From fc0498ebf9d2479e9d620e96286dd7502ec781e5 Mon Sep 17 00:00:00 2001 From: David Llewellyn-Jones Date: Sun, 7 Aug 2016 23:37:21 +0100 Subject: [PATCH] Set mangle to create a base64-encoded hmac-md5 --- b64-cl.c | 7 ++++- md5-cl.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++------- md5-cl.h | 4 ++- salted.c | 41 +++++++++++++++++----------- 4 files changed, 107 insertions(+), 27 deletions(-) diff --git a/b64-cl.c b/b64-cl.c index 4733f09..c1330f0 100644 --- a/b64-cl.c +++ b/b64-cl.c @@ -6,9 +6,11 @@ u32 b64_encode (u8 *base64_hash, const u32 len, const u8 *base64_plain) { u8 *out_ptr = (u8 *) base64_hash; u8 *in_ptr = (u8 *) base64_plain; + u32 out_len; u32 i; + out_len = 0; for (i = 0; i < (len - 2); i += 3) { char out_val0 = b64_table [ ((in_ptr[0] >> 2) & 0x3f)]; @@ -23,6 +25,7 @@ u32 b64_encode (u8 *base64_hash, const u32 len, const u8 *base64_plain) in_ptr += 3; out_ptr += 4; + out_len += 4; } if (i == (len - 1)) { char out_val0 = b64_table [ ((in_ptr[0] >> 2) & 0x3f)]; @@ -35,6 +38,7 @@ u32 b64_encode (u8 *base64_hash, const u32 len, const u8 *base64_plain) in_ptr += 3; out_ptr += 4; + out_len += 4; } if (i == (len - 2)) { char out_val0 = b64_table [ ((in_ptr[0] >> 2) & 0x3f)]; @@ -48,8 +52,9 @@ u32 b64_encode (u8 *base64_hash, const u32 len, const u8 *base64_plain) in_ptr += 3; out_ptr += 4; + out_len += 4; } - return (out_ptr - base64_hash + 0); + return out_len; } diff --git a/md5-cl.c b/md5-cl.c index aee9c1e..4ebe217 100644 --- a/md5-cl.c +++ b/md5-cl.c @@ -5,6 +5,10 @@ #include "md5-cl.h" +const u8 domain[] = "flypig.co.uk"; +const u32x domain_len = 12; + + #define MD5_STEP(f,a,b,c,d,x,K,s) \ { \ a += K; \ @@ -114,7 +118,7 @@ u32x rotl32 (const u32x a, const u32 n) // return rotate (a, n); } -void md5_transform (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4]) +void md5_transform_cl (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4]) { u32x a = digest[0]; u32x b = digest[1]; @@ -354,7 +358,7 @@ void append_0x80_2x4_VV (u32x w0[4], u32x w1[4], const u32x offset) // HMAC MD5 /////////////////////////////////////////////////////// -void hmac_md5_pad (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4]) +void hmac_md5_pad_cl (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4]) { w0[0] = w0[0] ^ 0x36363636; w0[1] = w0[1] ^ 0x36363636; @@ -378,7 +382,7 @@ void hmac_md5_pad (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], ipad[2] = MD5M_C; ipad[3] = MD5M_D; - md5_transform (w0, w1, w2, w3, ipad); + md5_transform_cl (w0, w1, w2, w3, ipad); w0[0] = w0[0] ^ 0x6a6a6a6a; w0[1] = w0[1] ^ 0x6a6a6a6a; @@ -402,17 +406,17 @@ void hmac_md5_pad (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], opad[2] = MD5M_C; opad[3] = MD5M_D; - md5_transform (w0, w1, w2, w3, opad); + md5_transform_cl (w0, w1, w2, w3, opad); } -void hmac_md5_run (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4], u32x digest[4]) +void hmac_md5_run_cl (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4], u32x digest[4]) { digest[0] = ipad[0]; digest[1] = ipad[1]; digest[2] = ipad[2]; digest[3] = ipad[3]; - md5_transform (w0, w1, w2, w3, digest); + md5_transform_cl (w0, w1, w2, w3, digest); w0[0] = digest[0]; w0[1] = digest[1]; @@ -436,7 +440,67 @@ void hmac_md5_run (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], digest[2] = opad[2]; digest[3] = opad[3]; - md5_transform (w0, w1, w2, w3, digest); + md5_transform_cl (w0, w1, w2, w3, digest); +} + +void md5hmac_none(u8 const * const inData, const u32x pw_len, u8 outDigest[16]) +{ + u32 pos; + u32 boundary; + + boundary = pw_len; + if (boundary > 16) { + boundary = 16; + } + + for (pos = 0; pos < boundary; pos++) { + outDigest[pos] = inData[pos]; + } + for (pos = boundary; pos < 16; pos++) { + outDigest[pos] = 0; + } +} + +void md5hmac_domain(u8 const * const inData, const u32x pw_len, u8 outDigest[16]) +{ + u32 pos; + + // data + + u32x data_buf[16]; + + for (pos = 0; pos < pw_len; pos++) { + ((u8 *)data_buf)[pos] = inData[pos]; + } + for (pos = pw_len; pos < 64; pos++) { + ((u8 *)data_buf)[pos] = 0; + } + + // key + + u32x key_buf[16]; + + for (pos = 0; pos < domain_len; pos++) { + ((u8 *)key_buf)[pos] = domain[pos]; + } + for (pos = domain_len; pos < 64; pos++) { + ((u8 *)key_buf)[pos] = 0; + } + + // pads + + u32x ipad[4]; + u32x opad[4]; + + hmac_md5_pad_cl (key_buf, key_buf + 4, key_buf + 8, key_buf + 12, ipad, opad); + + // loop + + append_0x80_2x4_VV (data_buf, data_buf + 4, pw_len); + + data_buf[14] = (64 + pw_len) * 8; + + hmac_md5_run_cl (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *)outDigest); } void md5hmac_cl(u8 * inKey, u32 key_len, u8 * inData, u32 pw_len, u8 outDigest[DIGEST_SIZE]) @@ -476,7 +540,7 @@ void md5hmac_cl(u8 * inKey, u32 key_len, u8 * inData, u32 pw_len, u8 outDigest[D u32x ipad[4]; u32x opad[4]; - hmac_md5_pad (key_buf, key_buf + 4, key_buf + 8, key_buf + 12, ipad, opad); + hmac_md5_pad_cl (key_buf, key_buf + 4, key_buf + 8, key_buf + 12, ipad, opad); /** * loop @@ -486,7 +550,7 @@ void md5hmac_cl(u8 * inKey, u32 key_len, u8 * inData, u32 pw_len, u8 outDigest[D data_buf[14] = (64 + pw_len) * 8; - hmac_md5_run (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *)outDigest); + hmac_md5_run_cl (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *)outDigest); } diff --git a/md5-cl.h b/md5-cl.h index 37338bb..0157a8c 100644 --- a/md5-cl.h +++ b/md5-cl.h @@ -10,9 +10,11 @@ #define DIGEST_SIZE (16) -void md5_transform (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4]); +void md5_transform_cl (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4]); void append_0x80_2x4_VV (u32x w0[4], u32x w1[4], const u32x offset); u32x rotl32 (const u32x a, const u32 n); void md5hmac_cl(u8 * inKey, u32 key_len, u8 * inData, u32 pw_len, u8 outDigest[DIGEST_SIZE]); +void md5hmac_domain(u8 const * const inData, const u32x pw_len, u8 outDigest[16]); +void md5hmac_none(u8 const * const inData, const u32x pw_len, u8 outDigest[16]); #endif // ifndef __MD5CL_H diff --git a/salted.c b/salted.c index dadd650..0d1dab0 100644 --- a/salted.c +++ b/salted.c @@ -48,7 +48,7 @@ u32x mangle_md5 (u32x w0[4], u32x w1[4], const u32x in_len) digest[2] = MD5M_C; digest[3] = MD5M_D; - md5_transform (w0_t, w1_t, w2_t, w3_t, digest); + md5_transform_cl (w0_t, w1_t, w2_t, w3_t, digest); u8 b64encoded[16]; @@ -93,10 +93,11 @@ u32x mangle_md5 (u32x w0[4], u32x w1[4], const u32x in_len) u32x mangle_hmac (u32x w0[4], u32x w1[4], const u32x in_len) { u32x out_len = in_len; + u32 digest[4]; u32 data[8]; u32 i; - + data[0] = w0[0]; data[1] = w0[1]; data[2] = w0[2]; @@ -105,14 +106,14 @@ u32x mangle_hmac (u32x w0[4], u32x w1[4], const u32x in_len) data[5] = w1[1]; data[6] = w1[2]; data[7] = w1[3]; - - md5hmac_cl("flypig.co.uk", strlen("flypig.co.uk"), (u8 *)data, in_len, (u8 *)digest); - printf("HMAC: "); - for (i = 0; i < 16; i++) { - printf("%x", ((u8 *)digest)[i]); - } - printf("\n"); + md5hmac_domain((u8 *)data, in_len, (u8 *)digest); + +// printf("HMAC: "); +// for (i = 0; i < 16; i++) { +// printf("%x", ((u8 *)digest)[i]); +// } +// printf("\n"); w0[0] = digest[0]; w0[1] = digest[1]; @@ -124,11 +125,12 @@ u32x mangle_hmac (u32x w0[4], u32x w1[4], const u32x in_len) w1[3] = 0; out_len = b64_encode ((u8 *)data, 16, (u8 *)w0); + //out_len = 8; - for (i = out_len; i < 32; i++) { - ((u8 *)data)[i] = 0; - } - + for (i = out_len; i < 32; i++) { + ((u8 *)data)[i] = 0; + } + w0[0] = data[0]; w0[1] = data[1]; w0[2] = data[2]; @@ -141,6 +143,13 @@ u32x mangle_hmac (u32x w0[4], u32x w1[4], const u32x in_len) return (out_len); } +void writeHexByte(unsigned char byte, unsigned char * hex) { + static char number[] = "0123456789abcdef"; + + hex[0] = number[(byte >> 4)]; + hex[1] = number[(byte % 16)]; +} + int main(int argc, char * argv[]) { unsigned char result[RESULT_MAX]; unsigned char salt[SALT_MAX]; @@ -170,15 +179,15 @@ int main(int argc, char * argv[]) { } salt[SALT_MAX - 1] = '\0'; - SPH_HashedPassowrd("hashcat", "flypig.co.uk", result); + //SPH_HashedPassowrd("hashcat", "flypig.co.uk", result); //mangle(password); - mangle_hmac ((u32x *)password, (u32x *)(password + 16), strlen(password)); + size = mangle_hmac ((u32x *)password, (u32x *)(password + 16), strlen(password)); //md5hmac(salt, password, digest); - md5hmac_cl(salt, strlen(salt), password, strlen(password), digest); + md5hmac_cl(salt, strlen(salt), password, size, digest); for (pos = 0; pos < DIGEST_SIZE; pos++) { -- 2.25.1