mode == 3300 || $mode == 1441 || $mode == 1800 || $mode == 3200 || $mode == 4800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 8000 || $mode == 9100 || $mode == 12200)
2944 for (my $i = 1; $i < 32; $i++)
2948 rnd
($mode, $len, 16);
2952 rnd
($mode, $i, 16);
2958 my $salt_len = get_random_num
(1, 19);
2960 for (my $i = 1; $i < 32; $i++)
2964 rnd
($mode, $len, $salt_len);
2968 rnd
($mode, $i, $salt_len);
2972 elsif ($mode == 1500)
2974 for (my $i = 1; $i < 9; $i++)
2978 rnd
($mode, $len, 2);
2986 elsif ($mode == 2100)
2988 my $salt_len = get_random_num
(1, 19);
2990 for (my $i = 1; $i < 13; $i++)
2994 rnd
($mode, $len, $salt_len);
2998 rnd
($mode, $i, $salt_len);
3002 elsif ($mode == 2500)
3004 my $salt_len = get_random_num
(0, 32);
3006 for (my $i = 8; $i < 16; $i++)
3008 my $generate_from_len = 0;
3017 rnd
($mode, $len, $salt_len);
3021 rnd
($mode, $i, $salt_len);
3025 elsif ($mode == 2611)
3027 for (my $i = 1; $i < 32; $i++)
3031 rnd
($mode, $len, 3);
3039 elsif ($mode == 2612)
3041 my $salt_len = get_random_num
(1, 22);
3043 for (my $i = 1; $i < 32; $i++)
3047 rnd
($mode, $len, $salt_len);
3051 rnd
($mode, $i, $salt_len);
3055 elsif ($mode == 2711)
3057 for (my $i = 1; $i < 32; $i++)
3061 rnd
($mode, $len, 30);
3065 rnd
($mode, $i, 30);
3069 elsif ($mode == 2811)
3071 for (my $i = 1; $i < 32; $i++)
3075 rnd
($mode, $len, 5);
3083 elsif ($mode == 3000)
3085 for (my $i = 1; $i < 8; $i++)
3089 rnd
($mode, $len, 0);
3097 elsif ($mode == 3100)
3099 for (my $i = 1; $i < 32; $i++)
3103 rnd
($mode, $len, 10);
3107 rnd
($mode, $i, 10);
3111 elsif ($mode == 3800 || $mode == 4900)
3113 my $salt_len = get_random_num
(1, 11);
3115 for (my $i = 1; $i < 32; $i++)
3119 rnd
($mode, $len, $salt_len);
3123 rnd
($mode, $i, $salt_len);
3127 elsif ($mode == 5500 || $mode == 5600)
3131 for (my $i = 1; $i < 27; $i++)
3133 $salt_len = get_random_num
(1, 15);
3137 rnd
($mode, $len, $salt_len);
3141 rnd
($mode, $i, $salt_len);
3145 elsif ($mode == 5800)
3147 for (my $i = 1; $i < 14; $i++)
3151 rnd
($mode, $len, 16);
3155 rnd
($mode, $i, 16);
3159 elsif ($mode == 6800)
3161 my $salt_len = get_random_num
(8, 25);
3163 for (my $i = 1; $i < 32; $i++)
3167 rnd
($mode, $len, $salt_len);
3171 rnd
($mode, $i, $salt_len);
3175 elsif ($mode == 7100)
3177 for (my $i = 1; $i < 32; $i++)
3181 rnd
($mode, $len, 64);
3185 rnd
($mode, $i, 64);
3189 elsif ($mode == 7200)
3191 for (my $i = 1; $i < 32; $i++)
3195 rnd
($mode, $len, 128);
3199 rnd
($mode, $i, 128);
3203 elsif ($mode == 7300)
3205 my $salt_len = get_random_num
(32, 255);
3207 for (my $i = 1; $i < 32; $i++)
3211 rnd
($mode, $len, $salt_len);
3215 rnd
($mode, $i, $salt_len);
3219 elsif ($mode == 7500)
3221 for (my $i = 1; $i < 27; $i++)
3225 rnd
($mode, $len, 16);
3229 rnd
($mode, $i, 16);
3233 elsif ($mode == 7700)
3235 my $salt_len = get_random_num
(1, 12);
3237 for (my $i = 1; $i < 9; $i++)
3241 rnd
($mode, $len, $salt_len);
3245 rnd
($mode, $i, $salt_len);
3249 elsif ($mode == 7800)
3251 my $salt_len = get_random_num
(1, 12);
3253 for (my $i = 1; $i < 32; $i++)
3257 rnd
($mode, $len, $salt_len);
3261 rnd
($mode, $i, $salt_len);
3265 elsif ($mode == 8400 || $mode == 11200)
3267 for (my $i = 1; $i < 32; $i++)
3271 rnd
($mode, $len, 40);
3275 rnd
($mode, $i, 40);
3279 elsif ($mode == 8500)
3281 my $salt_len = get_random_num
(1, 8);
3283 for (my $i = 1; $i < 9; $i++)
3287 rnd
($mode, $len, $salt_len);
3291 rnd
($mode, $i, $salt_len);
3295 elsif ($mode == 8600)
3297 for (my $i = 1; $i < 17; $i++)
3301 rnd
($mode, $len, 0);
3309 elsif ($mode == 8700)
3311 for (my $i = 1; $i < 32; $i++)
3315 rnd
($mode, $len, 5);
3323 elsif ($mode == 9200 || $mode == 9300)
3327 for (my $i = 1; $i < 32; $i++)
3331 rnd
($mode, $len, $salt_len);
3335 rnd
($mode, $i, $salt_len);
3339 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
3343 for (my $i = 1; $i < 20; $i++)
3347 rnd
($mode, $len, $salt_len);
3351 rnd
($mode, $i, $salt_len);
3355 elsif ($mode == 10100)
3357 for (my $i = 1; $i < 32; $i++)
3361 rnd
($mode, $len, 32);
3365 rnd
($mode, $i, 32);
3369 elsif ($mode == 10300)
3371 my $salt_len = get_random_num
(4, 15);
3373 for (my $i = 1; $i < 32; $i++)
3377 rnd
($mode, $len, $salt_len);
3381 rnd
($mode, $i, $salt_len);
3385 elsif ($mode == 10400 || $mode == 10600)
3389 for (my $i = 1; $i < 32; $i++)
3393 rnd
($mode, $len, $salt_len);
3397 rnd
($mode, $i, $salt_len);
3401 elsif ($mode == 10500 || $mode == 10700)
3405 for (my $i = 1; $i < 16; $i++)
3409 rnd
($mode, $len, $salt_len);
3413 rnd
($mode, $i, $salt_len);
3417 elsif ($mode == 11000)
3419 for (my $i = 1; $i < 32; $i++)
3423 rnd
($mode, $len, 56);
3427 rnd
($mode, $i, 56);
3431 elsif ($mode == 11300)
3433 for (my $i = 1; $i < 32; $i++)
3437 rnd
($mode, $len, 16);
3441 rnd
($mode, $i, 16);
3445 elsif ($mode == 11400)
3447 for (my $i = 1; $i < 24; $i++)
3451 rnd
($mode, $len, 16);
3455 rnd
($mode, $i, 16);
3459 elsif ($mode == 11600)
3461 my $salt_len = get_random_num
(0, 16);
3463 for (my $i = 1; $i < 32; $i++)
3467 rnd
($mode, $len, $salt_len);
3471 rnd
($mode, $i, $salt_len);
3475 elsif ($mode == 12400)
3477 for (my $i = 1; $i < 32; $i++)
3481 rnd
($mode, $len, 4);
3489 elsif ($mode == 12600)
3491 for (my $i = 1; $i < 32; $i++)
3495 rnd
($mode, $len, 64);
3499 rnd
($mode, $i, 64);
3503 elsif ($mode == 12700)
3505 for (my $i = 1; $i < 32; $i++)
3509 rnd
($mode, $len, 32);
3513 rnd
($mode, $i, 32);
3517 elsif ($mode == 12800)
3519 for (my $i = 1; $i < 25; $i++)
3523 rnd
($mode, $len, 20);
3527 rnd
($mode, $i, 20);
3540 my $word_buf = shift;
3542 my $salt_buf = shift;
3546 my $additional_param = shift;
3548 my $additional_param2 = shift;
3550 my $additional_param3 = shift;
3552 my $additional_param4 = shift;
3554 my $additional_param5 = shift;
3556 my $additional_param6 = shift;
3558 my $additional_param7 = shift;
3560 my $additional_param8 = shift;
3562 my $additional_param9 = shift;
3564 my $additional_param10 = shift;
3566 my $additional_param11 = shift;
3578 $hash_buf = md5_hex
($word_buf);
3580 $tmp_hash = sprintf ("%s", $hash_buf);
3584 $hash_buf = md5_hex
($word_buf . $salt_buf);
3586 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3590 $hash_buf = md5_hex
($word_buf . $salt_buf);
3592 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3596 $hash_buf = md5_hex
($word_buf . $salt_buf);
3598 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3602 $hash_buf = md5_hex
($salt_buf . $word_buf);
3604 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3608 $hash_buf = md5_hex
($salt_buf . $word_buf);
3610 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3614 my $itoa64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
3615 my $salt_suffix = "Administration Tools";
3617 my $pass = sprintf ("%s:%s:%s", $salt_buf, $salt_suffix, $word_buf);
3619 $hash_buf = md5
($pass);
3623 for (my $pos = 0; $pos < 16; $pos += 2)
3625 my $octet1 = ord (substr ($hash_buf, $pos + 0, 1));
3626 my $octet2 = ord (substr ($hash_buf, $pos + 1, 1));
3628 my $num = ($octet1 <<8 & 0xff00) | ($octet2 & 0xff);
3630 my $idx1 = $num >> 12 & 0x0f;
3631 my $idx2 = $num >> 6 & 0x3f;
3632 my $idx3 = $num & 0x3f;
3634 $res = $res . substr ($itoa64, $idx1, 1) . substr ($itoa64, $idx2, 1) . substr ($itoa64, $idx3, 1);
3637 my $obfuscate_str = "nrcstn";
3638 my @obfuscate_pos = (0, 6, 12, 17, 23, 29);
3640 foreach my $pos (keys @obfuscate_pos)
3642 my $idx = $obfuscate_pos[$pos];
3643 my $before = substr ($res, 0, $idx);
3644 my $char = substr ($obfuscate_str, $pos, 1);
3645 my $after = substr ($res, $idx);
3647 $res = sprintf ("%s%s%s", $before, $char, $after);
3650 $tmp_hash = sprintf ("%s:%s", $res, $salt_buf);
3654 $hash_buf = md5_hex
($salt_buf . "\nskyper\n" . $word_buf);
3656 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3660 $hash_buf = md5_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
3662 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3666 $hash_buf = md5_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
3668 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3672 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
, 64);
3674 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3678 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&md5
, 64);
3680 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3682 elsif ($mode == 100)
3684 $hash_buf = sha1_hex
($word_buf);
3686 $tmp_hash = sprintf ("%s", $hash_buf);
3688 elsif ($mode == 101)
3690 $hash_buf = sha1
($word_buf);
3692 my $base64_buf = encode_base64
($hash_buf);
3694 chomp ($base64_buf);
3696 $tmp_hash = sprintf ("{SHA}%s", $base64_buf);
3698 elsif ($mode == 110)
3700 $hash_buf = sha1_hex
($word_buf . $salt_buf);
3702 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3704 elsif ($mode == 111)
3706 $hash_buf = sha1
($word_buf . $salt_buf);
3708 my $base64_buf = encode_base64
($hash_buf . $salt_buf);
3710 chomp ($base64_buf);
3712 $tmp_hash = sprintf ("{SSHA}%s", $base64_buf);
3714 elsif ($mode == 112)
3716 my $salt_buf_bin = pack ("H*", $salt_buf);
3718 $hash_buf = sha1_hex
($word_buf . $salt_buf_bin);
3720 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3722 elsif ($mode == 120)
3724 $hash_buf = sha1_hex
($salt_buf . $word_buf);
3726 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3728 elsif ($mode == 121)
3730 $hash_buf = sha1_hex
(lc ($salt_buf) . $word_buf);
3732 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3734 elsif ($mode == 122)
3736 my $salt_buf_bin = pack ("H*", $salt_buf);
3738 $hash_buf = sha1_hex
($salt_buf_bin . $word_buf);
3740 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
3742 elsif ($mode == 130)
3744 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
3746 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3748 elsif ($mode == 131)
3750 my $salt_buf_bin = pack ("H*", $salt_buf);
3752 $hash_buf = sha1_hex
(encode
("UTF-16LE", uc ($word_buf)) . $salt_buf_bin);
3754 $tmp_hash = sprintf ("0x0100%s%s%s", $salt_buf, "0" x
40, $hash_buf);
3756 elsif ($mode == 132)
3758 my $salt_buf_bin = pack ("H*", $salt_buf);
3760 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
3762 $tmp_hash = sprintf ("0x0100%s%s", $salt_buf, $hash_buf);
3764 elsif ($mode == 140)
3766 $hash_buf = sha1_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
3768 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3770 elsif ($mode == 141)
3772 $hash_buf = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
3774 my $base64_salt_buf = encode_base64
($salt_buf);
3776 chomp ($base64_salt_buf);
3778 my $base64_hash_buf = encode_base64
($hash_buf);
3780 $base64_hash_buf = substr ($base64_hash_buf, 0, 27);
3782 $tmp_hash = sprintf ("\$episerver\$*0*%s*%s", $base64_salt_buf, $base64_hash_buf);
3784 elsif ($mode == 150)
3786 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
, 64);
3788 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3790 elsif ($mode == 160)
3792 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha1
, 64);
3794 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3796 elsif ($mode == 190)
3798 $hash_buf = sha1_hex
($word_buf);
3800 my $variant = int (rand (2));
3802 if (defined ($additional_param))
3804 $variant = $additional_param;
3809 substr ($hash_buf, 0, 5) = "00000";
3812 $tmp_hash = sprintf ("%s", $hash_buf);
3814 elsif ($mode == 200)
3816 my $ppr = Authen
::Passphrase
::MySQL323
->new (passphrase
=> $word_buf);
3818 $hash_buf = $ppr->hash_hex;
3820 $tmp_hash = sprintf ("%s", $hash_buf);
3822 elsif ($mode == 300)
3824 $hash_buf = substr (password41
($word_buf), 1);
3826 $hash_buf = lc ($hash_buf); # useful for 'not matched' check only
3828 $tmp_hash = sprintf ("%s", $hash_buf);
3830 elsif ($mode == 400)
3839 my $ppr = Authen
::Passphrase
::PHPass
->new
3843 passphrase
=> $word_buf,
3846 $hash_buf = $ppr->as_rfc2307;
3848 $tmp_hash = sprintf ("%s", substr ($hash_buf, 7));
3850 elsif ($mode == 500)
3852 my $iterations = 1000;
3854 if (defined ($iter))
3858 $iterations = int ($iter);
3862 $hash_buf = md5_crypt
('$1$', $iterations, $word_buf, $salt_buf);
3864 $tmp_hash = sprintf ("%s", $hash_buf);
3866 elsif ($mode == 900)
3868 $hash_buf = md4_hex
($word_buf);
3870 $tmp_hash = sprintf ("%s", $hash_buf);
3872 elsif ($mode == 1000)
3874 $hash_buf = md4_hex
(encode
("UTF-16LE", $word_buf));
3876 $tmp_hash = sprintf ("%s", $hash_buf);
3878 elsif ($mode == 1100)
3880 $hash_buf = md4_hex
(md4
(encode
("UTF-16LE", $word_buf)) . encode
("UTF-16LE", lc ($salt_buf)));
3882 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3884 elsif ($mode == 1400)
3886 $hash_buf = sha256_hex
($word_buf);
3888 $tmp_hash = sprintf ("%s", $hash_buf);
3890 elsif ($mode == 1410)
3892 $hash_buf = sha256_hex
($word_buf . $salt_buf);
3894 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3896 elsif ($mode == 1420)
3898 $hash_buf = sha256_hex
($salt_buf . $word_buf);
3900 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3902 elsif ($mode == 1430)
3904 $hash_buf = sha256_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
3906 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3908 elsif ($mode == 1440)
3910 $hash_buf = sha256_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
3912 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3914 elsif ($mode == 1441)
3916 $hash_buf = sha256
($salt_buf . encode
("UTF-16LE", $word_buf));
3918 my $base64_salt_buf = encode_base64
($salt_buf);
3920 chomp ($base64_salt_buf);
3922 my $base64_hash_buf = encode_base64
($hash_buf);
3924 chomp ($base64_hash_buf);
3926 $base64_hash_buf = substr ($base64_hash_buf, 0, 43);
3928 $tmp_hash = sprintf ("\$episerver\$*1*%s*%s", $base64_salt_buf, $base64_hash_buf);
3930 elsif ($mode == 1450)
3932 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha256
, 64);
3934 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3936 elsif ($mode == 1460)
3938 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha256
, 64);
3940 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3942 elsif ($mode == 1500)
3944 $hash_buf = crypt ($word_buf, $salt_buf);
3946 $tmp_hash = sprintf ("%s", $hash_buf);
3948 elsif ($mode == 1600)
3950 my $iterations = 1000;
3952 if (defined ($iter))
3956 $iterations = int ($iter);
3960 $hash_buf = md5_crypt
('$apr1$', $iterations, $word_buf, $salt_buf);
3962 $tmp_hash = sprintf ("%s", $hash_buf);
3964 elsif ($mode == 1700)
3966 $hash_buf = sha512_hex
($word_buf);
3968 $tmp_hash = sprintf ("%s", $hash_buf);
3970 elsif ($mode == 1710)
3972 $hash_buf = sha512_hex
($word_buf . $salt_buf);
3974 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3976 elsif ($mode == 1711)
3978 $hash_buf = sha512_hex
($word_buf . $salt_buf);
3980 my $base64_buf = encode_base64
(pack ("H*", $hash_buf) . $salt_buf);
3982 $base64_buf =~ s/[ \n]//g;
3984 $tmp_hash = sprintf ("{SSHA512}%s", $base64_buf);
3986 elsif ($mode == 1720)
3988 $hash_buf = sha512_hex
($salt_buf . $word_buf);
3990 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3992 elsif ($mode == 1730)
3994 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
3996 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3998 elsif ($mode == 1740)
4000 $hash_buf = sha512_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4002 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4004 elsif ($mode == 1722)
4006 my $salt_buf_bin = pack ("H*", $salt_buf);
4008 $hash_buf = sha512_hex
($salt_buf_bin . $word_buf);
4010 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
4012 elsif ($mode == 1731)
4014 my $salt_buf_bin = pack ("H*", $salt_buf);
4016 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
4018 $tmp_hash = sprintf ("0x0200%s%s", $salt_buf, $hash_buf);
4020 elsif ($mode == 1750)
4022 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha512
, 128);
4024 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4026 elsif ($mode == 1760)
4028 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha512
, 128);
4030 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4032 elsif ($mode == 1800)
4034 my $iterations = 5000;
4036 if (defined ($iter))
4040 $iterations = int ($iter);
4044 $hash_buf = sha512_crypt
($iterations, $word_buf, $salt_buf);
4046 $tmp_hash = sprintf ("%s", $hash_buf);
4048 elsif ($mode == 2100)
4050 my $iterations = 10240;
4054 $iterations = int ($iter);
4057 my $salt = encode
("UTF-16LE", lc ($salt_buf));
4059 my $pbkdf2 = Crypt
::PBKDF2
->new
4061 hash_class
=> 'HMACSHA1',
4062 iterations
=> $iterations,
4064 salt_len
=> length ($salt),
4067 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 ($salt, md4
(md4
(encode
("UTF-16LE", $word_buf)) . $salt)));
4069 $tmp_hash = sprintf ("\$DCC2\$%i#%s#%s", $iterations, $salt_buf, $hash_buf);
4071 elsif ($mode == 2400)
4073 $tmp_hash = sprintf ("%s", pseudo_base64
(Digest
::MD5
::md5
($word_buf . "\0" x
(16 - length ($word_buf)))));
4075 elsif ($mode == 2410)
4077 my $salt_len = length ($salt_buf);
4079 my $salt_len_max4 = ($salt_len < 4) ?
$salt_len : 4;
4081 my $hash_buf = pseudo_base64
(Digest
::MD5
::md5
($word_buf . substr ($salt_buf, 0, $salt_len_max4) . "\0" x
(16 - length ($word_buf) - $salt_len_max4)));
4083 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4085 elsif ($mode == 2500)
4087 my ($bssid, $stmac, $snonce, $anonce, $eapol, $keyver, $eapol_size);
4089 if (! defined ($additional_param))
4093 $bssid = randbytes
(6);
4094 $stmac = randbytes
(6);
4095 $snonce = randbytes
(32);
4096 $anonce = randbytes
(32);
4098 $keyver = get_random_num
(1, 3); # 1 or 2
4101 # should be "validly" generated, but in theory could be anything for us also:
4102 # $eapol = "\x00" x 121; # works too, but let's generate it correctly
4104 $eapol = gen_random_wpa_eapol
($keyver, $snonce);
4108 $bssid = $additional_param;
4109 $stmac = $additional_param2;
4110 $snonce = $additional_param3;
4111 $anonce = $additional_param4;
4112 $keyver = $additional_param5;
4113 $eapol = $additional_param6;
4116 $eapol_size = length ($eapol);
4120 my $iterations = 4096;
4126 # generate the Pairwise Master Key (PMK)
4128 my $pbkdf2 = Crypt
::PBKDF2
->new
4130 hash_class
=> 'HMACSHA1',
4131 iterations
=> $iterations,
4135 my $pmk = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
4137 # Pairwise Transient Key (PTK) transformation
4139 my $ptk = wpa_prf_512
($pmk, $stmac, $bssid, $snonce, $anonce);
4141 # generate the Message Integrity Code (MIC)
4145 if ($keyver == 1) # WPA1 => MD5
4147 $mic = hmac
($eapol, $ptk, \
&md5
);
4151 $mic = hmac
($eapol, $ptk, \
&sha1
);
4154 $mic = substr ($mic, 0, 16);
4157 # format the binary output
4162 # first the essid (NULL-padded up to the first 36 bytes)
4164 $hash_buf .= $salt_buf;
4165 $hash_buf .= "\x00" x
(36 - length ($salt_buf));
4167 # the 2 MAC addresses
4169 $hash_buf .= $bssid;
4170 $hash_buf .= $stmac;
4174 $hash_buf .= $snonce;
4175 $hash_buf .= $anonce;
4179 $hash_buf .= $eapol;
4180 $hash_buf .= "\x00" x
(256 - $eapol_size);
4184 $hash_buf .= pack ("L*", $eapol_size);
4188 $hash_buf .= pack ("L*", $keyver);
4190 # and finally: the key mic
4194 # base64 encode the output
4196 $tmp_hash = encode_base64
($hash_buf, '');
4198 elsif ($mode == 2600)
4200 $hash_buf = md5_hex
(md5_hex
($word_buf));
4202 $tmp_hash = sprintf ("%s", $hash_buf);
4204 elsif ($mode == 2611)
4206 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4208 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4210 elsif ($mode == 2612)
4212 my $salt_buf_hex = unpack ("H*", $salt_buf);
4214 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4216 $tmp_hash = sprintf ("\$PHPS\$%s\$%s", $salt_buf_hex, $hash_buf);
4218 elsif ($mode == 2711)
4220 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4222 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4224 elsif ($mode == 2811)
4226 $hash_buf = md5_hex
(md5_hex
($salt_buf) . md5_hex
($word_buf));
4228 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4230 elsif ($mode == 3000)
4232 my $ppr = Authen
::Passphrase
::LANManager
->new ("passphrase" => $word_buf);
4234 $hash_buf = $ppr->hash_hex;
4236 $tmp_hash = sprintf ("%s", substr ($hash_buf, 0, 16));
4238 elsif ($mode == 3100)
4240 $hash_buf = oracle_hash
($salt_buf, $word_buf);
4242 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4244 elsif ($mode == 3200)
4253 $tmp_hash = bcrypt
($word_buf, sprintf ('$2a$%s$%s$', $cost, en_base64
($salt_buf)));
4255 elsif ($mode == 3300)
4257 my $iterations = 904;
4261 $iterations = int ($iter);
4266 if (defined ($additional_param))
4268 $variant = $additional_param;
4271 my $prefix = sprintf ("\$md5%srounds=%i\$%s", $variant, $iterations, $salt_buf);
4273 $iterations += 4096;
4275 $hash_buf = sun_md5
($word_buf, $prefix, $iterations);
4277 $tmp_hash = sprintf ("%s\$%s", $prefix, $hash_buf);
4279 elsif ($mode == 3500)
4281 $hash_buf = md5_hex
(md5_hex
(md5_hex
($word_buf)));
4283 $tmp_hash = sprintf ("%s", $hash_buf);
4285 elsif ($mode == 3610)
4287 $hash_buf = md5_hex
(md5_hex
($salt_buf) . $word_buf);
4289 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4291 elsif ($mode == 3710)
4293 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf));
4295 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4297 elsif ($mode == 3711)
4299 $hash_buf = md5_hex
($salt_buf . "-" . md5_hex
($word_buf));
4301 $tmp_hash = sprintf ("\$B\$%s\$%s", $salt_buf, $hash_buf);
4303 elsif ($mode == 3720)
4305 $hash_buf = md5_hex
($word_buf . md5_hex
($salt_buf));
4307 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4309 elsif ($mode == 3800)
4311 $hash_buf = md5_hex
($salt_buf . $word_buf . $salt_buf);
4313 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4315 elsif ($mode == 3910)
4317 $hash_buf = md5_hex
(md5_hex
($word_buf) . md5_hex
($salt_buf));
4319 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4321 elsif ($mode == 4010)
4323 $hash_buf = md5_hex
($salt_buf . md5_hex
($salt_buf . $word_buf));
4325 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4327 elsif ($mode == 4110)
4329 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf . $salt_buf));
4331 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4333 elsif ($mode == 4210)
4335 $hash_buf = md5_hex
($salt_buf . "\x00" . $word_buf);
4337 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4339 elsif ($mode == 4300)
4341 $hash_buf = md5_hex
(uc (md5_hex
($word_buf)));
4343 $tmp_hash = sprintf ("%s", $hash_buf);
4345 elsif ($mode == 4400)
4347 $hash_buf = md5_hex
(sha1_hex
($word_buf));
4349 $tmp_hash = sprintf ("%s", $hash_buf);
4351 elsif ($mode == 4500)
4353 $hash_buf = sha1_hex
(sha1_hex
($word_buf));
4355 $tmp_hash = sprintf ("%s", $hash_buf);
4357 elsif ($mode == 4600)
4359 $hash_buf = sha1_hex
(sha1_hex
(sha1_hex
($word_buf)));
4361 $tmp_hash = sprintf ("%s", $hash_buf);
4363 elsif ($mode == 4700)
4365 $hash_buf = sha1_hex
(md5_hex
($word_buf));
4367 $tmp_hash = sprintf ("%s", $hash_buf);
4369 elsif ($mode == 4800)
4371 my $index = rindex ($salt_buf, ":");
4373 my $salt = substr ($salt_buf, 0, $index);
4374 my $salt_bin = pack ("H*", $salt);
4375 my $chap_sign = substr ($salt_buf, $index + 1);
4376 my $chap_sign_bin = pack ("H*", $chap_sign);
4378 $hash_buf = md5_hex
($chap_sign_bin . $word_buf . $salt_bin);
4380 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4382 elsif ($mode == 4900)
4384 $hash_buf = sha1_hex
($salt_buf . $word_buf . $salt_buf);
4386 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4388 elsif ($mode == 5000)
4390 $hash_buf = keccak_256_hex
($word_buf);
4392 $tmp_hash = sprintf ("%s", $hash_buf);
4394 elsif ($mode == 5100)
4398 if (! defined ($additional_param))
4404 $pos = $additional_param * 8 unless ($additional_param > 2);
4407 $hash_buf = md5_hex
($word_buf);
4409 $tmp_hash = sprintf ("%s", substr ($hash_buf, $pos, 16));
4411 elsif ($mode == 5300)
4413 my @salt_arr = split (":", $salt_buf);
4415 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4416 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4418 my $hash_buf = hmac
($nr_buf , $word_buf, \
&md5
, 64);
4419 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&md5
, 64);
4421 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4423 elsif ($mode == 5400)
4425 my @salt_arr = split (":", $salt_buf);
4427 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4428 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4430 my $hash_buf = hmac
($nr_buf , $word_buf, \
&sha1
, 64);
4431 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&sha1
, 64);
4433 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4435 elsif ($mode == 5500)
4437 my $index1 = index ($salt_buf, "::");
4438 my $user = substr ($salt_buf, 0, $index1);
4440 my $index2 = index ($salt_buf, ":", $index1 + 2);
4441 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4443 my $len = length (substr ($salt_buf, $index2 + 1));
4445 my $c_challenge_hex;
4449 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 48);
4454 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4455 $c_challenge_hex .= 00 x
32;
4458 my $c_challenge = pack ("H*", substr ($c_challenge_hex, 0, 16));
4459 my $s_challenge_hex = substr ($salt_buf, $index2 + 17, 16);
4460 my $s_challenge = pack ("H*", $s_challenge_hex);
4462 my $challenge = substr (md5
($s_challenge . $c_challenge), 0, 8);
4466 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash . "\x00" x
5;
4468 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 0, 7)), "DES", $challenge, PADDING_NONE
);
4469 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 7, 7)), "DES", $challenge, PADDING_NONE
);
4470 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 14, 7)), "DES", $challenge, PADDING_NONE
);
4472 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $c_challenge_hex, unpack ("H*", $ntresp), $s_challenge_hex);
4474 elsif ($mode == 5600)
4476 my $index1 = index ($salt_buf, "::");
4477 my $user = substr ($salt_buf, 0, $index1);
4479 my $index2 = index ($salt_buf, ":", $index1 + 2);
4480 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4482 my $s_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4483 my $s_challenge = pack ("H*", $s_challenge_hex);
4485 my $temp_hex = substr ($salt_buf, $index2 + 17);
4486 my $temp = pack ("H*", $temp_hex);
4488 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash;
4489 my $identity = Encode
::encode
("UTF-16LE", uc ($user) . $domain);
4491 $hash_buf = hmac_hex
($s_challenge . $temp, hmac
($identity, $nthash, \
&md5
, 64), \
&md5
, 64);
4493 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $s_challenge_hex, $hash_buf, $temp_hex);
4495 elsif ($mode == 5700)
4497 $hash_buf = sha256
($word_buf);
4499 my $base64_buf = encode_base64
($hash_buf);
4503 for (my $i = 0; $i < 43; $i++)
4505 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($base64_buf, $i, 1)};
4508 elsif ($mode == 5800)
4510 $hash_buf = androidpin_hash
($word_buf, $salt_buf);
4512 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4514 elsif ($mode == 6000)
4516 $hash_buf = ripemd160_hex
($word_buf);
4518 $tmp_hash = sprintf ("%s", $hash_buf);
4520 elsif ($mode == 6100)
4522 $hash_buf = whirlpool_hex
($word_buf);
4524 $tmp_hash = sprintf ("%s", $hash_buf);
4526 elsif ($mode == 6300)
4528 my $iterations = 1000; # hard coded by the AIX format
4530 $hash_buf = md5_crypt
('', $iterations, $word_buf, $salt_buf);
4532 $tmp_hash = sprintf ("{smd5}%s", $hash_buf);
4534 elsif ($mode == 6400)
4536 my $iterations = 64;
4540 $iterations = 1 << int ($iter);
4543 $hash_buf = aix_ssha256_pbkdf2
($word_buf, $salt_buf, $iterations);
4545 $tmp_hash = sprintf ("{ssha256}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4547 elsif ($mode == 6500)
4549 my $iterations = 64;
4553 $iterations = 1 << int ($iter);
4556 $hash_buf = aix_ssha512_pbkdf2
($word_buf, $salt_buf, $iterations);
4558 $tmp_hash = sprintf ("{ssha512}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4560 elsif ($mode == 6600)
4562 my $iterations = 1000;
4566 $iterations = int ($iter);
4569 my $salt_hex = substr ($salt_buf, 0, 16);
4570 my $salt = pack ("H*", $salt_hex);
4572 my $prefix = substr ($salt_buf, 16, 2016);
4574 my $iv_hex = substr ($salt_buf, 2032);
4575 my $iv = pack ("H*", $iv_hex);
4577 my $data = pack ("H*", "10101010101010101010101010101010");
4579 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA1');
4581 my $pbkdf2 = Crypt
::PBKDF2
->new (
4583 iterations
=> $iterations,
4587 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
4589 my $cipher = Crypt
::CBC
->new({
4591 cipher
=> "Crypt::Rijndael",
4598 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
4600 $hash_buf = substr ($encrypted, 0, 32);
4602 $tmp_hash = sprintf ("%i:%s:%s%s%s", $iterations, $salt_hex, $prefix, $iv_hex, $hash_buf);
4604 elsif ($mode == 6700)
4606 my $iterations = 64;
4610 $iterations = 1 << int ($iter);
4613 $hash_buf = aix_ssha1_pbkdf2
($word_buf, $salt_buf, $iterations);
4615 $tmp_hash = sprintf ("{ssha1}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4617 elsif ($mode == 6800)
4619 my $variant = $additional_param;
4621 if (! defined ($variant))
4623 $variant = int (rand (2));
4626 my $iterations = 500;
4630 $iterations = int ($iter);
4633 my $iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
4635 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256);
4637 my $pbkdf2 = Crypt
::PBKDF2
->new (
4639 iterations
=> $iterations,
4643 my $key = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
4645 my $cipher = Crypt
::CBC
->new({
4647 cipher
=> "Crypt::Rijndael",
4656 my $encrypt = $cipher->encrypt (substr ($salt_buf, 0, 16));
4658 $hash_buf = substr (unpack ("H*", $encrypt), 0, 32);
4662 my $verifier = "lastpass rocks\x02\x02";
4664 $hash_buf = unpack ("H*", substr ($cipher->encrypt ($verifier), 0, 16));
4667 $tmp_hash = sprintf ("%s:%i:%s", $hash_buf, $iterations, $salt_buf);
4669 elsif ($mode == 6900)
4671 $hash_buf = gost_hex
($word_buf);
4673 $tmp_hash = sprintf ("%s", $hash_buf);
4675 elsif ($mode == 7100)
4677 my $iterations = 1024;
4681 $iterations = int ($iter);
4684 my $pbkdf2 = Crypt
::PBKDF2
->new
4686 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
4687 iterations
=> $iterations
4690 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
4692 $tmp_hash = sprintf ("\$ml\$%i\$%s\$%0128s", $iterations, $salt_buf, $hash_buf);
4694 elsif ($mode == 7200)
4696 my $iterations = 1024;
4700 $iterations = int ($iter);
4703 my $pbkdf2 = Crypt
::PBKDF2
->new (
4704 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
4705 iterations
=> $iterations
4708 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
4710 $tmp_hash = sprintf ("grub.pbkdf2.sha512.%i.%s.%0128s", $iterations, $salt_buf, $hash_buf);
4712 elsif ($mode == 7300)
4714 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
);
4716 $tmp_hash = sprintf ("%s:%s", unpack ("H*", $salt_buf), $hash_buf);
4718 elsif ($mode == 7400)
4720 my $iterations = 5000;
4722 if (defined ($iter))
4726 $iterations = int ($iter);
4730 $hash_buf = sha256_crypt
($iterations, $word_buf, $salt_buf);
4732 $tmp_hash = sprintf ("%s", $hash_buf);
4734 elsif ($mode == 7500)
4736 my @salt_arr = split ("\\\$", $salt_buf);
4738 my $user = $salt_arr[0];
4740 my $realm = $salt_arr[1];
4742 my $salt = $salt_arr[2];
4744 my $hmac_salt = $salt_arr[3];
4745 my $hmac_salt_bin = pack ("H*", $hmac_salt);
4747 my $clear_data = $salt_arr[4];
4749 my $k = md4
(encode
("UTF-16LE", $word_buf));
4751 my $k1 = hmac_md5
("\x01\x00\x00\x00", $k);
4753 my $k3 = hmac_md5
($hmac_salt_bin, $k1);
4755 if (length ($clear_data) > 1)
4757 my $clear_data_bin = pack ("H*", $clear_data);
4759 $hash_buf = RC4
($k3, $clear_data_bin);
4763 my $hash = $salt_arr[5];
4765 my $hash_bin = pack ("H*", $hash);
4767 my $clear_data = RC4
($k3, $hash_bin);
4769 my $timestamp = substr ($clear_data, 14, 14);
4774 if ($timestamp !~ /^[[:digit:]]{14}$/)
4781 $hash_buf = "\x00" x
36;
4783 if ($hash_buf eq $hash_bin)
4785 $hash_buf = "\x01" x
36;
4790 $hash_buf = $hash_bin;
4794 $tmp_hash = sprintf ("\$krb5pa\$23\$%s\$%s\$%s\$%s%s", $user, $realm, $salt, unpack ("H*", $hash_buf), $hmac_salt);
4796 elsif ($mode == 7600)
4798 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($word_buf));
4800 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4802 elsif ($mode == 7700)
4804 $word_buf = uc $word_buf;
4805 $salt_buf = uc $salt_buf;
4807 my $word_buf_t = sapb_transcode
($word_buf);
4808 my $salt_buf_t = sapb_transcode
($salt_buf);
4810 my $digest1 = md5
($word_buf_t . $salt_buf_t);
4812 my $data = sapb_waldorf
($digest1, $word_buf_t, $salt_buf_t);
4814 my $digest2 = md5
($data);
4816 my ($a, $b, $c, $d) = unpack ("N4", $digest2);
4821 $tmp_hash = sprintf ("%s\$%08X%08X", $salt_buf, $a, $b);
4823 elsif ($mode == 7800)
4825 my $theMagicArray_s =
4826 "\x91\xac\x51\x14\x9f\x67\x54\x43\x24\xe7\x3b\xe0\x28\x74\x7b\xc2" .
4827 "\x86\x33\x13\xeb\x5a\x4f\xcb\x5c\x08\x0a\x73\x37\x0e\x5d\x1c\x2f" .
4828 "\x33\x8f\xe6\xe5\xf8\x9b\xae\xdd\x16\xf2\x4b\x8d\x2c\xe1\xd4\xdc" .
4829 "\xb0\xcb\xdf\x9d\xd4\x70\x6d\x17\xf9\x4d\x42\x3f\x9b\x1b\x11\x94" .
4830 "\x9f\x5b\xc1\x9b\x06\x05\x9d\x03\x9d\x5e\x13\x8a\x1e\x9a\x6a\xe8" .
4831 "\xd9\x7c\x14\x17\x58\xc7\x2a\xf6\xa1\x99\x63\x0a\xd7\xfd\x70\xc3" .
4832 "\xf6\x5e\x74\x13\x03\xc9\x0b\x04\x26\x98\xf7\x26\x8a\x92\x93\x25" .
4833 "\xb0\xa2\x0d\x23\xed\x63\x79\x6d\x13\x32\xfa\x3c\x35\x02\x9a\xa3" .
4834 "\xb3\xdd\x8e\x0a\x24\xbf\x51\xc3\x7c\xcd\x55\x9f\x37\xaf\x94\x4c" .
4835 "\x29\x08\x52\x82\xb2\x3b\x4e\x37\x9f\x17\x07\x91\x11\x3b\xfd\xcd";
4837 $salt_buf = uc $salt_buf;
4839 my $digest = sha1
($word_buf . $salt_buf);
4841 my ($a, $b, $c, $d, $e) = unpack ("I*", $digest);
4843 my $lengthMagicArray = 0x20;
4844 my $offsetMagicArray = 0;
4846 $lengthMagicArray += (($a >> 0) & 0xff) % 6;
4847 $lengthMagicArray += (($a >> 8) & 0xff) % 6;
4848 $lengthMagicArray += (($a >> 16) & 0xff) % 6;
4849 $lengthMagicArray += (($a >> 24) & 0xff) % 6;
4850 $lengthMagicArray += (($b >> 0) & 0xff) % 6;
4851 $lengthMagicArray += (($b >> 8) & 0xff) % 6;
4852 $lengthMagicArray += (($b >> 16) & 0xff) % 6;
4853 $lengthMagicArray += (($b >> 24) & 0xff) % 6;
4854 $lengthMagicArray += (($c >> 0) & 0xff) % 6;
4855 $lengthMagicArray += (($c >> 8) & 0xff) % 6;
4856 $offsetMagicArray += (($c >> 16) & 0xff) % 8;
4857 $offsetMagicArray += (($c >> 24) & 0xff) % 8;
4858 $offsetMagicArray += (($d >> 0) & 0xff) % 8;
4859 $offsetMagicArray += (($d >> 8) & 0xff) % 8;
4860 $offsetMagicArray += (($d >> 16) & 0xff) % 8;
4861 $offsetMagicArray += (($d >> 24) & 0xff) % 8;
4862 $offsetMagicArray += (($e >> 0) & 0xff) % 8;
4863 $offsetMagicArray += (($e >> 8) & 0xff) % 8;
4864 $offsetMagicArray += (($e >> 16) & 0xff) % 8;
4865 $offsetMagicArray += (($e >> 24) & 0xff) % 8;
4867 my $hash_buf = sha1_hex
($word_buf . substr ($theMagicArray_s, $offsetMagicArray, $lengthMagicArray) . $salt_buf);
4869 $tmp_hash = sprintf ("%s\$%s", $salt_buf, uc $hash_buf);
4871 elsif ($mode == 7900)
4880 my $phpass_it = 1 << $cost;
4882 $hash_buf = sha512
($salt_buf . $word_buf);
4884 for (my $i = 0; $i < $phpass_it; $i++)
4886 $hash_buf = sha512
($hash_buf . $word_buf);
4889 my $base64_buf = substr (Authen
::Passphrase
::PHPass
::_en_base64
($hash_buf), 0, 43);
4891 my $base64_digits = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
4893 my $cost_str = substr ($base64_digits , $cost, 1);
4895 $tmp_hash = sprintf ('$S$%s%s%s', $cost_str, $salt_buf, $base64_buf);
4897 elsif ($mode == 8000)
4899 my $salt_buf_bin = pack ("H*", $salt_buf);
4901 my $word_buf_utf = encode
("UTF-16BE", $word_buf);
4903 $hash_buf = sha256_hex
($word_buf_utf . "\x00" x
(510 - (length ($word_buf) * 2)) . $salt_buf_bin);
4905 $tmp_hash = sprintf ("0xc007%s%s", $salt_buf, $hash_buf);
4907 elsif ($mode == 8100)
4909 $hash_buf = sha1_hex
($salt_buf . $word_buf . "\x00");
4911 $tmp_hash = sprintf ("1%s%s", $salt_buf, $hash_buf);
4913 elsif ($mode == 8200)
4915 my $iterations = 40000;
4917 if (defined ($iter))
4919 $iterations = $iter;
4922 my $salt_hex = substr ($salt_buf, 0, 32);
4923 my $salt = pack ("H*", $salt_hex);
4925 my $data_hex = substr ($salt_buf, 32);
4926 my $data = pack ("H*", $data_hex);
4928 my $pbkdf2 = Crypt
::PBKDF2
->new
4930 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
4931 iterations
=> int $iterations
4934 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
4936 $hash_buf = hmac_hex
($data, substr ($key, 32, 32), \
&sha256
, 64);
4938 $tmp_hash = sprintf ("%s:%s:%d:%s", $hash_buf, $salt_hex, $iterations, $data_hex);
4940 elsif ($mode == 8300)
4942 my ($domain, $salt_hex) = split (":", $salt_buf);
4944 my $hashalg = Net
::DNS
::SEC
->digtype ("SHA1");
4946 my $salt = pack ("H*", $salt_hex);
4950 if (defined ($iter))
4952 $iterations = $iter;
4955 my $name = lc ($word_buf . $domain);
4957 my $hash_buf = Net
::DNS
::RR
::NSEC3
::name2hash
($hashalg, $name, $iterations, $salt);
4959 $tmp_hash = sprintf ("%s:%s:%s:%d", $hash_buf, $domain, $salt_hex, $iterations);
4961 elsif ($mode == 8400)
4963 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($salt_buf . sha1_hex
($word_buf)));
4965 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4967 elsif ($mode == 8500)
4969 $hash_buf = racf_hash
(uc $salt_buf, $word_buf);
4971 $tmp_hash = sprintf ('$racf$*%s*%s', uc $salt_buf, uc $hash_buf);
4973 elsif ($mode == 8600)
4975 my @saved_key = map { ord $_; } split "", $word_buf;
4977 my $len = scalar @saved_key;
4979 my @state = domino_big_md
(\
@saved_key, $len);
4981 $tmp_hash = sprintf ('%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x',
5000 elsif ($mode == 8700)
5002 my $domino_char = undef;
5004 if (defined ($additional_param))
5006 $domino_char = $additional_param;
5009 my @saved_key = map { ord $_; } split "", $word_buf;
5011 my $len = scalar @saved_key;
5013 my @state = domino_big_md
(\
@saved_key, $len);
5015 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5017 @saved_key = map { ord $_; } split "", $salt_buf . uc $str;
5019 @state = domino_big_md
(\
@saved_key, 34);
5021 $hash_buf = join ("", (map { chr $_; } @state));
5023 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_buf . $hash_buf, $domino_char));
5025 elsif ($mode == 8900)
5031 if (defined ($additional_param))
5033 $N = $additional_param;
5034 $r = $additional_param2;
5035 $p = $additional_param3;
5038 $hash_buf = scrypt_hash
($word_buf, $salt_buf, $N, $r, $p, 32);
5040 $tmp_hash = sprintf ('%s', $hash_buf);
5042 elsif ($mode == 9100)
5044 my $iterations = 5000;
5046 if (defined ($iter))
5048 $iterations = $iter;
5051 my $domino_char = undef;
5053 # domino 5 hash - SEC_pwddigest_V1 - -m 8600
5055 my @saved_key = map { ord $_; } split "", $word_buf;
5057 my $len = scalar @saved_key;
5059 my @state = domino_big_md
(\
@saved_key, $len);
5062 # domino 6 hash - SEC_pwddigest_V2 - -m 8700
5064 my $salt_part = substr ($salt_buf, 0, 5);
5066 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5068 @saved_key = map { ord $_; } split "", $salt_part . uc $str;
5070 @state = domino_big_md
(\
@saved_key, 34);
5072 $hash_buf = join ("", (map { chr $_; } @state));
5074 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_part . $hash_buf, $domino_char));
5077 # domino 8(.5.x) hash - SEC_pwddigest_V3 - -m 9100
5079 my $pbkdf2 = Crypt
::PBKDF2
->new
5081 hash_class
=> 'HMACSHA1',
5082 iterations
=> $iterations,
5089 if (defined ($additional_param))
5091 $chars = $additional_param;
5094 my $digest_new = $pbkdf2->PBKDF2 ($salt_buf, $tmp_hash);
5096 my $iteration_str = "" . $iterations;
5098 for (my $i = length ($iterations); $i < 10; $i++)
5100 $iterations = "0" . $iterations;
5103 $tmp_hash = sprintf ('(H%s)', domino_85x_encode
($salt_buf . $iterations . $chars . $digest_new, $domino_char));
5105 elsif ($mode == 9200)
5107 my $iterations = 20000;
5109 my $pbkdf2 = Crypt
::PBKDF2
->new
5111 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5112 iterations
=> $iterations
5115 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5119 for (my $i = 0; $i < 43; $i++)
5121 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5124 $tmp_hash = sprintf ("\$8\$%s\$%s", $salt_buf, $tmp_hash);
5126 elsif ($mode == 9300)
5132 $hash_buf = scrypt_b64
($word_buf, $salt_buf, $N, $r, $p, 32);
5136 for (my $i = 0; $i < 43; $i++)
5138 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5141 $tmp_hash = sprintf ('$9$%s$%s', $salt_buf, $tmp_hash);
5143 elsif ($mode == 9400)
5145 my $iterations = 50000;
5149 $iterations = int ($iter);
5152 my $aes_key_size = 128; # or 256
5154 if (defined ($additional_param2))
5156 $aes_key_size = $additional_param2;
5159 $salt_buf = pack ("H*", $salt_buf);
5161 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5163 for (my $i = 0; $i < $iterations; $i++)
5165 my $num32 = pack ("L", $i);
5167 $tmp = sha1
($num32 . $tmp);
5170 my $zero32 = pack ("L", 0x00);
5172 my $derivation_array1 = pack ("C", 0x36) x
64;
5173 my $derivation_array2 = pack ("C", 0x5C) x
64;
5175 $tmp = sha1
($tmp . $zero32);
5177 my $tmp2 = sha1
($derivation_array1 ^ $tmp);
5178 my $tmp3 = sha1
($derivation_array2 ^ $tmp);
5180 my $key = substr ($tmp2 . $tmp3, 0, $aes_key_size / 8);
5182 my $m = Crypt
::Mode
::ECB
->new ('AES', 0);
5186 if (defined $additional_param)
5188 $encdata = $m->decrypt (pack ("H*", $additional_param), $key);
5192 $encdata = "A" x
16; ## can be anything
5195 my $data1_buf = $encdata;
5196 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5198 $data1_buf = substr ($data1_buf . ("\x00" x
16), 0, 16);
5199 $data2_buf = substr ($data2_buf . ("\x00" x
16), 0, 32);
5201 my $encrypted1 = unpack ("H*", $m->encrypt ($data1_buf, $key));
5202 my $encrypted2 = unpack ("H*", $m->encrypt ($data2_buf, $key));
5204 $encrypted1 = substr ($encrypted1, 0, 32);
5205 $encrypted2 = substr ($encrypted2, 0, 40);
5207 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2007, 20, $aes_key_size, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5209 elsif ($mode == 9500)
5211 my $iterations = 100000;
5215 $iterations = int ($iter);
5218 $salt_buf = pack ("H*", $salt_buf);
5220 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5222 for (my $i = 0; $i < $iterations; $i++)
5224 my $num32 = pack ("L", $i);
5226 $tmp = sha1
($num32 . $tmp);
5229 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5230 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5232 my $final1 = sha1
($tmp . $encryptedVerifierHashInputBlockKey);
5233 my $final2 = sha1
($tmp . $encryptedVerifierHashValueBlockKey);
5235 my $key1 = substr ($final1, 0, 16);
5236 my $key2 = substr ($final2, 0, 16);
5238 my $cipher1 = Crypt
::CBC
->new({
5240 cipher
=> "Crypt::Rijndael",
5248 my $cipher2 = Crypt
::CBC
->new({
5250 cipher
=> "Crypt::Rijndael",
5260 if (defined $additional_param)
5262 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5266 $encdata = "A" x
16; ## can be anything
5269 my $data1_buf = $encdata;
5270 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5272 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5273 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5275 $encrypted2 = substr ($encrypted2, 0, 64);
5277 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2010, 100000, 128, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5279 elsif ($mode == 9600)
5281 my $iterations = 100000;
5285 $iterations = int ($iter);
5288 $salt_buf = pack ("H*", $salt_buf);
5290 my $tmp = sha512
($salt_buf . encode
("UTF-16LE", $word_buf));
5292 for (my $i = 0; $i < $iterations; $i++)
5294 my $num32 = pack ("L", $i);
5296 $tmp = sha512
($num32 . $tmp);
5299 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5300 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5302 my $final1 = sha512
($tmp . $encryptedVerifierHashInputBlockKey);
5303 my $final2 = sha512
($tmp . $encryptedVerifierHashValueBlockKey);
5305 my $key1 = substr ($final1, 0, 32);
5306 my $key2 = substr ($final2, 0, 32);
5308 my $cipher1 = Crypt
::CBC
->new({
5310 cipher
=> "Crypt::Rijndael",
5318 my $cipher2 = Crypt
::CBC
->new({
5320 cipher
=> "Crypt::Rijndael",
5330 if (defined $additional_param)
5332 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5336 $encdata = "A" x
16; ## can be anything
5339 my $data1_buf = $encdata;
5340 my $data2_buf = sha512
(substr ($data1_buf, 0, 16));
5342 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5343 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5345 $encrypted2 = substr ($encrypted2, 0, 64);
5347 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2013, 100000, 256, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5349 elsif ($mode == 9700)
5351 $salt_buf = pack ("H*", $salt_buf);
5353 my $tmp = md5
(encode
("UTF-16LE", $word_buf));
5355 $tmp = substr ($tmp, 0, 5);
5359 for (my $i = 0; $i < 16; $i++)
5367 $tmp = substr ($tmp, 0, 5);
5371 if (defined $additional_param2)
5373 $version = $additional_param2;
5377 $version = (unpack ("L", $tmp) & 1) ?
0 : 1;
5380 my $rc4_key = md5
($tmp . "\x00\x00\x00\x00");
5382 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5386 if (defined $additional_param)
5388 $encdata = $m->RC4 (pack ("H*", $additional_param));
5392 $encdata = "A" x
16; ## can be anything
5395 my $data1_buf = $encdata;
5396 my $data2_buf = md5
(substr ($data1_buf, 0, 16));
5398 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5400 my $encrypted1 = $m->RC4 ($data1_buf);
5401 my $encrypted2 = $m->RC4 ($data2_buf);
5403 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5405 elsif ($mode == 9800)
5407 $salt_buf = pack ("H*", $salt_buf);
5409 my $tmp = sha1
($salt_buf. encode
("UTF-16LE", $word_buf));
5413 if (defined $additional_param2)
5415 $version = $additional_param2;
5419 $version = (unpack ("L", $tmp) & 1) ?
3 : 4;
5422 my $rc4_key = sha1
($tmp . "\x00\x00\x00\x00");
5426 $rc4_key = substr ($rc4_key, 0, 5) . "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
5429 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5433 if (defined $additional_param)
5435 $encdata = $m->RC4 (pack ("H*", $additional_param));
5439 $encdata = "A" x
16; ## can be anything
5442 my $data1_buf = $encdata;
5443 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5445 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5447 my $encrypted1 = $m->RC4 ($data1_buf);
5448 my $encrypted2 = $m->RC4 ($data2_buf);
5450 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5452 elsif ($mode == 9900)
5454 $tmp_hash = sprintf ("%s", md5_hex
($word_buf . "\0" x
(100 - length ($word_buf))));
5456 elsif ($mode == 10000)
5458 my $iterations = 10000;
5462 $iterations = int ($iter);
5465 my $pbkdf2 = Crypt
::PBKDF2
->new
5467 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5468 iterations
=> $iterations
5471 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5472 $hash_buf =~ s/[\r\n]//g;
5474 $tmp_hash = sprintf ("pbkdf2_sha256\$%i\$%s\$%s", $iterations, $salt_buf, $hash_buf);
5476 elsif ($mode == 10100)
5478 my $seed = pack ("H*", $salt_buf);
5480 my ($hi, $lo) = siphash
($word_buf, $seed);
5482 my $hi_s = sprintf ("%08x", $hi);
5483 my $lo_s = sprintf ("%08x", $lo);
5485 $hi_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5486 $lo_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5488 $tmp_hash = sprintf ("%s%s:2:4:%s", $hi_s, $lo_s, $salt_buf);
5490 elsif ($mode == 10200)
5492 my $challengeb64 = encode_base64
($salt_buf);
5493 $challengeb64 =~ s/[\r\n]//g;
5497 if (defined $additional_param)
5499 $username = $additional_param;
5506 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
);
5508 my $responseb64 = encode_base64
($username . " " . $hash_buf);
5509 $responseb64 =~ s/[\r\n]//g;
5511 $tmp_hash = sprintf ('$cram_md5$%s$%s', $challengeb64, $responseb64);
5513 elsif ($mode == 10300)
5515 my $iterations = 1024;
5519 $iterations = int ($iter);
5522 my $hash_buf = $salt_buf;
5524 for (my $pos = 0; $pos < $iterations; $pos++)
5526 $hash_buf = sha1
($word_buf . $hash_buf);
5529 $hash_buf = encode_base64
($hash_buf . $salt_buf);
5530 $hash_buf =~ s/[\r\n]//g;
5532 $tmp_hash = sprintf ("{x-issha, %i}%s", $iterations, $hash_buf);
5534 elsif ($mode == 10400)
5537 my $u = $additional_param;
5538 my $o = $additional_param2;
5539 my $P = $additional_param3;
5541 if (defined $u == 0)
5546 if (defined $o == 0)
5551 if (defined $P == 0)
5558 for (my $i = 0; $i < 32; $i++)
5560 $padding .= pack ("C", $pdf_padding[$i]);
5563 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, 1, 2, 0);
5565 my $m = Crypt
::RC4
->new (substr ($res, 0, 5));
5567 $u = $m->RC4 ($padding);
5569 $tmp_hash = sprintf ('$pdf$%d*%d*40*%d*%d*16*%s*32*%s*32*%s', 1, 2, $P, 0, $id, unpack ("H*", $u), $o);
5571 elsif ($mode == 10500)
5574 my $u = $additional_param;
5575 my $o = $additional_param2;
5576 my $P = $additional_param3;
5577 my $V = $additional_param4;
5578 my $R = $additional_param5;
5579 my $enc = $additional_param6;
5581 if (defined $u == 0)
5588 if (defined $o == 0)
5593 if (defined $R == 0)
5595 $R = get_random_num
(3, 5);
5598 if (defined $V == 0)
5600 $V = ($R == 3) ?
2 : 4;
5603 if (defined $P == 0)
5605 $P = ($R == 3) ?
-4 : -1028;
5608 if (defined $enc == 0)
5610 $enc = ($R == 3) ?
1 : get_random_num
(0, 2);
5615 for (my $i = 0; $i < 32; $i++)
5617 $padding .= pack ("C", $pdf_padding[$i]);
5620 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, $V, $R, $enc);
5622 my $digest = md5
($padding . pack ("H*", $id));
5624 my $m = Crypt
::RC4
->new ($res);
5626 $u = $m->RC4 ($digest);
5628 my @ress = split "", $res;
5630 for (my $x = 1; $x <= 19; $x++)
5634 for (my $i = 0; $i < 16; $i++)
5636 $xor[$i] = chr (ord ($ress[$i]) ^ $x);
5639 my $s = join ("", @xor);
5641 my $m2 = Crypt
::RC4
->new ($s);
5646 $u .= substr (pack ("H*", $u_save), 16, 16);
5648 $tmp_hash = sprintf ('$pdf$%d*%d*128*%d*%d*16*%s*32*%s*32*%s', $V, $R, $P, $enc, $id, unpack ("H*", $u), $o);
5650 elsif ($mode == 10600)
5653 my $rest = $additional_param;
5655 if (defined $id == 0)
5660 if (defined $rest == 0)
5666 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
5669 my @data = split /\*/, $rest;
5671 my $u = pack ("H*", $data[1]);
5673 my $h = sha256
($word_buf . substr ($u, 32, 8));
5675 $data[1] = unpack ("H*", $h . substr ($u, 32));
5677 $rest = join ("*", @data);
5679 $tmp_hash = sprintf ('$pdf$5*5*256*-1028*1*16*%s*%s', $id, $rest);
5681 elsif ($mode == 10700)
5684 my $rest = $additional_param;
5686 if (defined $id == 0)
5691 if (defined $rest == 0)
5697 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
5700 my @datax = split /\*/, $rest;
5702 my $u = pack ("H*", $datax[1]);
5704 my $block = sha256
($word_buf . substr ($u, 32, 8));
5706 my $block_size = 32;
5708 my $data = 0x00 x
64;
5714 for (my $i = 0; $i < 64 || $i < $data63 + 32; $i++)
5716 $data = $word_buf . $block;
5718 $data_len = length ($data);
5720 for (my $k = 1; $k < 64; $k++)
5722 $data .= $word_buf . $block;
5725 my $aes = Crypt
::CBC
->new({
5726 key
=> substr ($block, 0, 16),
5727 cipher
=> "Crypt::Rijndael",
5728 iv
=> substr ($block, 16, 16),
5735 my $data = $aes->encrypt ($data);
5739 for (my $j = 0; $j < 16; $j++)
5741 $sum += ord (substr ($data, $j, 1));
5744 $block_size = 32 + ($sum % 3) * 16;
5746 if ($block_size == 32)
5748 $block = sha256
(substr ($data, 0, $data_len * 64));
5750 elsif ($block_size == 48)
5752 $block = sha384
(substr ($data, 0, $data_len * 64));
5754 elsif ($block_size == 64)
5756 $block = sha512
(substr ($data, 0, $data_len * 64));
5759 $data63 = ord (substr ($data, $data_len * 64 - 1, 1));
5762 $datax[1] = unpack ("H*", substr ($block, 0, 32) . substr ($u, 32));
5764 $rest = join ("*", @datax);
5766 $tmp_hash = sprintf ('$pdf$5*6*256*-1028*1*16*%s*%s', $id, $rest);
5768 elsif ($mode == 10800)
5770 $hash_buf = sha384_hex
($word_buf);
5772 $tmp_hash = sprintf ("%s", $hash_buf);
5774 elsif ($mode == 10900)
5776 my $iterations = 1000;
5780 $iterations = int ($iter);
5785 if (defined $additional_param)
5787 $out_len = $additional_param;
5790 my $pbkdf2 = Crypt
::PBKDF2
->new
5792 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5793 iterations
=> $iterations,
5794 output_len
=> $out_len
5797 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5798 $hash_buf =~ s/[\r\n]//g;
5800 my $base64_salt_buf = encode_base64
($salt_buf);
5802 chomp ($base64_salt_buf);
5804 $tmp_hash = sprintf ("sha256:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
5806 elsif ($mode == 11000)
5808 $hash_buf = md5_hex
($salt_buf . $word_buf);
5810 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5812 elsif ($mode == 11100)
5814 my $user = "postgres";
5816 if (defined $additional_param)
5818 $user = $additional_param;
5821 $hash_buf = md5_hex
(md5_hex
($word_buf . $user) . pack ("H*", $salt_buf));
5823 $tmp_hash = sprintf ("\$postgres\$%s*%s*%s", $user, $salt_buf, $hash_buf);
5825 elsif ($mode == 11200)
5827 my $sha1_pass = sha1
($word_buf);
5828 my $double_sha1 = sha1
($sha1_pass);
5830 my $xor_part1 = $sha1_pass;
5831 my $xor_part2 = sha1
(pack ("H*", $salt_buf) . $double_sha1);
5835 for (my $i = 0; $i < 20; $i++)
5837 my $first_byte = substr ($xor_part1, $i, 1);
5838 my $second_byte = substr ($xor_part2, $i, 1);
5840 my $xor_result = $first_byte ^ $second_byte;
5842 $hash_buf .= unpack ("H*", $xor_result);
5845 $tmp_hash = sprintf ("\$mysqlna\$%s*%s", $salt_buf, $hash_buf);
5847 elsif ($mode == 11300)
5849 my $ckey_buf = get_random_string
(96);
5851 if (length ($additional_param))
5853 $ckey_buf = $additional_param;
5856 my $public_key_buf = get_random_string
(66);
5858 if (length ($additional_param2))
5860 $public_key_buf = $additional_param2;
5863 my $salt_iter = get_random_num
(150000, 250000);
5867 $salt_iter = int ($iter);
5870 my $hash_buf = sha512
($word_buf . pack ("H*", $salt_buf));
5872 for (my $i = 1; $i < $salt_iter; $i++)
5874 $hash_buf = sha512
($hash_buf);
5877 my $data = get_random_string
(32);
5879 my $aes = Crypt
::CBC
->new({
5880 key
=> substr ($hash_buf, 0, 32),
5881 cipher
=> "Crypt::Rijndael",
5882 iv
=> substr ($hash_buf, 32, 16),
5886 padding
=> "standard",
5889 my $cry_master_buf = (unpack ("H*", $aes->encrypt ($data)));
5891 $tmp_hash = sprintf ('$bitcoin$%d$%s$%d$%s$%d$%d$%s$%d$%s',
5892 length ($cry_master_buf),
5899 length ($public_key_buf),
5902 elsif ($mode == 11400)
5904 my ($directive, $URI_server, $URI_client, $user, $realm, $nonce, $nonce_count, $nonce_client, $qop, $method, $URI, $URI_prefix, $URI_resource, $URI_suffix);
5906 $directive = "MD5"; # only directive currently supported
5908 if (defined ($additional_param))
5910 $user = $additional_param;
5911 $realm = $additional_param2;
5913 $nonce_count = $additional_param3;
5914 $nonce_client = $additional_param4;
5915 $qop = $additional_param5;
5916 $method = $additional_param6;
5918 $URI_prefix = $additional_param7;
5919 $URI_resource = $additional_param8;
5920 $URI_suffix = $additional_param9;
5922 # not needed information
5924 $URI_server = $additional_param10;
5925 $URI_client = $additional_param11;
5929 $user = get_random_string
(get_random_num
(0, 12 + 1));
5931 # special limit: (user_len + 1 + realm_len + 1 + word_buf_len) < 56
5932 my $realm_max_len = 55 - length ($user) - 1 - length ($word_buf) - 1;
5934 if ($realm_max_len < 1) # should never happen
5939 $realm_max_len = min
(20, $realm_max_len);
5941 $realm = get_random_string
(get_random_num
(0, $realm_max_len + 1));
5945 if (get_random_num
(0, 1 + 1) == 1)
5949 $nonce_count = get_random_string
(get_random_num
(0, 10 + 1));
5950 $nonce_client = get_random_string
(get_random_num
(0, 12 + 1));
5960 $method = get_random_string
(get_random_num
(0, 24 + 1));
5962 $URI_prefix = get_random_string
(get_random_num
(0, 10 + 1));
5963 $URI_resource = get_random_string
(get_random_num
(1, 32 + 1));
5964 $URI_suffix = get_random_string
(get_random_num
(0, 32 + 1));
5966 # not needed information
5968 $URI_server = get_random_string
(get_random_num
(0, 32 + 1));
5969 $URI_client = $URI_resource; # simplification
5976 if (length ($URI_prefix) > 0)
5978 $URI = $URI_prefix . ":";
5981 $URI .= $URI_resource;
5983 if (length ($URI_suffix) > 0)
5985 $URI .= ":" . $URI_suffix;
5988 my $HA2 = md5_hex
($method . ":" . $URI);
5990 my $HA1 = md5_hex
($user . ":" . $realm . ":" . $word_buf);
5994 if (($qop eq "auth") || ($qop eq "auth-int"))
5996 $tmp_buf = $nonce . ":" . $nonce_count . ":" . $nonce_client . ":" . $qop;
6003 my $hash_buf = md5_hex
($HA1 . ":" . $tmp_buf . ":" . $HA2);
6005 $tmp_hash = sprintf ("\$sip\$*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s", $URI_server, $URI_resource, $user, $realm, $method, $URI_prefix, $URI_resource, $URI_suffix, $nonce, $nonce_client, $nonce_count, $qop, $directive, $hash_buf);
6007 elsif ($mode == 11500)
6009 $hash_buf = crc32
($word_buf);
6011 $tmp_hash = sprintf ("%08x:00000000", $hash_buf);
6013 elsif ($mode == 11600)
6015 my ($p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, $data_len, $unpack_size, $data_buf);
6019 my $validation_only = 0;
6021 $validation_only = 1 if (defined ($additional_param));
6023 if ($validation_only == 1)
6025 $num_cycle_power = int ($iter);
6026 $seven_zip_salt_len = $additional_param;
6027 $seven_zip_salt_buf = $additional_param2;
6028 $salt_len = $additional_param3;
6029 # $salt_buf set in parser
6030 # $hash_buf (resulting crc)
6031 $data_len = $additional_param4;
6032 $unpack_size = $additional_param5;
6033 $data_buf = $additional_param6;
6037 $num_cycle_power = 14; # by default it is 19
6038 $seven_zip_salt_len = 0;
6039 $seven_zip_salt_buf = "";
6040 $salt_len = length ($salt_buf);
6041 # $salt_buf set automatically
6042 # $hash_buf (resulting crc)
6043 # $data_len will be set when encrypting
6044 $unpack_size = get_random_num
(1, 32 + 1);
6045 $data_buf = get_random_string
($unpack_size);
6049 # 2 ^ NumCyclesPower "iterations" of SHA256 (only one final SHA256)
6052 $word_buf = encode
("UTF-16LE", $word_buf);
6054 my $rounds = 1 << $num_cycle_power;
6058 for (my $i = 0; $i < $rounds; $i++)
6062 $num_buf .= pack ("V", $i);
6063 $num_buf .= "\x00" x
4;
6065 # this would be better but only works on 64-bit systems:
6066 # $num_buf = pack ("q", $i);
6068 $pass_buf .= sprintf ("%s%s", $word_buf, $num_buf);
6071 my $key = sha256
($pass_buf);
6073 # the salt_buf is our IV for AES CBC
6076 my $salt_buf_len = length ($salt_buf);
6077 my $salt_padding_len = 0;
6079 if ($salt_buf_len < 16)
6081 $salt_padding_len = 16 - $salt_buf_len;
6084 $salt_buf .= "\x00" x
$salt_padding_len;
6086 my $aes = Crypt
::CBC
->new({
6087 cipher
=> "Crypt::Rijndael",
6095 if ($validation_only == 1)
6099 my $decrypted_data = $aes->decrypt ($data_buf);
6101 $decrypted_data = substr ($decrypted_data, 0, $unpack_size);
6103 $hash_buf = crc32
($decrypted_data);
6109 $hash_buf = crc32
($data_buf);
6111 $data_buf = $aes->encrypt ($data_buf);
6113 $data_len = length ($data_buf);
6116 $tmp_hash = sprintf ("\$7z\$%i\$%i\$%i\$%s\$%i\$%08s\$%u\$%u\$%u\$%s", $p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, unpack ("H*", $salt_buf), $hash_buf, $data_len, $unpack_size, unpack ("H*", $data_buf));
6118 elsif ($mode == 11900)
6120 my $iterations = 1000;
6124 $iterations = int ($iter);
6129 if (defined $additional_param)
6131 $out_len = $additional_param;
6135 # call PHP here - WTF
6138 # sanitize $word_buf and $salt_buf:
6140 my $word_buf_base64 = encode_base64
($word_buf);
6141 $word_buf_base64 =~ s/[\r\n]//g;
6143 my $salt_buf_base64 = encode_base64
($salt_buf);
6144 $salt_buf_base64 =~ s/[\r\n]//g;
6148 $out_len = int ($out_len);
6150 # output is in hex encoding, otherwise it could be screwed (but shouldn't)
6152 my $php_code = <<'END_CODE';
6154 function pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
6156 $algorithm = strtolower ($algorithm);
6158 if(! in_array ($algorithm, hash_algos (), true))
6160 trigger_error ("PBKDF2 ERROR: Invalid hash algorithm.", E_USER_ERROR);
6163 if ($count <= 0 || $key_length <= 0)
6165 trigger_error ("PBKDF2 ERROR: Invalid parameters.", E_USER_ERROR);
6168 if (function_exists ("hash_pbkdf2"))
6172 $key_length = $key_length * 2;
6175 return hash_pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output);
6178 $hash_length = strlen (hash ($algorithm, "", true));
6179 $block_count = ceil ($key_length / $hash_length);
6183 for ($i = 1; $i <= $block_count; $i++)
6185 $last = $salt . pack ("N", $i);
6187 $last = $xorsum = hash_hmac ($algorithm, $last, $password, true);
6189 for ($j = 1; $j < $count; $j++)
6191 $xorsum ^= ($last = hash_hmac ($algorithm, $last, $password, true));
6199 return substr ($output, 0, $key_length);
6203 return bin2hex (substr ($output, 0, $key_length));
6207 print pbkdf2 ("md5", base64_decode ("$word_buf_base64"), base64_decode ("$salt_buf_base64"), $iterations, $out_len, False);
6211 # replace with these command line arguments
6213 $php_code =~ s/\$word_buf_base64/$word_buf_base64/;
6214 $php_code =~ s/\$salt_buf_base64/$salt_buf_base64/;
6215 $php_code =~ s/\$iterations/$iterations/;
6216 $php_code =~ s/\$out_len/$out_len/;
6218 my $php_output = `php -r '$php_code'`;
6220 $hash_buf = pack ("H*", $php_output);
6222 $hash_buf = encode_base64 ($hash_buf);
6223 $hash_buf =~ s/[\r\n]//g;
6225 my $base64_salt_buf = encode_base64 ($salt_buf);
6227 chomp ($base64_salt_buf);
6229 $tmp_hash = sprintf ("md5:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6231 elsif ($mode == 12000)
6233 my $iterations = 1000;
6237 $iterations = int ($iter);
6242 if (defined $additional_param)
6244 $out_len = $additional_param;
6247 my $pbkdf2 = Crypt::PBKDF2->new
6249 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1'),
6250 iterations => $iterations,
6251 output_len => $out_len
6254 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6255 $hash_buf =~ s/[\r\n]//g;
6257 my $base64_salt_buf = encode_base64 ($salt_buf);
6259 chomp ($base64_salt_buf);
6261 $tmp_hash = sprintf ("sha1:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6263 elsif ($mode == 12100)
6265 my $iterations = 1000;
6269 $iterations = int ($iter);
6274 if (defined $additional_param)
6276 $out_len = $additional_param;
6279 my $pbkdf2 = Crypt::PBKDF2->new
6281 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512),
6282 iterations => $iterations,
6283 output_len => $out_len
6286 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6287 $hash_buf =~ s/[\r\n]//g;
6289 my $base64_salt_buf = encode_base64 ($salt_buf);
6291 chomp ($base64_salt_buf);
6293 $tmp_hash = sprintf ("sha512:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6295 elsif ($mode == 12200)
6297 my $iterations = 65536;
6299 my $default_salt = 0;
6301 if (defined $additional_param)
6303 $default_salt = int ($additional_param);
6306 if ($default_salt == 1)
6308 $salt_buf = "0011223344556677";
6311 $hash_buf = sha512 (pack ("H*", $salt_buf) . $word_buf);
6313 for (my $i = 0; $i < $iterations; $i++)
6315 $hash_buf = sha512 ($hash_buf);
6318 $hash_buf = unpack ("H*", $hash_buf);
6319 $hash_buf = substr ($hash_buf, 0, 16);
6321 if ($default_salt == 0)
6323 $tmp_hash = sprintf ("\$ecryptfs\$0\$1\$%s\$%s", $salt_buf, $hash_buf);
6327 $tmp_hash = sprintf ("\$ecryptfs\$0\$%s", $hash_buf);
6330 elsif ($mode == 12300)
6332 my $iterations = 4096;
6334 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
6336 my $pbkdf2 = Crypt::PBKDF2->new (
6338 iterations => $iterations,
6342 my $salt_bin = pack ("H*", $salt_buf);
6344 my $key = $pbkdf2->PBKDF2 ($salt_bin. "AUTH_PBKDF2_SPEEDY_KEY", $word_buf);
6346 $hash_buf = sha512_hex ($key . $salt_bin);
6348 $tmp_hash = sprintf ("%s%s", uc ($hash_buf), uc ($salt_buf));
6350 elsif ($mode == 12400)
6356 $iterations = int ($iter);
6360 $iterations = get_random_num (1, 5001 + 1);
6363 my $key_value = fold_password ($word_buf);
6365 my $data = "\x00\x00\x00\x00\x00\x00\x00\x00";
6366 my $salt_value = base64_to_int24 ($salt_buf);
6368 $hash_buf = crypt_rounds ($key_value, $iterations, $salt_value, $data);
6370 $tmp_hash = sprintf ("_%s%s%s", int24_to_base64 ($iterations), $salt_buf, block_to_base64 ($hash_buf));
6372 elsif ($mode == 12600)
6374 $hash_buf = sha1_hex ($word_buf);
6376 $hash_buf = sha256_hex ($salt_buf . uc $hash_buf);
6378 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
6380 elsif ($mode == 12700)
6382 my $iterations = 10;
6385 "guid" : "00000000-0000-0000-0000-000000000000",
6386 "sharedKey" : "00000000-0000-0000-0000-000000000000",
6387 "options" : {"pbkdf2_iterations":10,"fee_policy":0,"html5_notifications":false,"logout_time":600000,"tx_display":0,"always_keep_local_backup":false}|;
6389 my $salt_buf_bin = pack ("H*", $salt_buf);
6391 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
6393 my $pbkdf2 = Crypt::PBKDF2->new (
6395 iterations => $iterations,
6399 my $key = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6401 my $cipher = Crypt::CBC->new({
6403 cipher => "Crypt::Rijndael",
6404 iv => $salt_buf_bin,
6410 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
6412 $tmp_hash = sprintf ("\$blockchain\$%s\$%s", length ($salt_buf . $encrypted) / 2, $salt_buf . $encrypted);
6414 elsif ($mode == 12800)
6416 my $iterations = 100;
6420 $iterations = int ($iter);
6423 my $nt = md4_hex (encode ("UTF-16LE", $word_buf));
6425 my $pbkdf2 = Crypt::PBKDF2->new
6427 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6428 iterations => $iterations,
6432 my $salt_buf_bin = pack ("H*", $salt_buf);
6434 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, uc (encode ("UTF-16LE", $nt)));
6436 $tmp_hash = sprintf ("v1;PPH1_MD4,%s,%d,%s", $salt_buf, $iterations, unpack ("H*", $hash));
6446 my $word_len = shift;
6448 my $salt_len = shift;
6452 $max = 15 if ($mode == 2410);
6454 if ($is_unicode{$mode})
6456 if (! $allow_long_salt{$mode})
6458 $word_len = min ($word_len, int ($max / 2) - $salt_len);
6462 $word_len = min ($word_len, int ($max / 2));
6465 elsif ($less_fifteen{$mode})
6467 $word_len = min ($word_len, 15);
6471 $salt_len = min ($salt_len, 15 - $word_len);
6476 if (! $allow_long_salt{$mode})
6478 $word_len = min ($word_len, $max - $salt_len);
6497 for (my $i = 0; $i < $salt_len; $i++)
6499 my $c = get_random_chr (0x30, 0x39);
6501 push (@salt_arr, $c);
6504 $salt_buf = join ("", @salt_arr);
6506 $salt_buf = get_random_md5chap_salt ($salt_buf);
6508 elsif ($mode == 5300 || $mode == 5400)
6510 $salt_buf = get_random_ike_salt ();
6512 elsif ($mode == 5500)
6514 $salt_buf = get_random_netntlmv1_salt ($salt_len, $salt_len);
6516 elsif ($mode == 5600)
6518 $salt_buf = get_random_netntlmv2_salt ($salt_len, $salt_len);
6520 elsif ($mode == 6600)
6522 $salt_buf = get_random_agilekeychain_salt ();
6524 elsif ($mode == 8200)
6526 $salt_buf = get_random_cloudkeychain_salt ();
6528 elsif ($mode == 8300)
6530 $salt_buf = get_random_dnssec_salt ();
6536 for (my $i = 0; $i < $salt_len; $i++)
6538 my $c = get_random_chr (0x30, 0x39);
6540 push (@salt_arr, $c);
6543 $salt_buf = join ("", @salt_arr);
6547 $salt_buf = get_random_kerberos5_salt ($salt_buf);
6557 for (my $i = 0; $i < $word_len; $i++)
6559 my $c = get_random_chr (0x30, 0x39);
6561 push (@word_arr, $c);
6564 my $word_buf = join ("", @word_arr);
6570 my $tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
6583 print sprintf ("echo -n %-20s | %s \${OPTS} %s %4d '%s'\n", $word_buf, @cmd);
6595 sub get_random_string
6601 for (my $i = 0; $i < $len; $i++)
6603 my $c = get_random_chr (0x30, 0x39);
6608 my $buf = join ("", @arr);
6618 return int ((rand ($max - $min)) + $min);
6623 return chr get_random_num (@_);
6632 for (my $i = 0; $i < length ($str); $i += 4)
6634 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
6636 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
6643 $salt = substr ($decoded, 0, 5);
6645 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
6649 $byte10 = 256 + $byte10;
6652 substr ($salt, 3, 1) = chr ($byte10);
6654 $digest = substr ($decoded, 5, 9);
6655 $char = substr ($str, 18, 1);
6657 return ($digest, $salt, $char);
6660 sub domino_85x_decode
6666 for (my $i = 0; $i < length ($str); $i += 4)
6668 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
6670 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
6675 my $iterations = -1;
6678 $salt = substr ($decoded, 0, 16); # longer than -m 8700 (5 vs 16 <- new)
6680 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
6684 $byte10 = 256 + $byte10;
6687 substr ($salt, 3, 1) = chr ($byte10);
6689 $iterations = substr ($decoded, 16, 10);
6691 if ($iterations =~ /^?d*$/)
6695 $iterations = $iterations + 0; # hack: make sure it is an int now (atoi ())
6696 $chars = substr ($decoded, 26, 2); # in my example it is "02"
6697 $digest = substr ($decoded, 28, 8); # only of length of 8 vs 20 SHA1 bytes
6700 return ($digest, $salt, $iterations, $chars);
6703 sub domino_base64_decode
6708 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
6716 my $idx = (index ($itoa64, substr ($v, $n - $i, 1))) & 0x3f;
6718 $ret += ($idx << (6 * ($i - 1)));
6731 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
6735 $byte10 = $byte10 - 256;
6738 substr ($final, 3, 1) = chr ($byte10);
6742 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
6743 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
6744 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
6745 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
6746 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
6748 if (defined ($char))
6750 substr ($passwd, 18, 1) = $char;
6752 substr ($passwd, 19, 1) = "";
6757 sub domino_85x_encode
6762 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
6766 $byte10 = $byte10 - 256;
6769 substr ($final, 3, 1) = chr ($byte10);
6773 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
6774 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
6775 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
6776 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
6777 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
6778 $passwd .= domino_base64_encode ((int (ord (substr ($final, 15, 1))) << 16) | (int (ord (substr ($final, 16, 1))) << 8) | (int (ord (substr ($final, 17, 1)))), 4);
6779 $passwd .= domino_base64_encode ((int (ord (substr ($final, 18, 1))) << 16) | (int (ord (substr ($final, 19, 1))) << 8) | (int (ord (substr ($final, 20, 1)))), 4);
6780 $passwd .= domino_base64_encode ((int (ord (substr ($final, 21, 1))) << 16) | (int (ord (substr ($final, 22, 1))) << 8) | (int (ord (substr ($final, 23, 1)))), 4);
6781 $passwd .= domino_base64_encode ((int (ord (substr ($final, 24, 1))) << 16) | (int (ord (substr ($final, 25, 1))) << 8) | (int (ord (substr ($final, 26, 1)))), 4);
6782 $passwd .= domino_base64_encode ((int (ord (substr ($final, 27, 1))) << 16) | (int (ord (substr ($final, 28, 1))) << 8) | (int (ord (substr ($final, 29, 1)))), 4);
6783 $passwd .= domino_base64_encode ((int (ord (substr ($final, 30, 1))) << 16) | (int (ord (substr ($final, 31, 1))) << 8) | (int (ord (substr ($final, 32, 1)))), 4);
6784 $passwd .= domino_base64_encode ((int (ord (substr ($final, 33, 1))) << 16) | (int (ord (substr ($final, 34, 1))) << 8) | (int (ord (substr ($final, 35, 1)))), 4);
6786 if (defined ($char))
6788 substr ($passwd, 18, 1) = $char;
6794 sub domino_base64_encode
6799 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
6803 while (($n - 1) >= 0)
6807 $ret = substr ($itoa64, $v & 0x3f, 1) . $ret;
6817 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
6822 my $v = unpack "V", substr($md5, $i*4, 4);
6824 $s64 .= substr($itoa64, $v & 0x3f, 1);
6833 my ($username, $password) = @_;
6835 $username = substr ($username . " " x 8, 0, 8);
6836 $password = substr ($password . " " x 8, 0, 8);
6838 my $username_ebc = ascii2ebcdic ($username);
6839 my $password_ebc = ascii2ebcdic ($password);
6841 my @pw = split ("", $password_ebc);
6843 for (my $i = 0; $i < 8; $i++)
6845 $pw[$i] = unpack ("C", $pw[$i]);
6848 $pw[$i] = pack ("C", $pw[$i] & 0xff);
6851 my $key = join ("", @pw);
6853 my $cipher = new Crypt::DES $key;
6855 my $ciphertext = $cipher->encrypt ($username_ebc);
6857 my $ct = unpack ("H16", $ciphertext);
6864 my ($username, $password) = @_;
6866 my $userpass = pack('n*', unpack('C*', uc($username.$password)));
6867 $userpass .= pack('C', 0) while (length($userpass) % 8);
6869 my $key = pack('H*', "0123456789ABCDEF");
6870 my $iv = pack('H*', "0000000000000000");
6872 my $c = new Crypt::CBC(
6879 my $key2 = substr($c->encrypt($userpass), length($userpass)-8, 8);
6881 my $c2 = new Crypt::CBC(
6888 my $hash = substr($c2->encrypt($userpass), length($userpass)-8, 8);
6890 return uc(unpack('H*', $hash));
6895 my $word_buf = shift;
6897 my $salt_buf = shift;
6899 my $w = sprintf ("%d%s%s", 0, $word_buf, $salt_buf);
6901 my $digest = sha1 ($w);
6903 for (my $i = 1; $i < 1024; $i++)
6905 $w = $digest . sprintf ("%d%s%s", $i, $word_buf, $salt_buf);
6907 $digest = sha1 ($w);
6910 my ($A, $B, $C, $D, $E) = unpack ("N5", $digest);
6912 return sprintf ("%08x%08x%08x%08x%08x", $A, $B, $C, $D, $E);
6920 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
6924 while (($n - 1) >= 0)
6928 $ret .= substr ($itoa64, $v & 0x3f, 1);
6944 my $hash = ""; # hash to be returned by this function
6946 my $final = md5 ($pass . $salt . $pass);
6948 $salt = substr ($salt, 0, 8);
6950 my $tmp = $pass . $magic . $salt;
6952 my $pass_len = length ($pass);
6956 for ($i = $pass_len; $i > 0; $i -= 16)
6965 $tmp .= substr ($final, 0, $len);
6978 $tmp .= substr ($pass, 0, 1);
6984 $final = md5 ($tmp);
6986 for ($i = 0; $i < $iter; $i++)
7018 $final = md5 ($tmp);
7022 # now format the output sting ("hash")
7026 $hash = to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 6, 1)) << 8) | (ord (substr ($final, 12, 1))), 4);
7027 $hash .= to64 ((ord (substr ($final, 1, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7028 $hash .= to64 ((ord (substr ($final, 2, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
7029 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 9, 1)) << 8) | (ord (substr ($final, 15, 1))), 4);
7030 $hash .= to64 ((ord (substr ($final, 4, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
7031 $hash .= to64 (ord (substr ($final, 11, 1)), 2);
7033 if ($iter == 1000) # default
7035 $hash_buf = sprintf ("%s%s\$%s", $magic , $salt , $hash);
7039 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7051 my $hash = ""; # hash to be returned by this function
7053 my $final = sha512 ($pass . $salt . $pass);
7055 $salt = substr ($salt, 0, 16);
7057 my $tmp = $pass . $salt;
7059 my $pass_len = length ($pass);
7060 my $salt_len = length ($salt);
7064 for ($i = $pass_len; $i > 0; $i -= 16)
7073 $tmp .= substr ($final, 0, $len);
7092 $final = sha512 ($tmp);
7098 for ($i = 0; $i < $pass_len; $i++)
7103 $p_bytes = sha512 ($p_bytes);
7104 $p_bytes = substr ($p_bytes, 0, $pass_len);
7108 my $final_first_byte = ord (substr ($final, 0, 1));
7112 for ($i = 0; $i < (16 + $final_first_byte); $i++)
7117 $s_bytes = sha512 ($s_bytes);
7118 $s_bytes = substr ($s_bytes, 0, $salt_len);
7120 for ($i = 0; $i < $iter; $i++)
7152 $final = sha512 ($tmp);
7156 # now format the output string ("hash")
7160 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 21, 1)) << 8) | (ord (substr ($final, 42, 1))), 4);
7161 $hash .= to64 ((ord (substr ($final, 22, 1)) << 16) | (ord (substr ($final, 43, 1)) << 8) | (ord (substr ($final, 1, 1))), 4);
7162 $hash .= to64 ((ord (substr ($final, 44, 1)) << 16) | (ord (substr ($final, 2, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
7163 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 24, 1)) << 8) | (ord (substr ($final, 45, 1))), 4);
7164 $hash .= to64 ((ord (substr ($final, 25, 1)) << 16) | (ord (substr ($final, 46, 1)) << 8) | (ord (substr ($final, 4, 1))), 4);
7165 $hash .= to64 ((ord (substr ($final, 47, 1)) << 16) | (ord (substr ($final, 5, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
7166 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 27, 1)) << 8) | (ord (substr ($final, 48, 1))), 4);
7167 $hash .= to64 ((ord (substr ($final, 28, 1)) << 16) | (ord (substr ($final, 49, 1)) << 8) | (ord (substr ($final, 7, 1))), 4);
7168 $hash .= to64 ((ord (substr ($final, 50, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
7169 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 30, 1)) << 8) | (ord (substr ($final, 51, 1))), 4);
7170 $hash .= to64 ((ord (substr ($final, 31, 1)) << 16) | (ord (substr ($final, 52, 1)) << 8) | (ord (substr ($final, 10, 1))), 4);
7171 $hash .= to64 ((ord (substr ($final, 53, 1)) << 16) | (ord (substr ($final, 11, 1)) << 8) | (ord (substr ($final, 32, 1))), 4);
7172 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 33, 1)) << 8) | (ord (substr ($final, 54, 1))), 4);
7173 $hash .= to64 ((ord (substr ($final, 34, 1)) << 16) | (ord (substr ($final, 55, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7174 $hash .= to64 ((ord (substr ($final, 56, 1)) << 16) | (ord (substr ($final, 14, 1)) << 8) | (ord (substr ($final, 35, 1))), 4);
7175 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 36, 1)) << 8) | (ord (substr ($final, 57, 1))), 4);
7176 $hash .= to64 ((ord (substr ($final, 37, 1)) << 16) | (ord (substr ($final, 58, 1)) << 8) | (ord (substr ($final, 16, 1))), 4);
7177 $hash .= to64 ((ord (substr ($final, 59, 1)) << 16) | (ord (substr ($final, 17, 1)) << 8) | (ord (substr ($final, 38, 1))), 4);
7178 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 39, 1)) << 8) | (ord (substr ($final, 60, 1))), 4);
7179 $hash .= to64 ((ord (substr ($final, 40, 1)) << 16) | (ord (substr ($final, 61, 1)) << 8) | (ord (substr ($final, 19, 1))), 4);
7180 $hash .= to64 ((ord (substr ($final, 62, 1)) << 16) | (ord (substr ($final, 20, 1)) << 8) | (ord (substr ($final, 41, 1))), 4);
7181 $hash .= to64 (ord (substr ($final, 63, 1)), 2);
7185 if ($iter == 5000) # default
7187 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
7191 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7203 my $hash = ""; # hash to be returned by this function
7205 my $final = sha256 ($pass . $salt . $pass);
7207 $salt = substr ($salt, 0, 16);
7209 my $tmp = $pass . $salt;
7211 my $pass_len = length ($pass);
7212 my $salt_len = length ($salt);
7216 for ($i = $pass_len; $i > 0; $i -= 16)
7225 $tmp .= substr ($final, 0, $len);
7244 $final = sha256 ($tmp);
7250 for ($i = 0; $i < $pass_len; $i++)
7255 $p_bytes = sha256 ($p_bytes);
7256 $p_bytes = substr ($p_bytes, 0, $pass_len);
7260 my $final_first_byte = ord (substr ($final, 0, 1));
7264 for ($i = 0; $i < (16 + $final_first_byte); $i++)
7269 $s_bytes = sha256 ($s_bytes);
7270 $s_bytes = substr ($s_bytes, 0, $salt_len);
7272 for ($i = 0; $i < $iter; $i++)
7304 $final = sha256 ($tmp);
7308 # now format the output string ("hash")
7312 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 20, 1))), 4);
7313 $hash .= to64 ((ord (substr ($final, 21, 1)) << 16) | (ord (substr ($final, 1, 1)) << 8) | (ord (substr ($final, 11, 1))), 4);
7314 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 22, 1)) << 8) | (ord (substr ($final, 2, 1))), 4);
7315 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 13, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
7316 $hash .= to64 ((ord (substr ($final, 24, 1)) << 16) | (ord (substr ($final, 4, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
7317 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 25, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
7318 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 16, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
7319 $hash .= to64 ((ord (substr ($final, 27, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 17, 1))), 4);
7320 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 28, 1)) << 8) | (ord (substr ($final, 8, 1))), 4);
7321 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 19, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
7322 $hash .= to64 ((ord (substr ($final, 31, 1)) << 8) | (ord (substr ($final, 30, 1))), 3);
7326 if ($iter == 5000) # default
7328 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
7332 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7338 sub aix_ssha256_pbkdf2
7340 my $word_buf = shift;
7341 my $salt_buf = shift;
7342 my $iterations = shift;
7344 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256);
7346 my $pbkdf2 = Crypt::PBKDF2->new (
7348 iterations => $iterations,
7352 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7356 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7357 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7358 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7359 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7360 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7361 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7362 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
7363 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
7364 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
7365 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
7366 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) , 3);
7371 sub aix_ssha512_pbkdf2
7373 my $word_buf = shift;
7374 my $salt_buf = shift;
7375 my $iterations = shift;
7377 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
7379 my $pbkdf2 = Crypt::PBKDF2->new (
7381 iterations => $iterations,
7384 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7388 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7389 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7390 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7391 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7392 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7393 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7394 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
7395 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
7396 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
7397 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
7398 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) | (int (ord (substr ($hash_buf, 32, 1)))), 4);
7399 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 33, 1))) << 16) | (int (ord (substr ($hash_buf, 34, 1))) << 8) | (int (ord (substr ($hash_buf, 35, 1)))), 4);
7400 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 36, 1))) << 16) | (int (ord (substr ($hash_buf, 37, 1))) << 8) | (int (ord (substr ($hash_buf, 38, 1)))), 4);
7401 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 39, 1))) << 16) | (int (ord (substr ($hash_buf, 40, 1))) << 8) | (int (ord (substr ($hash_buf, 41, 1)))), 4);
7402 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 42, 1))) << 16) | (int (ord (substr ($hash_buf, 43, 1))) << 8) | (int (ord (substr ($hash_buf, 44, 1)))), 4);
7403 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 45, 1))) << 16) | (int (ord (substr ($hash_buf, 46, 1))) << 8) | (int (ord (substr ($hash_buf, 47, 1)))), 4);
7404 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 48, 1))) << 16) | (int (ord (substr ($hash_buf, 49, 1))) << 8) | (int (ord (substr ($hash_buf, 50, 1)))), 4);
7405 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 51, 1))) << 16) | (int (ord (substr ($hash_buf, 52, 1))) << 8) | (int (ord (substr ($hash_buf, 53, 1)))), 4);
7406 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 54, 1))) << 16) | (int (ord (substr ($hash_buf, 55, 1))) << 8) | (int (ord (substr ($hash_buf, 56, 1)))), 4);
7407 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 57, 1))) << 16) | (int (ord (substr ($hash_buf, 58, 1))) << 8) | (int (ord (substr ($hash_buf, 59, 1)))), 4);
7408 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 60, 1))) << 16) | (int (ord (substr ($hash_buf, 61, 1))) << 8) | (int (ord (substr ($hash_buf, 62, 1)))), 4);
7409 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 63, 1))) << 16) , 2);
7414 sub aix_ssha1_pbkdf2
7416 my $word_buf = shift;
7417 my $salt_buf = shift;
7418 my $iterations = shift;
7420 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
7422 my $pbkdf2 = Crypt::PBKDF2->new (
7424 iterations => $iterations,
7427 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7431 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7432 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7433 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7434 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7435 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7436 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7437 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) , 3);
7446 my @data = split "", $data_s;
7449 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7450 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7451 "\x3f\x40\x41\x50\x43\x44\x45\x4b\x47\x48\x4d\x4e\x54\x51\x53\x46" .
7452 "\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x56\x55\x5c\x49\x5d\x4a" .
7453 "\x42\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
7454 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x58\x5b\x59\xff\x52" .
7455 "\x4c\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
7456 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x57\x5e\x5a\x4f\xff" .
7457 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7458 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7459 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7460 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7461 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7462 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7463 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7464 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
7466 my @transTable = unpack ("C256", $transTable_s);
7470 for (my $i = 0; $i < scalar @data; $i++)
7472 $out[$i] = $transTable[int (ord ($data[$i]))];
7475 return pack ("C*", @out);
7480 my $digest_s = shift;
7485 my @w = unpack "C*", $w_s;
7486 my @s = unpack "C*", $s_s;
7489 "\x14\x77\xf3\xd4\xbb\x71\x23\xd0\x03\xff\x47\x93\x55\xaa\x66\x91" .
7490 "\xf2\x88\x6b\x99\xbf\xcb\x32\x1a\x19\xd9\xa7\x82\x22\x49\xa2\x51" .
7491 "\xe2\xb7\x33\x71\x8b\x9f\x5d\x01\x44\x70\xae\x11\xef\x28\xf0\x0d";
7493 my @bcodeTable = unpack ("C48", $bcodeTable_s);
7495 my @abcd = unpack ("C16", $digest_s);
7497 my $sum20 = ($abcd[0] & 3)
7507 for (my $i2 = 0; $i2 < $sum20; $i2++)
7512 for (my $i1 = 0, my $i2 = 0, my $i3 = 0; $i2 < $sum20; $i2++, $i2++)
7514 if ($i1 < length $w_s)
7516 if ($abcd[15 - $i1] & 1)
7518 $out[$i2] = $bcodeTable[48 - 1 - $i1];
7523 $out[$i2] = $w[$i1];
7529 if ($i3 < length $s_s)
7531 $out[$i2] = $s[$i3];
7537 $out[$i2] = $bcodeTable[$i2 - $i1 - $i3];
7540 return substr (pack ("C*", @out), 0, $sum20);
7545 my @key_56 = split (//, shift);
7551 $key .= chr(((ord($key_56[0]) << 7) | (ord($key_56[1]) >> 1)) & 255);
7552 $key .= chr(((ord($key_56[1]) << 6) | (ord($key_56[2]) >> 2)) & 255);
7553 $key .= chr(((ord($key_56[2]) << 5) | (ord($key_56[3]) >> 3)) & 255);
7554 $key .= chr(((ord($key_56[3]) << 4) | (ord($key_56[4]) >> 4)) & 255);
7555 $key .= chr(((ord($key_56[4]) << 3) | (ord($key_56[5]) >> 5)) & 255);
7556 $key .= chr(((ord($key_56[5]) << 2) | (ord($key_56[6]) >> 6)) & 255);
7557 $key .= chr(( ord($key_56[6]) << 1) & 255);
7568 for (my $i = 0; $i < $len; $i++)
7570 my $c = get_random_chr (0, 255);
7575 return join ("", @arr);
7578 sub get_random_netntlmv1_salt
7580 my $len_user = shift;
7581 my $len_domain = shift;
7587 for (my $i = 0; $i < $len_user; $i++)
7589 $type = get_random_num (1, 3);
7593 $char = get_random_chr (0x30, 0x39);
7597 $char = get_random_chr (0x41, 0x5A);
7601 $char = get_random_chr (0x61, 0x7A);
7609 for (my $i = 0; $i < $len_domain; $i++)
7611 $type = get_random_num (1, 3);
7615 $char = get_random_chr (0x30, 0x39);
7619 $char = get_random_chr (0x41, 0x5A);
7623 $char = get_random_chr (0x61, 0x7A);
7629 my $c_challenge = randbytes (8);
7630 my $s_challenge = randbytes (8);
7632 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $c_challenge) . unpack ("H*", $s_challenge);
7637 sub get_random_netntlmv2_salt
7639 my $len_user = shift;
7640 my $len_domain = shift;
7646 if ($len_user + $len_domain > 27)
7648 if ($len_user > $len_domain)
7650 $len_user = 27 - $len_domain;
7654 $len_domain = 27 - $len_user;
7658 for (my $i = 0; $i < $len_user; $i++)
7660 $type = get_random_num (1, 3);
7664 $char = get_random_chr (0x30, 0x39);
7668 $char = get_random_chr (0x41, 0x5A);
7672 $char = get_random_chr (0x61, 0x7A);
7680 for (my $i = 0; $i < $len_domain; $i++)
7682 $type = get_random_num (1, 3);
7686 $char = get_random_chr (0x30, 0x39);
7690 $char = get_random_chr (0x41, 0x5A);
7694 $char = get_random_chr (0x61, 0x7A);
7700 my $c_challenge = randbytes (8);
7701 my $s_challenge = randbytes (8);
7703 my $temp = "\x01\x01" .
7708 randbytes (20 * rand () + 1) .
7711 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $s_challenge) . unpack ("H*", $temp);
7716 sub get_random_ike_salt
7720 for (my $i = 0; $i < 40; $i++)
7722 $nr_buf .= get_random_chr (0, 0xff);
7727 for (my $i = 0; $i < 440; $i++)
7729 $msg_buf .= get_random_chr (0, 0xff);
7732 my $nr_buf_hex = unpack ("H*", $nr_buf);
7733 my $msg_buf_hex = unpack ("H*", $msg_buf);
7735 my $salt_buf = sprintf ("%s:%s:%s:%s:%s:%s:%s:%s", substr ($msg_buf_hex, 0, 256), substr ($msg_buf_hex, 256, 256), substr ($msg_buf_hex, 512, 16), substr ($msg_buf_hex, 528, 16), substr ($msg_buf_hex, 544, 320), substr ($msg_buf_hex, 864, 16), substr ($nr_buf_hex, 0, 40), substr ($nr_buf_hex, 40, 40));
7740 sub get_random_agilekeychain_salt
7744 for (my $i = 0; $i < 8; $i++)
7746 $salt_buf .= get_random_chr (0x0, 0xff);
7751 for (my $i = 0; $i < 16; $i++)
7753 $iv .= get_random_chr (0x0, 0xff);
7756 my $prefix = "\x00" x 1008;
7758 my $ret = unpack ("H*", $salt_buf . $prefix . $iv);
7763 sub get_random_cloudkeychain_salt
7767 for (my $i = 0; $i < 16; $i++)
7769 $salt_buf .= get_random_chr (0x0, 0xff);
7772 for (my $i = 0; $i < 304; $i++)
7774 $salt_buf .= get_random_chr (0x0, 0xff);
7777 my $ret = unpack ("H*", $salt_buf);
7782 sub get_random_kerberos5_salt
7784 my $custom_salt = shift;
7786 my $clear_data = randbytes (14) .
7787 strftime ("%Y%m%d%H%M%S", localtime) .
7791 my $realm = "realm";
7794 my $salt_buf = $user . "\$" . $realm . "\$" . $salt . "\$" . unpack ("H*", $custom_salt) . "\$" . unpack ("H*", $clear_data) . "\$";
7799 sub get_random_md5chap_salt
7801 my $salt_buf = shift;
7803 my $salt = unpack ("H*", $salt_buf);
7807 $salt .= unpack ("H*", randbytes (1));
7812 sub get_random_dnssec_salt
7818 for (my $i = 0; $i < 8; $i++)
7820 $salt_buf .= get_random_chr (0x61, 0x7a);
7823 $salt_buf .= ".net";
7827 for (my $i = 0; $i < 8; $i++)
7829 $salt_buf .= get_random_chr (0x30, 0x39);
7842 my $byte_off = int ($bit / 8);
7843 my $bit_off = int ($bit % 8);
7845 my $char = substr ($digest, $byte_off, 1);
7846 my $num = ord ($char);
7848 return (($num & (1 << $bit_off)) ? 1 : 0);
7857 my $constant_phrase =
7858 "To be, or not to be,--that is the question:--\n" .
7859 "Whether 'tis nobler in the mind to suffer\n" .
7860 "The slings and arrows of outrageous fortune\n" .
7861 "Or to take arms against a sea of troubles,\n" .
7862 "And by opposing end them?--To die,--to sleep,--\n" .
7863 "No more; and by a sleep to say we end\n" .
7864 "The heartache, and the thousand natural shocks\n" .
7865 "That flesh is heir to,--'tis a consummation\n" .
7866 "Devoutly to be wish'd. To die,--to sleep;--\n" .
7867 "To sleep! perchance to dream:--ay, there's the rub;\n" .
7868 "For in that sleep of death what dreams may come,\n" .
7869 "When we have shuffled off this mortal coil,\n" .
7870 "Must give us pause: there's the respect\n" .
7871 "That makes calamity of so long life;\n" .
7872 "For who would bear the whips and scorns of time,\n" .
7873 "The oppressor's wrong, the proud man's contumely,\n" .
7874 "The pangs of despis'd love, the law's delay,\n" .
7875 "The insolence of office, and the spurns\n" .
7876 "That patient merit of the unworthy takes,\n" .
7877 "When he himself might his quietus make\n" .
7878 "With a bare bodkin? who would these fardels bear,\n" .
7879 "To grunt and sweat under a weary life,\n" .
7880 "But that the dread of something after death,--\n" .
7881 "The undiscover'd country, from whose bourn\n" .
7882 "No traveller returns,--puzzles the will,\n" .
7883 "And makes us rather bear those ills we have\n" .
7884 "Than fly to others that we know not of?\n" .
7885 "Thus conscience does make cowards of us all;\n" .
7886 "And thus the native hue of resolution\n" .
7887 "Is sicklied o'er with the pale cast of thought;\n" .
7888 "And enterprises of great pith and moment,\n" .
7889 "With this regard, their currents turn awry,\n" .
7890 "And lose the name of action.--Soft you now!\n" .
7891 "The fair Ophelia!--Nymph, in thy orisons\n" .
7892 "Be all my sins remember'd.\n\x00";
7894 my $constant_len = length ($constant_phrase);
7896 my $hash_buf = md5 ($pw . $salt);
7902 for (my $round = 0; $round < $iter; $round++)
7904 my $shift_a = md5bit ($hash_buf, $round + 0);
7905 my $shift_b = md5bit ($hash_buf, $round + 64);
7910 for (my $k = 0; $k < 16; $k++)
7912 my $s7shift = ord (substr ($hash_buf, $k, 1)) % 8;
7914 my $l = ($k + 3) % 16;
7916 my $num = ord (substr ($hash_buf, $l, 1));
7918 $shift_4[$k] = $num % 5;
7920 $shift_7[$k] = ($num >> $s7shift) & 1;
7925 for (my $k = 0; $k < 16; $k++)
7927 $indirect_4[$k] = (ord (substr ($hash_buf, $k, 1)) >> $shift_4[$k]) & 0xf;
7932 for (my $k = 0; $k < 16; $k++)
7934 $indirect_7[$k] = (ord (substr ($hash_buf, $indirect_4[$k], 1)) >> $shift_7[$k]) & 0x7f;
7940 for (my $k = 0; $k < 8; $k++)
7942 $indirect_a |= md5bit ($hash_buf, $indirect_7[$k + 0]) << $k;
7944 $indirect_b |= md5bit ($hash_buf, $indirect_7[$k + 8]) << $k;
7947 $indirect_a = ($indirect_a >> $shift_a) & 0x7f;
7948 $indirect_b = ($indirect_b >> $shift_b) & 0x7f;
7950 my $bit_a = md5bit ($hash_buf, $indirect_a);
7951 my $bit_b = md5bit ($hash_buf, $indirect_b);
7961 if ($bit_a ^ $bit_b)
7963 substr ($W, 16, 48) = substr ($constant_phrase, 0, 48);
7967 $to_hash .= substr ($W, 0, 64);
7971 for ($constant_off = 48; $constant_off < $constant_len - 64; $constant_off += 64)
7973 substr ($W, 0, 64) = substr ($constant_phrase, $constant_off, 64);
7977 $to_hash .= substr ($W, 0, 64);
7980 $pos = $constant_len - $constant_off;
7984 substr ($W, 0, $pos) = substr ($constant_phrase, $constant_off, $pos);
7999 my $round_div = int ($tmp / 10);
8000 my $round_mod = int ($tmp % 10);
8004 $a_buf[int ($a_len / 4)] = (($round_mod + 0x30) | ($a_buf[int ($a_len / 4)] << 8));
8014 for ($g = 0; $g < $a_len; $g++)
8016 my $remainder = $a_buf[$g];
8022 while ($remainder > 0)
8024 $sub = $remainder >> (8 * $factor);
8026 if ($started != 1 || $sub > 0)
8030 $tmp_str = chr ($sub) . $tmp_str;
8032 $remainder -= ($sub << (8 * $factor));
8040 substr ($W, $pos, $a_len) = $tmp_str;
8046 $to_hash .= substr ($W, 0, $pos);
8048 $to_hash = substr ($to_hash, 0, $total);
8050 $hash_buf = md5 ($to_hash);
8055 $passwd .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 6, 1))) << 8) | (int (ord (substr ($hash_buf, 12, 1)))), 4);
8056 $passwd .= to64 ((int (ord (substr ($hash_buf, 1, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 13, 1)))), 4);
8057 $passwd .= to64 ((int (ord (substr ($hash_buf, 2, 1))) << 16) | (int (ord (substr ($hash_buf, 8, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8058 $passwd .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 9, 1))) << 8) | (int (ord (substr ($hash_buf, 15, 1)))), 4);
8059 $passwd .= to64 ((int (ord (substr ($hash_buf, 4, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8060 $passwd .= to64 ((int (ord (substr ($hash_buf, 11, 1)))), 2);
8067 die ("usage: $0 single|passthrough| [mode] [len]\n" .
8069 " $0 verify [mode] [hashfile] [cracks] [outfile]\n");
8074 my $block_ref = shift;
8078 my $value = 16 - $offset;
8080 for (my $i = $offset; $i < 16; $i++)
8082 push @{$block_ref}, $value;
8092 for (my $i = 0; $i < 18; $i++)
8094 for (my $j = 0; $j < 48; $j++)
8096 $p = ($p + 48 - $j) & 0xff;
8098 my $c = $lotus_magic_table[$p];
8100 $p = $in_ref->[$j] ^ $c;
8107 sub lotus_transform_password
8110 my $out_ref = shift;
8112 my $t = $out_ref->[15];
8114 for (my $i = 0; $i < 16; $i++)
8116 $t ^= $in_ref->[$i];
8118 my $c = $lotus_magic_table[$t];
8120 $out_ref->[$i] ^= $c;
8122 $t = $out_ref->[$i];
8126 sub mdtransform_norecalc
8128 my $state_ref = shift;
8129 my $block_ref = shift;
8133 push (@x, @{$state_ref});
8134 push (@x, @{$block_ref});
8136 for (my $i = 0; $i < 16; $i++)
8138 push (@x, $x[0 + $i] ^ $x[16 + $i]);
8143 for (my $i = 0; $i < 16; $i++)
8145 $state_ref->[$i] = $x[$i];
8151 my $state_ref = shift;
8152 my $checksum_ref = shift;
8153 my $block_ref = shift;
8155 mdtransform_norecalc ($state_ref, $block_ref);
8157 lotus_transform_password ($block_ref, $checksum_ref);
8162 my $saved_key_ref = shift;
8166 @{$saved_key_ref} = splice (@{$saved_key_ref}, 0, $size);
8168 my @state = (0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
8174 for ($curpos = 0; $curpos + 16 < $size; $curpos += 16)
8176 my $curpos16 = $curpos + 16;
8178 my @block = splice (@{$saved_key_ref}, 0, 16);
8180 mdtransform (\@state, \@checksum, \@block);
8183 my $left = $size - $curpos;
8185 my @block = splice (@{$saved_key_ref}, 0, 16);
8187 pad16 (\@block, $left);
8189 mdtransform (\@state, \@checksum, \@block);
8191 mdtransform_norecalc (\@state, \@checksum);
8196 sub pdf_compute_encryption_key
8198 my $word_buf = shift;
8199 my $padding = shift;
8214 $data .= substr ($padding, 0, 32 - length $word_buf);
8216 $data .= pack ("H*", $o);
8218 $data .= pack ("I", $P);
8220 $data .= pack ("H*", $id);
8226 $data .= pack ("I", -1);
8230 my $res = md5 ($data);
8234 for (my $i = 0; $i < 50; $i++)
8243 sub gen_random_wpa_eapol
8252 my $version = 1; # 802.1X-2001
8254 $ret .= pack ("C*", $version);
8256 my $type = 3; # means that this EAPOL frame is used to transfer key information
8258 $ret .= pack ("C*", $type);
8260 my $length; # length of remaining data
8271 $ret .= pack ("n*", $length);
8273 my $descriptor_type;
8277 $descriptor_type = 254; # EAPOL WPA key
8281 $descriptor_type = 1; # EAPOL RSN key
8284 $ret .= pack ("C*", $descriptor_type);
8286 # key_info is a bit vector:
8287 # generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3)
8291 $key_info |= 1 << 8; # set key MIC
8292 $key_info |= 1 << 3; # set if it is a pairwise key
8296 $key_info |= 1 << 0; # RC4 Cipher, HMAC-MD5 MIC
8300 $key_info |= 1 << 1; # AES Cipher, HMAC-SHA1 MIC
8303 $ret .= pack ("n*", $key_info);
8316 $ret .= pack ("n*", $key_length);
8318 my $replay_counter = 1;
8320 $ret .= pack ("Q>*", $replay_counter);
8324 my $key_iv = "\x00" x 16;
8328 my $key_rsc = "\x00" x 8;
8332 my $key_id = "\x00" x 8;
8336 my $key_mic = "\x00" x 16;
8344 $key_data_len = 24; # length of the key_data (== WPA info)
8348 $key_data_len = 22; # length of the key_data (== RSN info)
8351 $ret .= pack ("n*", $key_data_len);
8361 my $vendor_specific_data = "";
8363 my $tag_number = 221; # means it is a vendor specific tag
8365 $vendor_specific_data .= pack ("C*", $tag_number);
8367 my $tag_len = 22; # length of the remaining "tag data"
8369 $vendor_specific_data .= pack ("C*", $tag_len);
8371 my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft
8373 $vendor_specific_data .= $vendor_specific_oui;
8375 my $vendor_specific_oui_type = 1; # WPA Information Element
8377 $vendor_specific_data .= pack ("C*", $vendor_specific_oui_type);
8379 my $vendor_specific_wpa_version = 1;
8381 $vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version);
8385 my $vendor_specific_multicast_oui = pack ("H*", "0050f2");
8387 $vendor_specific_data .= $vendor_specific_multicast_oui;
8389 my $vendor_specific_multicast_type = 2; # TKIP
8391 $vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type);
8395 my $vendor_specific_unicast_count = 1;
8397 $vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count);
8399 my $vendor_specific_unicast_oui = pack ("H*", "0050f2");
8401 $vendor_specific_data .= $vendor_specific_multicast_oui;
8403 my $vendor_specific_unicast_type = 2; # TKIP
8405 $vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type);
8407 # Auth Key Management (AKM)
8409 my $auth_key_management_count = 1;
8411 $vendor_specific_data .= pack ("v*", $auth_key_management_count);
8413 my $auth_key_management_oui = pack ("H*", "0050f2");
8415 $vendor_specific_data .= $auth_key_management_oui;
8417 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
8419 $vendor_specific_data .= pack ("C*", $auth_key_management_type);
8421 $wpa_info = $vendor_specific_data;
8423 $key_data = $wpa_info;
8431 my $tag_number = 48; # RSN info
8433 $rsn_info .= pack ("C*", $tag_number);
8435 my $tag_len = 20; # length of the remaining "tag_data"
8437 $rsn_info .= pack ("C*", $tag_len);
8439 my $rsn_version = 1;
8441 $rsn_info .= pack ("v*", $rsn_version);
8443 # group cipher suite
8445 my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
8447 $rsn_info .= $group_cipher_suite_oui;
8449 my $group_cipher_suite_type = 4; # AES (CCM)
8451 $rsn_info .= pack ("C*", $group_cipher_suite_type);
8453 # pairwise cipher suite
8455 my $pairwise_cipher_suite_count = 1;
8457 $rsn_info .= pack ("v*", $pairwise_cipher_suite_count);
8459 my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
8461 $rsn_info .= $pairwise_cipher_suite_oui;
8463 my $pairwise_cipher_suite_type = 4; # AES (CCM)
8465 $rsn_info .= pack ("C*", $pairwise_cipher_suite_type);
8467 # Auth Key Management (AKM)
8469 my $auth_key_management_count = 1;
8471 $rsn_info .= pack ("v*", $auth_key_management_count);
8473 my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021
8475 $rsn_info .= $auth_key_management_oui;
8477 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
8479 $rsn_info .= pack ("C*", $auth_key_management_type);
8483 # bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required,
8484 # RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities
8486 my $rsn_capabilities = pack ("H*", "0000");
8488 $rsn_info .= $rsn_capabilities;
8490 $key_data = $rsn_info;
8506 my $data = "Pairwise key expansion";
8511 # Min(AA, SPA) || Max(AA, SPA)
8514 # compare if greater: Min()/Max() on the MACs (6 bytes)
8516 if (memcmp ($stmac, $bssid, 6) < 0)
8528 # Min(ANonce,SNonce) || Max(ANonce,SNonce)
8531 # compare if greater: Min()/Max() on the nonces (32 bytes)
8533 if (memcmp ($snonce, $anonce, 32) < 0)
8546 my $prf_buf = hmac ($data, $pmk, \&sha1);
8548 $prf_buf = substr ($prf_buf, 0, 16);
8559 my $len_str1 = length ($str1);
8560 my $len_str2 = length ($str2);
8562 if (($len > $len_str1) || ($len > $len_str2))
8564 print "ERROR: memcmp () lengths wrong";
8569 for (my $i = 0; $i < $len; $i++)
8571 my $c_1 = ord (substr ($str1, $i, 1));
8572 my $c_2 = ord (substr ($str2, $i, 1));
8574 return -1 if ($c_1 < $c_2);
8575 return 1 if ($c_1 > $c_2);