static void ChallengeResponse(u_char *challenge, u_char PasswordHash[MD4_SIGNATURE_SIZE], u_char response[24]) { u_char ZPasswordHash[21]; BZERO(ZPasswordHash, sizeof(ZPasswordHash)); BCOPY(PasswordHash, ZPasswordHash, MD4_SIGNATURE_SIZE); #if 0 dbglog("ChallengeResponse - ZPasswordHash %.*B", sizeof(ZPasswordHash), ZPasswordHash); #endif (void) DesSetkey(ZPasswordHash + 0); DesEncrypt(challenge, response + 0); (void) DesSetkey(ZPasswordHash + 7); DesEncrypt(challenge, response + 8); (void) DesSetkey(ZPasswordHash + 14); DesEncrypt(challenge, response + 16); #if 0 dbglog("ChallengeResponse - response %.24B", response); #endif }
/* * NtPasswordHashEncryptedWithBlock() */ static void NTPasswordHashEncryptedWithBlock(const uint8_t pw_hash[NT_PASSWORD_HASH_SIZE], const uint8_t block[NT_PASSWORD_HASH_SIZE], uint8_t cypher[NT_PASSWORD_HASH_SIZE]) { DesEncrypt(pw_hash, block, cypher); DesEncrypt(pw_hash + 8, block + 7, cypher + 8); return; }
static void ChallengeResponse(const uint8_t challenge[MSCHAP_NT_CHALLENGE_SIZE], const uint8_t password_hash[NT_PASSWORD_HASH_SIZE], uint8_t response[MSCHAP_NT_RESPONSE_SIZE]) { uint8_t zhash[21]; /* zero pad the password hash to 21 bytes */ bzero(zhash, 21); bcopy(password_hash, zhash, NT_PASSWORD_HASH_SIZE); DesEncrypt(challenge, zhash, response); DesEncrypt(challenge, zhash + 7, response + 8); DesEncrypt(challenge, zhash + 14, response + 16); return; }
static void ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len, MS_ChapResponse *response) { int i; u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */ u_char PasswordHash[MD4_SIGNATURE_SIZE]; /* LANMan password is case insensitive */ BZERO(UcasePassword, sizeof(UcasePassword)); for (i = 0; i < secret_len; i++) UcasePassword[i] = (u_char)toupper(secret[i]); (void) DesSetkey(UcasePassword + 0); DesEncrypt( StdText, PasswordHash + 0 ); (void) DesSetkey(UcasePassword + 7); DesEncrypt( StdText, PasswordHash + 8 ); ChallengeResponse(rchallenge, PasswordHash, response->LANManResp); }
void LmPasswordHash(char *password, int len, char *hash) { int i; u_char up_pass[MAX_NT_PASSWORD]; /* max is actually 14 */ /* LANMan password is case insensitive */ BZERO(up_pass, sizeof(up_pass)); #if 0 //yfchou found bug for (i = 0; i < len; i++) up_pass[i] = (u_char)toupper(up_pass[i]); #else if (len > MAX_NT_PASSWORD) len = MAX_NT_PASSWORD; for (i = 0; i < len; i++) up_pass[i] = (u_char)toupper(password[i]); #endif DesEncrypt(MSStdText, up_pass + 0, hash + 0); DesEncrypt(MSStdText, up_pass + 7, hash + 8); }
static void ChallengeResponse( u_char *challenge, /* IN 8 octets */ u_char *pwHash, /* IN 16 octets */ u_char *response /* OUT 24 octets */) { u_char ZPasswordHash[21]; BZERO(ZPasswordHash, sizeof(ZPasswordHash)); BCOPY(pwHash, ZPasswordHash, 16); #if 0 log_packet(ZPasswordHash, sizeof(ZPasswordHash), "ChallengeResponse - ZPasswordHash", LOG_DEBUG); #endif DesEncrypt(challenge, ZPasswordHash + 0, response + 0); DesEncrypt(challenge, ZPasswordHash + 7, response + 8); DesEncrypt(challenge, ZPasswordHash + 14, response + 16); #if 0 log_packet(response, 24, "ChallengeResponse - response", LOG_DEBUG); #endif }
int main() { const unsigned char key[] = "jdiwlc24"; const unsigned char iv[] = "9sl4nvfa"; char input_str[32] = "Hello World"; char des_str[32]; int des_len = 0; DesEncrypt(key, iv, input_str, strlen(input_str), des_str, &des_len); printf("encrypt: des_str: [%s], des_len: [%d]\n", des_str, des_len); char output_str[32]; int output_len = 0; DesDecrypt(key, iv, des_str, des_len, output_str, &output_len); printf("encrypt: des_str: [%s], des_len: [%d]\n", output_str, output_len); }
/* HashNTLM Function: Create a NTLM hash from the challenge Variables: ntlmhash = the hash created from this function pass = users password challenge = the challenge recieved from the server */ void HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { MD4_CTX md4Context; unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ unsigned char p21[21]; unsigned char ntlm_response[24]; int i = 0, j = 0; int mdlen; unsigned char *p; char HexChar; int HexValue; /* Use NTLM Hash instead of password */ if (hashFlag == 1) { /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ p = pass; while ((*p != '\0') && (i < 2)) { if (*p == ':') i++; p++; } if (*p == '\0') { fprintf(stderr, "Error reading PWDUMP file.\n"); hydra_child_exit(0); exit(1); } for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { HexChar = (char) p[2 * i + j]; if (HexChar > 0x39) HexChar = HexChar | 0x20; /* convert upper case to lower */ if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ /* * fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); * hydra_child_exit(0); * exit(1); */ HexChar = 0x30; } HexChar -= 0x30; if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; HexValue = (HexValue << 4) | (char) HexChar; } hash[i] = (unsigned char) HexValue; } } else { /* Password == Machine Name */ if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports 8-bit ISO8859/1 characters. */ bzero(unicodePassword, sizeof(unicodePassword)); for (i = 0; i < strlen((char *) pass); i++) unicodePassword[i * 2] = (unsigned char) pass[i]; mdlen = strlen((char *) pass) * 2; /* length in bytes */ MD4_Init(&md4Context); MD4_Update(&md4Context, unicodePassword, mdlen); MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ } memset(p21, '\0', 21); memcpy(p21, hash, 16); DesEncrypt(challenge, p21 + 0, ntlm_response + 0); DesEncrypt(challenge, p21 + 7, ntlm_response + 8); DesEncrypt(challenge, p21 + 14, ntlm_response + 16); memcpy(*ntlmhash, ntlm_response, 24); }
int OnGetRandom(QUEUE_LIST *pDataNode) { thd_log(LOG_DEBUG,(char *)"OnGetRandom...Received Data:"); trace_mem(LOG_DEBUG,(unsigned char *)pDataNode->Buffer,pDataNode->Length); int MSGLength = pDataNode->Length; unsigned char *pMSG = pDataNode->Buffer; // pMSG++; MSGLength--; int iOffset = 0; int DownKeyLen = 0; char DownKey[49] = {0}; char TermNo[17] = {0}; unsigned char TRD[9] = {0}; //加密机产生的随机数据,TTEK加密后送给SPOS服务器 // 输出缓存 char OutBuf[1025] = {0}; char EDownKey[17] = {0}; char chTRD[17] = {0}; unsigned char KeyRandom[8] = {0xD6, 0xA7, 0xB8, 0xB6, 0xCE, 0xDE, 0xD3, 0xC7}; //固定密钥 用来加密终端随机数 char TermNo1[9] = {0}; int iFlag = 0; iOffset += MERNOLENGTH; MSGLength -= MERNOLENGTH; memcpy(TermNo,&pMSG[iOffset],BANKNOLENGTH); // memcpy(TermNo,TermNo,8); //TermNo1 = trim(TermNo); memcpy(TermNo1,TermNo,8); iOffset += BANKNOLENGTH; MSGLength -= BANKNOLENGTH; iFlag = pMSG[iOffset]; //标志位:0:产生随机数;1:密钥下载密码 iOffset += 1; MSGLength -= 1; if(iFlag == 1) { DownKeyLen = pMSG[iOffset]; // 密钥下载密码长度 if(DownKeyLen%8 != 0) { setCmdError2(pDataNode); thd_log(LOG_WARNING,(char *)"OnGetRandom, Data Length is not 8 multiples !"); return 1; } // thd_log(LOG_DEBUG,(char *)"OnGetRandom, Data Length : %d",DownKeyLen); iOffset += 1; MSGLength -= 1; memcpy(DownKey,&pMSG[iOffset],DownKeyLen); //随机数/密钥下载密码 } else if(iFlag == 0) //需要产生随机数 { GetRandom((unsigned char *)DownKey,8); //随机数长度为8 ////测试数据,固定随机数 /* DownKey[0] = 0x88; DownKey[1] = 0x77; DownKey[2] = 0x66; DownKey[3] = 0x55; DownKey[4] = 0x44; DownKey[5] = 0x33; DownKey[6] = 0x22; DownKey[7] = 0x11;*/ ///////////// DownKeyLen = 8; memcpy(TRD,DownKey,8) ; DesEncrypt(1,TRD,TRD,8,KeyRandom); //将随机数用固定密钥加密存放到数据库 bcd2asc(chTRD,(unsigned char *)TRD,8); /*将产生的随机数根据终端号保存到数据库t_bank_key 的random字段*/ SAString sSql; SACommand Cmd; try { Cmd.setConnection(pDataNode->psaConn); sSql.Format("update t_bank_key set random = trim('%s') where termno = trim('%s') ", chTRD,TermNo); Cmd.setCommandText(sSql); Cmd.Execute(); } catch(SAException &x) { thd_log( LOG_ERROR,(char *)"SQLAPI Exception %s", _T(x.ErrText())); thd_log( LOG_ERROR,(char *)"sSQL: %s", _T(sSql)); return false; } } thd_log(LOG_DEBUG,(char *)"OnGetRandom...Random Data:"); trace_mem(LOG_DEBUG,(unsigned char *)DownKey,8); unsigned char TTEK[17] ={0}; if( !CountTTEK(TermNo1, TTEK) ) //用终端号计算TTEK { setCmdError2(pDataNode); return 1; } Des3Encrypt(1,(unsigned char *)EDownKey,(unsigned char *)DownKey,8,TTEK); //用产生的TTEK加密随机数或者下载密钥,返回给服务器 int iOutLen = 0; iOutLen = 2+MERNOLENGTH+POSNOLENGTH+1; setCmdToSeverSucceed(pDataNode,iOutLen,OutBuf); OutBuf[iOutLen] = DownKeyLen; iOutLen += 1; if(DownKeyLen > 1023) { setCmdError2(pDataNode); thd_log(LOG_WARNING,(char *)"OnGetRandom, Track Data Length from HSM is too long!"); return 1; } memcpy(&OutBuf[iOutLen],EDownKey,DownKeyLen); iOutLen += DownKeyLen; memset(pDataNode->Buffer,0,1024); memcpy(pDataNode->Buffer, OutBuf, iOutLen); pDataNode->Length = iOutLen ; thd_log(LOG_DEBUG,(char *)"OnGetRandom, Output Buffer Data:"); trace_mem(LOG_DEBUG,(unsigned char *)pDataNode->Buffer,iOutLen); return 1; }