use Digest::CRC qw (crc32);
use Crypt::PBKDF2;
use Crypt::DES;
-use Crypt::ECB qw (encrypt PADDING_AUTO PADDING_NONE);
+use Crypt::ECB qw (encrypt);
use Crypt::CBC;
use Crypt::Eksblowfish::Bcrypt qw (bcrypt en_base64);
use Crypt::Digest::RIPEMD160 qw (ripemd160_hex);
my $MAX_LEN = 55;
-my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 130, 131, 132, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400);
+my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500);
-my %is_unicode = map { $_ => 1 } qw(30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800);
+my %is_unicode = map { $_ => 1 } qw(30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500);
my %less_fifteen = map { $_ => 1 } qw(500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
-my %allow_long_salt = map { $_ => 1 } qw(2500 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600);
+my %allow_long_salt = map { $_ => 1 } qw(2500 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500);
my @lotus_magic_table =
(
$word = substr ($line, $index + 1);
}
# hash:salt
- elsif ($mode == 10 || $mode == 11 || $mode == 12 || $mode == 20 || $mode == 21 || $mode == 22 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 112 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1100 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 2611 || $mode == 2711 || $mode == 2811 || $mode == 3100 || $mode == 3610 || $mode == 3710 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 5800 || $mode == 7600 || $mode == 8400 || $mode == 11000 || $mode == 12600)
+ elsif ($mode == 10 || $mode == 11 || $mode == 12 || $mode == 20 || $mode == 21 || $mode == 22 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 112 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1100 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 2611 || $mode == 2711 || $mode == 2811 || $mode == 3100 || $mode == 3610 || $mode == 3710 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 5800 || $mode == 7600 || $mode == 8400 || $mode == 11000 || $mode == 12600 || $mode == 13500)
{
# get hash
my $index1 = index ($line, ":");
$salt = substr ($decoded, 64);
}
# OSX (first 8 hex chars is salt)
- elsif ($mode == 122 || $mode == 1722)
+ # ArubaOS (the signature gets added in gen_hash)
+ elsif ($mode == 122 || $mode == 1722 || $mode == 125)
{
my $index = index ($line, ":");
$spn = substr ($spn, 0, length ($spn) - 1);
my $checksum = shift @data;
my $edata2 = shift @data;
-
+
next unless ($signature eq "krb5tgs");
next unless (length ($checksum) == 32);
next unless (length ($edata2) >= 64);
my @data = split ('\*', $hash_in);
- next unless (scalar @data == 9 || scalar @data == 11);
+ next unless (scalar @data == 9
+ || scalar @data == 11
+ || scalar @data == 12
+ || scalar @data == 14);
my $signature = shift @data;
next unless ($signature eq '$keepass$');
-
+
my $version = shift @data;
next unless ($version == 1 || $version == 2);
-
+
my $iteration = shift @data;
-
+
my $algorithm = shift @data;
my $final_random_seed = shift @data;
-
+
if ($version == 1)
{
next unless (length ($final_random_seed) == 32);
{
next unless (length ($final_random_seed) == 64);
}
-
+
my $transf_random_seed = shift @data;
next unless (length ($transf_random_seed) == 64);
next unless ($inline_flags == 1);
my $contents_len = shift @data;
-
+
my $contents = shift @data;
next unless (length ($contents) == $contents_len * 2);
}
{
my $expected_bytes = shift @data;
next unless (length ($expected_bytes) == 64);
-
+
my $contents_hash = shift @data;
next unless (length ($contents_hash) == 64);
}
+ if (scalar @data == 12 || scalar @data == 14)
+ {
+ my $inline_flags = shift @data;
+ next unless ($inline_flags == 1);
+
+ my $keyfile_len = shift @data;
+ next unless ($keyfile_len == 64);
+
+ my $keyfile = shift @data;
+ next unless (length ($keyfile) == $keyfile_len);
+ }
+
$salt = substr ($hash_in, length ("*keepass*") + 1, length ($hash_in));
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
$hash_out = gen_hash ($mode, $word, $salt);
$len = length $hash_out;
-
+
return unless (substr ($line, 0, $len) eq $hash_out);
}
else
$tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
}
+ elsif ($mode == 125)
+ {
+ $tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 10));
+ }
elsif ($mode == 141 || $mode == 1441)
{
my $salt_len = get_random_num (1, 15);
$tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
}
+ elsif ($mode == 13500)
+ {
+ $salt_buf = get_pstoken_salt ();
+
+ $tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
+ }
else
{
print "ERROR: Unsupported hash type\n";
}
}
}
- elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
+ elsif ($mode == 111 || $mode == 122 || $mode == 125 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
{
for (my $i = 1; $i < 32; $i++)
{
}
}
}
+ elsif ($mode == 13500)
+ {
+ for (my $i = 1; $i < 16; $i++)
+ {
+ if ($len != 0)
+ {
+ rnd ($mode, $len, 16);
+ }
+ else
+ {
+ rnd ($mode, $i, 16);
+ }
+ }
+ }
}
}
$tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
}
+ elsif ($mode == 125)
+ {
+ my $signature = "01";
+
+ my $salt_buf_bin = pack ("H*", $salt_buf . $signature);
+
+ $hash_buf = sha1_hex ($salt_buf_bin . $word_buf);
+
+ $tmp_hash = sprintf ("%s%s%s", $salt_buf, $signature, $hash_buf);
+ }
elsif ($mode == 130)
{
$hash_buf = sha1_hex (encode ("UTF-16LE", $word_buf) . $salt_buf);
my $nthash = Authen::Passphrase::NTHash->new (passphrase => $word_buf)->hash . "\x00" x 5;
- $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthash, 0, 7)), "DES", $challenge, PADDING_NONE);
- $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthash, 7, 7)), "DES", $challenge, PADDING_NONE);
- $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthash, 14, 7)), "DES", $challenge, PADDING_NONE);
+ $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthash, 0, 7)), "DES", $challenge, "none");
+ $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthash, 7, 7)), "DES", $challenge, "none");
+ $ntresp .= Crypt::ECB::encrypt (setup_des_key (substr ($nthash, 14, 7)), "DES", $challenge, "none");
$tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $c_challenge_hex, unpack ("H*", $ntresp), $s_challenge_hex);
}
my $algorithm = $salt_arr[2];
my $final_random_seed = $salt_arr[3];
-
+
my $transf_random_seed = $salt_arr[4];
-
+
my $enc_iv = $salt_arr[5];
my $contents_hash;
# specific to version 2
my $expected_bytes;
+ # specific to keyfile handling
+ my $inline_keyfile_flag;
+ my $keyfile_len;
+ my $keyfile_content;
+ my $keyfile_attributes = "";
+
$final_random_seed = pack ("H*", $final_random_seed);
$transf_random_seed = pack ("H*", $transf_random_seed);
$enc_iv = pack ("H*", $enc_iv);
my $intermediate_hash = sha256 ($word_buf);
-
+
if ($version == 1)
{
$contents_hash = $salt_arr[6];
$contents_hash = pack ("H*", $contents_hash);
-
+
$inline_flag = $salt_arr[7];
-
+
$contents_len = $salt_arr[8];
-
+
$contents = $salt_arr[9];
$contents = pack ("H*", $contents);
+
+ # keyfile handling
+ if (scalar @salt_arr == 13)
+ {
+ $inline_keyfile_flag = $salt_arr[10];
+
+ $keyfile_len = $salt_arr[11];
+
+ $keyfile_content = $salt_arr[12];
+
+ $keyfile_attributes = $keyfile_attributes
+ . "*" . $inline_keyfile_flag
+ . "*" . $keyfile_len
+ . "*" . $keyfile_content;
+
+ $intermediate_hash = $intermediate_hash . pack ("H*", $keyfile_content);
+ $intermediate_hash = sha256 ($intermediate_hash);
+ }
}
elsif ($version == 2)
{
+ # keyfile handling
+ if (scalar @salt_arr == 11)
+ {
+ $inline_keyfile_flag = $salt_arr[8];
+
+ $keyfile_len = $salt_arr[9];
+
+ $keyfile_content = $salt_arr[10];
+
+ $intermediate_hash = $intermediate_hash . pack ("H*", $keyfile_content);
+
+ $keyfile_attributes = $keyfile_attributes
+ . "*" . $inline_keyfile_flag
+ . "*" . $keyfile_len
+ . "*" . $keyfile_content;
+
+ }
$intermediate_hash = sha256 ($intermediate_hash);
}
$intermediate_hash = substr ($intermediate_hash, 0, 32);
}
-
+
$intermediate_hash = sha256 ($intermediate_hash);
-
+
my $final_key = sha256 ($final_random_seed . $intermediate_hash);
-
+
my $final_algorithm;
if ($version == 1 && $algorithm == 1)
header => "none",
keysize => 32
});
-
+
if ($version == 1)
- {
+ {
$contents_hash = sha256 ($contents);
-
+
$contents = $cipher->encrypt($contents);
- $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%d*%d*%s',
+ $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%d*%d*%s%s',
$version,
$iteration,
$algorithm,
unpack ("H*", $contents_hash),
$inline_flag,
$contents_len,
- unpack ("H*", $contents));
+ unpack ("H*", $contents),
+ $keyfile_attributes);
}
if ($version == 2)
{
$expected_bytes = $salt_arr[6];
-
+
$contents_hash = $salt_arr[7];
$contents_hash = pack ("H*", $contents_hash);
-
+
$expected_bytes = $cipher->decrypt($contents_hash);
- $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%s',
+ $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%s%s',
$version,
$iteration,
$algorithm,
unpack ("H*", $transf_random_seed),
unpack ("H*", $enc_iv),
unpack ("H*", $expected_bytes),
- unpack ("H*", $contents_hash));
+ unpack ("H*", $contents_hash),
+ $keyfile_attributes);
}
}
+ elsif ($mode == 13500)
+ {
+ $hash_buf = sha1_hex (pack ("H*", $salt_buf) . encode ("UTF-16LE", $word_buf));
+
+ $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
+ }
return ($tmp_hash);
}
{
$salt_buf = get_random_keepass_salt ();
}
+ elsif ($mode == 13500)
+ {
+ $salt_buf = get_pstoken_salt ();
+ }
else
{
my @salt_arr;
my $salt_buf;
+ my $is_keyfile = get_random_num (0, 2);
+
+ my $keyfile_attributes = "";
+
+ if ($is_keyfile == 1)
+ {
+ $keyfile_attributes = $keyfile_attributes
+ . "1*64*"
+ . unpack ("H*", randbytes (32));
+ }
+
if ($version == 1)
{
$salt_buf = $version . '*' .
$contents_hash . '*' .
$inline_flag . '*' .
$contents_len . '*' .
- $contents;
+ $contents . '*' .
+ $keyfile_attributes;
}
elsif ($version == 2)
{
$contents = randbytes (32);
$contents = unpack ("H*", $contents);
-
+
$salt_buf = $version . '*' .
$iteration . '*' .
$algorithm . '*' .
$transf_random_seed . '*' .
$enc_iv . '*' .
$contents_hash . '*' .
- $contents;
+ $contents . '*' .
+ $keyfile_attributes;
}
return $salt_buf;
}
+sub get_pstoken_salt
+{
+ my $pstoken_length = get_random_num (16, 256);
+
+ ## not a valid pstoken but a better test
+ ## because of random length
+
+ my $pstoken_const = randbytes ($pstoken_length);
+
+ return unpack ("H*", $pstoken_const);
+}
+
sub get_random_md5chap_salt
{
my $salt_buf = shift;