4 ## Author......: Jens Steube <jens.steube@gmail.com>
10 use Digest
::MD4 qw
(md4 md4_hex
);
11 use Digest
::MD5 qw
(md5 md5_hex
);
12 use Digest
::SHA qw
(sha1 sha256 sha384 sha512 sha1_hex sha256_hex sha384_hex sha512_hex
);
13 use Digest
::HMAC qw
(hmac hmac_hex
);
14 use Digest
::Keccak qw
(keccak_256_hex
);
15 use Crypt
::MySQL qw
(password41
);
16 use Digest
::GOST qw
(gost gost_hex
);
17 use Digest
::HMAC_MD5 qw
(hmac_md5
);
18 use Digest
::CRC qw
(crc32
);
21 use Crypt
::ECB qw
(encrypt PADDING_AUTO PADDING_NONE
);
23 use Crypt
::Eksblowfish
::Bcrypt qw
(bcrypt en_base64
);
24 use Crypt
::Digest
::RIPEMD160 qw
(ripemd160_hex
);
25 use Crypt
::Digest
::Whirlpool qw
(whirlpool_hex
);
27 use Crypt
::ScryptKDF qw
(scrypt_hash scrypt_b64
);
30 use Crypt
::UnixCrypt_XS qw
(crypt_rounds fold_password base64_to_int24 block_to_base64 int24_to_base64
);
32 use Authen
::Passphrase
::NTHash
;
33 use Authen
::Passphrase
::MySQL323
;
34 use Authen
::Passphrase
::PHPass
;
35 use Authen
::Passphrase
::LANManager
;
37 use POSIX qw
(strftime
);
39 use Net
::DNS
::RR
::NSEC3
;
40 use Convert
::EBCDIC qw
(ascii2ebcdic
);
41 use Digest
::SipHash qw
/siphash/;
43 my $hashcat = "./oclHashcat";
47 my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 130, 131, 132, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100);
49 my %is_unicode = map { $_ => 1 } qw(30 40 130 131 132 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800);
50 my %less_fifteen = map { $_ => 1 } qw(500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
51 my %allow_long_salt = map { $_ => 1 } qw(2500 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600);
53 my @lotus_magic_table =
55 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
56 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
57 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
58 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
59 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
60 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
61 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
62 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
63 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
64 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
65 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
66 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
67 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
68 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
69 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
70 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
71 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
72 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
73 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
74 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
75 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
76 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
77 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
78 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
79 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
80 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
81 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
82 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
83 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
84 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
85 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
86 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
91 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
92 0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
93 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
94 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a
97 my $CISCO_BASE64_MAPPING = {'A', '.', 'B', '/', 'C', '0', 'D', '1', 'E', '2', 'F', '3', 'G', '4', 'H', '5', 'I', '6', 'J', '7', 'K', '8', 'L', '9', 'M', 'A', 'N', 'B', 'O', 'C', 'P', 'D', 'Q', 'E', 'R', 'F', 'S', 'G', 'T', 'H', 'U', 'I', 'V', 'J', 'W', 'K', 'X', 'L', 'Y', 'M', 'Z', 'N', 'a', 'O', 'b', 'P', 'c', 'Q', 'd', 'R', 'e', 'S', 'f', 'T', 'g', 'U', 'h', 'V', 'i', 'W', 'j', 'X', 'k', 'Y', 'l', 'Z', 'm', 'a', 'n', 'b', 'o', 'c', 'p', 'd', 'q', 'e', 'r', 'f', 's', 'g', 't', 'h', 'u', 'i', 'v', 'j', 'w', 'k', 'x', 'l', 'y', 'm', 'z', 'n', '0', 'o', '1', 'p', '2', 'q', '3', 'r', '4', 's', '5', 't', '6', 'u', '7', 'v', '8', 'w', '9', 'x', '+', 'y', '/', 'z'};
110 if ($type ne "verify")
112 if (scalar @ARGV > 1)
117 elsif (scalar @ARGV == 1)
127 if ($type eq "single")
131 elsif ($type eq "passthrough")
142 if (scalar @ARGV != 4)
147 my $mode = shift @ARGV;
148 my $hash_file = shift @ARGV;
149 my $in_file = shift @ARGV;
150 my $out_file = shift @ARGV;
154 open (IN
, "<", $hash_file) or die ("$hash_file: $!\n");
156 # clever ? the resulting database could be huge
157 # but we need some way to map lines in hashfile w/ cracks
158 # maybe rli2 way would be more clever (needs sorted input)
160 while (my $line = <IN
>)
162 $line =~ s/[\n\r]*$//;
164 $db->{$line} = undef;
169 verify
($mode, $db, $in_file, $out_file);
177 my $out_file = shift;
196 open (IN
, "<", $in_file) or die ("$in_file: $!\n");
197 open (OUT
, ">", $out_file) or die ("$out_file: $!\n");
201 my $base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
202 my $itoa64_1 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
203 my $itoa64_2 = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
205 while (my $line = <IN
>)
212 # remember always do "exists ($db->{$hash_in})" checks as soon as possible and don't forget it
215 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3000 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5700 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 8600 || $mode == 9900 || $mode == 10800 || $mode == 11500)
217 my $index = index ($line, ":");
221 $hash_in = substr ($line, 0, $index);
223 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
225 $word = substr ($line, $index + 1);
228 elsif ($mode == 10 || $mode == 11 || $mode == 12 || $mode == 20 || $mode == 21 || $mode == 22 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 112 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1100 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 2611 || $mode == 2711 || $mode == 2811 || $mode == 3100 || $mode == 3610 || $mode == 3710 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 5800 || $mode == 7600 || $mode == 8400 || $mode == 11000 || $mode == 12600)
231 my $index1 = index ($line, ":");
235 $hash_in = substr ($line, 0, $index1);
237 # identify lenghts of both salt and plain
239 my $salt_plain = substr ($line, $index1 + 1);
241 my $num_cols = () = $salt_plain =~ /:/g;
250 foreach (my $i = 0; $i < $num_cols; $i++)
252 $index2 = index ($salt_plain, ":", $start);
256 $start = $index2 + 1;
258 $salt = substr ($salt_plain, 0, $index2);
259 $word = substr ($salt_plain, $index2 + 1);
261 # can't be true w/ wrong $hash:$salt, otherwise the
262 # algo must have many collisions
264 if (exists ($db->{$hash_in . ":" . $salt}))
266 $hash_in = $hash_in . ":" . $salt;
272 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
273 next unless (! defined ($db->{$hash_in}));
276 elsif ($mode == 2100)
279 my $index1 = index ($line, "\$DCC2\$");
281 next if $index1 != 0;
284 my $index2 = index ($line, "#", $index1 + 1);
288 $iter = substr ($line, $index1 + 6, $index2 - $index1 - 6);
291 $index1 = index ($line, "#");
295 $hash_in = substr ($line, 0, $index1 + 1);
297 # identify lenghts of both salt and plain
299 my $salt_plain = substr ($line, $index2 + 1);
301 my $num_cols = () = $salt_plain =~ /:/g;
311 foreach (my $i = 0; $i < $num_cols; $i++)
313 $index2 = index ($salt_plain, ":", $start);
317 $start = $index2 + 1;
319 $index3 = rindex ($salt_plain, "#", $index2);
321 $raw_hash = substr ($salt_plain, $index3 + 1, $index2 - $index3 - 1);
322 $salt = substr ($salt_plain, 0, $index3);
323 $word = substr ($salt_plain, $index2 + 1);
325 if (exists ($db->{$hash_in . $salt . "#" .$raw_hash}))
327 $hash_in = $hash_in . $salt . "#" . $raw_hash;
333 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
334 next unless (! defined ($db->{$hash_in}));
336 # salt:hash guaranteed only : because of hex salt
337 elsif ($mode == 7300)
339 # split hash and plain
340 my $index1 = index ($line, ":");
344 $salt = substr ($line, 0, $index1);
346 $salt = pack ("H*", $salt);
348 my $rest = substr ($line, $index1 + 1);
350 my $index2 = index ($rest, ":");
354 $hash_in = substr ($rest, 0, $index2);
356 $word = substr ($rest, $index2 + 1);
358 next unless (exists ($db->{$salt . ":" . $hash_in}) and (! defined ($db->{$hash_in})));
361 elsif ($mode == 8100)
363 # split hash and plain
364 $salt = substr ($line, 1, 8);
366 my $rest = substr ($line, 1 + 8);
368 my $index2 = index ($rest, ":");
372 $hash_in = substr ($rest, 0, $index2);
374 $word = substr ($rest, $index2 + 1);
376 next unless (exists ($db->{"1" . $salt . $hash_in}) and (! defined ($db->{$hash_in})));
378 # base64 and salt embedded SSHA1, salt length = total lenght - 20
381 # split hash and plain
382 my $index = index ($line, ":");
386 $hash_in = substr ($line, 0, $index);
387 $word = substr ($line, $index + 1);
389 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
392 my $plain_base64 = substr ($hash_in, 6);
394 # base64 decode to extract salt
395 my $decoded = decode_base64
($plain_base64);
397 $salt = substr ($decoded, 20);
399 # base64 and salt embedded SSHA512, salt length = total length - 64
400 elsif ($mode == 1711)
402 # split hash and plain
403 my $index = index ($line, ":");
407 $hash_in = substr ($line, 0, $index);
408 $word = substr ($line, $index + 1);
410 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
413 my $plain_base64 = substr ($hash_in, 9);
415 # base64 decode to extract salt
416 my $decoded = decode_base64
($plain_base64);
418 $salt = substr ($decoded, 64);
420 # OSX (first 8 hex chars is salt)
421 elsif ($mode == 122 || $mode == 1722)
423 my $index = index ($line, ":");
427 $hash_in = substr ($line, 0, $index);
428 $word = substr ($line, $index + 1);
430 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
432 $salt = substr ($hash_in, 0, 8);
434 # MSSQL (2000, 2005 AND 2012), salt after version number
435 elsif ($mode == 131 || $mode == 132 || $mode == 1731)
437 my $index = index ($line, ":");
441 $hash_in = substr ($line, 0, $index);
442 $word = substr ($line, $index + 1);
444 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
446 $salt = substr ($hash_in, 6, 8);
449 elsif ($mode == 8000)
451 my $index = index ($line, ":");
455 $hash_in = substr ($line, 0, $index);
456 $word = substr ($line, $index + 1);
458 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
460 $salt = substr ($hash_in, 6, 16);
463 elsif ($mode == 141 || $mode == 1441)
465 my $index1 = index ($line, ":");
469 $hash_in = substr ($line, 0, $index1);
470 $word = substr ($line, $index1 + 1);
472 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
474 my $index2 = index ($line, "*", 14);
476 #extract salt from base64
477 my $plain_base64 = substr ($hash_in, 14, $index2 - 14);
479 $salt = decode_base64
($plain_base64);
481 # phpass (first 8 after $P$/$H$ -- or $S$ with drupal7)
482 elsif ($mode == 400 || $mode == 7900)
484 my $index = index ($line, ":");
488 $hash_in = substr ($line, 0, $index);
489 $word = substr ($line, $index + 1);
491 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
493 $salt = substr ($hash_in, 4, 8);
495 # iterations = 2 ^ cost (where cost == $iter)
496 $iter = index ($itoa64_1, substr ($hash_in, 3, 1));
498 # $something$[rounds=iter$]salt$ (get last $, then check iter)
499 elsif ($mode == 500 || $mode == 1600 || $mode == 1800 || $mode == 3300 || $mode == 7400)
501 my $index1 = index ($line, ":", 30);
505 $hash_in = substr ($line, 0, $index1);
506 $word = substr ($line, $index1 + 1);
508 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
510 $index1 = index ($hash_in, ",", 1);
511 my $index2 = index ($hash_in, "\$", 1);
515 if ($index1 < $index2)
521 $param = substr ($hash_in, $index2, 1);
525 # rounds= if available
528 if (substr ($hash_in, $index2, 7) eq "rounds=")
530 my $old_index = $index2;
532 $index2 = index ($hash_in, "\$", $index2 + 1);
536 $iter = substr ($hash_in, $old_index + 7, $index2 - $old_index - 7);
542 my $index3 = rindex ($hash_in, "\$");
546 $salt = substr ($hash_in, $index2, $index3 - $index2);
548 # descrypt (salt in first 2 char)
549 elsif ($mode == 1500)
551 my $index = index ($line, ":");
555 $hash_in = substr ($line, 0, $index);
556 $word = substr ($line, $index + 1);
558 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
560 $salt = substr ($hash_in, 0, 2);
562 # bcrypt $something$something$salt.hash
563 elsif ($mode == 3200)
565 my $index1 = index ($line, ":", 33);
569 $hash_in = substr ($line, 0, $index1);
570 $word = substr ($line, $index1 + 1);
572 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
574 my $index2 = index ($hash_in, "\$", 4);
576 $iter = substr ($hash_in, 4, $index2 - 4);
578 my $plain_base64 = substr ($hash_in, $index2 + 1, 22);
583 for (my $i = 0; $i < length ($plain_base64); $i++)
585 my $char = substr ($plain_base64, $i, 1);
586 $encoded .= substr ($base64, index ($itoa64_2, $char), 1);
589 $salt = decode_base64
($encoded);
592 elsif ($mode == 4800)
594 my $index1 = index ($line, ":");
598 my $index2 = index ($line, ":", $index1 + 1);
602 my $index3 = index ($line, ":", $index2 + 1);
606 $salt = substr ($line, $index1 + 1, $index3 - $index1 - 1);
608 $word = substr ($line, $index3 + 1);
610 $hash_in = substr ($line, 0, $index3);
613 elsif ($mode == 5300 || $mode == 5400)
615 my $num_cols = () = $line =~ /:/g;
617 next unless ($num_cols >= 9);
622 for (my $j = 0; $j < 9; $j++)
624 $index1 = index ($line, ":", $index1 + 1);
635 $word = substr ($line, $index1 + 1);
637 $hash_in = substr ($line, 0, $index1);
639 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
641 my $index2 = rindex ($line, ":", $index1 - 1);
643 $salt = substr ($line, 0, $index2);
646 elsif ($mode == 5500)
648 my $index1 = index ($line, "::");
652 my $index2 = index ($line, ":", $index1 + 2);
656 $index2 = index ($line, ":", $index2 + 1);
660 $salt = substr ($line, 0, $index2);
662 $index2 = index ($line, ":", $index2 + 1);
666 $salt .= substr ($line, $index2 + 1, 16);
668 $index2 = index ($line, ":", $index2 + 1);
672 $hash_in = substr ($line, 0, $index2);
674 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
676 $word = substr ($line, $index2 + 1);
679 elsif ($mode == 5600)
681 my $index1 = index ($line, "::");
685 my $index2 = index ($line, ":", $index1 + 2);
689 $index2 = index ($line, ":", $index2 + 1);
693 $salt = substr ($line, 0, $index2);
695 $index1 = index ($line, ":", $index2 + 1);
699 $index2 = index ($line, ":", $index1 + 1);
703 $salt .= substr ($line, $index1 + 1, $index2 - $index1 - 1);
705 $hash_in = substr ($line, 0, $index2);
707 # do it later on for this hash mode:
708 # next unless ((exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))) or (exists ($db->{$mod}) and (! defined ($db->{$mod}))));
710 $word = substr ($line, $index2 + 1);
712 # AIX smd5 something BRACE salt$
713 elsif ($mode == 6300)
715 my $index1 = index ($line, ":");
719 $hash_in = substr ($line, 0, $index1);
720 $word = substr ($line, $index1 + 1);
722 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
724 my $index2 = index ($hash_in, "}");
725 my $index3 = rindex ($hash_in, "\$");
727 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
729 # AIX: something$salt$ (no $ at position 1)
730 elsif ($mode == 6400 || $mode == 6500 || $mode == 6700)
732 my $index1 = index ($line, ":");
736 $hash_in = substr ($line, 0, $index1);
737 $word = substr ($line, $index1 + 1);
739 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
741 my $index2 = index ($hash_in, "}");
742 my $index3 = index ($hash_in, "\$");
743 my $index4 = rindex ($hash_in, "\$");
745 $salt = substr ($hash_in, $index3 + 1, $index4 - $index3 - 1);
747 $iter = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
749 # 1Password, agilekeychain
750 elsif ($mode == 6600)
752 my $num_cols = () = $line =~ /:/g;
754 next unless ($num_cols > 2);
756 my $index1 = index ($line, ":");
760 $iter = substr ($line, 0, $index1);
762 my $index2 = index ($line, ":", $index1 + 1);
766 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
768 $index1 = index ($line, ":", $index2 + 1);
772 $salt .= substr ($line, $index2 + 1, $index1 - $index2 - 33);
774 $hash_in = substr ($line, 0, $index1);
776 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
778 $word = substr ($line, $index1 + 1);
780 # 1Password, cloudkeychain
781 elsif ($mode == 8200)
783 my @datas = split (":", $line);
785 next if scalar @datas < 4;
787 my $hash = shift @datas;
788 $salt = shift @datas;
789 $iter = shift @datas;
790 my $data = shift @datas;
792 $hash_in = $hash . ":" . $salt . ":" . $iter . ":" . $data;
796 $word = join (":", @datas);
798 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
800 # lastpass (hash:iter:salt)
801 elsif ($mode == 6800)
803 my $index1 = index ($line, ":", 34);
807 $hash_in = substr ($line, 0, $index1);
809 # identify lenghts of both salt and plain
811 my $salt_plain = substr ($line, $index1 + 1);
813 my $num_cols = () = $salt_plain =~ /:/g;
822 foreach (my $i = 0; $i < $num_cols; $i++)
824 $index2 = index ($salt_plain, ":", $start);
828 $start = $index2 + 1;
830 $salt = substr ($salt_plain, 0, $index2);
831 $word = substr ($salt_plain, $index2 + 1);
833 # can't be true w/ wrong $hash:$salt, otherwise the
834 # algo must have many collisions
836 if (exists ($db->{$hash_in . ":" . $salt}))
838 $hash_in = $hash_in . ":" . $salt;
844 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
845 next unless (! defined ($db->{$hash_in}));
847 $index1 = index ($hash_in, ":");
848 $index2 = index ($hash_in, ":", $index1 + 1);
850 $iter = substr ($hash_in, $index1 + 1, $index2 - $index1 - 1);
851 $salt = substr ($hash_in, $index2 + 1);
853 # OSX 10.* : $something$iter$salt$
854 elsif ($mode == 7100)
856 my $index1 = index ($line, ":");
860 $hash_in = substr ($line, 0, $index1);
861 $word = substr ($line, $index1 + 1);
863 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
865 my $index2 = index ($hash_in, "\$", 5);
869 my $index3 = index ($hash_in, "\$", $index2 + 1);
871 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
873 $iter = substr ($hash_in, 4, $index2 - 4);
875 next if (int ($iter) < 1);
877 # grub: something1.something2.something3.iter.salt.
878 elsif ($mode == 7200)
880 my $index1 = index ($line, ":");
884 $hash_in = substr ($line, 0, $index1);
885 $word = substr ($line, $index1 + 1);
887 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
889 my $index2 = index ($hash_in, ".", 19);
893 my $index3 = index ($hash_in, ".", $index2 + 1);
895 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
897 $iter = substr ($hash_in, 19, $index2 - 19);
899 next if (int ($iter) < 1);
901 # $something1$something2$something3$something4$salt$
902 elsif ($mode == 7500 )
904 my $index1 = index ($line, "\$", 11);
908 my $index2 = index ($line, "\$", $index1 + 1);
912 my $index3 = index ($line, "\$", $index2 + 1);
916 $index2 = index ($line, ":", $index3 + 1);
920 $hash_in = substr ($line, 0, $index2);
921 $word = substr ($line, $index2 + 1);
923 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
925 $salt = substr ($hash_in, 11, $index3 - 10);
926 $salt .= substr ($hash_in, $index2 - 32) . "\$\$";
927 $salt .= substr ($hash_in, $index3 + 1, $index2 - $index3 - 32 - 1);
930 elsif ($mode == 7700 || $mode == 7800)
932 my $index1 = index ($line, ":");
936 my @split1 = split (":", $line);
938 my @split2 = split ('\$', $split1[0]);
940 next unless scalar @split2 == 2;
942 $hash_in = $split1[0];
944 if (scalar @split1 > 1)
953 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
958 elsif ($mode == 8300)
960 my @datas = split (":", $line);
962 next if scalar @datas != 5;
967 ($hash, $domain, $salt, $iter, $word) = @datas;
969 $hash_in = $hash . ":" . $domain . ":" . $salt . ":" . $iter;
971 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
973 $salt = $domain . ":" . $salt;
976 elsif ($mode == 8500)
978 my @line_elements = split (":", $line);
980 next if scalar @line_elements < 2;
984 $hash_in = shift @line_elements;
986 $word = join (":", @line_elements);
990 my @hash_elements = split ('\*', $hash_in);
992 next unless ($hash_elements[0] eq '$racf$');
994 $salt = $hash_elements[1];
996 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
999 elsif ($mode == 8700)
1001 # split hash and plain
1002 my $index = index ($line, ":");
1006 $hash_in = substr ($line, 0, $index);
1007 $word = substr ($line, $index + 1);
1009 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1011 my $plain_base64 = substr ($hash_in, 2, -1);
1013 ($_, $salt, $param) = domino_decode
($plain_base64);
1016 elsif ($mode == 2612)
1018 next unless (substr ($line, 0, 6) eq '$PHPS$');
1021 my $index1 = index ($line, "\$", 6);
1023 next if $index1 < 1;
1025 $salt = substr ($line, 6, $index1 - 6);
1027 $salt = pack ("H*", $salt);
1029 my $index2 = index ($line, "\:", $index1 + 1);
1031 next if $index2 < 1;
1033 $word = substr ($line, $index2 + 1);
1035 $hash_in = substr ($line, 0, $index2);
1037 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1040 elsif ($mode == 3711)
1042 next unless (substr ($line, 0, 3) eq '$B$');
1045 my $index1 = index ($line, "\$", 3);
1047 next if $index1 < 1;
1049 $salt = substr ($line, 3, $index1 - 3);
1051 my $index2 = index ($line, ":", $index1 + 1);
1053 next if $index2 < 1;
1055 $word = substr ($line, $index2 + 1);
1057 $hash_in = substr ($line, 0, $index2);
1059 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1062 elsif ($mode == 8900)
1064 next unless (substr ($line, 0, 7) eq 'SCRYPT:');
1067 my $index1 = index ($line, ":", 7);
1069 next if $index1 < 1;
1072 my $N = substr ($line, 7, $index1 - 7);
1074 my $index2 = index ($line, ":", $index1 + 1);
1076 next if $index2 < 1;
1079 my $r = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1081 $index1 = index ($line, ":", $index2 + 1);
1083 next if $index1 < 1;
1086 my $p = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1092 $index2 = index ($line, ":", $index1 + 1);
1094 next if $index2 < 1;
1097 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1099 $salt = decode_base64
($salt);
1101 $index1 = index ($line, ":", $index2 + 1);
1103 next if $index1 < 1;
1107 $word = substr ($line, $index1 + 1);
1108 $hash_in = substr ($line, 0, $index1);
1110 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1113 elsif ($mode == 9100)
1115 # split hash and plain
1116 my $index = index ($line, ":");
1120 $hash_in = substr ($line, 0, $index);
1121 $word = substr ($line, $index + 1);
1123 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1125 my $base64_part = substr ($hash_in, 2, -1);
1127 ($_, $salt, $iter, $param) = domino_85x_decode
($base64_part);
1129 next if ($iter < 1);
1131 # Cisco $8$ - PBKDF2-HMAC-SHA256
1132 elsif ($mode == 9200)
1134 next unless (substr ($line, 0, 3) eq '$8$');
1137 my $index1 = index ($line, "\$", 3);
1139 next if $index1 != 17;
1141 my $index2 = index ($line, "\$", $index1 + 1);
1144 $salt = substr ($line, 3, $index1 - 3);
1146 $index1 = index ($line, ":", $index1 + 1);
1148 next if $index1 < 1;
1152 $word = substr ($line, $index1 + 1);
1153 $hash_in = substr ($line, 0, $index1);
1155 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1157 # Cisco $9$ - scrypt
1158 elsif ($mode == 9300)
1160 next unless (substr ($line, 0, 3) eq '$9$');
1163 my $index1 = index ($line, "\$", 3);
1165 next if $index1 != 17;
1167 my $index2 = index ($line, "\$", $index1 + 1);
1170 $salt = substr ($line, 3, $index1 - 3);
1172 $index1 = index ($line, ":", $index1 + 1);
1174 next if $index1 < 1;
1178 $word = substr ($line, $index1 + 1);
1179 $hash_in = substr ($line, 0, $index1);
1181 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1184 elsif ($mode == 9400)
1186 ($hash_in, $word) = split ":", $line;
1188 next unless defined $hash_in;
1189 next unless defined $word;
1191 my @data = split /\*/, $hash_in;
1193 next unless scalar @data == 8;
1195 next unless (shift @data eq '$office$');
1196 next unless (shift @data eq '2007');
1197 next unless (shift @data eq '20');
1199 my $aes_key_size = shift @data;
1201 next unless (($aes_key_size eq '128') || ($aes_key_size eq '256'));
1202 next unless (shift @data eq '16');
1204 next unless (length $data[0] == 32);
1205 next unless (length $data[1] == 32);
1206 next unless (length $data[2] == 40);
1208 $salt = shift @data;
1209 $param = shift @data;
1210 $param2 = $aes_key_size;
1212 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1215 elsif ($mode == 9500)
1217 ($hash_in, $word) = split ":", $line;
1219 next unless defined $hash_in;
1220 next unless defined $word;
1222 my @data = split /\*/, $hash_in;
1224 next unless scalar @data == 8;
1226 next unless (shift @data eq '$office$');
1227 next unless (shift @data eq '2010');
1228 next unless (shift @data eq '100000');
1229 next unless (shift @data eq '128');
1230 next unless (shift @data eq '16');
1232 next unless (length $data[0] == 32);
1233 next unless (length $data[1] == 32);
1234 next unless (length $data[2] == 64);
1236 $salt = shift @data;
1237 $param = shift @data;
1239 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1242 elsif ($mode == 9600)
1244 ($hash_in, $word) = split ":", $line;
1246 next unless defined $hash_in;
1247 next unless defined $word;
1249 my @data = split /\*/, $hash_in;
1251 next unless scalar @data == 8;
1253 next unless (shift @data eq '$office$');
1254 next unless (shift @data eq '2013');
1255 next unless (shift @data eq '100000');
1256 next unless (shift @data eq '256');
1257 next unless (shift @data eq '16');
1259 next unless (length $data[0] == 32);
1260 next unless (length $data[1] == 32);
1261 next unless (length $data[2] == 64);
1263 $salt = shift @data;
1264 $param = shift @data;
1266 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1269 elsif ($mode == 9700)
1271 ($hash_in, $word) = split ":", $line;
1273 next unless defined $hash_in;
1274 next unless defined $word;
1276 my @data = split /\*/, $hash_in;
1278 next unless scalar @data == 4;
1280 my $signature = shift @data;
1282 next unless (($signature eq '$oldoffice$0') || ($signature eq '$oldoffice$1'));
1284 next unless (length $data[0] == 32);
1285 next unless (length $data[1] == 32);
1286 next unless (length $data[2] == 32);
1288 $salt = shift @data;
1289 $param = shift @data;
1290 $param2 = substr ($signature, 11, 1);
1292 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1295 elsif ($mode == 9800)
1297 ($hash_in, $word) = split ":", $line;
1299 next unless defined $hash_in;
1300 next unless defined $word;
1302 my @data = split /\*/, $hash_in;
1304 next unless scalar @data == 4;
1306 my $signature = shift @data;
1308 next unless (($signature eq '$oldoffice$3') || ($signature eq '$oldoffice$4'));
1310 next unless (length $data[0] == 32);
1311 next unless (length $data[1] == 32);
1312 next unless (length $data[2] == 40);
1314 $salt = shift @data;
1315 $param = shift @data;
1316 $param2 = substr ($signature, 11, 1);
1318 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1320 # Django (PBKDF2-SHA256)
1321 elsif ($mode == 10000)
1323 next unless (substr ($line, 0, 14) eq 'pbkdf2_sha256$');
1326 my $index1 = index ($line, "\$", 14);
1328 next if $index1 < 1;
1330 my $index2 = index ($line, "\$", $index1 + 1);
1334 $iter = substr ($line, 14, $index1 - 14);
1338 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1342 $index1 = index ($line, ":", $index2 + 1);
1344 next if $index1 < 1;
1346 $word = substr ($line, $index1 + 1);
1347 $hash_in = substr ($line, 0, $index1);
1349 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1352 elsif ($mode == 10100)
1356 ($hash, undef, undef, $salt, $word) = split ":", $line;
1358 next unless defined $hash;
1359 next unless defined $salt;
1360 next unless defined $word;
1362 next unless (length $hash == 16);
1363 next unless (length $salt == 32);
1365 my $hash_in = sprintf ("%s:2:4:%s", $hash, $salt);
1367 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1370 elsif ($mode == 10200)
1372 next unless (substr ($line, 0, 10) eq '$cram_md5$');
1375 my $index1 = index ($line, "\$", 10);
1377 next if $index1 < 1;
1381 my $challengeb64 = substr ($line, 10, $index1 - 10);
1382 $salt = decode_base64
($challengeb64);
1386 my $index2 = index ($line, ":", $index1 + 1);
1388 next if $index2 < 1;
1390 my $responseb64 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1391 my $response = decode_base64
($responseb64);
1393 $param = substr ($response, 0, length ($response) - 32 - 1); # -1 is for space
1395 $word = substr ($line, $index2 + 1);
1396 $hash_in = substr ($line, 0, $index2);
1398 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1400 # SAP CODVN H (PWDSALTEDHASH) iSSHA-1
1401 elsif ($mode == 10300)
1403 next unless (substr ($line, 0, 10) eq '{x-issha, ');
1407 my $index1 = index ($line, "}", 10);
1409 next if $index1 < 1;
1411 $iter = substr ($line, 10, $index1 - 10);
1413 $iter = int ($iter);
1417 my $base64_encoded = substr ($line, $index1 + 1);
1418 my $base64_decoded = decode_base64
($base64_encoded);
1420 $salt = substr ($base64_decoded, 20);
1422 my $index2 = index ($line, ":", $index1 + 1);
1424 next if $index2 < 1;
1426 $word = substr ($line, $index2 + 1);
1427 $hash_in = substr ($line, 0, $index2);
1429 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1431 # PDF 1.1 - 1.3 (Acrobat 2 - 4)
1432 elsif ($mode == 10400)
1434 ($hash_in, $word) = split ":", $line;
1436 next unless defined $hash_in;
1437 next unless defined $word;
1439 my @data = split /\*/, $hash_in;
1441 next unless scalar @data == 11;
1443 next unless (shift @data eq '$pdf$1');
1444 next unless (shift @data eq '2');
1445 next unless (shift @data eq '40');
1446 my $P = shift @data;
1447 next unless (shift @data eq '0');
1448 next unless (shift @data eq '16');
1449 my $id = shift @data;
1450 next unless (shift @data eq '32');
1451 my $u = shift @data;
1452 next unless (shift @data eq '32');
1453 my $o = shift @data;
1460 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1462 # PDF 1.4 - 1.6 (Acrobat 5 - 8)
1463 elsif ($mode == 10500)
1465 ($hash_in, $word) = split ":", $line;
1467 next unless defined $hash_in;
1468 next unless defined $word;
1470 my @data = split /\*/, $hash_in;
1472 next unless scalar @data == 11;
1474 my $V = shift @data; $V = substr ($V, 5, 1);
1475 my $R = shift @data;
1476 next unless (shift @data eq '128');
1477 my $P = shift @data;
1478 my $enc = shift @data;
1479 next unless (shift @data eq '16');
1480 my $id = shift @data;
1481 next unless (shift @data eq '32');
1482 my $u = shift @data;
1483 next unless (shift @data eq '32');
1484 my $o = shift @data;
1494 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1496 # PDF 1.7 Level 3 (Acrobat 9)
1497 elsif ($mode == 10600)
1499 ($hash_in, $word) = split ":", $line;
1501 next unless defined $hash_in;
1502 next unless defined $word;
1504 my @data = split /\*/, $hash_in;
1506 next unless scalar @data >= 11;
1508 next unless (shift @data eq '$pdf$5');
1509 next unless (shift @data eq '5');
1510 next unless (shift @data eq '256');
1511 next unless (shift @data eq '-1028');
1512 next unless (shift @data eq '1');
1513 next unless (shift @data eq '16');
1514 my $id = shift @data;
1515 my $rest = join "*", @data;
1520 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1522 # PDF 1.7 Level 8 (Acrobat 10 - 11)
1523 elsif ($mode == 10700)
1525 ($hash_in, $word) = split ":", $line;
1527 next unless defined $hash_in;
1528 next unless defined $word;
1530 my @data = split /\*/, $hash_in;
1532 next unless scalar @data >= 11;
1534 next unless (shift @data eq '$pdf$5');
1535 next unless (shift @data eq '6');
1536 next unless (shift @data eq '256');
1537 next unless (shift @data eq '-1028');
1538 next unless (shift @data eq '1');
1539 next unless (shift @data eq '16');
1540 my $id = shift @data;
1541 my $rest = join "*", @data;
1546 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1548 # PBKDF2-HMAC-SHA256
1549 elsif ($mode == 10900)
1551 next unless (substr ($line, 0, 7) eq 'sha256:');
1554 my $index1 = index ($line, ":", 7);
1556 next if $index1 < 1;
1558 $iter = substr ($line, 7, $index1 - 7);
1562 my $index2 = index ($line, ":", $index1 + 1);
1564 next if $index2 < 1;
1566 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1568 $salt = decode_base64
($salt);
1572 $index1 = index ($line, ":", $index2 + 1);
1574 next if $index1 < 1;
1576 # additional param = output len of pbkdf2
1578 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1580 my $digest = decode_base64
($digest64_encoded);
1582 $param = length ($digest);
1586 $word = substr ($line, $index1 + 1);
1587 $hash_in = substr ($line, 0, $index1);
1589 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1591 # PostgreSQL MD5 Authentication
1592 elsif ($mode == 11100)
1594 next unless (substr ($line, 0, 10) eq '$postgres$');
1596 my $index1 = index ($line, "*", 10);
1598 next if $index1 < 1;
1602 $param = substr ($line, 10, $index1 - 10);
1604 # get the 4 byte salt
1606 my $index2 = index ($line, "*", $index1 + 1);
1608 next if $index2 < 1;
1610 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1614 $index1 = index ($line, ":", $index2 + 1);
1616 next if $index1 < 1;
1618 $word = substr ($line, $index1 + 1);
1619 $hash_in = substr ($line, 0, $index1);
1621 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1623 # MySQL MD5 Authentication
1624 elsif ($mode == 11200)
1626 next unless (substr ($line, 0, 9) eq '$mysqlna$');
1628 my $index1 = index ($line, "*", 9);
1630 next if $index1 < 1;
1634 $salt = substr ($line, 9, $index1 - 9);
1638 $index1 = index ($line, ":", $index1 + 1);
1640 next if $index1 < 1;
1642 $word = substr ($line, $index1 + 1);
1643 $hash_in = substr ($line, 0, $index1);
1645 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1648 elsif ($mode == 2500)
1650 print "ERROR: verify currently not supported for WPA/WPA2 (because of oclHashcat's output format)\n";
1654 # Bitcoin/Litecoin wallet.dat
1655 elsif ($mode == 11300)
1657 print "ERROR: verify currently not supported for Bitcoin/Litecoin wallet.dat because of unknown crypt data\n";
1661 # SIP digest authentication (MD5)
1662 elsif ($mode == 11400)
1664 next unless (substr ($line, 0, 6) eq '$sip$*');
1668 my $index1 = index ($line, "*", 6);
1670 next if $index1 < 0;
1672 $param10 = substr ($line, 6, $index1 - 6);
1674 next if (length ($param10) > 32);
1678 my $index2 = index ($line, "*", $index1 + 1);
1680 next if $index2 < 0;
1682 $param11 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1684 next if (length ($param11) > 32);
1688 $index1 = index ($line, "*", $index2 + 1);
1690 next if $index1 < 0;
1692 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1694 next if (length ($param) > 12);
1698 $index2 = index ($line, "*", $index1 + 1);
1700 next if $index2 < 0;
1702 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1704 next if (length ($param2) > 20);
1708 $index1 = index ($line, "*", $index2 + 1);
1710 next if $index1 < 0;
1712 $param6 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1714 next if (length ($param6) > 24);
1718 $index2 = index ($line, "*", $index1 + 1);
1720 next if $index2 < 0;
1722 $param7 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1724 next if (length ($param7) > 10);
1728 $index1 = index ($line, "*", $index2 + 1);
1730 next if $index1 < 0;
1732 $param8 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1734 next if (length ($param8) > 32);
1738 $index2 = index ($line, "*", $index1 + 1);
1740 next if $index2 < 0;
1742 $param9 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1744 next if (length ($param9) > 32);
1748 $index1 = index ($line, "*", $index2 + 1);
1750 next if $index1 < 0;
1752 $salt = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1754 next if (length ($salt) > 34);
1758 $index2 = index ($line, "*", $index1 + 1);
1760 next if $index2 < 0;
1762 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1764 next if (length ($param4) > 12);
1768 $index1 = index ($line, "*", $index2 + 1);
1770 next if $index1 < 0;
1772 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1774 next if (length ($param3) > 10);
1778 $index2 = index ($line, "*", $index1 + 1);
1780 next if $index2 < 0;
1782 $param5 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1784 next if (length ($param5) > 8);
1788 $index1 = index ($line, "*", $index2 + 1);
1790 next if $index1 < 0;
1792 my $directive = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1794 next unless ($directive eq "MD5");
1798 $index2 = index ($line, ":", $index1 + 1);
1800 next if $index2 < 0;
1802 my $hex_digest = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1804 next unless (length ($hex_digest) == 32);
1806 $word = substr ($line, $index2 + 1);
1807 $hash_in = substr ($line, 0, $index2);
1809 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1812 elsif ($mode == 11600)
1814 next unless (substr ($line, 0, 4) eq '$7z$');
1818 my $index1 = index ($line, '$', 4);
1820 next if $index1 < 0;
1822 my $p = substr ($line, 4, $index1 - 4);
1824 next unless ($p eq "0");
1828 my $index2 = index ($line, '$', $index1 + 1);
1830 next if $index2 < 0;
1832 $iter = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1834 # seven zip salt length
1836 $index1 = index ($line, '$', $index2 + 1);
1838 next if $index1 < 0;
1840 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1844 $index2 = index ($line, '$', $index1 + 1);
1846 next if $index2 < 0;
1848 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1852 $index1 = index ($line, '$', $index2 + 1);
1854 next if $index1 < 0;
1856 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1860 $index2 = index ($line, '$', $index1 + 1);
1862 next if $index2 < 0;
1864 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1866 $salt = pack ("H*", $salt);
1870 $index1 = index ($line, '$', $index2 + 1);
1872 next if $index1 < 0;
1874 my $crc = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1876 # ignore this crc, we don't need to pass it to gen_hash ()
1880 $index2 = index ($line, '$', $index1 + 1);
1882 next if $index2 < 0;
1884 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1888 $index1 = index ($line, '$', $index2 + 1);
1890 next if $index1 < 0;
1892 $param5 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1896 $index2 = index ($line, ':', $index1 + 1);
1898 next if $index2 < 0;
1900 $param6 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1901 $param6 = pack ("H*", $param6);
1903 $word = substr ($line, $index2 + 1);
1904 $hash_in = substr ($line, 0, $index2);
1906 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1909 elsif ($mode == 11900)
1911 next unless (substr ($line, 0, 4) eq 'md5:');
1914 my $index1 = index ($line, ":", 4);
1916 next if $index1 < 1;
1918 $iter = substr ($line, 4, $index1 - 4);
1922 my $index2 = index ($line, ":", $index1 + 1);
1924 next if $index2 < 1;
1926 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1928 $salt = decode_base64
($salt);
1932 $index1 = index ($line, ":", $index2 + 1);
1934 next if $index1 < 1;
1936 # additional param = output len of pbkdf2
1938 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1940 my $digest = decode_base64
($digest64_encoded);
1942 $param = length ($digest);
1946 $word = substr ($line, $index1 + 1);
1947 $hash_in = substr ($line, 0, $index1);
1949 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1952 elsif ($mode == 12000)
1954 next unless (substr ($line, 0, 5) eq 'sha1:');
1957 my $index1 = index ($line, ":", 5);
1959 next if $index1 < 1;
1961 $iter = substr ($line, 5, $index1 - 5);
1965 my $index2 = index ($line, ":", $index1 + 1);
1967 next if $index2 < 1;
1969 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1971 $salt = decode_base64
($salt);
1975 $index1 = index ($line, ":", $index2 + 1);
1977 next if $index1 < 1;
1979 # additional param = output len of pbkdf2
1981 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1983 my $digest = decode_base64
($digest64_encoded);
1985 $param = length ($digest);
1989 $word = substr ($line, $index1 + 1);
1990 $hash_in = substr ($line, 0, $index1);
1992 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1994 # PBKDF2-HMAC-SHA512
1995 elsif ($mode == 12100)
1997 next unless (substr ($line, 0, 7) eq 'sha512:');
2000 my $index1 = index ($line, ":", 7);
2002 next if $index1 < 1;
2004 $iter = substr ($line, 7, $index1 - 7);
2008 my $index2 = index ($line, ":", $index1 + 1);
2010 next if $index2 < 1;
2012 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2014 $salt = decode_base64
($salt);
2018 $index1 = index ($line, ":", $index2 + 1);
2020 next if $index1 < 1;
2022 # additional param = output len of pbkdf2
2024 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
2026 my $digest = decode_base64
($digest64_encoded);
2028 $param = length ($digest);
2032 $word = substr ($line, $index1 + 1);
2033 $hash_in = substr ($line, 0, $index1);
2035 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2038 elsif ($mode == 12200)
2040 next unless (substr ($line, 0, 12) eq '$ecryptfs$0$');
2042 # check if default salt
2046 $param = 0 if (substr ($line, 12, 2) eq '1$');
2054 if ($param == 0) # we need to extract the salt
2056 $index1 = index ($line, '$', $index1);
2058 next if $index1 < 1;
2060 my $index2 = index ($line, '$', $index1 + 1);
2062 next if $index2 < 1;
2064 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2069 $index1 = index ($line, ':', $index1 + 1);
2071 next if $index1 < 1;
2075 $word = substr ($line, $index1 + 1);
2076 $hash_in = substr ($line, 0, $index1);
2078 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2080 # Oracle T: Type (Oracle 12+)
2081 elsif ($mode == 12300)
2083 my $index1 = index ($line, ':');
2085 next if ($index1 != 160);
2089 $salt = substr ($line, 128, 32);
2093 $word = substr ($line, $index1 + 1);
2094 $hash_in = substr ($line, 0, $index1);
2096 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2098 # BSDiCrypt, Extended DES
2099 elsif ($mode == 12400)
2101 next unless (substr ($line, 0, 1) eq '_');
2103 my $index1 = index ($line, ':', 20);
2105 next if ($index1 != 20);
2109 $iter = substr ($line, 1, 4);
2111 $iter = base64_to_int24
($iter);
2115 $salt = substr ($line, 5, 4);
2119 $word = substr ($line, $index1 + 1);
2120 $hash_in = substr ($line, 0, $index1);
2122 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2124 # Blockchain, My Wallet
2125 elsif ($mode == 12700)
2127 my $index1 = index ($line, ':');
2129 next if ($index1 < 0);
2131 $hash_in = substr ($line, 0, $index1);
2132 $word = substr ($line, $index1 + 1);
2134 my (undef, $signature, $data_len, $data_buf) = split '\$', $hash_in;
2136 next unless ($signature eq "blockchain");
2138 next unless (($data_len * 2) == length $data_buf);
2140 $salt = substr ($data_buf, 0, 32);
2141 $param = substr ($data_buf, 32);
2143 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2145 elsif ($mode == 12800)
2147 ($hash_in, $word) = split ":", $line;
2149 next unless defined $hash_in;
2150 next unless defined $word;
2152 my @data = split /\,/, $hash_in;
2154 next unless scalar @data == 4;
2156 next unless (shift @data eq 'v1;PPH1_MD4');
2158 $salt = shift @data;
2159 $iter = shift @data;
2161 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2163 elsif ($mode == 12900)
2165 ($hash_in, $word) = split ":", $line;
2167 next unless defined $hash_in;
2168 next unless defined $word;
2170 next unless length $hash_in == 160;
2172 $param = substr ($hash_in, 0, 64);
2173 $salt = substr ($hash_in, 128, 32);
2176 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2178 elsif ($mode == 13000)
2182 ($hash_line, $word) = split ":", $line;
2184 next unless defined $hash_line;
2185 next unless defined $word;
2187 my @data = split ('\$', $hash_line);
2189 next unless scalar @data == 8;
2193 my $signature = shift @data;
2194 my $salt_len = shift @data;
2195 my $salt_buf = shift @data;
2196 my $iterations = shift @data;
2197 my $iv = shift @data;
2198 my $pswcheck_len = shift @data;
2199 my $pswcheck = shift @data;
2201 next unless ($signature eq "rar5");
2202 next unless ($salt_len == 16);
2203 next unless ($pswcheck_len == 8);
2206 $iter = $iterations;
2207 $hash_in = $pswcheck;
2210 next unless (exists ($db->{$hash_line}) and (! defined ($db->{$hash_line})));
2212 elsif ($mode == 13100 )
2214 ($hash_in, $word) = split ":", $line;
2216 next unless defined $hash_in;
2217 next unless defined $word;
2219 my @data = split ('\$', $hash_in);
2221 next unless scalar @data == 8;
2225 my $signature = shift @data;
2226 my $algorithm = shift @data;
2227 my $user = shift @data;
2228 $user = substr ($user, 1);
2229 my $realm = shift @data;
2230 my $spn = shift @data;
2231 $spn = substr ($spn, 0, length ($spn) - 1);
2232 my $checksum = shift @data;
2233 my $edata2 = shift @data;
2235 next unless ($signature eq "krb5tgs");
2236 next unless (length ($checksum) == 32);
2237 next unless (length ($edata2) >= 64);
2239 $salt = $user . '$' . $realm . '$' . $spn . '$' . substr ($edata2, 0, 16);
2241 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2245 print "ERROR: hash mode is not supported\n";
2250 if ($word =~ m/^\$HEX\[[0-9a-fA-F]*\]$/)
2252 $word = pack ("H*", substr ($word, 5, -1));
2255 # finally generate the hash
2260 # check both variations
2261 $hash_out = gen_hash
($mode, $word, $salt, $iter, 1);
2263 $len = length $hash_out; # == length $alternative
2265 if (substr ($line, 0, $len) ne $hash_out)
2267 my $alternative = gen_hash
($mode, $word, $salt, $iter, 2);
2269 return unless (substr ($line, 0, $len) eq $alternative);
2272 elsif ($mode == 8700)
2274 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2276 $len = length $hash_out;
2278 return unless (substr ($line, 0, $len) eq $hash_out);
2280 elsif ($mode == 8900)
2282 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2284 $len = length $hash_out;
2286 return unless (substr ($line, 0, $len) eq $hash_out);
2288 elsif ($mode == 9100)
2290 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2292 $len = length $hash_out;
2294 return unless (substr ($line, 0, $len) eq $hash_out);
2296 elsif ($mode == 190)
2298 $hash_out = gen_hash
($mode, $word, $salt, $iter, 0);
2300 $len = length $hash_out; # == length $alternative
2302 if (substr ($line, 0, $len) ne $hash_out)
2304 my $alternative = gen_hash
($mode, $word, $salt, $iter, 1);
2306 return unless (substr ($line, 0, $len) eq $alternative);
2309 elsif ($mode == 3300)
2311 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2313 $len = length $hash_out;
2315 return unless (substr ($line, 0, $len) eq $hash_out);
2317 elsif ($mode == 5100)
2319 # check 3 variants (start, middle, end)
2323 $hash_out = gen_hash
($mode, $word, $salt, $iter, $idx++);
2325 $len = length $hash_out; # == length $alternative
2327 if (substr ($line, 0, $len) ne $hash_out)
2329 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2331 if (substr ($line, 0, $len) ne $alternative)
2333 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2335 return unless (substr ($line, 0, $len) eq $alternative);
2339 elsif ($mode == 9400)
2341 $hash_out = gen_hash
($mode, $word, $salt, 50000, $param, $param2);
2343 $len = length $hash_out;
2345 return unless (substr ($line, 0, $len) eq $hash_out);
2347 elsif ($mode == 9500)
2349 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2351 $len = length $hash_out;
2353 return unless (substr ($line, 0, $len) eq $hash_out);
2355 elsif ($mode == 9600)
2357 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2359 $len = length $hash_out;
2361 return unless (substr ($line, 0, $len) eq $hash_out);
2363 elsif ($mode == 9700)
2365 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2367 $len = length $hash_out;
2369 return unless (substr ($line, 0, $len) eq $hash_out);
2371 elsif ($mode == 9800)
2373 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2375 $len = length $hash_out;
2377 return unless (substr ($line, 0, $len) eq $hash_out);
2379 elsif ($mode == 10400)
2381 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2383 $len = length $hash_out;
2385 return unless (substr ($line, 0, $len) eq $hash_out);
2387 elsif ($mode == 10500)
2389 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3, $param4, $param5, $param6);
2391 $len = length $hash_out;
2393 return unless (substr ($line, 0, $len) eq $hash_out);
2395 elsif ($mode == 10600)
2397 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2399 $len = length $hash_out;
2401 return unless (substr ($line, 0, $len) eq $hash_out);
2403 elsif ($mode == 10700)
2405 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2407 $len = length $hash_out;
2409 return unless (substr ($line, 0, $len) eq $hash_out);
2411 elsif ($mode == 10900)
2413 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2415 $len = length $hash_out;
2417 return unless (substr ($line, 0, $len) eq $hash_out);
2419 elsif ($mode == 11100)
2421 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2423 $len = length $hash_out;
2425 return unless (substr ($line, 0, $len) eq $hash_out);
2427 elsif ($mode == 11400)
2429 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6, $param7, $param8, $param9, $param10, $param11);
2431 $len = length $hash_out;
2433 return unless (substr ($line, 0, $len) eq $hash_out);
2435 elsif ($mode == 11600)
2437 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6);
2439 $len = length $hash_out;
2441 return unless (substr ($line, 0, $len) eq $hash_out);
2443 elsif ($mode == 11900)
2445 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2447 $len = length $hash_out;
2449 return unless (substr ($line, 0, $len) eq $hash_out);
2451 elsif ($mode == 12000)
2453 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2455 $len = length $hash_out;
2457 return unless (substr ($line, 0, $len) eq $hash_out);
2459 elsif ($mode == 12100)
2461 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2463 $len = length $hash_out;
2465 return unless (substr ($line, 0, $len) eq $hash_out);
2467 elsif ($mode == 12200)
2469 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2471 $len = length $hash_out;
2473 return unless (substr ($line, 0, $len) eq $hash_out);
2475 elsif ($mode == 12700)
2477 # this is very special, we can't call gen_hash () because the param part is not always the same
2478 # we only know that it should contain the letters "guid" at the beginning of the decryted string
2480 my $pbkdf2 = Crypt
::PBKDF2
->new (
2481 hash_class
=> 'HMACSHA1',
2486 my $salt_bin = pack ("H*", $salt);
2488 my $key = $pbkdf2->PBKDF2 ($salt_bin, $word);
2490 my $cipher = Crypt
::CBC
->new ({
2492 cipher
=> "Crypt::Rijndael",
2499 my $param_bin = pack ("H*", $param);
2501 my $decrypted = $cipher->decrypt ($param_bin);
2503 my $decrypted_part = substr ($decrypted, 1, 16);
2505 return unless ($decrypted_part =~ /"guid"/);
2507 $hash_out = $hash_in;
2509 elsif ($mode == 12900)
2511 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2513 $len = length $hash_out;
2515 return unless (substr ($line, 0, $len) eq $hash_out);
2517 elsif ($mode == 13000)
2519 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2521 $len = length $hash_out;
2523 return unless (substr ($line, 0, $len) eq $hash_out);
2525 elsif ($mode == 13100)
2527 $hash_out = gen_hash
($mode, $word, $salt);
2529 $len = length $hash_out;
2531 return unless (substr ($line, 0, $len) eq $hash_out);
2535 $hash_out = gen_hash
($mode, $word, $salt, $iter);
2537 $len = length $hash_out;
2542 # allow $P$ and $H$ for -m 400
2543 next unless (substr ($line, 3, $len - 3) eq substr ($hash_out, 3));
2545 elsif ($mode == 5600)
2547 # oclHashcat outputs the user name always upper-case, we need
2548 next unless (substr ($line, 0, $len) eq $hash_out);
2552 my $hash_out_lower = lc ($hash_out);
2554 for my $key (keys %{$db})
2556 if (lc ($key) eq $hash_out_lower)
2568 next unless (substr ($line, 0, $len) eq $hash_out);
2572 # do not forget "exists ($db->$hash_out)" should be done above!
2573 $db->{$hash_out} = $word;
2574 print OUT
$line . "\n";
2583 my $mode = shift || 0;
2585 while (my $word_buf = <>)
2589 next if length ($word_buf) > 31;
2597 for (my $i = 0; $i < 256; $i++)
2599 my $c = get_random_chr
(0x30, 0x39);
2601 push (@salt_arr, $c);
2604 my $salt_buf = join ("", @salt_arr);
2612 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 5700 || $mode == 9900 || $mode == 10800 || $mode == 11500)
2614 $tmp_hash = gen_hash
($mode, $word_buf, "");
2616 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
2618 my $salt_len = get_random_num
(1, 15);
2620 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2622 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
2624 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2628 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2632 my $salt_len = get_random_num
(1, 11);
2634 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2636 elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 1800 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
2638 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 8));
2640 elsif ($mode == 112)
2642 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
2644 elsif ($mode == 121)
2646 my $salt_len = get_random_num
(1, 9);
2648 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2650 elsif ($mode == 141 || $mode == 1441)
2652 my $salt_len = get_random_num
(1, 15);
2654 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2656 elsif ($mode == 1100)
2658 my $salt_len = get_random_num
(1, 19);
2660 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2662 elsif ($mode == 1500)
2664 next if length ($word_buf) > 8;
2666 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2668 elsif ($mode == 2100)
2670 next if length ($word_buf) > 13;
2672 my $salt_len = get_random_num
(1, 19);
2674 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2676 elsif ($mode == 2410)
2678 next if length ($word_buf) > 15;
2680 my $salt_len = get_random_num
(1, 15);
2682 my $word_len = length ($word_buf);
2684 $salt_len = min
($salt_len, 15 - $word_len);
2686 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2688 elsif ($mode == 2500)
2690 next if length ($word_buf) < 8;
2692 my $salt_len = get_random_num
(0, 32);
2694 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2696 elsif ($mode == 2611)
2698 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 3));
2700 elsif ($mode == 2612)
2702 my $salt_len = get_random_num
(1, 22);
2704 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2706 elsif ($mode == 2711)
2708 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 30));
2710 elsif ($mode == 2811)
2712 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2714 elsif ($mode == 3000)
2716 next if length ($word_buf) > 7;
2718 $tmp_hash = gen_hash
($mode, $word_buf, "");
2720 elsif ($mode == 3100)
2722 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 10));
2724 elsif ($mode == 3200 || $mode == 5800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 3300 || $mode == 8000 || $mode == 9100 || $mode == 12200)
2726 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
2728 elsif ($mode == 3800 || $mode == 4900)
2730 my $salt_len = get_random_num
(1, 11);
2732 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2734 elsif ($mode == 4800)
2736 $salt_buf = get_random_md5chap_salt
(substr ($salt_buf, 0, 16));
2738 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2740 elsif ($mode == 5300 || $mode == 5400)
2742 $salt_buf = get_random_ike_salt
();
2744 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2746 elsif ($mode == 5500)
2748 my $user_len = get_random_num
(0, 15);
2749 my $domain_len = get_random_num
(0, 15);
2751 $salt_buf = get_random_netntlmv1_salt
($user_len, $domain_len);
2753 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2755 elsif ($mode == 5600)
2757 my $user_len = get_random_num
(0, 15);
2758 my $domain_len = get_random_num
(0, 15);
2760 $salt_buf = get_random_netntlmv2_salt
($user_len, $domain_len);
2762 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2764 elsif ($mode == 6600)
2766 $salt_buf = get_random_agilekeychain_salt
();
2768 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2770 elsif ($mode == 6800)
2772 my $email_len = get_random_num
(1, 15);
2776 for (my $i = 0; $i < $email_len; $i++)
2778 $email .= get_random_chr
(0x61, 0x7a);
2781 $email .= '@trash-mail.com';
2783 $tmp_hash = gen_hash
($mode, $word_buf, $email);
2785 elsif ($mode == 7100)
2787 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
2789 elsif ($mode == 7200)
2791 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 128));
2793 elsif ($mode == 7300)
2795 my $salt_len = get_random_num
(32, 256);
2797 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2799 elsif ($mode == 7500)
2801 $salt_buf = get_random_kerberos5_salt
(substr ($salt_buf, 0, 16));
2803 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2805 elsif ($mode == 7700)
2807 next if length ($word_buf) > 8;
2809 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2811 elsif ($mode == 7800)
2813 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2815 elsif ($mode == 8200)
2817 $salt_buf = get_random_cloudkeychain_salt
();
2819 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2821 elsif ($mode == 8300)
2823 $salt_buf = get_random_dnssec_salt
();
2825 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2827 elsif ($mode == 8400 || $mode == 11200)
2829 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 40));
2831 elsif ($mode == 8500)
2833 next if length ($word_buf) > 8;
2835 my $salt_len = get_random_num
(1, 9);
2837 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2839 elsif ($mode == 8600)
2841 next if length ($word_buf) > 16;
2843 $tmp_hash = gen_hash
($mode, $word_buf, "");
2845 elsif ($mode == 8700)
2847 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2849 elsif ($mode == 9200 || $mode == 9300)
2853 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2855 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
2857 next if length ($word_buf) > 19;
2861 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2863 elsif ($mode == 10100)
2865 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2867 elsif ($mode == 10300)
2869 my $salt_len = get_random_num
(4, 15);
2871 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2873 elsif ($mode == 10400)
2875 next if length ($word_buf) > 31;
2879 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2881 elsif ($mode == 10500)
2883 next if length ($word_buf) > 15;
2887 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2889 elsif ($mode == 10600)
2891 next if length ($word_buf) > 31;
2895 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2897 elsif ($mode == 10700)
2899 next if length ($word_buf) > 15;
2903 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2905 elsif ($mode == 11000)
2907 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 56));
2909 elsif ($mode == 11300)
2911 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
2913 elsif ($mode == 11400)
2915 next if length ($word_buf) > 24;
2917 my $salt_len = get_random_num
(1, 15);
2919 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2921 elsif ($mode == 11600)
2923 my $salt_len = get_random_num
(0, 16);
2925 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2927 elsif ($mode == 12400)
2929 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 4));
2931 elsif ($mode == 12600)
2933 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
2935 elsif ($mode == 12700)
2937 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2939 elsif ($mode == 12800)
2941 next if length ($word_buf) > 24;
2943 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
2945 elsif ($mode == 12900)
2947 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2949 elsif ($mode == 13000)
2951 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2953 elsif ($mode == 13100)
2955 $salt_buf = get_random_kerberos5_tgs_salt
();
2957 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2961 print "ERROR: Unsupported hash type\n";
2966 print $tmp_hash, "\n";
2979 for (my $j = 0; $j < scalar @modes; $j++)
2981 my $mode = $modes[$j];
2983 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5300 || $mode == 5400 || $mode == 6000 || $mode == 6100 || $mode == 6600 || $mode == 6900 || $mode == 5700 || $mode == 8200 || $mode == 8300 || $mode == 9900 || $mode == 10800 || $mode == 11500)
2985 for (my $i = 1; $i < 32; $i++)
2989 rnd
($mode, $len, 0);
2997 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
2999 my $salt_len = get_random_num
(1, 15);
3001 for (my $i = 1; $i < 32; $i++)
3005 rnd
($mode, $len, $salt_len);
3009 rnd
($mode, $i, $salt_len);
3013 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
3015 for (my $i = 1; $i < 32; $i++)
3019 rnd
($mode, $len, 32);
3023 rnd
($mode, $i, 32);
3027 elsif ($mode == 21 || $mode == 22)
3029 for (my $i = 1; $i < 32; $i++)
3033 rnd
($mode, $len, 2);
3041 elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
3043 for (my $i = 1; $i < 32; $i++)
3047 rnd
($mode, $len, 8);
3055 elsif ($mode == 112)
3057 for (my $i = 1; $i < 32; $i++)
3061 rnd
($mode, $len, 20);
3065 rnd
($mode, $i, 20);
3069 elsif ($mode == 141 || $mode == 3300 || $mode == 1441 || $mode == 1800 || $mode == 3200 || $mode == 4800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 8000 || $mode == 9100 || $mode == 12200)
3071 for (my $i = 1; $i < 32; $i++)
3075 rnd
($mode, $len, 16);
3079 rnd
($mode, $i, 16);
3085 my $salt_len = get_random_num
(1, 19);
3087 for (my $i = 1; $i < 32; $i++)
3091 rnd
($mode, $len, $salt_len);
3095 rnd
($mode, $i, $salt_len);
3099 elsif ($mode == 1500)
3101 for (my $i = 1; $i < 9; $i++)
3105 rnd
($mode, $len, 2);
3113 elsif ($mode == 2100)
3115 my $salt_len = get_random_num
(1, 19);
3117 for (my $i = 1; $i < 13; $i++)
3121 rnd
($mode, $len, $salt_len);
3125 rnd
($mode, $i, $salt_len);
3129 elsif ($mode == 2500)
3131 my $salt_len = get_random_num
(0, 32);
3133 for (my $i = 8; $i < 16; $i++)
3135 my $generate_from_len = 0;
3144 rnd
($mode, $len, $salt_len);
3148 rnd
($mode, $i, $salt_len);
3152 elsif ($mode == 2611)
3154 for (my $i = 1; $i < 32; $i++)
3158 rnd
($mode, $len, 3);
3166 elsif ($mode == 2612)
3168 my $salt_len = get_random_num
(1, 22);
3170 for (my $i = 1; $i < 32; $i++)
3174 rnd
($mode, $len, $salt_len);
3178 rnd
($mode, $i, $salt_len);
3182 elsif ($mode == 2711)
3184 for (my $i = 1; $i < 32; $i++)
3188 rnd
($mode, $len, 30);
3192 rnd
($mode, $i, 30);
3196 elsif ($mode == 2811)
3198 for (my $i = 1; $i < 32; $i++)
3202 rnd
($mode, $len, 5);
3210 elsif ($mode == 3000)
3212 for (my $i = 1; $i < 8; $i++)
3216 rnd
($mode, $len, 0);
3224 elsif ($mode == 3100)
3226 for (my $i = 1; $i < 32; $i++)
3230 rnd
($mode, $len, 10);
3234 rnd
($mode, $i, 10);
3238 elsif ($mode == 3800 || $mode == 4900)
3240 my $salt_len = get_random_num
(1, 11);
3242 for (my $i = 1; $i < 32; $i++)
3246 rnd
($mode, $len, $salt_len);
3250 rnd
($mode, $i, $salt_len);
3254 elsif ($mode == 5500 || $mode == 5600)
3258 for (my $i = 1; $i < 27; $i++)
3260 $salt_len = get_random_num
(1, 15);
3264 rnd
($mode, $len, $salt_len);
3268 rnd
($mode, $i, $salt_len);
3272 elsif ($mode == 5800)
3274 for (my $i = 1; $i < 14; $i++)
3278 rnd
($mode, $len, 16);
3282 rnd
($mode, $i, 16);
3286 elsif ($mode == 6800)
3288 my $salt_len = get_random_num
(8, 25);
3290 for (my $i = 1; $i < 32; $i++)
3294 rnd
($mode, $len, $salt_len);
3298 rnd
($mode, $i, $salt_len);
3302 elsif ($mode == 7100)
3304 for (my $i = 1; $i < 32; $i++)
3308 rnd
($mode, $len, 64);
3312 rnd
($mode, $i, 64);
3316 elsif ($mode == 7200)
3318 for (my $i = 1; $i < 32; $i++)
3322 rnd
($mode, $len, 128);
3326 rnd
($mode, $i, 128);
3330 elsif ($mode == 7300)
3332 my $salt_len = get_random_num
(32, 255);
3334 for (my $i = 1; $i < 32; $i++)
3338 rnd
($mode, $len, $salt_len);
3342 rnd
($mode, $i, $salt_len);
3346 elsif ($mode == 7500)
3348 for (my $i = 1; $i < 27; $i++)
3352 rnd
($mode, $len, 16);
3356 rnd
($mode, $i, 16);
3360 elsif ($mode == 7700)
3362 my $salt_len = get_random_num
(1, 12);
3364 for (my $i = 1; $i < 9; $i++)
3368 rnd
($mode, $len, $salt_len);
3372 rnd
($mode, $i, $salt_len);
3376 elsif ($mode == 7800)
3378 my $salt_len = get_random_num
(1, 12);
3380 for (my $i = 1; $i < 32; $i++)
3384 rnd
($mode, $len, $salt_len);
3388 rnd
($mode, $i, $salt_len);
3392 elsif ($mode == 8400 || $mode == 11200)
3394 for (my $i = 1; $i < 32; $i++)
3398 rnd
($mode, $len, 40);
3402 rnd
($mode, $i, 40);
3406 elsif ($mode == 8500)
3408 my $salt_len = get_random_num
(1, 8);
3410 for (my $i = 1; $i < 9; $i++)
3414 rnd
($mode, $len, $salt_len);
3418 rnd
($mode, $i, $salt_len);
3422 elsif ($mode == 8600)
3424 for (my $i = 1; $i < 17; $i++)
3428 rnd
($mode, $len, 0);
3436 elsif ($mode == 8700)
3438 for (my $i = 1; $i < 32; $i++)
3442 rnd
($mode, $len, 5);
3450 elsif ($mode == 9200 || $mode == 9300)
3454 for (my $i = 1; $i < 32; $i++)
3458 rnd
($mode, $len, $salt_len);
3462 rnd
($mode, $i, $salt_len);
3466 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
3470 for (my $i = 1; $i < 20; $i++)
3474 rnd
($mode, $len, $salt_len);
3478 rnd
($mode, $i, $salt_len);
3482 elsif ($mode == 10100)
3484 for (my $i = 1; $i < 32; $i++)
3488 rnd
($mode, $len, 32);
3492 rnd
($mode, $i, 32);
3496 elsif ($mode == 10300)
3498 my $salt_len = get_random_num
(4, 15);
3500 for (my $i = 1; $i < 32; $i++)
3504 rnd
($mode, $len, $salt_len);
3508 rnd
($mode, $i, $salt_len);
3512 elsif ($mode == 10400 || $mode == 10600)
3516 for (my $i = 1; $i < 32; $i++)
3520 rnd
($mode, $len, $salt_len);
3524 rnd
($mode, $i, $salt_len);
3528 elsif ($mode == 10500 || $mode == 10700)
3532 for (my $i = 1; $i < 16; $i++)
3536 rnd
($mode, $len, $salt_len);
3540 rnd
($mode, $i, $salt_len);
3544 elsif ($mode == 11000)
3546 for (my $i = 1; $i < 32; $i++)
3550 rnd
($mode, $len, 56);
3554 rnd
($mode, $i, 56);
3558 elsif ($mode == 11300)
3560 for (my $i = 1; $i < 32; $i++)
3564 rnd
($mode, $len, 16);
3568 rnd
($mode, $i, 16);
3572 elsif ($mode == 11400)
3574 for (my $i = 1; $i < 24; $i++)
3578 rnd
($mode, $len, 16);
3582 rnd
($mode, $i, 16);
3586 elsif ($mode == 11600)
3588 my $salt_len = get_random_num
(0, 16);
3590 for (my $i = 1; $i < 32; $i++)
3594 rnd
($mode, $len, $salt_len);
3598 rnd
($mode, $i, $salt_len);
3602 elsif ($mode == 12400)
3604 for (my $i = 1; $i < 32; $i++)
3608 rnd
($mode, $len, 4);
3616 elsif ($mode == 12600)
3618 for (my $i = 1; $i < 32; $i++)
3622 rnd
($mode, $len, 64);
3626 rnd
($mode, $i, 64);
3630 elsif ($mode == 12700)
3632 for (my $i = 1; $i < 32; $i++)
3636 rnd
($mode, $len, 32);
3640 rnd
($mode, $i, 32);
3644 elsif ($mode == 12800)
3646 for (my $i = 1; $i < 25; $i++)
3650 rnd
($mode, $len, 20);
3654 rnd
($mode, $i, 20);
3658 elsif ($mode == 12900)
3660 for (my $i = 1; $i < 32; $i++)
3664 rnd
($mode, $len, 32);
3668 rnd
($mode, $i, 32);
3672 elsif ($mode == 13000)
3674 for (my $i = 1; $i < 32; $i++)
3678 rnd
($mode, $len, 32);
3682 rnd
($mode, $i, 32);
3686 elsif ($mode == 13100)
3688 for (my $i = 1; $i < 27; $i++)
3692 rnd
($mode, $len, 16);
3696 rnd
($mode, $i, 16);
3709 my $word_buf = shift;
3711 my $salt_buf = shift;
3715 my $additional_param = shift;
3717 my $additional_param2 = shift;
3719 my $additional_param3 = shift;
3721 my $additional_param4 = shift;
3723 my $additional_param5 = shift;
3725 my $additional_param6 = shift;
3727 my $additional_param7 = shift;
3729 my $additional_param8 = shift;
3731 my $additional_param9 = shift;
3733 my $additional_param10 = shift;
3735 my $additional_param11 = shift;
3747 $hash_buf = md5_hex
($word_buf);
3749 $tmp_hash = sprintf ("%s", $hash_buf);
3753 $hash_buf = md5_hex
($word_buf . $salt_buf);
3755 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3759 $hash_buf = md5_hex
($word_buf . $salt_buf);
3761 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3765 $hash_buf = md5_hex
($word_buf . $salt_buf);
3767 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3771 $hash_buf = md5_hex
($salt_buf . $word_buf);
3773 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3777 $hash_buf = md5_hex
($salt_buf . $word_buf);
3779 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3783 my $itoa64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
3784 my $salt_suffix = "Administration Tools";
3786 my $pass = sprintf ("%s:%s:%s", $salt_buf, $salt_suffix, $word_buf);
3788 $hash_buf = md5
($pass);
3792 for (my $pos = 0; $pos < 16; $pos += 2)
3794 my $octet1 = ord (substr ($hash_buf, $pos + 0, 1));
3795 my $octet2 = ord (substr ($hash_buf, $pos + 1, 1));
3797 my $num = ($octet1 <<8 & 0xff00) | ($octet2 & 0xff);
3799 my $idx1 = $num >> 12 & 0x0f;
3800 my $idx2 = $num >> 6 & 0x3f;
3801 my $idx3 = $num & 0x3f;
3803 $res = $res . substr ($itoa64, $idx1, 1) . substr ($itoa64, $idx2, 1) . substr ($itoa64, $idx3, 1);
3806 my $obfuscate_str = "nrcstn";
3807 my @obfuscate_pos = (0, 6, 12, 17, 23, 29);
3809 foreach my $pos (keys @obfuscate_pos)
3811 my $idx = $obfuscate_pos[$pos];
3812 my $before = substr ($res, 0, $idx);
3813 my $char = substr ($obfuscate_str, $pos, 1);
3814 my $after = substr ($res, $idx);
3816 $res = sprintf ("%s%s%s", $before, $char, $after);
3819 $tmp_hash = sprintf ("%s:%s", $res, $salt_buf);
3823 $hash_buf = md5_hex
($salt_buf . "\nskyper\n" . $word_buf);
3825 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3829 $hash_buf = md5_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
3831 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3835 $hash_buf = md5_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
3837 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3841 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
, 64);
3843 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3847 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&md5
, 64);
3849 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3851 elsif ($mode == 100)
3853 $hash_buf = sha1_hex
($word_buf);
3855 $tmp_hash = sprintf ("%s", $hash_buf);
3857 elsif ($mode == 101)
3859 $hash_buf = sha1
($word_buf);
3861 my $base64_buf = encode_base64
($hash_buf);
3863 chomp ($base64_buf);
3865 $tmp_hash = sprintf ("{SHA}%s", $base64_buf);
3867 elsif ($mode == 110)
3869 $hash_buf = sha1_hex
($word_buf . $salt_buf);
3871 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3873 elsif ($mode == 111)
3875 $hash_buf = sha1
($word_buf . $salt_buf);
3877 my $base64_buf = encode_base64
($hash_buf . $salt_buf);
3879 chomp ($base64_buf);
3881 $tmp_hash = sprintf ("{SSHA}%s", $base64_buf);
3883 elsif ($mode == 112)
3885 my $salt_buf_bin = pack ("H*", $salt_buf);
3887 $hash_buf = sha1_hex
($word_buf . $salt_buf_bin);
3889 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3891 elsif ($mode == 120)
3893 $hash_buf = sha1_hex
($salt_buf . $word_buf);
3895 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3897 elsif ($mode == 121)
3899 $hash_buf = sha1_hex
(lc ($salt_buf) . $word_buf);
3901 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3903 elsif ($mode == 122)
3905 my $salt_buf_bin = pack ("H*", $salt_buf);
3907 $hash_buf = sha1_hex
($salt_buf_bin . $word_buf);
3909 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
3911 elsif ($mode == 130)
3913 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
3915 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3917 elsif ($mode == 131)
3919 my $salt_buf_bin = pack ("H*", $salt_buf);
3921 $hash_buf = sha1_hex
(encode
("UTF-16LE", uc ($word_buf)) . $salt_buf_bin);
3923 $tmp_hash = sprintf ("0x0100%s%s%s", $salt_buf, "0" x
40, $hash_buf);
3925 elsif ($mode == 132)
3927 my $salt_buf_bin = pack ("H*", $salt_buf);
3929 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
3931 $tmp_hash = sprintf ("0x0100%s%s", $salt_buf, $hash_buf);
3933 elsif ($mode == 140)
3935 $hash_buf = sha1_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
3937 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3939 elsif ($mode == 141)
3941 $hash_buf = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
3943 my $base64_salt_buf = encode_base64
($salt_buf);
3945 chomp ($base64_salt_buf);
3947 my $base64_hash_buf = encode_base64
($hash_buf);
3949 $base64_hash_buf = substr ($base64_hash_buf, 0, 27);
3951 $tmp_hash = sprintf ("\$episerver\$*0*%s*%s", $base64_salt_buf, $base64_hash_buf);
3953 elsif ($mode == 150)
3955 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
, 64);
3957 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3959 elsif ($mode == 160)
3961 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha1
, 64);
3963 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3965 elsif ($mode == 190)
3967 $hash_buf = sha1_hex
($word_buf);
3969 my $variant = int (rand (2));
3971 if (defined ($additional_param))
3973 $variant = $additional_param;
3978 substr ($hash_buf, 0, 5) = "00000";
3981 $tmp_hash = sprintf ("%s", $hash_buf);
3983 elsif ($mode == 200)
3985 my $ppr = Authen
::Passphrase
::MySQL323
->new (passphrase
=> $word_buf);
3987 $hash_buf = $ppr->hash_hex;
3989 $tmp_hash = sprintf ("%s", $hash_buf);
3991 elsif ($mode == 300)
3993 $hash_buf = substr (password41
($word_buf), 1);
3995 $hash_buf = lc ($hash_buf); # useful for 'not matched' check only
3997 $tmp_hash = sprintf ("%s", $hash_buf);
3999 elsif ($mode == 400)
4008 my $ppr = Authen
::Passphrase
::PHPass
->new
4012 passphrase
=> $word_buf,
4015 $hash_buf = $ppr->as_rfc2307;
4017 $tmp_hash = sprintf ("%s", substr ($hash_buf, 7));
4019 elsif ($mode == 500)
4021 my $iterations = 1000;
4023 if (defined ($iter))
4027 $iterations = int ($iter);
4031 $hash_buf = md5_crypt
('$1$', $iterations, $word_buf, $salt_buf);
4033 $tmp_hash = sprintf ("%s", $hash_buf);
4035 elsif ($mode == 900)
4037 $hash_buf = md4_hex
($word_buf);
4039 $tmp_hash = sprintf ("%s", $hash_buf);
4041 elsif ($mode == 1000)
4043 $hash_buf = md4_hex
(encode
("UTF-16LE", $word_buf));
4045 $tmp_hash = sprintf ("%s", $hash_buf);
4047 elsif ($mode == 1100)
4049 $hash_buf = md4_hex
(md4
(encode
("UTF-16LE", $word_buf)) . encode
("UTF-16LE", lc ($salt_buf)));
4051 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4053 elsif ($mode == 1400)
4055 $hash_buf = sha256_hex
($word_buf);
4057 $tmp_hash = sprintf ("%s", $hash_buf);
4059 elsif ($mode == 1410)
4061 $hash_buf = sha256_hex
($word_buf . $salt_buf);
4063 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4065 elsif ($mode == 1420)
4067 $hash_buf = sha256_hex
($salt_buf . $word_buf);
4069 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4071 elsif ($mode == 1430)
4073 $hash_buf = sha256_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4075 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4077 elsif ($mode == 1440)
4079 $hash_buf = sha256_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4081 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4083 elsif ($mode == 1441)
4085 $hash_buf = sha256
($salt_buf . encode
("UTF-16LE", $word_buf));
4087 my $base64_salt_buf = encode_base64
($salt_buf);
4089 chomp ($base64_salt_buf);
4091 my $base64_hash_buf = encode_base64
($hash_buf);
4093 chomp ($base64_hash_buf);
4095 $base64_hash_buf = substr ($base64_hash_buf, 0, 43);
4097 $tmp_hash = sprintf ("\$episerver\$*1*%s*%s", $base64_salt_buf, $base64_hash_buf);
4099 elsif ($mode == 1450)
4101 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha256
, 64);
4103 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4105 elsif ($mode == 1460)
4107 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha256
, 64);
4109 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4111 elsif ($mode == 1500)
4113 $hash_buf = crypt ($word_buf, $salt_buf);
4115 $tmp_hash = sprintf ("%s", $hash_buf);
4117 elsif ($mode == 1600)
4119 my $iterations = 1000;
4121 if (defined ($iter))
4125 $iterations = int ($iter);
4129 $hash_buf = md5_crypt
('$apr1$', $iterations, $word_buf, $salt_buf);
4131 $tmp_hash = sprintf ("%s", $hash_buf);
4133 elsif ($mode == 1700)
4135 $hash_buf = sha512_hex
($word_buf);
4137 $tmp_hash = sprintf ("%s", $hash_buf);
4139 elsif ($mode == 1710)
4141 $hash_buf = sha512_hex
($word_buf . $salt_buf);
4143 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4145 elsif ($mode == 1711)
4147 $hash_buf = sha512_hex
($word_buf . $salt_buf);
4149 my $base64_buf = encode_base64
(pack ("H*", $hash_buf) . $salt_buf);
4151 $base64_buf =~ s/[ \n]//g;
4153 $tmp_hash = sprintf ("{SSHA512}%s", $base64_buf);
4155 elsif ($mode == 1720)
4157 $hash_buf = sha512_hex
($salt_buf . $word_buf);
4159 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4161 elsif ($mode == 1730)
4163 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4165 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4167 elsif ($mode == 1740)
4169 $hash_buf = sha512_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4171 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4173 elsif ($mode == 1722)
4175 my $salt_buf_bin = pack ("H*", $salt_buf);
4177 $hash_buf = sha512_hex
($salt_buf_bin . $word_buf);
4179 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
4181 elsif ($mode == 1731)
4183 my $salt_buf_bin = pack ("H*", $salt_buf);
4185 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
4187 $tmp_hash = sprintf ("0x0200%s%s", $salt_buf, $hash_buf);
4189 elsif ($mode == 1750)
4191 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha512
, 128);
4193 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4195 elsif ($mode == 1760)
4197 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha512
, 128);
4199 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4201 elsif ($mode == 1800)
4203 my $iterations = 5000;
4205 if (defined ($iter))
4209 $iterations = int ($iter);
4213 $hash_buf = sha512_crypt
($iterations, $word_buf, $salt_buf);
4215 $tmp_hash = sprintf ("%s", $hash_buf);
4217 elsif ($mode == 2100)
4219 my $iterations = 10240;
4223 $iterations = int ($iter);
4226 my $salt = encode
("UTF-16LE", lc ($salt_buf));
4228 my $pbkdf2 = Crypt
::PBKDF2
->new
4230 hash_class
=> 'HMACSHA1',
4231 iterations
=> $iterations,
4233 salt_len
=> length ($salt),
4236 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 ($salt, md4
(md4
(encode
("UTF-16LE", $word_buf)) . $salt)));
4238 $tmp_hash = sprintf ("\$DCC2\$%i#%s#%s", $iterations, $salt_buf, $hash_buf);
4240 elsif ($mode == 2400)
4242 $tmp_hash = sprintf ("%s", pseudo_base64
(Digest
::MD5
::md5
($word_buf . "\0" x
(16 - length ($word_buf)))));
4244 elsif ($mode == 2410)
4246 my $salt_len = length ($salt_buf);
4248 my $salt_len_max4 = ($salt_len < 4) ?
$salt_len : 4;
4250 my $hash_buf = pseudo_base64
(Digest
::MD5
::md5
($word_buf . substr ($salt_buf, 0, $salt_len_max4) . "\0" x
(16 - length ($word_buf) - $salt_len_max4)));
4252 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4254 elsif ($mode == 2500)
4256 my ($bssid, $stmac, $snonce, $anonce, $eapol, $keyver, $eapol_size);
4258 if (! defined ($additional_param))
4262 $bssid = randbytes
(6);
4263 $stmac = randbytes
(6);
4264 $snonce = randbytes
(32);
4265 $anonce = randbytes
(32);
4267 $keyver = get_random_num
(1, 3); # 1 or 2
4270 # should be "validly" generated, but in theory could be anything for us also:
4271 # $eapol = "\x00" x 121; # works too, but let's generate it correctly
4273 $eapol = gen_random_wpa_eapol
($keyver, $snonce);
4277 $bssid = $additional_param;
4278 $stmac = $additional_param2;
4279 $snonce = $additional_param3;
4280 $anonce = $additional_param4;
4281 $keyver = $additional_param5;
4282 $eapol = $additional_param6;
4285 $eapol_size = length ($eapol);
4289 my $iterations = 4096;
4295 # generate the Pairwise Master Key (PMK)
4297 my $pbkdf2 = Crypt
::PBKDF2
->new
4299 hash_class
=> 'HMACSHA1',
4300 iterations
=> $iterations,
4304 my $pmk = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
4306 # Pairwise Transient Key (PTK) transformation
4308 my $ptk = wpa_prf_512
($pmk, $stmac, $bssid, $snonce, $anonce);
4310 # generate the Message Integrity Code (MIC)
4314 if ($keyver == 1) # WPA1 => MD5
4316 $mic = hmac
($eapol, $ptk, \
&md5
);
4320 $mic = hmac
($eapol, $ptk, \
&sha1
);
4323 $mic = substr ($mic, 0, 16);
4326 # format the binary output
4331 # first the essid (NULL-padded up to the first 36 bytes)
4333 $hash_buf .= $salt_buf;
4334 $hash_buf .= "\x00" x
(36 - length ($salt_buf));
4336 # the 2 MAC addresses
4338 $hash_buf .= $bssid;
4339 $hash_buf .= $stmac;
4343 $hash_buf .= $snonce;
4344 $hash_buf .= $anonce;
4348 $hash_buf .= $eapol;
4349 $hash_buf .= "\x00" x
(256 - $eapol_size);
4353 $hash_buf .= pack ("L*", $eapol_size);
4357 $hash_buf .= pack ("L*", $keyver);
4359 # and finally: the key mic
4363 # base64 encode the output
4365 $tmp_hash = encode_base64
($hash_buf, '');
4367 elsif ($mode == 2600)
4369 $hash_buf = md5_hex
(md5_hex
($word_buf));
4371 $tmp_hash = sprintf ("%s", $hash_buf);
4373 elsif ($mode == 2611)
4375 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4377 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4379 elsif ($mode == 2612)
4381 my $salt_buf_hex = unpack ("H*", $salt_buf);
4383 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4385 $tmp_hash = sprintf ("\$PHPS\$%s\$%s", $salt_buf_hex, $hash_buf);
4387 elsif ($mode == 2711)
4389 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4391 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4393 elsif ($mode == 2811)
4395 $hash_buf = md5_hex
(md5_hex
($salt_buf) . md5_hex
($word_buf));
4397 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4399 elsif ($mode == 3000)
4401 my $ppr = Authen
::Passphrase
::LANManager
->new ("passphrase" => $word_buf);
4403 $hash_buf = $ppr->hash_hex;
4405 $tmp_hash = sprintf ("%s", substr ($hash_buf, 0, 16));
4407 elsif ($mode == 3100)
4409 $hash_buf = oracle_hash
($salt_buf, $word_buf);
4411 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4413 elsif ($mode == 3200)
4422 $tmp_hash = bcrypt
($word_buf, sprintf ('$2a$%s$%s$', $cost, en_base64
($salt_buf)));
4424 elsif ($mode == 3300)
4426 my $iterations = 904;
4430 $iterations = int ($iter);
4435 if (defined ($additional_param))
4437 $variant = $additional_param;
4440 my $prefix = sprintf ("\$md5%srounds=%i\$%s", $variant, $iterations, $salt_buf);
4442 $iterations += 4096;
4444 $hash_buf = sun_md5
($word_buf, $prefix, $iterations);
4446 $tmp_hash = sprintf ("%s\$%s", $prefix, $hash_buf);
4448 elsif ($mode == 3500)
4450 $hash_buf = md5_hex
(md5_hex
(md5_hex
($word_buf)));
4452 $tmp_hash = sprintf ("%s", $hash_buf);
4454 elsif ($mode == 3610)
4456 $hash_buf = md5_hex
(md5_hex
($salt_buf) . $word_buf);
4458 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4460 elsif ($mode == 3710)
4462 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf));
4464 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4466 elsif ($mode == 3711)
4468 $hash_buf = md5_hex
($salt_buf . "-" . md5_hex
($word_buf));
4470 $tmp_hash = sprintf ("\$B\$%s\$%s", $salt_buf, $hash_buf);
4472 elsif ($mode == 3720)
4474 $hash_buf = md5_hex
($word_buf . md5_hex
($salt_buf));
4476 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4478 elsif ($mode == 3800)
4480 $hash_buf = md5_hex
($salt_buf . $word_buf . $salt_buf);
4482 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4484 elsif ($mode == 3910)
4486 $hash_buf = md5_hex
(md5_hex
($word_buf) . md5_hex
($salt_buf));
4488 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4490 elsif ($mode == 4010)
4492 $hash_buf = md5_hex
($salt_buf . md5_hex
($salt_buf . $word_buf));
4494 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4496 elsif ($mode == 4110)
4498 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf . $salt_buf));
4500 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4502 elsif ($mode == 4210)
4504 $hash_buf = md5_hex
($salt_buf . "\x00" . $word_buf);
4506 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4508 elsif ($mode == 4300)
4510 $hash_buf = md5_hex
(uc (md5_hex
($word_buf)));
4512 $tmp_hash = sprintf ("%s", $hash_buf);
4514 elsif ($mode == 4400)
4516 $hash_buf = md5_hex
(sha1_hex
($word_buf));
4518 $tmp_hash = sprintf ("%s", $hash_buf);
4520 elsif ($mode == 4500)
4522 $hash_buf = sha1_hex
(sha1_hex
($word_buf));
4524 $tmp_hash = sprintf ("%s", $hash_buf);
4526 elsif ($mode == 4600)
4528 $hash_buf = sha1_hex
(sha1_hex
(sha1_hex
($word_buf)));
4530 $tmp_hash = sprintf ("%s", $hash_buf);
4532 elsif ($mode == 4700)
4534 $hash_buf = sha1_hex
(md5_hex
($word_buf));
4536 $tmp_hash = sprintf ("%s", $hash_buf);
4538 elsif ($mode == 4800)
4540 my $index = rindex ($salt_buf, ":");
4542 my $salt = substr ($salt_buf, 0, $index);
4543 my $salt_bin = pack ("H*", $salt);
4544 my $chap_sign = substr ($salt_buf, $index + 1);
4545 my $chap_sign_bin = pack ("H*", $chap_sign);
4547 $hash_buf = md5_hex
($chap_sign_bin . $word_buf . $salt_bin);
4549 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4551 elsif ($mode == 4900)
4553 $hash_buf = sha1_hex
($salt_buf . $word_buf . $salt_buf);
4555 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4557 elsif ($mode == 5000)
4559 $hash_buf = keccak_256_hex
($word_buf);
4561 $tmp_hash = sprintf ("%s", $hash_buf);
4563 elsif ($mode == 5100)
4567 if (! defined ($additional_param))
4573 $pos = $additional_param * 8 unless ($additional_param > 2);
4576 $hash_buf = md5_hex
($word_buf);
4578 $tmp_hash = sprintf ("%s", substr ($hash_buf, $pos, 16));
4580 elsif ($mode == 5300)
4582 my @salt_arr = split (":", $salt_buf);
4584 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4585 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4587 my $hash_buf = hmac
($nr_buf , $word_buf, \
&md5
, 64);
4588 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&md5
, 64);
4590 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4592 elsif ($mode == 5400)
4594 my @salt_arr = split (":", $salt_buf);
4596 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4597 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4599 my $hash_buf = hmac
($nr_buf , $word_buf, \
&sha1
, 64);
4600 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&sha1
, 64);
4602 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4604 elsif ($mode == 5500)
4606 my $index1 = index ($salt_buf, "::");
4607 my $user = substr ($salt_buf, 0, $index1);
4609 my $index2 = index ($salt_buf, ":", $index1 + 2);
4610 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4612 my $len = length (substr ($salt_buf, $index2 + 1));
4614 my $c_challenge_hex;
4618 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 48);
4623 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4624 $c_challenge_hex .= 00 x
32;
4627 my $c_challenge = pack ("H*", substr ($c_challenge_hex, 0, 16));
4628 my $s_challenge_hex = substr ($salt_buf, $index2 + 17, 16);
4629 my $s_challenge = pack ("H*", $s_challenge_hex);
4631 my $challenge = substr (md5
($s_challenge . $c_challenge), 0, 8);
4635 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash . "\x00" x
5;
4637 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 0, 7)), "DES", $challenge, PADDING_NONE
);
4638 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 7, 7)), "DES", $challenge, PADDING_NONE
);
4639 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 14, 7)), "DES", $challenge, PADDING_NONE
);
4641 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $c_challenge_hex, unpack ("H*", $ntresp), $s_challenge_hex);
4643 elsif ($mode == 5600)
4645 my $index1 = index ($salt_buf, "::");
4646 my $user = substr ($salt_buf, 0, $index1);
4648 my $index2 = index ($salt_buf, ":", $index1 + 2);
4649 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4651 my $s_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4652 my $s_challenge = pack ("H*", $s_challenge_hex);
4654 my $temp_hex = substr ($salt_buf, $index2 + 17);
4655 my $temp = pack ("H*", $temp_hex);
4657 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash;
4658 my $identity = Encode
::encode
("UTF-16LE", uc ($user) . $domain);
4660 $hash_buf = hmac_hex
($s_challenge . $temp, hmac
($identity, $nthash, \
&md5
, 64), \
&md5
, 64);
4662 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $s_challenge_hex, $hash_buf, $temp_hex);
4664 elsif ($mode == 5700)
4666 $hash_buf = sha256
($word_buf);
4668 my $base64_buf = encode_base64
($hash_buf);
4672 for (my $i = 0; $i < 43; $i++)
4674 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($base64_buf, $i, 1)};
4677 elsif ($mode == 5800)
4679 $hash_buf = androidpin_hash
($word_buf, $salt_buf);
4681 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4683 elsif ($mode == 6000)
4685 $hash_buf = ripemd160_hex
($word_buf);
4687 $tmp_hash = sprintf ("%s", $hash_buf);
4689 elsif ($mode == 6100)
4691 $hash_buf = whirlpool_hex
($word_buf);
4693 $tmp_hash = sprintf ("%s", $hash_buf);
4695 elsif ($mode == 6300)
4697 my $iterations = 1000; # hard coded by the AIX format
4699 $hash_buf = md5_crypt
('', $iterations, $word_buf, $salt_buf);
4701 $tmp_hash = sprintf ("{smd5}%s", $hash_buf);
4703 elsif ($mode == 6400)
4705 my $iterations = 64;
4709 $iterations = 1 << int ($iter);
4712 $hash_buf = aix_ssha256_pbkdf2
($word_buf, $salt_buf, $iterations);
4714 $tmp_hash = sprintf ("{ssha256}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4716 elsif ($mode == 6500)
4718 my $iterations = 64;
4722 $iterations = 1 << int ($iter);
4725 $hash_buf = aix_ssha512_pbkdf2
($word_buf, $salt_buf, $iterations);
4727 $tmp_hash = sprintf ("{ssha512}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4729 elsif ($mode == 6600)
4731 my $iterations = 1000;
4735 $iterations = int ($iter);
4738 my $salt_hex = substr ($salt_buf, 0, 16);
4739 my $salt = pack ("H*", $salt_hex);
4741 my $prefix = substr ($salt_buf, 16, 2016);
4743 my $iv_hex = substr ($salt_buf, 2032);
4744 my $iv = pack ("H*", $iv_hex);
4746 my $data = pack ("H*", "10101010101010101010101010101010");
4748 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA1');
4750 my $pbkdf2 = Crypt
::PBKDF2
->new (
4752 iterations
=> $iterations,
4756 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
4758 my $cipher = Crypt
::CBC
->new ({
4760 cipher
=> "Crypt::Rijndael",
4767 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
4769 $hash_buf = substr ($encrypted, 0, 32);
4771 $tmp_hash = sprintf ("%i:%s:%s%s%s", $iterations, $salt_hex, $prefix, $iv_hex, $hash_buf);
4773 elsif ($mode == 6700)
4775 my $iterations = 64;
4779 $iterations = 1 << int ($iter);
4782 $hash_buf = aix_ssha1_pbkdf2
($word_buf, $salt_buf, $iterations);
4784 $tmp_hash = sprintf ("{ssha1}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4786 elsif ($mode == 6800)
4788 my $variant = $additional_param;
4790 if (! defined ($variant))
4792 $variant = int (rand (2));
4795 my $iterations = 500;
4799 $iterations = int ($iter);
4802 my $iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
4804 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256);
4806 my $pbkdf2 = Crypt
::PBKDF2
->new (
4808 iterations
=> $iterations,
4812 my $key = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
4814 my $cipher = Crypt
::CBC
->new ({
4816 cipher
=> "Crypt::Rijndael",
4825 my $encrypt = $cipher->encrypt (substr ($salt_buf, 0, 16));
4827 $hash_buf = substr (unpack ("H*", $encrypt), 0, 32);
4831 my $verifier = "lastpass rocks\x02\x02";
4833 $hash_buf = unpack ("H*", substr ($cipher->encrypt ($verifier), 0, 16));
4836 $tmp_hash = sprintf ("%s:%i:%s", $hash_buf, $iterations, $salt_buf);
4838 elsif ($mode == 6900)
4840 $hash_buf = gost_hex
($word_buf);
4842 $tmp_hash = sprintf ("%s", $hash_buf);
4844 elsif ($mode == 7100)
4846 my $iterations = 1024;
4850 $iterations = int ($iter);
4853 my $pbkdf2 = Crypt
::PBKDF2
->new
4855 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
4856 iterations
=> $iterations
4859 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
4861 $tmp_hash = sprintf ("\$ml\$%i\$%s\$%0128s", $iterations, $salt_buf, $hash_buf);
4863 elsif ($mode == 7200)
4865 my $iterations = 1024;
4869 $iterations = int ($iter);
4872 my $pbkdf2 = Crypt
::PBKDF2
->new (
4873 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
4874 iterations
=> $iterations
4877 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
4879 $tmp_hash = sprintf ("grub.pbkdf2.sha512.%i.%s.%0128s", $iterations, $salt_buf, $hash_buf);
4881 elsif ($mode == 7300)
4883 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
);
4885 $tmp_hash = sprintf ("%s:%s", unpack ("H*", $salt_buf), $hash_buf);
4887 elsif ($mode == 7400)
4889 my $iterations = 5000;
4891 if (defined ($iter))
4895 $iterations = int ($iter);
4899 $hash_buf = sha256_crypt
($iterations, $word_buf, $salt_buf);
4901 $tmp_hash = sprintf ("%s", $hash_buf);
4903 elsif ($mode == 7500)
4905 my @salt_arr = split ("\\\$", $salt_buf);
4907 my $user = $salt_arr[0];
4909 my $realm = $salt_arr[1];
4911 my $salt = $salt_arr[2];
4913 my $hmac_salt = $salt_arr[3];
4914 my $hmac_salt_bin = pack ("H*", $hmac_salt);
4916 my $clear_data = $salt_arr[4];
4918 my $k = md4
(encode
("UTF-16LE", $word_buf));
4920 my $k1 = hmac_md5
("\x01\x00\x00\x00", $k);
4922 my $k3 = hmac_md5
($hmac_salt_bin, $k1);
4924 if (length ($clear_data) > 1)
4926 my $clear_data_bin = pack ("H*", $clear_data);
4928 $hash_buf = RC4
($k3, $clear_data_bin);
4932 my $hash = $salt_arr[5];
4934 my $hash_bin = pack ("H*", $hash);
4936 my $clear_data = RC4
($k3, $hash_bin);
4938 my $timestamp = substr ($clear_data, 14, 14);
4943 if ($timestamp !~ /^[[:digit:]]{14}$/)
4950 $hash_buf = "\x00" x
36;
4952 if ($hash_buf eq $hash_bin)
4954 $hash_buf = "\x01" x
36;
4959 $hash_buf = $hash_bin;
4963 $tmp_hash = sprintf ("\$krb5pa\$23\$%s\$%s\$%s\$%s%s", $user, $realm, $salt, unpack ("H*", $hash_buf), $hmac_salt);
4965 elsif ($mode == 7600)
4967 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($word_buf));
4969 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4971 elsif ($mode == 7700)
4973 $word_buf = uc $word_buf;
4974 $salt_buf = uc $salt_buf;
4976 my $word_buf_t = sapb_transcode
($word_buf);
4977 my $salt_buf_t = sapb_transcode
($salt_buf);
4979 my $digest1 = md5
($word_buf_t . $salt_buf_t);
4981 my $data = sapb_waldorf
($digest1, $word_buf_t, $salt_buf_t);
4983 my $digest2 = md5
($data);
4985 my ($a, $b, $c, $d) = unpack ("N4", $digest2);
4990 $tmp_hash = sprintf ("%s\$%08X%08X", $salt_buf, $a, $b);
4992 elsif ($mode == 7800)
4994 my $theMagicArray_s =
4995 "\x91\xac\x51\x14\x9f\x67\x54\x43\x24\xe7\x3b\xe0\x28\x74\x7b\xc2" .
4996 "\x86\x33\x13\xeb\x5a\x4f\xcb\x5c\x08\x0a\x73\x37\x0e\x5d\x1c\x2f" .
4997 "\x33\x8f\xe6\xe5\xf8\x9b\xae\xdd\x16\xf2\x4b\x8d\x2c\xe1\xd4\xdc" .
4998 "\xb0\xcb\xdf\x9d\xd4\x70\x6d\x17\xf9\x4d\x42\x3f\x9b\x1b\x11\x94" .
4999 "\x9f\x5b\xc1\x9b\x06\x05\x9d\x03\x9d\x5e\x13\x8a\x1e\x9a\x6a\xe8" .
5000 "\xd9\x7c\x14\x17\x58\xc7\x2a\xf6\xa1\x99\x63\x0a\xd7\xfd\x70\xc3" .
5001 "\xf6\x5e\x74\x13\x03\xc9\x0b\x04\x26\x98\xf7\x26\x8a\x92\x93\x25" .
5002 "\xb0\xa2\x0d\x23\xed\x63\x79\x6d\x13\x32\xfa\x3c\x35\x02\x9a\xa3" .
5003 "\xb3\xdd\x8e\x0a\x24\xbf\x51\xc3\x7c\xcd\x55\x9f\x37\xaf\x94\x4c" .
5004 "\x29\x08\x52\x82\xb2\x3b\x4e\x37\x9f\x17\x07\x91\x11\x3b\xfd\xcd";
5006 $salt_buf = uc $salt_buf;
5008 my $digest = sha1
($word_buf . $salt_buf);
5010 my ($a, $b, $c, $d, $e) = unpack ("I*", $digest);
5012 my $lengthMagicArray = 0x20;
5013 my $offsetMagicArray = 0;
5015 $lengthMagicArray += (($a >> 0) & 0xff) % 6;
5016 $lengthMagicArray += (($a >> 8) & 0xff) % 6;
5017 $lengthMagicArray += (($a >> 16) & 0xff) % 6;
5018 $lengthMagicArray += (($a >> 24) & 0xff) % 6;
5019 $lengthMagicArray += (($b >> 0) & 0xff) % 6;
5020 $lengthMagicArray += (($b >> 8) & 0xff) % 6;
5021 $lengthMagicArray += (($b >> 16) & 0xff) % 6;
5022 $lengthMagicArray += (($b >> 24) & 0xff) % 6;
5023 $lengthMagicArray += (($c >> 0) & 0xff) % 6;
5024 $lengthMagicArray += (($c >> 8) & 0xff) % 6;
5025 $offsetMagicArray += (($c >> 16) & 0xff) % 8;
5026 $offsetMagicArray += (($c >> 24) & 0xff) % 8;
5027 $offsetMagicArray += (($d >> 0) & 0xff) % 8;
5028 $offsetMagicArray += (($d >> 8) & 0xff) % 8;
5029 $offsetMagicArray += (($d >> 16) & 0xff) % 8;
5030 $offsetMagicArray += (($d >> 24) & 0xff) % 8;
5031 $offsetMagicArray += (($e >> 0) & 0xff) % 8;
5032 $offsetMagicArray += (($e >> 8) & 0xff) % 8;
5033 $offsetMagicArray += (($e >> 16) & 0xff) % 8;
5034 $offsetMagicArray += (($e >> 24) & 0xff) % 8;
5036 my $hash_buf = sha1_hex
($word_buf . substr ($theMagicArray_s, $offsetMagicArray, $lengthMagicArray) . $salt_buf);
5038 $tmp_hash = sprintf ("%s\$%s", $salt_buf, uc $hash_buf);
5040 elsif ($mode == 7900)
5049 my $phpass_it = 1 << $cost;
5051 $hash_buf = sha512
($salt_buf . $word_buf);
5053 for (my $i = 0; $i < $phpass_it; $i++)
5055 $hash_buf = sha512
($hash_buf . $word_buf);
5058 my $base64_buf = substr (Authen
::Passphrase
::PHPass
::_en_base64
($hash_buf), 0, 43);
5060 my $base64_digits = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
5062 my $cost_str = substr ($base64_digits , $cost, 1);
5064 $tmp_hash = sprintf ('$S$%s%s%s', $cost_str, $salt_buf, $base64_buf);
5066 elsif ($mode == 8000)
5068 my $salt_buf_bin = pack ("H*", $salt_buf);
5070 my $word_buf_utf = encode
("UTF-16BE", $word_buf);
5072 $hash_buf = sha256_hex
($word_buf_utf . "\x00" x
(510 - (length ($word_buf) * 2)) . $salt_buf_bin);
5074 $tmp_hash = sprintf ("0xc007%s%s", $salt_buf, $hash_buf);
5076 elsif ($mode == 8100)
5078 $hash_buf = sha1_hex
($salt_buf . $word_buf . "\x00");
5080 $tmp_hash = sprintf ("1%s%s", $salt_buf, $hash_buf);
5082 elsif ($mode == 8200)
5084 my $iterations = 40000;
5086 if (defined ($iter))
5088 $iterations = $iter;
5091 my $salt_hex = substr ($salt_buf, 0, 32);
5092 my $salt = pack ("H*", $salt_hex);
5094 my $data_hex = substr ($salt_buf, 32);
5095 my $data = pack ("H*", $data_hex);
5097 my $pbkdf2 = Crypt
::PBKDF2
->new
5099 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
5100 iterations
=> int $iterations
5103 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
5105 $hash_buf = hmac_hex
($data, substr ($key, 32, 32), \
&sha256
, 64);
5107 $tmp_hash = sprintf ("%s:%s:%d:%s", $hash_buf, $salt_hex, $iterations, $data_hex);
5109 elsif ($mode == 8300)
5111 my ($domain, $salt_hex) = split (":", $salt_buf);
5113 my $hashalg = Net
::DNS
::SEC
->digtype ("SHA1");
5115 my $salt = pack ("H*", $salt_hex);
5119 if (defined ($iter))
5121 $iterations = $iter;
5124 my $name = lc ($word_buf . $domain);
5126 my $hash_buf = Net
::DNS
::RR
::NSEC3
::name2hash
($hashalg, $name, $iterations, $salt);
5128 $tmp_hash = sprintf ("%s:%s:%s:%d", $hash_buf, $domain, $salt_hex, $iterations);
5130 elsif ($mode == 8400)
5132 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($salt_buf . sha1_hex
($word_buf)));
5134 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5136 elsif ($mode == 8500)
5138 $hash_buf = racf_hash
(uc $salt_buf, $word_buf);
5140 $tmp_hash = sprintf ('$racf$*%s*%s', uc $salt_buf, uc $hash_buf);
5142 elsif ($mode == 8600)
5144 my @saved_key = map { ord $_; } split "", $word_buf;
5146 my $len = scalar @saved_key;
5148 my @state = domino_big_md
(\
@saved_key, $len);
5150 $tmp_hash = sprintf ('%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x',
5169 elsif ($mode == 8700)
5171 my $domino_char = undef;
5173 if (defined ($additional_param))
5175 $domino_char = $additional_param;
5178 my @saved_key = map { ord $_; } split "", $word_buf;
5180 my $len = scalar @saved_key;
5182 my @state = domino_big_md
(\
@saved_key, $len);
5184 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5186 @saved_key = map { ord $_; } split "", $salt_buf . uc $str;
5188 @state = domino_big_md
(\
@saved_key, 34);
5190 $hash_buf = join ("", (map { chr $_; } @state));
5192 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_buf . $hash_buf, $domino_char));
5194 elsif ($mode == 8900)
5200 if (defined ($additional_param))
5202 $N = $additional_param;
5203 $r = $additional_param2;
5204 $p = $additional_param3;
5207 $hash_buf = scrypt_hash
($word_buf, $salt_buf, $N, $r, $p, 32);
5209 $tmp_hash = sprintf ('%s', $hash_buf);
5211 elsif ($mode == 9100)
5213 my $iterations = 5000;
5215 if (defined ($iter))
5217 $iterations = $iter;
5220 my $domino_char = undef;
5222 # domino 5 hash - SEC_pwddigest_V1 - -m 8600
5224 my @saved_key = map { ord $_; } split "", $word_buf;
5226 my $len = scalar @saved_key;
5228 my @state = domino_big_md
(\
@saved_key, $len);
5231 # domino 6 hash - SEC_pwddigest_V2 - -m 8700
5233 my $salt_part = substr ($salt_buf, 0, 5);
5235 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5237 @saved_key = map { ord $_; } split "", $salt_part . uc $str;
5239 @state = domino_big_md
(\
@saved_key, 34);
5241 $hash_buf = join ("", (map { chr $_; } @state));
5243 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_part . $hash_buf, $domino_char));
5246 # domino 8(.5.x) hash - SEC_pwddigest_V3 - -m 9100
5248 my $pbkdf2 = Crypt
::PBKDF2
->new
5250 hash_class
=> 'HMACSHA1',
5251 iterations
=> $iterations,
5258 if (defined ($additional_param))
5260 $chars = $additional_param;
5263 my $digest_new = $pbkdf2->PBKDF2 ($salt_buf, $tmp_hash);
5265 my $iteration_str = "" . $iterations;
5267 for (my $i = length ($iterations); $i < 10; $i++)
5269 $iterations = "0" . $iterations;
5272 $tmp_hash = sprintf ('(H%s)', domino_85x_encode
($salt_buf . $iterations . $chars . $digest_new, $domino_char));
5274 elsif ($mode == 9200)
5276 my $iterations = 20000;
5278 my $pbkdf2 = Crypt
::PBKDF2
->new
5280 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5281 iterations
=> $iterations
5284 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5288 for (my $i = 0; $i < 43; $i++)
5290 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5293 $tmp_hash = sprintf ("\$8\$%s\$%s", $salt_buf, $tmp_hash);
5295 elsif ($mode == 9300)
5301 $hash_buf = scrypt_b64
($word_buf, $salt_buf, $N, $r, $p, 32);
5305 for (my $i = 0; $i < 43; $i++)
5307 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5310 $tmp_hash = sprintf ('$9$%s$%s', $salt_buf, $tmp_hash);
5312 elsif ($mode == 9400)
5314 my $iterations = 50000;
5318 $iterations = int ($iter);
5321 my $aes_key_size = 128; # or 256
5323 if (defined ($additional_param2))
5325 $aes_key_size = $additional_param2;
5328 $salt_buf = pack ("H*", $salt_buf);
5330 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5332 for (my $i = 0; $i < $iterations; $i++)
5334 my $num32 = pack ("L", $i);
5336 $tmp = sha1
($num32 . $tmp);
5339 my $zero32 = pack ("L", 0x00);
5341 my $derivation_array1 = pack ("C", 0x36) x
64;
5342 my $derivation_array2 = pack ("C", 0x5C) x
64;
5344 $tmp = sha1
($tmp . $zero32);
5346 my $tmp2 = sha1
($derivation_array1 ^ $tmp);
5347 my $tmp3 = sha1
($derivation_array2 ^ $tmp);
5349 my $key = substr ($tmp2 . $tmp3, 0, $aes_key_size / 8);
5351 my $m = Crypt
::Mode
::ECB
->new ('AES', 0);
5355 if (defined $additional_param)
5357 $encdata = $m->decrypt (pack ("H*", $additional_param), $key);
5361 $encdata = "A" x
16; ## can be anything
5364 my $data1_buf = $encdata;
5365 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5367 $data1_buf = substr ($data1_buf . ("\x00" x
16), 0, 16);
5368 $data2_buf = substr ($data2_buf . ("\x00" x
16), 0, 32);
5370 my $encrypted1 = unpack ("H*", $m->encrypt ($data1_buf, $key));
5371 my $encrypted2 = unpack ("H*", $m->encrypt ($data2_buf, $key));
5373 $encrypted1 = substr ($encrypted1, 0, 32);
5374 $encrypted2 = substr ($encrypted2, 0, 40);
5376 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2007, 20, $aes_key_size, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5378 elsif ($mode == 9500)
5380 my $iterations = 100000;
5384 $iterations = int ($iter);
5387 $salt_buf = pack ("H*", $salt_buf);
5389 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5391 for (my $i = 0; $i < $iterations; $i++)
5393 my $num32 = pack ("L", $i);
5395 $tmp = sha1
($num32 . $tmp);
5398 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5399 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5401 my $final1 = sha1
($tmp . $encryptedVerifierHashInputBlockKey);
5402 my $final2 = sha1
($tmp . $encryptedVerifierHashValueBlockKey);
5404 my $key1 = substr ($final1, 0, 16);
5405 my $key2 = substr ($final2, 0, 16);
5407 my $cipher1 = Crypt
::CBC
->new ({
5409 cipher
=> "Crypt::Rijndael",
5417 my $cipher2 = Crypt
::CBC
->new ({
5419 cipher
=> "Crypt::Rijndael",
5429 if (defined $additional_param)
5431 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5435 $encdata = "A" x
16; ## can be anything
5438 my $data1_buf = $encdata;
5439 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5441 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5442 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5444 $encrypted2 = substr ($encrypted2, 0, 64);
5446 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2010, 100000, 128, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5448 elsif ($mode == 9600)
5450 my $iterations = 100000;
5454 $iterations = int ($iter);
5457 $salt_buf = pack ("H*", $salt_buf);
5459 my $tmp = sha512
($salt_buf . encode
("UTF-16LE", $word_buf));
5461 for (my $i = 0; $i < $iterations; $i++)
5463 my $num32 = pack ("L", $i);
5465 $tmp = sha512
($num32 . $tmp);
5468 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5469 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5471 my $final1 = sha512
($tmp . $encryptedVerifierHashInputBlockKey);
5472 my $final2 = sha512
($tmp . $encryptedVerifierHashValueBlockKey);
5474 my $key1 = substr ($final1, 0, 32);
5475 my $key2 = substr ($final2, 0, 32);
5477 my $cipher1 = Crypt
::CBC
->new ({
5479 cipher
=> "Crypt::Rijndael",
5487 my $cipher2 = Crypt
::CBC
->new ({
5489 cipher
=> "Crypt::Rijndael",
5499 if (defined $additional_param)
5501 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5505 $encdata = "A" x
16; ## can be anything
5508 my $data1_buf = $encdata;
5509 my $data2_buf = sha512
(substr ($data1_buf, 0, 16));
5511 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5512 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5514 $encrypted2 = substr ($encrypted2, 0, 64);
5516 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2013, 100000, 256, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5518 elsif ($mode == 9700)
5520 $salt_buf = pack ("H*", $salt_buf);
5522 my $tmp = md5
(encode
("UTF-16LE", $word_buf));
5524 $tmp = substr ($tmp, 0, 5);
5528 for (my $i = 0; $i < 16; $i++)
5536 $tmp = substr ($tmp, 0, 5);
5540 if (defined $additional_param2)
5542 $version = $additional_param2;
5546 $version = (unpack ("L", $tmp) & 1) ?
0 : 1;
5549 my $rc4_key = md5
($tmp . "\x00\x00\x00\x00");
5551 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5555 if (defined $additional_param)
5557 $encdata = $m->RC4 (pack ("H*", $additional_param));
5561 $encdata = "A" x
16; ## can be anything
5564 my $data1_buf = $encdata;
5565 my $data2_buf = md5
(substr ($data1_buf, 0, 16));
5567 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5569 my $encrypted1 = $m->RC4 ($data1_buf);
5570 my $encrypted2 = $m->RC4 ($data2_buf);
5572 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5574 elsif ($mode == 9800)
5576 $salt_buf = pack ("H*", $salt_buf);
5578 my $tmp = sha1
($salt_buf. encode
("UTF-16LE", $word_buf));
5582 if (defined $additional_param2)
5584 $version = $additional_param2;
5588 $version = (unpack ("L", $tmp) & 1) ?
3 : 4;
5591 my $rc4_key = sha1
($tmp . "\x00\x00\x00\x00");
5595 $rc4_key = substr ($rc4_key, 0, 5) . "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
5598 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5602 if (defined $additional_param)
5604 $encdata = $m->RC4 (pack ("H*", $additional_param));
5608 $encdata = "A" x
16; ## can be anything
5611 my $data1_buf = $encdata;
5612 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5614 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5616 my $encrypted1 = $m->RC4 ($data1_buf);
5617 my $encrypted2 = $m->RC4 ($data2_buf);
5619 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5621 elsif ($mode == 9900)
5623 $tmp_hash = sprintf ("%s", md5_hex
($word_buf . "\0" x
(100 - length ($word_buf))));
5625 elsif ($mode == 10000)
5627 my $iterations = 10000;
5631 $iterations = int ($iter);
5634 my $pbkdf2 = Crypt
::PBKDF2
->new
5636 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5637 iterations
=> $iterations
5640 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5641 $hash_buf =~ s/[\r\n]//g;
5643 $tmp_hash = sprintf ("pbkdf2_sha256\$%i\$%s\$%s", $iterations, $salt_buf, $hash_buf);
5645 elsif ($mode == 10100)
5647 my $seed = pack ("H*", $salt_buf);
5649 my ($hi, $lo) = siphash
($word_buf, $seed);
5651 my $hi_s = sprintf ("%08x", $hi);
5652 my $lo_s = sprintf ("%08x", $lo);
5654 $hi_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5655 $lo_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5657 $tmp_hash = sprintf ("%s%s:2:4:%s", $hi_s, $lo_s, $salt_buf);
5659 elsif ($mode == 10200)
5661 my $challengeb64 = encode_base64
($salt_buf);
5662 $challengeb64 =~ s/[\r\n]//g;
5666 if (defined $additional_param)
5668 $username = $additional_param;
5675 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
);
5677 my $responseb64 = encode_base64
($username . " " . $hash_buf);
5678 $responseb64 =~ s/[\r\n]//g;
5680 $tmp_hash = sprintf ('$cram_md5$%s$%s', $challengeb64, $responseb64);
5682 elsif ($mode == 10300)
5684 my $iterations = 1024;
5688 $iterations = int ($iter);
5691 my $hash_buf = $salt_buf;
5693 for (my $pos = 0; $pos < $iterations; $pos++)
5695 $hash_buf = sha1
($word_buf . $hash_buf);
5698 $hash_buf = encode_base64
($hash_buf . $salt_buf);
5699 $hash_buf =~ s/[\r\n]//g;
5701 $tmp_hash = sprintf ("{x-issha, %i}%s", $iterations, $hash_buf);
5703 elsif ($mode == 10400)
5706 my $u = $additional_param;
5707 my $o = $additional_param2;
5708 my $P = $additional_param3;
5710 if (defined $u == 0)
5715 if (defined $o == 0)
5720 if (defined $P == 0)
5727 for (my $i = 0; $i < 32; $i++)
5729 $padding .= pack ("C", $pdf_padding[$i]);
5732 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, 1, 2, 0);
5734 my $m = Crypt
::RC4
->new (substr ($res, 0, 5));
5736 $u = $m->RC4 ($padding);
5738 $tmp_hash = sprintf ('$pdf$%d*%d*40*%d*%d*16*%s*32*%s*32*%s', 1, 2, $P, 0, $id, unpack ("H*", $u), $o);
5740 elsif ($mode == 10500)
5743 my $u = $additional_param;
5744 my $o = $additional_param2;
5745 my $P = $additional_param3;
5746 my $V = $additional_param4;
5747 my $R = $additional_param5;
5748 my $enc = $additional_param6;
5750 if (defined $u == 0)
5757 if (defined $o == 0)
5762 if (defined $R == 0)
5764 $R = get_random_num
(3, 5);
5767 if (defined $V == 0)
5769 $V = ($R == 3) ?
2 : 4;
5772 if (defined $P == 0)
5774 $P = ($R == 3) ?
-4 : -1028;
5777 if (defined $enc == 0)
5779 $enc = ($R == 3) ?
1 : get_random_num
(0, 2);
5784 for (my $i = 0; $i < 32; $i++)
5786 $padding .= pack ("C", $pdf_padding[$i]);
5789 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, $V, $R, $enc);
5791 my $digest = md5
($padding . pack ("H*", $id));
5793 my $m = Crypt
::RC4
->new ($res);
5795 $u = $m->RC4 ($digest);
5797 my @ress = split "", $res;
5799 for (my $x = 1; $x <= 19; $x++)
5803 for (my $i = 0; $i < 16; $i++)
5805 $xor[$i] = chr (ord ($ress[$i]) ^ $x);
5808 my $s = join ("", @xor);
5810 my $m2 = Crypt
::RC4
->new ($s);
5815 $u .= substr (pack ("H*", $u_save), 16, 16);
5817 $tmp_hash = sprintf ('$pdf$%d*%d*128*%d*%d*16*%s*32*%s*32*%s', $V, $R, $P, $enc, $id, unpack ("H*", $u), $o);
5819 elsif ($mode == 10600)
5822 my $rest = $additional_param;
5824 if (defined $id == 0)
5829 if (defined $rest == 0)
5835 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
5838 my @data = split /\*/, $rest;
5840 my $u = pack ("H*", $data[1]);
5842 my $h = sha256
($word_buf . substr ($u, 32, 8));
5844 $data[1] = unpack ("H*", $h . substr ($u, 32));
5846 $rest = join ("*", @data);
5848 $tmp_hash = sprintf ('$pdf$5*5*256*-1028*1*16*%s*%s', $id, $rest);
5850 elsif ($mode == 10700)
5853 my $rest = $additional_param;
5855 if (defined $id == 0)
5860 if (defined $rest == 0)
5866 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
5869 my @datax = split /\*/, $rest;
5871 my $u = pack ("H*", $datax[1]);
5873 my $block = sha256
($word_buf . substr ($u, 32, 8));
5875 my $block_size = 32;
5877 my $data = 0x00 x
64;
5883 for (my $i = 0; $i < 64 || $i < $data63 + 32; $i++)
5885 $data = $word_buf . $block;
5887 $data_len = length ($data);
5889 for (my $k = 1; $k < 64; $k++)
5891 $data .= $word_buf . $block;
5894 my $aes = Crypt
::CBC
->new ({
5895 key
=> substr ($block, 0, 16),
5896 cipher
=> "Crypt::Rijndael",
5897 iv
=> substr ($block, 16, 16),
5904 my $data = $aes->encrypt ($data);
5908 for (my $j = 0; $j < 16; $j++)
5910 $sum += ord (substr ($data, $j, 1));
5913 $block_size = 32 + ($sum % 3) * 16;
5915 if ($block_size == 32)
5917 $block = sha256
(substr ($data, 0, $data_len * 64));
5919 elsif ($block_size == 48)
5921 $block = sha384
(substr ($data, 0, $data_len * 64));
5923 elsif ($block_size == 64)
5925 $block = sha512
(substr ($data, 0, $data_len * 64));
5928 $data63 = ord (substr ($data, $data_len * 64 - 1, 1));
5931 $datax[1] = unpack ("H*", substr ($block, 0, 32) . substr ($u, 32));
5933 $rest = join ("*", @datax);
5935 $tmp_hash = sprintf ('$pdf$5*6*256*-1028*1*16*%s*%s', $id, $rest);
5937 elsif ($mode == 10800)
5939 $hash_buf = sha384_hex
($word_buf);
5941 $tmp_hash = sprintf ("%s", $hash_buf);
5943 elsif ($mode == 10900)
5945 my $iterations = 1000;
5949 $iterations = int ($iter);
5954 if (defined $additional_param)
5956 $out_len = $additional_param;
5959 my $pbkdf2 = Crypt
::PBKDF2
->new
5961 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5962 iterations
=> $iterations,
5963 output_len
=> $out_len
5966 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5967 $hash_buf =~ s/[\r\n]//g;
5969 my $base64_salt_buf = encode_base64
($salt_buf);
5971 chomp ($base64_salt_buf);
5973 $tmp_hash = sprintf ("sha256:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
5975 elsif ($mode == 11000)
5977 $hash_buf = md5_hex
($salt_buf . $word_buf);
5979 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5981 elsif ($mode == 11100)
5983 my $user = "postgres";
5985 if (defined $additional_param)
5987 $user = $additional_param;
5990 $hash_buf = md5_hex
(md5_hex
($word_buf . $user) . pack ("H*", $salt_buf));
5992 $tmp_hash = sprintf ("\$postgres\$%s*%s*%s", $user, $salt_buf, $hash_buf);
5994 elsif ($mode == 11200)
5996 my $sha1_pass = sha1
($word_buf);
5997 my $double_sha1 = sha1
($sha1_pass);
5999 my $xor_part1 = $sha1_pass;
6000 my $xor_part2 = sha1
(pack ("H*", $salt_buf) . $double_sha1);
6004 for (my $i = 0; $i < 20; $i++)
6006 my $first_byte = substr ($xor_part1, $i, 1);
6007 my $second_byte = substr ($xor_part2, $i, 1);
6009 my $xor_result = $first_byte ^ $second_byte;
6011 $hash_buf .= unpack ("H*", $xor_result);
6014 $tmp_hash = sprintf ("\$mysqlna\$%s*%s", $salt_buf, $hash_buf);
6016 elsif ($mode == 11300)
6018 my $ckey_buf = get_random_string
(96);
6020 if (length ($additional_param))
6022 $ckey_buf = $additional_param;
6025 my $public_key_buf = get_random_string
(66);
6027 if (length ($additional_param2))
6029 $public_key_buf = $additional_param2;
6032 my $salt_iter = get_random_num
(150000, 250000);
6036 $salt_iter = int ($iter);
6039 my $hash_buf = sha512
($word_buf . pack ("H*", $salt_buf));
6041 for (my $i = 1; $i < $salt_iter; $i++)
6043 $hash_buf = sha512
($hash_buf);
6046 my $data = get_random_string
(32);
6048 my $aes = Crypt
::CBC
->new ({
6049 key
=> substr ($hash_buf, 0, 32),
6050 cipher
=> "Crypt::Rijndael",
6051 iv
=> substr ($hash_buf, 32, 16),
6055 padding
=> "standard",
6058 my $cry_master_buf = (unpack ("H*", $aes->encrypt ($data)));
6060 $tmp_hash = sprintf ('$bitcoin$%d$%s$%d$%s$%d$%d$%s$%d$%s',
6061 length ($cry_master_buf),
6068 length ($public_key_buf),
6071 elsif ($mode == 11400)
6073 my ($directive, $URI_server, $URI_client, $user, $realm, $nonce, $nonce_count, $nonce_client, $qop, $method, $URI, $URI_prefix, $URI_resource, $URI_suffix);
6075 $directive = "MD5"; # only directive currently supported
6077 if (defined ($additional_param))
6079 $user = $additional_param;
6080 $realm = $additional_param2;
6082 $nonce_count = $additional_param3;
6083 $nonce_client = $additional_param4;
6084 $qop = $additional_param5;
6085 $method = $additional_param6;
6087 $URI_prefix = $additional_param7;
6088 $URI_resource = $additional_param8;
6089 $URI_suffix = $additional_param9;
6091 # not needed information
6093 $URI_server = $additional_param10;
6094 $URI_client = $additional_param11;
6098 $user = get_random_string
(get_random_num
(0, 12 + 1));
6100 # special limit: (user_len + 1 + realm_len + 1 + word_buf_len) < 56
6101 my $realm_max_len = 55 - length ($user) - 1 - length ($word_buf) - 1;
6103 if ($realm_max_len < 1) # should never happen
6108 $realm_max_len = min
(20, $realm_max_len);
6110 $realm = get_random_string
(get_random_num
(0, $realm_max_len + 1));
6114 if (get_random_num
(0, 1 + 1) == 1)
6118 $nonce_count = get_random_string
(get_random_num
(0, 10 + 1));
6119 $nonce_client = get_random_string
(get_random_num
(0, 12 + 1));
6129 $method = get_random_string
(get_random_num
(0, 24 + 1));
6131 $URI_prefix = get_random_string
(get_random_num
(0, 10 + 1));
6132 $URI_resource = get_random_string
(get_random_num
(1, 32 + 1));
6133 $URI_suffix = get_random_string
(get_random_num
(0, 32 + 1));
6135 # not needed information
6137 $URI_server = get_random_string
(get_random_num
(0, 32 + 1));
6138 $URI_client = $URI_resource; # simplification
6145 if (length ($URI_prefix) > 0)
6147 $URI = $URI_prefix . ":";
6150 $URI .= $URI_resource;
6152 if (length ($URI_suffix) > 0)
6154 $URI .= ":" . $URI_suffix;
6157 my $HA2 = md5_hex
($method . ":" . $URI);
6159 my $HA1 = md5_hex
($user . ":" . $realm . ":" . $word_buf);
6163 if (($qop eq "auth") || ($qop eq "auth-int"))
6165 $tmp_buf = $nonce . ":" . $nonce_count . ":" . $nonce_client . ":" . $qop;
6172 my $hash_buf = md5_hex
($HA1 . ":" . $tmp_buf . ":" . $HA2);
6174 $tmp_hash = sprintf ("\$sip\$*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s", $URI_server, $URI_resource, $user, $realm, $method, $URI_prefix, $URI_resource, $URI_suffix, $nonce, $nonce_client, $nonce_count, $qop, $directive, $hash_buf);
6176 elsif ($mode == 11500)
6178 $hash_buf = crc32
($word_buf);
6180 $tmp_hash = sprintf ("%08x:00000000", $hash_buf);
6182 elsif ($mode == 11600)
6184 my ($p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, $data_len, $unpack_size, $data_buf);
6188 my $validation_only = 0;
6190 $validation_only = 1 if (defined ($additional_param));
6192 if ($validation_only == 1)
6194 $num_cycle_power = int ($iter);
6195 $seven_zip_salt_len = $additional_param;
6196 $seven_zip_salt_buf = $additional_param2;
6197 $salt_len = $additional_param3;
6198 # $salt_buf set in parser
6199 # $hash_buf (resulting crc)
6200 $data_len = $additional_param4;
6201 $unpack_size = $additional_param5;
6202 $data_buf = $additional_param6;
6206 $num_cycle_power = 14; # by default it is 19
6207 $seven_zip_salt_len = 0;
6208 $seven_zip_salt_buf = "";
6209 $salt_len = length ($salt_buf);
6210 # $salt_buf set automatically
6211 # $hash_buf (resulting crc)
6212 # $data_len will be set when encrypting
6213 $unpack_size = get_random_num
(1, 32 + 1);
6214 $data_buf = get_random_string
($unpack_size);
6218 # 2 ^ NumCyclesPower "iterations" of SHA256 (only one final SHA256)
6221 $word_buf = encode
("UTF-16LE", $word_buf);
6223 my $rounds = 1 << $num_cycle_power;
6227 for (my $i = 0; $i < $rounds; $i++)
6231 $num_buf .= pack ("V", $i);
6232 $num_buf .= "\x00" x
4;
6234 # this would be better but only works on 64-bit systems:
6235 # $num_buf = pack ("q", $i);
6237 $pass_buf .= sprintf ("%s%s", $word_buf, $num_buf);
6240 my $key = sha256
($pass_buf);
6242 # the salt_buf is our IV for AES CBC
6245 my $salt_buf_len = length ($salt_buf);
6246 my $salt_padding_len = 0;
6248 if ($salt_buf_len < 16)
6250 $salt_padding_len = 16 - $salt_buf_len;
6253 $salt_buf .= "\x00" x
$salt_padding_len;
6255 my $aes = Crypt
::CBC
->new ({
6256 cipher
=> "Crypt::Rijndael",
6264 if ($validation_only == 1)
6268 my $decrypted_data = $aes->decrypt ($data_buf);
6270 $decrypted_data = substr ($decrypted_data, 0, $unpack_size);
6272 $hash_buf = crc32
($decrypted_data);
6278 $hash_buf = crc32
($data_buf);
6280 $data_buf = $aes->encrypt ($data_buf);
6282 $data_len = length ($data_buf);
6285 $tmp_hash = sprintf ("\$7z\$%i\$%i\$%i\$%s\$%i\$%08s\$%u\$%u\$%u\$%s", $p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, unpack ("H*", $salt_buf), $hash_buf, $data_len, $unpack_size, unpack ("H*", $data_buf));
6287 elsif ($mode == 11900)
6289 my $iterations = 1000;
6293 $iterations = int ($iter);
6298 if (defined $additional_param)
6300 $out_len = $additional_param;
6304 # call PHP here - WTF
6307 # sanitize $word_buf and $salt_buf:
6309 my $word_buf_base64 = encode_base64
($word_buf);
6310 $word_buf_base64 =~ s/[\r\n]//g;
6312 my $salt_buf_base64 = encode_base64
($salt_buf);
6313 $salt_buf_base64 =~ s/[\r\n]//g;
6317 $out_len = int ($out_len);
6319 # output is in hex encoding, otherwise it could be screwed (but shouldn't)
6321 my $php_code = <<'END_CODE';
6323 function pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
6325 $algorithm = strtolower ($algorithm);
6327 if (! in_array ($algorithm, hash_algos (), true))
6329 trigger_error ("PBKDF2 ERROR: Invalid hash algorithm.", E_USER_ERROR);
6332 if ($count <= 0 || $key_length <= 0)
6334 trigger_error ("PBKDF2 ERROR: Invalid parameters.", E_USER_ERROR);
6337 if (function_exists ("hash_pbkdf2"))
6341 $key_length = $key_length * 2;
6344 return hash_pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output);
6347 $hash_length = strlen (hash ($algorithm, "", true));
6348 $block_count = ceil ($key_length / $hash_length);
6352 for ($i = 1; $i <= $block_count; $i++)
6354 $last = $salt . pack ("N", $i);
6356 $last = $xorsum = hash_hmac ($algorithm, $last, $password, true);
6358 for ($j = 1; $j < $count; $j++)
6360 $xorsum ^= ($last = hash_hmac ($algorithm, $last, $password, true));
6368 return substr ($output, 0, $key_length);
6372 return bin2hex (substr ($output, 0, $key_length));
6376 print pbkdf2 ("md5", base64_decode ("$word_buf_base64"), base64_decode ("$salt_buf_base64"), $iterations, $out_len, False);
6380 # replace with these command line arguments
6382 $php_code =~ s/\$word_buf_base64/$word_buf_base64/;
6383 $php_code =~ s/\$salt_buf_base64/$salt_buf_base64/;
6384 $php_code =~ s/\$iterations/$iterations/;
6385 $php_code =~ s/\$out_len/$out_len/;
6387 my $php_output = `php -r '$php_code'`;
6389 $hash_buf = pack ("H*", $php_output);
6391 $hash_buf = encode_base64 ($hash_buf);
6392 $hash_buf =~ s/[\r\n]//g;
6394 my $base64_salt_buf = encode_base64 ($salt_buf);
6396 chomp ($base64_salt_buf);
6398 $tmp_hash = sprintf ("md5:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6400 elsif ($mode == 12000)
6402 my $iterations = 1000;
6406 $iterations = int ($iter);
6411 if (defined $additional_param)
6413 $out_len = $additional_param;
6416 my $pbkdf2 = Crypt::PBKDF2->new
6418 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1'),
6419 iterations => $iterations,
6420 output_len => $out_len
6423 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6424 $hash_buf =~ s/[\r\n]//g;
6426 my $base64_salt_buf = encode_base64 ($salt_buf);
6428 chomp ($base64_salt_buf);
6430 $tmp_hash = sprintf ("sha1:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6432 elsif ($mode == 12100)
6434 my $iterations = 1000;
6438 $iterations = int ($iter);
6443 if (defined $additional_param)
6445 $out_len = $additional_param;
6448 my $pbkdf2 = Crypt::PBKDF2->new
6450 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512),
6451 iterations => $iterations,
6452 output_len => $out_len
6455 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6456 $hash_buf =~ s/[\r\n]//g;
6458 my $base64_salt_buf = encode_base64 ($salt_buf);
6460 chomp ($base64_salt_buf);
6462 $tmp_hash = sprintf ("sha512:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6464 elsif ($mode == 12200)
6466 my $iterations = 65536;
6468 my $default_salt = 0;
6470 if (defined $additional_param)
6472 $default_salt = int ($additional_param);
6475 if ($default_salt == 1)
6477 $salt_buf = "0011223344556677";
6480 $hash_buf = sha512 (pack ("H*", $salt_buf) . $word_buf);
6482 for (my $i = 0; $i < $iterations; $i++)
6484 $hash_buf = sha512 ($hash_buf);
6487 $hash_buf = unpack ("H*", $hash_buf);
6488 $hash_buf = substr ($hash_buf, 0, 16);
6490 if ($default_salt == 0)
6492 $tmp_hash = sprintf ("\$ecryptfs\$0\$1\$%s\$%s", $salt_buf, $hash_buf);
6496 $tmp_hash = sprintf ("\$ecryptfs\$0\$%s", $hash_buf);
6499 elsif ($mode == 12300)
6501 my $iterations = 4096;
6503 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
6505 my $pbkdf2 = Crypt::PBKDF2->new (
6507 iterations => $iterations,
6511 my $salt_bin = pack ("H*", $salt_buf);
6513 my $key = $pbkdf2->PBKDF2 ($salt_bin. "AUTH_PBKDF2_SPEEDY_KEY", $word_buf);
6515 $hash_buf = sha512_hex ($key . $salt_bin);
6517 $tmp_hash = sprintf ("%s%s", uc ($hash_buf), uc ($salt_buf));
6519 elsif ($mode == 12400)
6525 $iterations = int ($iter);
6529 $iterations = get_random_num (1, 5001 + 1);
6532 my $key_value = fold_password ($word_buf);
6534 my $data = "\x00\x00\x00\x00\x00\x00\x00\x00";
6535 my $salt_value = base64_to_int24 ($salt_buf);
6537 $hash_buf = crypt_rounds ($key_value, $iterations, $salt_value, $data);
6539 $tmp_hash = sprintf ("_%s%s%s", int24_to_base64 ($iterations), $salt_buf, block_to_base64 ($hash_buf));
6541 elsif ($mode == 12600)
6543 $hash_buf = sha1_hex ($word_buf);
6545 $hash_buf = sha256_hex ($salt_buf . uc $hash_buf);
6547 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
6549 elsif ($mode == 12700)
6551 my $iterations = 10;
6554 "guid" : "00000000-0000-0000-0000-000000000000",
6555 "sharedKey" : "00000000-0000-0000-0000-000000000000",
6556 "options" : {"pbkdf2_iterations":10,"fee_policy":0,"html5_notifications":false,"logout_time":600000,"tx_display":0,"always_keep_local_backup":false}|;
6558 my $salt_buf_bin = pack ("H*", $salt_buf);
6560 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
6562 my $pbkdf2 = Crypt::PBKDF2->new (
6564 iterations => $iterations,
6568 my $key = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6570 my $cipher = Crypt::CBC->new ({
6572 cipher => "Crypt::Rijndael",
6573 iv => $salt_buf_bin,
6579 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
6581 $tmp_hash = sprintf ("\$blockchain\$%s\$%s", length ($salt_buf . $encrypted) / 2, $salt_buf . $encrypted);
6583 elsif ($mode == 12800)
6585 my $iterations = 100;
6589 $iterations = int ($iter);
6592 my $nt = md4_hex (encode ("UTF-16LE", $word_buf));
6594 my $pbkdf2 = Crypt::PBKDF2->new
6596 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6597 iterations => $iterations,
6601 my $salt_buf_bin = pack ("H*", $salt_buf);
6603 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, uc (encode ("UTF-16LE", $nt)));
6605 $tmp_hash = sprintf ("v1;PPH1_MD4,%s,%d,%s", $salt_buf, $iterations, unpack ("H*", $hash));
6607 elsif ($mode == 12900)
6609 my $iterations = 4096;
6613 $iterations = int ($iter);
6616 my $salt2 = $salt_buf . $salt_buf;
6618 if (defined $additional_param)
6620 $salt2 = $additional_param;
6623 my $pbkdf2 = Crypt::PBKDF2->new
6625 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6626 iterations => $iterations,
6630 my $salt_buf_bin = pack ("H*", $salt_buf);
6632 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6634 my $salt2_bin = pack ("H*", $salt2);
6636 my $hash_hmac = hmac_hex ($salt2_bin, $hash, \&sha256, 64);
6638 $tmp_hash = sprintf ("%s%s%s", $salt2, $hash_hmac, $salt_buf);
6640 elsif ($mode == 13000)
6642 my $iterations = 15;
6646 $iterations = int ($iter);
6651 if (defined $additional_param)
6653 $iv = $additional_param;
6656 my $pbkdf2 = Crypt::PBKDF2->new
6658 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6659 iterations => (1 << $iterations) + 32,
6663 my $salt_buf_bin = pack ("H*", $salt_buf);
6665 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6667 my $hash_final = substr ($hash, 0, 8)
6668 ^ substr ($hash, 8, 8)
6669 ^ substr ($hash, 16, 8)
6670 ^ substr ($hash, 24, 8);
6672 $tmp_hash = sprintf ('$rar5$16$%s$%d$%s$8$%s', $salt_buf, $iterations, $iv, unpack ("H*", $hash_final));
6674 elsif ($mode == 13100)
6676 my @salt_arr = split ('\$', $salt_buf);
6678 my $user = $salt_arr[0];
6680 my $realm = $salt_arr[1];
6682 my $spn = $salt_arr[2];
6684 my $nonce = $salt_arr[3];
6686 my $cleartext_ticket = '6381b03081ada00703050050a00000a11b3019a003020117a1'.
6687 '12041058e0d77776e8b8e03991f2966939222aa2171b154d594b5242544553542e434f4e5'.
6688 '44f534f2e434f4da3133011a003020102a10a30081b067472616e6365a40b3009a0030201'.
6689 '01a1020400a511180f32303136303231353134343735305aa611180f32303136303231353'.
6690 '134343735305aa711180f32303136303231363030343735305aa811180f32303136303232'.
6693 $cleartext_ticket = $nonce . $cleartext_ticket;
6695 my $k = md4 (encode ("UTF-16LE", $word_buf));
6697 my $k1 = hmac_md5 ("\x02\x00\x00\x00", $k);
6699 my $checksum = hmac_md5 (pack ("H*", $cleartext_ticket), $k1);
6701 my $k3 = hmac_md5 ($checksum, $k1);
6703 my $cipher = Crypt::RC4->new ($k3);
6705 my $edata2 = $cipher->RC4 (pack ("H*", $cleartext_ticket));
6707 $tmp_hash = sprintf ('$krb5tgs$23$*%s$%s$%s*$%s$%s', $user, $realm, $spn, unpack ("H*", $checksum), unpack ("H*", $edata2));
6717 my $word_len = shift;
6719 my $salt_len = shift;
6723 $max = 15 if ($mode == 2410);
6725 if ($is_unicode{$mode})
6727 if (! $allow_long_salt{$mode})
6729 $word_len = min ($word_len, int ($max / 2) - $salt_len);
6733 $word_len = min ($word_len, int ($max / 2));
6736 elsif ($less_fifteen{$mode})
6738 $word_len = min ($word_len, 15);
6742 $salt_len = min ($salt_len, 15 - $word_len);
6747 if (! $allow_long_salt{$mode})
6749 $word_len = min ($word_len, $max - $salt_len);
6768 for (my $i = 0; $i < $salt_len; $i++)
6770 my $c = get_random_chr (0x30, 0x39);
6772 push (@salt_arr, $c);
6775 $salt_buf = join ("", @salt_arr);
6777 $salt_buf = get_random_md5chap_salt ($salt_buf);
6779 elsif ($mode == 5300 || $mode == 5400)
6781 $salt_buf = get_random_ike_salt ();
6783 elsif ($mode == 5500)
6785 $salt_buf = get_random_netntlmv1_salt ($salt_len, $salt_len);
6787 elsif ($mode == 5600)
6789 $salt_buf = get_random_netntlmv2_salt ($salt_len, $salt_len);
6791 elsif ($mode == 6600)
6793 $salt_buf = get_random_agilekeychain_salt ();
6795 elsif ($mode == 8200)
6797 $salt_buf = get_random_cloudkeychain_salt ();
6799 elsif ($mode == 8300)
6801 $salt_buf = get_random_dnssec_salt ();
6803 elsif ($mode == 13100)
6805 $salt_buf = get_random_kerberos5_tgs_salt ();
6811 for (my $i = 0; $i < $salt_len; $i++)
6813 my $c = get_random_chr (0x30, 0x39);
6815 push (@salt_arr, $c);
6818 $salt_buf = join ("", @salt_arr);
6822 $salt_buf = get_random_kerberos5_salt ($salt_buf);
6832 for (my $i = 0; $i < $word_len; $i++)
6834 my $c = get_random_chr (0x30, 0x39);
6836 push (@word_arr, $c);
6839 my $word_buf = join ("", @word_arr);
6845 my $tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
6858 print sprintf ("echo -n %-20s | %s \${OPTS} %s %4d '%s'\n", $word_buf, @cmd);
6870 sub get_random_string
6876 for (my $i = 0; $i < $len; $i++)
6878 my $c = get_random_chr (0x30, 0x39);
6883 my $buf = join ("", @arr);
6893 return int ((rand ($max - $min)) + $min);
6898 return chr get_random_num (@_);
6907 for (my $i = 0; $i < length ($str); $i += 4)
6909 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
6911 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
6918 $salt = substr ($decoded, 0, 5);
6920 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
6924 $byte10 = 256 + $byte10;
6927 substr ($salt, 3, 1) = chr ($byte10);
6929 $digest = substr ($decoded, 5, 9);
6930 $char = substr ($str, 18, 1);
6932 return ($digest, $salt, $char);
6935 sub domino_85x_decode
6941 for (my $i = 0; $i < length ($str); $i += 4)
6943 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
6945 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
6950 my $iterations = -1;
6953 $salt = substr ($decoded, 0, 16); # longer than -m 8700 (5 vs 16 <- new)
6955 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
6959 $byte10 = 256 + $byte10;
6962 substr ($salt, 3, 1) = chr ($byte10);
6964 $iterations = substr ($decoded, 16, 10);
6966 if ($iterations =~ /^?d*$/)
6970 $iterations = $iterations + 0; # hack: make sure it is an int now (atoi ())
6971 $chars = substr ($decoded, 26, 2); # in my example it is "02"
6972 $digest = substr ($decoded, 28, 8); # only of length of 8 vs 20 SHA1 bytes
6975 return ($digest, $salt, $iterations, $chars);
6978 sub domino_base64_decode
6983 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
6991 my $idx = (index ($itoa64, substr ($v, $n - $i, 1))) & 0x3f;
6993 $ret += ($idx << (6 * ($i - 1)));
7006 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
7010 $byte10 = $byte10 - 256;
7013 substr ($final, 3, 1) = chr ($byte10);
7017 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
7018 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
7019 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
7020 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
7021 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
7023 if (defined ($char))
7025 substr ($passwd, 18, 1) = $char;
7027 substr ($passwd, 19, 1) = "";
7032 sub domino_85x_encode
7037 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
7041 $byte10 = $byte10 - 256;
7044 substr ($final, 3, 1) = chr ($byte10);
7048 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
7049 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
7050 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
7051 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
7052 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
7053 $passwd .= domino_base64_encode ((int (ord (substr ($final, 15, 1))) << 16) | (int (ord (substr ($final, 16, 1))) << 8) | (int (ord (substr ($final, 17, 1)))), 4);
7054 $passwd .= domino_base64_encode ((int (ord (substr ($final, 18, 1))) << 16) | (int (ord (substr ($final, 19, 1))) << 8) | (int (ord (substr ($final, 20, 1)))), 4);
7055 $passwd .= domino_base64_encode ((int (ord (substr ($final, 21, 1))) << 16) | (int (ord (substr ($final, 22, 1))) << 8) | (int (ord (substr ($final, 23, 1)))), 4);
7056 $passwd .= domino_base64_encode ((int (ord (substr ($final, 24, 1))) << 16) | (int (ord (substr ($final, 25, 1))) << 8) | (int (ord (substr ($final, 26, 1)))), 4);
7057 $passwd .= domino_base64_encode ((int (ord (substr ($final, 27, 1))) << 16) | (int (ord (substr ($final, 28, 1))) << 8) | (int (ord (substr ($final, 29, 1)))), 4);
7058 $passwd .= domino_base64_encode ((int (ord (substr ($final, 30, 1))) << 16) | (int (ord (substr ($final, 31, 1))) << 8) | (int (ord (substr ($final, 32, 1)))), 4);
7059 $passwd .= domino_base64_encode ((int (ord (substr ($final, 33, 1))) << 16) | (int (ord (substr ($final, 34, 1))) << 8) | (int (ord (substr ($final, 35, 1)))), 4);
7061 if (defined ($char))
7063 substr ($passwd, 18, 1) = $char;
7069 sub domino_base64_encode
7074 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
7078 while (($n - 1) >= 0)
7082 $ret = substr ($itoa64, $v & 0x3f, 1) . $ret;
7092 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7097 my $v = unpack "V", substr($md5, $i*4, 4);
7099 $s64 .= substr($itoa64, $v & 0x3f, 1);
7108 my ($username, $password) = @_;
7110 $username = substr ($username . " " x 8, 0, 8);
7111 $password = substr ($password . " " x 8, 0, 8);
7113 my $username_ebc = ascii2ebcdic ($username);
7114 my $password_ebc = ascii2ebcdic ($password);
7116 my @pw = split ("", $password_ebc);
7118 for (my $i = 0; $i < 8; $i++)
7120 $pw[$i] = unpack ("C", $pw[$i]);
7123 $pw[$i] = pack ("C", $pw[$i] & 0xff);
7126 my $key = join ("", @pw);
7128 my $cipher = new Crypt::DES $key;
7130 my $ciphertext = $cipher->encrypt ($username_ebc);
7132 my $ct = unpack ("H16", $ciphertext);
7139 my ($username, $password) = @_;
7141 my $userpass = pack('n*', unpack('C*', uc($username.$password)));
7142 $userpass .= pack('C', 0) while (length($userpass) % 8);
7144 my $key = pack('H*', "0123456789ABCDEF");
7145 my $iv = pack('H*', "0000000000000000");
7147 my $c = new Crypt::CBC(
7154 my $key2 = substr($c->encrypt($userpass), length($userpass)-8, 8);
7156 my $c2 = new Crypt::CBC(
7163 my $hash = substr($c2->encrypt($userpass), length($userpass)-8, 8);
7165 return uc(unpack('H*', $hash));
7170 my $word_buf = shift;
7172 my $salt_buf = shift;
7174 my $w = sprintf ("%d%s%s", 0, $word_buf, $salt_buf);
7176 my $digest = sha1 ($w);
7178 for (my $i = 1; $i < 1024; $i++)
7180 $w = $digest . sprintf ("%d%s%s", $i, $word_buf, $salt_buf);
7182 $digest = sha1 ($w);
7185 my ($A, $B, $C, $D, $E) = unpack ("N5", $digest);
7187 return sprintf ("%08x%08x%08x%08x%08x", $A, $B, $C, $D, $E);
7195 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7199 while (($n - 1) >= 0)
7203 $ret .= substr ($itoa64, $v & 0x3f, 1);
7219 my $hash = ""; # hash to be returned by this function
7221 my $final = md5 ($pass . $salt . $pass);
7223 $salt = substr ($salt, 0, 8);
7225 my $tmp = $pass . $magic . $salt;
7227 my $pass_len = length ($pass);
7231 for ($i = $pass_len; $i > 0; $i -= 16)
7240 $tmp .= substr ($final, 0, $len);
7253 $tmp .= substr ($pass, 0, 1);
7259 $final = md5 ($tmp);
7261 for ($i = 0; $i < $iter; $i++)
7293 $final = md5 ($tmp);
7297 # now format the output sting ("hash")
7301 $hash = to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 6, 1)) << 8) | (ord (substr ($final, 12, 1))), 4);
7302 $hash .= to64 ((ord (substr ($final, 1, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7303 $hash .= to64 ((ord (substr ($final, 2, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
7304 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 9, 1)) << 8) | (ord (substr ($final, 15, 1))), 4);
7305 $hash .= to64 ((ord (substr ($final, 4, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
7306 $hash .= to64 (ord (substr ($final, 11, 1)), 2);
7308 if ($iter == 1000) # default
7310 $hash_buf = sprintf ("%s%s\$%s", $magic , $salt , $hash);
7314 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7326 my $hash = ""; # hash to be returned by this function
7328 my $final = sha512 ($pass . $salt . $pass);
7330 $salt = substr ($salt, 0, 16);
7332 my $tmp = $pass . $salt;
7334 my $pass_len = length ($pass);
7335 my $salt_len = length ($salt);
7339 for ($i = $pass_len; $i > 0; $i -= 16)
7348 $tmp .= substr ($final, 0, $len);
7367 $final = sha512 ($tmp);
7373 for ($i = 0; $i < $pass_len; $i++)
7378 $p_bytes = sha512 ($p_bytes);
7379 $p_bytes = substr ($p_bytes, 0, $pass_len);
7383 my $final_first_byte = ord (substr ($final, 0, 1));
7387 for ($i = 0; $i < (16 + $final_first_byte); $i++)
7392 $s_bytes = sha512 ($s_bytes);
7393 $s_bytes = substr ($s_bytes, 0, $salt_len);
7395 for ($i = 0; $i < $iter; $i++)
7427 $final = sha512 ($tmp);
7431 # now format the output string ("hash")
7435 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 21, 1)) << 8) | (ord (substr ($final, 42, 1))), 4);
7436 $hash .= to64 ((ord (substr ($final, 22, 1)) << 16) | (ord (substr ($final, 43, 1)) << 8) | (ord (substr ($final, 1, 1))), 4);
7437 $hash .= to64 ((ord (substr ($final, 44, 1)) << 16) | (ord (substr ($final, 2, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
7438 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 24, 1)) << 8) | (ord (substr ($final, 45, 1))), 4);
7439 $hash .= to64 ((ord (substr ($final, 25, 1)) << 16) | (ord (substr ($final, 46, 1)) << 8) | (ord (substr ($final, 4, 1))), 4);
7440 $hash .= to64 ((ord (substr ($final, 47, 1)) << 16) | (ord (substr ($final, 5, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
7441 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 27, 1)) << 8) | (ord (substr ($final, 48, 1))), 4);
7442 $hash .= to64 ((ord (substr ($final, 28, 1)) << 16) | (ord (substr ($final, 49, 1)) << 8) | (ord (substr ($final, 7, 1))), 4);
7443 $hash .= to64 ((ord (substr ($final, 50, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
7444 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 30, 1)) << 8) | (ord (substr ($final, 51, 1))), 4);
7445 $hash .= to64 ((ord (substr ($final, 31, 1)) << 16) | (ord (substr ($final, 52, 1)) << 8) | (ord (substr ($final, 10, 1))), 4);
7446 $hash .= to64 ((ord (substr ($final, 53, 1)) << 16) | (ord (substr ($final, 11, 1)) << 8) | (ord (substr ($final, 32, 1))), 4);
7447 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 33, 1)) << 8) | (ord (substr ($final, 54, 1))), 4);
7448 $hash .= to64 ((ord (substr ($final, 34, 1)) << 16) | (ord (substr ($final, 55, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7449 $hash .= to64 ((ord (substr ($final, 56, 1)) << 16) | (ord (substr ($final, 14, 1)) << 8) | (ord (substr ($final, 35, 1))), 4);
7450 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 36, 1)) << 8) | (ord (substr ($final, 57, 1))), 4);
7451 $hash .= to64 ((ord (substr ($final, 37, 1)) << 16) | (ord (substr ($final, 58, 1)) << 8) | (ord (substr ($final, 16, 1))), 4);
7452 $hash .= to64 ((ord (substr ($final, 59, 1)) << 16) | (ord (substr ($final, 17, 1)) << 8) | (ord (substr ($final, 38, 1))), 4);
7453 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 39, 1)) << 8) | (ord (substr ($final, 60, 1))), 4);
7454 $hash .= to64 ((ord (substr ($final, 40, 1)) << 16) | (ord (substr ($final, 61, 1)) << 8) | (ord (substr ($final, 19, 1))), 4);
7455 $hash .= to64 ((ord (substr ($final, 62, 1)) << 16) | (ord (substr ($final, 20, 1)) << 8) | (ord (substr ($final, 41, 1))), 4);
7456 $hash .= to64 (ord (substr ($final, 63, 1)), 2);
7460 if ($iter == 5000) # default
7462 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
7466 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7478 my $hash = ""; # hash to be returned by this function
7480 my $final = sha256 ($pass . $salt . $pass);
7482 $salt = substr ($salt, 0, 16);
7484 my $tmp = $pass . $salt;
7486 my $pass_len = length ($pass);
7487 my $salt_len = length ($salt);
7491 for ($i = $pass_len; $i > 0; $i -= 16)
7500 $tmp .= substr ($final, 0, $len);
7519 $final = sha256 ($tmp);
7525 for ($i = 0; $i < $pass_len; $i++)
7530 $p_bytes = sha256 ($p_bytes);
7531 $p_bytes = substr ($p_bytes, 0, $pass_len);
7535 my $final_first_byte = ord (substr ($final, 0, 1));
7539 for ($i = 0; $i < (16 + $final_first_byte); $i++)
7544 $s_bytes = sha256 ($s_bytes);
7545 $s_bytes = substr ($s_bytes, 0, $salt_len);
7547 for ($i = 0; $i < $iter; $i++)
7579 $final = sha256 ($tmp);
7583 # now format the output string ("hash")
7587 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 20, 1))), 4);
7588 $hash .= to64 ((ord (substr ($final, 21, 1)) << 16) | (ord (substr ($final, 1, 1)) << 8) | (ord (substr ($final, 11, 1))), 4);
7589 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 22, 1)) << 8) | (ord (substr ($final, 2, 1))), 4);
7590 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 13, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
7591 $hash .= to64 ((ord (substr ($final, 24, 1)) << 16) | (ord (substr ($final, 4, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
7592 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 25, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
7593 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 16, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
7594 $hash .= to64 ((ord (substr ($final, 27, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 17, 1))), 4);
7595 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 28, 1)) << 8) | (ord (substr ($final, 8, 1))), 4);
7596 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 19, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
7597 $hash .= to64 ((ord (substr ($final, 31, 1)) << 8) | (ord (substr ($final, 30, 1))), 3);
7601 if ($iter == 5000) # default
7603 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
7607 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7613 sub aix_ssha256_pbkdf2
7615 my $word_buf = shift;
7616 my $salt_buf = shift;
7617 my $iterations = shift;
7619 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256);
7621 my $pbkdf2 = Crypt::PBKDF2->new (
7623 iterations => $iterations,
7627 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7631 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7632 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7633 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7634 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7635 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7636 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7637 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
7638 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
7639 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
7640 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
7641 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) , 3);
7646 sub aix_ssha512_pbkdf2
7648 my $word_buf = shift;
7649 my $salt_buf = shift;
7650 my $iterations = shift;
7652 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
7654 my $pbkdf2 = Crypt::PBKDF2->new (
7656 iterations => $iterations,
7659 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7663 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7664 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7665 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7666 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7667 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7668 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7669 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
7670 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
7671 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
7672 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
7673 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) | (int (ord (substr ($hash_buf, 32, 1)))), 4);
7674 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 33, 1))) << 16) | (int (ord (substr ($hash_buf, 34, 1))) << 8) | (int (ord (substr ($hash_buf, 35, 1)))), 4);
7675 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 36, 1))) << 16) | (int (ord (substr ($hash_buf, 37, 1))) << 8) | (int (ord (substr ($hash_buf, 38, 1)))), 4);
7676 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 39, 1))) << 16) | (int (ord (substr ($hash_buf, 40, 1))) << 8) | (int (ord (substr ($hash_buf, 41, 1)))), 4);
7677 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 42, 1))) << 16) | (int (ord (substr ($hash_buf, 43, 1))) << 8) | (int (ord (substr ($hash_buf, 44, 1)))), 4);
7678 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 45, 1))) << 16) | (int (ord (substr ($hash_buf, 46, 1))) << 8) | (int (ord (substr ($hash_buf, 47, 1)))), 4);
7679 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 48, 1))) << 16) | (int (ord (substr ($hash_buf, 49, 1))) << 8) | (int (ord (substr ($hash_buf, 50, 1)))), 4);
7680 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 51, 1))) << 16) | (int (ord (substr ($hash_buf, 52, 1))) << 8) | (int (ord (substr ($hash_buf, 53, 1)))), 4);
7681 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 54, 1))) << 16) | (int (ord (substr ($hash_buf, 55, 1))) << 8) | (int (ord (substr ($hash_buf, 56, 1)))), 4);
7682 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 57, 1))) << 16) | (int (ord (substr ($hash_buf, 58, 1))) << 8) | (int (ord (substr ($hash_buf, 59, 1)))), 4);
7683 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 60, 1))) << 16) | (int (ord (substr ($hash_buf, 61, 1))) << 8) | (int (ord (substr ($hash_buf, 62, 1)))), 4);
7684 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 63, 1))) << 16) , 2);
7689 sub aix_ssha1_pbkdf2
7691 my $word_buf = shift;
7692 my $salt_buf = shift;
7693 my $iterations = shift;
7695 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
7697 my $pbkdf2 = Crypt::PBKDF2->new (
7699 iterations => $iterations,
7702 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7706 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7707 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7708 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7709 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7710 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7711 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7712 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) , 3);
7721 my @data = split "", $data_s;
7724 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7725 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7726 "\x3f\x40\x41\x50\x43\x44\x45\x4b\x47\x48\x4d\x4e\x54\x51\x53\x46" .
7727 "\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x56\x55\x5c\x49\x5d\x4a" .
7728 "\x42\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
7729 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x58\x5b\x59\xff\x52" .
7730 "\x4c\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
7731 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x57\x5e\x5a\x4f\xff" .
7732 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7733 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7734 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7735 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7736 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7737 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7738 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7739 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
7741 my @transTable = unpack ("C256", $transTable_s);
7745 for (my $i = 0; $i < scalar @data; $i++)
7747 $out[$i] = $transTable[int (ord ($data[$i]))];
7750 return pack ("C*", @out);
7755 my $digest_s = shift;
7760 my @w = unpack "C*", $w_s;
7761 my @s = unpack "C*", $s_s;
7764 "\x14\x77\xf3\xd4\xbb\x71\x23\xd0\x03\xff\x47\x93\x55\xaa\x66\x91" .
7765 "\xf2\x88\x6b\x99\xbf\xcb\x32\x1a\x19\xd9\xa7\x82\x22\x49\xa2\x51" .
7766 "\xe2\xb7\x33\x71\x8b\x9f\x5d\x01\x44\x70\xae\x11\xef\x28\xf0\x0d";
7768 my @bcodeTable = unpack ("C48", $bcodeTable_s);
7770 my @abcd = unpack ("C16", $digest_s);
7772 my $sum20 = ($abcd[0] & 3)
7782 for (my $i2 = 0; $i2 < $sum20; $i2++)
7787 for (my $i1 = 0, my $i2 = 0, my $i3 = 0; $i2 < $sum20; $i2++, $i2++)
7789 if ($i1 < length $w_s)
7791 if ($abcd[15 - $i1] & 1)
7793 $out[$i2] = $bcodeTable[48 - 1 - $i1];
7798 $out[$i2] = $w[$i1];
7804 if ($i3 < length $s_s)
7806 $out[$i2] = $s[$i3];
7812 $out[$i2] = $bcodeTable[$i2 - $i1 - $i3];
7815 return substr (pack ("C*", @out), 0, $sum20);
7820 my @key_56 = split (//, shift);
7826 $key .= chr(((ord($key_56[0]) << 7) | (ord($key_56[1]) >> 1)) & 255);
7827 $key .= chr(((ord($key_56[1]) << 6) | (ord($key_56[2]) >> 2)) & 255);
7828 $key .= chr(((ord($key_56[2]) << 5) | (ord($key_56[3]) >> 3)) & 255);
7829 $key .= chr(((ord($key_56[3]) << 4) | (ord($key_56[4]) >> 4)) & 255);
7830 $key .= chr(((ord($key_56[4]) << 3) | (ord($key_56[5]) >> 5)) & 255);
7831 $key .= chr(((ord($key_56[5]) << 2) | (ord($key_56[6]) >> 6)) & 255);
7832 $key .= chr(( ord($key_56[6]) << 1) & 255);
7843 for (my $i = 0; $i < $len; $i++)
7845 my $c = get_random_chr (0, 255);
7850 return join ("", @arr);
7853 sub get_random_netntlmv1_salt
7855 my $len_user = shift;
7856 my $len_domain = shift;
7862 for (my $i = 0; $i < $len_user; $i++)
7864 $type = get_random_num (1, 3);
7868 $char = get_random_chr (0x30, 0x39);
7872 $char = get_random_chr (0x41, 0x5A);
7876 $char = get_random_chr (0x61, 0x7A);
7884 for (my $i = 0; $i < $len_domain; $i++)
7886 $type = get_random_num (1, 3);
7890 $char = get_random_chr (0x30, 0x39);
7894 $char = get_random_chr (0x41, 0x5A);
7898 $char = get_random_chr (0x61, 0x7A);
7904 my $c_challenge = randbytes (8);
7905 my $s_challenge = randbytes (8);
7907 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $c_challenge) . unpack ("H*", $s_challenge);
7912 sub get_random_netntlmv2_salt
7914 my $len_user = shift;
7915 my $len_domain = shift;
7921 if ($len_user + $len_domain > 27)
7923 if ($len_user > $len_domain)
7925 $len_user = 27 - $len_domain;
7929 $len_domain = 27 - $len_user;
7933 for (my $i = 0; $i < $len_user; $i++)
7935 $type = get_random_num (1, 3);
7939 $char = get_random_chr (0x30, 0x39);
7943 $char = get_random_chr (0x41, 0x5A);
7947 $char = get_random_chr (0x61, 0x7A);
7955 for (my $i = 0; $i < $len_domain; $i++)
7957 $type = get_random_num (1, 3);
7961 $char = get_random_chr (0x30, 0x39);
7965 $char = get_random_chr (0x41, 0x5A);
7969 $char = get_random_chr (0x61, 0x7A);
7975 my $c_challenge = randbytes (8);
7976 my $s_challenge = randbytes (8);
7978 my $temp = "\x01\x01" .
7983 randbytes (20 * rand () + 1) .
7986 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $s_challenge) . unpack ("H*", $temp);
7991 sub get_random_ike_salt
7995 for (my $i = 0; $i < 40; $i++)
7997 $nr_buf .= get_random_chr (0, 0xff);
8002 for (my $i = 0; $i < 440; $i++)
8004 $msg_buf .= get_random_chr (0, 0xff);
8007 my $nr_buf_hex = unpack ("H*", $nr_buf);
8008 my $msg_buf_hex = unpack ("H*", $msg_buf);
8010 my $salt_buf = sprintf ("%s:%s:%s:%s:%s:%s:%s:%s", substr ($msg_buf_hex, 0, 256), substr ($msg_buf_hex, 256, 256), substr ($msg_buf_hex, 512, 16), substr ($msg_buf_hex, 528, 16), substr ($msg_buf_hex, 544, 320), substr ($msg_buf_hex, 864, 16), substr ($nr_buf_hex, 0, 40), substr ($nr_buf_hex, 40, 40));
8015 sub get_random_agilekeychain_salt
8019 for (my $i = 0; $i < 8; $i++)
8021 $salt_buf .= get_random_chr (0x0, 0xff);
8026 for (my $i = 0; $i < 16; $i++)
8028 $iv .= get_random_chr (0x0, 0xff);
8031 my $prefix = "\x00" x 1008;
8033 my $ret = unpack ("H*", $salt_buf . $prefix . $iv);
8038 sub get_random_cloudkeychain_salt
8042 for (my $i = 0; $i < 16; $i++)
8044 $salt_buf .= get_random_chr (0x0, 0xff);
8047 for (my $i = 0; $i < 304; $i++)
8049 $salt_buf .= get_random_chr (0x0, 0xff);
8052 my $ret = unpack ("H*", $salt_buf);
8057 sub get_random_kerberos5_salt
8059 my $custom_salt = shift;
8061 my $clear_data = randbytes (14) .
8062 strftime ("%Y%m%d%H%M%S", localtime) .
8066 my $realm = "realm";
8069 my $salt_buf = $user . "\$" . $realm . "\$" . $salt . "\$" . unpack ("H*", $custom_salt) . "\$" . unpack ("H*", $clear_data) . "\$";
8074 sub get_random_kerberos5_tgs_salt
8076 my $nonce = randbytes (8);
8079 my $realm = "realm";
8080 my $spn = "test/spn";
8082 my $salt_buf = $user . "\$" . $realm . "\$" . $spn . "\$" . unpack ("H*",$nonce);
8087 sub get_random_md5chap_salt
8089 my $salt_buf = shift;
8091 my $salt = unpack ("H*", $salt_buf);
8095 $salt .= unpack ("H*", randbytes (1));
8100 sub get_random_dnssec_salt
8106 for (my $i = 0; $i < 8; $i++)
8108 $salt_buf .= get_random_chr (0x61, 0x7a);
8111 $salt_buf .= ".net";
8115 for (my $i = 0; $i < 8; $i++)
8117 $salt_buf .= get_random_chr (0x30, 0x39);
8130 my $byte_off = int ($bit / 8);
8131 my $bit_off = int ($bit % 8);
8133 my $char = substr ($digest, $byte_off, 1);
8134 my $num = ord ($char);
8136 return (($num & (1 << $bit_off)) ? 1 : 0);
8145 my $constant_phrase =
8146 "To be, or not to be,--that is the question:--\n" .
8147 "Whether 'tis nobler in the mind to suffer\n" .
8148 "The slings and arrows of outrageous fortune\n" .
8149 "Or to take arms against a sea of troubles,\n" .
8150 "And by opposing end them?--To die,--to sleep,--\n" .
8151 "No more; and by a sleep to say we end\n" .
8152 "The heartache, and the thousand natural shocks\n" .
8153 "That flesh is heir to,--'tis a consummation\n" .
8154 "Devoutly to be wish'd. To die,--to sleep;--\n" .
8155 "To sleep! perchance to dream:--ay, there's the rub;\n" .
8156 "For in that sleep of death what dreams may come,\n" .
8157 "When we have shuffled off this mortal coil,\n" .
8158 "Must give us pause: there's the respect\n" .
8159 "That makes calamity of so long life;\n" .
8160 "For who would bear the whips and scorns of time,\n" .
8161 "The oppressor's wrong, the proud man's contumely,\n" .
8162 "The pangs of despis'd love, the law's delay,\n" .
8163 "The insolence of office, and the spurns\n" .
8164 "That patient merit of the unworthy takes,\n" .
8165 "When he himself might his quietus make\n" .
8166 "With a bare bodkin? who would these fardels bear,\n" .
8167 "To grunt and sweat under a weary life,\n" .
8168 "But that the dread of something after death,--\n" .
8169 "The undiscover'd country, from whose bourn\n" .
8170 "No traveller returns,--puzzles the will,\n" .
8171 "And makes us rather bear those ills we have\n" .
8172 "Than fly to others that we know not of?\n" .
8173 "Thus conscience does make cowards of us all;\n" .
8174 "And thus the native hue of resolution\n" .
8175 "Is sicklied o'er with the pale cast of thought;\n" .
8176 "And enterprises of great pith and moment,\n" .
8177 "With this regard, their currents turn awry,\n" .
8178 "And lose the name of action.--Soft you now!\n" .
8179 "The fair Ophelia!--Nymph, in thy orisons\n" .
8180 "Be all my sins remember'd.\n\x00";
8182 my $constant_len = length ($constant_phrase);
8184 my $hash_buf = md5 ($pw . $salt);
8190 for (my $round = 0; $round < $iter; $round++)
8192 my $shift_a = md5bit ($hash_buf, $round + 0);
8193 my $shift_b = md5bit ($hash_buf, $round + 64);
8198 for (my $k = 0; $k < 16; $k++)
8200 my $s7shift = ord (substr ($hash_buf, $k, 1)) % 8;
8202 my $l = ($k + 3) % 16;
8204 my $num = ord (substr ($hash_buf, $l, 1));
8206 $shift_4[$k] = $num % 5;
8208 $shift_7[$k] = ($num >> $s7shift) & 1;
8213 for (my $k = 0; $k < 16; $k++)
8215 $indirect_4[$k] = (ord (substr ($hash_buf, $k, 1)) >> $shift_4[$k]) & 0xf;
8220 for (my $k = 0; $k < 16; $k++)
8222 $indirect_7[$k] = (ord (substr ($hash_buf, $indirect_4[$k], 1)) >> $shift_7[$k]) & 0x7f;
8228 for (my $k = 0; $k < 8; $k++)
8230 $indirect_a |= md5bit ($hash_buf, $indirect_7[$k + 0]) << $k;
8232 $indirect_b |= md5bit ($hash_buf, $indirect_7[$k + 8]) << $k;
8235 $indirect_a = ($indirect_a >> $shift_a) & 0x7f;
8236 $indirect_b = ($indirect_b >> $shift_b) & 0x7f;
8238 my $bit_a = md5bit ($hash_buf, $indirect_a);
8239 my $bit_b = md5bit ($hash_buf, $indirect_b);
8249 if ($bit_a ^ $bit_b)
8251 substr ($W, 16, 48) = substr ($constant_phrase, 0, 48);
8255 $to_hash .= substr ($W, 0, 64);
8259 for ($constant_off = 48; $constant_off < $constant_len - 64; $constant_off += 64)
8261 substr ($W, 0, 64) = substr ($constant_phrase, $constant_off, 64);
8265 $to_hash .= substr ($W, 0, 64);
8268 $pos = $constant_len - $constant_off;
8272 substr ($W, 0, $pos) = substr ($constant_phrase, $constant_off, $pos);
8287 my $round_div = int ($tmp / 10);
8288 my $round_mod = int ($tmp % 10);
8292 $a_buf[int ($a_len / 4)] = (($round_mod + 0x30) | ($a_buf[int ($a_len / 4)] << 8));
8302 for ($g = 0; $g < $a_len; $g++)
8304 my $remainder = $a_buf[$g];
8310 while ($remainder > 0)
8312 $sub = $remainder >> (8 * $factor);
8314 if ($started != 1 || $sub > 0)
8318 $tmp_str = chr ($sub) . $tmp_str;
8320 $remainder -= ($sub << (8 * $factor));
8328 substr ($W, $pos, $a_len) = $tmp_str;
8334 $to_hash .= substr ($W, 0, $pos);
8336 $to_hash = substr ($to_hash, 0, $total);
8338 $hash_buf = md5 ($to_hash);
8343 $passwd .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 6, 1))) << 8) | (int (ord (substr ($hash_buf, 12, 1)))), 4);
8344 $passwd .= to64 ((int (ord (substr ($hash_buf, 1, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 13, 1)))), 4);
8345 $passwd .= to64 ((int (ord (substr ($hash_buf, 2, 1))) << 16) | (int (ord (substr ($hash_buf, 8, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8346 $passwd .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 9, 1))) << 8) | (int (ord (substr ($hash_buf, 15, 1)))), 4);
8347 $passwd .= to64 ((int (ord (substr ($hash_buf, 4, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8348 $passwd .= to64 ((int (ord (substr ($hash_buf, 11, 1)))), 2);
8355 die ("usage: $0 single|passthrough| [mode] [len]\n" .
8357 " $0 verify [mode] [hashfile] [cracks] [outfile]\n");
8362 my $block_ref = shift;
8366 my $value = 16 - $offset;
8368 for (my $i = $offset; $i < 16; $i++)
8370 push @{$block_ref}, $value;
8380 for (my $i = 0; $i < 18; $i++)
8382 for (my $j = 0; $j < 48; $j++)
8384 $p = ($p + 48 - $j) & 0xff;
8386 my $c = $lotus_magic_table[$p];
8388 $p = $in_ref->[$j] ^ $c;
8395 sub lotus_transform_password
8398 my $out_ref = shift;
8400 my $t = $out_ref->[15];
8402 for (my $i = 0; $i < 16; $i++)
8404 $t ^= $in_ref->[$i];
8406 my $c = $lotus_magic_table[$t];
8408 $out_ref->[$i] ^= $c;
8410 $t = $out_ref->[$i];
8414 sub mdtransform_norecalc
8416 my $state_ref = shift;
8417 my $block_ref = shift;
8421 push (@x, @{$state_ref});
8422 push (@x, @{$block_ref});
8424 for (my $i = 0; $i < 16; $i++)
8426 push (@x, $x[0 + $i] ^ $x[16 + $i]);
8431 for (my $i = 0; $i < 16; $i++)
8433 $state_ref->[$i] = $x[$i];
8439 my $state_ref = shift;
8440 my $checksum_ref = shift;
8441 my $block_ref = shift;
8443 mdtransform_norecalc ($state_ref, $block_ref);
8445 lotus_transform_password ($block_ref, $checksum_ref);
8450 my $saved_key_ref = shift;
8454 @{$saved_key_ref} = splice (@{$saved_key_ref}, 0, $size);
8456 my @state = (0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
8462 for ($curpos = 0; $curpos + 16 < $size; $curpos += 16)
8464 my $curpos16 = $curpos + 16;
8466 my @block = splice (@{$saved_key_ref}, 0, 16);
8468 mdtransform (\@state, \@checksum, \@block);
8471 my $left = $size - $curpos;
8473 my @block = splice (@{$saved_key_ref}, 0, 16);
8475 pad16 (\@block, $left);
8477 mdtransform (\@state, \@checksum, \@block);
8479 mdtransform_norecalc (\@state, \@checksum);
8484 sub pdf_compute_encryption_key
8486 my $word_buf = shift;
8487 my $padding = shift;
8502 $data .= substr ($padding, 0, 32 - length $word_buf);
8504 $data .= pack ("H*", $o);
8506 $data .= pack ("I", $P);
8508 $data .= pack ("H*", $id);
8514 $data .= pack ("I", -1);
8518 my $res = md5 ($data);
8522 for (my $i = 0; $i < 50; $i++)
8531 sub gen_random_wpa_eapol
8540 my $version = 1; # 802.1X-2001
8542 $ret .= pack ("C*", $version);
8544 my $type = 3; # means that this EAPOL frame is used to transfer key information
8546 $ret .= pack ("C*", $type);
8548 my $length; # length of remaining data
8559 $ret .= pack ("n*", $length);
8561 my $descriptor_type;
8565 $descriptor_type = 254; # EAPOL WPA key
8569 $descriptor_type = 1; # EAPOL RSN key
8572 $ret .= pack ("C*", $descriptor_type);
8574 # key_info is a bit vector:
8575 # generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3)
8579 $key_info |= 1 << 8; # set key MIC
8580 $key_info |= 1 << 3; # set if it is a pairwise key
8584 $key_info |= 1 << 0; # RC4 Cipher, HMAC-MD5 MIC
8588 $key_info |= 1 << 1; # AES Cipher, HMAC-SHA1 MIC
8591 $ret .= pack ("n*", $key_info);
8604 $ret .= pack ("n*", $key_length);
8606 my $replay_counter = 1;
8608 $ret .= pack ("Q>*", $replay_counter);
8612 my $key_iv = "\x00" x 16;
8616 my $key_rsc = "\x00" x 8;
8620 my $key_id = "\x00" x 8;
8624 my $key_mic = "\x00" x 16;
8632 $key_data_len = 24; # length of the key_data (== WPA info)
8636 $key_data_len = 22; # length of the key_data (== RSN info)
8639 $ret .= pack ("n*", $key_data_len);
8649 my $vendor_specific_data = "";
8651 my $tag_number = 221; # means it is a vendor specific tag
8653 $vendor_specific_data .= pack ("C*", $tag_number);
8655 my $tag_len = 22; # length of the remaining "tag data"
8657 $vendor_specific_data .= pack ("C*", $tag_len);
8659 my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft
8661 $vendor_specific_data .= $vendor_specific_oui;
8663 my $vendor_specific_oui_type = 1; # WPA Information Element
8665 $vendor_specific_data .= pack ("C*", $vendor_specific_oui_type);
8667 my $vendor_specific_wpa_version = 1;
8669 $vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version);
8673 my $vendor_specific_multicast_oui = pack ("H*", "0050f2");
8675 $vendor_specific_data .= $vendor_specific_multicast_oui;
8677 my $vendor_specific_multicast_type = 2; # TKIP
8679 $vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type);
8683 my $vendor_specific_unicast_count = 1;
8685 $vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count);
8687 my $vendor_specific_unicast_oui = pack ("H*", "0050f2");
8689 $vendor_specific_data .= $vendor_specific_multicast_oui;
8691 my $vendor_specific_unicast_type = 2; # TKIP
8693 $vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type);
8695 # Auth Key Management (AKM)
8697 my $auth_key_management_count = 1;
8699 $vendor_specific_data .= pack ("v*", $auth_key_management_count);
8701 my $auth_key_management_oui = pack ("H*", "0050f2");
8703 $vendor_specific_data .= $auth_key_management_oui;
8705 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
8707 $vendor_specific_data .= pack ("C*", $auth_key_management_type);
8709 $wpa_info = $vendor_specific_data;
8711 $key_data = $wpa_info;
8719 my $tag_number = 48; # RSN info
8721 $rsn_info .= pack ("C*", $tag_number);
8723 my $tag_len = 20; # length of the remaining "tag_data"
8725 $rsn_info .= pack ("C*", $tag_len);
8727 my $rsn_version = 1;
8729 $rsn_info .= pack ("v*", $rsn_version);
8731 # group cipher suite
8733 my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
8735 $rsn_info .= $group_cipher_suite_oui;
8737 my $group_cipher_suite_type = 4; # AES (CCM)
8739 $rsn_info .= pack ("C*", $group_cipher_suite_type);
8741 # pairwise cipher suite
8743 my $pairwise_cipher_suite_count = 1;
8745 $rsn_info .= pack ("v*", $pairwise_cipher_suite_count);
8747 my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
8749 $rsn_info .= $pairwise_cipher_suite_oui;
8751 my $pairwise_cipher_suite_type = 4; # AES (CCM)
8753 $rsn_info .= pack ("C*", $pairwise_cipher_suite_type);
8755 # Auth Key Management (AKM)
8757 my $auth_key_management_count = 1;
8759 $rsn_info .= pack ("v*", $auth_key_management_count);
8761 my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021
8763 $rsn_info .= $auth_key_management_oui;
8765 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
8767 $rsn_info .= pack ("C*", $auth_key_management_type);
8771 # bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required,
8772 # RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities
8774 my $rsn_capabilities = pack ("H*", "0000");
8776 $rsn_info .= $rsn_capabilities;
8778 $key_data = $rsn_info;
8794 my $data = "Pairwise key expansion";
8799 # Min(AA, SPA) || Max(AA, SPA)
8802 # compare if greater: Min()/Max() on the MACs (6 bytes)
8804 if (memcmp ($stmac, $bssid, 6) < 0)
8816 # Min(ANonce,SNonce) || Max(ANonce,SNonce)
8819 # compare if greater: Min()/Max() on the nonces (32 bytes)
8821 if (memcmp ($snonce, $anonce, 32) < 0)
8834 my $prf_buf = hmac ($data, $pmk, \&sha1);
8836 $prf_buf = substr ($prf_buf, 0, 16);
8847 my $len_str1 = length ($str1);
8848 my $len_str2 = length ($str2);
8850 if (($len > $len_str1) || ($len > $len_str2))
8852 print "ERROR: memcmp () lengths wrong";
8857 for (my $i = 0; $i < $len; $i++)
8859 my $c_1 = ord (substr ($str1, $i, 1));
8860 my $c_2 = ord (substr ($str2, $i, 1));
8862 return -1 if ($c_1 < $c_2);
8863 return 1 if ($c_1 > $c_2);