+ elsif ($mode == 13200)
+ {
+ my @salt_arr = split ('\*', $salt_buf);
+
+ my $iteration = $salt_arr[0];
+
+ my $mysalt = $salt_arr[1];
+
+ $mysalt = pack ("H*", $mysalt);
+
+ my $iv = "a6a6a6a6a6a6a6a6";
+
+ my $KEK = sha1 ($word_buf);
+
+ $KEK = substr ($KEK ^ $mysalt, 0, 16);
+
+ my $aes = Crypt::Mode::ECB->new ('AES');
+
+ my $B;
+
+ my $A;
+
+ my @R = ();
+
+ if (defined $additional_param)
+ {
+ $additional_param = pack ("H*", $additional_param);
+
+ $A = substr ($additional_param, 0, 8);
+ $B = 0x00 x 8;
+
+ $R[1] = substr ($additional_param, 8, 8);
+ $R[2] = substr ($additional_param, 16, 8);
+
+ for (my $j = $iteration - 1; $j >= 0; $j--)
+ {
+ $A = substr ($A, 0, 8) ^ pack ("l", (2 * $j + 2));
+
+ $B = $R[2];
+
+ $A = $aes->decrypt ($A . $B . "\x00" x 16, $KEK);
+
+ $R[2] = substr ($A, 8, 16);
+
+ $A = substr ($A, 0, 8) ^ pack ("l", (2 * $j + 1));
+
+ $B = $R[1];
+
+ $A = $aes->decrypt ($A . $B . "\x00" x 16, $KEK);
+
+ $R[1] = substr ($A, 8, 16);
+ }
+
+ # check if valid
+ if (index ($A, "\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6") != 0)
+ {
+ # fake wrong @R and $A values
+
+ @R = ('', "\x00" x 8, "\x00" x 8);
+
+ $A = "\x00" x 16;
+ }
+ }
+ else
+ {
+ my $DEK = randbytes (16);
+
+ @R = ('', substr (pack ("H*", $DEK), 0, 8), substr (pack ("H*", $DEK), 8, 16));
+
+ $A = pack ("H*", $iv);
+ }
+
+ for (my $j = 0; $j < $iteration; $j++)
+ {
+ $B = $aes->encrypt ($A . $R[1], $KEK);
+
+ $A = substr ($B, 0, 8) ^ pack ("q", (2 * $j + 1));
+
+ $R[1] = substr ($B, 8, 16);
+
+ $B = $aes->encrypt ($A . $R[2], $KEK);
+
+ $A = substr ($B, 0, 8) ^ pack ("q", (2 * $j + 2));
+
+ $R[2] = substr ($B, 8, 16);
+ }
+
+ my $wrapped_key = unpack ("H*", $A . substr ($R[1], 0 ,8) . substr ($R[2], 0 ,8));
+
+ $mysalt = unpack ("H*", $mysalt);
+
+ $tmp_hash = sprintf ('$axcrypt$*1*%s*%s*%s', $iteration, $mysalt, $wrapped_key);
+ }
+ elsif ($mode == 13300)
+ {
+ $hash_buf = sha1_hex ($word_buf);
+
+ $tmp_hash = sprintf ('$axcrypt_sha1$%s', substr ($hash_buf, 0, 32));
+ }
+ elsif ($mode == 13400)
+ {
+ my @salt_arr = split ('\*', $salt_buf);
+
+ my $version = $salt_arr[0];
+
+ my $iteration = $salt_arr[1];
+
+ my $algorithm = $salt_arr[2];
+
+ my $final_random_seed = $salt_arr[3];
+
+ my $transf_random_seed = $salt_arr[4];
+
+ my $enc_iv = $salt_arr[5];
+
+ my $contents_hash;
+
+ # specific to version 1
+ my $inline_flag;
+ my $contents_len;
+ my $contents;
+
+ # specific to version 2
+ my $expected_bytes;
+
+ # specific to keyfile handling
+ my $inline_keyfile_flag;
+ my $keyfile_len;
+ my $keyfile_content;
+ my $keyfile_attributes = "";
+
+ $final_random_seed = pack ("H*", $final_random_seed);
+
+ $transf_random_seed = pack ("H*", $transf_random_seed);
+
+ $enc_iv = pack ("H*", $enc_iv);
+
+ my $intermediate_hash = sha256 ($word_buf);
+
+ if ($version == 1)
+ {
+ $contents_hash = $salt_arr[6];
+
+ $contents_hash = pack ("H*", $contents_hash);
+
+ $inline_flag = $salt_arr[7];
+
+
+ $contents_len = $salt_arr[8];
+
+
+ $contents = $salt_arr[9];
+
+ $contents = pack ("H*", $contents);
+
+ # keyfile handling
+ if (scalar @salt_arr == 13)
+ {
+ $inline_keyfile_flag = $salt_arr[10];
+
+ $keyfile_len = $salt_arr[11];
+
+ $keyfile_content = $salt_arr[12];
+
+ $keyfile_attributes = $keyfile_attributes
+ . "*" . $inline_keyfile_flag
+ . "*" . $keyfile_len
+ . "*" . $keyfile_content;
+
+ $intermediate_hash = $intermediate_hash . pack ("H*", $keyfile_content);
+
+ $intermediate_hash = sha256 ($intermediate_hash);
+ }
+ }
+ elsif ($version == 2)
+ {
+ # keyfile handling
+ if (scalar @salt_arr == 11)
+ {
+ $inline_keyfile_flag = $salt_arr[8];
+
+ $keyfile_len = $salt_arr[9];
+
+ $keyfile_content = $salt_arr[10];
+
+ $intermediate_hash = $intermediate_hash . pack ("H*", $keyfile_content);
+
+ $keyfile_attributes = $keyfile_attributes
+ . "*" . $inline_keyfile_flag
+ . "*" . $keyfile_len
+ . "*" . $keyfile_content;
+
+ }
+
+ $intermediate_hash = sha256 ($intermediate_hash);
+ }
+
+ my $aes = Crypt::Mode::ECB->new ('AES', 1);
+
+ for (my $j = 0; $j < $iteration; $j++)
+ {
+ $intermediate_hash = $aes->encrypt ($intermediate_hash, $transf_random_seed);
+
+ $intermediate_hash = substr ($intermediate_hash, 0, 32);
+ }
+
+ $intermediate_hash = sha256 ($intermediate_hash);
+
+ my $final_key = sha256 ($final_random_seed . $intermediate_hash);
+
+ my $final_algorithm;
+
+ if ($version == 1 && $algorithm == 1)
+ {
+ $final_algorithm = "Crypt::Twofish";
+ }
+ else
+ {
+ $final_algorithm = "Crypt::Rijndael";
+ }
+
+ my $cipher = Crypt::CBC->new ({
+ key => $final_key,
+ cipher => $final_algorithm,
+ iv => $enc_iv,
+ literal_key => 1,
+ header => "none",
+ keysize => 32
+ });
+
+ if ($version == 1)
+ {
+ if (defined $additional_param)
+ {
+ # if we try to verify the crack, we need to decrypt the contents instead of only encrypting it:
+
+ $contents = $cipher->decrypt ($contents);
+
+ # and check the output
+
+ my $contents_hash_old = $contents_hash;
+
+ $contents_hash = sha256 ($contents);
+
+ if ($contents_hash_old ne $contents_hash)
+ {
+ # fake content
+ $contents = "\x00" x length ($contents);
+ }
+ }
+ else
+ {
+ $contents_hash = sha256 ($contents);
+ }
+
+ $contents = $cipher->encrypt ($contents);
+
+ $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%d*%d*%s%s',
+ $version,
+ $iteration,
+ $algorithm,
+ unpack ("H*", $final_random_seed),
+ unpack ("H*", $transf_random_seed),
+ unpack ("H*", $enc_iv),
+ unpack ("H*", $contents_hash),
+ $inline_flag,
+ $contents_len,
+ unpack ("H*", $contents),
+ $keyfile_attributes);
+ }
+ if ($version == 2)
+ {
+ $expected_bytes = $salt_arr[6];
+
+ $contents_hash = $salt_arr[7];
+ $contents_hash = pack ("H*", $contents_hash);
+
+ $expected_bytes = $cipher->decrypt ($contents_hash);
+
+ $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%s%s',
+ $version,
+ $iteration,
+ $algorithm,
+ unpack ("H*", $final_random_seed),
+ unpack ("H*", $transf_random_seed),
+ unpack ("H*", $enc_iv),
+ unpack ("H*", $expected_bytes),
+ unpack ("H*", $contents_hash),
+ $keyfile_attributes);
+ }
+ }
+ elsif ($mode == 13500)
+ {
+ $hash_buf = sha1_hex (pack ("H*", $salt_buf) . encode ("UTF-16LE", $word_buf));
+
+ $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
+ }
+ elsif ($mode == 13600)
+ {
+ my $iterations = 1000;
+
+ my $type = 0;
+
+ if (defined $additional_param)
+ {
+ $type = $additional_param;
+ }
+
+ my $mode = 1 + int rand (3);
+
+ if (defined $additional_param2)
+ {
+ $mode = $additional_param2;
+ }
+
+ my $magic = 0;
+
+ if (defined $additional_param3)
+ {
+ $magic = $additional_param3;
+ }
+
+ if (defined $additional_param4)
+ {
+ $salt_buf = $additional_param4;
+ }
+
+ $salt_buf = substr ($salt_buf, 0, 8 + ($mode * 8));
+
+ my $compress_length = 0;
+
+ if (defined $additional_param5)
+ {
+ $compress_length = $additional_param5;
+ }
+
+ my $data = "";
+
+ if (defined $additional_param6)
+ {
+ $data = $additional_param6;
+ }
+
+ my $key_len = (8 * ($mode & 3) + 8) * 2;
+
+ my $out_len = $key_len + 2;
+
+ my $salt_buf_bin = pack ("H*", $salt_buf);
+
+ my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
+
+ my $pbkdf2 = Crypt::PBKDF2->new
+ (
+ hasher => $hasher,
+ iterations => $iterations,
+ output_len => $out_len
+ );
+
+ my $key = $pbkdf2->PBKDF2_hex ($salt_buf_bin, $word_buf);
+
+ my $verify_bytes = substr ($key, -4); $verify_bytes =~ s/^0+//; #lol
+
+ $key = substr ($key, $key_len, $key_len);
+
+ my $key_bin = pack ("H*", $key);
+
+ my $auth = hmac_hex ($data, $key_bin, \&sha1, 64);
+
+ $tmp_hash = sprintf ('$zip2$*%u*%u*%u*%s*%s*%u*%s*%s*$/zip2$', $type, $mode, $magic, $salt_buf, $verify_bytes, $compress_length, $data, substr ($auth, 0, 20));
+ }
+ elsif ($mode == 13800)
+ {
+ my $word_buf_unicode = encode ("UTF-16LE", $word_buf);
+
+ my $salt_buf_bin = pack ("H*", $salt_buf);
+
+ $hash_buf = sha256_hex ($word_buf_unicode . $salt_buf_bin);
+
+ $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
+ }