From: David Llewellyn-Jones Date: Tue, 9 Aug 2016 14:10:30 +0000 (+0100) Subject: Alter code to mangle pwdhash passwords X-Git-Url: https://www.flypig.org.uk/git/?p=pwdhash.git;a=commitdiff_plain;h=4caa77290fcf59c37ed6fbae3023d0f09bb1fd96 Alter code to mangle pwdhash passwords --- diff --git a/hmacmd5.c b/hmacmd5.c index 78445d5..6204ac3 100644 --- a/hmacmd5.c +++ b/hmacmd5.c @@ -161,6 +161,7 @@ void SPH_HashedPassowrd(unsigned char * password, unsigned char * realm, unsigne extraPos = startingSize; // Add the extras + // Capital letter next = (extraPos < extraSize) ? hash[extraPos] : 0; extraPos++; if (!contains(result, startingSize, 'A', 'Z')) { @@ -169,6 +170,7 @@ void SPH_HashedPassowrd(unsigned char * password, unsigned char * realm, unsigne result[startingSize] = next; startingSize++; + // Lower case letter next = (extraPos < extraSize) ? hash[extraPos] : 0; extraPos++; if (!contains(result, startingSize, 'a', 'z')) { @@ -177,6 +179,7 @@ void SPH_HashedPassowrd(unsigned char * password, unsigned char * realm, unsigne result[startingSize] = next; startingSize++; + // Number next = (extraPos < extraSize) ? hash[extraPos] : 0; extraPos++; if (!contains(result, startingSize, '0', '9')) { @@ -185,6 +188,7 @@ void SPH_HashedPassowrd(unsigned char * password, unsigned char * realm, unsigne result[startingSize] = next; startingSize++; + // Non alphanumeric if (containsnonalphanumeric(result, startingSize) && nonalphanumeric) { next = (extraPos < extraSize) ? hash[extraPos] : 0; extraPos++; diff --git a/md5-cl.c b/md5-cl.c index 4ebe217..22f9c68 100644 --- a/md5-cl.c +++ b/md5-cl.c @@ -461,7 +461,7 @@ void md5hmac_none(u8 const * const inData, const u32x pw_len, u8 outDigest[16]) } } -void md5hmac_domain(u8 const * const inData, const u32x pw_len, u8 outDigest[16]) +void md5hmac_domain(u8 const * const in_key, const u32x key_len, u8 out_digest[16]) { u32 pos; @@ -469,10 +469,10 @@ void md5hmac_domain(u8 const * const inData, const u32x pw_len, u8 outDigest[16] u32x data_buf[16]; - for (pos = 0; pos < pw_len; pos++) { - ((u8 *)data_buf)[pos] = inData[pos]; + for (pos = 0; pos < domain_len; pos++) { + ((u8 *)data_buf)[pos] = domain[pos]; } - for (pos = pw_len; pos < 64; pos++) { + for (pos = domain_len; pos < 64; pos++) { ((u8 *)data_buf)[pos] = 0; } @@ -480,10 +480,10 @@ void md5hmac_domain(u8 const * const inData, const u32x pw_len, u8 outDigest[16] u32x key_buf[16]; - for (pos = 0; pos < domain_len; pos++) { - ((u8 *)key_buf)[pos] = domain[pos]; + for (pos = 0; pos < key_len; pos++) { + ((u8 *)key_buf)[pos] = in_key[pos]; } - for (pos = domain_len; pos < 64; pos++) { + for (pos = key_len; pos < 64; pos++) { ((u8 *)key_buf)[pos] = 0; } @@ -496,11 +496,11 @@ void md5hmac_domain(u8 const * const inData, const u32x pw_len, u8 outDigest[16] // loop - append_0x80_2x4_VV (data_buf, data_buf + 4, pw_len); + append_0x80_2x4_VV (data_buf, data_buf + 4, domain_len); - data_buf[14] = (64 + pw_len) * 8; + data_buf[14] = (64 + domain_len) * 8; - hmac_md5_run_cl (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *)outDigest); + hmac_md5_run_cl (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *)out_digest); } void md5hmac_cl(u8 * inKey, u32 key_len, u8 * inData, u32 pw_len, u8 outDigest[DIGEST_SIZE]) diff --git a/md5-cl.h b/md5-cl.h index 0157a8c..1d5bf78 100644 --- a/md5-cl.h +++ b/md5-cl.h @@ -14,7 +14,7 @@ void md5_transform_cl (const u32x w0[4], const u32x w1[4], const u32x w2[4], con void append_0x80_2x4_VV (u32x w0[4], u32x w1[4], const u32x offset); u32x rotl32 (const u32x a, const u32 n); void md5hmac_cl(u8 * inKey, u32 key_len, u8 * inData, u32 pw_len, u8 outDigest[DIGEST_SIZE]); -void md5hmac_domain(u8 const * const inData, const u32x pw_len, u8 outDigest[16]); +void md5hmac_domain(u8 const * const in_key, const u32x key_len, u8 out_digest[16]); void md5hmac_none(u8 const * const inData, const u32x pw_len, u8 outDigest[16]); #endif // ifndef __MD5CL_H diff --git a/salted.c b/salted.c index 0d1dab0..8383380 100644 --- a/salted.c +++ b/salted.c @@ -143,6 +143,180 @@ u32x mangle_hmac (u32x w0[4], u32x w1[4], const u32x in_len) return (out_len); } +bool containsnonalphanumeric (u8 * data, u32 length) +{ + bool nonalphanumeric; + u32 pos; + char check; + u32 startingSize; + + nonalphanumeric = false; + for (pos = 0; (pos < length) && !nonalphanumeric; pos++) { + check = data[pos]; + if (!((check >= 'a') && (check <= 'z')) + && !((check >= 'A') && (check <= 'Z')) + && !((check >= '0') && (check <= '9')) + && !(check == '_')) { + nonalphanumeric = true; + } + } + + return nonalphanumeric; +} + +bool contains(u8 const * password, u32 length, u8 start, u8 end) { + bool doescontain = false; + u32 pos; + + for (pos = 0; (pos < length) && (doescontain == false); pos++) { + if ((password[pos] >= start) && (password[pos] <= end)) { + doescontain = true; + } + } + + return doescontain; +} + +void rotate_string(u8 * torotate, u32 length, u32 steps) { + u8 scratch[RESULT_MAX]; + u32 pos; + + for (pos = 0; pos < length; pos++) { + scratch[pos] = torotate[(pos + steps) % length]; + } + + for (pos = 0; pos < length; pos++) { + torotate[pos] = scratch[pos]; + } +} + +u32x mangle_pwdhash (u32x w0[4], u32x w1[4], const u32x in_len) +{ + u32x out_len = in_len; + + u32 digest[4]; + u32 data[8]; + u32 hash[8]; + u32 i; + u32 size; + u32 extrasize; + u32 startingsize; + bool nonalphanumeric; + u32 extrapos; + u8 next; + + hash[0] = w0[0]; + hash[1] = w0[1]; + hash[2] = w0[2]; + hash[3] = w0[3]; + hash[4] = w1[0]; + hash[5] = w1[1]; + hash[6] = w1[2]; + hash[7] = w1[3]; + + md5hmac_domain((u8 *)hash, in_len, (u8 *)digest); + nonalphanumeric = containsnonalphanumeric ((u8 *)hash, in_len); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + + out_len = b64_encode ((u8 *)hash, 16, (u8 *)w0); + out_len = 22; // b64 encoding will produce 24 bytes output, but last two will be "==" + extrasize = 22; + size = in_len + 2; + + printf("Hash: %s\n", (u8 *)hash); + +// for (i = out_len; i < 32; i++) { +// ((u8 *)hash)[i] = 0; +// } + + startingsize = size - 4; + startingsize = (startingsize < extrasize) ? startingsize : extrasize; + + for (i = 0; i < startingsize; i++) { + ((u8 *)data)[i] = ((u8 *)hash)[i]; + } + for (i = startingsize; i < 32; i++) { + ((u8 *)data)[i] = 0; + } + + extrapos = startingsize; + + // Add the extras + // Capital letter + next = (extrapos < extrasize) ? ((u8 *)hash)[extrapos] : 0; + extrapos++; + if (!contains((u8 *)data, startingsize, 'A', 'Z')) { + next = 'A' + (next % ('Z' - 'A' + 1)); + } + ((u8 *)data)[startingsize] = next; + startingsize++; + + // Lower case letter + next = (extrapos < extrasize) ? ((u8 *)hash)[extrapos] : 0; + extrapos++; + if (!contains((u8 *)data, startingsize, 'a', 'z')) { + next = 'a' + (next % ('z' - 'a' + 1)); + } + ((u8 *)data)[startingsize] = next; + startingsize++; + + // Number + next = (extrapos < extrasize) ? ((u8 *)hash)[extrapos] : 0; + extrapos++; + if (!contains((u8 *)data, startingsize, '0', '9')) { + next = '0' + (next % ('9' - '0' + 1)); + } + ((u8 *)data)[startingsize] = next; + startingsize++; + + // Non alphanumeric + if (containsnonalphanumeric((u8 *)data, startingsize) && nonalphanumeric) { + next = (extrapos < extrasize) ? ((u8 *)hash)[extrapos] : 0; + extrapos++; + } + else { + next = '+'; + } + ((u8 *)data)[startingsize] = next; + startingsize++; + + if (!nonalphanumeric) { + for (i = 0; i < startingsize; i++) { + if (containsnonalphanumeric(((u8 *)data) + i, 1)) { + next = (extrapos < extrasize) ? ((u8 *)hash)[extrapos] : 0; + extrapos++; + next = 'A' + (next % ('Z' - 'A' + 1)); + ((u8 *)data)[i] = next; + } + } + } + + next = (extrapos < extrasize) ? ((u8 *)hash)[extrapos] : 0; + rotate_string((u8 *)data, startingsize, next); + ((u8 *)data)[startingsize] = 0; + + out_len = startingsize; + + w0[0] = data[0]; + w0[1] = data[1]; + w0[2] = data[2]; + w0[3] = data[3]; + w1[0] = data[4]; + w1[1] = data[5]; + w1[2] = data[6]; + w1[3] = data[7]; + + return (out_len); +} + void writeHexByte(unsigned char byte, unsigned char * hex) { static char number[] = "0123456789abcdef"; @@ -183,7 +357,7 @@ int main(int argc, char * argv[]) { //mangle(password); - size = mangle_hmac ((u32x *)password, (u32x *)(password + 16), strlen(password)); + size = mangle_pwdhash ((u32x *)password, (u32x *)(password + 16), strlen(password)); //md5hmac(salt, password, digest);