void bruteforceAttack(Account **accounts, int max_len)
{
int i, j, k, nb, found;
char *word = NULL;
char *hash = NULL;
Account *account = NULL;
/* *** Check parameters *** */
if (accounts == NULL)
goto exit;
if (max_len < 1)
max_len = BRUTE_FORCE_DEFAULT_LEN;
/* *** Init *** */
nb = AccountsLen(accounts);
found = 0;
word = malloc((max_len + 1) * sizeof(char));
if (word == NULL)
{
fprintf(stderr, "error : memory allocation failed\n");
goto exit;
}
for (i = 1; i <= max_len; i++)
{
for (j = 0; j < i; j++)
word[j]='a';
word[i]=0;
do
{
/* *** If all accounts have been cracked *** */
if (found == nb)
goto exit;
/* *** Display the testing word *** */
printf(" %s\n", word);
/* *** Try the word for each account *** */
for (k = 0; k < nb; k++)
{
account = accounts[k];
/* *** Get the hash of the word *** */
switch(account->id)
{
case MD5:
hash = crypt_md5(word, account->salt,
account->rounds);
break;
case SHA256:
hash = crypt_sha256(word, account->salt,
account->rounds);
break;
case SHA512:
hash = crypt_sha512(word, account->salt,
account->rounds);
break;
}
/* *** Check if the word hash is identical *** */
if (hash != NULL)
{
if (account->password == NULL &&
!strcmp(account->hash, hash))
{
printf("\nlogin : %s\n", account->login);
printf("password : %s\n", word);
account->password = (char *) malloc(strlen(word)
+ 1);
if (account->password == NULL)
fprintf(stderr, "error : memory allocation "\
"failed\n");
memset(account->password + strlen(word), '\0', 1);
getchar();
found++;
}
free(hash);
hash = NULL;
}
}
} while (inc(word));
}
/* *** Restore memory *** */
free(word);
word = NULL;
exit:
if (hash != NULL)
free(hash);
return ;
}
void dictionaryAttack(Account **accounts, const char *dico)
{
int i, nb, found;
size_t read, len;
char *line = NULL;
char *word = NULL;
char *hash = NULL;
FILE *f = NULL;
Account *account = NULL;
/* *** Init *** */
nb = AccountsLen(accounts);
found = 0;
/* *** Check parameters *** */
if (accounts == NULL || dico == NULL)
goto exit;
/* *** Try to open the dictionary *** */
f = fopen(dico, "r");
if (f == NULL)
{
fprintf(stderr, "error : unable to open %s\n", dico);
goto exit;
}
/* *** Try each word in the dictionary *** */
while ((read = getline(&line, &len, f)) != EOF)
{
/* *** If all accounts have been cracked *** */
if (found == nb)
goto exit;
word = strtok(line, "\r\n");
if (word == NULL)
continue;
/* *** Print the word *** */
printf(" %s\n", word);
/* *** Try the word for each account *** */
for (i = 0; i < nb; i++)
{
account = accounts[i];
switch(account->id)
{
case MD5:
hash = crypt_md5(word, account->salt, account->rounds);
break;
case SHA256:
hash = crypt_sha256(word, account->salt,
account->rounds);
break;
case SHA512:
hash = crypt_sha512(word, account->salt,
account->rounds);
break;
}
/* *** Check if the hash is identical *** */
if (hash != NULL)
{
if (account->password == NULL &&
!strcmp(account->hash, hash))
{
printf("\nlogin : %s\n", account->login);
printf("password : %s\n", word);
account->password = (char *) malloc(strlen(word) + 1);
if (account->password == NULL)
{
fprintf(stderr, "error : memory allocation "\
"failed\n");
goto exit;
}
strcpy(account->password, word);
memset(account->password + strlen(word), '\0', 1);
found++;
getchar();
}
free(hash);
}
}
/* *** Restore memory *** */
free(line);
line = NULL;
word = NULL;
hash = NULL;
}
exit:
if (f != NULL)
fclose(f);
if (line != NULL)
free(line);
if (hash != NULL)
free(hash);
}
int
main(void)
{
SHA256_CTX ctx;
uint8_t sum[32];
int result = 0;
int i, cnt;
for (cnt = 0; cnt < (int)ntests; ++cnt) {
SHA256_Init(&ctx);
SHA256_Update(&ctx, tests[cnt].input, strlen(tests[cnt].input));
SHA256_Final(sum, &ctx);
if (memcmp(tests[cnt].result, sum, 32) != 0) {
for (i = 0; i < 32; i++)
printf("%02X", tests[cnt].result[i]);
printf("\n");
for (i = 0; i < 32; i++)
printf("%02X", sum[i]);
printf("\n");
printf("test %d run %d failed\n", cnt, 1);
result = 1;
}
SHA256_Init(&ctx);
for (i = 0; tests[cnt].input[i] != '\0'; ++i)
SHA256_Update(&ctx, &tests[cnt].input[i], 1);
SHA256_Final(sum, &ctx);
if (memcmp(tests[cnt].result, sum, 32) != 0) {
for (i = 0; i < 32; i++)
printf("%02X", tests[cnt].result[i]);
printf("\n");
for (i = 0; i < 32; i++)
printf("%02X", sum[i]);
printf("\n");
printf("test %d run %d failed\n", cnt, 2);
result = 1;
}
}
/* Test vector from FIPS 180-2: appendix B.3. */
char buf[1000];
memset(buf, 'a', sizeof(buf));
SHA256_Init(&ctx);
for (i = 0; i < 1000; ++i)
SHA256_Update(&ctx, buf, sizeof(buf));
SHA256_Final(sum, &ctx);
static const char expected[32] =
"\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67"
"\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0";
if (memcmp(expected, sum, 32) != 0) {
printf("test %d failed\n", cnt);
result = 1;
}
for (cnt = 0; cnt < ntests2; ++cnt) {
char *cp = crypt_sha256(tests2[cnt].input, tests2[cnt].salt);
if (strcmp(cp, tests2[cnt].expected) != 0) {
printf("test %d: expected \"%s\", got \"%s\"\n",
cnt, tests2[cnt].expected, cp);
result = 1;
}
}
if (result == 0)
puts("all tests OK");
return result;
}
