4 ## Author......: Jens Steube <jens.steube@gmail.com>
10 use Digest
::MD4 qw
(md4 md4_hex
);
11 use Digest
::MD5 qw
(md5 md5_hex
);
12 use Digest
::SHA qw
(sha1 sha256 sha384 sha512 sha1_hex sha256_hex sha384_hex sha512_hex
);
13 use Digest
::HMAC qw
(hmac hmac_hex
);
14 use Digest
::Keccak qw
(keccak_256_hex
);
15 use Crypt
::MySQL qw
(password41
);
16 use Digest
::GOST qw
(gost gost_hex
);
17 use Digest
::HMAC_MD5 qw
(hmac_md5
);
18 use Digest
::CRC qw
(crc32
);
21 use Crypt
::ECB qw
(encrypt PADDING_AUTO PADDING_NONE
);
23 use Crypt
::Eksblowfish
::Bcrypt qw
(bcrypt en_base64
);
24 use Crypt
::Digest
::RIPEMD160 qw
(ripemd160_hex
);
25 use Crypt
::Digest
::Whirlpool qw
(whirlpool_hex
);
27 use Crypt
::ScryptKDF qw
(scrypt_hash scrypt_b64
);
30 use Crypt
::UnixCrypt_XS qw
(crypt_rounds fold_password base64_to_int24 block_to_base64 int24_to_base64
);
32 use Authen
::Passphrase
::NTHash
;
33 use Authen
::Passphrase
::MySQL323
;
34 use Authen
::Passphrase
::PHPass
;
35 use Authen
::Passphrase
::LANManager
;
37 use POSIX qw
(strftime
);
39 use Net
::DNS
::RR
::NSEC3
;
40 use Convert
::EBCDIC qw
(ascii2ebcdic
);
41 use Digest
::SipHash qw
/siphash/;
43 my $hashcat = "./oclHashcat";
47 my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 130, 131, 132, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000);
49 my %is_unicode = map { $_ => 1 } qw(30 40 130 131 132 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800);
50 my %less_fifteen = map { $_ => 1 } qw(500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
51 my %allow_long_salt = map { $_ => 1 } qw(2500 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600);
53 my @lotus_magic_table =
55 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
56 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
57 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
58 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
59 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
60 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
61 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
62 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
63 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
64 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
65 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
66 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
67 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
68 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
69 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
70 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
71 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
72 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
73 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
74 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
75 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
76 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
77 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
78 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
79 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
80 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
81 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
82 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
83 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
84 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
85 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
86 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
91 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
92 0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
93 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
94 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a
97 my $CISCO_BASE64_MAPPING = {'A', '.', 'B', '/', 'C', '0', 'D', '1', 'E', '2', 'F', '3', 'G', '4', 'H', '5', 'I', '6', 'J', '7', 'K', '8', 'L', '9', 'M', 'A', 'N', 'B', 'O', 'C', 'P', 'D', 'Q', 'E', 'R', 'F', 'S', 'G', 'T', 'H', 'U', 'I', 'V', 'J', 'W', 'K', 'X', 'L', 'Y', 'M', 'Z', 'N', 'a', 'O', 'b', 'P', 'c', 'Q', 'd', 'R', 'e', 'S', 'f', 'T', 'g', 'U', 'h', 'V', 'i', 'W', 'j', 'X', 'k', 'Y', 'l', 'Z', 'm', 'a', 'n', 'b', 'o', 'c', 'p', 'd', 'q', 'e', 'r', 'f', 's', 'g', 't', 'h', 'u', 'i', 'v', 'j', 'w', 'k', 'x', 'l', 'y', 'm', 'z', 'n', '0', 'o', '1', 'p', '2', 'q', '3', 'r', '4', 's', '5', 't', '6', 'u', '7', 'v', '8', 'w', '9', 'x', '+', 'y', '/', 'z'};
110 if ($type ne "verify")
112 if (scalar @ARGV > 1)
117 elsif (scalar @ARGV == 1)
127 if ($type eq "single")
131 elsif ($type eq "passthrough")
142 if (scalar @ARGV != 4)
147 my $mode = shift @ARGV;
148 my $hash_file = shift @ARGV;
149 my $in_file = shift @ARGV;
150 my $out_file = shift @ARGV;
154 open (IN
, "<", $hash_file) or die ("$hash_file: $!\n");
156 # clever ? the resulting database could be huge
157 # but we need some way to map lines in hashfile w/ cracks
158 # maybe rli2 way would be more clever (needs sorted input)
160 while (my $line = <IN
>)
162 $line =~ s/[\n\r]*$//;
164 $db->{$line} = undef;
169 verify
($mode, $db, $in_file, $out_file);
177 my $out_file = shift;
196 open (IN
, "<", $in_file) or die ("$in_file: $!\n");
197 open (OUT
, ">", $out_file) or die ("$out_file: $!\n");
201 my $base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
202 my $itoa64_1 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
203 my $itoa64_2 = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
205 while (my $line = <IN
>)
212 # remember always do "exists ($db->{$hash_in})" checks as soon as possible and don't forget it
215 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3000 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5700 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 8600 || $mode == 9900 || $mode == 10800 || $mode == 11500)
217 my $index = index ($line, ":");
221 $hash_in = substr ($line, 0, $index);
223 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
225 $word = substr ($line, $index + 1);
228 elsif ($mode == 10 || $mode == 11 || $mode == 12 || $mode == 20 || $mode == 21 || $mode == 22 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 112 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1100 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 2611 || $mode == 2711 || $mode == 2811 || $mode == 3100 || $mode == 3610 || $mode == 3710 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 5800 || $mode == 7600 || $mode == 8400 || $mode == 11000 || $mode == 12600)
231 my $index1 = index ($line, ":");
235 $hash_in = substr ($line, 0, $index1);
237 # identify lenghts of both salt and plain
239 my $salt_plain = substr ($line, $index1 + 1);
241 my $num_cols = () = $salt_plain =~ /:/g;
250 foreach (my $i = 0; $i < $num_cols; $i++)
252 $index2 = index ($salt_plain, ":", $start);
256 $start = $index2 + 1;
258 $salt = substr ($salt_plain, 0, $index2);
259 $word = substr ($salt_plain, $index2 + 1);
261 # can't be true w/ wrong $hash:$salt, otherwise the
262 # algo must have many collisions
264 if (exists ($db->{$hash_in . ":" . $salt}))
266 $hash_in = $hash_in . ":" . $salt;
272 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
273 next unless (! defined ($db->{$hash_in}));
276 elsif ($mode == 2100)
279 my $index1 = index ($line, "\$DCC2\$");
281 next if $index1 != 0;
284 my $index2 = index ($line, "#", $index1 + 1);
288 $iter = substr ($line, $index1 + 6, $index2 - $index1 - 6);
291 $index1 = index ($line, "#");
295 $hash_in = substr ($line, 0, $index1 + 1);
297 # identify lenghts of both salt and plain
299 my $salt_plain = substr ($line, $index2 + 1);
301 my $num_cols = () = $salt_plain =~ /:/g;
311 foreach (my $i = 0; $i < $num_cols; $i++)
313 $index2 = index ($salt_plain, ":", $start);
317 $start = $index2 + 1;
319 $index3 = rindex ($salt_plain, "#", $index2);
321 $raw_hash = substr ($salt_plain, $index3 + 1, $index2 - $index3 - 1);
322 $salt = substr ($salt_plain, 0, $index3);
323 $word = substr ($salt_plain, $index2 + 1);
325 if (exists ($db->{$hash_in . $salt . "#" .$raw_hash}))
327 $hash_in = $hash_in . $salt . "#" . $raw_hash;
333 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
334 next unless (! defined ($db->{$hash_in}));
336 # salt:hash guaranteed only : because of hex salt
337 elsif ($mode == 7300)
339 # split hash and plain
340 my $index1 = index ($line, ":");
344 $salt = substr ($line, 0, $index1);
346 $salt = pack ("H*", $salt);
348 my $rest = substr ($line, $index1 + 1);
350 my $index2 = index ($rest, ":");
354 $hash_in = substr ($rest, 0, $index2);
356 $word = substr ($rest, $index2 + 1);
358 next unless (exists ($db->{$salt . ":" . $hash_in}) and (! defined ($db->{$hash_in})));
361 elsif ($mode == 8100)
363 # split hash and plain
364 $salt = substr ($line, 1, 8);
366 my $rest = substr ($line, 1 + 8);
368 my $index2 = index ($rest, ":");
372 $hash_in = substr ($rest, 0, $index2);
374 $word = substr ($rest, $index2 + 1);
376 next unless (exists ($db->{"1" . $salt . $hash_in}) and (! defined ($db->{$hash_in})));
378 # base64 and salt embedded SSHA1, salt length = total lenght - 20
381 # split hash and plain
382 my $index = index ($line, ":");
386 $hash_in = substr ($line, 0, $index);
387 $word = substr ($line, $index + 1);
389 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
392 my $plain_base64 = substr ($hash_in, 6);
394 # base64 decode to extract salt
395 my $decoded = decode_base64
($plain_base64);
397 $salt = substr ($decoded, 20);
399 # base64 and salt embedded SSHA512, salt length = total length - 64
400 elsif ($mode == 1711)
402 # split hash and plain
403 my $index = index ($line, ":");
407 $hash_in = substr ($line, 0, $index);
408 $word = substr ($line, $index + 1);
410 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
413 my $plain_base64 = substr ($hash_in, 9);
415 # base64 decode to extract salt
416 my $decoded = decode_base64
($plain_base64);
418 $salt = substr ($decoded, 64);
420 # OSX (first 8 hex chars is salt)
421 elsif ($mode == 122 || $mode == 1722)
423 my $index = index ($line, ":");
427 $hash_in = substr ($line, 0, $index);
428 $word = substr ($line, $index + 1);
430 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
432 $salt = substr ($hash_in, 0, 8);
434 # MSSQL (2000, 2005 AND 2012), salt after version number
435 elsif ($mode == 131 || $mode == 132 || $mode == 1731)
437 my $index = index ($line, ":");
441 $hash_in = substr ($line, 0, $index);
442 $word = substr ($line, $index + 1);
444 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
446 $salt = substr ($hash_in, 6, 8);
449 elsif ($mode == 8000)
451 my $index = index ($line, ":");
455 $hash_in = substr ($line, 0, $index);
456 $word = substr ($line, $index + 1);
458 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
460 $salt = substr ($hash_in, 6, 16);
463 elsif ($mode == 141 || $mode == 1441)
465 my $index1 = index ($line, ":");
469 $hash_in = substr ($line, 0, $index1);
470 $word = substr ($line, $index1 + 1);
472 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
474 my $index2 = index ($line, "*", 14);
476 #extract salt from base64
477 my $plain_base64 = substr ($hash_in, 14, $index2 - 14);
479 $salt = decode_base64
($plain_base64);
481 # phpass (first 8 after $P$/$H$ -- or $S$ with drupal7)
482 elsif ($mode == 400 || $mode == 7900)
484 my $index = index ($line, ":");
488 $hash_in = substr ($line, 0, $index);
489 $word = substr ($line, $index + 1);
491 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
493 $salt = substr ($hash_in, 4, 8);
495 # iterations = 2 ^ cost (where cost == $iter)
496 $iter = index ($itoa64_1, substr ($hash_in, 3, 1));
498 # $something$[rounds=iter$]salt$ (get last $, then check iter)
499 elsif ($mode == 500 || $mode == 1600 || $mode == 1800 || $mode == 3300 || $mode == 7400)
501 my $index1 = index ($line, ":", 30);
505 $hash_in = substr ($line, 0, $index1);
506 $word = substr ($line, $index1 + 1);
508 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
510 $index1 = index ($hash_in, ",", 1);
511 my $index2 = index ($hash_in, "\$", 1);
515 if ($index1 < $index2)
521 $param = substr ($hash_in, $index2, 1);
525 # rounds= if available
528 if (substr ($hash_in, $index2, 7) eq "rounds=")
530 my $old_index = $index2;
532 $index2 = index ($hash_in, "\$", $index2 + 1);
536 $iter = substr ($hash_in, $old_index + 7, $index2 - $old_index - 7);
542 my $index3 = rindex ($hash_in, "\$");
546 $salt = substr ($hash_in, $index2, $index3 - $index2);
548 # descrypt (salt in first 2 char)
549 elsif ($mode == 1500)
551 my $index = index ($line, ":");
555 $hash_in = substr ($line, 0, $index);
556 $word = substr ($line, $index + 1);
558 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
560 $salt = substr ($hash_in, 0, 2);
562 # bcrypt $something$something$salt.hash
563 elsif ($mode == 3200)
565 my $index1 = index ($line, ":", 33);
569 $hash_in = substr ($line, 0, $index1);
570 $word = substr ($line, $index1 + 1);
572 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
574 my $index2 = index ($hash_in, "\$", 4);
576 $iter = substr ($hash_in, 4, $index2 - 4);
578 my $plain_base64 = substr ($hash_in, $index2 + 1, 22);
583 for (my $i = 0; $i < length ($plain_base64); $i++)
585 my $char = substr ($plain_base64, $i, 1);
586 $encoded .= substr ($base64, index ($itoa64_2, $char), 1);
589 $salt = decode_base64
($encoded);
592 elsif ($mode == 4800)
594 my $index1 = index ($line, ":");
598 my $index2 = index ($line, ":", $index1 + 1);
602 my $index3 = index ($line, ":", $index2 + 1);
606 $salt = substr ($line, $index1 + 1, $index3 - $index1 - 1);
608 $word = substr ($line, $index3 + 1);
610 $hash_in = substr ($line, 0, $index3);
613 elsif ($mode == 5300 || $mode == 5400)
615 my $num_cols = () = $line =~ /:/g;
617 next unless ($num_cols >= 9);
622 for (my $j = 0; $j < 9; $j++)
624 $index1 = index ($line, ":", $index1 + 1);
635 $word = substr ($line, $index1 + 1);
637 $hash_in = substr ($line, 0, $index1);
639 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
641 my $index2 = rindex ($line, ":", $index1 - 1);
643 $salt = substr ($line, 0, $index2);
646 elsif ($mode == 5500)
648 my $index1 = index ($line, "::");
652 my $index2 = index ($line, ":", $index1 + 2);
656 $index2 = index ($line, ":", $index2 + 1);
660 $salt = substr ($line, 0, $index2);
662 $index2 = index ($line, ":", $index2 + 1);
666 $salt .= substr ($line, $index2 + 1, 16);
668 $index2 = index ($line, ":", $index2 + 1);
672 $hash_in = substr ($line, 0, $index2);
674 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
676 $word = substr ($line, $index2 + 1);
679 elsif ($mode == 5600)
681 my $index1 = index ($line, "::");
685 my $index2 = index ($line, ":", $index1 + 2);
689 $index2 = index ($line, ":", $index2 + 1);
693 $salt = substr ($line, 0, $index2);
695 $index1 = index ($line, ":", $index2 + 1);
699 $index2 = index ($line, ":", $index1 + 1);
703 $salt .= substr ($line, $index1 + 1, $index2 - $index1 - 1);
705 $hash_in = substr ($line, 0, $index2);
707 # do it later on for this hash mode:
708 # next unless ((exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))) or (exists ($db->{$mod}) and (! defined ($db->{$mod}))));
710 $word = substr ($line, $index2 + 1);
712 # AIX smd5 something BRACE salt$
713 elsif ($mode == 6300)
715 my $index1 = index ($line, ":");
719 $hash_in = substr ($line, 0, $index1);
720 $word = substr ($line, $index1 + 1);
722 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
724 my $index2 = index ($hash_in, "}");
725 my $index3 = rindex ($hash_in, "\$");
727 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
729 # AIX: something$salt$ (no $ at position 1)
730 elsif ($mode == 6400 || $mode == 6500 || $mode == 6700)
732 my $index1 = index ($line, ":");
736 $hash_in = substr ($line, 0, $index1);
737 $word = substr ($line, $index1 + 1);
739 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
741 my $index2 = index ($hash_in, "}");
742 my $index3 = index ($hash_in, "\$");
743 my $index4 = rindex ($hash_in, "\$");
745 $salt = substr ($hash_in, $index3 + 1, $index4 - $index3 - 1);
747 $iter = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
749 # 1Password, agilekeychain
750 elsif ($mode == 6600)
752 my $num_cols = () = $line =~ /:/g;
754 next unless ($num_cols > 2);
756 my $index1 = index ($line, ":");
760 $iter = substr ($line, 0, $index1);
762 my $index2 = index ($line, ":", $index1 + 1);
766 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
768 $index1 = index ($line, ":", $index2 + 1);
772 $salt .= substr ($line, $index2 + 1, $index1 - $index2 - 33);
774 $hash_in = substr ($line, 0, $index1);
776 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
778 $word = substr ($line, $index1 + 1);
780 # 1Password, cloudkeychain
781 elsif ($mode == 8200)
783 my @datas = split (":", $line);
785 next if scalar @datas < 4;
787 my $hash = shift @datas;
788 $salt = shift @datas;
789 $iter = shift @datas;
790 my $data = shift @datas;
792 $hash_in = $hash . ":" . $salt . ":" . $iter . ":" . $data;
796 $word = join (":", @datas);
798 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
800 # lastpass (hash:iter:salt)
801 elsif ($mode == 6800)
803 my $index1 = index ($line, ":", 34);
807 $hash_in = substr ($line, 0, $index1);
809 # identify lenghts of both salt and plain
811 my $salt_plain = substr ($line, $index1 + 1);
813 my $num_cols = () = $salt_plain =~ /:/g;
822 foreach (my $i = 0; $i < $num_cols; $i++)
824 $index2 = index ($salt_plain, ":", $start);
828 $start = $index2 + 1;
830 $salt = substr ($salt_plain, 0, $index2);
831 $word = substr ($salt_plain, $index2 + 1);
833 # can't be true w/ wrong $hash:$salt, otherwise the
834 # algo must have many collisions
836 if (exists ($db->{$hash_in . ":" . $salt}))
838 $hash_in = $hash_in . ":" . $salt;
844 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
845 next unless (! defined ($db->{$hash_in}));
847 $index1 = index ($hash_in, ":");
848 $index2 = index ($hash_in, ":", $index1 + 1);
850 $iter = substr ($hash_in, $index1 + 1, $index2 - $index1 - 1);
851 $salt = substr ($hash_in, $index2 + 1);
853 # OSX 10.* : $something$iter$salt$
854 elsif ($mode == 7100)
856 my $index1 = index ($line, ":");
860 $hash_in = substr ($line, 0, $index1);
861 $word = substr ($line, $index1 + 1);
863 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
865 my $index2 = index ($hash_in, "\$", 5);
869 my $index3 = index ($hash_in, "\$", $index2 + 1);
871 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
873 $iter = substr ($hash_in, 4, $index2 - 4);
875 next if (int ($iter) < 1);
877 # grub: something1.something2.something3.iter.salt.
878 elsif ($mode == 7200)
880 my $index1 = index ($line, ":");
884 $hash_in = substr ($line, 0, $index1);
885 $word = substr ($line, $index1 + 1);
887 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
889 my $index2 = index ($hash_in, ".", 19);
893 my $index3 = index ($hash_in, ".", $index2 + 1);
895 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
897 $iter = substr ($hash_in, 19, $index2 - 19);
899 next if (int ($iter) < 1);
901 # $something1$something2$something3$something4$salt$
902 elsif ($mode == 7500 )
904 my $index1 = index ($line, "\$", 11);
908 my $index2 = index ($line, "\$", $index1 + 1);
912 my $index3 = index ($line, "\$", $index2 + 1);
916 $index2 = index ($line, ":", $index3 + 1);
920 $hash_in = substr ($line, 0, $index2);
921 $word = substr ($line, $index2 + 1);
923 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
925 $salt = substr ($hash_in, 11, $index3 - 10);
926 $salt .= substr ($hash_in, $index2 - 32) . "\$\$";
927 $salt .= substr ($hash_in, $index3 + 1, $index2 - $index3 - 32 - 1);
930 elsif ($mode == 7700 || $mode == 7800)
932 my $index1 = index ($line, ":");
936 my @split1 = split (":", $line);
938 my @split2 = split ('\$', $split1[0]);
940 next unless scalar @split2 == 2;
942 $hash_in = $split1[0];
944 if (scalar @split1 > 1)
953 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
958 elsif ($mode == 8300)
960 my @datas = split (":", $line);
962 next if scalar @datas != 5;
967 ($hash, $domain, $salt, $iter, $word) = @datas;
969 $hash_in = $hash . ":" . $domain . ":" . $salt . ":" . $iter;
971 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
973 $salt = $domain . ":" . $salt;
976 elsif ($mode == 8500)
978 my @line_elements = split (":", $line);
980 next if scalar @line_elements < 2;
984 $hash_in = shift @line_elements;
986 $word = join (":", @line_elements);
990 my @hash_elements = split ('\*', $hash_in);
992 next unless ($hash_elements[0] eq '$racf$');
994 $salt = $hash_elements[1];
996 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
999 elsif ($mode == 8700)
1001 # split hash and plain
1002 my $index = index ($line, ":");
1006 $hash_in = substr ($line, 0, $index);
1007 $word = substr ($line, $index + 1);
1009 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1011 my $plain_base64 = substr ($hash_in, 2, -1);
1013 ($_, $salt, $param) = domino_decode
($plain_base64);
1016 elsif ($mode == 2612)
1018 next unless (substr ($line, 0, 6) eq '$PHPS$');
1021 my $index1 = index ($line, "\$", 6);
1023 next if $index1 < 1;
1025 $salt = substr ($line, 6, $index1 - 6);
1027 $salt = pack ("H*", $salt);
1029 my $index2 = index ($line, "\:", $index1 + 1);
1031 next if $index2 < 1;
1033 $word = substr ($line, $index2 + 1);
1035 $hash_in = substr ($line, 0, $index2);
1037 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1040 elsif ($mode == 3711)
1042 next unless (substr ($line, 0, 3) eq '$B$');
1045 my $index1 = index ($line, "\$", 3);
1047 next if $index1 < 1;
1049 $salt = substr ($line, 3, $index1 - 3);
1051 my $index2 = index ($line, ":", $index1 + 1);
1053 next if $index2 < 1;
1055 $word = substr ($line, $index2 + 1);
1057 $hash_in = substr ($line, 0, $index2);
1059 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1062 elsif ($mode == 8900)
1064 next unless (substr ($line, 0, 7) eq 'SCRYPT:');
1067 my $index1 = index ($line, ":", 7);
1069 next if $index1 < 1;
1072 my $N = substr ($line, 7, $index1 - 7);
1074 my $index2 = index ($line, ":", $index1 + 1);
1076 next if $index2 < 1;
1079 my $r = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1081 $index1 = index ($line, ":", $index2 + 1);
1083 next if $index1 < 1;
1086 my $p = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1092 $index2 = index ($line, ":", $index1 + 1);
1094 next if $index2 < 1;
1097 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1099 $salt = decode_base64
($salt);
1101 $index1 = index ($line, ":", $index2 + 1);
1103 next if $index1 < 1;
1107 $word = substr ($line, $index1 + 1);
1108 $hash_in = substr ($line, 0, $index1);
1110 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1113 elsif ($mode == 9100)
1115 # split hash and plain
1116 my $index = index ($line, ":");
1120 $hash_in = substr ($line, 0, $index);
1121 $word = substr ($line, $index + 1);
1123 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1125 my $base64_part = substr ($hash_in, 2, -1);
1127 ($_, $salt, $iter, $param) = domino_85x_decode
($base64_part);
1129 next if ($iter < 1);
1131 # Cisco $8$ - PBKDF2-HMAC-SHA256
1132 elsif ($mode == 9200)
1134 next unless (substr ($line, 0, 3) eq '$8$');
1137 my $index1 = index ($line, "\$", 3);
1139 next if $index1 != 17;
1141 my $index2 = index ($line, "\$", $index1 + 1);
1144 $salt = substr ($line, 3, $index1 - 3);
1146 $index1 = index ($line, ":", $index1 + 1);
1148 next if $index1 < 1;
1152 $word = substr ($line, $index1 + 1);
1153 $hash_in = substr ($line, 0, $index1);
1155 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1157 # Cisco $9$ - scrypt
1158 elsif ($mode == 9300)
1160 next unless (substr ($line, 0, 3) eq '$9$');
1163 my $index1 = index ($line, "\$", 3);
1165 next if $index1 != 17;
1167 my $index2 = index ($line, "\$", $index1 + 1);
1170 $salt = substr ($line, 3, $index1 - 3);
1172 $index1 = index ($line, ":", $index1 + 1);
1174 next if $index1 < 1;
1178 $word = substr ($line, $index1 + 1);
1179 $hash_in = substr ($line, 0, $index1);
1181 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1184 elsif ($mode == 9400)
1186 ($hash_in, $word) = split ":", $line;
1188 next unless defined $hash_in;
1189 next unless defined $word;
1191 my @data = split /\*/, $hash_in;
1193 next unless scalar @data == 8;
1195 next unless (shift @data eq '$office$');
1196 next unless (shift @data eq '2007');
1197 next unless (shift @data eq '20');
1199 my $aes_key_size = shift @data;
1201 next unless (($aes_key_size eq '128') || ($aes_key_size eq '256'));
1202 next unless (shift @data eq '16');
1204 next unless (length $data[0] == 32);
1205 next unless (length $data[1] == 32);
1206 next unless (length $data[2] == 40);
1208 $salt = shift @data;
1209 $param = shift @data;
1210 $param2 = $aes_key_size;
1212 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1215 elsif ($mode == 9500)
1217 ($hash_in, $word) = split ":", $line;
1219 next unless defined $hash_in;
1220 next unless defined $word;
1222 my @data = split /\*/, $hash_in;
1224 next unless scalar @data == 8;
1226 next unless (shift @data eq '$office$');
1227 next unless (shift @data eq '2010');
1228 next unless (shift @data eq '100000');
1229 next unless (shift @data eq '128');
1230 next unless (shift @data eq '16');
1232 next unless (length $data[0] == 32);
1233 next unless (length $data[1] == 32);
1234 next unless (length $data[2] == 64);
1236 $salt = shift @data;
1237 $param = shift @data;
1239 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1242 elsif ($mode == 9600)
1244 ($hash_in, $word) = split ":", $line;
1246 next unless defined $hash_in;
1247 next unless defined $word;
1249 my @data = split /\*/, $hash_in;
1251 next unless scalar @data == 8;
1253 next unless (shift @data eq '$office$');
1254 next unless (shift @data eq '2013');
1255 next unless (shift @data eq '100000');
1256 next unless (shift @data eq '256');
1257 next unless (shift @data eq '16');
1259 next unless (length $data[0] == 32);
1260 next unless (length $data[1] == 32);
1261 next unless (length $data[2] == 64);
1263 $salt = shift @data;
1264 $param = shift @data;
1266 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1269 elsif ($mode == 9700)
1271 ($hash_in, $word) = split ":", $line;
1273 next unless defined $hash_in;
1274 next unless defined $word;
1276 my @data = split /\*/, $hash_in;
1278 next unless scalar @data == 4;
1280 my $signature = shift @data;
1282 next unless (($signature eq '$oldoffice$0') || ($signature eq '$oldoffice$1'));
1284 next unless (length $data[0] == 32);
1285 next unless (length $data[1] == 32);
1286 next unless (length $data[2] == 32);
1288 $salt = shift @data;
1289 $param = shift @data;
1290 $param2 = substr ($signature, 11, 1);
1292 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1295 elsif ($mode == 9800)
1297 ($hash_in, $word) = split ":", $line;
1299 next unless defined $hash_in;
1300 next unless defined $word;
1302 my @data = split /\*/, $hash_in;
1304 next unless scalar @data == 4;
1306 my $signature = shift @data;
1308 next unless (($signature eq '$oldoffice$3') || ($signature eq '$oldoffice$4'));
1310 next unless (length $data[0] == 32);
1311 next unless (length $data[1] == 32);
1312 next unless (length $data[2] == 40);
1314 $salt = shift @data;
1315 $param = shift @data;
1316 $param2 = substr ($signature, 11, 1);
1318 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1320 # Django (PBKDF2-SHA256)
1321 elsif ($mode == 10000)
1323 next unless (substr ($line, 0, 14) eq 'pbkdf2_sha256$');
1326 my $index1 = index ($line, "\$", 14);
1328 next if $index1 < 1;
1330 my $index2 = index ($line, "\$", $index1 + 1);
1334 $iter = substr ($line, 14, $index1 - 14);
1338 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1342 $index1 = index ($line, ":", $index2 + 1);
1344 next if $index1 < 1;
1346 $word = substr ($line, $index1 + 1);
1347 $hash_in = substr ($line, 0, $index1);
1349 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1352 elsif ($mode == 10100)
1356 ($hash, undef, undef, $salt, $word) = split ":", $line;
1358 next unless defined $hash;
1359 next unless defined $salt;
1360 next unless defined $word;
1362 next unless (length $hash == 16);
1363 next unless (length $salt == 32);
1365 my $hash_in = sprintf ("%s:2:4:%s", $hash, $salt);
1367 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1370 elsif ($mode == 10200)
1372 next unless (substr ($line, 0, 10) eq '$cram_md5$');
1375 my $index1 = index ($line, "\$", 10);
1377 next if $index1 < 1;
1381 my $challengeb64 = substr ($line, 10, $index1 - 10);
1382 $salt = decode_base64
($challengeb64);
1386 my $index2 = index ($line, ":", $index1 + 1);
1388 next if $index2 < 1;
1390 my $responseb64 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1391 my $response = decode_base64
($responseb64);
1393 $param = substr ($response, 0, length ($response) - 32 - 1); # -1 is for space
1395 $word = substr ($line, $index2 + 1);
1396 $hash_in = substr ($line, 0, $index2);
1398 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1400 # SAP CODVN H (PWDSALTEDHASH) iSSHA-1
1401 elsif ($mode == 10300)
1403 next unless (substr ($line, 0, 10) eq '{x-issha, ');
1407 my $index1 = index ($line, "}", 10);
1409 next if $index1 < 1;
1411 $iter = substr ($line, 10, $index1 - 10);
1413 $iter = int ($iter);
1417 my $base64_encoded = substr ($line, $index1 + 1);
1418 my $base64_decoded = decode_base64
($base64_encoded);
1420 $salt = substr ($base64_decoded, 20);
1422 my $index2 = index ($line, ":", $index1 + 1);
1424 next if $index2 < 1;
1426 $word = substr ($line, $index2 + 1);
1427 $hash_in = substr ($line, 0, $index2);
1429 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1431 # PDF 1.1 - 1.3 (Acrobat 2 - 4)
1432 elsif ($mode == 10400)
1434 ($hash_in, $word) = split ":", $line;
1436 next unless defined $hash_in;
1437 next unless defined $word;
1439 my @data = split /\*/, $hash_in;
1441 next unless scalar @data == 11;
1443 next unless (shift @data eq '$pdf$1');
1444 next unless (shift @data eq '2');
1445 next unless (shift @data eq '40');
1446 my $P = shift @data;
1447 next unless (shift @data eq '0');
1448 next unless (shift @data eq '16');
1449 my $id = shift @data;
1450 next unless (shift @data eq '32');
1451 my $u = shift @data;
1452 next unless (shift @data eq '32');
1453 my $o = shift @data;
1460 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1462 # PDF 1.4 - 1.6 (Acrobat 5 - 8)
1463 elsif ($mode == 10500)
1465 ($hash_in, $word) = split ":", $line;
1467 next unless defined $hash_in;
1468 next unless defined $word;
1470 my @data = split /\*/, $hash_in;
1472 next unless scalar @data == 11;
1474 my $V = shift @data; $V = substr ($V, 5, 1);
1475 my $R = shift @data;
1476 next unless (shift @data eq '128');
1477 my $P = shift @data;
1478 my $enc = shift @data;
1479 next unless (shift @data eq '16');
1480 my $id = shift @data;
1481 next unless (shift @data eq '32');
1482 my $u = shift @data;
1483 next unless (shift @data eq '32');
1484 my $o = shift @data;
1494 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1496 # PDF 1.7 Level 3 (Acrobat 9)
1497 elsif ($mode == 10600)
1499 ($hash_in, $word) = split ":", $line;
1501 next unless defined $hash_in;
1502 next unless defined $word;
1504 my @data = split /\*/, $hash_in;
1506 next unless scalar @data >= 11;
1508 next unless (shift @data eq '$pdf$5');
1509 next unless (shift @data eq '5');
1510 next unless (shift @data eq '256');
1511 next unless (shift @data eq '-1028');
1512 next unless (shift @data eq '1');
1513 next unless (shift @data eq '16');
1514 my $id = shift @data;
1515 my $rest = join "*", @data;
1520 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1522 # PDF 1.7 Level 8 (Acrobat 10 - 11)
1523 elsif ($mode == 10700)
1525 ($hash_in, $word) = split ":", $line;
1527 next unless defined $hash_in;
1528 next unless defined $word;
1530 my @data = split /\*/, $hash_in;
1532 next unless scalar @data >= 11;
1534 next unless (shift @data eq '$pdf$5');
1535 next unless (shift @data eq '6');
1536 next unless (shift @data eq '256');
1537 next unless (shift @data eq '-1028');
1538 next unless (shift @data eq '1');
1539 next unless (shift @data eq '16');
1540 my $id = shift @data;
1541 my $rest = join "*", @data;
1546 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1548 # PBKDF2-HMAC-SHA256
1549 elsif ($mode == 10900)
1551 next unless (substr ($line, 0, 7) eq 'sha256:');
1554 my $index1 = index ($line, ":", 7);
1556 next if $index1 < 1;
1558 $iter = substr ($line, 7, $index1 - 7);
1562 my $index2 = index ($line, ":", $index1 + 1);
1564 next if $index2 < 1;
1566 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1568 $salt = decode_base64
($salt);
1572 $index1 = index ($line, ":", $index2 + 1);
1574 next if $index1 < 1;
1576 # additional param = output len of pbkdf2
1578 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1580 my $digest = decode_base64
($digest64_encoded);
1582 $param = length ($digest);
1586 $word = substr ($line, $index1 + 1);
1587 $hash_in = substr ($line, 0, $index1);
1589 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1591 # PostgreSQL MD5 Authentication
1592 elsif ($mode == 11100)
1594 next unless (substr ($line, 0, 10) eq '$postgres$');
1596 my $index1 = index ($line, "*", 10);
1598 next if $index1 < 1;
1602 $param = substr ($line, 10, $index1 - 10);
1604 # get the 4 byte salt
1606 my $index2 = index ($line, "*", $index1 + 1);
1608 next if $index2 < 1;
1610 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1614 $index1 = index ($line, ":", $index2 + 1);
1616 next if $index1 < 1;
1618 $word = substr ($line, $index1 + 1);
1619 $hash_in = substr ($line, 0, $index1);
1621 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1623 # MySQL MD5 Authentication
1624 elsif ($mode == 11200)
1626 next unless (substr ($line, 0, 9) eq '$mysqlna$');
1628 my $index1 = index ($line, "*", 9);
1630 next if $index1 < 1;
1634 $salt = substr ($line, 9, $index1 - 9);
1638 $index1 = index ($line, ":", $index1 + 1);
1640 next if $index1 < 1;
1642 $word = substr ($line, $index1 + 1);
1643 $hash_in = substr ($line, 0, $index1);
1645 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1648 elsif ($mode == 2500)
1650 print "ERROR: verify currently not supported for WPA/WPA2 (because of oclHashcat's output format)\n";
1654 # Bitcoin/Litecoin wallet.dat
1655 elsif ($mode == 11300)
1657 print "ERROR: verify currently not supported for Bitcoin/Litecoin wallet.dat because of unknown crypt data\n";
1661 # SIP digest authentication (MD5)
1662 elsif ($mode == 11400)
1664 next unless (substr ($line, 0, 6) eq '$sip$*');
1668 my $index1 = index ($line, "*", 6);
1670 next if $index1 < 0;
1672 $param10 = substr ($line, 6, $index1 - 6);
1674 next if (length ($param10) > 32);
1678 my $index2 = index ($line, "*", $index1 + 1);
1680 next if $index2 < 0;
1682 $param11 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1684 next if (length ($param11) > 32);
1688 $index1 = index ($line, "*", $index2 + 1);
1690 next if $index1 < 0;
1692 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1694 next if (length ($param) > 12);
1698 $index2 = index ($line, "*", $index1 + 1);
1700 next if $index2 < 0;
1702 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1704 next if (length ($param2) > 20);
1708 $index1 = index ($line, "*", $index2 + 1);
1710 next if $index1 < 0;
1712 $param6 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1714 next if (length ($param6) > 24);
1718 $index2 = index ($line, "*", $index1 + 1);
1720 next if $index2 < 0;
1722 $param7 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1724 next if (length ($param7) > 10);
1728 $index1 = index ($line, "*", $index2 + 1);
1730 next if $index1 < 0;
1732 $param8 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1734 next if (length ($param8) > 32);
1738 $index2 = index ($line, "*", $index1 + 1);
1740 next if $index2 < 0;
1742 $param9 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1744 next if (length ($param9) > 32);
1748 $index1 = index ($line, "*", $index2 + 1);
1750 next if $index1 < 0;
1752 $salt = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1754 next if (length ($salt) > 34);
1758 $index2 = index ($line, "*", $index1 + 1);
1760 next if $index2 < 0;
1762 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1764 next if (length ($param4) > 12);
1768 $index1 = index ($line, "*", $index2 + 1);
1770 next if $index1 < 0;
1772 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1774 next if (length ($param3) > 10);
1778 $index2 = index ($line, "*", $index1 + 1);
1780 next if $index2 < 0;
1782 $param5 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1784 next if (length ($param5) > 8);
1788 $index1 = index ($line, "*", $index2 + 1);
1790 next if $index1 < 0;
1792 my $directive = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1794 next unless ($directive eq "MD5");
1798 $index2 = index ($line, ":", $index1 + 1);
1800 next if $index2 < 0;
1802 my $hex_digest = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1804 next unless (length ($hex_digest) == 32);
1806 $word = substr ($line, $index2 + 1);
1807 $hash_in = substr ($line, 0, $index2);
1809 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1812 elsif ($mode == 11600)
1814 next unless (substr ($line, 0, 4) eq '$7z$');
1818 my $index1 = index ($line, '$', 4);
1820 next if $index1 < 0;
1822 my $p = substr ($line, 4, $index1 - 4);
1824 next unless ($p eq "0");
1828 my $index2 = index ($line, '$', $index1 + 1);
1830 next if $index2 < 0;
1832 $iter = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1834 # seven zip salt length
1836 $index1 = index ($line, '$', $index2 + 1);
1838 next if $index1 < 0;
1840 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1844 $index2 = index ($line, '$', $index1 + 1);
1846 next if $index2 < 0;
1848 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1852 $index1 = index ($line, '$', $index2 + 1);
1854 next if $index1 < 0;
1856 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1860 $index2 = index ($line, '$', $index1 + 1);
1862 next if $index2 < 0;
1864 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1866 $salt = pack ("H*", $salt);
1870 $index1 = index ($line, '$', $index2 + 1);
1872 next if $index1 < 0;
1874 my $crc = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1876 # ignore this crc, we don't need to pass it to gen_hash ()
1880 $index2 = index ($line, '$', $index1 + 1);
1882 next if $index2 < 0;
1884 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1888 $index1 = index ($line, '$', $index2 + 1);
1890 next if $index1 < 0;
1892 $param5 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1896 $index2 = index ($line, ':', $index1 + 1);
1898 next if $index2 < 0;
1900 $param6 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1901 $param6 = pack ("H*", $param6);
1903 $word = substr ($line, $index2 + 1);
1904 $hash_in = substr ($line, 0, $index2);
1906 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1909 elsif ($mode == 11900)
1911 next unless (substr ($line, 0, 4) eq 'md5:');
1914 my $index1 = index ($line, ":", 4);
1916 next if $index1 < 1;
1918 $iter = substr ($line, 4, $index1 - 4);
1922 my $index2 = index ($line, ":", $index1 + 1);
1924 next if $index2 < 1;
1926 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1928 $salt = decode_base64
($salt);
1932 $index1 = index ($line, ":", $index2 + 1);
1934 next if $index1 < 1;
1936 # additional param = output len of pbkdf2
1938 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1940 my $digest = decode_base64
($digest64_encoded);
1942 $param = length ($digest);
1946 $word = substr ($line, $index1 + 1);
1947 $hash_in = substr ($line, 0, $index1);
1949 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1952 elsif ($mode == 12000)
1954 next unless (substr ($line, 0, 5) eq 'sha1:');
1957 my $index1 = index ($line, ":", 5);
1959 next if $index1 < 1;
1961 $iter = substr ($line, 5, $index1 - 5);
1965 my $index2 = index ($line, ":", $index1 + 1);
1967 next if $index2 < 1;
1969 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1971 $salt = decode_base64
($salt);
1975 $index1 = index ($line, ":", $index2 + 1);
1977 next if $index1 < 1;
1979 # additional param = output len of pbkdf2
1981 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1983 my $digest = decode_base64
($digest64_encoded);
1985 $param = length ($digest);
1989 $word = substr ($line, $index1 + 1);
1990 $hash_in = substr ($line, 0, $index1);
1992 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1994 # PBKDF2-HMAC-SHA512
1995 elsif ($mode == 12100)
1997 next unless (substr ($line, 0, 7) eq 'sha512:');
2000 my $index1 = index ($line, ":", 7);
2002 next if $index1 < 1;
2004 $iter = substr ($line, 7, $index1 - 7);
2008 my $index2 = index ($line, ":", $index1 + 1);
2010 next if $index2 < 1;
2012 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2014 $salt = decode_base64
($salt);
2018 $index1 = index ($line, ":", $index2 + 1);
2020 next if $index1 < 1;
2022 # additional param = output len of pbkdf2
2024 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
2026 my $digest = decode_base64
($digest64_encoded);
2028 $param = length ($digest);
2032 $word = substr ($line, $index1 + 1);
2033 $hash_in = substr ($line, 0, $index1);
2035 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2038 elsif ($mode == 12200)
2040 next unless (substr ($line, 0, 12) eq '$ecryptfs$0$');
2042 # check if default salt
2046 $param = 0 if (substr ($line, 12, 2) eq '1$');
2054 if ($param == 0) # we need to extract the salt
2056 $index1 = index ($line, '$', $index1);
2058 next if $index1 < 1;
2060 my $index2 = index ($line, '$', $index1 + 1);
2062 next if $index2 < 1;
2064 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2069 $index1 = index ($line, ':', $index1 + 1);
2071 next if $index1 < 1;
2075 $word = substr ($line, $index1 + 1);
2076 $hash_in = substr ($line, 0, $index1);
2078 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2080 # Oracle T: Type (Oracle 12+)
2081 elsif ($mode == 12300)
2083 my $index1 = index ($line, ':');
2085 next if ($index1 != 160);
2089 $salt = substr ($line, 128, 32);
2093 $word = substr ($line, $index1 + 1);
2094 $hash_in = substr ($line, 0, $index1);
2096 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2098 # BSDiCrypt, Extended DES
2099 elsif ($mode == 12400)
2101 next unless (substr ($line, 0, 1) eq '_');
2103 my $index1 = index ($line, ':', 20);
2105 next if ($index1 != 20);
2109 $iter = substr ($line, 1, 4);
2111 $iter = base64_to_int24
($iter);
2115 $salt = substr ($line, 5, 4);
2119 $word = substr ($line, $index1 + 1);
2120 $hash_in = substr ($line, 0, $index1);
2122 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2124 # Blockchain, My Wallet
2125 elsif ($mode == 12700)
2127 my $index1 = index ($line, ':');
2129 next if ($index1 < 0);
2131 $hash_in = substr ($line, 0, $index1);
2132 $word = substr ($line, $index1 + 1);
2134 my (undef, $signature, $data_len, $data_buf) = split '\$', $hash_in;
2136 next unless ($signature eq "blockchain");
2138 next unless (($data_len * 2) == length $data_buf);
2140 $salt = substr ($data_buf, 0, 32);
2141 $param = substr ($data_buf, 32);
2143 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2145 elsif ($mode == 12800)
2147 ($hash_in, $word) = split ":", $line;
2149 next unless defined $hash_in;
2150 next unless defined $word;
2152 my @data = split /\,/, $hash_in;
2154 next unless scalar @data == 4;
2156 next unless (shift @data eq 'v1;PPH1_MD4');
2158 $salt = shift @data;
2159 $iter = shift @data;
2161 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2163 elsif ($mode == 12900)
2165 ($hash_in, $word) = split ":", $line;
2167 next unless defined $hash_in;
2168 next unless defined $word;
2170 next unless length $hash_in == 160;
2172 $param = substr ($hash_in, 0, 64);
2173 $salt = substr ($hash_in, 128, 32);
2176 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2178 elsif ($mode == 13000)
2182 ($hash_line, $word) = split ":", $line;
2184 next unless defined $hash_line;
2185 next unless defined $word;
2187 my @data = split ('\$', $hash_line);
2189 next unless scalar @data == 8;
2193 my $signature = shift @data;
2194 my $salt_len = shift @data;
2195 my $salt_buf = shift @data;
2196 my $iterations = shift @data;
2197 my $iv = shift @data;
2198 my $pswcheck_len = shift @data;
2199 my $pswcheck = shift @data;
2201 next unless ($signature eq "rar5");
2202 next unless ($salt_len == 16);
2203 next unless ($pswcheck_len == 8);
2206 $iter = $iterations;
2207 $hash_in = $pswcheck;
2210 next unless (exists ($db->{$hash_line}) and (! defined ($db->{$hash_line})));
2214 print "ERROR: hash mode is not supported\n";
2219 if ($word =~ m/^\$HEX\[[0-9a-fA-F]*\]$/)
2221 $word = pack ("H*", substr ($word, 5, -1));
2224 # finally generate the hash
2229 # check both variations
2230 $hash_out = gen_hash
($mode, $word, $salt, $iter, 1);
2232 $len = length $hash_out; # == length $alternative
2234 if (substr ($line, 0, $len) ne $hash_out)
2236 my $alternative = gen_hash
($mode, $word, $salt, $iter, 2);
2238 return unless (substr ($line, 0, $len) eq $alternative);
2241 elsif ($mode == 8700)
2243 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2245 $len = length $hash_out;
2247 return unless (substr ($line, 0, $len) eq $hash_out);
2249 elsif ($mode == 8900)
2251 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2253 $len = length $hash_out;
2255 return unless (substr ($line, 0, $len) eq $hash_out);
2257 elsif ($mode == 9100)
2259 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2261 $len = length $hash_out;
2263 return unless (substr ($line, 0, $len) eq $hash_out);
2265 elsif ($mode == 190)
2267 $hash_out = gen_hash
($mode, $word, $salt, $iter, 0);
2269 $len = length $hash_out; # == length $alternative
2271 if (substr ($line, 0, $len) ne $hash_out)
2273 my $alternative = gen_hash
($mode, $word, $salt, $iter, 1);
2275 return unless (substr ($line, 0, $len) eq $alternative);
2278 elsif ($mode == 3300)
2280 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2282 $len = length $hash_out;
2284 return unless (substr ($line, 0, $len) eq $hash_out);
2286 elsif ($mode == 5100)
2288 # check 3 variants (start, middle, end)
2292 $hash_out = gen_hash
($mode, $word, $salt, $iter, $idx++);
2294 $len = length $hash_out; # == length $alternative
2296 if (substr ($line, 0, $len) ne $hash_out)
2298 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2300 if (substr ($line, 0, $len) ne $alternative)
2302 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2304 return unless (substr ($line, 0, $len) eq $alternative);
2308 elsif ($mode == 9400)
2310 $hash_out = gen_hash
($mode, $word, $salt, 50000, $param, $param2);
2312 $len = length $hash_out;
2314 return unless (substr ($line, 0, $len) eq $hash_out);
2316 elsif ($mode == 9500)
2318 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2320 $len = length $hash_out;
2322 return unless (substr ($line, 0, $len) eq $hash_out);
2324 elsif ($mode == 9600)
2326 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2328 $len = length $hash_out;
2330 return unless (substr ($line, 0, $len) eq $hash_out);
2332 elsif ($mode == 9700)
2334 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2336 $len = length $hash_out;
2338 return unless (substr ($line, 0, $len) eq $hash_out);
2340 elsif ($mode == 9800)
2342 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2344 $len = length $hash_out;
2346 return unless (substr ($line, 0, $len) eq $hash_out);
2348 elsif ($mode == 10400)
2350 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2352 $len = length $hash_out;
2354 return unless (substr ($line, 0, $len) eq $hash_out);
2356 elsif ($mode == 10500)
2358 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3, $param4, $param5, $param6);
2360 $len = length $hash_out;
2362 return unless (substr ($line, 0, $len) eq $hash_out);
2364 elsif ($mode == 10600)
2366 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2368 $len = length $hash_out;
2370 return unless (substr ($line, 0, $len) eq $hash_out);
2372 elsif ($mode == 10700)
2374 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2376 $len = length $hash_out;
2378 return unless (substr ($line, 0, $len) eq $hash_out);
2380 elsif ($mode == 10900)
2382 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2384 $len = length $hash_out;
2386 return unless (substr ($line, 0, $len) eq $hash_out);
2388 elsif ($mode == 11100)
2390 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2392 $len = length $hash_out;
2394 return unless (substr ($line, 0, $len) eq $hash_out);
2396 elsif ($mode == 11400)
2398 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6, $param7, $param8, $param9, $param10, $param11);
2400 $len = length $hash_out;
2402 return unless (substr ($line, 0, $len) eq $hash_out);
2404 elsif ($mode == 11600)
2406 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6);
2408 $len = length $hash_out;
2410 return unless (substr ($line, 0, $len) eq $hash_out);
2412 elsif ($mode == 11900)
2414 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2416 $len = length $hash_out;
2418 return unless (substr ($line, 0, $len) eq $hash_out);
2420 elsif ($mode == 12000)
2422 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2424 $len = length $hash_out;
2426 return unless (substr ($line, 0, $len) eq $hash_out);
2428 elsif ($mode == 12100)
2430 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2432 $len = length $hash_out;
2434 return unless (substr ($line, 0, $len) eq $hash_out);
2436 elsif ($mode == 12200)
2438 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2440 $len = length $hash_out;
2442 return unless (substr ($line, 0, $len) eq $hash_out);
2444 elsif ($mode == 12700)
2446 # this is very special, we can't call gen_hash () because the param part is not always the same
2447 # we only know that it should contain the letters "guid" at the beginning of the decryted string
2449 my $pbkdf2 = Crypt
::PBKDF2
->new (
2450 hash_class
=> 'HMACSHA1',
2455 my $salt_bin = pack ("H*", $salt);
2457 my $key = $pbkdf2->PBKDF2 ($salt_bin, $word);
2459 my $cipher = Crypt
::CBC
->new({
2461 cipher
=> "Crypt::Rijndael",
2468 my $param_bin = pack ("H*", $param);
2470 my $decrypted = $cipher->decrypt ($param_bin);
2472 my $decrypted_part = substr ($decrypted, 1, 16);
2474 return unless ($decrypted_part =~ /"guid"/);
2476 $hash_out = $hash_in;
2478 elsif ($mode == 12900)
2480 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2482 $len = length $hash_out;
2484 return unless (substr ($line, 0, $len) eq $hash_out);
2486 elsif ($mode == 13000)
2488 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2490 $len = length $hash_out;
2492 return unless (substr ($line, 0, $len) eq $hash_out);
2496 $hash_out = gen_hash
($mode, $word, $salt, $iter);
2498 $len = length $hash_out;
2503 # allow $P$ and $H$ for -m 400
2504 next unless (substr ($line, 3, $len - 3) eq substr ($hash_out, 3));
2506 elsif ($mode == 5600)
2508 # oclHashcat outputs the user name always upper-case, we need
2509 next unless (substr ($line, 0, $len) eq $hash_out);
2513 my $hash_out_lower = lc ($hash_out);
2515 for my $key (keys %{$db})
2517 if (lc ($key) eq $hash_out_lower)
2529 next unless (substr ($line, 0, $len) eq $hash_out);
2533 # do not forget "exists ($db->$hash_out)" should be done above!
2534 $db->{$hash_out} = $word;
2535 print OUT
$line . "\n";
2544 my $mode = shift || 0;
2546 while (my $word_buf = <>)
2550 next if length ($word_buf) > 31;
2558 for (my $i = 0; $i < 256; $i++)
2560 my $c = get_random_chr
(0x30, 0x39);
2562 push (@salt_arr, $c);
2565 my $salt_buf = join ("", @salt_arr);
2573 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 5700 || $mode == 9900 || $mode == 10800 || $mode == 11500)
2575 $tmp_hash = gen_hash
($mode, $word_buf, "");
2577 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
2579 my $salt_len = get_random_num
(1, 15);
2581 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2583 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
2585 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2589 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2593 my $salt_len = get_random_num
(1, 11);
2595 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2597 elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 1800 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
2599 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 8));
2601 elsif ($mode == 112)
2603 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
2605 elsif ($mode == 121)
2607 my $salt_len = get_random_num
(1, 9);
2609 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2611 elsif ($mode == 141 || $mode == 1441)
2613 my $salt_len = get_random_num
(1, 15);
2615 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2617 elsif ($mode == 1100)
2619 my $salt_len = get_random_num
(1, 19);
2621 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2623 elsif ($mode == 1500)
2625 next if length ($word_buf) > 8;
2627 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2629 elsif ($mode == 2100)
2631 next if length ($word_buf) > 13;
2633 my $salt_len = get_random_num
(1, 19);
2635 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2637 elsif ($mode == 2410)
2639 next if length ($word_buf) > 15;
2641 my $salt_len = get_random_num
(1, 15);
2643 my $word_len = length ($word_buf);
2645 $salt_len = min
($salt_len, 15 - $word_len);
2647 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2649 elsif ($mode == 2500)
2651 next if length ($word_buf) < 8;
2653 my $salt_len = get_random_num
(0, 32);
2655 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2657 elsif ($mode == 2611)
2659 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 3));
2661 elsif ($mode == 2612)
2663 my $salt_len = get_random_num
(1, 22);
2665 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2667 elsif ($mode == 2711)
2669 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 30));
2671 elsif ($mode == 2811)
2673 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2675 elsif ($mode == 3000)
2677 next if length ($word_buf) > 7;
2679 $tmp_hash = gen_hash
($mode, $word_buf, "");
2681 elsif ($mode == 3100)
2683 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 10));
2685 elsif ($mode == 3200 || $mode == 5800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 3300 || $mode == 8000 || $mode == 9100 || $mode == 12200)
2687 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
2689 elsif ($mode == 3800 || $mode == 4900)
2691 my $salt_len = get_random_num
(1, 11);
2693 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2695 elsif ($mode == 4800)
2697 $salt_buf = get_random_md5chap_salt
(substr ($salt_buf, 0, 16));
2699 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2701 elsif ($mode == 5300 || $mode == 5400)
2703 $salt_buf = get_random_ike_salt
();
2705 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2707 elsif ($mode == 5500)
2709 my $user_len = get_random_num
(0, 15);
2710 my $domain_len = get_random_num
(0, 15);
2712 $salt_buf = get_random_netntlmv1_salt
($user_len, $domain_len);
2714 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2716 elsif ($mode == 5600)
2718 my $user_len = get_random_num
(0, 15);
2719 my $domain_len = get_random_num
(0, 15);
2721 $salt_buf = get_random_netntlmv2_salt
($user_len, $domain_len);
2723 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2725 elsif ($mode == 6600)
2727 $salt_buf = get_random_agilekeychain_salt
();
2729 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2731 elsif ($mode == 6800)
2733 my $email_len = get_random_num
(1, 15);
2737 for (my $i = 0; $i < $email_len; $i++)
2739 $email .= get_random_chr
(0x61, 0x7a);
2742 $email .= '@trash-mail.com';
2744 $tmp_hash = gen_hash
($mode, $word_buf, $email);
2746 elsif ($mode == 7100)
2748 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
2750 elsif ($mode == 7200)
2752 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 128));
2754 elsif ($mode == 7300)
2756 my $salt_len = get_random_num
(32, 256);
2758 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2760 elsif ($mode == 7500)
2762 $salt_buf = get_random_kerberos5_salt
(substr ($salt_buf, 0, 16));
2764 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2766 elsif ($mode == 7700)
2768 next if length ($word_buf) > 8;
2770 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2772 elsif ($mode == 7800)
2774 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2776 elsif ($mode == 8200)
2778 $salt_buf = get_random_cloudkeychain_salt
();
2780 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2782 elsif ($mode == 8300)
2784 $salt_buf = get_random_dnssec_salt
();
2786 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2788 elsif ($mode == 8400 || $mode == 11200)
2790 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 40));
2792 elsif ($mode == 8500)
2794 next if length ($word_buf) > 8;
2796 my $salt_len = get_random_num
(1, 9);
2798 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2800 elsif ($mode == 8600)
2802 next if length ($word_buf) > 16;
2804 $tmp_hash = gen_hash
($mode, $word_buf, "");
2806 elsif ($mode == 8700)
2808 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2810 elsif ($mode == 9200 || $mode == 9300)
2814 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2816 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
2818 next if length ($word_buf) > 19;
2822 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2824 elsif ($mode == 10100)
2826 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2828 elsif ($mode == 10300)
2830 my $salt_len = get_random_num
(4, 15);
2832 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2834 elsif ($mode == 10400)
2836 next if length ($word_buf) > 31;
2840 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2842 elsif ($mode == 10500)
2844 next if length ($word_buf) > 15;
2848 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2850 elsif ($mode == 10600)
2852 next if length ($word_buf) > 31;
2856 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2858 elsif ($mode == 10700)
2860 next if length ($word_buf) > 15;
2864 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2866 elsif ($mode == 11000)
2868 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 56));
2870 elsif ($mode == 11300)
2872 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
2874 elsif ($mode == 11400)
2876 next if length ($word_buf) > 24;
2878 my $salt_len = get_random_num
(1, 15);
2880 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2882 elsif ($mode == 11600)
2884 my $salt_len = get_random_num
(0, 16);
2886 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2888 elsif ($mode == 12400)
2890 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 4));
2892 elsif ($mode == 12600)
2894 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
2896 elsif ($mode == 12700)
2898 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2900 elsif ($mode == 12800)
2902 next if length ($word_buf) > 24;
2904 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
2906 elsif ($mode == 12900)
2908 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2910 elsif ($mode == 13000)
2912 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2916 print "ERROR: Unsupported hash type\n";
2921 print $tmp_hash, "\n";
2934 for (my $j = 0; $j < scalar @modes; $j++)
2936 my $mode = $modes[$j];
2938 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5300 || $mode == 5400 || $mode == 6000 || $mode == 6100 || $mode == 6600 || $mode == 6900 || $mode == 5700 || $mode == 8200 || $mode == 8300 || $mode == 9900 || $mode == 10800 || $mode == 11500)
2940 for (my $i = 1; $i < 32; $i++)
2944 rnd
($mode, $len, 0);
2952 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
2954 my $salt_len = get_random_num
(1, 15);
2956 for (my $i = 1; $i < 32; $i++)
2960 rnd
($mode, $len, $salt_len);
2964 rnd
($mode, $i, $salt_len);
2968 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
2970 for (my $i = 1; $i < 32; $i++)
2974 rnd
($mode, $len, 32);
2978 rnd
($mode, $i, 32);
2982 elsif ($mode == 21 || $mode == 22)
2984 for (my $i = 1; $i < 32; $i++)
2988 rnd
($mode, $len, 2);
2996 elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
2998 for (my $i = 1; $i < 32; $i++)
3002 rnd
($mode, $len, 8);
3010 elsif ($mode == 112)
3012 for (my $i = 1; $i < 32; $i++)
3016 rnd
($mode, $len, 20);
3020 rnd
($mode, $i, 20);
3024 elsif ($mode == 141 || $mode == 3300 || $mode == 1441 || $mode == 1800 || $mode == 3200 || $mode == 4800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 8000 || $mode == 9100 || $mode == 12200)
3026 for (my $i = 1; $i < 32; $i++)
3030 rnd
($mode, $len, 16);
3034 rnd
($mode, $i, 16);
3040 my $salt_len = get_random_num
(1, 19);
3042 for (my $i = 1; $i < 32; $i++)
3046 rnd
($mode, $len, $salt_len);
3050 rnd
($mode, $i, $salt_len);
3054 elsif ($mode == 1500)
3056 for (my $i = 1; $i < 9; $i++)
3060 rnd
($mode, $len, 2);
3068 elsif ($mode == 2100)
3070 my $salt_len = get_random_num
(1, 19);
3072 for (my $i = 1; $i < 13; $i++)
3076 rnd
($mode, $len, $salt_len);
3080 rnd
($mode, $i, $salt_len);
3084 elsif ($mode == 2500)
3086 my $salt_len = get_random_num
(0, 32);
3088 for (my $i = 8; $i < 16; $i++)
3090 my $generate_from_len = 0;
3099 rnd
($mode, $len, $salt_len);
3103 rnd
($mode, $i, $salt_len);
3107 elsif ($mode == 2611)
3109 for (my $i = 1; $i < 32; $i++)
3113 rnd
($mode, $len, 3);
3121 elsif ($mode == 2612)
3123 my $salt_len = get_random_num
(1, 22);
3125 for (my $i = 1; $i < 32; $i++)
3129 rnd
($mode, $len, $salt_len);
3133 rnd
($mode, $i, $salt_len);
3137 elsif ($mode == 2711)
3139 for (my $i = 1; $i < 32; $i++)
3143 rnd
($mode, $len, 30);
3147 rnd
($mode, $i, 30);
3151 elsif ($mode == 2811)
3153 for (my $i = 1; $i < 32; $i++)
3157 rnd
($mode, $len, 5);
3165 elsif ($mode == 3000)
3167 for (my $i = 1; $i < 8; $i++)
3171 rnd
($mode, $len, 0);
3179 elsif ($mode == 3100)
3181 for (my $i = 1; $i < 32; $i++)
3185 rnd
($mode, $len, 10);
3189 rnd
($mode, $i, 10);
3193 elsif ($mode == 3800 || $mode == 4900)
3195 my $salt_len = get_random_num
(1, 11);
3197 for (my $i = 1; $i < 32; $i++)
3201 rnd
($mode, $len, $salt_len);
3205 rnd
($mode, $i, $salt_len);
3209 elsif ($mode == 5500 || $mode == 5600)
3213 for (my $i = 1; $i < 27; $i++)
3215 $salt_len = get_random_num
(1, 15);
3219 rnd
($mode, $len, $salt_len);
3223 rnd
($mode, $i, $salt_len);
3227 elsif ($mode == 5800)
3229 for (my $i = 1; $i < 14; $i++)
3233 rnd
($mode, $len, 16);
3237 rnd
($mode, $i, 16);
3241 elsif ($mode == 6800)
3243 my $salt_len = get_random_num
(8, 25);
3245 for (my $i = 1; $i < 32; $i++)
3249 rnd
($mode, $len, $salt_len);
3253 rnd
($mode, $i, $salt_len);
3257 elsif ($mode == 7100)
3259 for (my $i = 1; $i < 32; $i++)
3263 rnd
($mode, $len, 64);
3267 rnd
($mode, $i, 64);
3271 elsif ($mode == 7200)
3273 for (my $i = 1; $i < 32; $i++)
3277 rnd
($mode, $len, 128);
3281 rnd
($mode, $i, 128);
3285 elsif ($mode == 7300)
3287 my $salt_len = get_random_num
(32, 255);
3289 for (my $i = 1; $i < 32; $i++)
3293 rnd
($mode, $len, $salt_len);
3297 rnd
($mode, $i, $salt_len);
3301 elsif ($mode == 7500)
3303 for (my $i = 1; $i < 27; $i++)
3307 rnd
($mode, $len, 16);
3311 rnd
($mode, $i, 16);
3315 elsif ($mode == 7700)
3317 my $salt_len = get_random_num
(1, 12);
3319 for (my $i = 1; $i < 9; $i++)
3323 rnd
($mode, $len, $salt_len);
3327 rnd
($mode, $i, $salt_len);
3331 elsif ($mode == 7800)
3333 my $salt_len = get_random_num
(1, 12);
3335 for (my $i = 1; $i < 32; $i++)
3339 rnd
($mode, $len, $salt_len);
3343 rnd
($mode, $i, $salt_len);
3347 elsif ($mode == 8400 || $mode == 11200)
3349 for (my $i = 1; $i < 32; $i++)
3353 rnd
($mode, $len, 40);
3357 rnd
($mode, $i, 40);
3361 elsif ($mode == 8500)
3363 my $salt_len = get_random_num
(1, 8);
3365 for (my $i = 1; $i < 9; $i++)
3369 rnd
($mode, $len, $salt_len);
3373 rnd
($mode, $i, $salt_len);
3377 elsif ($mode == 8600)
3379 for (my $i = 1; $i < 17; $i++)
3383 rnd
($mode, $len, 0);
3391 elsif ($mode == 8700)
3393 for (my $i = 1; $i < 32; $i++)
3397 rnd
($mode, $len, 5);
3405 elsif ($mode == 9200 || $mode == 9300)
3409 for (my $i = 1; $i < 32; $i++)
3413 rnd
($mode, $len, $salt_len);
3417 rnd
($mode, $i, $salt_len);
3421 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
3425 for (my $i = 1; $i < 20; $i++)
3429 rnd
($mode, $len, $salt_len);
3433 rnd
($mode, $i, $salt_len);
3437 elsif ($mode == 10100)
3439 for (my $i = 1; $i < 32; $i++)
3443 rnd
($mode, $len, 32);
3447 rnd
($mode, $i, 32);
3451 elsif ($mode == 10300)
3453 my $salt_len = get_random_num
(4, 15);
3455 for (my $i = 1; $i < 32; $i++)
3459 rnd
($mode, $len, $salt_len);
3463 rnd
($mode, $i, $salt_len);
3467 elsif ($mode == 10400 || $mode == 10600)
3471 for (my $i = 1; $i < 32; $i++)
3475 rnd
($mode, $len, $salt_len);
3479 rnd
($mode, $i, $salt_len);
3483 elsif ($mode == 10500 || $mode == 10700)
3487 for (my $i = 1; $i < 16; $i++)
3491 rnd
($mode, $len, $salt_len);
3495 rnd
($mode, $i, $salt_len);
3499 elsif ($mode == 11000)
3501 for (my $i = 1; $i < 32; $i++)
3505 rnd
($mode, $len, 56);
3509 rnd
($mode, $i, 56);
3513 elsif ($mode == 11300)
3515 for (my $i = 1; $i < 32; $i++)
3519 rnd
($mode, $len, 16);
3523 rnd
($mode, $i, 16);
3527 elsif ($mode == 11400)
3529 for (my $i = 1; $i < 24; $i++)
3533 rnd
($mode, $len, 16);
3537 rnd
($mode, $i, 16);
3541 elsif ($mode == 11600)
3543 my $salt_len = get_random_num
(0, 16);
3545 for (my $i = 1; $i < 32; $i++)
3549 rnd
($mode, $len, $salt_len);
3553 rnd
($mode, $i, $salt_len);
3557 elsif ($mode == 12400)
3559 for (my $i = 1; $i < 32; $i++)
3563 rnd
($mode, $len, 4);
3571 elsif ($mode == 12600)
3573 for (my $i = 1; $i < 32; $i++)
3577 rnd
($mode, $len, 64);
3581 rnd
($mode, $i, 64);
3585 elsif ($mode == 12700)
3587 for (my $i = 1; $i < 32; $i++)
3591 rnd
($mode, $len, 32);
3595 rnd
($mode, $i, 32);
3599 elsif ($mode == 12800)
3601 for (my $i = 1; $i < 25; $i++)
3605 rnd
($mode, $len, 20);
3609 rnd
($mode, $i, 20);
3613 elsif ($mode == 12900)
3615 for (my $i = 1; $i < 32; $i++)
3619 rnd
($mode, $len, 32);
3623 rnd
($mode, $i, 32);
3627 elsif ($mode == 13000)
3629 for (my $i = 1; $i < 32; $i++)
3633 rnd
($mode, $len, 32);
3637 rnd
($mode, $i, 32);
3650 my $word_buf = shift;
3652 my $salt_buf = shift;
3656 my $additional_param = shift;
3658 my $additional_param2 = shift;
3660 my $additional_param3 = shift;
3662 my $additional_param4 = shift;
3664 my $additional_param5 = shift;
3666 my $additional_param6 = shift;
3668 my $additional_param7 = shift;
3670 my $additional_param8 = shift;
3672 my $additional_param9 = shift;
3674 my $additional_param10 = shift;
3676 my $additional_param11 = shift;
3688 $hash_buf = md5_hex
($word_buf);
3690 $tmp_hash = sprintf ("%s", $hash_buf);
3694 $hash_buf = md5_hex
($word_buf . $salt_buf);
3696 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3700 $hash_buf = md5_hex
($word_buf . $salt_buf);
3702 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3706 $hash_buf = md5_hex
($word_buf . $salt_buf);
3708 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3712 $hash_buf = md5_hex
($salt_buf . $word_buf);
3714 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3718 $hash_buf = md5_hex
($salt_buf . $word_buf);
3720 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3724 my $itoa64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
3725 my $salt_suffix = "Administration Tools";
3727 my $pass = sprintf ("%s:%s:%s", $salt_buf, $salt_suffix, $word_buf);
3729 $hash_buf = md5
($pass);
3733 for (my $pos = 0; $pos < 16; $pos += 2)
3735 my $octet1 = ord (substr ($hash_buf, $pos + 0, 1));
3736 my $octet2 = ord (substr ($hash_buf, $pos + 1, 1));
3738 my $num = ($octet1 <<8 & 0xff00) | ($octet2 & 0xff);
3740 my $idx1 = $num >> 12 & 0x0f;
3741 my $idx2 = $num >> 6 & 0x3f;
3742 my $idx3 = $num & 0x3f;
3744 $res = $res . substr ($itoa64, $idx1, 1) . substr ($itoa64, $idx2, 1) . substr ($itoa64, $idx3, 1);
3747 my $obfuscate_str = "nrcstn";
3748 my @obfuscate_pos = (0, 6, 12, 17, 23, 29);
3750 foreach my $pos (keys @obfuscate_pos)
3752 my $idx = $obfuscate_pos[$pos];
3753 my $before = substr ($res, 0, $idx);
3754 my $char = substr ($obfuscate_str, $pos, 1);
3755 my $after = substr ($res, $idx);
3757 $res = sprintf ("%s%s%s", $before, $char, $after);
3760 $tmp_hash = sprintf ("%s:%s", $res, $salt_buf);
3764 $hash_buf = md5_hex
($salt_buf . "\nskyper\n" . $word_buf);
3766 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3770 $hash_buf = md5_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
3772 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3776 $hash_buf = md5_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
3778 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3782 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
, 64);
3784 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3788 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&md5
, 64);
3790 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3792 elsif ($mode == 100)
3794 $hash_buf = sha1_hex
($word_buf);
3796 $tmp_hash = sprintf ("%s", $hash_buf);
3798 elsif ($mode == 101)
3800 $hash_buf = sha1
($word_buf);
3802 my $base64_buf = encode_base64
($hash_buf);
3804 chomp ($base64_buf);
3806 $tmp_hash = sprintf ("{SHA}%s", $base64_buf);
3808 elsif ($mode == 110)
3810 $hash_buf = sha1_hex
($word_buf . $salt_buf);
3812 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3814 elsif ($mode == 111)
3816 $hash_buf = sha1
($word_buf . $salt_buf);
3818 my $base64_buf = encode_base64
($hash_buf . $salt_buf);
3820 chomp ($base64_buf);
3822 $tmp_hash = sprintf ("{SSHA}%s", $base64_buf);
3824 elsif ($mode == 112)
3826 my $salt_buf_bin = pack ("H*", $salt_buf);
3828 $hash_buf = sha1_hex
($word_buf . $salt_buf_bin);
3830 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3832 elsif ($mode == 120)
3834 $hash_buf = sha1_hex
($salt_buf . $word_buf);
3836 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3838 elsif ($mode == 121)
3840 $hash_buf = sha1_hex
(lc ($salt_buf) . $word_buf);
3842 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3844 elsif ($mode == 122)
3846 my $salt_buf_bin = pack ("H*", $salt_buf);
3848 $hash_buf = sha1_hex
($salt_buf_bin . $word_buf);
3850 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
3852 elsif ($mode == 130)
3854 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
3856 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3858 elsif ($mode == 131)
3860 my $salt_buf_bin = pack ("H*", $salt_buf);
3862 $hash_buf = sha1_hex
(encode
("UTF-16LE", uc ($word_buf)) . $salt_buf_bin);
3864 $tmp_hash = sprintf ("0x0100%s%s%s", $salt_buf, "0" x
40, $hash_buf);
3866 elsif ($mode == 132)
3868 my $salt_buf_bin = pack ("H*", $salt_buf);
3870 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
3872 $tmp_hash = sprintf ("0x0100%s%s", $salt_buf, $hash_buf);
3874 elsif ($mode == 140)
3876 $hash_buf = sha1_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
3878 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3880 elsif ($mode == 141)
3882 $hash_buf = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
3884 my $base64_salt_buf = encode_base64
($salt_buf);
3886 chomp ($base64_salt_buf);
3888 my $base64_hash_buf = encode_base64
($hash_buf);
3890 $base64_hash_buf = substr ($base64_hash_buf, 0, 27);
3892 $tmp_hash = sprintf ("\$episerver\$*0*%s*%s", $base64_salt_buf, $base64_hash_buf);
3894 elsif ($mode == 150)
3896 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
, 64);
3898 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3900 elsif ($mode == 160)
3902 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha1
, 64);
3904 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3906 elsif ($mode == 190)
3908 $hash_buf = sha1_hex
($word_buf);
3910 my $variant = int (rand (2));
3912 if (defined ($additional_param))
3914 $variant = $additional_param;
3919 substr ($hash_buf, 0, 5) = "00000";
3922 $tmp_hash = sprintf ("%s", $hash_buf);
3924 elsif ($mode == 200)
3926 my $ppr = Authen
::Passphrase
::MySQL323
->new (passphrase
=> $word_buf);
3928 $hash_buf = $ppr->hash_hex;
3930 $tmp_hash = sprintf ("%s", $hash_buf);
3932 elsif ($mode == 300)
3934 $hash_buf = substr (password41
($word_buf), 1);
3936 $hash_buf = lc ($hash_buf); # useful for 'not matched' check only
3938 $tmp_hash = sprintf ("%s", $hash_buf);
3940 elsif ($mode == 400)
3949 my $ppr = Authen
::Passphrase
::PHPass
->new
3953 passphrase
=> $word_buf,
3956 $hash_buf = $ppr->as_rfc2307;
3958 $tmp_hash = sprintf ("%s", substr ($hash_buf, 7));
3960 elsif ($mode == 500)
3962 my $iterations = 1000;
3964 if (defined ($iter))
3968 $iterations = int ($iter);
3972 $hash_buf = md5_crypt
('$1$', $iterations, $word_buf, $salt_buf);
3974 $tmp_hash = sprintf ("%s", $hash_buf);
3976 elsif ($mode == 900)
3978 $hash_buf = md4_hex
($word_buf);
3980 $tmp_hash = sprintf ("%s", $hash_buf);
3982 elsif ($mode == 1000)
3984 $hash_buf = md4_hex
(encode
("UTF-16LE", $word_buf));
3986 $tmp_hash = sprintf ("%s", $hash_buf);
3988 elsif ($mode == 1100)
3990 $hash_buf = md4_hex
(md4
(encode
("UTF-16LE", $word_buf)) . encode
("UTF-16LE", lc ($salt_buf)));
3992 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3994 elsif ($mode == 1400)
3996 $hash_buf = sha256_hex
($word_buf);
3998 $tmp_hash = sprintf ("%s", $hash_buf);
4000 elsif ($mode == 1410)
4002 $hash_buf = sha256_hex
($word_buf . $salt_buf);
4004 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4006 elsif ($mode == 1420)
4008 $hash_buf = sha256_hex
($salt_buf . $word_buf);
4010 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4012 elsif ($mode == 1430)
4014 $hash_buf = sha256_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4016 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4018 elsif ($mode == 1440)
4020 $hash_buf = sha256_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4022 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4024 elsif ($mode == 1441)
4026 $hash_buf = sha256
($salt_buf . encode
("UTF-16LE", $word_buf));
4028 my $base64_salt_buf = encode_base64
($salt_buf);
4030 chomp ($base64_salt_buf);
4032 my $base64_hash_buf = encode_base64
($hash_buf);
4034 chomp ($base64_hash_buf);
4036 $base64_hash_buf = substr ($base64_hash_buf, 0, 43);
4038 $tmp_hash = sprintf ("\$episerver\$*1*%s*%s", $base64_salt_buf, $base64_hash_buf);
4040 elsif ($mode == 1450)
4042 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha256
, 64);
4044 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4046 elsif ($mode == 1460)
4048 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha256
, 64);
4050 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4052 elsif ($mode == 1500)
4054 $hash_buf = crypt ($word_buf, $salt_buf);
4056 $tmp_hash = sprintf ("%s", $hash_buf);
4058 elsif ($mode == 1600)
4060 my $iterations = 1000;
4062 if (defined ($iter))
4066 $iterations = int ($iter);
4070 $hash_buf = md5_crypt
('$apr1$', $iterations, $word_buf, $salt_buf);
4072 $tmp_hash = sprintf ("%s", $hash_buf);
4074 elsif ($mode == 1700)
4076 $hash_buf = sha512_hex
($word_buf);
4078 $tmp_hash = sprintf ("%s", $hash_buf);
4080 elsif ($mode == 1710)
4082 $hash_buf = sha512_hex
($word_buf . $salt_buf);
4084 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4086 elsif ($mode == 1711)
4088 $hash_buf = sha512_hex
($word_buf . $salt_buf);
4090 my $base64_buf = encode_base64
(pack ("H*", $hash_buf) . $salt_buf);
4092 $base64_buf =~ s/[ \n]//g;
4094 $tmp_hash = sprintf ("{SSHA512}%s", $base64_buf);
4096 elsif ($mode == 1720)
4098 $hash_buf = sha512_hex
($salt_buf . $word_buf);
4100 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4102 elsif ($mode == 1730)
4104 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4106 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4108 elsif ($mode == 1740)
4110 $hash_buf = sha512_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4112 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4114 elsif ($mode == 1722)
4116 my $salt_buf_bin = pack ("H*", $salt_buf);
4118 $hash_buf = sha512_hex
($salt_buf_bin . $word_buf);
4120 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
4122 elsif ($mode == 1731)
4124 my $salt_buf_bin = pack ("H*", $salt_buf);
4126 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
4128 $tmp_hash = sprintf ("0x0200%s%s", $salt_buf, $hash_buf);
4130 elsif ($mode == 1750)
4132 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha512
, 128);
4134 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4136 elsif ($mode == 1760)
4138 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha512
, 128);
4140 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4142 elsif ($mode == 1800)
4144 my $iterations = 5000;
4146 if (defined ($iter))
4150 $iterations = int ($iter);
4154 $hash_buf = sha512_crypt
($iterations, $word_buf, $salt_buf);
4156 $tmp_hash = sprintf ("%s", $hash_buf);
4158 elsif ($mode == 2100)
4160 my $iterations = 10240;
4164 $iterations = int ($iter);
4167 my $salt = encode
("UTF-16LE", lc ($salt_buf));
4169 my $pbkdf2 = Crypt
::PBKDF2
->new
4171 hash_class
=> 'HMACSHA1',
4172 iterations
=> $iterations,
4174 salt_len
=> length ($salt),
4177 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 ($salt, md4
(md4
(encode
("UTF-16LE", $word_buf)) . $salt)));
4179 $tmp_hash = sprintf ("\$DCC2\$%i#%s#%s", $iterations, $salt_buf, $hash_buf);
4181 elsif ($mode == 2400)
4183 $tmp_hash = sprintf ("%s", pseudo_base64
(Digest
::MD5
::md5
($word_buf . "\0" x
(16 - length ($word_buf)))));
4185 elsif ($mode == 2410)
4187 my $salt_len = length ($salt_buf);
4189 my $salt_len_max4 = ($salt_len < 4) ?
$salt_len : 4;
4191 my $hash_buf = pseudo_base64
(Digest
::MD5
::md5
($word_buf . substr ($salt_buf, 0, $salt_len_max4) . "\0" x
(16 - length ($word_buf) - $salt_len_max4)));
4193 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4195 elsif ($mode == 2500)
4197 my ($bssid, $stmac, $snonce, $anonce, $eapol, $keyver, $eapol_size);
4199 if (! defined ($additional_param))
4203 $bssid = randbytes
(6);
4204 $stmac = randbytes
(6);
4205 $snonce = randbytes
(32);
4206 $anonce = randbytes
(32);
4208 $keyver = get_random_num
(1, 3); # 1 or 2
4211 # should be "validly" generated, but in theory could be anything for us also:
4212 # $eapol = "\x00" x 121; # works too, but let's generate it correctly
4214 $eapol = gen_random_wpa_eapol
($keyver, $snonce);
4218 $bssid = $additional_param;
4219 $stmac = $additional_param2;
4220 $snonce = $additional_param3;
4221 $anonce = $additional_param4;
4222 $keyver = $additional_param5;
4223 $eapol = $additional_param6;
4226 $eapol_size = length ($eapol);
4230 my $iterations = 4096;
4236 # generate the Pairwise Master Key (PMK)
4238 my $pbkdf2 = Crypt
::PBKDF2
->new
4240 hash_class
=> 'HMACSHA1',
4241 iterations
=> $iterations,
4245 my $pmk = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
4247 # Pairwise Transient Key (PTK) transformation
4249 my $ptk = wpa_prf_512
($pmk, $stmac, $bssid, $snonce, $anonce);
4251 # generate the Message Integrity Code (MIC)
4255 if ($keyver == 1) # WPA1 => MD5
4257 $mic = hmac
($eapol, $ptk, \
&md5
);
4261 $mic = hmac
($eapol, $ptk, \
&sha1
);
4264 $mic = substr ($mic, 0, 16);
4267 # format the binary output
4272 # first the essid (NULL-padded up to the first 36 bytes)
4274 $hash_buf .= $salt_buf;
4275 $hash_buf .= "\x00" x
(36 - length ($salt_buf));
4277 # the 2 MAC addresses
4279 $hash_buf .= $bssid;
4280 $hash_buf .= $stmac;
4284 $hash_buf .= $snonce;
4285 $hash_buf .= $anonce;
4289 $hash_buf .= $eapol;
4290 $hash_buf .= "\x00" x
(256 - $eapol_size);
4294 $hash_buf .= pack ("L*", $eapol_size);
4298 $hash_buf .= pack ("L*", $keyver);
4300 # and finally: the key mic
4304 # base64 encode the output
4306 $tmp_hash = encode_base64
($hash_buf, '');
4308 elsif ($mode == 2600)
4310 $hash_buf = md5_hex
(md5_hex
($word_buf));
4312 $tmp_hash = sprintf ("%s", $hash_buf);
4314 elsif ($mode == 2611)
4316 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4318 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4320 elsif ($mode == 2612)
4322 my $salt_buf_hex = unpack ("H*", $salt_buf);
4324 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4326 $tmp_hash = sprintf ("\$PHPS\$%s\$%s", $salt_buf_hex, $hash_buf);
4328 elsif ($mode == 2711)
4330 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4332 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4334 elsif ($mode == 2811)
4336 $hash_buf = md5_hex
(md5_hex
($salt_buf) . md5_hex
($word_buf));
4338 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4340 elsif ($mode == 3000)
4342 my $ppr = Authen
::Passphrase
::LANManager
->new ("passphrase" => $word_buf);
4344 $hash_buf = $ppr->hash_hex;
4346 $tmp_hash = sprintf ("%s", substr ($hash_buf, 0, 16));
4348 elsif ($mode == 3100)
4350 $hash_buf = oracle_hash
($salt_buf, $word_buf);
4352 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4354 elsif ($mode == 3200)
4363 $tmp_hash = bcrypt
($word_buf, sprintf ('$2a$%s$%s$', $cost, en_base64
($salt_buf)));
4365 elsif ($mode == 3300)
4367 my $iterations = 904;
4371 $iterations = int ($iter);
4376 if (defined ($additional_param))
4378 $variant = $additional_param;
4381 my $prefix = sprintf ("\$md5%srounds=%i\$%s", $variant, $iterations, $salt_buf);
4383 $iterations += 4096;
4385 $hash_buf = sun_md5
($word_buf, $prefix, $iterations);
4387 $tmp_hash = sprintf ("%s\$%s", $prefix, $hash_buf);
4389 elsif ($mode == 3500)
4391 $hash_buf = md5_hex
(md5_hex
(md5_hex
($word_buf)));
4393 $tmp_hash = sprintf ("%s", $hash_buf);
4395 elsif ($mode == 3610)
4397 $hash_buf = md5_hex
(md5_hex
($salt_buf) . $word_buf);
4399 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4401 elsif ($mode == 3710)
4403 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf));
4405 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4407 elsif ($mode == 3711)
4409 $hash_buf = md5_hex
($salt_buf . "-" . md5_hex
($word_buf));
4411 $tmp_hash = sprintf ("\$B\$%s\$%s", $salt_buf, $hash_buf);
4413 elsif ($mode == 3720)
4415 $hash_buf = md5_hex
($word_buf . md5_hex
($salt_buf));
4417 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4419 elsif ($mode == 3800)
4421 $hash_buf = md5_hex
($salt_buf . $word_buf . $salt_buf);
4423 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4425 elsif ($mode == 3910)
4427 $hash_buf = md5_hex
(md5_hex
($word_buf) . md5_hex
($salt_buf));
4429 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4431 elsif ($mode == 4010)
4433 $hash_buf = md5_hex
($salt_buf . md5_hex
($salt_buf . $word_buf));
4435 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4437 elsif ($mode == 4110)
4439 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf . $salt_buf));
4441 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4443 elsif ($mode == 4210)
4445 $hash_buf = md5_hex
($salt_buf . "\x00" . $word_buf);
4447 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4449 elsif ($mode == 4300)
4451 $hash_buf = md5_hex
(uc (md5_hex
($word_buf)));
4453 $tmp_hash = sprintf ("%s", $hash_buf);
4455 elsif ($mode == 4400)
4457 $hash_buf = md5_hex
(sha1_hex
($word_buf));
4459 $tmp_hash = sprintf ("%s", $hash_buf);
4461 elsif ($mode == 4500)
4463 $hash_buf = sha1_hex
(sha1_hex
($word_buf));
4465 $tmp_hash = sprintf ("%s", $hash_buf);
4467 elsif ($mode == 4600)
4469 $hash_buf = sha1_hex
(sha1_hex
(sha1_hex
($word_buf)));
4471 $tmp_hash = sprintf ("%s", $hash_buf);
4473 elsif ($mode == 4700)
4475 $hash_buf = sha1_hex
(md5_hex
($word_buf));
4477 $tmp_hash = sprintf ("%s", $hash_buf);
4479 elsif ($mode == 4800)
4481 my $index = rindex ($salt_buf, ":");
4483 my $salt = substr ($salt_buf, 0, $index);
4484 my $salt_bin = pack ("H*", $salt);
4485 my $chap_sign = substr ($salt_buf, $index + 1);
4486 my $chap_sign_bin = pack ("H*", $chap_sign);
4488 $hash_buf = md5_hex
($chap_sign_bin . $word_buf . $salt_bin);
4490 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4492 elsif ($mode == 4900)
4494 $hash_buf = sha1_hex
($salt_buf . $word_buf . $salt_buf);
4496 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4498 elsif ($mode == 5000)
4500 $hash_buf = keccak_256_hex
($word_buf);
4502 $tmp_hash = sprintf ("%s", $hash_buf);
4504 elsif ($mode == 5100)
4508 if (! defined ($additional_param))
4514 $pos = $additional_param * 8 unless ($additional_param > 2);
4517 $hash_buf = md5_hex
($word_buf);
4519 $tmp_hash = sprintf ("%s", substr ($hash_buf, $pos, 16));
4521 elsif ($mode == 5300)
4523 my @salt_arr = split (":", $salt_buf);
4525 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4526 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4528 my $hash_buf = hmac
($nr_buf , $word_buf, \
&md5
, 64);
4529 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&md5
, 64);
4531 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4533 elsif ($mode == 5400)
4535 my @salt_arr = split (":", $salt_buf);
4537 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4538 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4540 my $hash_buf = hmac
($nr_buf , $word_buf, \
&sha1
, 64);
4541 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&sha1
, 64);
4543 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4545 elsif ($mode == 5500)
4547 my $index1 = index ($salt_buf, "::");
4548 my $user = substr ($salt_buf, 0, $index1);
4550 my $index2 = index ($salt_buf, ":", $index1 + 2);
4551 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4553 my $len = length (substr ($salt_buf, $index2 + 1));
4555 my $c_challenge_hex;
4559 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 48);
4564 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4565 $c_challenge_hex .= 00 x
32;
4568 my $c_challenge = pack ("H*", substr ($c_challenge_hex, 0, 16));
4569 my $s_challenge_hex = substr ($salt_buf, $index2 + 17, 16);
4570 my $s_challenge = pack ("H*", $s_challenge_hex);
4572 my $challenge = substr (md5
($s_challenge . $c_challenge), 0, 8);
4576 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash . "\x00" x
5;
4578 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 0, 7)), "DES", $challenge, PADDING_NONE
);
4579 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 7, 7)), "DES", $challenge, PADDING_NONE
);
4580 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 14, 7)), "DES", $challenge, PADDING_NONE
);
4582 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $c_challenge_hex, unpack ("H*", $ntresp), $s_challenge_hex);
4584 elsif ($mode == 5600)
4586 my $index1 = index ($salt_buf, "::");
4587 my $user = substr ($salt_buf, 0, $index1);
4589 my $index2 = index ($salt_buf, ":", $index1 + 2);
4590 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4592 my $s_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4593 my $s_challenge = pack ("H*", $s_challenge_hex);
4595 my $temp_hex = substr ($salt_buf, $index2 + 17);
4596 my $temp = pack ("H*", $temp_hex);
4598 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash;
4599 my $identity = Encode
::encode
("UTF-16LE", uc ($user) . $domain);
4601 $hash_buf = hmac_hex
($s_challenge . $temp, hmac
($identity, $nthash, \
&md5
, 64), \
&md5
, 64);
4603 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $s_challenge_hex, $hash_buf, $temp_hex);
4605 elsif ($mode == 5700)
4607 $hash_buf = sha256
($word_buf);
4609 my $base64_buf = encode_base64
($hash_buf);
4613 for (my $i = 0; $i < 43; $i++)
4615 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($base64_buf, $i, 1)};
4618 elsif ($mode == 5800)
4620 $hash_buf = androidpin_hash
($word_buf, $salt_buf);
4622 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4624 elsif ($mode == 6000)
4626 $hash_buf = ripemd160_hex
($word_buf);
4628 $tmp_hash = sprintf ("%s", $hash_buf);
4630 elsif ($mode == 6100)
4632 $hash_buf = whirlpool_hex
($word_buf);
4634 $tmp_hash = sprintf ("%s", $hash_buf);
4636 elsif ($mode == 6300)
4638 my $iterations = 1000; # hard coded by the AIX format
4640 $hash_buf = md5_crypt
('', $iterations, $word_buf, $salt_buf);
4642 $tmp_hash = sprintf ("{smd5}%s", $hash_buf);
4644 elsif ($mode == 6400)
4646 my $iterations = 64;
4650 $iterations = 1 << int ($iter);
4653 $hash_buf = aix_ssha256_pbkdf2
($word_buf, $salt_buf, $iterations);
4655 $tmp_hash = sprintf ("{ssha256}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4657 elsif ($mode == 6500)
4659 my $iterations = 64;
4663 $iterations = 1 << int ($iter);
4666 $hash_buf = aix_ssha512_pbkdf2
($word_buf, $salt_buf, $iterations);
4668 $tmp_hash = sprintf ("{ssha512}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4670 elsif ($mode == 6600)
4672 my $iterations = 1000;
4676 $iterations = int ($iter);
4679 my $salt_hex = substr ($salt_buf, 0, 16);
4680 my $salt = pack ("H*", $salt_hex);
4682 my $prefix = substr ($salt_buf, 16, 2016);
4684 my $iv_hex = substr ($salt_buf, 2032);
4685 my $iv = pack ("H*", $iv_hex);
4687 my $data = pack ("H*", "10101010101010101010101010101010");
4689 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA1');
4691 my $pbkdf2 = Crypt
::PBKDF2
->new (
4693 iterations
=> $iterations,
4697 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
4699 my $cipher = Crypt
::CBC
->new({
4701 cipher
=> "Crypt::Rijndael",
4708 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
4710 $hash_buf = substr ($encrypted, 0, 32);
4712 $tmp_hash = sprintf ("%i:%s:%s%s%s", $iterations, $salt_hex, $prefix, $iv_hex, $hash_buf);
4714 elsif ($mode == 6700)
4716 my $iterations = 64;
4720 $iterations = 1 << int ($iter);
4723 $hash_buf = aix_ssha1_pbkdf2
($word_buf, $salt_buf, $iterations);
4725 $tmp_hash = sprintf ("{ssha1}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4727 elsif ($mode == 6800)
4729 my $variant = $additional_param;
4731 if (! defined ($variant))
4733 $variant = int (rand (2));
4736 my $iterations = 500;
4740 $iterations = int ($iter);
4743 my $iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
4745 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256);
4747 my $pbkdf2 = Crypt
::PBKDF2
->new (
4749 iterations
=> $iterations,
4753 my $key = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
4755 my $cipher = Crypt
::CBC
->new({
4757 cipher
=> "Crypt::Rijndael",
4766 my $encrypt = $cipher->encrypt (substr ($salt_buf, 0, 16));
4768 $hash_buf = substr (unpack ("H*", $encrypt), 0, 32);
4772 my $verifier = "lastpass rocks\x02\x02";
4774 $hash_buf = unpack ("H*", substr ($cipher->encrypt ($verifier), 0, 16));
4777 $tmp_hash = sprintf ("%s:%i:%s", $hash_buf, $iterations, $salt_buf);
4779 elsif ($mode == 6900)
4781 $hash_buf = gost_hex
($word_buf);
4783 $tmp_hash = sprintf ("%s", $hash_buf);
4785 elsif ($mode == 7100)
4787 my $iterations = 1024;
4791 $iterations = int ($iter);
4794 my $pbkdf2 = Crypt
::PBKDF2
->new
4796 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
4797 iterations
=> $iterations
4800 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
4802 $tmp_hash = sprintf ("\$ml\$%i\$%s\$%0128s", $iterations, $salt_buf, $hash_buf);
4804 elsif ($mode == 7200)
4806 my $iterations = 1024;
4810 $iterations = int ($iter);
4813 my $pbkdf2 = Crypt
::PBKDF2
->new (
4814 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
4815 iterations
=> $iterations
4818 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
4820 $tmp_hash = sprintf ("grub.pbkdf2.sha512.%i.%s.%0128s", $iterations, $salt_buf, $hash_buf);
4822 elsif ($mode == 7300)
4824 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
);
4826 $tmp_hash = sprintf ("%s:%s", unpack ("H*", $salt_buf), $hash_buf);
4828 elsif ($mode == 7400)
4830 my $iterations = 5000;
4832 if (defined ($iter))
4836 $iterations = int ($iter);
4840 $hash_buf = sha256_crypt
($iterations, $word_buf, $salt_buf);
4842 $tmp_hash = sprintf ("%s", $hash_buf);
4844 elsif ($mode == 7500)
4846 my @salt_arr = split ("\\\$", $salt_buf);
4848 my $user = $salt_arr[0];
4850 my $realm = $salt_arr[1];
4852 my $salt = $salt_arr[2];
4854 my $hmac_salt = $salt_arr[3];
4855 my $hmac_salt_bin = pack ("H*", $hmac_salt);
4857 my $clear_data = $salt_arr[4];
4859 my $k = md4
(encode
("UTF-16LE", $word_buf));
4861 my $k1 = hmac_md5
("\x01\x00\x00\x00", $k);
4863 my $k3 = hmac_md5
($hmac_salt_bin, $k1);
4865 if (length ($clear_data) > 1)
4867 my $clear_data_bin = pack ("H*", $clear_data);
4869 $hash_buf = RC4
($k3, $clear_data_bin);
4873 my $hash = $salt_arr[5];
4875 my $hash_bin = pack ("H*", $hash);
4877 my $clear_data = RC4
($k3, $hash_bin);
4879 my $timestamp = substr ($clear_data, 14, 14);
4884 if ($timestamp !~ /^[[:digit:]]{14}$/)
4891 $hash_buf = "\x00" x
36;
4893 if ($hash_buf eq $hash_bin)
4895 $hash_buf = "\x01" x
36;
4900 $hash_buf = $hash_bin;
4904 $tmp_hash = sprintf ("\$krb5pa\$23\$%s\$%s\$%s\$%s%s", $user, $realm, $salt, unpack ("H*", $hash_buf), $hmac_salt);
4906 elsif ($mode == 7600)
4908 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($word_buf));
4910 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4912 elsif ($mode == 7700)
4914 $word_buf = uc $word_buf;
4915 $salt_buf = uc $salt_buf;
4917 my $word_buf_t = sapb_transcode
($word_buf);
4918 my $salt_buf_t = sapb_transcode
($salt_buf);
4920 my $digest1 = md5
($word_buf_t . $salt_buf_t);
4922 my $data = sapb_waldorf
($digest1, $word_buf_t, $salt_buf_t);
4924 my $digest2 = md5
($data);
4926 my ($a, $b, $c, $d) = unpack ("N4", $digest2);
4931 $tmp_hash = sprintf ("%s\$%08X%08X", $salt_buf, $a, $b);
4933 elsif ($mode == 7800)
4935 my $theMagicArray_s =
4936 "\x91\xac\x51\x14\x9f\x67\x54\x43\x24\xe7\x3b\xe0\x28\x74\x7b\xc2" .
4937 "\x86\x33\x13\xeb\x5a\x4f\xcb\x5c\x08\x0a\x73\x37\x0e\x5d\x1c\x2f" .
4938 "\x33\x8f\xe6\xe5\xf8\x9b\xae\xdd\x16\xf2\x4b\x8d\x2c\xe1\xd4\xdc" .
4939 "\xb0\xcb\xdf\x9d\xd4\x70\x6d\x17\xf9\x4d\x42\x3f\x9b\x1b\x11\x94" .
4940 "\x9f\x5b\xc1\x9b\x06\x05\x9d\x03\x9d\x5e\x13\x8a\x1e\x9a\x6a\xe8" .
4941 "\xd9\x7c\x14\x17\x58\xc7\x2a\xf6\xa1\x99\x63\x0a\xd7\xfd\x70\xc3" .
4942 "\xf6\x5e\x74\x13\x03\xc9\x0b\x04\x26\x98\xf7\x26\x8a\x92\x93\x25" .
4943 "\xb0\xa2\x0d\x23\xed\x63\x79\x6d\x13\x32\xfa\x3c\x35\x02\x9a\xa3" .
4944 "\xb3\xdd\x8e\x0a\x24\xbf\x51\xc3\x7c\xcd\x55\x9f\x37\xaf\x94\x4c" .
4945 "\x29\x08\x52\x82\xb2\x3b\x4e\x37\x9f\x17\x07\x91\x11\x3b\xfd\xcd";
4947 $salt_buf = uc $salt_buf;
4949 my $digest = sha1
($word_buf . $salt_buf);
4951 my ($a, $b, $c, $d, $e) = unpack ("I*", $digest);
4953 my $lengthMagicArray = 0x20;
4954 my $offsetMagicArray = 0;
4956 $lengthMagicArray += (($a >> 0) & 0xff) % 6;
4957 $lengthMagicArray += (($a >> 8) & 0xff) % 6;
4958 $lengthMagicArray += (($a >> 16) & 0xff) % 6;
4959 $lengthMagicArray += (($a >> 24) & 0xff) % 6;
4960 $lengthMagicArray += (($b >> 0) & 0xff) % 6;
4961 $lengthMagicArray += (($b >> 8) & 0xff) % 6;
4962 $lengthMagicArray += (($b >> 16) & 0xff) % 6;
4963 $lengthMagicArray += (($b >> 24) & 0xff) % 6;
4964 $lengthMagicArray += (($c >> 0) & 0xff) % 6;
4965 $lengthMagicArray += (($c >> 8) & 0xff) % 6;
4966 $offsetMagicArray += (($c >> 16) & 0xff) % 8;
4967 $offsetMagicArray += (($c >> 24) & 0xff) % 8;
4968 $offsetMagicArray += (($d >> 0) & 0xff) % 8;
4969 $offsetMagicArray += (($d >> 8) & 0xff) % 8;
4970 $offsetMagicArray += (($d >> 16) & 0xff) % 8;
4971 $offsetMagicArray += (($d >> 24) & 0xff) % 8;
4972 $offsetMagicArray += (($e >> 0) & 0xff) % 8;
4973 $offsetMagicArray += (($e >> 8) & 0xff) % 8;
4974 $offsetMagicArray += (($e >> 16) & 0xff) % 8;
4975 $offsetMagicArray += (($e >> 24) & 0xff) % 8;
4977 my $hash_buf = sha1_hex
($word_buf . substr ($theMagicArray_s, $offsetMagicArray, $lengthMagicArray) . $salt_buf);
4979 $tmp_hash = sprintf ("%s\$%s", $salt_buf, uc $hash_buf);
4981 elsif ($mode == 7900)
4990 my $phpass_it = 1 << $cost;
4992 $hash_buf = sha512
($salt_buf . $word_buf);
4994 for (my $i = 0; $i < $phpass_it; $i++)
4996 $hash_buf = sha512
($hash_buf . $word_buf);
4999 my $base64_buf = substr (Authen
::Passphrase
::PHPass
::_en_base64
($hash_buf), 0, 43);
5001 my $base64_digits = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
5003 my $cost_str = substr ($base64_digits , $cost, 1);
5005 $tmp_hash = sprintf ('$S$%s%s%s', $cost_str, $salt_buf, $base64_buf);
5007 elsif ($mode == 8000)
5009 my $salt_buf_bin = pack ("H*", $salt_buf);
5011 my $word_buf_utf = encode
("UTF-16BE", $word_buf);
5013 $hash_buf = sha256_hex
($word_buf_utf . "\x00" x
(510 - (length ($word_buf) * 2)) . $salt_buf_bin);
5015 $tmp_hash = sprintf ("0xc007%s%s", $salt_buf, $hash_buf);
5017 elsif ($mode == 8100)
5019 $hash_buf = sha1_hex
($salt_buf . $word_buf . "\x00");
5021 $tmp_hash = sprintf ("1%s%s", $salt_buf, $hash_buf);
5023 elsif ($mode == 8200)
5025 my $iterations = 40000;
5027 if (defined ($iter))
5029 $iterations = $iter;
5032 my $salt_hex = substr ($salt_buf, 0, 32);
5033 my $salt = pack ("H*", $salt_hex);
5035 my $data_hex = substr ($salt_buf, 32);
5036 my $data = pack ("H*", $data_hex);
5038 my $pbkdf2 = Crypt
::PBKDF2
->new
5040 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
5041 iterations
=> int $iterations
5044 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
5046 $hash_buf = hmac_hex
($data, substr ($key, 32, 32), \
&sha256
, 64);
5048 $tmp_hash = sprintf ("%s:%s:%d:%s", $hash_buf, $salt_hex, $iterations, $data_hex);
5050 elsif ($mode == 8300)
5052 my ($domain, $salt_hex) = split (":", $salt_buf);
5054 my $hashalg = Net
::DNS
::SEC
->digtype ("SHA1");
5056 my $salt = pack ("H*", $salt_hex);
5060 if (defined ($iter))
5062 $iterations = $iter;
5065 my $name = lc ($word_buf . $domain);
5067 my $hash_buf = Net
::DNS
::RR
::NSEC3
::name2hash
($hashalg, $name, $iterations, $salt);
5069 $tmp_hash = sprintf ("%s:%s:%s:%d", $hash_buf, $domain, $salt_hex, $iterations);
5071 elsif ($mode == 8400)
5073 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($salt_buf . sha1_hex
($word_buf)));
5075 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5077 elsif ($mode == 8500)
5079 $hash_buf = racf_hash
(uc $salt_buf, $word_buf);
5081 $tmp_hash = sprintf ('$racf$*%s*%s', uc $salt_buf, uc $hash_buf);
5083 elsif ($mode == 8600)
5085 my @saved_key = map { ord $_; } split "", $word_buf;
5087 my $len = scalar @saved_key;
5089 my @state = domino_big_md
(\
@saved_key, $len);
5091 $tmp_hash = sprintf ('%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x',
5110 elsif ($mode == 8700)
5112 my $domino_char = undef;
5114 if (defined ($additional_param))
5116 $domino_char = $additional_param;
5119 my @saved_key = map { ord $_; } split "", $word_buf;
5121 my $len = scalar @saved_key;
5123 my @state = domino_big_md
(\
@saved_key, $len);
5125 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5127 @saved_key = map { ord $_; } split "", $salt_buf . uc $str;
5129 @state = domino_big_md
(\
@saved_key, 34);
5131 $hash_buf = join ("", (map { chr $_; } @state));
5133 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_buf . $hash_buf, $domino_char));
5135 elsif ($mode == 8900)
5141 if (defined ($additional_param))
5143 $N = $additional_param;
5144 $r = $additional_param2;
5145 $p = $additional_param3;
5148 $hash_buf = scrypt_hash
($word_buf, $salt_buf, $N, $r, $p, 32);
5150 $tmp_hash = sprintf ('%s', $hash_buf);
5152 elsif ($mode == 9100)
5154 my $iterations = 5000;
5156 if (defined ($iter))
5158 $iterations = $iter;
5161 my $domino_char = undef;
5163 # domino 5 hash - SEC_pwddigest_V1 - -m 8600
5165 my @saved_key = map { ord $_; } split "", $word_buf;
5167 my $len = scalar @saved_key;
5169 my @state = domino_big_md
(\
@saved_key, $len);
5172 # domino 6 hash - SEC_pwddigest_V2 - -m 8700
5174 my $salt_part = substr ($salt_buf, 0, 5);
5176 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5178 @saved_key = map { ord $_; } split "", $salt_part . uc $str;
5180 @state = domino_big_md
(\
@saved_key, 34);
5182 $hash_buf = join ("", (map { chr $_; } @state));
5184 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_part . $hash_buf, $domino_char));
5187 # domino 8(.5.x) hash - SEC_pwddigest_V3 - -m 9100
5189 my $pbkdf2 = Crypt
::PBKDF2
->new
5191 hash_class
=> 'HMACSHA1',
5192 iterations
=> $iterations,
5199 if (defined ($additional_param))
5201 $chars = $additional_param;
5204 my $digest_new = $pbkdf2->PBKDF2 ($salt_buf, $tmp_hash);
5206 my $iteration_str = "" . $iterations;
5208 for (my $i = length ($iterations); $i < 10; $i++)
5210 $iterations = "0" . $iterations;
5213 $tmp_hash = sprintf ('(H%s)', domino_85x_encode
($salt_buf . $iterations . $chars . $digest_new, $domino_char));
5215 elsif ($mode == 9200)
5217 my $iterations = 20000;
5219 my $pbkdf2 = Crypt
::PBKDF2
->new
5221 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5222 iterations
=> $iterations
5225 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5229 for (my $i = 0; $i < 43; $i++)
5231 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5234 $tmp_hash = sprintf ("\$8\$%s\$%s", $salt_buf, $tmp_hash);
5236 elsif ($mode == 9300)
5242 $hash_buf = scrypt_b64
($word_buf, $salt_buf, $N, $r, $p, 32);
5246 for (my $i = 0; $i < 43; $i++)
5248 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5251 $tmp_hash = sprintf ('$9$%s$%s', $salt_buf, $tmp_hash);
5253 elsif ($mode == 9400)
5255 my $iterations = 50000;
5259 $iterations = int ($iter);
5262 my $aes_key_size = 128; # or 256
5264 if (defined ($additional_param2))
5266 $aes_key_size = $additional_param2;
5269 $salt_buf = pack ("H*", $salt_buf);
5271 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5273 for (my $i = 0; $i < $iterations; $i++)
5275 my $num32 = pack ("L", $i);
5277 $tmp = sha1
($num32 . $tmp);
5280 my $zero32 = pack ("L", 0x00);
5282 my $derivation_array1 = pack ("C", 0x36) x
64;
5283 my $derivation_array2 = pack ("C", 0x5C) x
64;
5285 $tmp = sha1
($tmp . $zero32);
5287 my $tmp2 = sha1
($derivation_array1 ^ $tmp);
5288 my $tmp3 = sha1
($derivation_array2 ^ $tmp);
5290 my $key = substr ($tmp2 . $tmp3, 0, $aes_key_size / 8);
5292 my $m = Crypt
::Mode
::ECB
->new ('AES', 0);
5296 if (defined $additional_param)
5298 $encdata = $m->decrypt (pack ("H*", $additional_param), $key);
5302 $encdata = "A" x
16; ## can be anything
5305 my $data1_buf = $encdata;
5306 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5308 $data1_buf = substr ($data1_buf . ("\x00" x
16), 0, 16);
5309 $data2_buf = substr ($data2_buf . ("\x00" x
16), 0, 32);
5311 my $encrypted1 = unpack ("H*", $m->encrypt ($data1_buf, $key));
5312 my $encrypted2 = unpack ("H*", $m->encrypt ($data2_buf, $key));
5314 $encrypted1 = substr ($encrypted1, 0, 32);
5315 $encrypted2 = substr ($encrypted2, 0, 40);
5317 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2007, 20, $aes_key_size, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5319 elsif ($mode == 9500)
5321 my $iterations = 100000;
5325 $iterations = int ($iter);
5328 $salt_buf = pack ("H*", $salt_buf);
5330 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5332 for (my $i = 0; $i < $iterations; $i++)
5334 my $num32 = pack ("L", $i);
5336 $tmp = sha1
($num32 . $tmp);
5339 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5340 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5342 my $final1 = sha1
($tmp . $encryptedVerifierHashInputBlockKey);
5343 my $final2 = sha1
($tmp . $encryptedVerifierHashValueBlockKey);
5345 my $key1 = substr ($final1, 0, 16);
5346 my $key2 = substr ($final2, 0, 16);
5348 my $cipher1 = Crypt
::CBC
->new({
5350 cipher
=> "Crypt::Rijndael",
5358 my $cipher2 = Crypt
::CBC
->new({
5360 cipher
=> "Crypt::Rijndael",
5370 if (defined $additional_param)
5372 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5376 $encdata = "A" x
16; ## can be anything
5379 my $data1_buf = $encdata;
5380 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5382 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5383 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5385 $encrypted2 = substr ($encrypted2, 0, 64);
5387 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2010, 100000, 128, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5389 elsif ($mode == 9600)
5391 my $iterations = 100000;
5395 $iterations = int ($iter);
5398 $salt_buf = pack ("H*", $salt_buf);
5400 my $tmp = sha512
($salt_buf . encode
("UTF-16LE", $word_buf));
5402 for (my $i = 0; $i < $iterations; $i++)
5404 my $num32 = pack ("L", $i);
5406 $tmp = sha512
($num32 . $tmp);
5409 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5410 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5412 my $final1 = sha512
($tmp . $encryptedVerifierHashInputBlockKey);
5413 my $final2 = sha512
($tmp . $encryptedVerifierHashValueBlockKey);
5415 my $key1 = substr ($final1, 0, 32);
5416 my $key2 = substr ($final2, 0, 32);
5418 my $cipher1 = Crypt
::CBC
->new({
5420 cipher
=> "Crypt::Rijndael",
5428 my $cipher2 = Crypt
::CBC
->new({
5430 cipher
=> "Crypt::Rijndael",
5440 if (defined $additional_param)
5442 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5446 $encdata = "A" x
16; ## can be anything
5449 my $data1_buf = $encdata;
5450 my $data2_buf = sha512
(substr ($data1_buf, 0, 16));
5452 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5453 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5455 $encrypted2 = substr ($encrypted2, 0, 64);
5457 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2013, 100000, 256, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5459 elsif ($mode == 9700)
5461 $salt_buf = pack ("H*", $salt_buf);
5463 my $tmp = md5
(encode
("UTF-16LE", $word_buf));
5465 $tmp = substr ($tmp, 0, 5);
5469 for (my $i = 0; $i < 16; $i++)
5477 $tmp = substr ($tmp, 0, 5);
5481 if (defined $additional_param2)
5483 $version = $additional_param2;
5487 $version = (unpack ("L", $tmp) & 1) ?
0 : 1;
5490 my $rc4_key = md5
($tmp . "\x00\x00\x00\x00");
5492 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5496 if (defined $additional_param)
5498 $encdata = $m->RC4 (pack ("H*", $additional_param));
5502 $encdata = "A" x
16; ## can be anything
5505 my $data1_buf = $encdata;
5506 my $data2_buf = md5
(substr ($data1_buf, 0, 16));
5508 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5510 my $encrypted1 = $m->RC4 ($data1_buf);
5511 my $encrypted2 = $m->RC4 ($data2_buf);
5513 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5515 elsif ($mode == 9800)
5517 $salt_buf = pack ("H*", $salt_buf);
5519 my $tmp = sha1
($salt_buf. encode
("UTF-16LE", $word_buf));
5523 if (defined $additional_param2)
5525 $version = $additional_param2;
5529 $version = (unpack ("L", $tmp) & 1) ?
3 : 4;
5532 my $rc4_key = sha1
($tmp . "\x00\x00\x00\x00");
5536 $rc4_key = substr ($rc4_key, 0, 5) . "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
5539 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5543 if (defined $additional_param)
5545 $encdata = $m->RC4 (pack ("H*", $additional_param));
5549 $encdata = "A" x
16; ## can be anything
5552 my $data1_buf = $encdata;
5553 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5555 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5557 my $encrypted1 = $m->RC4 ($data1_buf);
5558 my $encrypted2 = $m->RC4 ($data2_buf);
5560 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5562 elsif ($mode == 9900)
5564 $tmp_hash = sprintf ("%s", md5_hex
($word_buf . "\0" x
(100 - length ($word_buf))));
5566 elsif ($mode == 10000)
5568 my $iterations = 10000;
5572 $iterations = int ($iter);
5575 my $pbkdf2 = Crypt
::PBKDF2
->new
5577 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5578 iterations
=> $iterations
5581 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5582 $hash_buf =~ s/[\r\n]//g;
5584 $tmp_hash = sprintf ("pbkdf2_sha256\$%i\$%s\$%s", $iterations, $salt_buf, $hash_buf);
5586 elsif ($mode == 10100)
5588 my $seed = pack ("H*", $salt_buf);
5590 my ($hi, $lo) = siphash
($word_buf, $seed);
5592 my $hi_s = sprintf ("%08x", $hi);
5593 my $lo_s = sprintf ("%08x", $lo);
5595 $hi_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5596 $lo_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5598 $tmp_hash = sprintf ("%s%s:2:4:%s", $hi_s, $lo_s, $salt_buf);
5600 elsif ($mode == 10200)
5602 my $challengeb64 = encode_base64
($salt_buf);
5603 $challengeb64 =~ s/[\r\n]//g;
5607 if (defined $additional_param)
5609 $username = $additional_param;
5616 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
);
5618 my $responseb64 = encode_base64
($username . " " . $hash_buf);
5619 $responseb64 =~ s/[\r\n]//g;
5621 $tmp_hash = sprintf ('$cram_md5$%s$%s', $challengeb64, $responseb64);
5623 elsif ($mode == 10300)
5625 my $iterations = 1024;
5629 $iterations = int ($iter);
5632 my $hash_buf = $salt_buf;
5634 for (my $pos = 0; $pos < $iterations; $pos++)
5636 $hash_buf = sha1
($word_buf . $hash_buf);
5639 $hash_buf = encode_base64
($hash_buf . $salt_buf);
5640 $hash_buf =~ s/[\r\n]//g;
5642 $tmp_hash = sprintf ("{x-issha, %i}%s", $iterations, $hash_buf);
5644 elsif ($mode == 10400)
5647 my $u = $additional_param;
5648 my $o = $additional_param2;
5649 my $P = $additional_param3;
5651 if (defined $u == 0)
5656 if (defined $o == 0)
5661 if (defined $P == 0)
5668 for (my $i = 0; $i < 32; $i++)
5670 $padding .= pack ("C", $pdf_padding[$i]);
5673 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, 1, 2, 0);
5675 my $m = Crypt
::RC4
->new (substr ($res, 0, 5));
5677 $u = $m->RC4 ($padding);
5679 $tmp_hash = sprintf ('$pdf$%d*%d*40*%d*%d*16*%s*32*%s*32*%s', 1, 2, $P, 0, $id, unpack ("H*", $u), $o);
5681 elsif ($mode == 10500)
5684 my $u = $additional_param;
5685 my $o = $additional_param2;
5686 my $P = $additional_param3;
5687 my $V = $additional_param4;
5688 my $R = $additional_param5;
5689 my $enc = $additional_param6;
5691 if (defined $u == 0)
5698 if (defined $o == 0)
5703 if (defined $R == 0)
5705 $R = get_random_num
(3, 5);
5708 if (defined $V == 0)
5710 $V = ($R == 3) ?
2 : 4;
5713 if (defined $P == 0)
5715 $P = ($R == 3) ?
-4 : -1028;
5718 if (defined $enc == 0)
5720 $enc = ($R == 3) ?
1 : get_random_num
(0, 2);
5725 for (my $i = 0; $i < 32; $i++)
5727 $padding .= pack ("C", $pdf_padding[$i]);
5730 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, $V, $R, $enc);
5732 my $digest = md5
($padding . pack ("H*", $id));
5734 my $m = Crypt
::RC4
->new ($res);
5736 $u = $m->RC4 ($digest);
5738 my @ress = split "", $res;
5740 for (my $x = 1; $x <= 19; $x++)
5744 for (my $i = 0; $i < 16; $i++)
5746 $xor[$i] = chr (ord ($ress[$i]) ^ $x);
5749 my $s = join ("", @xor);
5751 my $m2 = Crypt
::RC4
->new ($s);
5756 $u .= substr (pack ("H*", $u_save), 16, 16);
5758 $tmp_hash = sprintf ('$pdf$%d*%d*128*%d*%d*16*%s*32*%s*32*%s', $V, $R, $P, $enc, $id, unpack ("H*", $u), $o);
5760 elsif ($mode == 10600)
5763 my $rest = $additional_param;
5765 if (defined $id == 0)
5770 if (defined $rest == 0)
5776 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
5779 my @data = split /\*/, $rest;
5781 my $u = pack ("H*", $data[1]);
5783 my $h = sha256
($word_buf . substr ($u, 32, 8));
5785 $data[1] = unpack ("H*", $h . substr ($u, 32));
5787 $rest = join ("*", @data);
5789 $tmp_hash = sprintf ('$pdf$5*5*256*-1028*1*16*%s*%s', $id, $rest);
5791 elsif ($mode == 10700)
5794 my $rest = $additional_param;
5796 if (defined $id == 0)
5801 if (defined $rest == 0)
5807 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
5810 my @datax = split /\*/, $rest;
5812 my $u = pack ("H*", $datax[1]);
5814 my $block = sha256
($word_buf . substr ($u, 32, 8));
5816 my $block_size = 32;
5818 my $data = 0x00 x
64;
5824 for (my $i = 0; $i < 64 || $i < $data63 + 32; $i++)
5826 $data = $word_buf . $block;
5828 $data_len = length ($data);
5830 for (my $k = 1; $k < 64; $k++)
5832 $data .= $word_buf . $block;
5835 my $aes = Crypt
::CBC
->new({
5836 key
=> substr ($block, 0, 16),
5837 cipher
=> "Crypt::Rijndael",
5838 iv
=> substr ($block, 16, 16),
5845 my $data = $aes->encrypt ($data);
5849 for (my $j = 0; $j < 16; $j++)
5851 $sum += ord (substr ($data, $j, 1));
5854 $block_size = 32 + ($sum % 3) * 16;
5856 if ($block_size == 32)
5858 $block = sha256
(substr ($data, 0, $data_len * 64));
5860 elsif ($block_size == 48)
5862 $block = sha384
(substr ($data, 0, $data_len * 64));
5864 elsif ($block_size == 64)
5866 $block = sha512
(substr ($data, 0, $data_len * 64));
5869 $data63 = ord (substr ($data, $data_len * 64 - 1, 1));
5872 $datax[1] = unpack ("H*", substr ($block, 0, 32) . substr ($u, 32));
5874 $rest = join ("*", @datax);
5876 $tmp_hash = sprintf ('$pdf$5*6*256*-1028*1*16*%s*%s', $id, $rest);
5878 elsif ($mode == 10800)
5880 $hash_buf = sha384_hex
($word_buf);
5882 $tmp_hash = sprintf ("%s", $hash_buf);
5884 elsif ($mode == 10900)
5886 my $iterations = 1000;
5890 $iterations = int ($iter);
5895 if (defined $additional_param)
5897 $out_len = $additional_param;
5900 my $pbkdf2 = Crypt
::PBKDF2
->new
5902 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5903 iterations
=> $iterations,
5904 output_len
=> $out_len
5907 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5908 $hash_buf =~ s/[\r\n]//g;
5910 my $base64_salt_buf = encode_base64
($salt_buf);
5912 chomp ($base64_salt_buf);
5914 $tmp_hash = sprintf ("sha256:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
5916 elsif ($mode == 11000)
5918 $hash_buf = md5_hex
($salt_buf . $word_buf);
5920 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5922 elsif ($mode == 11100)
5924 my $user = "postgres";
5926 if (defined $additional_param)
5928 $user = $additional_param;
5931 $hash_buf = md5_hex
(md5_hex
($word_buf . $user) . pack ("H*", $salt_buf));
5933 $tmp_hash = sprintf ("\$postgres\$%s*%s*%s", $user, $salt_buf, $hash_buf);
5935 elsif ($mode == 11200)
5937 my $sha1_pass = sha1
($word_buf);
5938 my $double_sha1 = sha1
($sha1_pass);
5940 my $xor_part1 = $sha1_pass;
5941 my $xor_part2 = sha1
(pack ("H*", $salt_buf) . $double_sha1);
5945 for (my $i = 0; $i < 20; $i++)
5947 my $first_byte = substr ($xor_part1, $i, 1);
5948 my $second_byte = substr ($xor_part2, $i, 1);
5950 my $xor_result = $first_byte ^ $second_byte;
5952 $hash_buf .= unpack ("H*", $xor_result);
5955 $tmp_hash = sprintf ("\$mysqlna\$%s*%s", $salt_buf, $hash_buf);
5957 elsif ($mode == 11300)
5959 my $ckey_buf = get_random_string
(96);
5961 if (length ($additional_param))
5963 $ckey_buf = $additional_param;
5966 my $public_key_buf = get_random_string
(66);
5968 if (length ($additional_param2))
5970 $public_key_buf = $additional_param2;
5973 my $salt_iter = get_random_num
(150000, 250000);
5977 $salt_iter = int ($iter);
5980 my $hash_buf = sha512
($word_buf . pack ("H*", $salt_buf));
5982 for (my $i = 1; $i < $salt_iter; $i++)
5984 $hash_buf = sha512
($hash_buf);
5987 my $data = get_random_string
(32);
5989 my $aes = Crypt
::CBC
->new({
5990 key
=> substr ($hash_buf, 0, 32),
5991 cipher
=> "Crypt::Rijndael",
5992 iv
=> substr ($hash_buf, 32, 16),
5996 padding
=> "standard",
5999 my $cry_master_buf = (unpack ("H*", $aes->encrypt ($data)));
6001 $tmp_hash = sprintf ('$bitcoin$%d$%s$%d$%s$%d$%d$%s$%d$%s',
6002 length ($cry_master_buf),
6009 length ($public_key_buf),
6012 elsif ($mode == 11400)
6014 my ($directive, $URI_server, $URI_client, $user, $realm, $nonce, $nonce_count, $nonce_client, $qop, $method, $URI, $URI_prefix, $URI_resource, $URI_suffix);
6016 $directive = "MD5"; # only directive currently supported
6018 if (defined ($additional_param))
6020 $user = $additional_param;
6021 $realm = $additional_param2;
6023 $nonce_count = $additional_param3;
6024 $nonce_client = $additional_param4;
6025 $qop = $additional_param5;
6026 $method = $additional_param6;
6028 $URI_prefix = $additional_param7;
6029 $URI_resource = $additional_param8;
6030 $URI_suffix = $additional_param9;
6032 # not needed information
6034 $URI_server = $additional_param10;
6035 $URI_client = $additional_param11;
6039 $user = get_random_string
(get_random_num
(0, 12 + 1));
6041 # special limit: (user_len + 1 + realm_len + 1 + word_buf_len) < 56
6042 my $realm_max_len = 55 - length ($user) - 1 - length ($word_buf) - 1;
6044 if ($realm_max_len < 1) # should never happen
6049 $realm_max_len = min
(20, $realm_max_len);
6051 $realm = get_random_string
(get_random_num
(0, $realm_max_len + 1));
6055 if (get_random_num
(0, 1 + 1) == 1)
6059 $nonce_count = get_random_string
(get_random_num
(0, 10 + 1));
6060 $nonce_client = get_random_string
(get_random_num
(0, 12 + 1));
6070 $method = get_random_string
(get_random_num
(0, 24 + 1));
6072 $URI_prefix = get_random_string
(get_random_num
(0, 10 + 1));
6073 $URI_resource = get_random_string
(get_random_num
(1, 32 + 1));
6074 $URI_suffix = get_random_string
(get_random_num
(0, 32 + 1));
6076 # not needed information
6078 $URI_server = get_random_string
(get_random_num
(0, 32 + 1));
6079 $URI_client = $URI_resource; # simplification
6086 if (length ($URI_prefix) > 0)
6088 $URI = $URI_prefix . ":";
6091 $URI .= $URI_resource;
6093 if (length ($URI_suffix) > 0)
6095 $URI .= ":" . $URI_suffix;
6098 my $HA2 = md5_hex
($method . ":" . $URI);
6100 my $HA1 = md5_hex
($user . ":" . $realm . ":" . $word_buf);
6104 if (($qop eq "auth") || ($qop eq "auth-int"))
6106 $tmp_buf = $nonce . ":" . $nonce_count . ":" . $nonce_client . ":" . $qop;
6113 my $hash_buf = md5_hex
($HA1 . ":" . $tmp_buf . ":" . $HA2);
6115 $tmp_hash = sprintf ("\$sip\$*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s", $URI_server, $URI_resource, $user, $realm, $method, $URI_prefix, $URI_resource, $URI_suffix, $nonce, $nonce_client, $nonce_count, $qop, $directive, $hash_buf);
6117 elsif ($mode == 11500)
6119 $hash_buf = crc32
($word_buf);
6121 $tmp_hash = sprintf ("%08x:00000000", $hash_buf);
6123 elsif ($mode == 11600)
6125 my ($p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, $data_len, $unpack_size, $data_buf);
6129 my $validation_only = 0;
6131 $validation_only = 1 if (defined ($additional_param));
6133 if ($validation_only == 1)
6135 $num_cycle_power = int ($iter);
6136 $seven_zip_salt_len = $additional_param;
6137 $seven_zip_salt_buf = $additional_param2;
6138 $salt_len = $additional_param3;
6139 # $salt_buf set in parser
6140 # $hash_buf (resulting crc)
6141 $data_len = $additional_param4;
6142 $unpack_size = $additional_param5;
6143 $data_buf = $additional_param6;
6147 $num_cycle_power = 14; # by default it is 19
6148 $seven_zip_salt_len = 0;
6149 $seven_zip_salt_buf = "";
6150 $salt_len = length ($salt_buf);
6151 # $salt_buf set automatically
6152 # $hash_buf (resulting crc)
6153 # $data_len will be set when encrypting
6154 $unpack_size = get_random_num
(1, 32 + 1);
6155 $data_buf = get_random_string
($unpack_size);
6159 # 2 ^ NumCyclesPower "iterations" of SHA256 (only one final SHA256)
6162 $word_buf = encode
("UTF-16LE", $word_buf);
6164 my $rounds = 1 << $num_cycle_power;
6168 for (my $i = 0; $i < $rounds; $i++)
6172 $num_buf .= pack ("V", $i);
6173 $num_buf .= "\x00" x
4;
6175 # this would be better but only works on 64-bit systems:
6176 # $num_buf = pack ("q", $i);
6178 $pass_buf .= sprintf ("%s%s", $word_buf, $num_buf);
6181 my $key = sha256
($pass_buf);
6183 # the salt_buf is our IV for AES CBC
6186 my $salt_buf_len = length ($salt_buf);
6187 my $salt_padding_len = 0;
6189 if ($salt_buf_len < 16)
6191 $salt_padding_len = 16 - $salt_buf_len;
6194 $salt_buf .= "\x00" x
$salt_padding_len;
6196 my $aes = Crypt
::CBC
->new({
6197 cipher
=> "Crypt::Rijndael",
6205 if ($validation_only == 1)
6209 my $decrypted_data = $aes->decrypt ($data_buf);
6211 $decrypted_data = substr ($decrypted_data, 0, $unpack_size);
6213 $hash_buf = crc32
($decrypted_data);
6219 $hash_buf = crc32
($data_buf);
6221 $data_buf = $aes->encrypt ($data_buf);
6223 $data_len = length ($data_buf);
6226 $tmp_hash = sprintf ("\$7z\$%i\$%i\$%i\$%s\$%i\$%08s\$%u\$%u\$%u\$%s", $p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, unpack ("H*", $salt_buf), $hash_buf, $data_len, $unpack_size, unpack ("H*", $data_buf));
6228 elsif ($mode == 11900)
6230 my $iterations = 1000;
6234 $iterations = int ($iter);
6239 if (defined $additional_param)
6241 $out_len = $additional_param;
6245 # call PHP here - WTF
6248 # sanitize $word_buf and $salt_buf:
6250 my $word_buf_base64 = encode_base64
($word_buf);
6251 $word_buf_base64 =~ s/[\r\n]//g;
6253 my $salt_buf_base64 = encode_base64
($salt_buf);
6254 $salt_buf_base64 =~ s/[\r\n]//g;
6258 $out_len = int ($out_len);
6260 # output is in hex encoding, otherwise it could be screwed (but shouldn't)
6262 my $php_code = <<'END_CODE';
6264 function pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
6266 $algorithm = strtolower ($algorithm);
6268 if(! in_array ($algorithm, hash_algos (), true))
6270 trigger_error ("PBKDF2 ERROR: Invalid hash algorithm.", E_USER_ERROR);
6273 if ($count <= 0 || $key_length <= 0)
6275 trigger_error ("PBKDF2 ERROR: Invalid parameters.", E_USER_ERROR);
6278 if (function_exists ("hash_pbkdf2"))
6282 $key_length = $key_length * 2;
6285 return hash_pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output);
6288 $hash_length = strlen (hash ($algorithm, "", true));
6289 $block_count = ceil ($key_length / $hash_length);
6293 for ($i = 1; $i <= $block_count; $i++)
6295 $last = $salt . pack ("N", $i);
6297 $last = $xorsum = hash_hmac ($algorithm, $last, $password, true);
6299 for ($j = 1; $j < $count; $j++)
6301 $xorsum ^= ($last = hash_hmac ($algorithm, $last, $password, true));
6309 return substr ($output, 0, $key_length);
6313 return bin2hex (substr ($output, 0, $key_length));
6317 print pbkdf2 ("md5", base64_decode ("$word_buf_base64"), base64_decode ("$salt_buf_base64"), $iterations, $out_len, False);
6321 # replace with these command line arguments
6323 $php_code =~ s/\$word_buf_base64/$word_buf_base64/;
6324 $php_code =~ s/\$salt_buf_base64/$salt_buf_base64/;
6325 $php_code =~ s/\$iterations/$iterations/;
6326 $php_code =~ s/\$out_len/$out_len/;
6328 my $php_output = `php -r '$php_code'`;
6330 $hash_buf = pack ("H*", $php_output);
6332 $hash_buf = encode_base64 ($hash_buf);
6333 $hash_buf =~ s/[\r\n]//g;
6335 my $base64_salt_buf = encode_base64 ($salt_buf);
6337 chomp ($base64_salt_buf);
6339 $tmp_hash = sprintf ("md5:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6341 elsif ($mode == 12000)
6343 my $iterations = 1000;
6347 $iterations = int ($iter);
6352 if (defined $additional_param)
6354 $out_len = $additional_param;
6357 my $pbkdf2 = Crypt::PBKDF2->new
6359 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1'),
6360 iterations => $iterations,
6361 output_len => $out_len
6364 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6365 $hash_buf =~ s/[\r\n]//g;
6367 my $base64_salt_buf = encode_base64 ($salt_buf);
6369 chomp ($base64_salt_buf);
6371 $tmp_hash = sprintf ("sha1:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6373 elsif ($mode == 12100)
6375 my $iterations = 1000;
6379 $iterations = int ($iter);
6384 if (defined $additional_param)
6386 $out_len = $additional_param;
6389 my $pbkdf2 = Crypt::PBKDF2->new
6391 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512),
6392 iterations => $iterations,
6393 output_len => $out_len
6396 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6397 $hash_buf =~ s/[\r\n]//g;
6399 my $base64_salt_buf = encode_base64 ($salt_buf);
6401 chomp ($base64_salt_buf);
6403 $tmp_hash = sprintf ("sha512:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6405 elsif ($mode == 12200)
6407 my $iterations = 65536;
6409 my $default_salt = 0;
6411 if (defined $additional_param)
6413 $default_salt = int ($additional_param);
6416 if ($default_salt == 1)
6418 $salt_buf = "0011223344556677";
6421 $hash_buf = sha512 (pack ("H*", $salt_buf) . $word_buf);
6423 for (my $i = 0; $i < $iterations; $i++)
6425 $hash_buf = sha512 ($hash_buf);
6428 $hash_buf = unpack ("H*", $hash_buf);
6429 $hash_buf = substr ($hash_buf, 0, 16);
6431 if ($default_salt == 0)
6433 $tmp_hash = sprintf ("\$ecryptfs\$0\$1\$%s\$%s", $salt_buf, $hash_buf);
6437 $tmp_hash = sprintf ("\$ecryptfs\$0\$%s", $hash_buf);
6440 elsif ($mode == 12300)
6442 my $iterations = 4096;
6444 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
6446 my $pbkdf2 = Crypt::PBKDF2->new (
6448 iterations => $iterations,
6452 my $salt_bin = pack ("H*", $salt_buf);
6454 my $key = $pbkdf2->PBKDF2 ($salt_bin. "AUTH_PBKDF2_SPEEDY_KEY", $word_buf);
6456 $hash_buf = sha512_hex ($key . $salt_bin);
6458 $tmp_hash = sprintf ("%s%s", uc ($hash_buf), uc ($salt_buf));
6460 elsif ($mode == 12400)
6466 $iterations = int ($iter);
6470 $iterations = get_random_num (1, 5001 + 1);
6473 my $key_value = fold_password ($word_buf);
6475 my $data = "\x00\x00\x00\x00\x00\x00\x00\x00";
6476 my $salt_value = base64_to_int24 ($salt_buf);
6478 $hash_buf = crypt_rounds ($key_value, $iterations, $salt_value, $data);
6480 $tmp_hash = sprintf ("_%s%s%s", int24_to_base64 ($iterations), $salt_buf, block_to_base64 ($hash_buf));
6482 elsif ($mode == 12600)
6484 $hash_buf = sha1_hex ($word_buf);
6486 $hash_buf = sha256_hex ($salt_buf . uc $hash_buf);
6488 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
6490 elsif ($mode == 12700)
6492 my $iterations = 10;
6495 "guid" : "00000000-0000-0000-0000-000000000000",
6496 "sharedKey" : "00000000-0000-0000-0000-000000000000",
6497 "options" : {"pbkdf2_iterations":10,"fee_policy":0,"html5_notifications":false,"logout_time":600000,"tx_display":0,"always_keep_local_backup":false}|;
6499 my $salt_buf_bin = pack ("H*", $salt_buf);
6501 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
6503 my $pbkdf2 = Crypt::PBKDF2->new (
6505 iterations => $iterations,
6509 my $key = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6511 my $cipher = Crypt::CBC->new({
6513 cipher => "Crypt::Rijndael",
6514 iv => $salt_buf_bin,
6520 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
6522 $tmp_hash = sprintf ("\$blockchain\$%s\$%s", length ($salt_buf . $encrypted) / 2, $salt_buf . $encrypted);
6524 elsif ($mode == 12800)
6526 my $iterations = 100;
6530 $iterations = int ($iter);
6533 my $nt = md4_hex (encode ("UTF-16LE", $word_buf));
6535 my $pbkdf2 = Crypt::PBKDF2->new
6537 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6538 iterations => $iterations,
6542 my $salt_buf_bin = pack ("H*", $salt_buf);
6544 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, uc (encode ("UTF-16LE", $nt)));
6546 $tmp_hash = sprintf ("v1;PPH1_MD4,%s,%d,%s", $salt_buf, $iterations, unpack ("H*", $hash));
6548 elsif ($mode == 12900)
6550 my $iterations = 4096;
6554 $iterations = int ($iter);
6557 my $salt2 = $salt_buf . $salt_buf;
6559 if (defined $additional_param)
6561 $salt2 = $additional_param;
6564 my $pbkdf2 = Crypt::PBKDF2->new
6566 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6567 iterations => $iterations,
6571 my $salt_buf_bin = pack ("H*", $salt_buf);
6573 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6575 my $salt2_bin = pack ("H*", $salt2);
6577 my $hash_hmac = hmac_hex ($salt2_bin, $hash, \&sha256, 64);
6579 $tmp_hash = sprintf ("%s%s%s", $salt2, $hash_hmac, $salt_buf);
6581 elsif ($mode == 13000)
6583 my $iterations = 15;
6587 $iterations = int ($iter);
6592 if (defined $additional_param)
6594 $iv = $additional_param;
6597 my $pbkdf2 = Crypt::PBKDF2->new
6599 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6600 iterations => (1 << $iterations) + 32,
6604 my $salt_buf_bin = pack ("H*", $salt_buf);
6606 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6608 printf ("%s\n", unpack ("H*", $hash));
6610 my $hash_final = substr ($hash, 0, 8)
6611 ^ substr ($hash, 8, 8)
6612 ^ substr ($hash, 16, 8)
6613 ^ substr ($hash, 24, 8);
6615 $tmp_hash = sprintf ('$rar5$16$%s$%d$%s$8$%s', $salt_buf, $iterations, $iv, unpack ("H*", $hash_final));
6625 my $word_len = shift;
6627 my $salt_len = shift;
6631 $max = 15 if ($mode == 2410);
6633 if ($is_unicode{$mode})
6635 if (! $allow_long_salt{$mode})
6637 $word_len = min ($word_len, int ($max / 2) - $salt_len);
6641 $word_len = min ($word_len, int ($max / 2));
6644 elsif ($less_fifteen{$mode})
6646 $word_len = min ($word_len, 15);
6650 $salt_len = min ($salt_len, 15 - $word_len);
6655 if (! $allow_long_salt{$mode})
6657 $word_len = min ($word_len, $max - $salt_len);
6676 for (my $i = 0; $i < $salt_len; $i++)
6678 my $c = get_random_chr (0x30, 0x39);
6680 push (@salt_arr, $c);
6683 $salt_buf = join ("", @salt_arr);
6685 $salt_buf = get_random_md5chap_salt ($salt_buf);
6687 elsif ($mode == 5300 || $mode == 5400)
6689 $salt_buf = get_random_ike_salt ();
6691 elsif ($mode == 5500)
6693 $salt_buf = get_random_netntlmv1_salt ($salt_len, $salt_len);
6695 elsif ($mode == 5600)
6697 $salt_buf = get_random_netntlmv2_salt ($salt_len, $salt_len);
6699 elsif ($mode == 6600)
6701 $salt_buf = get_random_agilekeychain_salt ();
6703 elsif ($mode == 8200)
6705 $salt_buf = get_random_cloudkeychain_salt ();
6707 elsif ($mode == 8300)
6709 $salt_buf = get_random_dnssec_salt ();
6715 for (my $i = 0; $i < $salt_len; $i++)
6717 my $c = get_random_chr (0x30, 0x39);
6719 push (@salt_arr, $c);
6722 $salt_buf = join ("", @salt_arr);
6726 $salt_buf = get_random_kerberos5_salt ($salt_buf);
6736 for (my $i = 0; $i < $word_len; $i++)
6738 my $c = get_random_chr (0x30, 0x39);
6740 push (@word_arr, $c);
6743 my $word_buf = join ("", @word_arr);
6749 my $tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
6762 print sprintf ("echo -n %-20s | %s \${OPTS} %s %4d '%s'\n", $word_buf, @cmd);
6774 sub get_random_string
6780 for (my $i = 0; $i < $len; $i++)
6782 my $c = get_random_chr (0x30, 0x39);
6787 my $buf = join ("", @arr);
6797 return int ((rand ($max - $min)) + $min);
6802 return chr get_random_num (@_);
6811 for (my $i = 0; $i < length ($str); $i += 4)
6813 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
6815 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
6822 $salt = substr ($decoded, 0, 5);
6824 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
6828 $byte10 = 256 + $byte10;
6831 substr ($salt, 3, 1) = chr ($byte10);
6833 $digest = substr ($decoded, 5, 9);
6834 $char = substr ($str, 18, 1);
6836 return ($digest, $salt, $char);
6839 sub domino_85x_decode
6845 for (my $i = 0; $i < length ($str); $i += 4)
6847 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
6849 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
6854 my $iterations = -1;
6857 $salt = substr ($decoded, 0, 16); # longer than -m 8700 (5 vs 16 <- new)
6859 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
6863 $byte10 = 256 + $byte10;
6866 substr ($salt, 3, 1) = chr ($byte10);
6868 $iterations = substr ($decoded, 16, 10);
6870 if ($iterations =~ /^?d*$/)
6874 $iterations = $iterations + 0; # hack: make sure it is an int now (atoi ())
6875 $chars = substr ($decoded, 26, 2); # in my example it is "02"
6876 $digest = substr ($decoded, 28, 8); # only of length of 8 vs 20 SHA1 bytes
6879 return ($digest, $salt, $iterations, $chars);
6882 sub domino_base64_decode
6887 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
6895 my $idx = (index ($itoa64, substr ($v, $n - $i, 1))) & 0x3f;
6897 $ret += ($idx << (6 * ($i - 1)));
6910 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
6914 $byte10 = $byte10 - 256;
6917 substr ($final, 3, 1) = chr ($byte10);
6921 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
6922 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
6923 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
6924 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
6925 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
6927 if (defined ($char))
6929 substr ($passwd, 18, 1) = $char;
6931 substr ($passwd, 19, 1) = "";
6936 sub domino_85x_encode
6941 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
6945 $byte10 = $byte10 - 256;
6948 substr ($final, 3, 1) = chr ($byte10);
6952 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
6953 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
6954 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
6955 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
6956 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
6957 $passwd .= domino_base64_encode ((int (ord (substr ($final, 15, 1))) << 16) | (int (ord (substr ($final, 16, 1))) << 8) | (int (ord (substr ($final, 17, 1)))), 4);
6958 $passwd .= domino_base64_encode ((int (ord (substr ($final, 18, 1))) << 16) | (int (ord (substr ($final, 19, 1))) << 8) | (int (ord (substr ($final, 20, 1)))), 4);
6959 $passwd .= domino_base64_encode ((int (ord (substr ($final, 21, 1))) << 16) | (int (ord (substr ($final, 22, 1))) << 8) | (int (ord (substr ($final, 23, 1)))), 4);
6960 $passwd .= domino_base64_encode ((int (ord (substr ($final, 24, 1))) << 16) | (int (ord (substr ($final, 25, 1))) << 8) | (int (ord (substr ($final, 26, 1)))), 4);
6961 $passwd .= domino_base64_encode ((int (ord (substr ($final, 27, 1))) << 16) | (int (ord (substr ($final, 28, 1))) << 8) | (int (ord (substr ($final, 29, 1)))), 4);
6962 $passwd .= domino_base64_encode ((int (ord (substr ($final, 30, 1))) << 16) | (int (ord (substr ($final, 31, 1))) << 8) | (int (ord (substr ($final, 32, 1)))), 4);
6963 $passwd .= domino_base64_encode ((int (ord (substr ($final, 33, 1))) << 16) | (int (ord (substr ($final, 34, 1))) << 8) | (int (ord (substr ($final, 35, 1)))), 4);
6965 if (defined ($char))
6967 substr ($passwd, 18, 1) = $char;
6973 sub domino_base64_encode
6978 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
6982 while (($n - 1) >= 0)
6986 $ret = substr ($itoa64, $v & 0x3f, 1) . $ret;
6996 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7001 my $v = unpack "V", substr($md5, $i*4, 4);
7003 $s64 .= substr($itoa64, $v & 0x3f, 1);
7012 my ($username, $password) = @_;
7014 $username = substr ($username . " " x 8, 0, 8);
7015 $password = substr ($password . " " x 8, 0, 8);
7017 my $username_ebc = ascii2ebcdic ($username);
7018 my $password_ebc = ascii2ebcdic ($password);
7020 my @pw = split ("", $password_ebc);
7022 for (my $i = 0; $i < 8; $i++)
7024 $pw[$i] = unpack ("C", $pw[$i]);
7027 $pw[$i] = pack ("C", $pw[$i] & 0xff);
7030 my $key = join ("", @pw);
7032 my $cipher = new Crypt::DES $key;
7034 my $ciphertext = $cipher->encrypt ($username_ebc);
7036 my $ct = unpack ("H16", $ciphertext);
7043 my ($username, $password) = @_;
7045 my $userpass = pack('n*', unpack('C*', uc($username.$password)));
7046 $userpass .= pack('C', 0) while (length($userpass) % 8);
7048 my $key = pack('H*', "0123456789ABCDEF");
7049 my $iv = pack('H*', "0000000000000000");
7051 my $c = new Crypt::CBC(
7058 my $key2 = substr($c->encrypt($userpass), length($userpass)-8, 8);
7060 my $c2 = new Crypt::CBC(
7067 my $hash = substr($c2->encrypt($userpass), length($userpass)-8, 8);
7069 return uc(unpack('H*', $hash));
7074 my $word_buf = shift;
7076 my $salt_buf = shift;
7078 my $w = sprintf ("%d%s%s", 0, $word_buf, $salt_buf);
7080 my $digest = sha1 ($w);
7082 for (my $i = 1; $i < 1024; $i++)
7084 $w = $digest . sprintf ("%d%s%s", $i, $word_buf, $salt_buf);
7086 $digest = sha1 ($w);
7089 my ($A, $B, $C, $D, $E) = unpack ("N5", $digest);
7091 return sprintf ("%08x%08x%08x%08x%08x", $A, $B, $C, $D, $E);
7099 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7103 while (($n - 1) >= 0)
7107 $ret .= substr ($itoa64, $v & 0x3f, 1);
7123 my $hash = ""; # hash to be returned by this function
7125 my $final = md5 ($pass . $salt . $pass);
7127 $salt = substr ($salt, 0, 8);
7129 my $tmp = $pass . $magic . $salt;
7131 my $pass_len = length ($pass);
7135 for ($i = $pass_len; $i > 0; $i -= 16)
7144 $tmp .= substr ($final, 0, $len);
7157 $tmp .= substr ($pass, 0, 1);
7163 $final = md5 ($tmp);
7165 for ($i = 0; $i < $iter; $i++)
7197 $final = md5 ($tmp);
7201 # now format the output sting ("hash")
7205 $hash = to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 6, 1)) << 8) | (ord (substr ($final, 12, 1))), 4);
7206 $hash .= to64 ((ord (substr ($final, 1, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7207 $hash .= to64 ((ord (substr ($final, 2, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
7208 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 9, 1)) << 8) | (ord (substr ($final, 15, 1))), 4);
7209 $hash .= to64 ((ord (substr ($final, 4, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
7210 $hash .= to64 (ord (substr ($final, 11, 1)), 2);
7212 if ($iter == 1000) # default
7214 $hash_buf = sprintf ("%s%s\$%s", $magic , $salt , $hash);
7218 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7230 my $hash = ""; # hash to be returned by this function
7232 my $final = sha512 ($pass . $salt . $pass);
7234 $salt = substr ($salt, 0, 16);
7236 my $tmp = $pass . $salt;
7238 my $pass_len = length ($pass);
7239 my $salt_len = length ($salt);
7243 for ($i = $pass_len; $i > 0; $i -= 16)
7252 $tmp .= substr ($final, 0, $len);
7271 $final = sha512 ($tmp);
7277 for ($i = 0; $i < $pass_len; $i++)
7282 $p_bytes = sha512 ($p_bytes);
7283 $p_bytes = substr ($p_bytes, 0, $pass_len);
7287 my $final_first_byte = ord (substr ($final, 0, 1));
7291 for ($i = 0; $i < (16 + $final_first_byte); $i++)
7296 $s_bytes = sha512 ($s_bytes);
7297 $s_bytes = substr ($s_bytes, 0, $salt_len);
7299 for ($i = 0; $i < $iter; $i++)
7331 $final = sha512 ($tmp);
7335 # now format the output string ("hash")
7339 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 21, 1)) << 8) | (ord (substr ($final, 42, 1))), 4);
7340 $hash .= to64 ((ord (substr ($final, 22, 1)) << 16) | (ord (substr ($final, 43, 1)) << 8) | (ord (substr ($final, 1, 1))), 4);
7341 $hash .= to64 ((ord (substr ($final, 44, 1)) << 16) | (ord (substr ($final, 2, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
7342 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 24, 1)) << 8) | (ord (substr ($final, 45, 1))), 4);
7343 $hash .= to64 ((ord (substr ($final, 25, 1)) << 16) | (ord (substr ($final, 46, 1)) << 8) | (ord (substr ($final, 4, 1))), 4);
7344 $hash .= to64 ((ord (substr ($final, 47, 1)) << 16) | (ord (substr ($final, 5, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
7345 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 27, 1)) << 8) | (ord (substr ($final, 48, 1))), 4);
7346 $hash .= to64 ((ord (substr ($final, 28, 1)) << 16) | (ord (substr ($final, 49, 1)) << 8) | (ord (substr ($final, 7, 1))), 4);
7347 $hash .= to64 ((ord (substr ($final, 50, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
7348 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 30, 1)) << 8) | (ord (substr ($final, 51, 1))), 4);
7349 $hash .= to64 ((ord (substr ($final, 31, 1)) << 16) | (ord (substr ($final, 52, 1)) << 8) | (ord (substr ($final, 10, 1))), 4);
7350 $hash .= to64 ((ord (substr ($final, 53, 1)) << 16) | (ord (substr ($final, 11, 1)) << 8) | (ord (substr ($final, 32, 1))), 4);
7351 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 33, 1)) << 8) | (ord (substr ($final, 54, 1))), 4);
7352 $hash .= to64 ((ord (substr ($final, 34, 1)) << 16) | (ord (substr ($final, 55, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7353 $hash .= to64 ((ord (substr ($final, 56, 1)) << 16) | (ord (substr ($final, 14, 1)) << 8) | (ord (substr ($final, 35, 1))), 4);
7354 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 36, 1)) << 8) | (ord (substr ($final, 57, 1))), 4);
7355 $hash .= to64 ((ord (substr ($final, 37, 1)) << 16) | (ord (substr ($final, 58, 1)) << 8) | (ord (substr ($final, 16, 1))), 4);
7356 $hash .= to64 ((ord (substr ($final, 59, 1)) << 16) | (ord (substr ($final, 17, 1)) << 8) | (ord (substr ($final, 38, 1))), 4);
7357 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 39, 1)) << 8) | (ord (substr ($final, 60, 1))), 4);
7358 $hash .= to64 ((ord (substr ($final, 40, 1)) << 16) | (ord (substr ($final, 61, 1)) << 8) | (ord (substr ($final, 19, 1))), 4);
7359 $hash .= to64 ((ord (substr ($final, 62, 1)) << 16) | (ord (substr ($final, 20, 1)) << 8) | (ord (substr ($final, 41, 1))), 4);
7360 $hash .= to64 (ord (substr ($final, 63, 1)), 2);
7364 if ($iter == 5000) # default
7366 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
7370 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7382 my $hash = ""; # hash to be returned by this function
7384 my $final = sha256 ($pass . $salt . $pass);
7386 $salt = substr ($salt, 0, 16);
7388 my $tmp = $pass . $salt;
7390 my $pass_len = length ($pass);
7391 my $salt_len = length ($salt);
7395 for ($i = $pass_len; $i > 0; $i -= 16)
7404 $tmp .= substr ($final, 0, $len);
7423 $final = sha256 ($tmp);
7429 for ($i = 0; $i < $pass_len; $i++)
7434 $p_bytes = sha256 ($p_bytes);
7435 $p_bytes = substr ($p_bytes, 0, $pass_len);
7439 my $final_first_byte = ord (substr ($final, 0, 1));
7443 for ($i = 0; $i < (16 + $final_first_byte); $i++)
7448 $s_bytes = sha256 ($s_bytes);
7449 $s_bytes = substr ($s_bytes, 0, $salt_len);
7451 for ($i = 0; $i < $iter; $i++)
7483 $final = sha256 ($tmp);
7487 # now format the output string ("hash")
7491 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 20, 1))), 4);
7492 $hash .= to64 ((ord (substr ($final, 21, 1)) << 16) | (ord (substr ($final, 1, 1)) << 8) | (ord (substr ($final, 11, 1))), 4);
7493 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 22, 1)) << 8) | (ord (substr ($final, 2, 1))), 4);
7494 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 13, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
7495 $hash .= to64 ((ord (substr ($final, 24, 1)) << 16) | (ord (substr ($final, 4, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
7496 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 25, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
7497 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 16, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
7498 $hash .= to64 ((ord (substr ($final, 27, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 17, 1))), 4);
7499 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 28, 1)) << 8) | (ord (substr ($final, 8, 1))), 4);
7500 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 19, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
7501 $hash .= to64 ((ord (substr ($final, 31, 1)) << 8) | (ord (substr ($final, 30, 1))), 3);
7505 if ($iter == 5000) # default
7507 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
7511 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7517 sub aix_ssha256_pbkdf2
7519 my $word_buf = shift;
7520 my $salt_buf = shift;
7521 my $iterations = shift;
7523 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256);
7525 my $pbkdf2 = Crypt::PBKDF2->new (
7527 iterations => $iterations,
7531 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7535 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7536 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7537 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7538 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7539 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7540 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7541 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
7542 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
7543 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
7544 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
7545 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) , 3);
7550 sub aix_ssha512_pbkdf2
7552 my $word_buf = shift;
7553 my $salt_buf = shift;
7554 my $iterations = shift;
7556 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
7558 my $pbkdf2 = Crypt::PBKDF2->new (
7560 iterations => $iterations,
7563 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7567 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7568 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7569 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7570 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7571 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7572 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7573 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
7574 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
7575 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
7576 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
7577 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) | (int (ord (substr ($hash_buf, 32, 1)))), 4);
7578 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 33, 1))) << 16) | (int (ord (substr ($hash_buf, 34, 1))) << 8) | (int (ord (substr ($hash_buf, 35, 1)))), 4);
7579 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 36, 1))) << 16) | (int (ord (substr ($hash_buf, 37, 1))) << 8) | (int (ord (substr ($hash_buf, 38, 1)))), 4);
7580 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 39, 1))) << 16) | (int (ord (substr ($hash_buf, 40, 1))) << 8) | (int (ord (substr ($hash_buf, 41, 1)))), 4);
7581 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 42, 1))) << 16) | (int (ord (substr ($hash_buf, 43, 1))) << 8) | (int (ord (substr ($hash_buf, 44, 1)))), 4);
7582 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 45, 1))) << 16) | (int (ord (substr ($hash_buf, 46, 1))) << 8) | (int (ord (substr ($hash_buf, 47, 1)))), 4);
7583 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 48, 1))) << 16) | (int (ord (substr ($hash_buf, 49, 1))) << 8) | (int (ord (substr ($hash_buf, 50, 1)))), 4);
7584 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 51, 1))) << 16) | (int (ord (substr ($hash_buf, 52, 1))) << 8) | (int (ord (substr ($hash_buf, 53, 1)))), 4);
7585 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 54, 1))) << 16) | (int (ord (substr ($hash_buf, 55, 1))) << 8) | (int (ord (substr ($hash_buf, 56, 1)))), 4);
7586 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 57, 1))) << 16) | (int (ord (substr ($hash_buf, 58, 1))) << 8) | (int (ord (substr ($hash_buf, 59, 1)))), 4);
7587 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 60, 1))) << 16) | (int (ord (substr ($hash_buf, 61, 1))) << 8) | (int (ord (substr ($hash_buf, 62, 1)))), 4);
7588 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 63, 1))) << 16) , 2);
7593 sub aix_ssha1_pbkdf2
7595 my $word_buf = shift;
7596 my $salt_buf = shift;
7597 my $iterations = shift;
7599 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
7601 my $pbkdf2 = Crypt::PBKDF2->new (
7603 iterations => $iterations,
7606 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
7610 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
7611 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
7612 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
7613 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
7614 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
7615 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
7616 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) , 3);
7625 my @data = split "", $data_s;
7628 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7629 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7630 "\x3f\x40\x41\x50\x43\x44\x45\x4b\x47\x48\x4d\x4e\x54\x51\x53\x46" .
7631 "\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x56\x55\x5c\x49\x5d\x4a" .
7632 "\x42\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
7633 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x58\x5b\x59\xff\x52" .
7634 "\x4c\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
7635 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x57\x5e\x5a\x4f\xff" .
7636 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7637 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7638 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7639 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7640 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7641 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7642 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
7643 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
7645 my @transTable = unpack ("C256", $transTable_s);
7649 for (my $i = 0; $i < scalar @data; $i++)
7651 $out[$i] = $transTable[int (ord ($data[$i]))];
7654 return pack ("C*", @out);
7659 my $digest_s = shift;
7664 my @w = unpack "C*", $w_s;
7665 my @s = unpack "C*", $s_s;
7668 "\x14\x77\xf3\xd4\xbb\x71\x23\xd0\x03\xff\x47\x93\x55\xaa\x66\x91" .
7669 "\xf2\x88\x6b\x99\xbf\xcb\x32\x1a\x19\xd9\xa7\x82\x22\x49\xa2\x51" .
7670 "\xe2\xb7\x33\x71\x8b\x9f\x5d\x01\x44\x70\xae\x11\xef\x28\xf0\x0d";
7672 my @bcodeTable = unpack ("C48", $bcodeTable_s);
7674 my @abcd = unpack ("C16", $digest_s);
7676 my $sum20 = ($abcd[0] & 3)
7686 for (my $i2 = 0; $i2 < $sum20; $i2++)
7691 for (my $i1 = 0, my $i2 = 0, my $i3 = 0; $i2 < $sum20; $i2++, $i2++)
7693 if ($i1 < length $w_s)
7695 if ($abcd[15 - $i1] & 1)
7697 $out[$i2] = $bcodeTable[48 - 1 - $i1];
7702 $out[$i2] = $w[$i1];
7708 if ($i3 < length $s_s)
7710 $out[$i2] = $s[$i3];
7716 $out[$i2] = $bcodeTable[$i2 - $i1 - $i3];
7719 return substr (pack ("C*", @out), 0, $sum20);
7724 my @key_56 = split (//, shift);
7730 $key .= chr(((ord($key_56[0]) << 7) | (ord($key_56[1]) >> 1)) & 255);
7731 $key .= chr(((ord($key_56[1]) << 6) | (ord($key_56[2]) >> 2)) & 255);
7732 $key .= chr(((ord($key_56[2]) << 5) | (ord($key_56[3]) >> 3)) & 255);
7733 $key .= chr(((ord($key_56[3]) << 4) | (ord($key_56[4]) >> 4)) & 255);
7734 $key .= chr(((ord($key_56[4]) << 3) | (ord($key_56[5]) >> 5)) & 255);
7735 $key .= chr(((ord($key_56[5]) << 2) | (ord($key_56[6]) >> 6)) & 255);
7736 $key .= chr(( ord($key_56[6]) << 1) & 255);
7747 for (my $i = 0; $i < $len; $i++)
7749 my $c = get_random_chr (0, 255);
7754 return join ("", @arr);
7757 sub get_random_netntlmv1_salt
7759 my $len_user = shift;
7760 my $len_domain = shift;
7766 for (my $i = 0; $i < $len_user; $i++)
7768 $type = get_random_num (1, 3);
7772 $char = get_random_chr (0x30, 0x39);
7776 $char = get_random_chr (0x41, 0x5A);
7780 $char = get_random_chr (0x61, 0x7A);
7788 for (my $i = 0; $i < $len_domain; $i++)
7790 $type = get_random_num (1, 3);
7794 $char = get_random_chr (0x30, 0x39);
7798 $char = get_random_chr (0x41, 0x5A);
7802 $char = get_random_chr (0x61, 0x7A);
7808 my $c_challenge = randbytes (8);
7809 my $s_challenge = randbytes (8);
7811 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $c_challenge) . unpack ("H*", $s_challenge);
7816 sub get_random_netntlmv2_salt
7818 my $len_user = shift;
7819 my $len_domain = shift;
7825 if ($len_user + $len_domain > 27)
7827 if ($len_user > $len_domain)
7829 $len_user = 27 - $len_domain;
7833 $len_domain = 27 - $len_user;
7837 for (my $i = 0; $i < $len_user; $i++)
7839 $type = get_random_num (1, 3);
7843 $char = get_random_chr (0x30, 0x39);
7847 $char = get_random_chr (0x41, 0x5A);
7851 $char = get_random_chr (0x61, 0x7A);
7859 for (my $i = 0; $i < $len_domain; $i++)
7861 $type = get_random_num (1, 3);
7865 $char = get_random_chr (0x30, 0x39);
7869 $char = get_random_chr (0x41, 0x5A);
7873 $char = get_random_chr (0x61, 0x7A);
7879 my $c_challenge = randbytes (8);
7880 my $s_challenge = randbytes (8);
7882 my $temp = "\x01\x01" .
7887 randbytes (20 * rand () + 1) .
7890 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $s_challenge) . unpack ("H*", $temp);
7895 sub get_random_ike_salt
7899 for (my $i = 0; $i < 40; $i++)
7901 $nr_buf .= get_random_chr (0, 0xff);
7906 for (my $i = 0; $i < 440; $i++)
7908 $msg_buf .= get_random_chr (0, 0xff);
7911 my $nr_buf_hex = unpack ("H*", $nr_buf);
7912 my $msg_buf_hex = unpack ("H*", $msg_buf);
7914 my $salt_buf = sprintf ("%s:%s:%s:%s:%s:%s:%s:%s", substr ($msg_buf_hex, 0, 256), substr ($msg_buf_hex, 256, 256), substr ($msg_buf_hex, 512, 16), substr ($msg_buf_hex, 528, 16), substr ($msg_buf_hex, 544, 320), substr ($msg_buf_hex, 864, 16), substr ($nr_buf_hex, 0, 40), substr ($nr_buf_hex, 40, 40));
7919 sub get_random_agilekeychain_salt
7923 for (my $i = 0; $i < 8; $i++)
7925 $salt_buf .= get_random_chr (0x0, 0xff);
7930 for (my $i = 0; $i < 16; $i++)
7932 $iv .= get_random_chr (0x0, 0xff);
7935 my $prefix = "\x00" x 1008;
7937 my $ret = unpack ("H*", $salt_buf . $prefix . $iv);
7942 sub get_random_cloudkeychain_salt
7946 for (my $i = 0; $i < 16; $i++)
7948 $salt_buf .= get_random_chr (0x0, 0xff);
7951 for (my $i = 0; $i < 304; $i++)
7953 $salt_buf .= get_random_chr (0x0, 0xff);
7956 my $ret = unpack ("H*", $salt_buf);
7961 sub get_random_kerberos5_salt
7963 my $custom_salt = shift;
7965 my $clear_data = randbytes (14) .
7966 strftime ("%Y%m%d%H%M%S", localtime) .
7970 my $realm = "realm";
7973 my $salt_buf = $user . "\$" . $realm . "\$" . $salt . "\$" . unpack ("H*", $custom_salt) . "\$" . unpack ("H*", $clear_data) . "\$";
7978 sub get_random_md5chap_salt
7980 my $salt_buf = shift;
7982 my $salt = unpack ("H*", $salt_buf);
7986 $salt .= unpack ("H*", randbytes (1));
7991 sub get_random_dnssec_salt
7997 for (my $i = 0; $i < 8; $i++)
7999 $salt_buf .= get_random_chr (0x61, 0x7a);
8002 $salt_buf .= ".net";
8006 for (my $i = 0; $i < 8; $i++)
8008 $salt_buf .= get_random_chr (0x30, 0x39);
8021 my $byte_off = int ($bit / 8);
8022 my $bit_off = int ($bit % 8);
8024 my $char = substr ($digest, $byte_off, 1);
8025 my $num = ord ($char);
8027 return (($num & (1 << $bit_off)) ? 1 : 0);
8036 my $constant_phrase =
8037 "To be, or not to be,--that is the question:--\n" .
8038 "Whether 'tis nobler in the mind to suffer\n" .
8039 "The slings and arrows of outrageous fortune\n" .
8040 "Or to take arms against a sea of troubles,\n" .
8041 "And by opposing end them?--To die,--to sleep,--\n" .
8042 "No more; and by a sleep to say we end\n" .
8043 "The heartache, and the thousand natural shocks\n" .
8044 "That flesh is heir to,--'tis a consummation\n" .
8045 "Devoutly to be wish'd. To die,--to sleep;--\n" .
8046 "To sleep! perchance to dream:--ay, there's the rub;\n" .
8047 "For in that sleep of death what dreams may come,\n" .
8048 "When we have shuffled off this mortal coil,\n" .
8049 "Must give us pause: there's the respect\n" .
8050 "That makes calamity of so long life;\n" .
8051 "For who would bear the whips and scorns of time,\n" .
8052 "The oppressor's wrong, the proud man's contumely,\n" .
8053 "The pangs of despis'd love, the law's delay,\n" .
8054 "The insolence of office, and the spurns\n" .
8055 "That patient merit of the unworthy takes,\n" .
8056 "When he himself might his quietus make\n" .
8057 "With a bare bodkin? who would these fardels bear,\n" .
8058 "To grunt and sweat under a weary life,\n" .
8059 "But that the dread of something after death,--\n" .
8060 "The undiscover'd country, from whose bourn\n" .
8061 "No traveller returns,--puzzles the will,\n" .
8062 "And makes us rather bear those ills we have\n" .
8063 "Than fly to others that we know not of?\n" .
8064 "Thus conscience does make cowards of us all;\n" .
8065 "And thus the native hue of resolution\n" .
8066 "Is sicklied o'er with the pale cast of thought;\n" .
8067 "And enterprises of great pith and moment,\n" .
8068 "With this regard, their currents turn awry,\n" .
8069 "And lose the name of action.--Soft you now!\n" .
8070 "The fair Ophelia!--Nymph, in thy orisons\n" .
8071 "Be all my sins remember'd.\n\x00";
8073 my $constant_len = length ($constant_phrase);
8075 my $hash_buf = md5 ($pw . $salt);
8081 for (my $round = 0; $round < $iter; $round++)
8083 my $shift_a = md5bit ($hash_buf, $round + 0);
8084 my $shift_b = md5bit ($hash_buf, $round + 64);
8089 for (my $k = 0; $k < 16; $k++)
8091 my $s7shift = ord (substr ($hash_buf, $k, 1)) % 8;
8093 my $l = ($k + 3) % 16;
8095 my $num = ord (substr ($hash_buf, $l, 1));
8097 $shift_4[$k] = $num % 5;
8099 $shift_7[$k] = ($num >> $s7shift) & 1;
8104 for (my $k = 0; $k < 16; $k++)
8106 $indirect_4[$k] = (ord (substr ($hash_buf, $k, 1)) >> $shift_4[$k]) & 0xf;
8111 for (my $k = 0; $k < 16; $k++)
8113 $indirect_7[$k] = (ord (substr ($hash_buf, $indirect_4[$k], 1)) >> $shift_7[$k]) & 0x7f;
8119 for (my $k = 0; $k < 8; $k++)
8121 $indirect_a |= md5bit ($hash_buf, $indirect_7[$k + 0]) << $k;
8123 $indirect_b |= md5bit ($hash_buf, $indirect_7[$k + 8]) << $k;
8126 $indirect_a = ($indirect_a >> $shift_a) & 0x7f;
8127 $indirect_b = ($indirect_b >> $shift_b) & 0x7f;
8129 my $bit_a = md5bit ($hash_buf, $indirect_a);
8130 my $bit_b = md5bit ($hash_buf, $indirect_b);
8140 if ($bit_a ^ $bit_b)
8142 substr ($W, 16, 48) = substr ($constant_phrase, 0, 48);
8146 $to_hash .= substr ($W, 0, 64);
8150 for ($constant_off = 48; $constant_off < $constant_len - 64; $constant_off += 64)
8152 substr ($W, 0, 64) = substr ($constant_phrase, $constant_off, 64);
8156 $to_hash .= substr ($W, 0, 64);
8159 $pos = $constant_len - $constant_off;
8163 substr ($W, 0, $pos) = substr ($constant_phrase, $constant_off, $pos);
8178 my $round_div = int ($tmp / 10);
8179 my $round_mod = int ($tmp % 10);
8183 $a_buf[int ($a_len / 4)] = (($round_mod + 0x30) | ($a_buf[int ($a_len / 4)] << 8));
8193 for ($g = 0; $g < $a_len; $g++)
8195 my $remainder = $a_buf[$g];
8201 while ($remainder > 0)
8203 $sub = $remainder >> (8 * $factor);
8205 if ($started != 1 || $sub > 0)
8209 $tmp_str = chr ($sub) . $tmp_str;
8211 $remainder -= ($sub << (8 * $factor));
8219 substr ($W, $pos, $a_len) = $tmp_str;
8225 $to_hash .= substr ($W, 0, $pos);
8227 $to_hash = substr ($to_hash, 0, $total);
8229 $hash_buf = md5 ($to_hash);
8234 $passwd .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 6, 1))) << 8) | (int (ord (substr ($hash_buf, 12, 1)))), 4);
8235 $passwd .= to64 ((int (ord (substr ($hash_buf, 1, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 13, 1)))), 4);
8236 $passwd .= to64 ((int (ord (substr ($hash_buf, 2, 1))) << 16) | (int (ord (substr ($hash_buf, 8, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8237 $passwd .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 9, 1))) << 8) | (int (ord (substr ($hash_buf, 15, 1)))), 4);
8238 $passwd .= to64 ((int (ord (substr ($hash_buf, 4, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8239 $passwd .= to64 ((int (ord (substr ($hash_buf, 11, 1)))), 2);
8246 die ("usage: $0 single|passthrough| [mode] [len]\n" .
8248 " $0 verify [mode] [hashfile] [cracks] [outfile]\n");
8253 my $block_ref = shift;
8257 my $value = 16 - $offset;
8259 for (my $i = $offset; $i < 16; $i++)
8261 push @{$block_ref}, $value;
8271 for (my $i = 0; $i < 18; $i++)
8273 for (my $j = 0; $j < 48; $j++)
8275 $p = ($p + 48 - $j) & 0xff;
8277 my $c = $lotus_magic_table[$p];
8279 $p = $in_ref->[$j] ^ $c;
8286 sub lotus_transform_password
8289 my $out_ref = shift;
8291 my $t = $out_ref->[15];
8293 for (my $i = 0; $i < 16; $i++)
8295 $t ^= $in_ref->[$i];
8297 my $c = $lotus_magic_table[$t];
8299 $out_ref->[$i] ^= $c;
8301 $t = $out_ref->[$i];
8305 sub mdtransform_norecalc
8307 my $state_ref = shift;
8308 my $block_ref = shift;
8312 push (@x, @{$state_ref});
8313 push (@x, @{$block_ref});
8315 for (my $i = 0; $i < 16; $i++)
8317 push (@x, $x[0 + $i] ^ $x[16 + $i]);
8322 for (my $i = 0; $i < 16; $i++)
8324 $state_ref->[$i] = $x[$i];
8330 my $state_ref = shift;
8331 my $checksum_ref = shift;
8332 my $block_ref = shift;
8334 mdtransform_norecalc ($state_ref, $block_ref);
8336 lotus_transform_password ($block_ref, $checksum_ref);
8341 my $saved_key_ref = shift;
8345 @{$saved_key_ref} = splice (@{$saved_key_ref}, 0, $size);
8347 my @state = (0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
8353 for ($curpos = 0; $curpos + 16 < $size; $curpos += 16)
8355 my $curpos16 = $curpos + 16;
8357 my @block = splice (@{$saved_key_ref}, 0, 16);
8359 mdtransform (\@state, \@checksum, \@block);
8362 my $left = $size - $curpos;
8364 my @block = splice (@{$saved_key_ref}, 0, 16);
8366 pad16 (\@block, $left);
8368 mdtransform (\@state, \@checksum, \@block);
8370 mdtransform_norecalc (\@state, \@checksum);
8375 sub pdf_compute_encryption_key
8377 my $word_buf = shift;
8378 my $padding = shift;
8393 $data .= substr ($padding, 0, 32 - length $word_buf);
8395 $data .= pack ("H*", $o);
8397 $data .= pack ("I", $P);
8399 $data .= pack ("H*", $id);
8405 $data .= pack ("I", -1);
8409 my $res = md5 ($data);
8413 for (my $i = 0; $i < 50; $i++)
8422 sub gen_random_wpa_eapol
8431 my $version = 1; # 802.1X-2001
8433 $ret .= pack ("C*", $version);
8435 my $type = 3; # means that this EAPOL frame is used to transfer key information
8437 $ret .= pack ("C*", $type);
8439 my $length; # length of remaining data
8450 $ret .= pack ("n*", $length);
8452 my $descriptor_type;
8456 $descriptor_type = 254; # EAPOL WPA key
8460 $descriptor_type = 1; # EAPOL RSN key
8463 $ret .= pack ("C*", $descriptor_type);
8465 # key_info is a bit vector:
8466 # generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3)
8470 $key_info |= 1 << 8; # set key MIC
8471 $key_info |= 1 << 3; # set if it is a pairwise key
8475 $key_info |= 1 << 0; # RC4 Cipher, HMAC-MD5 MIC
8479 $key_info |= 1 << 1; # AES Cipher, HMAC-SHA1 MIC
8482 $ret .= pack ("n*", $key_info);
8495 $ret .= pack ("n*", $key_length);
8497 my $replay_counter = 1;
8499 $ret .= pack ("Q>*", $replay_counter);
8503 my $key_iv = "\x00" x 16;
8507 my $key_rsc = "\x00" x 8;
8511 my $key_id = "\x00" x 8;
8515 my $key_mic = "\x00" x 16;
8523 $key_data_len = 24; # length of the key_data (== WPA info)
8527 $key_data_len = 22; # length of the key_data (== RSN info)
8530 $ret .= pack ("n*", $key_data_len);
8540 my $vendor_specific_data = "";
8542 my $tag_number = 221; # means it is a vendor specific tag
8544 $vendor_specific_data .= pack ("C*", $tag_number);
8546 my $tag_len = 22; # length of the remaining "tag data"
8548 $vendor_specific_data .= pack ("C*", $tag_len);
8550 my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft
8552 $vendor_specific_data .= $vendor_specific_oui;
8554 my $vendor_specific_oui_type = 1; # WPA Information Element
8556 $vendor_specific_data .= pack ("C*", $vendor_specific_oui_type);
8558 my $vendor_specific_wpa_version = 1;
8560 $vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version);
8564 my $vendor_specific_multicast_oui = pack ("H*", "0050f2");
8566 $vendor_specific_data .= $vendor_specific_multicast_oui;
8568 my $vendor_specific_multicast_type = 2; # TKIP
8570 $vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type);
8574 my $vendor_specific_unicast_count = 1;
8576 $vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count);
8578 my $vendor_specific_unicast_oui = pack ("H*", "0050f2");
8580 $vendor_specific_data .= $vendor_specific_multicast_oui;
8582 my $vendor_specific_unicast_type = 2; # TKIP
8584 $vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type);
8586 # Auth Key Management (AKM)
8588 my $auth_key_management_count = 1;
8590 $vendor_specific_data .= pack ("v*", $auth_key_management_count);
8592 my $auth_key_management_oui = pack ("H*", "0050f2");
8594 $vendor_specific_data .= $auth_key_management_oui;
8596 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
8598 $vendor_specific_data .= pack ("C*", $auth_key_management_type);
8600 $wpa_info = $vendor_specific_data;
8602 $key_data = $wpa_info;
8610 my $tag_number = 48; # RSN info
8612 $rsn_info .= pack ("C*", $tag_number);
8614 my $tag_len = 20; # length of the remaining "tag_data"
8616 $rsn_info .= pack ("C*", $tag_len);
8618 my $rsn_version = 1;
8620 $rsn_info .= pack ("v*", $rsn_version);
8622 # group cipher suite
8624 my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
8626 $rsn_info .= $group_cipher_suite_oui;
8628 my $group_cipher_suite_type = 4; # AES (CCM)
8630 $rsn_info .= pack ("C*", $group_cipher_suite_type);
8632 # pairwise cipher suite
8634 my $pairwise_cipher_suite_count = 1;
8636 $rsn_info .= pack ("v*", $pairwise_cipher_suite_count);
8638 my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
8640 $rsn_info .= $pairwise_cipher_suite_oui;
8642 my $pairwise_cipher_suite_type = 4; # AES (CCM)
8644 $rsn_info .= pack ("C*", $pairwise_cipher_suite_type);
8646 # Auth Key Management (AKM)
8648 my $auth_key_management_count = 1;
8650 $rsn_info .= pack ("v*", $auth_key_management_count);
8652 my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021
8654 $rsn_info .= $auth_key_management_oui;
8656 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
8658 $rsn_info .= pack ("C*", $auth_key_management_type);
8662 # bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required,
8663 # RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities
8665 my $rsn_capabilities = pack ("H*", "0000");
8667 $rsn_info .= $rsn_capabilities;
8669 $key_data = $rsn_info;
8685 my $data = "Pairwise key expansion";
8690 # Min(AA, SPA) || Max(AA, SPA)
8693 # compare if greater: Min()/Max() on the MACs (6 bytes)
8695 if (memcmp ($stmac, $bssid, 6) < 0)
8707 # Min(ANonce,SNonce) || Max(ANonce,SNonce)
8710 # compare if greater: Min()/Max() on the nonces (32 bytes)
8712 if (memcmp ($snonce, $anonce, 32) < 0)
8725 my $prf_buf = hmac ($data, $pmk, \&sha1);
8727 $prf_buf = substr ($prf_buf, 0, 16);
8738 my $len_str1 = length ($str1);
8739 my $len_str2 = length ($str2);
8741 if (($len > $len_str1) || ($len > $len_str2))
8743 print "ERROR: memcmp () lengths wrong";
8748 for (my $i = 0; $i < $len; $i++)
8750 my $c_1 = ord (substr ($str1, $i, 1));
8751 my $c_2 = ord (substr ($str2, $i, 1));
8753 return -1 if ($c_1 < $c_2);
8754 return 1 if ($c_1 > $c_2);