int main() { init_platform(); xil_printf("%s\n\r", "Welcome to Brutus cracker system!"); while (1) { xil_printf("%s\n\r", "Enter hash: "); char recv = XUartLite_RecvByte(STDIN_BASEADDRESS); // read first char /* Read password hash */ char buff[32]; int idx_buff = 0; while (recv != '\r') { buff[idx_buff++] = recv; recv = XUartLite_RecvByte(STDIN_BASEADDRESS); } unsigned int i_buff[4] = {0}; unsigned num = 0; for (int i = 0; i < 4; i++) { for (int j = 0; j < 8; j++) { num = ctox(buff[j + i*8]); i_buff[i] += (pow(16, 7-j) * num); } //xil_printf("%x\n\r", i_buff[i]); } //xil_printf("%u\n\r", i_buff[0]); putfsl(i_buff[0], 0); putfsl(i_buff[1], 0); putfsl(i_buff[2], 0); putfsl(i_buff[3], 0); xil_printf("Cracking...\n\r"); unsigned int resp; char *str = &resp; // c-magic getfsl(resp, 0); unsigned i; xil_printf("password: "******"%c", *(str+i)); } getfsl(resp, 0); for (i = 0; i < 4; i++) { xil_printf("%c", *(str+i)); } xil_printf("\n\r"); } cleanup_platform(); return 0; }
/* Converts a possibly-signed digit string into a large binary number. Returns assumed radix, derived from suffix 'h','o',b','.' */ int str2reg(unitptr reg, string digitstr) { unit temp[MAX_UNIT_PRECISION], base[MAX_UNIT_PRECISION]; int c, i; boolean minus = FALSE; short radix; /* base 2-16 */ mp_init(reg, 0); i = string_length(digitstr); if (i == 0) return (10); /* empty string, assume radix 10 */ c = digitstr[i - 1]; /* get last char in string */ switch (c) { /* classify radix select suffix character */ case '.': radix = 10; break; case 'H': case 'h': radix = 16; break; case 'O': case 'o': radix = 8; break; case 'B': /* caution! 'b' is a hex digit! */ case 'b': radix = 2; break; default: radix = 10; break; } mp_init(base, radix); if ((minus = (*digitstr == '-')) != 0) digitstr++; while ((c = *digitstr++) != 0) { if (c == ',') continue; /* allow commas in number */ c = ctox(c); if ((c < 0) || (c >= radix)) break; /* scan terminated by any non-digit */ mp_mult(temp, reg, base); mp_move(reg, temp); mp_init(temp, c); mp_add(reg, temp); } if (minus) mp_neg(reg); return (radix); } /* str2reg */
UINT WINAPI WNetEnumCachedPasswords( LPSTR pbPrefix, /* [in] prefix to filter cache entries */ WORD cbPrefix, /* [in] number of bytes in Prefix substring */ BYTE nType, /* [in] match the Type ID of the entry */ ENUMPASSWORDPROC enumPasswordProc, /* [in] callback function */ DWORD param) /* [in] parameter passed to enum function */ { HKEY hkey; DWORD r, type, val_sz, data_sz, i, j, size; PASSWORD_CACHE_ENTRY *entry; CHAR val[256], prefix[6]; WARN( "(%s, %d, %d, %p, 0x%08x) totally insecure\n", debugstr_an(pbPrefix,cbPrefix), cbPrefix, nType, enumPasswordProc, param ); /* @@ Wine registry key: HKCU\Software\Wine\Wine\Mpr */ r = RegCreateKeyA( HKEY_CURRENT_USER, mpr_key, &hkey ); if( r ) return WN_ACCESS_DENIED; sprintf(prefix, "X-%02X-", nType ); for( i=0; ; i++ ) { val_sz = sizeof val; data_sz = 0; type = 0; val[0] = 0; r = RegEnumValueA( hkey, i, val, &val_sz, NULL, &type, NULL, &data_sz ); if( r != ERROR_SUCCESS ) break; if( type != REG_BINARY ) continue; /* check the value is in the format we expect */ if( val_sz < sizeof prefix ) continue; if( memcmp( prefix, val, 5 ) ) continue; /* decode the value */ for(j=5; j<val_sz; j+=2 ) { signed char hi = ctox( val[j] ), lo = ctox( val[j+1] ); if( ( hi < 0 ) || ( lo < 0 ) ) break; val[(j-5)/2] = (hi<<4) | lo; } /* find the decoded length */ val_sz = (j - 5)/2; val[val_sz]=0; if( val_sz < cbPrefix ) continue; /* check the prefix matches */ if( memcmp(val, pbPrefix, cbPrefix) ) continue; /* read the value data */ size = sizeof *entry - sizeof entry->abResource[0] + val_sz + data_sz; entry = HeapAlloc( GetProcessHeap(), 0, sizeof *entry + val_sz + data_sz ); memcpy( entry->abResource, val, val_sz ); entry->cbEntry = size; entry->cbResource = val_sz; entry->cbPassword = data_sz; entry->iEntry = i; entry->nType = nType; r = RegEnumValueA( hkey, i, NULL, &val_sz, NULL, &type, &entry->abResource[val_sz], &data_sz ); if( r == ERROR_SUCCESS ) enumPasswordProc( entry, param ); HeapFree( GetProcessHeap(), 0, entry ); } RegCloseKey( hkey ); return WN_SUCCESS; }