Add mangling code

[hashcat.git] / OpenCL / mangle.cl

// Domain to use for mangling
__constant u8 domain[] = "flypig.co.uk";
__constant u32x domain_len = 12;

// Characters used for base64 encoding
__constant char b64_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

// Perform an MD5 transform step
// Should be called through hmac_md5_pad_mangle and hmac_md5_run_mangle
void md5_transform_mangle (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4])
{
  u32x a = digest[0];
  u32x b = digest[1];
  u32x c = digest[2];
  u32x d = digest[3];

  u32x w0_t = w0[0];
  u32x w1_t = w0[1];
  u32x w2_t = w0[2];
  u32x w3_t = w0[3];
  u32x w4_t = w1[0];
  u32x w5_t = w1[1];
  u32x w6_t = w1[2];
  u32x w7_t = w1[3];
  u32x w8_t = w2[0];
  u32x w9_t = w2[1];
  u32x wa_t = w2[2];
  u32x wb_t = w2[3];
  u32x wc_t = w3[0];
  u32x wd_t = w3[1];
  u32x we_t = w3[2];
  u32x wf_t = w3[3];

  MD5_STEP (MD5_Fo, a, b, c, d, w0_t, MD5C00, MD5S00);
  MD5_STEP (MD5_Fo, d, a, b, c, w1_t, MD5C01, MD5S01);
  MD5_STEP (MD5_Fo, c, d, a, b, w2_t, MD5C02, MD5S02);
  MD5_STEP (MD5_Fo, b, c, d, a, w3_t, MD5C03, MD5S03);
  MD5_STEP (MD5_Fo, a, b, c, d, w4_t, MD5C04, MD5S00);
  MD5_STEP (MD5_Fo, d, a, b, c, w5_t, MD5C05, MD5S01);
  MD5_STEP (MD5_Fo, c, d, a, b, w6_t, MD5C06, MD5S02);
  MD5_STEP (MD5_Fo, b, c, d, a, w7_t, MD5C07, MD5S03);
  MD5_STEP (MD5_Fo, a, b, c, d, w8_t, MD5C08, MD5S00);
  MD5_STEP (MD5_Fo, d, a, b, c, w9_t, MD5C09, MD5S01);
  MD5_STEP (MD5_Fo, c, d, a, b, wa_t, MD5C0a, MD5S02);
  MD5_STEP (MD5_Fo, b, c, d, a, wb_t, MD5C0b, MD5S03);
  MD5_STEP (MD5_Fo, a, b, c, d, wc_t, MD5C0c, MD5S00);
  MD5_STEP (MD5_Fo, d, a, b, c, wd_t, MD5C0d, MD5S01);
  MD5_STEP (MD5_Fo, c, d, a, b, we_t, MD5C0e, MD5S02);
  MD5_STEP (MD5_Fo, b, c, d, a, wf_t, MD5C0f, MD5S03);

  MD5_STEP (MD5_Go, a, b, c, d, w1_t, MD5C10, MD5S10);
  MD5_STEP (MD5_Go, d, a, b, c, w6_t, MD5C11, MD5S11);
  MD5_STEP (MD5_Go, c, d, a, b, wb_t, MD5C12, MD5S12);
  MD5_STEP (MD5_Go, b, c, d, a, w0_t, MD5C13, MD5S13);
  MD5_STEP (MD5_Go, a, b, c, d, w5_t, MD5C14, MD5S10);
  MD5_STEP (MD5_Go, d, a, b, c, wa_t, MD5C15, MD5S11);
  MD5_STEP (MD5_Go, c, d, a, b, wf_t, MD5C16, MD5S12);
  MD5_STEP (MD5_Go, b, c, d, a, w4_t, MD5C17, MD5S13);
  MD5_STEP (MD5_Go, a, b, c, d, w9_t, MD5C18, MD5S10);
  MD5_STEP (MD5_Go, d, a, b, c, we_t, MD5C19, MD5S11);
  MD5_STEP (MD5_Go, c, d, a, b, w3_t, MD5C1a, MD5S12);
  MD5_STEP (MD5_Go, b, c, d, a, w8_t, MD5C1b, MD5S13);
  MD5_STEP (MD5_Go, a, b, c, d, wd_t, MD5C1c, MD5S10);
  MD5_STEP (MD5_Go, d, a, b, c, w2_t, MD5C1d, MD5S11);
  MD5_STEP (MD5_Go, c, d, a, b, w7_t, MD5C1e, MD5S12);
  MD5_STEP (MD5_Go, b, c, d, a, wc_t, MD5C1f, MD5S13);

  MD5_STEP (MD5_H, a, b, c, d, w5_t, MD5C20, MD5S20);
  MD5_STEP (MD5_H, d, a, b, c, w8_t, MD5C21, MD5S21);
  MD5_STEP (MD5_H, c, d, a, b, wb_t, MD5C22, MD5S22);
  MD5_STEP (MD5_H, b, c, d, a, we_t, MD5C23, MD5S23);
  MD5_STEP (MD5_H, a, b, c, d, w1_t, MD5C24, MD5S20);
  MD5_STEP (MD5_H, d, a, b, c, w4_t, MD5C25, MD5S21);
  MD5_STEP (MD5_H, c, d, a, b, w7_t, MD5C26, MD5S22);
  MD5_STEP (MD5_H, b, c, d, a, wa_t, MD5C27, MD5S23);
  MD5_STEP (MD5_H, a, b, c, d, wd_t, MD5C28, MD5S20);
  MD5_STEP (MD5_H, d, a, b, c, w0_t, MD5C29, MD5S21);
  MD5_STEP (MD5_H, c, d, a, b, w3_t, MD5C2a, MD5S22);
  MD5_STEP (MD5_H, b, c, d, a, w6_t, MD5C2b, MD5S23);
  MD5_STEP (MD5_H, a, b, c, d, w9_t, MD5C2c, MD5S20);
  MD5_STEP (MD5_H, d, a, b, c, wc_t, MD5C2d, MD5S21);
  MD5_STEP (MD5_H, c, d, a, b, wf_t, MD5C2e, MD5S22);
  MD5_STEP (MD5_H, b, c, d, a, w2_t, MD5C2f, MD5S23);

  MD5_STEP (MD5_I, a, b, c, d, w0_t, MD5C30, MD5S30);
  MD5_STEP (MD5_I, d, a, b, c, w7_t, MD5C31, MD5S31);
  MD5_STEP (MD5_I, c, d, a, b, we_t, MD5C32, MD5S32);
  MD5_STEP (MD5_I, b, c, d, a, w5_t, MD5C33, MD5S33);
  MD5_STEP (MD5_I, a, b, c, d, wc_t, MD5C34, MD5S30);
  MD5_STEP (MD5_I, d, a, b, c, w3_t, MD5C35, MD5S31);
  MD5_STEP (MD5_I, c, d, a, b, wa_t, MD5C36, MD5S32);
  MD5_STEP (MD5_I, b, c, d, a, w1_t, MD5C37, MD5S33);
  MD5_STEP (MD5_I, a, b, c, d, w8_t, MD5C38, MD5S30);
  MD5_STEP (MD5_I, d, a, b, c, wf_t, MD5C39, MD5S31);
  MD5_STEP (MD5_I, c, d, a, b, w6_t, MD5C3a, MD5S32);
  MD5_STEP (MD5_I, b, c, d, a, wd_t, MD5C3b, MD5S33);
  MD5_STEP (MD5_I, a, b, c, d, w4_t, MD5C3c, MD5S30);
  MD5_STEP (MD5_I, d, a, b, c, wb_t, MD5C3d, MD5S31);
  MD5_STEP (MD5_I, c, d, a, b, w2_t, MD5C3e, MD5S32);
  MD5_STEP (MD5_I, b, c, d, a, w9_t, MD5C3f, MD5S33);

  digest[0] += a;
  digest[1] += b;
  digest[2] += c;
  digest[3] += d;
}

// Set up the HMAC-MD5 process
// The ipad and opad arrays can be retained to run multiple HMAC-MD5 processes
// without having to recalculate
// w0, w1, w2, w3 - contain up to 64 bytes of the HMAC key
// ipad, opad - contain the returned data to pass into the next call
void hmac_md5_pad_mangle (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4])
{
  w0[0] = w0[0] ^ 0x36363636;
  w0[1] = w0[1] ^ 0x36363636;
  w0[2] = w0[2] ^ 0x36363636;
  w0[3] = w0[3] ^ 0x36363636;
  w1[0] = w1[0] ^ 0x36363636;
  w1[1] = w1[1] ^ 0x36363636;
  w1[2] = w1[2] ^ 0x36363636;
  w1[3] = w1[3] ^ 0x36363636;
  w2[0] = w2[0] ^ 0x36363636;
  w2[1] = w2[1] ^ 0x36363636;
  w2[2] = w2[2] ^ 0x36363636;
  w2[3] = w2[3] ^ 0x36363636;
  w3[0] = w3[0] ^ 0x36363636;
  w3[1] = w3[1] ^ 0x36363636;
  w3[2] = w3[2] ^ 0x36363636;
  w3[3] = w3[3] ^ 0x36363636;

  ipad[0] = MD5M_A;
  ipad[1] = MD5M_B;
  ipad[2] = MD5M_C;
  ipad[3] = MD5M_D;

  md5_transform_mangle (w0, w1, w2, w3, ipad);

  w0[0] = w0[0] ^ 0x6a6a6a6a;
  w0[1] = w0[1] ^ 0x6a6a6a6a;
  w0[2] = w0[2] ^ 0x6a6a6a6a;
  w0[3] = w0[3] ^ 0x6a6a6a6a;
  w1[0] = w1[0] ^ 0x6a6a6a6a;
  w1[1] = w1[1] ^ 0x6a6a6a6a;
  w1[2] = w1[2] ^ 0x6a6a6a6a;
  w1[3] = w1[3] ^ 0x6a6a6a6a;
  w2[0] = w2[0] ^ 0x6a6a6a6a;
  w2[1] = w2[1] ^ 0x6a6a6a6a;
  w2[2] = w2[2] ^ 0x6a6a6a6a;
  w2[3] = w2[3] ^ 0x6a6a6a6a;
  w3[0] = w3[0] ^ 0x6a6a6a6a;
  w3[1] = w3[1] ^ 0x6a6a6a6a;
  w3[2] = w3[2] ^ 0x6a6a6a6a;
  w3[3] = w3[3] ^ 0x6a6a6a6a;

  opad[0] = MD5M_A;
  opad[1] = MD5M_B;
  opad[2] = MD5M_C;
  opad[3] = MD5M_D;

  md5_transform_mangle (w0, w1, w2, w3, opad);
}

// Continue the HMAC-MD5 process
// It's up to the caller to add the final length and padding terminators
// hmac_md5_pad_mangle call, which can be used across multiple HMACs
// w0, w1, w2, w3 - contain up to 64 bytes of data to HMAC
// ipad, opad - should contain the output from the 
// digest - the 16-byte result of the HMAC
void hmac_md5_run_mangle (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4], u32x digest[4])
{
  digest[0] = ipad[0];
  digest[1] = ipad[1];
  digest[2] = ipad[2];
  digest[3] = ipad[3];

  md5_transform_mangle (w0, w1, w2, w3, digest);

  w0[0] = digest[0];
  w0[1] = digest[1];
  w0[2] = digest[2];
  w0[3] = digest[3];
  w1[0] = 0x80;
  w1[1] = 0;
  w1[2] = 0;
  w1[3] = 0;
  w2[0] = 0;
  w2[1] = 0;
  w2[2] = 0;
  w2[3] = 0;
  w3[0] = 0;
  w3[1] = 0;
  w3[2] = (64 + 16) * 8;
  w3[3] = 0;

  digest[0] = opad[0];
  digest[1] = opad[1];
  digest[2] = opad[2];
  digest[3] = opad[3];

  md5_transform_mangle (w0, w1, w2, w3, digest);
}

// Perfrom an HMAC-MD5 with the given key and using the domain constant as the
// data to HMAC
// in_key - the key to use (the user's password)
// key-len - the length of the key in bytes
// out_digest - returns the 16 byte result
void md5hmac_domain_mangle (u8 const *const in_key, const u32x key_len, u8 out_digest[16])
{
  u32 pos;

  // Data
  u32x data_buf[16];

  for (pos = 0; pos < domain_len; pos++)
  {
    ((u8 *) data_buf)[pos] = domain[pos];
  }
  for (pos = domain_len; pos < 64; pos++)
  {
    ((u8 *) data_buf)[pos] = 0;
  }

  // Key
  u32x key_buf[16];

  for (pos = 0; pos < key_len; pos++)
  {
    ((u8 *) key_buf)[pos] = in_key[pos];
  }
  for (pos = key_len; pos < 64; pos++)
  {
    ((u8 *) key_buf)[pos] = 0;
  }

  // Pads
  u32x ipad[4];
  u32x opad[4];

  hmac_md5_pad_mangle (key_buf, key_buf + 4, key_buf + 8, key_buf + 12, ipad, opad);

  // Loop (except this time we don't actually loop)
  append_0x80_2x4_VV (data_buf, data_buf + 4, domain_len);

  data_buf[14] = (64 + domain_len) * 8;

  hmac_md5_run_mangle (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *) out_digest);
}

// Base64 encode a string
// base64_hash - the returned hahs
// len - the length of the input string
// base64_plain - the string to encode
// returns the length of the final encoding
u32 b64_encode_mangle (u8 * base64_hash, const u32 len, const u8 * base64_plain)
{
  u8 *out_ptr = (u8 *) base64_hash;
  u8 *in_ptr = (u8 *) base64_plain;
  u32 out_len;

  u32 i;

  // Encode the easy iniitial characters
  out_len = 0;
  for (i = 0; i < (len - 2); i += 3)
  {
    char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
    char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30) | ((in_ptr[1] >> 4) & 0x0f)];
    char out_val2 = b64_table[((in_ptr[1] << 2) & 0x3c) | ((in_ptr[2] >> 6) & 0x03)];
    char out_val3 = b64_table[((in_ptr[2] >> 0) & 0x3f)];

    out_ptr[0] = out_val0 & 0x7f;
    out_ptr[1] = out_val1 & 0x7f;
    out_ptr[2] = out_val2 & 0x7f;
    out_ptr[3] = out_val3 & 0x7f;

    in_ptr += 3;
    out_ptr += 4;
    out_len += 4;
  }
  // Deal with the awkward terminating characters if there are any
  if (i == (len - 1))
  {
    // Input string has one hanging character
    char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
    char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30)];

    out_ptr[0] = out_val0 & 0x7f;
    out_ptr[1] = out_val1 & 0x7f;
    out_ptr[2] = '=';
    out_ptr[3] = '=';

    in_ptr += 3;
    out_ptr += 4;
    out_len += 4;
  }
  if (i == (len - 2))
  {
    // Input string has two hanging characters
    char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
    char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30) | ((in_ptr[1] >> 4) & 0x0f)];
    char out_val2 = b64_table[((in_ptr[1] << 2) & 0x3c)];

    out_ptr[0] = out_val0 & 0x7f;
    out_ptr[1] = out_val1 & 0x7f;
    out_ptr[2] = out_val2 & 0x7f;
    out_ptr[3] = '=';

    in_ptr += 3;
    out_ptr += 4;
    out_len += 4;
  }

  return out_len;
}

// Determine whether a given string contains non-alphanumeric values
// A non-alphanumeric is anything except a-z, A-Z, 0-9
// data - the string to check
// length - the length of the string
// returns true if there's a non-alphanumeric value, false o/w
bool containsnonalphanumeric_mangle (u8 * data, u32 length)
{
  bool nonalphanumeric;
  u32 pos;
  char check;
  u32 startingSize;

  nonalphanumeric = false;
  // Check each character individually
  for (pos = 0; (pos < length) && !nonalphanumeric; pos++)
  {
    check = data[pos];
    if (!((check >= 'a') && (check <= 'z')) && !((check >= 'A') && (check <= 'Z')) && !((check >= '0') && (check <= '9')) && !(check == '_'))
    {
      nonalphanumeric = true;
    }
  }

  return nonalphanumeric;
}

// Determine whether a string contains any value between a given range
// password - the string to check
// length - the length of the string to check
// start - the inclusive lower bound of the range to check between
// end - the inclusive upper bound of the range to check between
// returns true if the string contains a value that falls in the range
// returns false o/w
bool contains_mangle (u8 const *password, u32 length, u8 start, u8 end)
{
  bool doescontain = false;
  u32 pos;

  // Check each character individually
  for (pos = 0; (pos < length) && (doescontain == false); pos++)
  {
    if ((password[pos] >= start) && (password[pos] <= end))
    {
      doescontain = true;
    }
  }

  return doescontain;
}

// Rotate the characters in a string to the left by the given number of
// characters
// torotate - the string to rotate
// length - the length of the string to rotate
// steps - the number of steps to rotate to the left by
void rotate_string_mangle (u8 * torotate, u32 length, u32 steps)
{
  u8 scratch[64];
  u32 pos;

  // Create a rotated copy in a temporary buffer
  for (pos = 0; pos < length; pos++)
  {
    scratch[pos] = torotate[(pos + steps) % length];
  }

  // Copy the result back into the original buffer
  for (pos = 0; pos < length; pos++)
  {
    torotate[pos] = scratch[pos];
  }
}

// Perform the mangle operation on the string to be hashed
// w0, w1 - the string to be mangled
// in_len - the length of the string to be mangled
u32x mangle (u32x w0[4], u32x w1[4], const u32x in_len)
{
  u32x out_len = in_len;

  u32 digest[4];
  u32 data[8];
  u32 hash[8];
  u32 i;
  u32 size;
  u32 extrasize;
  u32 startingsize;
  bool nonalphanumeric;
  u32 extrapos;
  u8 next;

  hash[0] = w0[0];
  hash[1] = w0[1];
  hash[2] = w0[2];
  hash[3] = w0[3];
  hash[4] = w1[0];
  hash[5] = w1[1];
  hash[6] = w1[2];
  hash[7] = w1[3];

  // HMAC-MD5 the domain name using the password as the key
  md5hmac_domain_mangle ((u8 *) hash, in_len, (u8 *) digest);

  // Check whether the original password contains non-alphanumeric values
  nonalphanumeric = containsnonalphanumeric_mangle ((u8 *) hash, in_len);

  w0[0] = digest[0];
  w0[1] = digest[1];
  w0[2] = digest[2];
  w0[3] = digest[3];
  w1[0] = 0;
  w1[1] = 0;
  w1[2] = 0;
  w1[3] = 0;

  // Base64 encode the HMAC; this will be what we use to generate the password
  out_len = b64_encode_mangle ((u8 *) hash, 16, (u8 *) w0);

  out_len = 22;                 // b64 encoding will produce 24 bytes output, but last two will be "=="
  extrasize = 22;
  size = in_len + 2;

  // for (i = out_len; i < 32; i++) {
  // ((u8 *)hash)[i] = 0;
  // }

  startingsize = size - 4;
  startingsize = (startingsize < extrasize) ? startingsize : extrasize;

  // Transfer the intial portion for output
  for (i = 0; i < startingsize; i++)
  {
    ((u8 *) data)[i] = ((u8 *) hash)[i];
  }
  for (i = startingsize; i < 32; i++)
  {
    ((u8 *) data)[i] = 0;
  }

  extrapos = startingsize;

  // Add the extras
  // Capital letter
  next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
  extrapos++;
  if (!contains_mangle ((u8 *) data, startingsize, 'A', 'Z'))
  {
    next = 'A' + (next % ('Z' - 'A' + 1));
  }
  ((u8 *) data)[startingsize] = next;
  startingsize++;

  // Lower case letter
  next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
  extrapos++;
  if (!contains_mangle ((u8 *) data, startingsize, 'a', 'z'))
  {
    next = 'a' + (next % ('z' - 'a' + 1));
  }
  ((u8 *) data)[startingsize] = next;
  startingsize++;

  // Number
  next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
  extrapos++;
  if (!contains_mangle ((u8 *) data, startingsize, '0', '9'))
  {
    next = '0' + (next % ('9' - '0' + 1));
  }
  ((u8 *) data)[startingsize] = next;
  startingsize++;

  // Non alphanumeric
  if (containsnonalphanumeric_mangle ((u8 *) data, startingsize) && nonalphanumeric)
  {
    next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
    extrapos++;
  }
  else
  {
    next = '+';
  }
  ((u8 *) data)[startingsize] = next;
  startingsize++;

  // If there's no alphanumeric values in the original password
  // remove them from the result
  if (!nonalphanumeric)
  {
    for (i = 0; i < startingsize; i++)
    {
      if (containsnonalphanumeric_mangle (((u8 *) data) + i, 1))
      {
        next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
        extrapos++;
        next = 'A' + (next % ('Z' - 'A' + 1));
        ((u8 *) data)[i] = next;
      }
    }
  }

  // Rotate the result to ranomise where the non-alphanumerics are
  next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
  rotate_string_mangle ((u8 *) data, startingsize, next);
  ((u8 *) data)[startingsize] = 0;

  out_len = startingsize;

  // Copy th result into the output buffer
  w0[0] = data[0];
  w0[1] = data[1];
  w0[2] = data[2];
  w0[3] = data[3];
  w1[0] = data[4];
  w1[1] = data[5];
  w1[2] = data[6];
  w1[3] = data[7];

  return (out_len);
}