4 ## Author......: Jens Steube <jens.steube@gmail.com>
10 use Digest
::MD4 qw
(md4 md4_hex
);
11 use Digest
::MD5 qw
(md5 md5_hex
);
12 use Digest
::SHA qw
(sha1 sha256 sha384 sha512 sha1_hex sha256_hex sha384_hex sha512_hex
);
13 use Digest
::HMAC qw
(hmac hmac_hex
);
14 use Digest
::Keccak qw
(keccak_256_hex
);
15 use Crypt
::MySQL qw
(password41
);
16 use Digest
::GOST qw
(gost gost_hex
);
17 use Digest
::HMAC_MD5 qw
(hmac_md5
);
18 use Digest
::CRC qw
(crc32
);
21 use Crypt
::ECB qw
(encrypt
);
23 use Crypt
::Eksblowfish
::Bcrypt qw
(bcrypt en_base64
);
24 use Crypt
::Digest
::RIPEMD160 qw
(ripemd160_hex
);
25 use Crypt
::Digest
::Whirlpool qw
(whirlpool_hex
);
27 use Crypt
::ScryptKDF qw
(scrypt_hash scrypt_b64
);
31 use Crypt
::UnixCrypt_XS qw
(crypt_rounds fold_password base64_to_int24 block_to_base64 int24_to_base64
);
33 use Authen
::Passphrase
::NTHash
;
34 use Authen
::Passphrase
::MySQL323
;
35 use Authen
::Passphrase
::PHPass
;
36 use Authen
::Passphrase
::LANManager
;
38 use POSIX qw
(strftime
);
40 use Net
::DNS
::RR
::NSEC3
;
41 use Convert
::EBCDIC qw
(ascii2ebcdic
);
42 use Digest
::SipHash qw
/siphash/;
44 my $hashcat = "./oclHashcat";
48 my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500);
50 my %is_unicode = map { $_ => 1 } qw(30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 13500);
51 my %less_fifteen = map { $_ => 1 } qw(500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
52 my %allow_long_salt = map { $_ => 1 } qw(2500 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500);
54 my @lotus_magic_table =
56 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
57 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
58 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
59 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
60 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
61 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
62 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
63 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
64 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
65 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
66 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
67 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
68 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
69 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
70 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
71 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
72 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
73 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
74 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
75 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
76 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
77 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
78 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
79 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
80 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
81 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
82 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
83 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
84 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
85 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
86 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
87 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
92 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
93 0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
94 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
95 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a
98 my $CISCO_BASE64_MAPPING = {'A', '.', 'B', '/', 'C', '0', 'D', '1', 'E', '2', 'F', '3', 'G', '4', 'H', '5', 'I', '6', 'J', '7', 'K', '8', 'L', '9', 'M', 'A', 'N', 'B', 'O', 'C', 'P', 'D', 'Q', 'E', 'R', 'F', 'S', 'G', 'T', 'H', 'U', 'I', 'V', 'J', 'W', 'K', 'X', 'L', 'Y', 'M', 'Z', 'N', 'a', 'O', 'b', 'P', 'c', 'Q', 'd', 'R', 'e', 'S', 'f', 'T', 'g', 'U', 'h', 'V', 'i', 'W', 'j', 'X', 'k', 'Y', 'l', 'Z', 'm', 'a', 'n', 'b', 'o', 'c', 'p', 'd', 'q', 'e', 'r', 'f', 's', 'g', 't', 'h', 'u', 'i', 'v', 'j', 'w', 'k', 'x', 'l', 'y', 'm', 'z', 'n', '0', 'o', '1', 'p', '2', 'q', '3', 'r', '4', 's', '5', 't', '6', 'u', '7', 'v', '8', 'w', '9', 'x', '+', 'y', '/', 'z'};
100 if (scalar @ARGV < 1)
111 if ($type ne "verify")
113 if (scalar @ARGV > 1)
118 elsif (scalar @ARGV == 1)
128 if ($type eq "single")
132 elsif ($type eq "passthrough")
143 if (scalar @ARGV != 4)
148 my $mode = shift @ARGV;
149 my $hash_file = shift @ARGV;
150 my $in_file = shift @ARGV;
151 my $out_file = shift @ARGV;
155 open (IN
, "<", $hash_file) or die ("$hash_file: $!\n");
157 # clever ? the resulting database could be huge
158 # but we need some way to map lines in hashfile w/ cracks
159 # maybe rli2 way would be more clever (needs sorted input)
161 while (my $line = <IN
>)
163 $line =~ s/[\n\r]*$//;
165 $db->{$line} = undef;
170 verify
($mode, $db, $in_file, $out_file);
178 my $out_file = shift;
197 open (IN
, "<", $in_file) or die ("$in_file: $!\n");
198 open (OUT
, ">", $out_file) or die ("$out_file: $!\n");
202 my $base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
203 my $itoa64_1 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
204 my $itoa64_2 = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
206 while (my $line = <IN
>)
213 # remember always do "exists ($db->{$hash_in})" checks as soon as possible and don't forget it
216 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 133 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3000 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5700 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 8600 || $mode == 9900 || $mode == 10800 || $mode == 11500)
218 my $index = index ($line, ":");
222 $hash_in = substr ($line, 0, $index);
224 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
226 $word = substr ($line, $index + 1);
229 elsif ($mode == 10 || $mode == 11 || $mode == 12 || $mode == 20 || $mode == 21 || $mode == 22 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 112 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1100 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 2611 || $mode == 2711 || $mode == 2811 || $mode == 3100 || $mode == 3610 || $mode == 3710 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 5800 || $mode == 7600 || $mode == 8400 || $mode == 11000 || $mode == 12600 || $mode == 13500)
232 my $index1 = index ($line, ":");
236 $hash_in = substr ($line, 0, $index1);
238 # identify lenghts of both salt and plain
240 my $salt_plain = substr ($line, $index1 + 1);
242 my $num_cols = () = $salt_plain =~ /:/g;
251 foreach (my $i = 0; $i < $num_cols; $i++)
253 $index2 = index ($salt_plain, ":", $start);
257 $start = $index2 + 1;
259 $salt = substr ($salt_plain, 0, $index2);
260 $word = substr ($salt_plain, $index2 + 1);
262 # can't be true w/ wrong $hash:$salt, otherwise the
263 # algo must have many collisions
265 if (exists ($db->{$hash_in . ":" . $salt}))
267 $hash_in = $hash_in . ":" . $salt;
273 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
274 next unless (! defined ($db->{$hash_in}));
277 elsif ($mode == 2100)
280 my $index1 = index ($line, "\$DCC2\$");
282 next if $index1 != 0;
285 my $index2 = index ($line, "#", $index1 + 1);
289 $iter = substr ($line, $index1 + 6, $index2 - $index1 - 6);
292 $index1 = index ($line, "#");
296 $hash_in = substr ($line, 0, $index1 + 1);
298 # identify lenghts of both salt and plain
300 my $salt_plain = substr ($line, $index2 + 1);
302 my $num_cols = () = $salt_plain =~ /:/g;
312 foreach (my $i = 0; $i < $num_cols; $i++)
314 $index2 = index ($salt_plain, ":", $start);
318 $start = $index2 + 1;
320 $index3 = rindex ($salt_plain, "#", $index2);
322 $raw_hash = substr ($salt_plain, $index3 + 1, $index2 - $index3 - 1);
323 $salt = substr ($salt_plain, 0, $index3);
324 $word = substr ($salt_plain, $index2 + 1);
326 if (exists ($db->{$hash_in . $salt . "#" .$raw_hash}))
328 $hash_in = $hash_in . $salt . "#" . $raw_hash;
334 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
335 next unless (! defined ($db->{$hash_in}));
337 # salt:hash guaranteed only : because of hex salt
338 elsif ($mode == 7300)
340 # split hash and plain
341 my $index1 = index ($line, ":");
345 $salt = substr ($line, 0, $index1);
347 $salt = pack ("H*", $salt);
349 my $rest = substr ($line, $index1 + 1);
351 my $index2 = index ($rest, ":");
355 $hash_in = substr ($rest, 0, $index2);
357 $word = substr ($rest, $index2 + 1);
359 next unless (exists ($db->{$salt . ":" . $hash_in}) and (! defined ($db->{$hash_in})));
362 elsif ($mode == 8100)
364 # split hash and plain
365 $salt = substr ($line, 1, 8);
367 my $rest = substr ($line, 1 + 8);
369 my $index2 = index ($rest, ":");
373 $hash_in = substr ($rest, 0, $index2);
375 $word = substr ($rest, $index2 + 1);
377 next unless (exists ($db->{"1" . $salt . $hash_in}) and (! defined ($db->{$hash_in})));
379 # base64 and salt embedded SSHA1, salt length = total lenght - 20
382 # split hash and plain
383 my $index = index ($line, ":");
387 $hash_in = substr ($line, 0, $index);
388 $word = substr ($line, $index + 1);
390 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
393 my $plain_base64 = substr ($hash_in, 6);
395 # base64 decode to extract salt
396 my $decoded = decode_base64
($plain_base64);
398 $salt = substr ($decoded, 20);
400 # base64 and salt embedded SSHA512, salt length = total length - 64
401 elsif ($mode == 1711)
403 # split hash and plain
404 my $index = index ($line, ":");
408 $hash_in = substr ($line, 0, $index);
409 $word = substr ($line, $index + 1);
411 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
414 my $plain_base64 = substr ($hash_in, 9);
416 # base64 decode to extract salt
417 my $decoded = decode_base64
($plain_base64);
419 $salt = substr ($decoded, 64);
421 # OSX (first 8 hex chars is salt)
422 # ArubaOS (the signature gets added in gen_hash)
423 elsif ($mode == 122 || $mode == 1722 || $mode == 125)
425 my $index = index ($line, ":");
429 $hash_in = substr ($line, 0, $index);
430 $word = substr ($line, $index + 1);
432 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
434 $salt = substr ($hash_in, 0, 8);
436 # MSSQL (2000, 2005 AND 2012), salt after version number
437 elsif ($mode == 131 || $mode == 132 || $mode == 1731)
439 my $index = index ($line, ":");
443 $hash_in = substr ($line, 0, $index);
444 $word = substr ($line, $index + 1);
446 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
448 $salt = substr ($hash_in, 6, 8);
451 elsif ($mode == 8000)
453 my $index = index ($line, ":");
457 $hash_in = substr ($line, 0, $index);
458 $word = substr ($line, $index + 1);
460 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
462 $salt = substr ($hash_in, 6, 16);
465 elsif ($mode == 141 || $mode == 1441)
467 my $index1 = index ($line, ":");
471 $hash_in = substr ($line, 0, $index1);
472 $word = substr ($line, $index1 + 1);
474 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
476 my $index2 = index ($line, "*", 14);
478 #extract salt from base64
479 my $plain_base64 = substr ($hash_in, 14, $index2 - 14);
481 $salt = decode_base64
($plain_base64);
483 # phpass (first 8 after $P$/$H$ -- or $S$ with drupal7)
484 elsif ($mode == 400 || $mode == 7900)
486 my $index = index ($line, ":");
490 $hash_in = substr ($line, 0, $index);
491 $word = substr ($line, $index + 1);
493 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
495 $salt = substr ($hash_in, 4, 8);
497 # iterations = 2 ^ cost (where cost == $iter)
498 $iter = index ($itoa64_1, substr ($hash_in, 3, 1));
500 # $something$[rounds=iter$]salt$ (get last $, then check iter)
501 elsif ($mode == 500 || $mode == 1600 || $mode == 1800 || $mode == 3300 || $mode == 7400)
503 my $index1 = index ($line, ":", 30);
507 $hash_in = substr ($line, 0, $index1);
508 $word = substr ($line, $index1 + 1);
510 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
512 $index1 = index ($hash_in, ",", 1);
513 my $index2 = index ($hash_in, "\$", 1);
517 if ($index1 < $index2)
523 $param = substr ($hash_in, $index2, 1);
527 # rounds= if available
530 if (substr ($hash_in, $index2, 7) eq "rounds=")
532 my $old_index = $index2;
534 $index2 = index ($hash_in, "\$", $index2 + 1);
538 $iter = substr ($hash_in, $old_index + 7, $index2 - $old_index - 7);
544 my $index3 = rindex ($hash_in, "\$");
548 $salt = substr ($hash_in, $index2, $index3 - $index2);
550 # descrypt (salt in first 2 char)
551 elsif ($mode == 1500)
553 my $index = index ($line, ":");
557 $hash_in = substr ($line, 0, $index);
558 $word = substr ($line, $index + 1);
560 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
562 $salt = substr ($hash_in, 0, 2);
564 # bcrypt $something$something$salt.hash
565 elsif ($mode == 3200)
567 my $index1 = index ($line, ":", 33);
571 $hash_in = substr ($line, 0, $index1);
572 $word = substr ($line, $index1 + 1);
574 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
576 my $index2 = index ($hash_in, "\$", 4);
578 $iter = substr ($hash_in, 4, $index2 - 4);
580 my $plain_base64 = substr ($hash_in, $index2 + 1, 22);
585 for (my $i = 0; $i < length ($plain_base64); $i++)
587 my $char = substr ($plain_base64, $i, 1);
588 $encoded .= substr ($base64, index ($itoa64_2, $char), 1);
591 $salt = decode_base64
($encoded);
594 elsif ($mode == 4800)
596 my $index1 = index ($line, ":");
600 my $index2 = index ($line, ":", $index1 + 1);
604 my $index3 = index ($line, ":", $index2 + 1);
608 $salt = substr ($line, $index1 + 1, $index3 - $index1 - 1);
610 $word = substr ($line, $index3 + 1);
612 $hash_in = substr ($line, 0, $index3);
615 elsif ($mode == 5300 || $mode == 5400)
617 my $num_cols = () = $line =~ /:/g;
619 next unless ($num_cols >= 9);
624 for (my $j = 0; $j < 9; $j++)
626 $index1 = index ($line, ":", $index1 + 1);
637 $word = substr ($line, $index1 + 1);
639 $hash_in = substr ($line, 0, $index1);
641 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
643 my $index2 = rindex ($line, ":", $index1 - 1);
645 $salt = substr ($line, 0, $index2);
648 elsif ($mode == 5500)
650 my $index1 = index ($line, "::");
654 my $index2 = index ($line, ":", $index1 + 2);
658 $index2 = index ($line, ":", $index2 + 1);
662 $salt = substr ($line, 0, $index2);
664 $index2 = index ($line, ":", $index2 + 1);
668 $salt .= substr ($line, $index2 + 1, 16);
670 $index2 = index ($line, ":", $index2 + 1);
674 $hash_in = substr ($line, 0, $index2);
676 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
678 $word = substr ($line, $index2 + 1);
681 elsif ($mode == 5600)
683 my $index1 = index ($line, "::");
687 my $index2 = index ($line, ":", $index1 + 2);
691 $index2 = index ($line, ":", $index2 + 1);
695 $salt = substr ($line, 0, $index2);
697 $index1 = index ($line, ":", $index2 + 1);
701 $index2 = index ($line, ":", $index1 + 1);
705 $salt .= substr ($line, $index1 + 1, $index2 - $index1 - 1);
707 $hash_in = substr ($line, 0, $index2);
709 # do it later on for this hash mode:
710 # next unless ((exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))) or (exists ($db->{$mod}) and (! defined ($db->{$mod}))));
712 $word = substr ($line, $index2 + 1);
714 # AIX smd5 something BRACE salt$
715 elsif ($mode == 6300)
717 my $index1 = index ($line, ":");
721 $hash_in = substr ($line, 0, $index1);
722 $word = substr ($line, $index1 + 1);
724 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
726 my $index2 = index ($hash_in, "}");
727 my $index3 = rindex ($hash_in, "\$");
729 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
731 # AIX: something$salt$ (no $ at position 1)
732 elsif ($mode == 6400 || $mode == 6500 || $mode == 6700)
734 my $index1 = index ($line, ":");
738 $hash_in = substr ($line, 0, $index1);
739 $word = substr ($line, $index1 + 1);
741 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
743 my $index2 = index ($hash_in, "}");
744 my $index3 = index ($hash_in, "\$");
745 my $index4 = rindex ($hash_in, "\$");
747 $salt = substr ($hash_in, $index3 + 1, $index4 - $index3 - 1);
749 $iter = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
751 # 1Password, agilekeychain
752 elsif ($mode == 6600)
754 my $num_cols = () = $line =~ /:/g;
756 next unless ($num_cols > 2);
758 my $index1 = index ($line, ":");
762 $iter = substr ($line, 0, $index1);
764 my $index2 = index ($line, ":", $index1 + 1);
768 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
770 $index1 = index ($line, ":", $index2 + 1);
774 $salt .= substr ($line, $index2 + 1, $index1 - $index2 - 33);
776 $hash_in = substr ($line, 0, $index1);
778 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
780 $word = substr ($line, $index1 + 1);
782 # 1Password, cloudkeychain
783 elsif ($mode == 8200)
785 my @datas = split (":", $line);
787 next if scalar @datas < 4;
789 my $hash = shift @datas;
790 $salt = shift @datas;
791 $iter = shift @datas;
792 my $data = shift @datas;
794 $hash_in = $hash . ":" . $salt . ":" . $iter . ":" . $data;
798 $word = join (":", @datas);
800 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
802 # lastpass (hash:iter:salt)
803 elsif ($mode == 6800)
805 my $index1 = index ($line, ":", 34);
809 $hash_in = substr ($line, 0, $index1);
811 # identify lenghts of both salt and plain
813 my $salt_plain = substr ($line, $index1 + 1);
815 my $num_cols = () = $salt_plain =~ /:/g;
824 foreach (my $i = 0; $i < $num_cols; $i++)
826 $index2 = index ($salt_plain, ":", $start);
830 $start = $index2 + 1;
832 $salt = substr ($salt_plain, 0, $index2);
833 $word = substr ($salt_plain, $index2 + 1);
835 # can't be true w/ wrong $hash:$salt, otherwise the
836 # algo must have many collisions
838 if (exists ($db->{$hash_in . ":" . $salt}))
840 $hash_in = $hash_in . ":" . $salt;
846 next unless ($matched); # therefore: true == exists ($db->{$hash_in}
847 next unless (! defined ($db->{$hash_in}));
849 $index1 = index ($hash_in, ":");
850 $index2 = index ($hash_in, ":", $index1 + 1);
852 $iter = substr ($hash_in, $index1 + 1, $index2 - $index1 - 1);
853 $salt = substr ($hash_in, $index2 + 1);
855 # OSX 10.* : $something$iter$salt$
856 elsif ($mode == 7100)
858 my $index1 = index ($line, ":");
862 $hash_in = substr ($line, 0, $index1);
863 $word = substr ($line, $index1 + 1);
865 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
867 my $index2 = index ($hash_in, "\$", 5);
871 my $index3 = index ($hash_in, "\$", $index2 + 1);
873 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
875 $iter = substr ($hash_in, 4, $index2 - 4);
877 next if (int ($iter) < 1);
879 # grub: something1.something2.something3.iter.salt.
880 elsif ($mode == 7200)
882 my $index1 = index ($line, ":");
886 $hash_in = substr ($line, 0, $index1);
887 $word = substr ($line, $index1 + 1);
889 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
891 my $index2 = index ($hash_in, ".", 19);
895 my $index3 = index ($hash_in, ".", $index2 + 1);
897 $salt = substr ($hash_in, $index2 + 1, $index3 - $index2 - 1);
899 $iter = substr ($hash_in, 19, $index2 - 19);
901 next if (int ($iter) < 1);
903 # $something1$something2$something3$something4$salt$
904 elsif ($mode == 7500 )
906 my $index1 = index ($line, "\$", 11);
910 my $index2 = index ($line, "\$", $index1 + 1);
914 my $index3 = index ($line, "\$", $index2 + 1);
918 $index2 = index ($line, ":", $index3 + 1);
922 $hash_in = substr ($line, 0, $index2);
923 $word = substr ($line, $index2 + 1);
925 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
927 $salt = substr ($hash_in, 11, $index3 - 10);
928 $salt .= substr ($hash_in, $index2 - 32) . "\$\$";
929 $salt .= substr ($hash_in, $index3 + 1, $index2 - $index3 - 32 - 1);
932 elsif ($mode == 7700 || $mode == 7800)
934 my $index1 = index ($line, ":");
938 my @split1 = split (":", $line);
940 my @split2 = split ('\$', $split1[0]);
942 next unless scalar @split2 == 2;
944 $hash_in = $split1[0];
946 if (scalar @split1 > 1)
955 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
960 elsif ($mode == 8300)
962 my @datas = split (":", $line);
964 next if scalar @datas != 5;
969 ($hash, $domain, $salt, $iter, $word) = @datas;
971 $hash_in = $hash . ":" . $domain . ":" . $salt . ":" . $iter;
973 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
975 $salt = $domain . ":" . $salt;
978 elsif ($mode == 8500)
980 my @line_elements = split (":", $line);
982 next if scalar @line_elements < 2;
986 $hash_in = shift @line_elements;
988 $word = join (":", @line_elements);
992 my @hash_elements = split ('\*', $hash_in);
994 next unless ($hash_elements[0] eq '$racf$');
996 $salt = $hash_elements[1];
998 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1001 elsif ($mode == 8700)
1003 # split hash and plain
1004 my $index = index ($line, ":");
1008 $hash_in = substr ($line, 0, $index);
1009 $word = substr ($line, $index + 1);
1011 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1013 my $plain_base64 = substr ($hash_in, 2, -1);
1015 ($_, $salt, $param) = domino_decode
($plain_base64);
1018 elsif ($mode == 2612)
1020 next unless (substr ($line, 0, 6) eq '$PHPS$');
1023 my $index1 = index ($line, "\$", 6);
1025 next if $index1 < 1;
1027 $salt = substr ($line, 6, $index1 - 6);
1029 $salt = pack ("H*", $salt);
1031 my $index2 = index ($line, "\:", $index1 + 1);
1033 next if $index2 < 1;
1035 $word = substr ($line, $index2 + 1);
1037 $hash_in = substr ($line, 0, $index2);
1039 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1042 elsif ($mode == 3711)
1044 next unless (substr ($line, 0, 3) eq '$B$');
1047 my $index1 = index ($line, "\$", 3);
1049 next if $index1 < 1;
1051 $salt = substr ($line, 3, $index1 - 3);
1053 my $index2 = index ($line, ":", $index1 + 1);
1055 next if $index2 < 1;
1057 $word = substr ($line, $index2 + 1);
1059 $hash_in = substr ($line, 0, $index2);
1061 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1064 elsif ($mode == 8900)
1066 next unless (substr ($line, 0, 7) eq 'SCRYPT:');
1069 my $index1 = index ($line, ":", 7);
1071 next if $index1 < 1;
1074 my $N = substr ($line, 7, $index1 - 7);
1076 my $index2 = index ($line, ":", $index1 + 1);
1078 next if $index2 < 1;
1081 my $r = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1083 $index1 = index ($line, ":", $index2 + 1);
1085 next if $index1 < 1;
1088 my $p = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1094 $index2 = index ($line, ":", $index1 + 1);
1096 next if $index2 < 1;
1099 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1101 $salt = decode_base64
($salt);
1103 $index1 = index ($line, ":", $index2 + 1);
1105 next if $index1 < 1;
1109 $word = substr ($line, $index1 + 1);
1110 $hash_in = substr ($line, 0, $index1);
1112 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1115 elsif ($mode == 9100)
1117 # split hash and plain
1118 my $index = index ($line, ":");
1122 $hash_in = substr ($line, 0, $index);
1123 $word = substr ($line, $index + 1);
1125 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1127 my $base64_part = substr ($hash_in, 2, -1);
1129 ($_, $salt, $iter, $param) = domino_85x_decode
($base64_part);
1131 next if ($iter < 1);
1133 # Cisco $8$ - PBKDF2-HMAC-SHA256
1134 elsif ($mode == 9200)
1136 next unless (substr ($line, 0, 3) eq '$8$');
1139 my $index1 = index ($line, "\$", 3);
1141 next if $index1 != 17;
1143 my $index2 = index ($line, "\$", $index1 + 1);
1146 $salt = substr ($line, 3, $index1 - 3);
1148 $index1 = index ($line, ":", $index1 + 1);
1150 next if $index1 < 1;
1154 $word = substr ($line, $index1 + 1);
1155 $hash_in = substr ($line, 0, $index1);
1157 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1159 # Cisco $9$ - scrypt
1160 elsif ($mode == 9300)
1162 next unless (substr ($line, 0, 3) eq '$9$');
1165 my $index1 = index ($line, "\$", 3);
1167 next if $index1 != 17;
1169 my $index2 = index ($line, "\$", $index1 + 1);
1172 $salt = substr ($line, 3, $index1 - 3);
1174 $index1 = index ($line, ":", $index1 + 1);
1176 next if $index1 < 1;
1180 $word = substr ($line, $index1 + 1);
1181 $hash_in = substr ($line, 0, $index1);
1183 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1186 elsif ($mode == 9400)
1188 ($hash_in, $word) = split ":", $line;
1190 next unless defined $hash_in;
1191 next unless defined $word;
1193 my @data = split /\*/, $hash_in;
1195 next unless scalar @data == 8;
1197 next unless (shift @data eq '$office$');
1198 next unless (shift @data eq '2007');
1199 next unless (shift @data eq '20');
1201 my $aes_key_size = shift @data;
1203 next unless (($aes_key_size eq '128') || ($aes_key_size eq '256'));
1204 next unless (shift @data eq '16');
1206 next unless (length $data[0] == 32);
1207 next unless (length $data[1] == 32);
1208 next unless (length $data[2] == 40);
1210 $salt = shift @data;
1211 $param = shift @data;
1212 $param2 = $aes_key_size;
1214 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1217 elsif ($mode == 9500)
1219 ($hash_in, $word) = split ":", $line;
1221 next unless defined $hash_in;
1222 next unless defined $word;
1224 my @data = split /\*/, $hash_in;
1226 next unless scalar @data == 8;
1228 next unless (shift @data eq '$office$');
1229 next unless (shift @data eq '2010');
1230 next unless (shift @data eq '100000');
1231 next unless (shift @data eq '128');
1232 next unless (shift @data eq '16');
1234 next unless (length $data[0] == 32);
1235 next unless (length $data[1] == 32);
1236 next unless (length $data[2] == 64);
1238 $salt = shift @data;
1239 $param = shift @data;
1241 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1244 elsif ($mode == 9600)
1246 ($hash_in, $word) = split ":", $line;
1248 next unless defined $hash_in;
1249 next unless defined $word;
1251 my @data = split /\*/, $hash_in;
1253 next unless scalar @data == 8;
1255 next unless (shift @data eq '$office$');
1256 next unless (shift @data eq '2013');
1257 next unless (shift @data eq '100000');
1258 next unless (shift @data eq '256');
1259 next unless (shift @data eq '16');
1261 next unless (length $data[0] == 32);
1262 next unless (length $data[1] == 32);
1263 next unless (length $data[2] == 64);
1265 $salt = shift @data;
1266 $param = shift @data;
1268 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1271 elsif ($mode == 9700)
1273 ($hash_in, $word) = split ":", $line;
1275 next unless defined $hash_in;
1276 next unless defined $word;
1278 my @data = split /\*/, $hash_in;
1280 next unless scalar @data == 4;
1282 my $signature = shift @data;
1284 next unless (($signature eq '$oldoffice$0') || ($signature eq '$oldoffice$1'));
1286 next unless (length $data[0] == 32);
1287 next unless (length $data[1] == 32);
1288 next unless (length $data[2] == 32);
1290 $salt = shift @data;
1291 $param = shift @data;
1292 $param2 = substr ($signature, 11, 1);
1294 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1297 elsif ($mode == 9800)
1299 ($hash_in, $word) = split ":", $line;
1301 next unless defined $hash_in;
1302 next unless defined $word;
1304 my @data = split /\*/, $hash_in;
1306 next unless scalar @data == 4;
1308 my $signature = shift @data;
1310 next unless (($signature eq '$oldoffice$3') || ($signature eq '$oldoffice$4'));
1312 next unless (length $data[0] == 32);
1313 next unless (length $data[1] == 32);
1314 next unless (length $data[2] == 40);
1316 $salt = shift @data;
1317 $param = shift @data;
1318 $param2 = substr ($signature, 11, 1);
1320 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1322 # Django (PBKDF2-SHA256)
1323 elsif ($mode == 10000)
1325 next unless (substr ($line, 0, 14) eq 'pbkdf2_sha256$');
1328 my $index1 = index ($line, "\$", 14);
1330 next if $index1 < 1;
1332 my $index2 = index ($line, "\$", $index1 + 1);
1336 $iter = substr ($line, 14, $index1 - 14);
1340 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1344 $index1 = index ($line, ":", $index2 + 1);
1346 next if $index1 < 1;
1348 $word = substr ($line, $index1 + 1);
1349 $hash_in = substr ($line, 0, $index1);
1351 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1354 elsif ($mode == 10100)
1358 ($hash, undef, undef, $salt, $word) = split ":", $line;
1360 next unless defined $hash;
1361 next unless defined $salt;
1362 next unless defined $word;
1364 next unless (length $hash == 16);
1365 next unless (length $salt == 32);
1367 my $hash_in = sprintf ("%s:2:4:%s", $hash, $salt);
1369 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1372 elsif ($mode == 10200)
1374 next unless (substr ($line, 0, 10) eq '$cram_md5$');
1377 my $index1 = index ($line, "\$", 10);
1379 next if $index1 < 1;
1383 my $challengeb64 = substr ($line, 10, $index1 - 10);
1384 $salt = decode_base64
($challengeb64);
1388 my $index2 = index ($line, ":", $index1 + 1);
1390 next if $index2 < 1;
1392 my $responseb64 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1393 my $response = decode_base64
($responseb64);
1395 $param = substr ($response, 0, length ($response) - 32 - 1); # -1 is for space
1397 $word = substr ($line, $index2 + 1);
1398 $hash_in = substr ($line, 0, $index2);
1400 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1402 # SAP CODVN H (PWDSALTEDHASH) iSSHA-1
1403 elsif ($mode == 10300)
1405 next unless (substr ($line, 0, 10) eq '{x-issha, ');
1409 my $index1 = index ($line, "}", 10);
1411 next if $index1 < 1;
1413 $iter = substr ($line, 10, $index1 - 10);
1415 $iter = int ($iter);
1419 my $base64_encoded = substr ($line, $index1 + 1);
1420 my $base64_decoded = decode_base64
($base64_encoded);
1422 $salt = substr ($base64_decoded, 20);
1424 my $index2 = index ($line, ":", $index1 + 1);
1426 next if $index2 < 1;
1428 $word = substr ($line, $index2 + 1);
1429 $hash_in = substr ($line, 0, $index2);
1431 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1433 # PDF 1.1 - 1.3 (Acrobat 2 - 4)
1434 elsif ($mode == 10400)
1436 ($hash_in, $word) = split ":", $line;
1438 next unless defined $hash_in;
1439 next unless defined $word;
1441 my @data = split /\*/, $hash_in;
1443 next unless scalar @data == 11;
1445 next unless (shift @data eq '$pdf$1');
1446 next unless (shift @data eq '2');
1447 next unless (shift @data eq '40');
1448 my $P = shift @data;
1449 next unless (shift @data eq '0');
1450 next unless (shift @data eq '16');
1451 my $id = shift @data;
1452 next unless (shift @data eq '32');
1453 my $u = shift @data;
1454 next unless (shift @data eq '32');
1455 my $o = shift @data;
1462 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1464 # PDF 1.4 - 1.6 (Acrobat 5 - 8)
1465 elsif ($mode == 10500)
1467 ($hash_in, $word) = split ":", $line;
1469 next unless defined $hash_in;
1470 next unless defined $word;
1472 my @data = split /\*/, $hash_in;
1474 next unless scalar @data == 11;
1476 my $V = shift @data; $V = substr ($V, 5, 1);
1477 my $R = shift @data;
1478 next unless (shift @data eq '128');
1479 my $P = shift @data;
1480 my $enc = shift @data;
1481 next unless (shift @data eq '16');
1482 my $id = shift @data;
1483 next unless (shift @data eq '32');
1484 my $u = shift @data;
1485 next unless (shift @data eq '32');
1486 my $o = shift @data;
1496 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1498 # PDF 1.7 Level 3 (Acrobat 9)
1499 elsif ($mode == 10600)
1501 ($hash_in, $word) = split ":", $line;
1503 next unless defined $hash_in;
1504 next unless defined $word;
1506 my @data = split /\*/, $hash_in;
1508 next unless scalar @data >= 11;
1510 next unless (shift @data eq '$pdf$5');
1511 next unless (shift @data eq '5');
1512 next unless (shift @data eq '256');
1513 next unless (shift @data eq '-1028');
1514 next unless (shift @data eq '1');
1515 next unless (shift @data eq '16');
1516 my $id = shift @data;
1517 my $rest = join "*", @data;
1522 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1524 # PDF 1.7 Level 8 (Acrobat 10 - 11)
1525 elsif ($mode == 10700)
1527 ($hash_in, $word) = split ":", $line;
1529 next unless defined $hash_in;
1530 next unless defined $word;
1532 my @data = split /\*/, $hash_in;
1534 next unless scalar @data >= 11;
1536 next unless (shift @data eq '$pdf$5');
1537 next unless (shift @data eq '6');
1538 next unless (shift @data eq '256');
1539 next unless (shift @data eq '-1028');
1540 next unless (shift @data eq '1');
1541 next unless (shift @data eq '16');
1542 my $id = shift @data;
1543 my $rest = join "*", @data;
1548 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1550 # PBKDF2-HMAC-SHA256
1551 elsif ($mode == 10900)
1553 next unless (substr ($line, 0, 7) eq 'sha256:');
1556 my $index1 = index ($line, ":", 7);
1558 next if $index1 < 1;
1560 $iter = substr ($line, 7, $index1 - 7);
1564 my $index2 = index ($line, ":", $index1 + 1);
1566 next if $index2 < 1;
1568 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1570 $salt = decode_base64
($salt);
1574 $index1 = index ($line, ":", $index2 + 1);
1576 next if $index1 < 1;
1578 # additional param = output len of pbkdf2
1580 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1582 my $digest = decode_base64
($digest64_encoded);
1584 $param = length ($digest);
1588 $word = substr ($line, $index1 + 1);
1589 $hash_in = substr ($line, 0, $index1);
1591 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1593 # PostgreSQL MD5 Authentication
1594 elsif ($mode == 11100)
1596 next unless (substr ($line, 0, 10) eq '$postgres$');
1598 my $index1 = index ($line, "*", 10);
1600 next if $index1 < 1;
1604 $param = substr ($line, 10, $index1 - 10);
1606 # get the 4 byte salt
1608 my $index2 = index ($line, "*", $index1 + 1);
1610 next if $index2 < 1;
1612 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1616 $index1 = index ($line, ":", $index2 + 1);
1618 next if $index1 < 1;
1620 $word = substr ($line, $index1 + 1);
1621 $hash_in = substr ($line, 0, $index1);
1623 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1625 # MySQL MD5 Authentication
1626 elsif ($mode == 11200)
1628 next unless (substr ($line, 0, 9) eq '$mysqlna$');
1630 my $index1 = index ($line, "*", 9);
1632 next if $index1 < 1;
1636 $salt = substr ($line, 9, $index1 - 9);
1640 $index1 = index ($line, ":", $index1 + 1);
1642 next if $index1 < 1;
1644 $word = substr ($line, $index1 + 1);
1645 $hash_in = substr ($line, 0, $index1);
1647 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1650 elsif ($mode == 2500)
1652 print "ERROR: verify currently not supported for WPA/WPA2 (because of oclHashcat's output format)\n";
1656 # Bitcoin/Litecoin wallet.dat
1657 elsif ($mode == 11300)
1659 print "ERROR: verify currently not supported for Bitcoin/Litecoin wallet.dat because of unknown crypt data\n";
1663 # SIP digest authentication (MD5)
1664 elsif ($mode == 11400)
1666 next unless (substr ($line, 0, 6) eq '$sip$*');
1670 my $index1 = index ($line, "*", 6);
1672 next if $index1 < 0;
1674 $param10 = substr ($line, 6, $index1 - 6);
1676 next if (length ($param10) > 32);
1680 my $index2 = index ($line, "*", $index1 + 1);
1682 next if $index2 < 0;
1684 $param11 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1686 next if (length ($param11) > 32);
1690 $index1 = index ($line, "*", $index2 + 1);
1692 next if $index1 < 0;
1694 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1696 next if (length ($param) > 12);
1700 $index2 = index ($line, "*", $index1 + 1);
1702 next if $index2 < 0;
1704 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1706 next if (length ($param2) > 20);
1710 $index1 = index ($line, "*", $index2 + 1);
1712 next if $index1 < 0;
1714 $param6 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1716 next if (length ($param6) > 24);
1720 $index2 = index ($line, "*", $index1 + 1);
1722 next if $index2 < 0;
1724 $param7 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1726 next if (length ($param7) > 10);
1730 $index1 = index ($line, "*", $index2 + 1);
1732 next if $index1 < 0;
1734 $param8 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1736 next if (length ($param8) > 32);
1740 $index2 = index ($line, "*", $index1 + 1);
1742 next if $index2 < 0;
1744 $param9 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1746 next if (length ($param9) > 32);
1750 $index1 = index ($line, "*", $index2 + 1);
1752 next if $index1 < 0;
1754 $salt = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1756 next if (length ($salt) > 34);
1760 $index2 = index ($line, "*", $index1 + 1);
1762 next if $index2 < 0;
1764 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1766 next if (length ($param4) > 12);
1770 $index1 = index ($line, "*", $index2 + 1);
1772 next if $index1 < 0;
1774 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1776 next if (length ($param3) > 10);
1780 $index2 = index ($line, "*", $index1 + 1);
1782 next if $index2 < 0;
1784 $param5 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1786 next if (length ($param5) > 8);
1790 $index1 = index ($line, "*", $index2 + 1);
1792 next if $index1 < 0;
1794 my $directive = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1796 next unless ($directive eq "MD5");
1800 $index2 = index ($line, ":", $index1 + 1);
1802 next if $index2 < 0;
1804 my $hex_digest = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1806 next unless (length ($hex_digest) == 32);
1808 $word = substr ($line, $index2 + 1);
1809 $hash_in = substr ($line, 0, $index2);
1811 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1814 elsif ($mode == 11600)
1816 next unless (substr ($line, 0, 4) eq '$7z$');
1820 my $index1 = index ($line, '$', 4);
1822 next if $index1 < 0;
1824 my $p = substr ($line, 4, $index1 - 4);
1826 next unless ($p eq "0");
1830 my $index2 = index ($line, '$', $index1 + 1);
1832 next if $index2 < 0;
1834 $iter = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1836 # seven zip salt length
1838 $index1 = index ($line, '$', $index2 + 1);
1840 next if $index1 < 0;
1842 $param = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1846 $index2 = index ($line, '$', $index1 + 1);
1848 next if $index2 < 0;
1850 $param2 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1854 $index1 = index ($line, '$', $index2 + 1);
1856 next if $index1 < 0;
1858 $param3 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1862 $index2 = index ($line, '$', $index1 + 1);
1864 next if $index2 < 0;
1866 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1868 $salt = pack ("H*", $salt);
1872 $index1 = index ($line, '$', $index2 + 1);
1874 next if $index1 < 0;
1876 my $crc = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1878 # ignore this crc, we don't need to pass it to gen_hash ()
1882 $index2 = index ($line, '$', $index1 + 1);
1884 next if $index2 < 0;
1886 $param4 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1890 $index1 = index ($line, '$', $index2 + 1);
1892 next if $index1 < 0;
1894 $param5 = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1898 $index2 = index ($line, ':', $index1 + 1);
1900 next if $index2 < 0;
1902 $param6 = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1903 $param6 = pack ("H*", $param6);
1905 $word = substr ($line, $index2 + 1);
1906 $hash_in = substr ($line, 0, $index2);
1908 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1911 elsif ($mode == 11900)
1913 next unless (substr ($line, 0, 4) eq 'md5:');
1916 my $index1 = index ($line, ":", 4);
1918 next if $index1 < 1;
1920 $iter = substr ($line, 4, $index1 - 4);
1924 my $index2 = index ($line, ":", $index1 + 1);
1926 next if $index2 < 1;
1928 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1930 $salt = decode_base64
($salt);
1934 $index1 = index ($line, ":", $index2 + 1);
1936 next if $index1 < 1;
1938 # additional param = output len of pbkdf2
1940 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1942 my $digest = decode_base64
($digest64_encoded);
1944 $param = length ($digest);
1948 $word = substr ($line, $index1 + 1);
1949 $hash_in = substr ($line, 0, $index1);
1951 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1954 elsif ($mode == 12000)
1956 next unless (substr ($line, 0, 5) eq 'sha1:');
1959 my $index1 = index ($line, ":", 5);
1961 next if $index1 < 1;
1963 $iter = substr ($line, 5, $index1 - 5);
1967 my $index2 = index ($line, ":", $index1 + 1);
1969 next if $index2 < 1;
1971 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
1973 $salt = decode_base64
($salt);
1977 $index1 = index ($line, ":", $index2 + 1);
1979 next if $index1 < 1;
1981 # additional param = output len of pbkdf2
1983 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
1985 my $digest = decode_base64
($digest64_encoded);
1987 $param = length ($digest);
1991 $word = substr ($line, $index1 + 1);
1992 $hash_in = substr ($line, 0, $index1);
1994 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
1996 # PBKDF2-HMAC-SHA512
1997 elsif ($mode == 12100)
1999 next unless (substr ($line, 0, 7) eq 'sha512:');
2002 my $index1 = index ($line, ":", 7);
2004 next if $index1 < 1;
2006 $iter = substr ($line, 7, $index1 - 7);
2010 my $index2 = index ($line, ":", $index1 + 1);
2012 next if $index2 < 1;
2014 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2016 $salt = decode_base64
($salt);
2020 $index1 = index ($line, ":", $index2 + 1);
2022 next if $index1 < 1;
2024 # additional param = output len of pbkdf2
2026 my $digest64_encoded = substr ($line, $index2 + 1, $index1 - $index2 - 1);
2028 my $digest = decode_base64
($digest64_encoded);
2030 $param = length ($digest);
2034 $word = substr ($line, $index1 + 1);
2035 $hash_in = substr ($line, 0, $index1);
2037 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2040 elsif ($mode == 12200)
2042 next unless (substr ($line, 0, 12) eq '$ecryptfs$0$');
2044 # check if default salt
2048 $param = 0 if (substr ($line, 12, 2) eq '1$');
2056 if ($param == 0) # we need to extract the salt
2058 $index1 = index ($line, '$', $index1);
2060 next if $index1 < 1;
2062 my $index2 = index ($line, '$', $index1 + 1);
2064 next if $index2 < 1;
2066 $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1);
2071 $index1 = index ($line, ':', $index1 + 1);
2073 next if $index1 < 1;
2077 $word = substr ($line, $index1 + 1);
2078 $hash_in = substr ($line, 0, $index1);
2080 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2082 # Oracle T: Type (Oracle 12+)
2083 elsif ($mode == 12300)
2085 my $index1 = index ($line, ':');
2087 next if ($index1 != 160);
2091 $salt = substr ($line, 128, 32);
2095 $word = substr ($line, $index1 + 1);
2096 $hash_in = substr ($line, 0, $index1);
2098 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2100 # BSDiCrypt, Extended DES
2101 elsif ($mode == 12400)
2103 next unless (substr ($line, 0, 1) eq '_');
2105 my $index1 = index ($line, ':', 20);
2107 next if ($index1 != 20);
2111 $iter = substr ($line, 1, 4);
2113 $iter = base64_to_int24
($iter);
2117 $salt = substr ($line, 5, 4);
2121 $word = substr ($line, $index1 + 1);
2122 $hash_in = substr ($line, 0, $index1);
2124 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2126 # Blockchain, My Wallet
2127 elsif ($mode == 12700)
2129 my $index1 = index ($line, ':');
2131 next if ($index1 < 0);
2133 $hash_in = substr ($line, 0, $index1);
2134 $word = substr ($line, $index1 + 1);
2136 my (undef, $signature, $data_len, $data_buf) = split '\$', $hash_in;
2138 next unless ($signature eq "blockchain");
2140 next unless (($data_len * 2) == length $data_buf);
2142 $salt = substr ($data_buf, 0, 32);
2143 $param = substr ($data_buf, 32);
2145 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2147 elsif ($mode == 12800)
2149 ($hash_in, $word) = split ":", $line;
2151 next unless defined $hash_in;
2152 next unless defined $word;
2154 my @data = split /\,/, $hash_in;
2156 next unless scalar @data == 4;
2158 next unless (shift @data eq 'v1;PPH1_MD4');
2160 $salt = shift @data;
2161 $iter = shift @data;
2163 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2165 elsif ($mode == 12900)
2167 ($hash_in, $word) = split ":", $line;
2169 next unless defined $hash_in;
2170 next unless defined $word;
2172 next unless length $hash_in == 160;
2174 $param = substr ($hash_in, 0, 64);
2175 $salt = substr ($hash_in, 128, 32);
2178 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2180 elsif ($mode == 13000)
2184 ($hash_line, $word) = split ":", $line;
2186 next unless defined $hash_line;
2187 next unless defined $word;
2189 my @data = split ('\$', $hash_line);
2191 next unless scalar @data == 8;
2195 my $signature = shift @data;
2196 my $salt_len = shift @data;
2197 my $salt_buf = shift @data;
2198 my $iterations = shift @data;
2199 my $iv = shift @data;
2200 my $pswcheck_len = shift @data;
2201 my $pswcheck = shift @data;
2203 next unless ($signature eq "rar5");
2204 next unless ($salt_len == 16);
2205 next unless ($pswcheck_len == 8);
2208 $iter = $iterations;
2209 $hash_in = $pswcheck;
2212 next unless (exists ($db->{$hash_line}) and (! defined ($db->{$hash_line})));
2214 elsif ($mode == 13100 )
2216 ($hash_in, $word) = split ":", $line;
2218 next unless defined $hash_in;
2219 next unless defined $word;
2221 my @data = split ('\$', $hash_in);
2223 next unless scalar @data == 8;
2227 my $signature = shift @data;
2228 my $algorithm = shift @data;
2229 my $user = shift @data;
2230 $user = substr ($user, 1);
2231 my $realm = shift @data;
2232 my $spn = shift @data;
2233 $spn = substr ($spn, 0, length ($spn) - 1);
2234 my $checksum = shift @data;
2235 my $edata2 = shift @data;
2237 next unless ($signature eq "krb5tgs");
2238 next unless (length ($checksum) == 32);
2239 next unless (length ($edata2) >= 64);
2241 $salt = $user . '$' . $realm . '$' . $spn . '$' . substr ($edata2, 0, 16);
2243 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2245 elsif ($mode == 13200)
2247 ($hash_in, $word) = split ":", $line;
2249 next unless defined $hash_in;
2250 next unless defined $word;
2252 my @data = split ('\*', $hash_in);
2254 next unless scalar @data == 5;
2258 my $signature = shift @data;
2259 my $version = shift @data;
2260 my $iteration = shift @data;
2261 my $mysalt = shift @data;
2262 my $digest = shift @data;
2264 next unless ($signature eq '$axcrypt$');
2265 next unless (length ($mysalt) == 32);
2266 next unless (length ($digest) == 48);
2268 $salt = $iteration . '*' . $mysalt;
2270 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2272 elsif ($mode == 13300)
2274 ($hash_in, $word) = split ":", $line;
2276 next unless defined $hash_in;
2277 next unless defined $word;
2279 my @data = split ('\$', $hash_in);
2281 next unless scalar @data == 2;
2285 my $signature = shift @data;
2286 my $digest = shift @data;
2288 next unless ($signature eq '$axcrypt_sha1');
2289 next unless (length ($digest) == 32 || length ($digest) == 40);
2291 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2293 elsif ($mode == 13400)
2295 ($hash_in, $word) = split ":", $line;
2297 next unless defined $hash_in;
2298 next unless defined $word;
2300 my @data = split ('\*', $hash_in);
2302 next unless (scalar @data == 9
2303 || scalar @data == 11
2304 || scalar @data == 12
2305 || scalar @data == 14);
2307 my $signature = shift @data;
2308 next unless ($signature eq '$keepass$');
2310 my $version = shift @data;
2311 next unless ($version == 1 || $version == 2);
2313 my $iteration = shift @data;
2315 my $algorithm = shift @data;
2317 my $final_random_seed = shift @data;
2321 next unless (length ($final_random_seed) == 32);
2323 elsif ($version == 2)
2325 next unless (length ($final_random_seed) == 64);
2328 my $transf_random_seed = shift @data;
2329 next unless (length ($transf_random_seed) == 64);
2331 my $enc_iv = shift @data;
2332 next unless (length ($enc_iv) == 32);
2336 my $contents_hash = shift @data;
2337 next unless (length ($contents_hash) == 64);
2339 my $inline_flags = shift @data;
2340 next unless ($inline_flags == 1);
2342 my $contents_len = shift @data;
2344 my $contents = shift @data;
2345 next unless (length ($contents) == $contents_len * 2);
2347 elsif ($version == 2)
2349 my $expected_bytes = shift @data;
2350 next unless (length ($expected_bytes) == 64);
2352 my $contents_hash = shift @data;
2353 next unless (length ($contents_hash) == 64);
2356 if (scalar @data == 12 || scalar @data == 14)
2358 my $inline_flags = shift @data;
2359 next unless ($inline_flags == 1);
2361 my $keyfile_len = shift @data;
2362 next unless ($keyfile_len == 64);
2364 my $keyfile = shift @data;
2365 next unless (length ($keyfile) == $keyfile_len);
2368 $salt = substr ($hash_in, length ("*keepass*") + 1, length ($hash_in));
2370 next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
2374 print "ERROR: hash mode is not supported\n";
2379 if ($word =~ m/^\$HEX\[[0-9a-fA-F]*\]$/)
2381 $word = pack ("H*", substr ($word, 5, -1));
2384 # finally generate the hash
2389 # check both variations
2390 $hash_out = gen_hash
($mode, $word, $salt, $iter, 1);
2392 $len = length $hash_out; # == length $alternative
2394 if (substr ($line, 0, $len) ne $hash_out)
2396 my $alternative = gen_hash
($mode, $word, $salt, $iter, 2);
2398 return unless (substr ($line, 0, $len) eq $alternative);
2401 elsif ($mode == 8700)
2403 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2405 $len = length $hash_out;
2407 return unless (substr ($line, 0, $len) eq $hash_out);
2409 elsif ($mode == 8900)
2411 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2413 $len = length $hash_out;
2415 return unless (substr ($line, 0, $len) eq $hash_out);
2417 elsif ($mode == 9100)
2419 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2421 $len = length $hash_out;
2423 return unless (substr ($line, 0, $len) eq $hash_out);
2425 elsif ($mode == 190)
2427 $hash_out = gen_hash
($mode, $word, $salt, $iter, 0);
2429 $len = length $hash_out; # == length $alternative
2431 if (substr ($line, 0, $len) ne $hash_out)
2433 my $alternative = gen_hash
($mode, $word, $salt, $iter, 1);
2435 return unless (substr ($line, 0, $len) eq $alternative);
2438 elsif ($mode == 3300)
2440 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2442 $len = length $hash_out;
2444 return unless (substr ($line, 0, $len) eq $hash_out);
2446 elsif ($mode == 5100)
2448 # check 3 variants (start, middle, end)
2452 $hash_out = gen_hash
($mode, $word, $salt, $iter, $idx++);
2454 $len = length $hash_out; # == length $alternative
2456 if (substr ($line, 0, $len) ne $hash_out)
2458 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2460 if (substr ($line, 0, $len) ne $alternative)
2462 my $alternative = gen_hash
($mode, $word, $salt, $iter, $idx++);
2464 return unless (substr ($line, 0, $len) eq $alternative);
2468 elsif ($mode == 9400)
2470 $hash_out = gen_hash
($mode, $word, $salt, 50000, $param, $param2);
2472 $len = length $hash_out;
2474 return unless (substr ($line, 0, $len) eq $hash_out);
2476 elsif ($mode == 9500)
2478 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2480 $len = length $hash_out;
2482 return unless (substr ($line, 0, $len) eq $hash_out);
2484 elsif ($mode == 9600)
2486 $hash_out = gen_hash
($mode, $word, $salt, 100000, $param);
2488 $len = length $hash_out;
2490 return unless (substr ($line, 0, $len) eq $hash_out);
2492 elsif ($mode == 9700)
2494 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2496 $len = length $hash_out;
2498 return unless (substr ($line, 0, $len) eq $hash_out);
2500 elsif ($mode == 9800)
2502 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2);
2504 $len = length $hash_out;
2506 return unless (substr ($line, 0, $len) eq $hash_out);
2508 elsif ($mode == 10400)
2510 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3);
2512 $len = length $hash_out;
2514 return unless (substr ($line, 0, $len) eq $hash_out);
2516 elsif ($mode == 10500)
2518 $hash_out = gen_hash
($mode, $word, $salt, 0, $param, $param2, $param3, $param4, $param5, $param6);
2520 $len = length $hash_out;
2522 return unless (substr ($line, 0, $len) eq $hash_out);
2524 elsif ($mode == 10600)
2526 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2528 $len = length $hash_out;
2530 return unless (substr ($line, 0, $len) eq $hash_out);
2532 elsif ($mode == 10700)
2534 $hash_out = gen_hash
($mode, $word, $salt, 0, $param);
2536 $len = length $hash_out;
2538 return unless (substr ($line, 0, $len) eq $hash_out);
2540 elsif ($mode == 10900)
2542 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2544 $len = length $hash_out;
2546 return unless (substr ($line, 0, $len) eq $hash_out);
2548 elsif ($mode == 11100)
2550 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2552 $len = length $hash_out;
2554 return unless (substr ($line, 0, $len) eq $hash_out);
2556 elsif ($mode == 11400)
2558 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6, $param7, $param8, $param9, $param10, $param11);
2560 $len = length $hash_out;
2562 return unless (substr ($line, 0, $len) eq $hash_out);
2564 elsif ($mode == 11600)
2566 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param, $param2, $param3, $param4, $param5, $param6);
2568 $len = length $hash_out;
2570 return unless (substr ($line, 0, $len) eq $hash_out);
2572 elsif ($mode == 11900)
2574 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2576 $len = length $hash_out;
2578 return unless (substr ($line, 0, $len) eq $hash_out);
2580 elsif ($mode == 12000)
2582 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2584 $len = length $hash_out;
2586 return unless (substr ($line, 0, $len) eq $hash_out);
2588 elsif ($mode == 12100)
2590 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2592 $len = length $hash_out;
2594 return unless (substr ($line, 0, $len) eq $hash_out);
2596 elsif ($mode == 12200)
2598 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2600 $len = length $hash_out;
2602 return unless (substr ($line, 0, $len) eq $hash_out);
2604 elsif ($mode == 12700)
2606 # this is very special, we can't call gen_hash () because the param part is not always the same
2607 # we only know that it should contain the letters "guid" at the beginning of the decryted string
2609 my $pbkdf2 = Crypt
::PBKDF2
->new (
2610 hash_class
=> 'HMACSHA1',
2615 my $salt_bin = pack ("H*", $salt);
2617 my $key = $pbkdf2->PBKDF2 ($salt_bin, $word);
2619 my $cipher = Crypt
::CBC
->new ({
2621 cipher
=> "Crypt::Rijndael",
2628 my $param_bin = pack ("H*", $param);
2630 my $decrypted = $cipher->decrypt ($param_bin);
2632 my $decrypted_part = substr ($decrypted, 1, 16);
2634 return unless ($decrypted_part =~ /"guid"/);
2636 $hash_out = $hash_in;
2638 elsif ($mode == 12900)
2640 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2642 $len = length $hash_out;
2644 return unless (substr ($line, 0, $len) eq $hash_out);
2646 elsif ($mode == 13000)
2648 $hash_out = gen_hash
($mode, $word, $salt, $iter, $param);
2650 $len = length $hash_out;
2652 return unless (substr ($line, 0, $len) eq $hash_out);
2654 elsif ($mode == 13100)
2656 $hash_out = gen_hash
($mode, $word, $salt);
2658 $len = length $hash_out;
2660 return unless (substr ($line, 0, $len) eq $hash_out);
2662 elsif ($mode == 13200)
2664 $hash_out = gen_hash
($mode, $word, $salt);
2666 $len = length $hash_out;
2668 return unless (substr ($line, 0, $len) eq $hash_out);
2670 elsif ($mode == 13400)
2672 $hash_out = gen_hash
($mode, $word, $salt);
2674 $len = length $hash_out;
2676 return unless (substr ($line, 0, $len) eq $hash_out);
2678 elsif ($mode == 13500)
2680 $hash_out = gen_hash
($mode, $word, $salt);
2682 $len = length $hash_out;
2685 return unless (substr ($line, 0, $len) eq $hash_out);
2689 $hash_out = gen_hash
($mode, $word, $salt, $iter);
2691 $len = length $hash_out;
2696 # allow $P$ and $H$ for -m 400
2697 next unless (substr ($line, 3, $len - 3) eq substr ($hash_out, 3));
2699 elsif ($mode == 5600)
2701 # oclHashcat outputs the user name always upper-case, we need
2702 next unless (substr ($line, 0, $len) eq $hash_out);
2706 my $hash_out_lower = lc ($hash_out);
2708 for my $key (keys %{$db})
2710 if (lc ($key) eq $hash_out_lower)
2722 next unless (substr ($line, 0, $len) eq $hash_out);
2726 # do not forget "exists ($db->$hash_out)" should be done above!
2727 $db->{$hash_out} = $word;
2728 print OUT
$line . "\n";
2737 my $mode = shift || 0;
2739 while (my $word_buf = <>)
2743 next if length ($word_buf) > 31;
2751 for (my $i = 0; $i < 256; $i++)
2753 my $c = get_random_chr
(0x30, 0x39);
2755 push (@salt_arr, $c);
2758 my $salt_buf = join ("", @salt_arr);
2766 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 133 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 6000 || $mode == 6100 || $mode == 6900 || $mode == 5700 || $mode == 9900 || $mode == 10800 || $mode == 11500 || $mode == 13300)
2768 $tmp_hash = gen_hash
($mode, $word_buf, "");
2770 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3800 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 4900 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
2772 my $salt_len = get_random_num
(1, 15);
2774 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2776 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
2778 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
2782 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2786 my $salt_len = get_random_num
(1, 11);
2788 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2790 elsif ($mode == 111 || $mode == 122 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 1800 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
2792 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 8));
2794 elsif ($mode == 112)
2796 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
2798 elsif ($mode == 121)
2800 my $salt_len = get_random_num
(1, 9);
2802 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2804 elsif ($mode == 125)
2806 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 10));
2808 elsif ($mode == 141 || $mode == 1441)
2810 my $salt_len = get_random_num
(1, 15);
2812 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2814 elsif ($mode == 1100)
2816 my $salt_len = get_random_num
(1, 19);
2818 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2820 elsif ($mode == 1500)
2822 next if length ($word_buf) > 8;
2824 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 2));
2826 elsif ($mode == 2100)
2828 next if length ($word_buf) > 13;
2830 my $salt_len = get_random_num
(1, 19);
2832 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2834 elsif ($mode == 2410)
2836 next if length ($word_buf) > 15;
2838 my $salt_len = get_random_num
(1, 15);
2840 my $word_len = length ($word_buf);
2842 $salt_len = min
($salt_len, 15 - $word_len);
2844 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2846 elsif ($mode == 2500)
2848 next if length ($word_buf) < 8;
2850 my $salt_len = get_random_num
(0, 32);
2852 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2854 elsif ($mode == 2611)
2856 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 3));
2858 elsif ($mode == 2612)
2860 my $salt_len = get_random_num
(1, 22);
2862 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2864 elsif ($mode == 2711)
2866 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 30));
2868 elsif ($mode == 2811)
2870 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
2872 elsif ($mode == 3000)
2874 next if length ($word_buf) > 7;
2876 $tmp_hash = gen_hash
($mode, $word_buf, "");
2878 elsif ($mode == 3100)
2880 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 10));
2882 elsif ($mode == 3200 || $mode == 5800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 3300 || $mode == 8000 || $mode == 9100 || $mode == 12200)
2884 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
2886 elsif ($mode == 3800 || $mode == 4900)
2888 my $salt_len = get_random_num
(1, 11);
2890 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2892 elsif ($mode == 4800)
2894 $salt_buf = get_random_md5chap_salt
(substr ($salt_buf, 0, 16));
2896 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2898 elsif ($mode == 5300 || $mode == 5400)
2900 $salt_buf = get_random_ike_salt
();
2902 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2904 elsif ($mode == 5500)
2906 my $user_len = get_random_num
(0, 15);
2907 my $domain_len = get_random_num
(0, 15);
2909 $salt_buf = get_random_netntlmv1_salt
($user_len, $domain_len);
2911 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2913 elsif ($mode == 5600)
2915 my $user_len = get_random_num
(0, 15);
2916 my $domain_len = get_random_num
(0, 15);
2918 $salt_buf = get_random_netntlmv2_salt
($user_len, $domain_len);
2920 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2922 elsif ($mode == 6600)
2924 $salt_buf = get_random_agilekeychain_salt
();
2926 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2928 elsif ($mode == 6800)
2930 my $email_len = get_random_num
(1, 15);
2934 for (my $i = 0; $i < $email_len; $i++)
2936 $email .= get_random_chr
(0x61, 0x7a);
2939 $email .= '@trash-mail.com';
2941 $tmp_hash = gen_hash
($mode, $word_buf, $email);
2943 elsif ($mode == 7100)
2945 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
2947 elsif ($mode == 7200)
2949 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 128));
2951 elsif ($mode == 7300)
2953 my $salt_len = get_random_num
(32, 256);
2955 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2957 elsif ($mode == 7500)
2959 $salt_buf = get_random_kerberos5_salt
(substr ($salt_buf, 0, 16));
2961 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2963 elsif ($mode == 7700)
2965 next if length ($word_buf) > 8;
2967 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2969 elsif ($mode == 7800)
2971 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 12));
2973 elsif ($mode == 8200)
2975 $salt_buf = get_random_cloudkeychain_salt
();
2977 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2979 elsif ($mode == 8300)
2981 $salt_buf = get_random_dnssec_salt
();
2983 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
2985 elsif ($mode == 8400 || $mode == 11200)
2987 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 40));
2989 elsif ($mode == 8500)
2991 next if length ($word_buf) > 8;
2993 my $salt_len = get_random_num
(1, 9);
2995 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
2997 elsif ($mode == 8600)
2999 next if length ($word_buf) > 16;
3001 $tmp_hash = gen_hash
($mode, $word_buf, "");
3003 elsif ($mode == 8700)
3005 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 5));
3007 elsif ($mode == 9200 || $mode == 9300)
3011 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3013 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
3015 next if length ($word_buf) > 19;
3019 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3021 elsif ($mode == 10100)
3023 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
3025 elsif ($mode == 10300)
3027 my $salt_len = get_random_num
(4, 15);
3029 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3031 elsif ($mode == 10400)
3033 next if length ($word_buf) > 31;
3037 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3039 elsif ($mode == 10500)
3041 next if length ($word_buf) > 15;
3045 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3047 elsif ($mode == 10600)
3049 next if length ($word_buf) > 31;
3053 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3055 elsif ($mode == 10700)
3057 next if length ($word_buf) > 15;
3061 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3063 elsif ($mode == 11000)
3065 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 56));
3067 elsif ($mode == 11300)
3069 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 16));
3071 elsif ($mode == 11400)
3073 next if length ($word_buf) > 24;
3075 my $salt_len = get_random_num
(1, 15);
3077 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3079 elsif ($mode == 11600)
3081 my $salt_len = get_random_num
(0, 16);
3083 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
3085 elsif ($mode == 12400)
3087 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 4));
3089 elsif ($mode == 12600)
3091 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 64));
3093 elsif ($mode == 12700)
3095 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
3097 elsif ($mode == 12800)
3099 next if length ($word_buf) > 24;
3101 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 20));
3103 elsif ($mode == 12900)
3105 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
3107 elsif ($mode == 13000)
3109 $tmp_hash = gen_hash
($mode, $word_buf, substr ($salt_buf, 0, 32));
3111 elsif ($mode == 13100)
3113 $salt_buf = get_random_kerberos5_tgs_salt
();
3115 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
3117 elsif ($mode == 13200)
3119 $salt_buf = get_random_axcrypt_salt
();
3121 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
3123 elsif ($mode == 13400)
3125 $salt_buf = get_random_keepass_salt
();
3127 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
3129 elsif ($mode == 13500)
3131 $salt_buf = get_pstoken_salt
();
3133 $tmp_hash = gen_hash
($mode, $word_buf, $salt_buf);
3137 print "ERROR: Unsupported hash type\n";
3142 print $tmp_hash, "\n";
3155 for (my $j = 0; $j < scalar @modes; $j++)
3157 my $mode = $modes[$j];
3159 if ($mode == 0 || $mode == 100 || $mode == 101 || $mode == 133 || $mode == 190 || $mode == 200 || $mode == 300 || $mode == 600 || $mode == 900 || $mode == 1000 || $mode == 1400 || $mode == 1700 || $mode == 2400 || $mode == 2600 || $mode == 3500 || $mode == 4300 || $mode == 4400 || $mode == 4500 || $mode == 4600 || $mode == 4700 || $mode == 5000 || $mode == 5100 || $mode == 5300 || $mode == 5400 || $mode == 6000 || $mode == 6100 || $mode == 6600 || $mode == 6900 || $mode == 5700 || $mode == 8200 || $mode == 8300 || $mode == 9900 || $mode == 10800 || $mode == 11500 || $mode == 13300)
3161 for (my $i = 1; $i < 32; $i++)
3165 rnd
($mode, $len, 0);
3173 elsif ($mode == 10 || $mode == 20 || $mode == 23 || $mode == 30 || $mode == 40 || $mode == 50 || $mode == 60 || $mode == 110 || $mode == 120 || $mode == 121 || $mode == 130 || $mode == 140 || $mode == 150 || $mode == 160 || $mode == 1410 || $mode == 1420 || $mode == 1430 || $mode == 1440 || $mode == 1450 || $mode == 1460 || $mode == 1710 || $mode == 1711 || $mode == 1720 || $mode == 1730 || $mode == 1740 || $mode == 1750 || $mode == 1760 || $mode == 2410 || $mode == 3610 || $mode == 3710 || $mode == 3711 || $mode == 3720 || $mode == 3910 || $mode == 4010 || $mode == 4110 || $mode == 4210 || $mode == 8900 || $mode == 10000 || $mode == 10200 || $mode == 10900 || $mode == 11900 || $mode == 12000 || $mode == 12100)
3175 my $salt_len = get_random_num
(1, 15);
3177 for (my $i = 1; $i < 32; $i++)
3181 rnd
($mode, $len, $salt_len);
3185 rnd
($mode, $i, $salt_len);
3189 elsif ($mode == 11 || $mode == 12 || $mode == 7600 || $mode == 12300)
3191 for (my $i = 1; $i < 32; $i++)
3195 rnd
($mode, $len, 32);
3199 rnd
($mode, $i, 32);
3203 elsif ($mode == 21 || $mode == 22)
3205 for (my $i = 1; $i < 32; $i++)
3209 rnd
($mode, $len, 2);
3217 elsif ($mode == 111 || $mode == 122 || $mode == 125 || $mode == 131 || $mode == 132 || $mode == 400 || $mode == 500 || $mode == 1600 || $mode == 1722 || $mode == 1731 || $mode == 6300 || $mode == 7900 || $mode == 8100 || $mode == 11100)
3219 for (my $i = 1; $i < 32; $i++)
3223 rnd
($mode, $len, 8);
3231 elsif ($mode == 112)
3233 for (my $i = 1; $i < 32; $i++)
3237 rnd
($mode, $len, 20);
3241 rnd
($mode, $i, 20);
3245 elsif ($mode == 141 || $mode == 3300 || $mode == 1441 || $mode == 1800 || $mode == 3200 || $mode == 4800 || $mode == 6400 || $mode == 6500 || $mode == 6700 || $mode == 7400 || $mode == 8000 || $mode == 9100 || $mode == 12200)
3247 for (my $i = 1; $i < 32; $i++)
3251 rnd
($mode, $len, 16);
3255 rnd
($mode, $i, 16);
3261 my $salt_len = get_random_num
(1, 19);
3263 for (my $i = 1; $i < 32; $i++)
3267 rnd
($mode, $len, $salt_len);
3271 rnd
($mode, $i, $salt_len);
3275 elsif ($mode == 1500)
3277 for (my $i = 1; $i < 9; $i++)
3281 rnd
($mode, $len, 2);
3289 elsif ($mode == 2100)
3291 my $salt_len = get_random_num
(1, 19);
3293 for (my $i = 1; $i < 13; $i++)
3297 rnd
($mode, $len, $salt_len);
3301 rnd
($mode, $i, $salt_len);
3305 elsif ($mode == 2500)
3307 my $salt_len = get_random_num
(0, 32);
3309 for (my $i = 8; $i < 16; $i++)
3311 my $generate_from_len = 0;
3320 rnd
($mode, $len, $salt_len);
3324 rnd
($mode, $i, $salt_len);
3328 elsif ($mode == 2611)
3330 for (my $i = 1; $i < 32; $i++)
3334 rnd
($mode, $len, 3);
3342 elsif ($mode == 2612)
3344 my $salt_len = get_random_num
(1, 22);
3346 for (my $i = 1; $i < 32; $i++)
3350 rnd
($mode, $len, $salt_len);
3354 rnd
($mode, $i, $salt_len);
3358 elsif ($mode == 2711)
3360 for (my $i = 1; $i < 32; $i++)
3364 rnd
($mode, $len, 30);
3368 rnd
($mode, $i, 30);
3372 elsif ($mode == 2811)
3374 for (my $i = 1; $i < 32; $i++)
3378 rnd
($mode, $len, 5);
3386 elsif ($mode == 3000)
3388 for (my $i = 1; $i < 8; $i++)
3392 rnd
($mode, $len, 0);
3400 elsif ($mode == 3100)
3402 for (my $i = 1; $i < 32; $i++)
3406 rnd
($mode, $len, 10);
3410 rnd
($mode, $i, 10);
3414 elsif ($mode == 3800 || $mode == 4900)
3416 my $salt_len = get_random_num
(1, 11);
3418 for (my $i = 1; $i < 32; $i++)
3422 rnd
($mode, $len, $salt_len);
3426 rnd
($mode, $i, $salt_len);
3430 elsif ($mode == 5500 || $mode == 5600)
3434 for (my $i = 1; $i < 27; $i++)
3436 $salt_len = get_random_num
(1, 15);
3440 rnd
($mode, $len, $salt_len);
3444 rnd
($mode, $i, $salt_len);
3448 elsif ($mode == 5800)
3450 for (my $i = 1; $i < 14; $i++)
3454 rnd
($mode, $len, 16);
3458 rnd
($mode, $i, 16);
3462 elsif ($mode == 6800)
3464 my $salt_len = get_random_num
(8, 25);
3466 for (my $i = 1; $i < 32; $i++)
3470 rnd
($mode, $len, $salt_len);
3474 rnd
($mode, $i, $salt_len);
3478 elsif ($mode == 7100)
3480 for (my $i = 1; $i < 32; $i++)
3484 rnd
($mode, $len, 64);
3488 rnd
($mode, $i, 64);
3492 elsif ($mode == 7200)
3494 for (my $i = 1; $i < 32; $i++)
3498 rnd
($mode, $len, 128);
3502 rnd
($mode, $i, 128);
3506 elsif ($mode == 7300)
3508 my $salt_len = get_random_num
(32, 255);
3510 for (my $i = 1; $i < 32; $i++)
3514 rnd
($mode, $len, $salt_len);
3518 rnd
($mode, $i, $salt_len);
3522 elsif ($mode == 7500)
3524 for (my $i = 1; $i < 27; $i++)
3528 rnd
($mode, $len, 16);
3532 rnd
($mode, $i, 16);
3536 elsif ($mode == 7700)
3538 my $salt_len = get_random_num
(1, 12);
3540 for (my $i = 1; $i < 9; $i++)
3544 rnd
($mode, $len, $salt_len);
3548 rnd
($mode, $i, $salt_len);
3552 elsif ($mode == 7800)
3554 my $salt_len = get_random_num
(1, 12);
3556 for (my $i = 1; $i < 32; $i++)
3560 rnd
($mode, $len, $salt_len);
3564 rnd
($mode, $i, $salt_len);
3568 elsif ($mode == 8400 || $mode == 11200)
3570 for (my $i = 1; $i < 32; $i++)
3574 rnd
($mode, $len, 40);
3578 rnd
($mode, $i, 40);
3582 elsif ($mode == 8500)
3584 my $salt_len = get_random_num
(1, 8);
3586 for (my $i = 1; $i < 9; $i++)
3590 rnd
($mode, $len, $salt_len);
3594 rnd
($mode, $i, $salt_len);
3598 elsif ($mode == 8600)
3600 for (my $i = 1; $i < 17; $i++)
3604 rnd
($mode, $len, 0);
3612 elsif ($mode == 8700)
3614 for (my $i = 1; $i < 32; $i++)
3618 rnd
($mode, $len, 5);
3626 elsif ($mode == 9200 || $mode == 9300)
3630 for (my $i = 1; $i < 32; $i++)
3634 rnd
($mode, $len, $salt_len);
3638 rnd
($mode, $i, $salt_len);
3642 elsif ($mode == 9400 || $mode == 9500 || $mode == 9600 || $mode == 9700 || $mode == 9800)
3646 for (my $i = 1; $i < 20; $i++)
3650 rnd
($mode, $len, $salt_len);
3654 rnd
($mode, $i, $salt_len);
3658 elsif ($mode == 10100)
3660 for (my $i = 1; $i < 32; $i++)
3664 rnd
($mode, $len, 32);
3668 rnd
($mode, $i, 32);
3672 elsif ($mode == 10300)
3674 my $salt_len = get_random_num
(4, 15);
3676 for (my $i = 1; $i < 32; $i++)
3680 rnd
($mode, $len, $salt_len);
3684 rnd
($mode, $i, $salt_len);
3688 elsif ($mode == 10400 || $mode == 10600)
3692 for (my $i = 1; $i < 32; $i++)
3696 rnd
($mode, $len, $salt_len);
3700 rnd
($mode, $i, $salt_len);
3704 elsif ($mode == 10500 || $mode == 10700)
3708 for (my $i = 1; $i < 16; $i++)
3712 rnd
($mode, $len, $salt_len);
3716 rnd
($mode, $i, $salt_len);
3720 elsif ($mode == 11000)
3722 for (my $i = 1; $i < 32; $i++)
3726 rnd
($mode, $len, 56);
3730 rnd
($mode, $i, 56);
3734 elsif ($mode == 11300)
3736 for (my $i = 1; $i < 32; $i++)
3740 rnd
($mode, $len, 16);
3744 rnd
($mode, $i, 16);
3748 elsif ($mode == 11400)
3750 for (my $i = 1; $i < 24; $i++)
3754 rnd
($mode, $len, 16);
3758 rnd
($mode, $i, 16);
3762 elsif ($mode == 11600)
3764 my $salt_len = get_random_num
(0, 16);
3766 for (my $i = 1; $i < 32; $i++)
3770 rnd
($mode, $len, $salt_len);
3774 rnd
($mode, $i, $salt_len);
3778 elsif ($mode == 12400)
3780 for (my $i = 1; $i < 32; $i++)
3784 rnd
($mode, $len, 4);
3792 elsif ($mode == 12600)
3794 for (my $i = 1; $i < 32; $i++)
3798 rnd
($mode, $len, 64);
3802 rnd
($mode, $i, 64);
3806 elsif ($mode == 12700)
3808 for (my $i = 1; $i < 32; $i++)
3812 rnd
($mode, $len, 32);
3816 rnd
($mode, $i, 32);
3820 elsif ($mode == 12800)
3822 for (my $i = 1; $i < 25; $i++)
3826 rnd
($mode, $len, 20);
3830 rnd
($mode, $i, 20);
3834 elsif ($mode == 12900)
3836 for (my $i = 1; $i < 32; $i++)
3840 rnd
($mode, $len, 32);
3844 rnd
($mode, $i, 32);
3848 elsif ($mode == 13000)
3850 for (my $i = 1; $i < 32; $i++)
3854 rnd
($mode, $len, 32);
3858 rnd
($mode, $i, 32);
3862 elsif ($mode == 13100)
3864 for (my $i = 1; $i < 27; $i++)
3868 rnd
($mode, $len, 16);
3872 rnd
($mode, $i, 16);
3876 elsif ($mode == 13200)
3878 for (my $i = 1; $i < 32; $i++)
3882 rnd
($mode, $len, 32);
3886 rnd
($mode, $i, 32);
3890 elsif ($mode == 13400)
3892 for (my $i = 1; $i < 16; $i++)
3896 rnd
($mode, $len, 16);
3900 rnd
($mode, $i, 16);
3904 elsif ($mode == 13500)
3906 for (my $i = 1; $i < 16; $i++)
3910 rnd
($mode, $len, 16);
3914 rnd
($mode, $i, 16);
3927 my $word_buf = shift;
3929 my $salt_buf = shift;
3933 my $additional_param = shift;
3935 my $additional_param2 = shift;
3937 my $additional_param3 = shift;
3939 my $additional_param4 = shift;
3941 my $additional_param5 = shift;
3943 my $additional_param6 = shift;
3945 my $additional_param7 = shift;
3947 my $additional_param8 = shift;
3949 my $additional_param9 = shift;
3951 my $additional_param10 = shift;
3953 my $additional_param11 = shift;
3965 $hash_buf = md5_hex
($word_buf);
3967 $tmp_hash = sprintf ("%s", $hash_buf);
3971 $hash_buf = md5_hex
($word_buf . $salt_buf);
3973 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3977 $hash_buf = md5_hex
($word_buf . $salt_buf);
3979 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3983 $hash_buf = md5_hex
($word_buf . $salt_buf);
3985 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3989 $hash_buf = md5_hex
($salt_buf . $word_buf);
3991 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
3995 $hash_buf = md5_hex
($salt_buf . $word_buf);
3997 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4001 my $itoa64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
4002 my $salt_suffix = "Administration Tools";
4004 my $pass = sprintf ("%s:%s:%s", $salt_buf, $salt_suffix, $word_buf);
4006 $hash_buf = md5
($pass);
4010 for (my $pos = 0; $pos < 16; $pos += 2)
4012 my $octet1 = ord (substr ($hash_buf, $pos + 0, 1));
4013 my $octet2 = ord (substr ($hash_buf, $pos + 1, 1));
4015 my $num = ($octet1 <<8 & 0xff00) | ($octet2 & 0xff);
4017 my $idx1 = $num >> 12 & 0x0f;
4018 my $idx2 = $num >> 6 & 0x3f;
4019 my $idx3 = $num & 0x3f;
4021 $res = $res . substr ($itoa64, $idx1, 1) . substr ($itoa64, $idx2, 1) . substr ($itoa64, $idx3, 1);
4024 my $obfuscate_str = "nrcstn";
4025 my @obfuscate_pos = (0, 6, 12, 17, 23, 29);
4027 foreach my $pos (keys @obfuscate_pos)
4029 my $idx = $obfuscate_pos[$pos];
4030 my $before = substr ($res, 0, $idx);
4031 my $char = substr ($obfuscate_str, $pos, 1);
4032 my $after = substr ($res, $idx);
4034 $res = sprintf ("%s%s%s", $before, $char, $after);
4037 $tmp_hash = sprintf ("%s:%s", $res, $salt_buf);
4041 $hash_buf = md5_hex
($salt_buf . "\nskyper\n" . $word_buf);
4043 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4047 $hash_buf = md5_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4049 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4053 $hash_buf = md5_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4055 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4059 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
, 64);
4061 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4065 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&md5
, 64);
4067 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4069 elsif ($mode == 100)
4071 $hash_buf = sha1_hex
($word_buf);
4073 $tmp_hash = sprintf ("%s", $hash_buf);
4075 elsif ($mode == 101)
4077 $hash_buf = sha1
($word_buf);
4079 my $base64_buf = encode_base64
($hash_buf);
4081 chomp ($base64_buf);
4083 $tmp_hash = sprintf ("{SHA}%s", $base64_buf);
4085 elsif ($mode == 110)
4087 $hash_buf = sha1_hex
($word_buf . $salt_buf);
4089 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4091 elsif ($mode == 111)
4093 $hash_buf = sha1
($word_buf . $salt_buf);
4095 my $base64_buf = encode_base64
($hash_buf . $salt_buf);
4097 chomp ($base64_buf);
4099 $tmp_hash = sprintf ("{SSHA}%s", $base64_buf);
4101 elsif ($mode == 112)
4103 my $salt_buf_bin = pack ("H*", $salt_buf);
4105 $hash_buf = sha1_hex
($word_buf . $salt_buf_bin);
4107 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4109 elsif ($mode == 120)
4111 $hash_buf = sha1_hex
($salt_buf . $word_buf);
4113 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4115 elsif ($mode == 121)
4117 $hash_buf = sha1_hex
(lc ($salt_buf) . $word_buf);
4119 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4121 elsif ($mode == 122)
4123 my $salt_buf_bin = pack ("H*", $salt_buf);
4125 $hash_buf = sha1_hex
($salt_buf_bin . $word_buf);
4127 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
4129 elsif ($mode == 125)
4131 my $signature = "01";
4133 my $salt_buf_bin = pack ("H*", $salt_buf . $signature);
4135 $hash_buf = sha1_hex
($salt_buf_bin . $word_buf);
4137 $tmp_hash = sprintf ("%s%s%s", $salt_buf, $signature, $hash_buf);
4139 elsif ($mode == 130)
4141 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4143 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4145 elsif ($mode == 131)
4147 my $salt_buf_bin = pack ("H*", $salt_buf);
4149 $hash_buf = sha1_hex
(encode
("UTF-16LE", uc ($word_buf)) . $salt_buf_bin);
4151 $tmp_hash = sprintf ("0x0100%s%s%s", $salt_buf, "0" x
40, $hash_buf);
4153 elsif ($mode == 132)
4155 my $salt_buf_bin = pack ("H*", $salt_buf);
4157 $hash_buf = sha1_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
4159 $tmp_hash = sprintf ("0x0100%s%s", $salt_buf, $hash_buf);
4161 elsif ($mode == 133)
4163 $hash_buf = sha1
(encode
("UTF-16LE", $word_buf));
4165 $hash_buf = encode_base64
($hash_buf);
4166 $hash_buf =~ s/[\r\n]//g;
4168 $tmp_hash = sprintf ("%s", $hash_buf);
4170 elsif ($mode == 140)
4172 $hash_buf = sha1_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4174 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4176 elsif ($mode == 141)
4178 $hash_buf = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
4180 my $base64_salt_buf = encode_base64
($salt_buf);
4182 chomp ($base64_salt_buf);
4184 my $base64_hash_buf = encode_base64
($hash_buf);
4186 $base64_hash_buf = substr ($base64_hash_buf, 0, 27);
4188 $tmp_hash = sprintf ("\$episerver\$*0*%s*%s", $base64_salt_buf, $base64_hash_buf);
4190 elsif ($mode == 150)
4192 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
, 64);
4194 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4196 elsif ($mode == 160)
4198 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha1
, 64);
4200 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4202 elsif ($mode == 190)
4204 $hash_buf = sha1_hex
($word_buf);
4206 my $variant = int (rand (2));
4208 if (defined ($additional_param))
4210 $variant = $additional_param;
4215 substr ($hash_buf, 0, 5) = "00000";
4218 $tmp_hash = sprintf ("%s", $hash_buf);
4220 elsif ($mode == 200)
4222 my $ppr = Authen
::Passphrase
::MySQL323
->new (passphrase
=> $word_buf);
4224 $hash_buf = $ppr->hash_hex;
4226 $tmp_hash = sprintf ("%s", $hash_buf);
4228 elsif ($mode == 300)
4230 $hash_buf = substr (password41
($word_buf), 1);
4232 $hash_buf = lc ($hash_buf); # useful for 'not matched' check only
4234 $tmp_hash = sprintf ("%s", $hash_buf);
4236 elsif ($mode == 400)
4245 my $ppr = Authen
::Passphrase
::PHPass
->new
4249 passphrase
=> $word_buf,
4252 $hash_buf = $ppr->as_rfc2307;
4254 $tmp_hash = sprintf ("%s", substr ($hash_buf, 7));
4256 elsif ($mode == 500)
4258 my $iterations = 1000;
4260 if (defined ($iter))
4264 $iterations = int ($iter);
4268 $hash_buf = md5_crypt
('$1$', $iterations, $word_buf, $salt_buf);
4270 $tmp_hash = sprintf ("%s", $hash_buf);
4272 elsif ($mode == 900)
4274 $hash_buf = md4_hex
($word_buf);
4276 $tmp_hash = sprintf ("%s", $hash_buf);
4278 elsif ($mode == 1000)
4280 $hash_buf = md4_hex
(encode
("UTF-16LE", $word_buf));
4282 $tmp_hash = sprintf ("%s", $hash_buf);
4284 elsif ($mode == 1100)
4286 $hash_buf = md4_hex
(md4
(encode
("UTF-16LE", $word_buf)) . encode
("UTF-16LE", lc ($salt_buf)));
4288 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4290 elsif ($mode == 1400)
4292 $hash_buf = sha256_hex
($word_buf);
4294 $tmp_hash = sprintf ("%s", $hash_buf);
4296 elsif ($mode == 1410)
4298 $hash_buf = sha256_hex
($word_buf . $salt_buf);
4300 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4302 elsif ($mode == 1420)
4304 $hash_buf = sha256_hex
($salt_buf . $word_buf);
4306 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4308 elsif ($mode == 1430)
4310 $hash_buf = sha256_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4312 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4314 elsif ($mode == 1440)
4316 $hash_buf = sha256_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4318 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4320 elsif ($mode == 1441)
4322 $hash_buf = sha256
($salt_buf . encode
("UTF-16LE", $word_buf));
4324 my $base64_salt_buf = encode_base64
($salt_buf);
4326 chomp ($base64_salt_buf);
4328 my $base64_hash_buf = encode_base64
($hash_buf);
4330 chomp ($base64_hash_buf);
4332 $base64_hash_buf = substr ($base64_hash_buf, 0, 43);
4334 $tmp_hash = sprintf ("\$episerver\$*1*%s*%s", $base64_salt_buf, $base64_hash_buf);
4336 elsif ($mode == 1450)
4338 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha256
, 64);
4340 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4342 elsif ($mode == 1460)
4344 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha256
, 64);
4346 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4348 elsif ($mode == 1500)
4350 $hash_buf = crypt ($word_buf, $salt_buf);
4352 $tmp_hash = sprintf ("%s", $hash_buf);
4354 elsif ($mode == 1600)
4356 my $iterations = 1000;
4358 if (defined ($iter))
4362 $iterations = int ($iter);
4366 $hash_buf = md5_crypt
('$apr1$', $iterations, $word_buf, $salt_buf);
4368 $tmp_hash = sprintf ("%s", $hash_buf);
4370 elsif ($mode == 1700)
4372 $hash_buf = sha512_hex
($word_buf);
4374 $tmp_hash = sprintf ("%s", $hash_buf);
4376 elsif ($mode == 1710)
4378 $hash_buf = sha512_hex
($word_buf . $salt_buf);
4380 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4382 elsif ($mode == 1711)
4384 $hash_buf = sha512_hex
($word_buf . $salt_buf);
4386 my $base64_buf = encode_base64
(pack ("H*", $hash_buf) . $salt_buf);
4388 $base64_buf =~ s/[ \n]//g;
4390 $tmp_hash = sprintf ("{SSHA512}%s", $base64_buf);
4392 elsif ($mode == 1720)
4394 $hash_buf = sha512_hex
($salt_buf . $word_buf);
4396 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4398 elsif ($mode == 1730)
4400 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf);
4402 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4404 elsif ($mode == 1740)
4406 $hash_buf = sha512_hex
($salt_buf . encode
("UTF-16LE", $word_buf));
4408 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4410 elsif ($mode == 1722)
4412 my $salt_buf_bin = pack ("H*", $salt_buf);
4414 $hash_buf = sha512_hex
($salt_buf_bin . $word_buf);
4416 $tmp_hash = sprintf ("%s%s", $salt_buf, $hash_buf);
4418 elsif ($mode == 1731)
4420 my $salt_buf_bin = pack ("H*", $salt_buf);
4422 $hash_buf = sha512_hex
(encode
("UTF-16LE", $word_buf) . $salt_buf_bin);
4424 $tmp_hash = sprintf ("0x0200%s%s", $salt_buf, $hash_buf);
4426 elsif ($mode == 1750)
4428 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha512
, 128);
4430 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4432 elsif ($mode == 1760)
4434 $hash_buf = hmac_hex
($word_buf, $salt_buf, \
&sha512
, 128);
4436 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4438 elsif ($mode == 1800)
4440 my $iterations = 5000;
4442 if (defined ($iter))
4446 $iterations = int ($iter);
4450 $hash_buf = sha512_crypt
($iterations, $word_buf, $salt_buf);
4452 $tmp_hash = sprintf ("%s", $hash_buf);
4454 elsif ($mode == 2100)
4456 my $iterations = 10240;
4460 $iterations = int ($iter);
4463 my $salt = encode
("UTF-16LE", lc ($salt_buf));
4465 my $pbkdf2 = Crypt
::PBKDF2
->new
4467 hash_class
=> 'HMACSHA1',
4468 iterations
=> $iterations,
4470 salt_len
=> length ($salt),
4473 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 ($salt, md4
(md4
(encode
("UTF-16LE", $word_buf)) . $salt)));
4475 $tmp_hash = sprintf ("\$DCC2\$%i#%s#%s", $iterations, $salt_buf, $hash_buf);
4477 elsif ($mode == 2400)
4479 $tmp_hash = sprintf ("%s", pseudo_base64
(Digest
::MD5
::md5
($word_buf . "\0" x
(16 - length ($word_buf)))));
4481 elsif ($mode == 2410)
4483 my $salt_len = length ($salt_buf);
4485 my $salt_len_max4 = ($salt_len < 4) ?
$salt_len : 4;
4487 my $hash_buf = pseudo_base64
(Digest
::MD5
::md5
($word_buf . substr ($salt_buf, 0, $salt_len_max4) . "\0" x
(16 - length ($word_buf) - $salt_len_max4)));
4489 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4491 elsif ($mode == 2500)
4493 my ($bssid, $stmac, $snonce, $anonce, $eapol, $keyver, $eapol_size);
4495 if (! defined ($additional_param))
4499 $bssid = randbytes
(6);
4500 $stmac = randbytes
(6);
4501 $snonce = randbytes
(32);
4502 $anonce = randbytes
(32);
4504 $keyver = get_random_num
(1, 3); # 1 or 2
4507 # should be "validly" generated, but in theory could be anything for us also:
4508 # $eapol = "\x00" x 121; # works too, but let's generate it correctly
4510 $eapol = gen_random_wpa_eapol
($keyver, $snonce);
4514 $bssid = $additional_param;
4515 $stmac = $additional_param2;
4516 $snonce = $additional_param3;
4517 $anonce = $additional_param4;
4518 $keyver = $additional_param5;
4519 $eapol = $additional_param6;
4522 $eapol_size = length ($eapol);
4526 my $iterations = 4096;
4532 # generate the Pairwise Master Key (PMK)
4534 my $pbkdf2 = Crypt
::PBKDF2
->new
4536 hash_class
=> 'HMACSHA1',
4537 iterations
=> $iterations,
4541 my $pmk = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
4543 # Pairwise Transient Key (PTK) transformation
4545 my $ptk = wpa_prf_512
($pmk, $stmac, $bssid, $snonce, $anonce);
4547 # generate the Message Integrity Code (MIC)
4551 if ($keyver == 1) # WPA1 => MD5
4553 $mic = hmac
($eapol, $ptk, \
&md5
);
4557 $mic = hmac
($eapol, $ptk, \
&sha1
);
4560 $mic = substr ($mic, 0, 16);
4563 # format the binary output
4568 # first the essid (NULL-padded up to the first 36 bytes)
4570 $hash_buf .= $salt_buf;
4571 $hash_buf .= "\x00" x
(36 - length ($salt_buf));
4573 # the 2 MAC addresses
4575 $hash_buf .= $bssid;
4576 $hash_buf .= $stmac;
4580 $hash_buf .= $snonce;
4581 $hash_buf .= $anonce;
4585 $hash_buf .= $eapol;
4586 $hash_buf .= "\x00" x
(256 - $eapol_size);
4590 $hash_buf .= pack ("L*", $eapol_size);
4594 $hash_buf .= pack ("L*", $keyver);
4596 # and finally: the key mic
4600 # base64 encode the output
4602 $tmp_hash = encode_base64
($hash_buf, '');
4604 elsif ($mode == 2600)
4606 $hash_buf = md5_hex
(md5_hex
($word_buf));
4608 $tmp_hash = sprintf ("%s", $hash_buf);
4610 elsif ($mode == 2611)
4612 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4614 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4616 elsif ($mode == 2612)
4618 my $salt_buf_hex = unpack ("H*", $salt_buf);
4620 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4622 $tmp_hash = sprintf ("\$PHPS\$%s\$%s", $salt_buf_hex, $hash_buf);
4624 elsif ($mode == 2711)
4626 $hash_buf = md5_hex
(md5_hex
($word_buf) . $salt_buf);
4628 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4630 elsif ($mode == 2811)
4632 $hash_buf = md5_hex
(md5_hex
($salt_buf) . md5_hex
($word_buf));
4634 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4636 elsif ($mode == 3000)
4638 my $ppr = Authen
::Passphrase
::LANManager
->new ("passphrase" => $word_buf);
4640 $hash_buf = $ppr->hash_hex;
4642 $tmp_hash = sprintf ("%s", substr ($hash_buf, 0, 16));
4644 elsif ($mode == 3100)
4646 $hash_buf = oracle_hash
($salt_buf, $word_buf);
4648 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4650 elsif ($mode == 3200)
4659 $tmp_hash = bcrypt
($word_buf, sprintf ('$2a$%s$%s$', $cost, en_base64
($salt_buf)));
4661 elsif ($mode == 3300)
4663 my $iterations = 904;
4667 $iterations = int ($iter);
4672 if (defined ($additional_param))
4674 $variant = $additional_param;
4677 my $prefix = sprintf ("\$md5%srounds=%i\$%s", $variant, $iterations, $salt_buf);
4679 $iterations += 4096;
4681 $hash_buf = sun_md5
($word_buf, $prefix, $iterations);
4683 $tmp_hash = sprintf ("%s\$%s", $prefix, $hash_buf);
4685 elsif ($mode == 3500)
4687 $hash_buf = md5_hex
(md5_hex
(md5_hex
($word_buf)));
4689 $tmp_hash = sprintf ("%s", $hash_buf);
4691 elsif ($mode == 3610)
4693 $hash_buf = md5_hex
(md5_hex
($salt_buf) . $word_buf);
4695 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4697 elsif ($mode == 3710)
4699 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf));
4701 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4703 elsif ($mode == 3711)
4705 $hash_buf = md5_hex
($salt_buf . "-" . md5_hex
($word_buf));
4707 $tmp_hash = sprintf ("\$B\$%s\$%s", $salt_buf, $hash_buf);
4709 elsif ($mode == 3720)
4711 $hash_buf = md5_hex
($word_buf . md5_hex
($salt_buf));
4713 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4715 elsif ($mode == 3800)
4717 $hash_buf = md5_hex
($salt_buf . $word_buf . $salt_buf);
4719 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4721 elsif ($mode == 3910)
4723 $hash_buf = md5_hex
(md5_hex
($word_buf) . md5_hex
($salt_buf));
4725 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4727 elsif ($mode == 4010)
4729 $hash_buf = md5_hex
($salt_buf . md5_hex
($salt_buf . $word_buf));
4731 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4733 elsif ($mode == 4110)
4735 $hash_buf = md5_hex
($salt_buf . md5_hex
($word_buf . $salt_buf));
4737 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4739 elsif ($mode == 4210)
4741 $hash_buf = md5_hex
($salt_buf . "\x00" . $word_buf);
4743 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4745 elsif ($mode == 4300)
4747 $hash_buf = md5_hex
(uc (md5_hex
($word_buf)));
4749 $tmp_hash = sprintf ("%s", $hash_buf);
4751 elsif ($mode == 4400)
4753 $hash_buf = md5_hex
(sha1_hex
($word_buf));
4755 $tmp_hash = sprintf ("%s", $hash_buf);
4757 elsif ($mode == 4500)
4759 $hash_buf = sha1_hex
(sha1_hex
($word_buf));
4761 $tmp_hash = sprintf ("%s", $hash_buf);
4763 elsif ($mode == 4600)
4765 $hash_buf = sha1_hex
(sha1_hex
(sha1_hex
($word_buf)));
4767 $tmp_hash = sprintf ("%s", $hash_buf);
4769 elsif ($mode == 4700)
4771 $hash_buf = sha1_hex
(md5_hex
($word_buf));
4773 $tmp_hash = sprintf ("%s", $hash_buf);
4775 elsif ($mode == 4800)
4777 my $index = rindex ($salt_buf, ":");
4779 my $salt = substr ($salt_buf, 0, $index);
4780 my $salt_bin = pack ("H*", $salt);
4781 my $chap_sign = substr ($salt_buf, $index + 1);
4782 my $chap_sign_bin = pack ("H*", $chap_sign);
4784 $hash_buf = md5_hex
($chap_sign_bin . $word_buf . $salt_bin);
4786 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4788 elsif ($mode == 4900)
4790 $hash_buf = sha1_hex
($salt_buf . $word_buf . $salt_buf);
4792 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4794 elsif ($mode == 5000)
4796 $hash_buf = keccak_256_hex
($word_buf);
4798 $tmp_hash = sprintf ("%s", $hash_buf);
4800 elsif ($mode == 5100)
4804 if (! defined ($additional_param))
4810 $pos = $additional_param * 8 unless ($additional_param > 2);
4813 $hash_buf = md5_hex
($word_buf);
4815 $tmp_hash = sprintf ("%s", substr ($hash_buf, $pos, 16));
4817 elsif ($mode == 5300)
4819 my @salt_arr = split (":", $salt_buf);
4821 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4822 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4824 my $hash_buf = hmac
($nr_buf , $word_buf, \
&md5
, 64);
4825 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&md5
, 64);
4827 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4829 elsif ($mode == 5400)
4831 my @salt_arr = split (":", $salt_buf);
4833 my $msg_buf = pack ("H*", $salt_arr[0] . $salt_arr[1] . $salt_arr[2] . $salt_arr[3] . $salt_arr[4] . $salt_arr[5]);
4834 my $nr_buf = pack ("H*", $salt_arr[6] . $salt_arr[7]);
4836 my $hash_buf = hmac
($nr_buf , $word_buf, \
&sha1
, 64);
4837 $hash_buf = hmac_hex
($msg_buf, $hash_buf, \
&sha1
, 64);
4839 $tmp_hash = sprintf ("%s:%s", $salt_buf, $hash_buf);
4841 elsif ($mode == 5500)
4843 my $index1 = index ($salt_buf, "::");
4844 my $user = substr ($salt_buf, 0, $index1);
4846 my $index2 = index ($salt_buf, ":", $index1 + 2);
4847 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4849 my $len = length (substr ($salt_buf, $index2 + 1));
4851 my $c_challenge_hex;
4855 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 48);
4860 $c_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4861 $c_challenge_hex .= 00 x
32;
4864 my $c_challenge = pack ("H*", substr ($c_challenge_hex, 0, 16));
4865 my $s_challenge_hex = substr ($salt_buf, $index2 + 17, 16);
4866 my $s_challenge = pack ("H*", $s_challenge_hex);
4868 my $challenge = substr (md5
($s_challenge . $c_challenge), 0, 8);
4872 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash . "\x00" x
5;
4874 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 0, 7)), "DES", $challenge, "none");
4875 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 7, 7)), "DES", $challenge, "none");
4876 $ntresp .= Crypt
::ECB
::encrypt
(setup_des_key
(substr ($nthash, 14, 7)), "DES", $challenge, "none");
4878 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $c_challenge_hex, unpack ("H*", $ntresp), $s_challenge_hex);
4880 elsif ($mode == 5600)
4882 my $index1 = index ($salt_buf, "::");
4883 my $user = substr ($salt_buf, 0, $index1);
4885 my $index2 = index ($salt_buf, ":", $index1 + 2);
4886 my $domain = substr ($salt_buf, $index1 + 2, $index2 - $index1 - 2);
4888 my $s_challenge_hex = substr ($salt_buf, $index2 + 1, 16);
4889 my $s_challenge = pack ("H*", $s_challenge_hex);
4891 my $temp_hex = substr ($salt_buf, $index2 + 17);
4892 my $temp = pack ("H*", $temp_hex);
4894 my $nthash = Authen
::Passphrase
::NTHash
->new (passphrase
=> $word_buf)->hash;
4895 my $identity = Encode
::encode
("UTF-16LE", uc ($user) . $domain);
4897 $hash_buf = hmac_hex
($s_challenge . $temp, hmac
($identity, $nthash, \
&md5
, 64), \
&md5
, 64);
4899 $tmp_hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $s_challenge_hex, $hash_buf, $temp_hex);
4901 elsif ($mode == 5700)
4903 $hash_buf = sha256
($word_buf);
4905 my $base64_buf = encode_base64
($hash_buf);
4909 for (my $i = 0; $i < 43; $i++)
4911 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($base64_buf, $i, 1)};
4914 elsif ($mode == 5800)
4916 $hash_buf = androidpin_hash
($word_buf, $salt_buf);
4918 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
4920 elsif ($mode == 6000)
4922 $hash_buf = ripemd160_hex
($word_buf);
4924 $tmp_hash = sprintf ("%s", $hash_buf);
4926 elsif ($mode == 6100)
4928 $hash_buf = whirlpool_hex
($word_buf);
4930 $tmp_hash = sprintf ("%s", $hash_buf);
4932 elsif ($mode == 6300)
4934 my $iterations = 1000; # hard coded by the AIX format
4936 $hash_buf = md5_crypt
('', $iterations, $word_buf, $salt_buf);
4938 $tmp_hash = sprintf ("{smd5}%s", $hash_buf);
4940 elsif ($mode == 6400)
4942 my $iterations = 64;
4946 $iterations = 1 << int ($iter);
4949 $hash_buf = aix_ssha256_pbkdf2
($word_buf, $salt_buf, $iterations);
4951 $tmp_hash = sprintf ("{ssha256}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4953 elsif ($mode == 6500)
4955 my $iterations = 64;
4959 $iterations = 1 << int ($iter);
4962 $hash_buf = aix_ssha512_pbkdf2
($word_buf, $salt_buf, $iterations);
4964 $tmp_hash = sprintf ("{ssha512}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
4966 elsif ($mode == 6600)
4968 my $iterations = 1000;
4972 $iterations = int ($iter);
4975 my $salt_hex = substr ($salt_buf, 0, 16);
4976 my $salt = pack ("H*", $salt_hex);
4978 my $prefix = substr ($salt_buf, 16, 2016);
4980 my $iv_hex = substr ($salt_buf, 2032);
4981 my $iv = pack ("H*", $iv_hex);
4983 my $data = pack ("H*", "10101010101010101010101010101010");
4985 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA1');
4987 my $pbkdf2 = Crypt
::PBKDF2
->new (
4989 iterations
=> $iterations,
4993 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
4995 my $cipher = Crypt
::CBC
->new ({
4997 cipher
=> "Crypt::Rijndael",
5004 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
5006 $hash_buf = substr ($encrypted, 0, 32);
5008 $tmp_hash = sprintf ("%i:%s:%s%s%s", $iterations, $salt_hex, $prefix, $iv_hex, $hash_buf);
5010 elsif ($mode == 6700)
5012 my $iterations = 64;
5016 $iterations = 1 << int ($iter);
5019 $hash_buf = aix_ssha1_pbkdf2
($word_buf, $salt_buf, $iterations);
5021 $tmp_hash = sprintf ("{ssha1}%02i\$%s\$%s", log ($iterations) / log (2), $salt_buf, $hash_buf);
5023 elsif ($mode == 6800)
5025 my $variant = $additional_param;
5027 if (! defined ($variant))
5029 $variant = int (rand (2));
5032 my $iterations = 500;
5036 $iterations = int ($iter);
5039 my $iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
5041 my $hasher = Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256);
5043 my $pbkdf2 = Crypt
::PBKDF2
->new (
5045 iterations
=> $iterations,
5049 my $key = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
5051 my $cipher = Crypt
::CBC
->new ({
5053 cipher
=> "Crypt::Rijndael",
5062 my $encrypt = $cipher->encrypt (substr ($salt_buf, 0, 16));
5064 $hash_buf = substr (unpack ("H*", $encrypt), 0, 32);
5068 my $verifier = "lastpass rocks\x02\x02";
5070 $hash_buf = unpack ("H*", substr ($cipher->encrypt ($verifier), 0, 16));
5073 $tmp_hash = sprintf ("%s:%i:%s", $hash_buf, $iterations, $salt_buf);
5075 elsif ($mode == 6900)
5077 $hash_buf = gost_hex
($word_buf);
5079 $tmp_hash = sprintf ("%s", $hash_buf);
5081 elsif ($mode == 7100)
5083 my $iterations = 1024;
5087 $iterations = int ($iter);
5090 my $pbkdf2 = Crypt
::PBKDF2
->new
5092 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
5093 iterations
=> $iterations
5096 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
5098 $tmp_hash = sprintf ("\$ml\$%i\$%s\$%0128s", $iterations, $salt_buf, $hash_buf);
5100 elsif ($mode == 7200)
5102 my $iterations = 1024;
5106 $iterations = int ($iter);
5109 my $pbkdf2 = Crypt
::PBKDF2
->new (
5110 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
5111 iterations
=> $iterations
5114 $hash_buf = unpack ("H*", $pbkdf2->PBKDF2 (pack ("H*", $salt_buf), $word_buf));
5116 $tmp_hash = sprintf ("grub.pbkdf2.sha512.%i.%s.%0128s", $iterations, $salt_buf, $hash_buf);
5118 elsif ($mode == 7300)
5120 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&sha1
);
5122 $tmp_hash = sprintf ("%s:%s", unpack ("H*", $salt_buf), $hash_buf);
5124 elsif ($mode == 7400)
5126 my $iterations = 5000;
5128 if (defined ($iter))
5132 $iterations = int ($iter);
5136 $hash_buf = sha256_crypt
($iterations, $word_buf, $salt_buf);
5138 $tmp_hash = sprintf ("%s", $hash_buf);
5140 elsif ($mode == 7500)
5142 my @salt_arr = split ("\\\$", $salt_buf);
5144 my $user = $salt_arr[0];
5146 my $realm = $salt_arr[1];
5148 my $salt = $salt_arr[2];
5150 my $hmac_salt = $salt_arr[3];
5151 my $hmac_salt_bin = pack ("H*", $hmac_salt);
5153 my $clear_data = $salt_arr[4];
5155 my $k = md4
(encode
("UTF-16LE", $word_buf));
5157 my $k1 = hmac_md5
("\x01\x00\x00\x00", $k);
5159 my $k3 = hmac_md5
($hmac_salt_bin, $k1);
5161 if (length ($clear_data) > 1)
5163 my $clear_data_bin = pack ("H*", $clear_data);
5165 $hash_buf = RC4
($k3, $clear_data_bin);
5169 my $hash = $salt_arr[5];
5171 my $hash_bin = pack ("H*", $hash);
5173 my $clear_data = RC4
($k3, $hash_bin);
5175 my $timestamp = substr ($clear_data, 14, 14);
5180 if ($timestamp !~ /^[[:digit:]]{14}$/)
5187 $hash_buf = "\x00" x
36;
5189 if ($hash_buf eq $hash_bin)
5191 $hash_buf = "\x01" x
36;
5196 $hash_buf = $hash_bin;
5200 $tmp_hash = sprintf ("\$krb5pa\$23\$%s\$%s\$%s\$%s%s", $user, $realm, $salt, unpack ("H*", $hash_buf), $hmac_salt);
5202 elsif ($mode == 7600)
5204 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($word_buf));
5206 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5208 elsif ($mode == 7700)
5210 $word_buf = uc $word_buf;
5211 $salt_buf = uc $salt_buf;
5213 my $word_buf_t = sapb_transcode
($word_buf);
5214 my $salt_buf_t = sapb_transcode
($salt_buf);
5216 my $digest1 = md5
($word_buf_t . $salt_buf_t);
5218 my $data = sapb_waldorf
($digest1, $word_buf_t, $salt_buf_t);
5220 my $digest2 = md5
($data);
5222 my ($a, $b, $c, $d) = unpack ("N4", $digest2);
5227 $tmp_hash = sprintf ("%s\$%08X%08X", $salt_buf, $a, $b);
5229 elsif ($mode == 7800)
5231 my $theMagicArray_s =
5232 "\x91\xac\x51\x14\x9f\x67\x54\x43\x24\xe7\x3b\xe0\x28\x74\x7b\xc2" .
5233 "\x86\x33\x13\xeb\x5a\x4f\xcb\x5c\x08\x0a\x73\x37\x0e\x5d\x1c\x2f" .
5234 "\x33\x8f\xe6\xe5\xf8\x9b\xae\xdd\x16\xf2\x4b\x8d\x2c\xe1\xd4\xdc" .
5235 "\xb0\xcb\xdf\x9d\xd4\x70\x6d\x17\xf9\x4d\x42\x3f\x9b\x1b\x11\x94" .
5236 "\x9f\x5b\xc1\x9b\x06\x05\x9d\x03\x9d\x5e\x13\x8a\x1e\x9a\x6a\xe8" .
5237 "\xd9\x7c\x14\x17\x58\xc7\x2a\xf6\xa1\x99\x63\x0a\xd7\xfd\x70\xc3" .
5238 "\xf6\x5e\x74\x13\x03\xc9\x0b\x04\x26\x98\xf7\x26\x8a\x92\x93\x25" .
5239 "\xb0\xa2\x0d\x23\xed\x63\x79\x6d\x13\x32\xfa\x3c\x35\x02\x9a\xa3" .
5240 "\xb3\xdd\x8e\x0a\x24\xbf\x51\xc3\x7c\xcd\x55\x9f\x37\xaf\x94\x4c" .
5241 "\x29\x08\x52\x82\xb2\x3b\x4e\x37\x9f\x17\x07\x91\x11\x3b\xfd\xcd";
5243 $salt_buf = uc $salt_buf;
5245 my $digest = sha1
($word_buf . $salt_buf);
5247 my ($a, $b, $c, $d, $e) = unpack ("I*", $digest);
5249 my $lengthMagicArray = 0x20;
5250 my $offsetMagicArray = 0;
5252 $lengthMagicArray += (($a >> 0) & 0xff) % 6;
5253 $lengthMagicArray += (($a >> 8) & 0xff) % 6;
5254 $lengthMagicArray += (($a >> 16) & 0xff) % 6;
5255 $lengthMagicArray += (($a >> 24) & 0xff) % 6;
5256 $lengthMagicArray += (($b >> 0) & 0xff) % 6;
5257 $lengthMagicArray += (($b >> 8) & 0xff) % 6;
5258 $lengthMagicArray += (($b >> 16) & 0xff) % 6;
5259 $lengthMagicArray += (($b >> 24) & 0xff) % 6;
5260 $lengthMagicArray += (($c >> 0) & 0xff) % 6;
5261 $lengthMagicArray += (($c >> 8) & 0xff) % 6;
5262 $offsetMagicArray += (($c >> 16) & 0xff) % 8;
5263 $offsetMagicArray += (($c >> 24) & 0xff) % 8;
5264 $offsetMagicArray += (($d >> 0) & 0xff) % 8;
5265 $offsetMagicArray += (($d >> 8) & 0xff) % 8;
5266 $offsetMagicArray += (($d >> 16) & 0xff) % 8;
5267 $offsetMagicArray += (($d >> 24) & 0xff) % 8;
5268 $offsetMagicArray += (($e >> 0) & 0xff) % 8;
5269 $offsetMagicArray += (($e >> 8) & 0xff) % 8;
5270 $offsetMagicArray += (($e >> 16) & 0xff) % 8;
5271 $offsetMagicArray += (($e >> 24) & 0xff) % 8;
5273 my $hash_buf = sha1_hex
($word_buf . substr ($theMagicArray_s, $offsetMagicArray, $lengthMagicArray) . $salt_buf);
5275 $tmp_hash = sprintf ("%s\$%s", $salt_buf, uc $hash_buf);
5277 elsif ($mode == 7900)
5286 my $phpass_it = 1 << $cost;
5288 $hash_buf = sha512
($salt_buf . $word_buf);
5290 for (my $i = 0; $i < $phpass_it; $i++)
5292 $hash_buf = sha512
($hash_buf . $word_buf);
5295 my $base64_buf = substr (Authen
::Passphrase
::PHPass
::_en_base64
($hash_buf), 0, 43);
5297 my $base64_digits = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
5299 my $cost_str = substr ($base64_digits , $cost, 1);
5301 $tmp_hash = sprintf ('$S$%s%s%s', $cost_str, $salt_buf, $base64_buf);
5303 elsif ($mode == 8000)
5305 my $salt_buf_bin = pack ("H*", $salt_buf);
5307 my $word_buf_utf = encode
("UTF-16BE", $word_buf);
5309 $hash_buf = sha256_hex
($word_buf_utf . "\x00" x
(510 - (length ($word_buf) * 2)) . $salt_buf_bin);
5311 $tmp_hash = sprintf ("0xc007%s%s", $salt_buf, $hash_buf);
5313 elsif ($mode == 8100)
5315 $hash_buf = sha1_hex
($salt_buf . $word_buf . "\x00");
5317 $tmp_hash = sprintf ("1%s%s", $salt_buf, $hash_buf);
5319 elsif ($mode == 8200)
5321 my $iterations = 40000;
5323 if (defined ($iter))
5325 $iterations = $iter;
5328 my $salt_hex = substr ($salt_buf, 0, 32);
5329 my $salt = pack ("H*", $salt_hex);
5331 my $data_hex = substr ($salt_buf, 32);
5332 my $data = pack ("H*", $data_hex);
5334 my $pbkdf2 = Crypt
::PBKDF2
->new
5336 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 512),
5337 iterations
=> int $iterations
5340 my $key = $pbkdf2->PBKDF2 ($salt, $word_buf);
5342 $hash_buf = hmac_hex
($data, substr ($key, 32, 32), \
&sha256
, 64);
5344 $tmp_hash = sprintf ("%s:%s:%d:%s", $hash_buf, $salt_hex, $iterations, $data_hex);
5346 elsif ($mode == 8300)
5348 my ($domain, $salt_hex) = split (":", $salt_buf);
5350 my $hashalg = Net
::DNS
::SEC
->digtype ("SHA1");
5352 my $salt = pack ("H*", $salt_hex);
5356 if (defined ($iter))
5358 $iterations = $iter;
5361 my $name = lc ($word_buf . $domain);
5363 my $hash_buf = Net
::DNS
::RR
::NSEC3
::name2hash
($hashalg, $name, $iterations, $salt);
5365 $tmp_hash = sprintf ("%s:%s:%s:%d", $hash_buf, $domain, $salt_hex, $iterations);
5367 elsif ($mode == 8400)
5369 $hash_buf = sha1_hex
($salt_buf . sha1_hex
($salt_buf . sha1_hex
($word_buf)));
5371 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
5373 elsif ($mode == 8500)
5375 $hash_buf = racf_hash
(uc $salt_buf, $word_buf);
5377 $tmp_hash = sprintf ('$racf$*%s*%s', uc $salt_buf, uc $hash_buf);
5379 elsif ($mode == 8600)
5381 my @saved_key = map { ord $_; } split "", $word_buf;
5383 my $len = scalar @saved_key;
5385 my @state = domino_big_md
(\
@saved_key, $len);
5387 $tmp_hash = sprintf ('%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x',
5406 elsif ($mode == 8700)
5408 my $domino_char = undef;
5410 if (defined ($additional_param))
5412 $domino_char = $additional_param;
5415 my @saved_key = map { ord $_; } split "", $word_buf;
5417 my $len = scalar @saved_key;
5419 my @state = domino_big_md
(\
@saved_key, $len);
5421 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5423 @saved_key = map { ord $_; } split "", $salt_buf . uc $str;
5425 @state = domino_big_md
(\
@saved_key, 34);
5427 $hash_buf = join ("", (map { chr $_; } @state));
5429 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_buf . $hash_buf, $domino_char));
5431 elsif ($mode == 8900)
5437 if (defined ($additional_param))
5439 $N = $additional_param;
5440 $r = $additional_param2;
5441 $p = $additional_param3;
5444 $hash_buf = scrypt_hash
($word_buf, $salt_buf, $N, $r, $p, 32);
5446 $tmp_hash = sprintf ('%s', $hash_buf);
5448 elsif ($mode == 9100)
5450 my $iterations = 5000;
5452 if (defined ($iter))
5454 $iterations = $iter;
5457 my $domino_char = undef;
5459 # domino 5 hash - SEC_pwddigest_V1 - -m 8600
5461 my @saved_key = map { ord $_; } split "", $word_buf;
5463 my $len = scalar @saved_key;
5465 my @state = domino_big_md
(\
@saved_key, $len);
5468 # domino 6 hash - SEC_pwddigest_V2 - -m 8700
5470 my $salt_part = substr ($salt_buf, 0, 5);
5472 my $str = "(" . unpack ("H*", join ("", (map { chr $_; } @state))) . ")";
5474 @saved_key = map { ord $_; } split "", $salt_part . uc $str;
5476 @state = domino_big_md
(\
@saved_key, 34);
5478 $hash_buf = join ("", (map { chr $_; } @state));
5480 $tmp_hash = sprintf ('(G%s)', domino_encode
($salt_part . $hash_buf, $domino_char));
5483 # domino 8(.5.x) hash - SEC_pwddigest_V3 - -m 9100
5485 my $pbkdf2 = Crypt
::PBKDF2
->new
5487 hash_class
=> 'HMACSHA1',
5488 iterations
=> $iterations,
5495 if (defined ($additional_param))
5497 $chars = $additional_param;
5500 my $digest_new = $pbkdf2->PBKDF2 ($salt_buf, $tmp_hash);
5502 my $iteration_str = "" . $iterations;
5504 for (my $i = length ($iterations); $i < 10; $i++)
5506 $iterations = "0" . $iterations;
5509 $tmp_hash = sprintf ('(H%s)', domino_85x_encode
($salt_buf . $iterations . $chars . $digest_new, $domino_char));
5511 elsif ($mode == 9200)
5513 my $iterations = 20000;
5515 my $pbkdf2 = Crypt
::PBKDF2
->new
5517 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5518 iterations
=> $iterations
5521 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5525 for (my $i = 0; $i < 43; $i++)
5527 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5530 $tmp_hash = sprintf ("\$8\$%s\$%s", $salt_buf, $tmp_hash);
5532 elsif ($mode == 9300)
5538 $hash_buf = scrypt_b64
($word_buf, $salt_buf, $N, $r, $p, 32);
5542 for (my $i = 0; $i < 43; $i++)
5544 $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
5547 $tmp_hash = sprintf ('$9$%s$%s', $salt_buf, $tmp_hash);
5549 elsif ($mode == 9400)
5551 my $iterations = 50000;
5555 $iterations = int ($iter);
5558 my $aes_key_size = 128; # or 256
5560 if (defined ($additional_param2))
5562 $aes_key_size = $additional_param2;
5565 $salt_buf = pack ("H*", $salt_buf);
5567 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5569 for (my $i = 0; $i < $iterations; $i++)
5571 my $num32 = pack ("L", $i);
5573 $tmp = sha1
($num32 . $tmp);
5576 my $zero32 = pack ("L", 0x00);
5578 my $derivation_array1 = pack ("C", 0x36) x
64;
5579 my $derivation_array2 = pack ("C", 0x5C) x
64;
5581 $tmp = sha1
($tmp . $zero32);
5583 my $tmp2 = sha1
($derivation_array1 ^ $tmp);
5584 my $tmp3 = sha1
($derivation_array2 ^ $tmp);
5586 my $key = substr ($tmp2 . $tmp3, 0, $aes_key_size / 8);
5588 my $m = Crypt
::Mode
::ECB
->new ('AES', 0);
5592 if (defined $additional_param)
5594 $encdata = $m->decrypt (pack ("H*", $additional_param), $key);
5598 $encdata = "A" x
16; ## can be anything
5601 my $data1_buf = $encdata;
5602 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5604 $data1_buf = substr ($data1_buf . ("\x00" x
16), 0, 16);
5605 $data2_buf = substr ($data2_buf . ("\x00" x
16), 0, 32);
5607 my $encrypted1 = unpack ("H*", $m->encrypt ($data1_buf, $key));
5608 my $encrypted2 = unpack ("H*", $m->encrypt ($data2_buf, $key));
5610 $encrypted1 = substr ($encrypted1, 0, 32);
5611 $encrypted2 = substr ($encrypted2, 0, 40);
5613 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2007, 20, $aes_key_size, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5615 elsif ($mode == 9500)
5617 my $iterations = 100000;
5621 $iterations = int ($iter);
5624 $salt_buf = pack ("H*", $salt_buf);
5626 my $tmp = sha1
($salt_buf . encode
("UTF-16LE", $word_buf));
5628 for (my $i = 0; $i < $iterations; $i++)
5630 my $num32 = pack ("L", $i);
5632 $tmp = sha1
($num32 . $tmp);
5635 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5636 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5638 my $final1 = sha1
($tmp . $encryptedVerifierHashInputBlockKey);
5639 my $final2 = sha1
($tmp . $encryptedVerifierHashValueBlockKey);
5641 my $key1 = substr ($final1, 0, 16);
5642 my $key2 = substr ($final2, 0, 16);
5644 my $cipher1 = Crypt
::CBC
->new ({
5646 cipher
=> "Crypt::Rijndael",
5654 my $cipher2 = Crypt
::CBC
->new ({
5656 cipher
=> "Crypt::Rijndael",
5666 if (defined $additional_param)
5668 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5672 $encdata = "A" x
16; ## can be anything
5675 my $data1_buf = $encdata;
5676 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5678 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5679 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5681 $encrypted2 = substr ($encrypted2, 0, 64);
5683 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2010, 100000, 128, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5685 elsif ($mode == 9600)
5687 my $iterations = 100000;
5691 $iterations = int ($iter);
5694 $salt_buf = pack ("H*", $salt_buf);
5696 my $tmp = sha512
($salt_buf . encode
("UTF-16LE", $word_buf));
5698 for (my $i = 0; $i < $iterations; $i++)
5700 my $num32 = pack ("L", $i);
5702 $tmp = sha512
($num32 . $tmp);
5705 my $encryptedVerifierHashInputBlockKey = "\xfe\xa7\xd2\x76\x3b\x4b\x9e\x79";
5706 my $encryptedVerifierHashValueBlockKey = "\xd7\xaa\x0f\x6d\x30\x61\x34\x4e";
5708 my $final1 = sha512
($tmp . $encryptedVerifierHashInputBlockKey);
5709 my $final2 = sha512
($tmp . $encryptedVerifierHashValueBlockKey);
5711 my $key1 = substr ($final1, 0, 32);
5712 my $key2 = substr ($final2, 0, 32);
5714 my $cipher1 = Crypt
::CBC
->new ({
5716 cipher
=> "Crypt::Rijndael",
5724 my $cipher2 = Crypt
::CBC
->new ({
5726 cipher
=> "Crypt::Rijndael",
5736 if (defined $additional_param)
5738 $encdata = $cipher1->decrypt (pack ("H*", $additional_param));
5742 $encdata = "A" x
16; ## can be anything
5745 my $data1_buf = $encdata;
5746 my $data2_buf = sha512
(substr ($data1_buf, 0, 16));
5748 my $encrypted1 = unpack ("H*", $cipher1->encrypt ($data1_buf));
5749 my $encrypted2 = unpack ("H*", $cipher2->encrypt ($data2_buf));
5751 $encrypted2 = substr ($encrypted2, 0, 64);
5753 $tmp_hash = sprintf ("\$office\$*%d*%d*%d*%d*%s*%s*%s", 2013, 100000, 256, 16, unpack ("H*", $salt_buf), $encrypted1, $encrypted2);
5755 elsif ($mode == 9700)
5757 $salt_buf = pack ("H*", $salt_buf);
5759 my $tmp = md5
(encode
("UTF-16LE", $word_buf));
5761 $tmp = substr ($tmp, 0, 5);
5765 for (my $i = 0; $i < 16; $i++)
5773 $tmp = substr ($tmp, 0, 5);
5777 if (defined $additional_param2)
5779 $version = $additional_param2;
5783 $version = (unpack ("L", $tmp) & 1) ?
0 : 1;
5786 my $rc4_key = md5
($tmp . "\x00\x00\x00\x00");
5788 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5792 if (defined $additional_param)
5794 $encdata = $m->RC4 (pack ("H*", $additional_param));
5798 $encdata = "A" x
16; ## can be anything
5801 my $data1_buf = $encdata;
5802 my $data2_buf = md5
(substr ($data1_buf, 0, 16));
5804 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5806 my $encrypted1 = $m->RC4 ($data1_buf);
5807 my $encrypted2 = $m->RC4 ($data2_buf);
5809 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5811 elsif ($mode == 9800)
5813 $salt_buf = pack ("H*", $salt_buf);
5815 my $tmp = sha1
($salt_buf. encode
("UTF-16LE", $word_buf));
5819 if (defined $additional_param2)
5821 $version = $additional_param2;
5825 $version = (unpack ("L", $tmp) & 1) ?
3 : 4;
5828 my $rc4_key = sha1
($tmp . "\x00\x00\x00\x00");
5832 $rc4_key = substr ($rc4_key, 0, 5) . "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
5835 my $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5839 if (defined $additional_param)
5841 $encdata = $m->RC4 (pack ("H*", $additional_param));
5845 $encdata = "A" x
16; ## can be anything
5848 my $data1_buf = $encdata;
5849 my $data2_buf = sha1
(substr ($data1_buf, 0, 16));
5851 $m = Crypt
::RC4
->new (substr ($rc4_key, 0, 16));
5853 my $encrypted1 = $m->RC4 ($data1_buf);
5854 my $encrypted2 = $m->RC4 ($data2_buf);
5856 $tmp_hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, unpack ("H*", $salt_buf), unpack ("H*", $encrypted1), unpack ("H*", $encrypted2));
5858 elsif ($mode == 9900)
5860 $tmp_hash = sprintf ("%s", md5_hex
($word_buf . "\0" x
(100 - length ($word_buf))));
5862 elsif ($mode == 10000)
5864 my $iterations = 10000;
5868 $iterations = int ($iter);
5871 my $pbkdf2 = Crypt
::PBKDF2
->new
5873 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
5874 iterations
=> $iterations
5877 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
5878 $hash_buf =~ s/[\r\n]//g;
5880 $tmp_hash = sprintf ("pbkdf2_sha256\$%i\$%s\$%s", $iterations, $salt_buf, $hash_buf);
5882 elsif ($mode == 10100)
5884 my $seed = pack ("H*", $salt_buf);
5886 my ($hi, $lo) = siphash
($word_buf, $seed);
5888 my $hi_s = sprintf ("%08x", $hi);
5889 my $lo_s = sprintf ("%08x", $lo);
5891 $hi_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5892 $lo_s =~ s/^(..)(..)(..)(..)$/$4$3$2$1/;
5894 $tmp_hash = sprintf ("%s%s:2:4:%s", $hi_s, $lo_s, $salt_buf);
5896 elsif ($mode == 10200)
5898 my $challengeb64 = encode_base64
($salt_buf);
5899 $challengeb64 =~ s/[\r\n]//g;
5903 if (defined $additional_param)
5905 $username = $additional_param;
5912 $hash_buf = hmac_hex
($salt_buf, $word_buf, \
&md5
);
5914 my $responseb64 = encode_base64
($username . " " . $hash_buf);
5915 $responseb64 =~ s/[\r\n]//g;
5917 $tmp_hash = sprintf ('$cram_md5$%s$%s', $challengeb64, $responseb64);
5919 elsif ($mode == 10300)
5921 my $iterations = 1024;
5925 $iterations = int ($iter);
5928 my $hash_buf = $salt_buf;
5930 for (my $pos = 0; $pos < $iterations; $pos++)
5932 $hash_buf = sha1
($word_buf . $hash_buf);
5935 $hash_buf = encode_base64
($hash_buf . $salt_buf);
5936 $hash_buf =~ s/[\r\n]//g;
5938 $tmp_hash = sprintf ("{x-issha, %i}%s", $iterations, $hash_buf);
5940 elsif ($mode == 10400)
5943 my $u = $additional_param;
5944 my $o = $additional_param2;
5945 my $P = $additional_param3;
5947 if (defined $u == 0)
5952 if (defined $o == 0)
5957 if (defined $P == 0)
5964 for (my $i = 0; $i < 32; $i++)
5966 $padding .= pack ("C", $pdf_padding[$i]);
5969 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, 1, 2, 0);
5971 my $m = Crypt
::RC4
->new (substr ($res, 0, 5));
5973 $u = $m->RC4 ($padding);
5975 $tmp_hash = sprintf ('$pdf$%d*%d*40*%d*%d*16*%s*32*%s*32*%s', 1, 2, $P, 0, $id, unpack ("H*", $u), $o);
5977 elsif ($mode == 10500)
5980 my $u = $additional_param;
5981 my $o = $additional_param2;
5982 my $P = $additional_param3;
5983 my $V = $additional_param4;
5984 my $R = $additional_param5;
5985 my $enc = $additional_param6;
5987 if (defined $u == 0)
5994 if (defined $o == 0)
5999 if (defined $R == 0)
6001 $R = get_random_num
(3, 5);
6004 if (defined $V == 0)
6006 $V = ($R == 3) ?
2 : 4;
6009 if (defined $P == 0)
6011 $P = ($R == 3) ?
-4 : -1028;
6014 if (defined $enc == 0)
6016 $enc = ($R == 3) ?
1 : get_random_num
(0, 2);
6021 for (my $i = 0; $i < 32; $i++)
6023 $padding .= pack ("C", $pdf_padding[$i]);
6026 my $res = pdf_compute_encryption_key
($word_buf, $padding, $id, $u, $o, $P, $V, $R, $enc);
6028 my $digest = md5
($padding . pack ("H*", $id));
6030 my $m = Crypt
::RC4
->new ($res);
6032 $u = $m->RC4 ($digest);
6034 my @ress = split "", $res;
6036 for (my $x = 1; $x <= 19; $x++)
6040 for (my $i = 0; $i < 16; $i++)
6042 $xor[$i] = chr (ord ($ress[$i]) ^ $x);
6045 my $s = join ("", @xor);
6047 my $m2 = Crypt
::RC4
->new ($s);
6052 $u .= substr (pack ("H*", $u_save), 16, 16);
6054 $tmp_hash = sprintf ('$pdf$%d*%d*128*%d*%d*16*%s*32*%s*32*%s', $V, $R, $P, $enc, $id, unpack ("H*", $u), $o);
6056 elsif ($mode == 10600)
6059 my $rest = $additional_param;
6061 if (defined $id == 0)
6066 if (defined $rest == 0)
6072 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
6075 my @data = split /\*/, $rest;
6077 my $u = pack ("H*", $data[1]);
6079 my $h = sha256
($word_buf . substr ($u, 32, 8));
6081 $data[1] = unpack ("H*", $h . substr ($u, 32));
6083 $rest = join ("*", @data);
6085 $tmp_hash = sprintf ('$pdf$5*5*256*-1028*1*16*%s*%s', $id, $rest);
6087 elsif ($mode == 10700)
6090 my $rest = $additional_param;
6092 if (defined $id == 0)
6097 if (defined $rest == 0)
6103 $rest .= "*127*00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000*32*0000000000000000000000000000000000000000000000000000000000000000";
6106 my @datax = split /\*/, $rest;
6108 my $u = pack ("H*", $datax[1]);
6110 my $block = sha256
($word_buf . substr ($u, 32, 8));
6112 my $block_size = 32;
6114 my $data = 0x00 x
64;
6120 for (my $i = 0; $i < 64 || $i < $data63 + 32; $i++)
6122 $data = $word_buf . $block;
6124 $data_len = length ($data);
6126 for (my $k = 1; $k < 64; $k++)
6128 $data .= $word_buf . $block;
6131 my $aes = Crypt
::CBC
->new ({
6132 key
=> substr ($block, 0, 16),
6133 cipher
=> "Crypt::Rijndael",
6134 iv
=> substr ($block, 16, 16),
6141 my $data = $aes->encrypt ($data);
6145 for (my $j = 0; $j < 16; $j++)
6147 $sum += ord (substr ($data, $j, 1));
6150 $block_size = 32 + ($sum % 3) * 16;
6152 if ($block_size == 32)
6154 $block = sha256
(substr ($data, 0, $data_len * 64));
6156 elsif ($block_size == 48)
6158 $block = sha384
(substr ($data, 0, $data_len * 64));
6160 elsif ($block_size == 64)
6162 $block = sha512
(substr ($data, 0, $data_len * 64));
6165 $data63 = ord (substr ($data, $data_len * 64 - 1, 1));
6168 $datax[1] = unpack ("H*", substr ($block, 0, 32) . substr ($u, 32));
6170 $rest = join ("*", @datax);
6172 $tmp_hash = sprintf ('$pdf$5*6*256*-1028*1*16*%s*%s', $id, $rest);
6174 elsif ($mode == 10800)
6176 $hash_buf = sha384_hex
($word_buf);
6178 $tmp_hash = sprintf ("%s", $hash_buf);
6180 elsif ($mode == 10900)
6182 my $iterations = 1000;
6186 $iterations = int ($iter);
6191 if (defined $additional_param)
6193 $out_len = $additional_param;
6196 my $pbkdf2 = Crypt
::PBKDF2
->new
6198 hasher
=> Crypt
::PBKDF2
->hasher_from_algorithm ('HMACSHA2', 256),
6199 iterations
=> $iterations,
6200 output_len
=> $out_len
6203 $hash_buf = encode_base64
($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6204 $hash_buf =~ s/[\r\n]//g;
6206 my $base64_salt_buf = encode_base64
($salt_buf);
6208 chomp ($base64_salt_buf);
6210 $tmp_hash = sprintf ("sha256:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6212 elsif ($mode == 11000)
6214 $hash_buf = md5_hex
($salt_buf . $word_buf);
6216 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
6218 elsif ($mode == 11100)
6220 my $user = "postgres";
6222 if (defined $additional_param)
6224 $user = $additional_param;
6227 $hash_buf = md5_hex
(md5_hex
($word_buf . $user) . pack ("H*", $salt_buf));
6229 $tmp_hash = sprintf ("\$postgres\$%s*%s*%s", $user, $salt_buf, $hash_buf);
6231 elsif ($mode == 11200)
6233 my $sha1_pass = sha1
($word_buf);
6234 my $double_sha1 = sha1
($sha1_pass);
6236 my $xor_part1 = $sha1_pass;
6237 my $xor_part2 = sha1
(pack ("H*", $salt_buf) . $double_sha1);
6241 for (my $i = 0; $i < 20; $i++)
6243 my $first_byte = substr ($xor_part1, $i, 1);
6244 my $second_byte = substr ($xor_part2, $i, 1);
6246 my $xor_result = $first_byte ^ $second_byte;
6248 $hash_buf .= unpack ("H*", $xor_result);
6251 $tmp_hash = sprintf ("\$mysqlna\$%s*%s", $salt_buf, $hash_buf);
6253 elsif ($mode == 11300)
6255 my $ckey_buf = get_random_string
(96);
6257 if (length ($additional_param))
6259 $ckey_buf = $additional_param;
6262 my $public_key_buf = get_random_string
(66);
6264 if (length ($additional_param2))
6266 $public_key_buf = $additional_param2;
6269 my $salt_iter = get_random_num
(150000, 250000);
6273 $salt_iter = int ($iter);
6276 my $hash_buf = sha512
($word_buf . pack ("H*", $salt_buf));
6278 for (my $i = 1; $i < $salt_iter; $i++)
6280 $hash_buf = sha512
($hash_buf);
6283 my $data = get_random_string
(32);
6285 my $aes = Crypt
::CBC
->new ({
6286 key
=> substr ($hash_buf, 0, 32),
6287 cipher
=> "Crypt::Rijndael",
6288 iv
=> substr ($hash_buf, 32, 16),
6292 padding
=> "standard",
6295 my $cry_master_buf = (unpack ("H*", $aes->encrypt ($data)));
6297 $tmp_hash = sprintf ('$bitcoin$%d$%s$%d$%s$%d$%d$%s$%d$%s',
6298 length ($cry_master_buf),
6305 length ($public_key_buf),
6308 elsif ($mode == 11400)
6310 my ($directive, $URI_server, $URI_client, $user, $realm, $nonce, $nonce_count, $nonce_client, $qop, $method, $URI, $URI_prefix, $URI_resource, $URI_suffix);
6312 $directive = "MD5"; # only directive currently supported
6314 if (defined ($additional_param))
6316 $user = $additional_param;
6317 $realm = $additional_param2;
6319 $nonce_count = $additional_param3;
6320 $nonce_client = $additional_param4;
6321 $qop = $additional_param5;
6322 $method = $additional_param6;
6324 $URI_prefix = $additional_param7;
6325 $URI_resource = $additional_param8;
6326 $URI_suffix = $additional_param9;
6328 # not needed information
6330 $URI_server = $additional_param10;
6331 $URI_client = $additional_param11;
6335 $user = get_random_string
(get_random_num
(0, 12 + 1));
6337 # special limit: (user_len + 1 + realm_len + 1 + word_buf_len) < 56
6338 my $realm_max_len = 55 - length ($user) - 1 - length ($word_buf) - 1;
6340 if ($realm_max_len < 1) # should never happen
6345 $realm_max_len = min
(20, $realm_max_len);
6347 $realm = get_random_string
(get_random_num
(0, $realm_max_len + 1));
6351 if (get_random_num
(0, 1 + 1) == 1)
6355 $nonce_count = get_random_string
(get_random_num
(0, 10 + 1));
6356 $nonce_client = get_random_string
(get_random_num
(0, 12 + 1));
6366 $method = get_random_string
(get_random_num
(0, 24 + 1));
6368 $URI_prefix = get_random_string
(get_random_num
(0, 10 + 1));
6369 $URI_resource = get_random_string
(get_random_num
(1, 32 + 1));
6370 $URI_suffix = get_random_string
(get_random_num
(0, 32 + 1));
6372 # not needed information
6374 $URI_server = get_random_string
(get_random_num
(0, 32 + 1));
6375 $URI_client = $URI_resource; # simplification
6382 if (length ($URI_prefix) > 0)
6384 $URI = $URI_prefix . ":";
6387 $URI .= $URI_resource;
6389 if (length ($URI_suffix) > 0)
6391 $URI .= ":" . $URI_suffix;
6394 my $HA2 = md5_hex
($method . ":" . $URI);
6396 my $HA1 = md5_hex
($user . ":" . $realm . ":" . $word_buf);
6400 if (($qop eq "auth") || ($qop eq "auth-int"))
6402 $tmp_buf = $nonce . ":" . $nonce_count . ":" . $nonce_client . ":" . $qop;
6409 my $hash_buf = md5_hex
($HA1 . ":" . $tmp_buf . ":" . $HA2);
6411 $tmp_hash = sprintf ("\$sip\$*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s", $URI_server, $URI_resource, $user, $realm, $method, $URI_prefix, $URI_resource, $URI_suffix, $nonce, $nonce_client, $nonce_count, $qop, $directive, $hash_buf);
6413 elsif ($mode == 11500)
6415 $hash_buf = crc32
($word_buf);
6417 $tmp_hash = sprintf ("%08x:00000000", $hash_buf);
6419 elsif ($mode == 11600)
6421 my ($p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, $data_len, $unpack_size, $data_buf);
6425 my $validation_only = 0;
6427 $validation_only = 1 if (defined ($additional_param));
6429 if ($validation_only == 1)
6431 $num_cycle_power = int ($iter);
6432 $seven_zip_salt_len = $additional_param;
6433 $seven_zip_salt_buf = $additional_param2;
6434 $salt_len = $additional_param3;
6435 # $salt_buf set in parser
6436 # $hash_buf (resulting crc)
6437 $data_len = $additional_param4;
6438 $unpack_size = $additional_param5;
6439 $data_buf = $additional_param6;
6443 $num_cycle_power = 14; # by default it is 19
6444 $seven_zip_salt_len = 0;
6445 $seven_zip_salt_buf = "";
6446 $salt_len = length ($salt_buf);
6447 # $salt_buf set automatically
6448 # $hash_buf (resulting crc)
6449 # $data_len will be set when encrypting
6450 $unpack_size = get_random_num
(1, 32 + 1);
6451 $data_buf = get_random_string
($unpack_size);
6455 # 2 ^ NumCyclesPower "iterations" of SHA256 (only one final SHA256)
6458 $word_buf = encode
("UTF-16LE", $word_buf);
6460 my $rounds = 1 << $num_cycle_power;
6464 for (my $i = 0; $i < $rounds; $i++)
6468 $num_buf .= pack ("V", $i);
6469 $num_buf .= "\x00" x
4;
6471 # this would be better but only works on 64-bit systems:
6472 # $num_buf = pack ("q", $i);
6474 $pass_buf .= sprintf ("%s%s", $word_buf, $num_buf);
6477 my $key = sha256
($pass_buf);
6479 # the salt_buf is our IV for AES CBC
6482 my $salt_buf_len = length ($salt_buf);
6483 my $salt_padding_len = 0;
6485 if ($salt_buf_len < 16)
6487 $salt_padding_len = 16 - $salt_buf_len;
6490 $salt_buf .= "\x00" x
$salt_padding_len;
6492 my $aes = Crypt
::CBC
->new ({
6493 cipher
=> "Crypt::Rijndael",
6501 if ($validation_only == 1)
6505 my $decrypted_data = $aes->decrypt ($data_buf);
6507 $decrypted_data = substr ($decrypted_data, 0, $unpack_size);
6509 $hash_buf = crc32
($decrypted_data);
6515 $hash_buf = crc32
($data_buf);
6517 $data_buf = $aes->encrypt ($data_buf);
6519 $data_len = length ($data_buf);
6522 $tmp_hash = sprintf ("\$7z\$%i\$%i\$%i\$%s\$%i\$%08s\$%u\$%u\$%u\$%s", $p, $num_cycle_power, $seven_zip_salt_len, $seven_zip_salt_buf, $salt_len, unpack ("H*", $salt_buf), $hash_buf, $data_len, $unpack_size, unpack ("H*", $data_buf));
6524 elsif ($mode == 11900)
6526 my $iterations = 1000;
6530 $iterations = int ($iter);
6535 if (defined $additional_param)
6537 $out_len = $additional_param;
6541 # call PHP here - WTF
6544 # sanitize $word_buf and $salt_buf:
6546 my $word_buf_base64 = encode_base64
($word_buf);
6547 $word_buf_base64 =~ s/[\r\n]//g;
6549 my $salt_buf_base64 = encode_base64
($salt_buf);
6550 $salt_buf_base64 =~ s/[\r\n]//g;
6554 $out_len = int ($out_len);
6556 # output is in hex encoding, otherwise it could be screwed (but shouldn't)
6558 my $php_code = <<'END_CODE';
6560 function pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
6562 $algorithm = strtolower ($algorithm);
6564 if (! in_array ($algorithm, hash_algos (), true))
6566 trigger_error ("PBKDF2 ERROR: Invalid hash algorithm.", E_USER_ERROR);
6569 if ($count <= 0 || $key_length <= 0)
6571 trigger_error ("PBKDF2 ERROR: Invalid parameters.", E_USER_ERROR);
6574 if (function_exists ("hash_pbkdf2"))
6578 $key_length = $key_length * 2;
6581 return hash_pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output);
6584 $hash_length = strlen (hash ($algorithm, "", true));
6585 $block_count = ceil ($key_length / $hash_length);
6589 for ($i = 1; $i <= $block_count; $i++)
6591 $last = $salt . pack ("N", $i);
6593 $last = $xorsum = hash_hmac ($algorithm, $last, $password, true);
6595 for ($j = 1; $j < $count; $j++)
6597 $xorsum ^= ($last = hash_hmac ($algorithm, $last, $password, true));
6605 return substr ($output, 0, $key_length);
6609 return bin2hex (substr ($output, 0, $key_length));
6613 print pbkdf2 ("md5", base64_decode ("$word_buf_base64"), base64_decode ("$salt_buf_base64"), $iterations, $out_len, False);
6617 # replace with these command line arguments
6619 $php_code =~ s/\$word_buf_base64/$word_buf_base64/;
6620 $php_code =~ s/\$salt_buf_base64/$salt_buf_base64/;
6621 $php_code =~ s/\$iterations/$iterations/;
6622 $php_code =~ s/\$out_len/$out_len/;
6624 my $php_output = `php -r '$php_code'`;
6626 $hash_buf = pack ("H*", $php_output);
6628 $hash_buf = encode_base64 ($hash_buf);
6629 $hash_buf =~ s/[\r\n]//g;
6631 my $base64_salt_buf = encode_base64 ($salt_buf);
6633 chomp ($base64_salt_buf);
6635 $tmp_hash = sprintf ("md5:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6637 elsif ($mode == 12000)
6639 my $iterations = 1000;
6643 $iterations = int ($iter);
6648 if (defined $additional_param)
6650 $out_len = $additional_param;
6653 my $pbkdf2 = Crypt::PBKDF2->new
6655 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1'),
6656 iterations => $iterations,
6657 output_len => $out_len
6660 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6661 $hash_buf =~ s/[\r\n]//g;
6663 my $base64_salt_buf = encode_base64 ($salt_buf);
6665 chomp ($base64_salt_buf);
6667 $tmp_hash = sprintf ("sha1:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6669 elsif ($mode == 12100)
6671 my $iterations = 1000;
6675 $iterations = int ($iter);
6680 if (defined $additional_param)
6682 $out_len = $additional_param;
6685 my $pbkdf2 = Crypt::PBKDF2->new
6687 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512),
6688 iterations => $iterations,
6689 output_len => $out_len
6692 $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt_buf, $word_buf));
6693 $hash_buf =~ s/[\r\n]//g;
6695 my $base64_salt_buf = encode_base64 ($salt_buf);
6697 chomp ($base64_salt_buf);
6699 $tmp_hash = sprintf ("sha512:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
6701 elsif ($mode == 12200)
6703 my $iterations = 65536;
6705 my $default_salt = 0;
6707 if (defined $additional_param)
6709 $default_salt = int ($additional_param);
6712 if ($default_salt == 1)
6714 $salt_buf = "0011223344556677";
6717 $hash_buf = sha512 (pack ("H*", $salt_buf) . $word_buf);
6719 for (my $i = 0; $i < $iterations; $i++)
6721 $hash_buf = sha512 ($hash_buf);
6724 $hash_buf = unpack ("H*", $hash_buf);
6725 $hash_buf = substr ($hash_buf, 0, 16);
6727 if ($default_salt == 0)
6729 $tmp_hash = sprintf ("\$ecryptfs\$0\$1\$%s\$%s", $salt_buf, $hash_buf);
6733 $tmp_hash = sprintf ("\$ecryptfs\$0\$%s", $hash_buf);
6736 elsif ($mode == 12300)
6738 my $iterations = 4096;
6740 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
6742 my $pbkdf2 = Crypt::PBKDF2->new (
6744 iterations => $iterations,
6748 my $salt_bin = pack ("H*", $salt_buf);
6750 my $key = $pbkdf2->PBKDF2 ($salt_bin. "AUTH_PBKDF2_SPEEDY_KEY", $word_buf);
6752 $hash_buf = sha512_hex ($key . $salt_bin);
6754 $tmp_hash = sprintf ("%s%s", uc ($hash_buf), uc ($salt_buf));
6756 elsif ($mode == 12400)
6762 $iterations = int ($iter);
6766 $iterations = get_random_num (1, 5001 + 1);
6769 my $key_value = fold_password ($word_buf);
6771 my $data = "\x00\x00\x00\x00\x00\x00\x00\x00";
6772 my $salt_value = base64_to_int24 ($salt_buf);
6774 $hash_buf = crypt_rounds ($key_value, $iterations, $salt_value, $data);
6776 $tmp_hash = sprintf ("_%s%s%s", int24_to_base64 ($iterations), $salt_buf, block_to_base64 ($hash_buf));
6778 elsif ($mode == 12600)
6780 $hash_buf = sha1_hex ($word_buf);
6782 $hash_buf = sha256_hex ($salt_buf . uc $hash_buf);
6784 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
6786 elsif ($mode == 12700)
6788 my $iterations = 10;
6791 "guid" : "00000000-0000-0000-0000-000000000000",
6792 "sharedKey" : "00000000-0000-0000-0000-000000000000",
6793 "options" : {"pbkdf2_iterations":10,"fee_policy":0,"html5_notifications":false,"logout_time":600000,"tx_display":0,"always_keep_local_backup":false}|;
6795 my $salt_buf_bin = pack ("H*", $salt_buf);
6797 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
6799 my $pbkdf2 = Crypt::PBKDF2->new (
6801 iterations => $iterations,
6805 my $key = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6807 my $cipher = Crypt::CBC->new ({
6809 cipher => "Crypt::Rijndael",
6810 iv => $salt_buf_bin,
6816 my $encrypted = unpack ("H*", $cipher->encrypt ($data));
6818 $tmp_hash = sprintf ("\$blockchain\$%s\$%s", length ($salt_buf . $encrypted) / 2, $salt_buf . $encrypted);
6820 elsif ($mode == 12800)
6822 my $iterations = 100;
6826 $iterations = int ($iter);
6829 my $nt = md4_hex (encode ("UTF-16LE", $word_buf));
6831 my $pbkdf2 = Crypt::PBKDF2->new
6833 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6834 iterations => $iterations,
6838 my $salt_buf_bin = pack ("H*", $salt_buf);
6840 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, uc (encode ("UTF-16LE", $nt)));
6842 $tmp_hash = sprintf ("v1;PPH1_MD4,%s,%d,%s", $salt_buf, $iterations, unpack ("H*", $hash));
6844 elsif ($mode == 12900)
6846 my $iterations = 4096;
6850 $iterations = int ($iter);
6853 my $salt2 = $salt_buf . $salt_buf;
6855 if (defined $additional_param)
6857 $salt2 = $additional_param;
6860 my $pbkdf2 = Crypt::PBKDF2->new
6862 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6863 iterations => $iterations,
6867 my $salt_buf_bin = pack ("H*", $salt_buf);
6869 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6871 my $salt2_bin = pack ("H*", $salt2);
6873 my $hash_hmac = hmac_hex ($salt2_bin, $hash, \&sha256, 64);
6875 $tmp_hash = sprintf ("%s%s%s", $salt2, $hash_hmac, $salt_buf);
6877 elsif ($mode == 13000)
6879 my $iterations = 15;
6883 $iterations = int ($iter);
6888 if (defined $additional_param)
6890 $iv = $additional_param;
6893 my $pbkdf2 = Crypt::PBKDF2->new
6895 hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
6896 iterations => (1 << $iterations) + 32,
6900 my $salt_buf_bin = pack ("H*", $salt_buf);
6902 my $hash = $pbkdf2->PBKDF2 ($salt_buf_bin, $word_buf);
6904 my $hash_final = substr ($hash, 0, 8)
6905 ^ substr ($hash, 8, 8)
6906 ^ substr ($hash, 16, 8)
6907 ^ substr ($hash, 24, 8);
6909 $tmp_hash = sprintf ('$rar5$16$%s$%d$%s$8$%s', $salt_buf, $iterations, $iv, unpack ("H*", $hash_final));
6911 elsif ($mode == 13100)
6913 my @salt_arr = split ('\$', $salt_buf);
6915 my $user = $salt_arr[0];
6917 my $realm = $salt_arr[1];
6919 my $spn = $salt_arr[2];
6921 my $nonce = $salt_arr[3];
6923 my $cleartext_ticket = '6381b03081ada00703050050a00000a11b3019a003020117a1'.
6924 '12041058e0d77776e8b8e03991f2966939222aa2171b154d594b5242544553542e434f4e5'.
6925 '44f534f2e434f4da3133011a003020102a10a30081b067472616e6365a40b3009a0030201'.
6926 '01a1020400a511180f32303136303231353134343735305aa611180f32303136303231353'.
6927 '134343735305aa711180f32303136303231363030343735305aa811180f32303136303232'.
6930 $cleartext_ticket = $nonce . $cleartext_ticket;
6932 my $k = md4 (encode ("UTF-16LE", $word_buf));
6934 my $k1 = hmac_md5 ("\x02\x00\x00\x00", $k);
6936 my $checksum = hmac_md5 (pack ("H*", $cleartext_ticket), $k1);
6938 my $k3 = hmac_md5 ($checksum, $k1);
6940 my $cipher = Crypt::RC4->new ($k3);
6942 my $edata2 = $cipher->RC4 (pack ("H*", $cleartext_ticket));
6944 $tmp_hash = sprintf ('$krb5tgs$23$*%s$%s$%s*$%s$%s', $user, $realm, $spn, unpack ("H*", $checksum), unpack ("H*", $edata2));
6946 elsif ($mode == 13200)
6948 my @salt_arr = split ('\*', $salt_buf);
6950 my $iteration = $salt_arr[0];
6952 my $mysalt = $salt_arr[1];
6954 $mysalt = pack ("H*", $mysalt);
6956 my $DEK = randbytes (16);
6958 my $iv = "a6a6a6a6a6a6a6a6";
6960 my $KEK = sha1($word_buf);
6962 $KEK = substr ($KEK ^ $mysalt, 0, 16);
6964 my $aes = Crypt::Mode::ECB->new ('AES');
6966 my @R = ('', substr(pack ("H*",$DEK),0,8), substr(pack ("H*",$DEK),8,16));
6970 my $A = pack ("H*", $iv);
6972 for (my $j = 0; $j < $iteration; $j++)
6974 $B = $aes->encrypt ($A . $R[1], $KEK);
6976 $A = substr ($B, 0, 8) ^ pack ("q", (2 * $j + 1));
6978 $R[1] = substr ($B, 8, 16);
6980 $B = $aes->encrypt ($A . $R[2], $KEK);
6982 $A = substr ($B, 0, 8) ^ pack ("q", (2 * $j + 2));
6984 $R[2] = substr ($B, 8, 16);
6987 my $wrapped_key = unpack ("H*", $A . substr ($R[1], 0 ,8) . substr ($R[2], 0 ,8));
6989 $mysalt = unpack ("H*", $mysalt);
6991 $tmp_hash = sprintf ('$axcrypt$*1*%s*%s*%s', $iteration, $mysalt, $wrapped_key);
6993 elsif ($mode == 13300)
6995 $hash_buf = sha1_hex ($word_buf);
6997 $tmp_hash = sprintf ('$axcrypt_sha1$%s', substr ($hash_buf, 0, 32));
7001 elsif ($mode == 13400)
7003 my @salt_arr = split ('\*', $salt_buf);
7005 my $version = $salt_arr[0];
7007 my $iteration = $salt_arr[1];
7009 my $algorithm = $salt_arr[2];
7011 my $final_random_seed = $salt_arr[3];
7013 my $transf_random_seed = $salt_arr[4];
7015 my $enc_iv = $salt_arr[5];
7019 # specific to version 1
7024 # specific to version 2
7027 # specific to keyfile handling
7028 my $inline_keyfile_flag;
7030 my $keyfile_content;
7031 my $keyfile_attributes = "";
7033 $final_random_seed = pack ("H*", $final_random_seed);
7035 $transf_random_seed = pack ("H*", $transf_random_seed);
7037 $enc_iv = pack ("H*", $enc_iv);
7039 my $intermediate_hash = sha256 ($word_buf);
7043 $contents_hash = $salt_arr[6];
7044 $contents_hash = pack ("H*", $contents_hash);
7046 $inline_flag = $salt_arr[7];
7048 $contents_len = $salt_arr[8];
7050 $contents = $salt_arr[9];
7051 $contents = pack ("H*", $contents);
7054 if (scalar @salt_arr == 13)
7056 $inline_keyfile_flag = $salt_arr[10];
7058 $keyfile_len = $salt_arr[11];
7060 $keyfile_content = $salt_arr[12];
7062 $keyfile_attributes = $keyfile_attributes
7063 . "*" . $inline_keyfile_flag
7064 . "*" . $keyfile_len
7065 . "*" . $keyfile_content;
7067 $intermediate_hash = $intermediate_hash . pack ("H*", $keyfile_content);
7068 $intermediate_hash = sha256 ($intermediate_hash);
7071 elsif ($version == 2)
7074 if (scalar @salt_arr == 11)
7076 $inline_keyfile_flag = $salt_arr[8];
7078 $keyfile_len = $salt_arr[9];
7080 $keyfile_content = $salt_arr[10];
7082 $intermediate_hash = $intermediate_hash . pack ("H*", $keyfile_content);
7084 $keyfile_attributes = $keyfile_attributes
7085 . "*" . $inline_keyfile_flag
7086 . "*" . $keyfile_len
7087 . "*" . $keyfile_content;
7090 $intermediate_hash = sha256 ($intermediate_hash);
7093 my $aes = Crypt::Mode::ECB->new ('AES', 1);
7095 for (my $j = 0; $j < $iteration; $j++)
7097 $intermediate_hash = $aes->encrypt ($intermediate_hash, $transf_random_seed);
7099 $intermediate_hash = substr ($intermediate_hash, 0, 32);
7102 $intermediate_hash = sha256 ($intermediate_hash);
7104 my $final_key = sha256 ($final_random_seed . $intermediate_hash);
7106 my $final_algorithm;
7108 if ($version == 1 && $algorithm == 1)
7110 $final_algorithm = "Crypt::Twofish";
7114 $final_algorithm = "Crypt::Rijndael";
7117 my $cipher = Crypt::CBC->new ({
7119 cipher => $final_algorithm,
7128 $contents_hash = sha256 ($contents);
7130 $contents = $cipher->encrypt($contents);
7132 $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%d*%d*%s%s',
7136 unpack ("H*", $final_random_seed),
7137 unpack ("H*", $transf_random_seed),
7138 unpack ("H*", $enc_iv),
7139 unpack ("H*", $contents_hash),
7142 unpack ("H*", $contents),
7143 $keyfile_attributes);
7147 $expected_bytes = $salt_arr[6];
7149 $contents_hash = $salt_arr[7];
7150 $contents_hash = pack ("H*", $contents_hash);
7152 $expected_bytes = $cipher->decrypt($contents_hash);
7154 $tmp_hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%s%s',
7158 unpack ("H*", $final_random_seed),
7159 unpack ("H*", $transf_random_seed),
7160 unpack ("H*", $enc_iv),
7161 unpack ("H*", $expected_bytes),
7162 unpack ("H*", $contents_hash),
7163 $keyfile_attributes);
7166 elsif ($mode == 13500)
7168 $hash_buf = sha1_hex (pack("H*",$salt_buf) . encode ("UTF-16LE", $word_buf));
7170 $tmp_hash = sprintf ("%s:%s", $hash_buf, $salt_buf);
7180 my $word_len = shift;
7182 my $salt_len = shift;
7186 $max = 15 if ($mode == 2410);
7188 if ($is_unicode{$mode})
7190 if (! $allow_long_salt{$mode})
7192 $word_len = min ($word_len, int ($max / 2) - $salt_len);
7196 $word_len = min ($word_len, int ($max / 2));
7199 elsif ($less_fifteen{$mode})
7201 $word_len = min ($word_len, 15);
7205 $salt_len = min ($salt_len, 15 - $word_len);
7210 if (! $allow_long_salt{$mode})
7212 $word_len = min ($word_len, $max - $salt_len);
7231 for (my $i = 0; $i < $salt_len; $i++)
7233 my $c = get_random_chr (0x30, 0x39);
7235 push (@salt_arr, $c);
7238 $salt_buf = join ("", @salt_arr);
7240 $salt_buf = get_random_md5chap_salt ($salt_buf);
7242 elsif ($mode == 5300 || $mode == 5400)
7244 $salt_buf = get_random_ike_salt ();
7246 elsif ($mode == 5500)
7248 $salt_buf = get_random_netntlmv1_salt ($salt_len, $salt_len);
7250 elsif ($mode == 5600)
7252 $salt_buf = get_random_netntlmv2_salt ($salt_len, $salt_len);
7254 elsif ($mode == 6600)
7256 $salt_buf = get_random_agilekeychain_salt ();
7258 elsif ($mode == 8200)
7260 $salt_buf = get_random_cloudkeychain_salt ();
7262 elsif ($mode == 8300)
7264 $salt_buf = get_random_dnssec_salt ();
7266 elsif ($mode == 13100)
7268 $salt_buf = get_random_kerberos5_tgs_salt ();
7270 elsif ($mode == 13200)
7272 $salt_buf = get_random_axcrypt_salt ();
7274 elsif ($mode == 13400)
7276 $salt_buf = get_random_keepass_salt ();
7278 elsif ($mode == 13500)
7280 $salt_buf = get_pstoken_salt ();
7286 for (my $i = 0; $i < $salt_len; $i++)
7288 my $c = get_random_chr (0x30, 0x39);
7290 push (@salt_arr, $c);
7293 $salt_buf = join ("", @salt_arr);
7297 $salt_buf = get_random_kerberos5_salt ($salt_buf);
7307 for (my $i = 0; $i < $word_len; $i++)
7309 my $c = get_random_chr (0x30, 0x39);
7311 push (@word_arr, $c);
7314 my $word_buf = join ("", @word_arr);
7320 my $tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
7333 print sprintf ("echo -n %-20s | %s \${OPTS} %s %4d '%s'\n", $word_buf, @cmd);
7345 sub get_random_string
7351 for (my $i = 0; $i < $len; $i++)
7353 my $c = get_random_chr (0x30, 0x39);
7358 my $buf = join ("", @arr);
7368 return int ((rand ($max - $min)) + $min);
7373 return chr get_random_num (@_);
7382 for (my $i = 0; $i < length ($str); $i += 4)
7384 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
7386 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
7393 $salt = substr ($decoded, 0, 5);
7395 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
7399 $byte10 = 256 + $byte10;
7402 substr ($salt, 3, 1) = chr ($byte10);
7404 $digest = substr ($decoded, 5, 9);
7405 $char = substr ($str, 18, 1);
7407 return ($digest, $salt, $char);
7410 sub domino_85x_decode
7416 for (my $i = 0; $i < length ($str); $i += 4)
7418 my $num = domino_base64_decode (substr ($str, $i, 4), 4);
7420 $decoded .= chr (($num >> 16) & 0xff) . chr (($num >> 8) & 0xff) . chr ($num & 0xff);
7425 my $iterations = -1;
7428 $salt = substr ($decoded, 0, 16); # longer than -m 8700 (5 vs 16 <- new)
7430 my $byte10 = (ord (substr ($salt, 3, 1)) - 4);
7434 $byte10 = 256 + $byte10;
7437 substr ($salt, 3, 1) = chr ($byte10);
7439 $iterations = substr ($decoded, 16, 10);
7441 if ($iterations =~ /^?d*$/)
7445 $iterations = $iterations + 0; # hack: make sure it is an int now (atoi ())
7446 $chars = substr ($decoded, 26, 2); # in my example it is "02"
7447 $digest = substr ($decoded, 28, 8); # only of length of 8 vs 20 SHA1 bytes
7450 return ($digest, $salt, $iterations, $chars);
7453 sub domino_base64_decode
7458 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
7466 my $idx = (index ($itoa64, substr ($v, $n - $i, 1))) & 0x3f;
7468 $ret += ($idx << (6 * ($i - 1)));
7481 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
7485 $byte10 = $byte10 - 256;
7488 substr ($final, 3, 1) = chr ($byte10);
7492 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
7493 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
7494 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
7495 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
7496 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
7498 if (defined ($char))
7500 substr ($passwd, 18, 1) = $char;
7502 substr ($passwd, 19, 1) = "";
7507 sub domino_85x_encode
7512 my $byte10 = (ord (substr ($final, 3, 1)) + 4);
7516 $byte10 = $byte10 - 256;
7519 substr ($final, 3, 1) = chr ($byte10);
7523 $passwd .= domino_base64_encode ((int (ord (substr ($final, 0, 1))) << 16) | (int (ord (substr ($final, 1, 1))) << 8) | (int (ord (substr ($final, 2, 1)))), 4);
7524 $passwd .= domino_base64_encode ((int (ord (substr ($final, 3, 1))) << 16) | (int (ord (substr ($final, 4, 1))) << 8) | (int (ord (substr ($final, 5, 1)))), 4);
7525 $passwd .= domino_base64_encode ((int (ord (substr ($final, 6, 1))) << 16) | (int (ord (substr ($final, 7, 1))) << 8) | (int (ord (substr ($final, 8, 1)))), 4);
7526 $passwd .= domino_base64_encode ((int (ord (substr ($final, 9, 1))) << 16) | (int (ord (substr ($final, 10, 1))) << 8) | (int (ord (substr ($final, 11, 1)))), 4);
7527 $passwd .= domino_base64_encode ((int (ord (substr ($final, 12, 1))) << 16) | (int (ord (substr ($final, 13, 1))) << 8) | (int (ord (substr ($final, 14, 1)))), 4);
7528 $passwd .= domino_base64_encode ((int (ord (substr ($final, 15, 1))) << 16) | (int (ord (substr ($final, 16, 1))) << 8) | (int (ord (substr ($final, 17, 1)))), 4);
7529 $passwd .= domino_base64_encode ((int (ord (substr ($final, 18, 1))) << 16) | (int (ord (substr ($final, 19, 1))) << 8) | (int (ord (substr ($final, 20, 1)))), 4);
7530 $passwd .= domino_base64_encode ((int (ord (substr ($final, 21, 1))) << 16) | (int (ord (substr ($final, 22, 1))) << 8) | (int (ord (substr ($final, 23, 1)))), 4);
7531 $passwd .= domino_base64_encode ((int (ord (substr ($final, 24, 1))) << 16) | (int (ord (substr ($final, 25, 1))) << 8) | (int (ord (substr ($final, 26, 1)))), 4);
7532 $passwd .= domino_base64_encode ((int (ord (substr ($final, 27, 1))) << 16) | (int (ord (substr ($final, 28, 1))) << 8) | (int (ord (substr ($final, 29, 1)))), 4);
7533 $passwd .= domino_base64_encode ((int (ord (substr ($final, 30, 1))) << 16) | (int (ord (substr ($final, 31, 1))) << 8) | (int (ord (substr ($final, 32, 1)))), 4);
7534 $passwd .= domino_base64_encode ((int (ord (substr ($final, 33, 1))) << 16) | (int (ord (substr ($final, 34, 1))) << 8) | (int (ord (substr ($final, 35, 1)))), 4);
7536 if (defined ($char))
7538 substr ($passwd, 18, 1) = $char;
7544 sub domino_base64_encode
7549 my $itoa64 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
7553 while (($n - 1) >= 0)
7557 $ret = substr ($itoa64, $v & 0x3f, 1) . $ret;
7567 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7572 my $v = unpack "V", substr($md5, $i*4, 4);
7574 $s64 .= substr($itoa64, $v & 0x3f, 1);
7583 my ($username, $password) = @_;
7585 $username = substr ($username . " " x 8, 0, 8);
7586 $password = substr ($password . " " x 8, 0, 8);
7588 my $username_ebc = ascii2ebcdic ($username);
7589 my $password_ebc = ascii2ebcdic ($password);
7591 my @pw = split ("", $password_ebc);
7593 for (my $i = 0; $i < 8; $i++)
7595 $pw[$i] = unpack ("C", $pw[$i]);
7598 $pw[$i] = pack ("C", $pw[$i] & 0xff);
7601 my $key = join ("", @pw);
7603 my $cipher = new Crypt::DES $key;
7605 my $ciphertext = $cipher->encrypt ($username_ebc);
7607 my $ct = unpack ("H16", $ciphertext);
7614 my ($username, $password) = @_;
7616 my $userpass = pack('n*', unpack('C*', uc($username.$password)));
7617 $userpass .= pack('C', 0) while (length($userpass) % 8);
7619 my $key = pack('H*', "0123456789ABCDEF");
7620 my $iv = pack('H*', "0000000000000000");
7622 my $c = new Crypt::CBC(
7629 my $key2 = substr($c->encrypt($userpass), length($userpass)-8, 8);
7631 my $c2 = new Crypt::CBC(
7638 my $hash = substr($c2->encrypt($userpass), length($userpass)-8, 8);
7640 return uc(unpack('H*', $hash));
7645 my $word_buf = shift;
7647 my $salt_buf = shift;
7649 my $w = sprintf ("%d%s%s", 0, $word_buf, $salt_buf);
7651 my $digest = sha1 ($w);
7653 for (my $i = 1; $i < 1024; $i++)
7655 $w = $digest . sprintf ("%d%s%s", $i, $word_buf, $salt_buf);
7657 $digest = sha1 ($w);
7660 my ($A, $B, $C, $D, $E) = unpack ("N5", $digest);
7662 return sprintf ("%08x%08x%08x%08x%08x", $A, $B, $C, $D, $E);
7670 my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7674 while (($n - 1) >= 0)
7678 $ret .= substr ($itoa64, $v & 0x3f, 1);
7694 my $hash = ""; # hash to be returned by this function
7696 my $final = md5 ($pass . $salt . $pass);
7698 $salt = substr ($salt, 0, 8);
7700 my $tmp = $pass . $magic . $salt;
7702 my $pass_len = length ($pass);
7706 for ($i = $pass_len; $i > 0; $i -= 16)
7715 $tmp .= substr ($final, 0, $len);
7728 $tmp .= substr ($pass, 0, 1);
7734 $final = md5 ($tmp);
7736 for ($i = 0; $i < $iter; $i++)
7768 $final = md5 ($tmp);
7772 # now format the output sting ("hash")
7776 $hash = to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 6, 1)) << 8) | (ord (substr ($final, 12, 1))), 4);
7777 $hash .= to64 ((ord (substr ($final, 1, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7778 $hash .= to64 ((ord (substr ($final, 2, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
7779 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 9, 1)) << 8) | (ord (substr ($final, 15, 1))), 4);
7780 $hash .= to64 ((ord (substr ($final, 4, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
7781 $hash .= to64 (ord (substr ($final, 11, 1)), 2);
7783 if ($iter == 1000) # default
7785 $hash_buf = sprintf ("%s%s\$%s", $magic , $salt , $hash);
7789 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7801 my $hash = ""; # hash to be returned by this function
7803 my $final = sha512 ($pass . $salt . $pass);
7805 $salt = substr ($salt, 0, 16);
7807 my $tmp = $pass . $salt;
7809 my $pass_len = length ($pass);
7810 my $salt_len = length ($salt);
7814 for ($i = $pass_len; $i > 0; $i -= 16)
7823 $tmp .= substr ($final, 0, $len);
7842 $final = sha512 ($tmp);
7848 for ($i = 0; $i < $pass_len; $i++)
7853 $p_bytes = sha512 ($p_bytes);
7854 $p_bytes = substr ($p_bytes, 0, $pass_len);
7858 my $final_first_byte = ord (substr ($final, 0, 1));
7862 for ($i = 0; $i < (16 + $final_first_byte); $i++)
7867 $s_bytes = sha512 ($s_bytes);
7868 $s_bytes = substr ($s_bytes, 0, $salt_len);
7870 for ($i = 0; $i < $iter; $i++)
7902 $final = sha512 ($tmp);
7906 # now format the output string ("hash")
7910 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 21, 1)) << 8) | (ord (substr ($final, 42, 1))), 4);
7911 $hash .= to64 ((ord (substr ($final, 22, 1)) << 16) | (ord (substr ($final, 43, 1)) << 8) | (ord (substr ($final, 1, 1))), 4);
7912 $hash .= to64 ((ord (substr ($final, 44, 1)) << 16) | (ord (substr ($final, 2, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
7913 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 24, 1)) << 8) | (ord (substr ($final, 45, 1))), 4);
7914 $hash .= to64 ((ord (substr ($final, 25, 1)) << 16) | (ord (substr ($final, 46, 1)) << 8) | (ord (substr ($final, 4, 1))), 4);
7915 $hash .= to64 ((ord (substr ($final, 47, 1)) << 16) | (ord (substr ($final, 5, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
7916 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 27, 1)) << 8) | (ord (substr ($final, 48, 1))), 4);
7917 $hash .= to64 ((ord (substr ($final, 28, 1)) << 16) | (ord (substr ($final, 49, 1)) << 8) | (ord (substr ($final, 7, 1))), 4);
7918 $hash .= to64 ((ord (substr ($final, 50, 1)) << 16) | (ord (substr ($final, 8, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
7919 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 30, 1)) << 8) | (ord (substr ($final, 51, 1))), 4);
7920 $hash .= to64 ((ord (substr ($final, 31, 1)) << 16) | (ord (substr ($final, 52, 1)) << 8) | (ord (substr ($final, 10, 1))), 4);
7921 $hash .= to64 ((ord (substr ($final, 53, 1)) << 16) | (ord (substr ($final, 11, 1)) << 8) | (ord (substr ($final, 32, 1))), 4);
7922 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 33, 1)) << 8) | (ord (substr ($final, 54, 1))), 4);
7923 $hash .= to64 ((ord (substr ($final, 34, 1)) << 16) | (ord (substr ($final, 55, 1)) << 8) | (ord (substr ($final, 13, 1))), 4);
7924 $hash .= to64 ((ord (substr ($final, 56, 1)) << 16) | (ord (substr ($final, 14, 1)) << 8) | (ord (substr ($final, 35, 1))), 4);
7925 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 36, 1)) << 8) | (ord (substr ($final, 57, 1))), 4);
7926 $hash .= to64 ((ord (substr ($final, 37, 1)) << 16) | (ord (substr ($final, 58, 1)) << 8) | (ord (substr ($final, 16, 1))), 4);
7927 $hash .= to64 ((ord (substr ($final, 59, 1)) << 16) | (ord (substr ($final, 17, 1)) << 8) | (ord (substr ($final, 38, 1))), 4);
7928 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 39, 1)) << 8) | (ord (substr ($final, 60, 1))), 4);
7929 $hash .= to64 ((ord (substr ($final, 40, 1)) << 16) | (ord (substr ($final, 61, 1)) << 8) | (ord (substr ($final, 19, 1))), 4);
7930 $hash .= to64 ((ord (substr ($final, 62, 1)) << 16) | (ord (substr ($final, 20, 1)) << 8) | (ord (substr ($final, 41, 1))), 4);
7931 $hash .= to64 (ord (substr ($final, 63, 1)), 2);
7935 if ($iter == 5000) # default
7937 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
7941 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
7953 my $hash = ""; # hash to be returned by this function
7955 my $final = sha256 ($pass . $salt . $pass);
7957 $salt = substr ($salt, 0, 16);
7959 my $tmp = $pass . $salt;
7961 my $pass_len = length ($pass);
7962 my $salt_len = length ($salt);
7966 for ($i = $pass_len; $i > 0; $i -= 16)
7975 $tmp .= substr ($final, 0, $len);
7994 $final = sha256 ($tmp);
8000 for ($i = 0; $i < $pass_len; $i++)
8005 $p_bytes = sha256 ($p_bytes);
8006 $p_bytes = substr ($p_bytes, 0, $pass_len);
8010 my $final_first_byte = ord (substr ($final, 0, 1));
8014 for ($i = 0; $i < (16 + $final_first_byte); $i++)
8019 $s_bytes = sha256 ($s_bytes);
8020 $s_bytes = substr ($s_bytes, 0, $salt_len);
8022 for ($i = 0; $i < $iter; $i++)
8054 $final = sha256 ($tmp);
8058 # now format the output string ("hash")
8062 $hash .= to64 ((ord (substr ($final, 0, 1)) << 16) | (ord (substr ($final, 10, 1)) << 8) | (ord (substr ($final, 20, 1))), 4);
8063 $hash .= to64 ((ord (substr ($final, 21, 1)) << 16) | (ord (substr ($final, 1, 1)) << 8) | (ord (substr ($final, 11, 1))), 4);
8064 $hash .= to64 ((ord (substr ($final, 12, 1)) << 16) | (ord (substr ($final, 22, 1)) << 8) | (ord (substr ($final, 2, 1))), 4);
8065 $hash .= to64 ((ord (substr ($final, 3, 1)) << 16) | (ord (substr ($final, 13, 1)) << 8) | (ord (substr ($final, 23, 1))), 4);
8066 $hash .= to64 ((ord (substr ($final, 24, 1)) << 16) | (ord (substr ($final, 4, 1)) << 8) | (ord (substr ($final, 14, 1))), 4);
8067 $hash .= to64 ((ord (substr ($final, 15, 1)) << 16) | (ord (substr ($final, 25, 1)) << 8) | (ord (substr ($final, 5, 1))), 4);
8068 $hash .= to64 ((ord (substr ($final, 6, 1)) << 16) | (ord (substr ($final, 16, 1)) << 8) | (ord (substr ($final, 26, 1))), 4);
8069 $hash .= to64 ((ord (substr ($final, 27, 1)) << 16) | (ord (substr ($final, 7, 1)) << 8) | (ord (substr ($final, 17, 1))), 4);
8070 $hash .= to64 ((ord (substr ($final, 18, 1)) << 16) | (ord (substr ($final, 28, 1)) << 8) | (ord (substr ($final, 8, 1))), 4);
8071 $hash .= to64 ((ord (substr ($final, 9, 1)) << 16) | (ord (substr ($final, 19, 1)) << 8) | (ord (substr ($final, 29, 1))), 4);
8072 $hash .= to64 ((ord (substr ($final, 31, 1)) << 8) | (ord (substr ($final, 30, 1))), 3);
8076 if ($iter == 5000) # default
8078 $hash_buf = sprintf ("%s%s\$%s", $magic, $salt , $hash);
8082 $hash_buf = sprintf ("%srounds=%i\$%s\$%s", $magic, $iter, $salt , $hash);
8088 sub aix_ssha256_pbkdf2
8090 my $word_buf = shift;
8091 my $salt_buf = shift;
8092 my $iterations = shift;
8094 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256);
8096 my $pbkdf2 = Crypt::PBKDF2->new (
8098 iterations => $iterations,
8102 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
8106 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
8107 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8108 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
8109 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
8110 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8111 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
8112 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
8113 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
8114 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
8115 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
8116 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) , 3);
8121 sub aix_ssha512_pbkdf2
8123 my $word_buf = shift;
8124 my $salt_buf = shift;
8125 my $iterations = shift;
8127 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512);
8129 my $pbkdf2 = Crypt::PBKDF2->new (
8131 iterations => $iterations,
8134 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
8138 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
8139 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8140 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
8141 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
8142 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8143 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
8144 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) | (int (ord (substr ($hash_buf, 20, 1)))), 4);
8145 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 21, 1))) << 16) | (int (ord (substr ($hash_buf, 22, 1))) << 8) | (int (ord (substr ($hash_buf, 23, 1)))), 4);
8146 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 24, 1))) << 16) | (int (ord (substr ($hash_buf, 25, 1))) << 8) | (int (ord (substr ($hash_buf, 26, 1)))), 4);
8147 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 27, 1))) << 16) | (int (ord (substr ($hash_buf, 28, 1))) << 8) | (int (ord (substr ($hash_buf, 29, 1)))), 4);
8148 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 30, 1))) << 16) | (int (ord (substr ($hash_buf, 31, 1))) << 8) | (int (ord (substr ($hash_buf, 32, 1)))), 4);
8149 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 33, 1))) << 16) | (int (ord (substr ($hash_buf, 34, 1))) << 8) | (int (ord (substr ($hash_buf, 35, 1)))), 4);
8150 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 36, 1))) << 16) | (int (ord (substr ($hash_buf, 37, 1))) << 8) | (int (ord (substr ($hash_buf, 38, 1)))), 4);
8151 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 39, 1))) << 16) | (int (ord (substr ($hash_buf, 40, 1))) << 8) | (int (ord (substr ($hash_buf, 41, 1)))), 4);
8152 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 42, 1))) << 16) | (int (ord (substr ($hash_buf, 43, 1))) << 8) | (int (ord (substr ($hash_buf, 44, 1)))), 4);
8153 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 45, 1))) << 16) | (int (ord (substr ($hash_buf, 46, 1))) << 8) | (int (ord (substr ($hash_buf, 47, 1)))), 4);
8154 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 48, 1))) << 16) | (int (ord (substr ($hash_buf, 49, 1))) << 8) | (int (ord (substr ($hash_buf, 50, 1)))), 4);
8155 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 51, 1))) << 16) | (int (ord (substr ($hash_buf, 52, 1))) << 8) | (int (ord (substr ($hash_buf, 53, 1)))), 4);
8156 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 54, 1))) << 16) | (int (ord (substr ($hash_buf, 55, 1))) << 8) | (int (ord (substr ($hash_buf, 56, 1)))), 4);
8157 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 57, 1))) << 16) | (int (ord (substr ($hash_buf, 58, 1))) << 8) | (int (ord (substr ($hash_buf, 59, 1)))), 4);
8158 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 60, 1))) << 16) | (int (ord (substr ($hash_buf, 61, 1))) << 8) | (int (ord (substr ($hash_buf, 62, 1)))), 4);
8159 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 63, 1))) << 16) , 2);
8164 sub aix_ssha1_pbkdf2
8166 my $word_buf = shift;
8167 my $salt_buf = shift;
8168 my $iterations = shift;
8170 my $hasher = Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1');
8172 my $pbkdf2 = Crypt::PBKDF2->new (
8174 iterations => $iterations,
8177 my $hash_buf = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
8181 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 1, 1))) << 8) | (int (ord (substr ($hash_buf, 2, 1)))), 4);
8182 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 4, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8183 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 6, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 8, 1)))), 4);
8184 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 9, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 11, 1)))), 4);
8185 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 12, 1))) << 16) | (int (ord (substr ($hash_buf, 13, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8186 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 15, 1))) << 16) | (int (ord (substr ($hash_buf, 16, 1))) << 8) | (int (ord (substr ($hash_buf, 17, 1)))), 4);
8187 $tmp_hash .= to64 ((int (ord (substr ($hash_buf, 18, 1))) << 16) | (int (ord (substr ($hash_buf, 19, 1))) << 8) , 3);
8196 my @data = split "", $data_s;
8199 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8200 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8201 "\x3f\x40\x41\x50\x43\x44\x45\x4b\x47\x48\x4d\x4e\x54\x51\x53\x46" .
8202 "\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x56\x55\x5c\x49\x5d\x4a" .
8203 "\x42\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
8204 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x58\x5b\x59\xff\x52" .
8205 "\x4c\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" .
8206 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x57\x5e\x5a\x4f\xff" .
8207 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8208 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8209 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8210 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8211 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8212 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8213 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
8214 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
8216 my @transTable = unpack ("C256", $transTable_s);
8220 for (my $i = 0; $i < scalar @data; $i++)
8222 $out[$i] = $transTable[int (ord ($data[$i]))];
8225 return pack ("C*", @out);
8230 my $digest_s = shift;
8235 my @w = unpack "C*", $w_s;
8236 my @s = unpack "C*", $s_s;
8239 "\x14\x77\xf3\xd4\xbb\x71\x23\xd0\x03\xff\x47\x93\x55\xaa\x66\x91" .
8240 "\xf2\x88\x6b\x99\xbf\xcb\x32\x1a\x19\xd9\xa7\x82\x22\x49\xa2\x51" .
8241 "\xe2\xb7\x33\x71\x8b\x9f\x5d\x01\x44\x70\xae\x11\xef\x28\xf0\x0d";
8243 my @bcodeTable = unpack ("C48", $bcodeTable_s);
8245 my @abcd = unpack ("C16", $digest_s);
8247 my $sum20 = ($abcd[0] & 3)
8257 for (my $i2 = 0; $i2 < $sum20; $i2++)
8262 for (my $i1 = 0, my $i2 = 0, my $i3 = 0; $i2 < $sum20; $i2++, $i2++)
8264 if ($i1 < length $w_s)
8266 if ($abcd[15 - $i1] & 1)
8268 $out[$i2] = $bcodeTable[48 - 1 - $i1];
8273 $out[$i2] = $w[$i1];
8279 if ($i3 < length $s_s)
8281 $out[$i2] = $s[$i3];
8287 $out[$i2] = $bcodeTable[$i2 - $i1 - $i3];
8290 return substr (pack ("C*", @out), 0, $sum20);
8295 my @key_56 = split (//, shift);
8301 $key .= chr(((ord($key_56[0]) << 7) | (ord($key_56[1]) >> 1)) & 255);
8302 $key .= chr(((ord($key_56[1]) << 6) | (ord($key_56[2]) >> 2)) & 255);
8303 $key .= chr(((ord($key_56[2]) << 5) | (ord($key_56[3]) >> 3)) & 255);
8304 $key .= chr(((ord($key_56[3]) << 4) | (ord($key_56[4]) >> 4)) & 255);
8305 $key .= chr(((ord($key_56[4]) << 3) | (ord($key_56[5]) >> 5)) & 255);
8306 $key .= chr(((ord($key_56[5]) << 2) | (ord($key_56[6]) >> 6)) & 255);
8307 $key .= chr(( ord($key_56[6]) << 1) & 255);
8318 for (my $i = 0; $i < $len; $i++)
8320 my $c = get_random_chr (0, 255);
8325 return join ("", @arr);
8328 sub get_random_netntlmv1_salt
8330 my $len_user = shift;
8331 my $len_domain = shift;
8337 for (my $i = 0; $i < $len_user; $i++)
8339 $type = get_random_num (1, 3);
8343 $char = get_random_chr (0x30, 0x39);
8347 $char = get_random_chr (0x41, 0x5A);
8351 $char = get_random_chr (0x61, 0x7A);
8359 for (my $i = 0; $i < $len_domain; $i++)
8361 $type = get_random_num (1, 3);
8365 $char = get_random_chr (0x30, 0x39);
8369 $char = get_random_chr (0x41, 0x5A);
8373 $char = get_random_chr (0x61, 0x7A);
8379 my $c_challenge = randbytes (8);
8380 my $s_challenge = randbytes (8);
8382 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $c_challenge) . unpack ("H*", $s_challenge);
8387 sub get_random_netntlmv2_salt
8389 my $len_user = shift;
8390 my $len_domain = shift;
8396 if ($len_user + $len_domain > 27)
8398 if ($len_user > $len_domain)
8400 $len_user = 27 - $len_domain;
8404 $len_domain = 27 - $len_user;
8408 for (my $i = 0; $i < $len_user; $i++)
8410 $type = get_random_num (1, 3);
8414 $char = get_random_chr (0x30, 0x39);
8418 $char = get_random_chr (0x41, 0x5A);
8422 $char = get_random_chr (0x61, 0x7A);
8430 for (my $i = 0; $i < $len_domain; $i++)
8432 $type = get_random_num (1, 3);
8436 $char = get_random_chr (0x30, 0x39);
8440 $char = get_random_chr (0x41, 0x5A);
8444 $char = get_random_chr (0x61, 0x7A);
8450 my $c_challenge = randbytes (8);
8451 my $s_challenge = randbytes (8);
8453 my $temp = "\x01\x01" .
8458 randbytes (20 * rand () + 1) .
8461 my $salt_buf = $user . "::" . $domain . ":" . unpack ("H*", $s_challenge) . unpack ("H*", $temp);
8466 sub get_random_ike_salt
8470 for (my $i = 0; $i < 40; $i++)
8472 $nr_buf .= get_random_chr (0, 0xff);
8477 for (my $i = 0; $i < 440; $i++)
8479 $msg_buf .= get_random_chr (0, 0xff);
8482 my $nr_buf_hex = unpack ("H*", $nr_buf);
8483 my $msg_buf_hex = unpack ("H*", $msg_buf);
8485 my $salt_buf = sprintf ("%s:%s:%s:%s:%s:%s:%s:%s", substr ($msg_buf_hex, 0, 256), substr ($msg_buf_hex, 256, 256), substr ($msg_buf_hex, 512, 16), substr ($msg_buf_hex, 528, 16), substr ($msg_buf_hex, 544, 320), substr ($msg_buf_hex, 864, 16), substr ($nr_buf_hex, 0, 40), substr ($nr_buf_hex, 40, 40));
8490 sub get_random_agilekeychain_salt
8494 for (my $i = 0; $i < 8; $i++)
8496 $salt_buf .= get_random_chr (0x0, 0xff);
8501 for (my $i = 0; $i < 16; $i++)
8503 $iv .= get_random_chr (0x0, 0xff);
8506 my $prefix = "\x00" x 1008;
8508 my $ret = unpack ("H*", $salt_buf . $prefix . $iv);
8513 sub get_random_cloudkeychain_salt
8517 for (my $i = 0; $i < 16; $i++)
8519 $salt_buf .= get_random_chr (0x0, 0xff);
8522 for (my $i = 0; $i < 304; $i++)
8524 $salt_buf .= get_random_chr (0x0, 0xff);
8527 my $ret = unpack ("H*", $salt_buf);
8532 sub get_random_kerberos5_salt
8534 my $custom_salt = shift;
8536 my $clear_data = randbytes (14) .
8537 strftime ("%Y%m%d%H%M%S", localtime) .
8541 my $realm = "realm";
8544 my $salt_buf = $user . "\$" . $realm . "\$" . $salt . "\$" . unpack ("H*", $custom_salt) . "\$" . unpack ("H*", $clear_data) . "\$";
8549 sub get_random_kerberos5_tgs_salt
8551 my $nonce = randbytes (8);
8554 my $realm = "realm";
8555 my $spn = "test/spn";
8557 my $salt_buf = $user . "\$" . $realm . "\$" . $spn . "\$" . unpack ("H*",$nonce);
8562 sub get_random_axcrypt_salt
8564 my $mysalt = randbytes (16);
8566 $mysalt = unpack ("H*", $mysalt);
8568 my $iteration = get_random_num (6, 100000);
8570 my $salt_buf = $iteration . '*' . $mysalt;
8575 sub get_random_keepass_salt
8577 my $version = get_random_num (1, 3);
8583 my $final_random_seed;
8587 $algorithm = get_random_num (0, 2);
8589 $iteration = get_random_num (50000, 100000);
8591 $final_random_seed = randbytes (16);
8592 $final_random_seed = unpack ("H*", $final_random_seed);
8594 elsif ($version == 2)
8598 $iteration = get_random_num (6000, 100000);
8600 $final_random_seed = randbytes (32);
8601 $final_random_seed = unpack ("H*", $final_random_seed);
8604 my $transf_random_seed = randbytes (32);
8605 $transf_random_seed = unpack ("H*", $transf_random_seed);
8607 my $enc_iv = randbytes (16);
8608 $enc_iv = unpack ("H*", $enc_iv);
8610 my $contents_hash = randbytes (32);
8611 $contents_hash = unpack ("H*", $contents_hash);
8613 my $inline_flag = 1;
8615 my $contents_len = get_random_num (128, 500);
8617 my $contents = randbytes ($contents_len);
8619 $contents_len += 16 - $contents_len % 16;
8621 $contents = unpack ("H*", $contents);
8625 my $is_keyfile = get_random_num (0, 2);
8627 my $keyfile_attributes = "";
8629 if ($is_keyfile == 1)
8631 $keyfile_attributes = $keyfile_attributes
8633 . unpack ("H*", randbytes (32));
8638 $salt_buf = $version . '*' .
8641 $final_random_seed . '*' .
8642 $transf_random_seed . '*' .
8644 $contents_hash . '*' .
8645 $inline_flag . '*' .
8646 $contents_len . '*' .
8648 $keyfile_attributes;
8650 elsif ($version == 2)
8652 $contents = randbytes (32);
8653 $contents = unpack ("H*", $contents);
8655 $salt_buf = $version . '*' .
8658 $final_random_seed . '*' .
8659 $transf_random_seed . '*' .
8661 $contents_hash . '*' .
8663 $keyfile_attributes;
8669 sub get_pstoken_salt
8671 # Cannot be fully random because of the salt structure, will use a constant salt.
8673 "\x71\x00\x00\x00\x04\x03\x02\x01\x01\x00\x00\x00\xbc\x02" .
8674 "\x00\x00\x00\x00\x00\x00\x10\x50\x00\x50\x00\x57\x00\x45" .
8675 "\x00\x42\x00\x45\x00\x58\x00\x54\x00\x06\x45\x00\x4e\x00" .
8676 "\x47\x00\x0e\x50\x00\x53\x00\x46\x00\x54\x00\x5f\x00\x48" .
8677 "\x00\x52\x00\x34\x32\x00\x30\x00\x31\x00\x36\x00\x2d\x00" .
8678 "\x30\x00\x34\x00\x2d\x00\x30\x00\x38\x00\x2d\x00\x31\x00" .
8679 "\x39\x00\x2e\x00\x32\x00\x37\x00\x2e\x00\x30\x00\x35\x00" .
8680 "\x2e\x00\x30\x00\x30\x00\x30\x00\x30\x00\x30\x00\x32\x00" .
8683 return unpack ("H*", $pstoken_const);
8686 sub get_random_md5chap_salt
8688 my $salt_buf = shift;
8690 my $salt = unpack ("H*", $salt_buf);
8694 $salt .= unpack ("H*", randbytes (1));
8699 sub get_random_dnssec_salt
8705 for (my $i = 0; $i < 8; $i++)
8707 $salt_buf .= get_random_chr (0x61, 0x7a);
8710 $salt_buf .= ".net";
8714 for (my $i = 0; $i < 8; $i++)
8716 $salt_buf .= get_random_chr (0x30, 0x39);
8729 my $byte_off = int ($bit / 8);
8730 my $bit_off = int ($bit % 8);
8732 my $char = substr ($digest, $byte_off, 1);
8733 my $num = ord ($char);
8735 return (($num & (1 << $bit_off)) ? 1 : 0);
8744 my $constant_phrase =
8745 "To be, or not to be,--that is the question:--\n" .
8746 "Whether 'tis nobler in the mind to suffer\n" .
8747 "The slings and arrows of outrageous fortune\n" .
8748 "Or to take arms against a sea of troubles,\n" .
8749 "And by opposing end them?--To die,--to sleep,--\n" .
8750 "No more; and by a sleep to say we end\n" .
8751 "The heartache, and the thousand natural shocks\n" .
8752 "That flesh is heir to,--'tis a consummation\n" .
8753 "Devoutly to be wish'd. To die,--to sleep;--\n" .
8754 "To sleep! perchance to dream:--ay, there's the rub;\n" .
8755 "For in that sleep of death what dreams may come,\n" .
8756 "When we have shuffled off this mortal coil,\n" .
8757 "Must give us pause: there's the respect\n" .
8758 "That makes calamity of so long life;\n" .
8759 "For who would bear the whips and scorns of time,\n" .
8760 "The oppressor's wrong, the proud man's contumely,\n" .
8761 "The pangs of despis'd love, the law's delay,\n" .
8762 "The insolence of office, and the spurns\n" .
8763 "That patient merit of the unworthy takes,\n" .
8764 "When he himself might his quietus make\n" .
8765 "With a bare bodkin? who would these fardels bear,\n" .
8766 "To grunt and sweat under a weary life,\n" .
8767 "But that the dread of something after death,--\n" .
8768 "The undiscover'd country, from whose bourn\n" .
8769 "No traveller returns,--puzzles the will,\n" .
8770 "And makes us rather bear those ills we have\n" .
8771 "Than fly to others that we know not of?\n" .
8772 "Thus conscience does make cowards of us all;\n" .
8773 "And thus the native hue of resolution\n" .
8774 "Is sicklied o'er with the pale cast of thought;\n" .
8775 "And enterprises of great pith and moment,\n" .
8776 "With this regard, their currents turn awry,\n" .
8777 "And lose the name of action.--Soft you now!\n" .
8778 "The fair Ophelia!--Nymph, in thy orisons\n" .
8779 "Be all my sins remember'd.\n\x00";
8781 my $constant_len = length ($constant_phrase);
8783 my $hash_buf = md5 ($pw . $salt);
8789 for (my $round = 0; $round < $iter; $round++)
8791 my $shift_a = md5bit ($hash_buf, $round + 0);
8792 my $shift_b = md5bit ($hash_buf, $round + 64);
8797 for (my $k = 0; $k < 16; $k++)
8799 my $s7shift = ord (substr ($hash_buf, $k, 1)) % 8;
8801 my $l = ($k + 3) % 16;
8803 my $num = ord (substr ($hash_buf, $l, 1));
8805 $shift_4[$k] = $num % 5;
8807 $shift_7[$k] = ($num >> $s7shift) & 1;
8812 for (my $k = 0; $k < 16; $k++)
8814 $indirect_4[$k] = (ord (substr ($hash_buf, $k, 1)) >> $shift_4[$k]) & 0xf;
8819 for (my $k = 0; $k < 16; $k++)
8821 $indirect_7[$k] = (ord (substr ($hash_buf, $indirect_4[$k], 1)) >> $shift_7[$k]) & 0x7f;
8827 for (my $k = 0; $k < 8; $k++)
8829 $indirect_a |= md5bit ($hash_buf, $indirect_7[$k + 0]) << $k;
8831 $indirect_b |= md5bit ($hash_buf, $indirect_7[$k + 8]) << $k;
8834 $indirect_a = ($indirect_a >> $shift_a) & 0x7f;
8835 $indirect_b = ($indirect_b >> $shift_b) & 0x7f;
8837 my $bit_a = md5bit ($hash_buf, $indirect_a);
8838 my $bit_b = md5bit ($hash_buf, $indirect_b);
8848 if ($bit_a ^ $bit_b)
8850 substr ($W, 16, 48) = substr ($constant_phrase, 0, 48);
8854 $to_hash .= substr ($W, 0, 64);
8858 for ($constant_off = 48; $constant_off < $constant_len - 64; $constant_off += 64)
8860 substr ($W, 0, 64) = substr ($constant_phrase, $constant_off, 64);
8864 $to_hash .= substr ($W, 0, 64);
8867 $pos = $constant_len - $constant_off;
8871 substr ($W, 0, $pos) = substr ($constant_phrase, $constant_off, $pos);
8886 my $round_div = int ($tmp / 10);
8887 my $round_mod = int ($tmp % 10);
8891 $a_buf[int ($a_len / 4)] = (($round_mod + 0x30) | ($a_buf[int ($a_len / 4)] << 8));
8901 for ($g = 0; $g < $a_len; $g++)
8903 my $remainder = $a_buf[$g];
8909 while ($remainder > 0)
8911 $sub = $remainder >> (8 * $factor);
8913 if ($started != 1 || $sub > 0)
8917 $tmp_str = chr ($sub) . $tmp_str;
8919 $remainder -= ($sub << (8 * $factor));
8927 substr ($W, $pos, $a_len) = $tmp_str;
8933 $to_hash .= substr ($W, 0, $pos);
8935 $to_hash = substr ($to_hash, 0, $total);
8937 $hash_buf = md5 ($to_hash);
8942 $passwd .= to64 ((int (ord (substr ($hash_buf, 0, 1))) << 16) | (int (ord (substr ($hash_buf, 6, 1))) << 8) | (int (ord (substr ($hash_buf, 12, 1)))), 4);
8943 $passwd .= to64 ((int (ord (substr ($hash_buf, 1, 1))) << 16) | (int (ord (substr ($hash_buf, 7, 1))) << 8) | (int (ord (substr ($hash_buf, 13, 1)))), 4);
8944 $passwd .= to64 ((int (ord (substr ($hash_buf, 2, 1))) << 16) | (int (ord (substr ($hash_buf, 8, 1))) << 8) | (int (ord (substr ($hash_buf, 14, 1)))), 4);
8945 $passwd .= to64 ((int (ord (substr ($hash_buf, 3, 1))) << 16) | (int (ord (substr ($hash_buf, 9, 1))) << 8) | (int (ord (substr ($hash_buf, 15, 1)))), 4);
8946 $passwd .= to64 ((int (ord (substr ($hash_buf, 4, 1))) << 16) | (int (ord (substr ($hash_buf, 10, 1))) << 8) | (int (ord (substr ($hash_buf, 5, 1)))), 4);
8947 $passwd .= to64 ((int (ord (substr ($hash_buf, 11, 1)))), 2);
8954 die ("usage: $0 single|passthrough| [mode] [len]\n" .
8956 " $0 verify [mode] [hashfile] [cracks] [outfile]\n");
8961 my $block_ref = shift;
8965 my $value = 16 - $offset;
8967 for (my $i = $offset; $i < 16; $i++)
8969 push @{$block_ref}, $value;
8979 for (my $i = 0; $i < 18; $i++)
8981 for (my $j = 0; $j < 48; $j++)
8983 $p = ($p + 48 - $j) & 0xff;
8985 my $c = $lotus_magic_table[$p];
8987 $p = $in_ref->[$j] ^ $c;
8994 sub lotus_transform_password
8997 my $out_ref = shift;
8999 my $t = $out_ref->[15];
9001 for (my $i = 0; $i < 16; $i++)
9003 $t ^= $in_ref->[$i];
9005 my $c = $lotus_magic_table[$t];
9007 $out_ref->[$i] ^= $c;
9009 $t = $out_ref->[$i];
9013 sub mdtransform_norecalc
9015 my $state_ref = shift;
9016 my $block_ref = shift;
9020 push (@x, @{$state_ref});
9021 push (@x, @{$block_ref});
9023 for (my $i = 0; $i < 16; $i++)
9025 push (@x, $x[0 + $i] ^ $x[16 + $i]);
9030 for (my $i = 0; $i < 16; $i++)
9032 $state_ref->[$i] = $x[$i];
9038 my $state_ref = shift;
9039 my $checksum_ref = shift;
9040 my $block_ref = shift;
9042 mdtransform_norecalc ($state_ref, $block_ref);
9044 lotus_transform_password ($block_ref, $checksum_ref);
9049 my $saved_key_ref = shift;
9053 @{$saved_key_ref} = splice (@{$saved_key_ref}, 0, $size);
9055 my @state = (0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
9061 for ($curpos = 0; $curpos + 16 < $size; $curpos += 16)
9063 my $curpos16 = $curpos + 16;
9065 my @block = splice (@{$saved_key_ref}, 0, 16);
9067 mdtransform (\@state, \@checksum, \@block);
9070 my $left = $size - $curpos;
9072 my @block = splice (@{$saved_key_ref}, 0, 16);
9074 pad16 (\@block, $left);
9076 mdtransform (\@state, \@checksum, \@block);
9078 mdtransform_norecalc (\@state, \@checksum);
9083 sub pdf_compute_encryption_key
9085 my $word_buf = shift;
9086 my $padding = shift;
9101 $data .= substr ($padding, 0, 32 - length $word_buf);
9103 $data .= pack ("H*", $o);
9105 $data .= pack ("I", $P);
9107 $data .= pack ("H*", $id);
9113 $data .= pack ("I", -1);
9117 my $res = md5 ($data);
9121 for (my $i = 0; $i < 50; $i++)
9130 sub gen_random_wpa_eapol
9139 my $version = 1; # 802.1X-2001
9141 $ret .= pack ("C*", $version);
9143 my $type = 3; # means that this EAPOL frame is used to transfer key information
9145 $ret .= pack ("C*", $type);
9147 my $length; # length of remaining data
9158 $ret .= pack ("n*", $length);
9160 my $descriptor_type;
9164 $descriptor_type = 254; # EAPOL WPA key
9168 $descriptor_type = 1; # EAPOL RSN key
9171 $ret .= pack ("C*", $descriptor_type);
9173 # key_info is a bit vector:
9174 # generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3)
9178 $key_info |= 1 << 8; # set key MIC
9179 $key_info |= 1 << 3; # set if it is a pairwise key
9183 $key_info |= 1 << 0; # RC4 Cipher, HMAC-MD5 MIC
9187 $key_info |= 1 << 1; # AES Cipher, HMAC-SHA1 MIC
9190 $ret .= pack ("n*", $key_info);
9203 $ret .= pack ("n*", $key_length);
9205 my $replay_counter = 1;
9207 $ret .= pack ("Q>*", $replay_counter);
9211 my $key_iv = "\x00" x 16;
9215 my $key_rsc = "\x00" x 8;
9219 my $key_id = "\x00" x 8;
9223 my $key_mic = "\x00" x 16;
9231 $key_data_len = 24; # length of the key_data (== WPA info)
9235 $key_data_len = 22; # length of the key_data (== RSN info)
9238 $ret .= pack ("n*", $key_data_len);
9248 my $vendor_specific_data = "";
9250 my $tag_number = 221; # means it is a vendor specific tag
9252 $vendor_specific_data .= pack ("C*", $tag_number);
9254 my $tag_len = 22; # length of the remaining "tag data"
9256 $vendor_specific_data .= pack ("C*", $tag_len);
9258 my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft
9260 $vendor_specific_data .= $vendor_specific_oui;
9262 my $vendor_specific_oui_type = 1; # WPA Information Element
9264 $vendor_specific_data .= pack ("C*", $vendor_specific_oui_type);
9266 my $vendor_specific_wpa_version = 1;
9268 $vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version);
9272 my $vendor_specific_multicast_oui = pack ("H*", "0050f2");
9274 $vendor_specific_data .= $vendor_specific_multicast_oui;
9276 my $vendor_specific_multicast_type = 2; # TKIP
9278 $vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type);
9282 my $vendor_specific_unicast_count = 1;
9284 $vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count);
9286 my $vendor_specific_unicast_oui = pack ("H*", "0050f2");
9288 $vendor_specific_data .= $vendor_specific_multicast_oui;
9290 my $vendor_specific_unicast_type = 2; # TKIP
9292 $vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type);
9294 # Auth Key Management (AKM)
9296 my $auth_key_management_count = 1;
9298 $vendor_specific_data .= pack ("v*", $auth_key_management_count);
9300 my $auth_key_management_oui = pack ("H*", "0050f2");
9302 $vendor_specific_data .= $auth_key_management_oui;
9304 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
9306 $vendor_specific_data .= pack ("C*", $auth_key_management_type);
9308 $wpa_info = $vendor_specific_data;
9310 $key_data = $wpa_info;
9318 my $tag_number = 48; # RSN info
9320 $rsn_info .= pack ("C*", $tag_number);
9322 my $tag_len = 20; # length of the remaining "tag_data"
9324 $rsn_info .= pack ("C*", $tag_len);
9326 my $rsn_version = 1;
9328 $rsn_info .= pack ("v*", $rsn_version);
9330 # group cipher suite
9332 my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
9334 $rsn_info .= $group_cipher_suite_oui;
9336 my $group_cipher_suite_type = 4; # AES (CCM)
9338 $rsn_info .= pack ("C*", $group_cipher_suite_type);
9340 # pairwise cipher suite
9342 my $pairwise_cipher_suite_count = 1;
9344 $rsn_info .= pack ("v*", $pairwise_cipher_suite_count);
9346 my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
9348 $rsn_info .= $pairwise_cipher_suite_oui;
9350 my $pairwise_cipher_suite_type = 4; # AES (CCM)
9352 $rsn_info .= pack ("C*", $pairwise_cipher_suite_type);
9354 # Auth Key Management (AKM)
9356 my $auth_key_management_count = 1;
9358 $rsn_info .= pack ("v*", $auth_key_management_count);
9360 my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021
9362 $rsn_info .= $auth_key_management_oui;
9364 my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
9366 $rsn_info .= pack ("C*", $auth_key_management_type);
9370 # bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required,
9371 # RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities
9373 my $rsn_capabilities = pack ("H*", "0000");
9375 $rsn_info .= $rsn_capabilities;
9377 $key_data = $rsn_info;
9393 my $data = "Pairwise key expansion";
9398 # Min(AA, SPA) || Max(AA, SPA)
9401 # compare if greater: Min()/Max() on the MACs (6 bytes)
9403 if (memcmp ($stmac, $bssid, 6) < 0)
9415 # Min(ANonce,SNonce) || Max(ANonce,SNonce)
9418 # compare if greater: Min()/Max() on the nonces (32 bytes)
9420 if (memcmp ($snonce, $anonce, 32) < 0)
9433 my $prf_buf = hmac ($data, $pmk, \&sha1);
9435 $prf_buf = substr ($prf_buf, 0, 16);
9446 my $len_str1 = length ($str1);
9447 my $len_str2 = length ($str2);
9449 if (($len > $len_str1) || ($len > $len_str2))
9451 print "ERROR: memcmp () lengths wrong";
9456 for (my $i = 0; $i < $len; $i++)
9458 my $c_1 = ord (substr ($str1, $i, 1));
9459 my $c_2 = ord (substr ($str2, $i, 1));
9461 return -1 if ($c_1 < $c_2);
9462 return 1 if ($c_1 > $c_2);