int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 3; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_MYSQL_AUTH; token.len[0] = 9; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.sep[1] = '*'; token.len_min[1] = 40; token.len_max[1] = 40; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[2] = '*'; token.len_min[2] = 40; token.len_max[2] = 40; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); // hash const u8 *hash_pos = token.buf[2]; digest[0] = hex_to_u32 (hash_pos + 0); digest[1] = hex_to_u32 (hash_pos + 8); digest[2] = hex_to_u32 (hash_pos + 16); digest[3] = hex_to_u32 (hash_pos + 24); digest[4] = hex_to_u32 (hash_pos + 32); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); /* * store salt */ const u8 *salt_pos = token.buf[1]; const int salt_len = token.len[1]; const bool parse_rc = generic_salt_decode (hashconfig, salt_pos, salt_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); if (parse_rc == false) return (PARSER_SALT_LENGTH); return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 3; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_CISCO9; token.len[0] = 3; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.len_min[1] = 14; token.len_max[1] = 14; token.sep[1] = '$'; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; token.len[2] = 43; token.attr[2] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_BASE64B; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); // salt is not encoded const u8 *salt_pos = token.buf[1]; const int salt_len = token.len[1]; u8 *salt_buf_ptr = (u8 *) salt->salt_buf; memcpy (salt_buf_ptr, salt_pos, salt_len); salt->salt_len = salt_len; salt->salt_iter = 1; salt->scrypt_N = 16384; salt->scrypt_r = 1; salt->scrypt_p = 1; // base64 decode hash const u8 *hash_pos = token.buf[2]; const int hash_len = token.len[2]; u8 tmp_buf[100] = { 0 }; const int tmp_len = base64_decode (itoa64_to_int, hash_pos, hash_len, tmp_buf); if (tmp_len != 32) return (PARSER_HASH_LENGTH); memcpy (digest, tmp_buf, 32); return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; token_t token; token.token_cnt = 2; token.sep[0] = hashconfig->separator; token.len_min[0] = 128; token.len_max[0] = 128; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.len_min[1] = SALT_MIN; token.len_max[1] = SALT_MAX; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; if (hashconfig->opts_type & OPTS_TYPE_ST_HEX) { token.len_min[1] *= 2; token.len_max[1] *= 2; token.attr[1] |= TOKEN_ATTR_VERIFY_HEX; } const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *hash_pos = token.buf[0]; digest[0] = hex_to_u64 (hash_pos + 0); digest[1] = hex_to_u64 (hash_pos + 16); digest[2] = hex_to_u64 (hash_pos + 32); digest[3] = hex_to_u64 (hash_pos + 48); digest[4] = hex_to_u64 (hash_pos + 64); digest[5] = hex_to_u64 (hash_pos + 80); digest[6] = hex_to_u64 (hash_pos + 96); digest[7] = hex_to_u64 (hash_pos + 112); digest[0] = byte_swap_64 (digest[0]); digest[1] = byte_swap_64 (digest[1]); digest[2] = byte_swap_64 (digest[2]); digest[3] = byte_swap_64 (digest[3]); digest[4] = byte_swap_64 (digest[4]); digest[5] = byte_swap_64 (digest[5]); digest[6] = byte_swap_64 (digest[6]); digest[7] = byte_swap_64 (digest[7]); const u8 *salt_pos = token.buf[1]; const int salt_len = token.len[1]; const bool parse_rc = generic_salt_decode (hashconfig, salt_pos, salt_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); if (parse_rc == false) return (PARSER_SALT_LENGTH); return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 2; token.sep[0] = hashconfig->separator; token.len_min[0] = 40; token.len_max[0] = 40; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.len_min[1] = 20; token.len_max[1] = 20; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *hash_pos = token.buf[0]; digest[0] = hex_to_u32 (hash_pos + 0); digest[1] = hex_to_u32 (hash_pos + 8); digest[2] = hex_to_u32 (hash_pos + 16); digest[3] = hex_to_u32 (hash_pos + 24); digest[4] = hex_to_u32 (hash_pos + 32); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { digest[0] -= SHA1M_A; digest[1] -= SHA1M_B; digest[2] -= SHA1M_C; digest[3] -= SHA1M_D; digest[4] -= SHA1M_E; } const u8 *salt_pos = token.buf[1]; const int salt_len = token.len[1]; const bool parse_rc = generic_salt_decode (hashconfig, salt_pos, salt_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); if (parse_rc == false) return (PARSER_SALT_LENGTH); return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 1; token.len_min[0] = 64; token.len_max[0] = 64; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *hash_pos = token.buf[0]; digest[0] = hex_to_u32 (hash_pos + 0); digest[1] = hex_to_u32 (hash_pos + 8); digest[2] = hex_to_u32 (hash_pos + 16); digest[3] = hex_to_u32 (hash_pos + 24); digest[4] = hex_to_u32 (hash_pos + 32); digest[5] = hex_to_u32 (hash_pos + 40); digest[6] = hex_to_u32 (hash_pos + 48); digest[7] = hex_to_u32 (hash_pos + 56); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); digest[5] = byte_swap_32 (digest[5]); digest[6] = byte_swap_32 (digest[6]); digest[7] = byte_swap_32 (digest[7]); if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { digest[0] -= SHA256M_A; digest[1] -= SHA256M_B; digest[2] -= SHA256M_C; digest[3] -= SHA256M_D; digest[4] -= SHA256M_E; digest[5] -= SHA256M_F; digest[6] -= SHA256M_G; digest[7] -= SHA256M_H; } return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 2; token.signatures_cnt = 1; token.signatures_buf[0] = "{SHA}"; token.len[0] = 5; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.len_min[1] = 28; token.len_max[1] = 28; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_BASE64A; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *hash_pos = token.buf[1]; const int hash_len = token.len[1]; u8 tmp_buf[100] = { 0 }; base64_decode (base64_to_int, hash_pos, hash_len, tmp_buf); memcpy (digest, tmp_buf, 20); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { digest[0] -= SHA1M_A; digest[1] -= SHA1M_B; digest[2] -= SHA1M_C; digest[3] -= SHA1M_D; digest[4] -= SHA1M_E; } return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 1; token.len[0] = 43; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_BASE64B; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *hash_pos = token.buf[0]; const int hash_len = token.len[0]; u8 tmp_buf[100] = { 0 }; base64_decode (itoa64_to_int, (const u8 *) hash_pos, hash_len, tmp_buf); memcpy (digest, tmp_buf, 32); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); digest[5] = byte_swap_32 (digest[5]); digest[6] = byte_swap_32 (digest[6]); digest[7] = byte_swap_32 (digest[7]); if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { digest[0] -= SHA256M_A; digest[1] -= SHA256M_B; digest[2] -= SHA256M_C; digest[3] -= SHA256M_D; digest[4] -= SHA256M_E; digest[5] -= SHA256M_F; digest[6] -= SHA256M_G; digest[7] -= SHA256M_H; } return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 2; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_FORTIGATE; token.len[0] = 3; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.len[1] = 44; token.attr[1] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_BASE64A; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); /** * verify data */ const u8 *hash_pos = token.buf[1]; const int hash_len = token.len[1]; // decode salt + SHA1 hash (12 + 20 = 32) u8 tmp_buf[100] = { 0 }; const int decoded_len = base64_decode (base64_to_int, hash_pos, hash_len, tmp_buf); if (decoded_len != 32) return (PARSER_HASH_LENGTH); /** * store data */ // salt u32 salt_len = 12; memcpy (salt->salt_buf, tmp_buf, salt_len); salt->salt_len = salt_len; // digest memcpy (digest, tmp_buf + salt_len, 20); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { digest[0] -= SHA1M_A; digest[1] -= SHA1M_B; digest[2] -= SHA1M_C; digest[3] -= SHA1M_D; digest[4] -= SHA1M_E; } return (PARSER_OK); }
/* **************************************************** Scan the input file line by line getting specifications The input has be in the order expected here **************************************************** */ int get_input_specification(char * input_file) { extern int ACTUAL_LOG_CREATION; static FILE * fp_input = NULL; extern char PARENT_PATH[1024]; char line[1024], input[64], param[64], value[64], unit[64]; int num_flags=0, num_prints=0; char char_params[MAX_PARAMS][10]; char * pch; int j=0; fp_input = fopen(input_file, "r"); if (!fp_input) { fprintf(stderr, "Error: unable to open the input file %s\n", input_file); return -1; } /* if (!feof(fp_input)) { fscanf(fp_input, "ParamsOfInterest: %s\n", input); IMP_input->ParamsOfInterest = atoi(input); } */ fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "Parent_Path:") == 0) { strcpy(IMP_input->Parent_Path, value); if(atoi(unit) == 1) strcpy(PARENT_PATH, IMP_input->Parent_Path); } fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "Actuallogfile:") == 0) { strcpy(IMP_input->Actuallogfile, value); if(atoi(unit) == 1) { ACTUAL_LOG_CREATION = 1; } } fgets(line, 1024, fp_input); sscanf(line, "%s %s %s", param, value, unit); if (strcmp(param, "Randseeds:") == 0) { if(strcmp(value, "Direct") == 0) { IMP_input->num_randseeds = atoi(unit); input_tokenizer_int(line, IMP_input->Randseeds); } else { printf("Error getting Randseeds\n"); IMP_input->num_randseeds = 0; //default to gettimeofday //return -1; } } fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "FScapacity:") == 0) { IMP_input->FScapacity = atol(value); IMP_input->FScapacity *= ScaleByUnit(unit); } fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "FSused:") == 0) { if(strcmp(value, "NO") == 0) IMP_input->FSused = -1; else { IMP_input->FSused = atol(value); IMP_input->FSused *= ScaleByUnit(unit); } } fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "Numfiles:") == 0) { if(strcmp(value, "NO") == 0) IMP_input->Numfiles = -1; else { IMP_input->Numfiles = atol(value); IMP_input->Numfiles *= ScaleByUnit(unit); } } fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "Numdirs:") == 0) { if(strcmp(value, "NO") == 0) IMP_input->Numdirs = -1; else { IMP_input->Numdirs = atol(value); IMP_input->Numdirs *= ScaleByUnit(unit); } } fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "Filesperdir:") == 0) { if(strcmp(value, "NO") == 0) IMP_input->mean_files_per_dir = -1; else { IMP_input->mean_files_per_dir = atof(value); IMP_input->mean_files_per_dir *= ScaleByUnit(unit); } } fgets(line, 256, fp_input); sscanf(line, "%s %s %s", param, value, unit); if (strcmp(param, "FilesizeDistr:") == 0) { if(strcmp(value, "NO") == 0) strcpy(IMP_input->FilesizeDistr,""); else { if(strcmp(value, "Indir") == 0) { // Filename containing Distr (either X,Y or some // encoding of the distribution strcpy(IMP_input->FilesizeDistr, unit); } else if(strcmp(value, "Direct") == 0) { IMP_input->num_filesizeparams = atoi(unit); input_tokenizer(line, IMP_input->filesizeparams); } else { printf("Error getting FilesizeDistr\n"); return -1; } } } fgets(line, 256, fp_input); sscanf(line, "%s %s %s\n", param, value, unit); if (strcmp(param, "FilecountDistr:") == 0) { if(strcmp(value, "NO") == 0) strcpy(IMP_input->FilecountDistr,""); else { if(strcmp(value, "Indir") == 0) { strcpy(IMP_input->FilecountDistr, unit); } else if(strcmp(value, "Direct") == 0) { IMP_input->num_filecountparams = atoi(unit); input_tokenizer(line, IMP_input->filecountparams); } else { printf("Error getting FilecountDistr\n"); return -1; } } } fgets(line, 256, fp_input); sscanf(line, "%s %s %s", param, value, unit); if (strcmp(param, "Dircountfiles:") == 0) { if(strcmp(value, "NO") == 0) strcpy(IMP_input->Dircountfiles ,""); else { if(strcmp(value, "Indir") == 0) { strcpy(IMP_input->Dircountfiles, unit); } else if(strcmp(value, "Direct") == 0) { IMP_input->num_dircountfilesparams = atoi(unit); input_tokenizer(line, IMP_input->dircountfilesparams); } else { printf("Error getting Dircountfiles\n"); return -1; } } } fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "DirsizesubdirDistr:") == 0) { if(strcmp(value, "NO") == 0) strcpy(IMP_input->DirsizesubdirDistr,""); else { if(strcmp(value, "Indir") == 0) { strcpy(IMP_input->DirsizesubdirDistr, unit); } else { printf("Error getting DirsizesubdirDistr\n"); return -1; } } } fscanf(fp_input, "%s %s %s\n", param, value, unit); if (strcmp(param, "Fileswithdepth:") == 0) { if(strcmp(value, "NO") == 0) strcpy(IMP_input->Fileswithdepth, ""); else { if(strcmp(value, "Indir") == 0) { strcpy(IMP_input->Fileswithdepth, unit); } else if(strcmp(value, "Direct") == 0) { IMP_input->fileswithdepth_poisson = atof(unit); } else { printf("Error getting Fileswithdepth\n"); return -1; } } } fscanf(fp_input, "%s %s\n", param, value); if (strcmp(param, "Layoutscore:") == 0) { IMP_input->Layoutscore = atof(value); } fscanf(fp_input, "%s %s\n", param, value); if (strcmp(param, "Actualfilecreation:") == 0) { IMP_input->Actualfilecreation = atoi(value); } fscanf(fp_input, "%s %s\n", param, value); if (strcmp(param, "SpecialFlags:") == 0) { num_flags=atoi(value); for(int i =0; i< num_flags; i++) { fscanf(fp_input, "%s %s\n", value, unit); if(strcmp(value, "Flat") == 0) { IMP_input->Flag[sf_flat] = atoi(unit); } else if(strcmp(value, "Deep") == 0) { if(IMP_input->Flag[sf_flat]==1) { printf("Cannot have deep and flat tree at the same time ..\n \ going with Flat ..\n"); } else IMP_input->Flag[sf_deep]=atoi(unit); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 2; token.len[0] = 128; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.len[1] = 32; token.attr[1] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *hash_pos = token.buf[0]; digest[ 0] = hex_to_u32 (hash_pos + 0); digest[ 1] = hex_to_u32 (hash_pos + 8); digest[ 2] = hex_to_u32 (hash_pos + 16); digest[ 3] = hex_to_u32 (hash_pos + 24); digest[ 4] = hex_to_u32 (hash_pos + 32); digest[ 5] = hex_to_u32 (hash_pos + 40); digest[ 6] = hex_to_u32 (hash_pos + 48); digest[ 7] = hex_to_u32 (hash_pos + 56); digest[ 8] = hex_to_u32 (hash_pos + 64); digest[ 9] = hex_to_u32 (hash_pos + 72); digest[10] = hex_to_u32 (hash_pos + 80); digest[11] = hex_to_u32 (hash_pos + 88); digest[12] = hex_to_u32 (hash_pos + 96); digest[13] = hex_to_u32 (hash_pos + 104); digest[14] = hex_to_u32 (hash_pos + 112); digest[15] = hex_to_u32 (hash_pos + 120); digest[ 0] = byte_swap_32 (digest[ 0]); digest[ 1] = byte_swap_32 (digest[ 1]); digest[ 2] = byte_swap_32 (digest[ 2]); digest[ 3] = byte_swap_32 (digest[ 3]); digest[ 4] = byte_swap_32 (digest[ 4]); digest[ 5] = byte_swap_32 (digest[ 5]); digest[ 6] = byte_swap_32 (digest[ 6]); digest[ 7] = byte_swap_32 (digest[ 7]); digest[ 8] = byte_swap_32 (digest[ 8]); digest[ 9] = byte_swap_32 (digest[ 9]); digest[10] = byte_swap_32 (digest[10]); digest[11] = byte_swap_32 (digest[11]); digest[12] = byte_swap_32 (digest[12]); digest[13] = byte_swap_32 (digest[13]); digest[14] = byte_swap_32 (digest[14]); digest[15] = byte_swap_32 (digest[15]); const u8 *salt_pos = token.buf[1]; salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); salt->salt_buf[2] = hex_to_u32 (salt_pos + 16); salt->salt_buf[3] = hex_to_u32 (salt_pos + 24); salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); salt->salt_iter = ROUNDS_ORACLET - 1; salt->salt_len = 16; return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 3; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_NETSCALER; token.len[0] = 1; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.len[1] = 8; token.attr[1] = TOKEN_ATTR_FIXED_LENGTH; token.len[2] = 40; token.attr[2] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); // salt const u8 *salt_pos = token.buf[1]; const int salt_len = token.len[1]; memcpy (salt->salt_buf, salt_pos, salt_len); salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); salt->salt_len = salt_len; // hash const u8 *hash_pos = token.buf[2]; digest[0] = hex_to_u32 (hash_pos + 0); digest[1] = hex_to_u32 (hash_pos + 8); digest[2] = hex_to_u32 (hash_pos + 16); digest[3] = hex_to_u32 (hash_pos + 24); digest[4] = hex_to_u32 (hash_pos + 32); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { digest[0] -= SHA1M_A; digest[1] -= SHA1M_B; digest[2] -= SHA1M_C; digest[3] -= SHA1M_D; digest[4] -= SHA1M_E; } return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; ikepsk_t *ikepsk = (ikepsk_t *) esalt_buf; token_t token; token.token_cnt = 9; token.sep[0] = ':'; token.len_min[0] = 0; token.len_max[0] = 1024; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[1] = ':'; token.len_min[1] = 0; token.len_max[1] = 1024; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[2] = ':'; token.len_min[2] = 0; token.len_max[2] = 1024; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[3] = ':'; token.len_min[3] = 0; token.len_max[3] = 1024; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[4] = ':'; token.len_min[4] = 0; token.len_max[4] = 1024; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[5] = ':'; token.len_min[5] = 0; token.len_max[5] = 1024; token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[6] = ':'; token.len_min[6] = 0; token.len_max[6] = 128; token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[7] = ':'; token.len_min[7] = 0; token.len_max[7] = 128; token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[8] = ':'; token.len_min[8] = 32; token.len_max[8] = 32; token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); ikepsk->msg_len[0] = token.len[0] / 2; ikepsk->msg_len[1] = ikepsk->msg_len[0] + token.len[1] / 2; ikepsk->msg_len[2] = ikepsk->msg_len[1] + token.len[2] / 2; ikepsk->msg_len[3] = ikepsk->msg_len[2] + token.len[3] / 2; ikepsk->msg_len[4] = ikepsk->msg_len[3] + token.len[4] / 2; ikepsk->msg_len[5] = ikepsk->msg_len[4] + token.len[5] / 2; ikepsk->nr_len = (token.len[6] + token.len[7]) / 2; if (ikepsk->msg_len[5] > 512) return (PARSER_SALT_LENGTH); if (ikepsk->nr_len > 64) return (PARSER_SALT_LENGTH); u8 *ptr1 = (u8 *) ikepsk->msg_buf; u8 *ptr2 = (u8 *) ikepsk->nr_buf; for (int i = 0; i < token.len[0]; i += 2) *ptr1++ = hex_to_u8 (token.buf[0] + i); for (int i = 0; i < token.len[1]; i += 2) *ptr1++ = hex_to_u8 (token.buf[1] + i); for (int i = 0; i < token.len[2]; i += 2) *ptr1++ = hex_to_u8 (token.buf[2] + i); for (int i = 0; i < token.len[3]; i += 2) *ptr1++ = hex_to_u8 (token.buf[3] + i); for (int i = 0; i < token.len[4]; i += 2) *ptr1++ = hex_to_u8 (token.buf[4] + i); for (int i = 0; i < token.len[5]; i += 2) *ptr1++ = hex_to_u8 (token.buf[5] + i); for (int i = 0; i < token.len[6]; i += 2) *ptr2++ = hex_to_u8 (token.buf[6] + i); for (int i = 0; i < token.len[7]; i += 2) *ptr2++ = hex_to_u8 (token.buf[7] + i); *ptr1++ = 0x80; *ptr2++ = 0x80; /** * Store to database */ const u8 *hash_pos = token.buf[8]; digest[0] = hex_to_u32 (hash_pos + 0); digest[1] = hex_to_u32 (hash_pos + 8); digest[2] = hex_to_u32 (hash_pos + 16); digest[3] = hex_to_u32 (hash_pos + 24); salt->salt_len = 32; salt->salt_buf[0] = ikepsk->nr_buf[0]; salt->salt_buf[1] = ikepsk->nr_buf[1]; salt->salt_buf[2] = ikepsk->nr_buf[2]; salt->salt_buf[3] = ikepsk->nr_buf[3]; salt->salt_buf[4] = ikepsk->nr_buf[4]; salt->salt_buf[5] = ikepsk->nr_buf[5]; salt->salt_buf[6] = ikepsk->nr_buf[6]; salt->salt_buf[7] = ikepsk->nr_buf[7]; return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; agilekey_t *agilekey = (agilekey_t *) esalt_buf; token_t token; token.token_cnt = 3; token.len_min[0] = 1; token.len_max[0] = 6; token.sep[0] = ':'; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; token.len_min[1] = 16; token.len_max[1] = 16; token.sep[1] = ':'; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.len_min[2] = 2080; token.len_max[2] = 2080; token.sep[2] = ':'; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); /** * pbkdf2 iterations */ const u8 *iter_pos = token.buf[0]; salt->salt_iter = hc_strtoul ((const char *) iter_pos, NULL, 10) - 1; /** * handle salt encoding */ const u8 *salt_pos = token.buf[1]; const int salt_len = token.len[1]; u8 *saltbuf_ptr = (u8 *) salt->salt_buf; for (int i = 0; i < salt_len; i += 2) { const u8 p0 = salt_pos[i + 0]; const u8 p1 = salt_pos[i + 1]; *saltbuf_ptr++ = hex_convert (p1) << 0 | hex_convert (p0) << 4; } salt->salt_len = salt_len / 2; /** * handle cipher encoding */ const u8 *cipher_pos = token.buf[2]; const int cipher_len = token.len[2]; u32 tmp[32] = { 0 }; u8 *cipherbuf_ptr = (u8 *) tmp; for (int i = 2016; i < cipher_len; i += 2) { const u8 p0 = cipher_pos[i + 0]; const u8 p1 = cipher_pos[i + 1]; *cipherbuf_ptr++ = hex_convert (p1) << 0 | hex_convert (p0) << 4; } // iv is stored at salt_buf 4 (length 16) // data is stored at salt_buf 8 (length 16) salt->salt_buf[ 4] = byte_swap_32 (tmp[0]); salt->salt_buf[ 5] = byte_swap_32 (tmp[1]); salt->salt_buf[ 6] = byte_swap_32 (tmp[2]); salt->salt_buf[ 7] = byte_swap_32 (tmp[3]); salt->salt_buf[ 8] = byte_swap_32 (tmp[4]); salt->salt_buf[ 9] = byte_swap_32 (tmp[5]); salt->salt_buf[10] = byte_swap_32 (tmp[6]); salt->salt_buf[11] = byte_swap_32 (tmp[7]); for (int i = 0, j = 0; i < 1040; i += 1, j += 2) { const u8 p0 = cipher_pos[j + 0]; const u8 p1 = cipher_pos[j + 1]; agilekey->cipher[i] = hex_convert (p1) << 0 | hex_convert (p0) << 4; } /** * digest buf */ digest[0] = 0x10101010; digest[1] = 0x10101010; digest[2] = 0x10101010; digest[3] = 0x10101010; return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; jks_sha1_t *jks_sha1 = (jks_sha1_t *) esalt_buf; token_t token; token.token_cnt = 7; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_JKS_SHA1; token.sep[0] = '*'; token.len_min[0] = 10; token.len_max[0] = 10; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.sep[1] = '*'; token.len_min[1] = 40; token.len_max[1] = 40; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[2] = '*'; token.len_min[2] = 40; token.len_max[2] = 40; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[3] = '*'; token.len_min[3] = 2; token.len_max[3] = 16384; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[4] = '*'; token.len_min[4] = 2; token.len_max[4] = 2; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.sep[5] = '*'; token.len_min[5] = 28; token.len_max[5] = 28; token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[6] = '*'; token.len_min[6] = 0; token.len_max[6] = 64; token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); // checksum const u8 *checksum_pos = token.buf[1]; jks_sha1->checksum[0] = hex_to_u32 ((const u8 *) &checksum_pos[ 0]); jks_sha1->checksum[1] = hex_to_u32 ((const u8 *) &checksum_pos[ 8]); jks_sha1->checksum[2] = hex_to_u32 ((const u8 *) &checksum_pos[16]); jks_sha1->checksum[3] = hex_to_u32 ((const u8 *) &checksum_pos[24]); jks_sha1->checksum[4] = hex_to_u32 ((const u8 *) &checksum_pos[32]); // iv const u8 *iv_pos = token.buf[2]; jks_sha1->iv[0] = hex_to_u32 ((const u8 *) &iv_pos[ 0]); jks_sha1->iv[1] = hex_to_u32 ((const u8 *) &iv_pos[ 8]); jks_sha1->iv[2] = hex_to_u32 ((const u8 *) &iv_pos[16]); jks_sha1->iv[3] = hex_to_u32 ((const u8 *) &iv_pos[24]); jks_sha1->iv[4] = hex_to_u32 ((const u8 *) &iv_pos[32]); // enc_key const u8 *enc_key_pos = token.buf[3]; const int enc_key_len = token.len[3]; u8 *enc_key_buf = (u8 *) jks_sha1->enc_key_buf; for (int i = 0, j = 0; j < enc_key_len; i += 1, j += 2) { enc_key_buf[i] = hex_to_u8 ((const u8 *) &enc_key_pos[j]); jks_sha1->enc_key_len++; } // der1 const u8 *der1_pos = token.buf[4]; u8 *der = (u8 *) jks_sha1->der; der[0] = hex_to_u8 ((const u8 *) &der1_pos[0]); // der2 const u8 *der2_pos = token.buf[5]; for (int i = 6, j = 0; j < 28; i += 1, j += 2) { der[i] = hex_to_u8 ((const u8 *) &der2_pos[j]); } der[1] = 0; der[2] = 0; der[3] = 0; der[4] = 0; der[5] = 0; // alias const u8 *alias_pos = token.buf[6]; strncpy ((char *) jks_sha1->alias, (const char *) alias_pos, 64); // fake salt salt->salt_buf[0] = jks_sha1->iv[0]; salt->salt_buf[1] = jks_sha1->iv[1]; salt->salt_buf[2] = jks_sha1->iv[2]; salt->salt_buf[3] = jks_sha1->iv[3]; salt->salt_buf[4] = jks_sha1->iv[4]; salt->salt_len = 20; // fake digest digest[0] = byte_swap_32 (jks_sha1->der[0]); digest[1] = byte_swap_32 (jks_sha1->der[1]); digest[2] = byte_swap_32 (jks_sha1->der[2]); digest[3] = byte_swap_32 (jks_sha1->der[3]); digest[4] = byte_swap_32 (jks_sha1->der[4]); return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 4; token.len[0] = 1; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH; token.len[1] = 1; token.attr[1] = TOKEN_ATTR_FIXED_LENGTH; token.len[2] = 48; token.attr[2] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_BASE64A; token.len[3] = 1; token.attr[3] = TOKEN_ATTR_FIXED_LENGTH; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); if (token.buf[0][0] != '(') return (PARSER_SIGNATURE_UNMATCHED); if (token.buf[1][0] != 'H') return (PARSER_SIGNATURE_UNMATCHED); if (token.buf[3][0] != ')') return (PARSER_SIGNATURE_UNMATCHED); // decode const u8 *hash_pos = token.buf[2]; const int hash_len = token.len[2]; u8 tmp_buf[120] = { 0 }; base64_decode (lotus64_to_int, hash_pos, hash_len, tmp_buf); tmp_buf[3] += -4; // dont ask! // salt memcpy (salt->salt_buf, tmp_buf, 16); salt->salt_len = 16; // Attention: in theory we have 2 salt_len, one for the -m 8700 part (len: 8), 2nd for the 9100 part (len: 16) // iteration char tmp_iter_buf[11] = { 0 }; memcpy (tmp_iter_buf, tmp_buf + 16, 10); tmp_iter_buf[10] = 0; salt->salt_iter = hc_strtoul ((const char *) tmp_iter_buf, NULL, 10); if (salt->salt_iter < 1) // well, the limit hopefully is much higher { return (PARSER_SALT_ITERATION); } salt->salt_iter--; // first round in init // 2 additional bytes for display only salt->salt_buf_pc[0] = tmp_buf[26]; salt->salt_buf_pc[1] = tmp_buf[27]; // digest memcpy (digest, tmp_buf + 28, 8); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = 0; digest[3] = 0; return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; apple_secure_notes_t *apple_secure_notes = (apple_secure_notes_t *) esalt_buf; token_t token; token.token_cnt = 6; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_FILEVAULT2; token.len[0] = 6; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.sep[1] = '$'; token.len_min[1] = 1; token.len_max[1] = 10; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.sep[2] = '$'; token.len_min[2] = 1; token.len_max[2] = 6; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.sep[3] = '$'; token.len_min[3] = 32; token.len_max[3] = 32; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[4] = '$'; token.len_min[4] = 1; token.len_max[4] = 6; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.sep[5] = '$'; token.len_min[5] = 48; token.len_max[5] = 48; token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); // Z_PK const u8 *Z_PK_pos = token.buf[1]; const u32 Z_PK = hc_strtoul ((const char *) Z_PK_pos, NULL, 10); if (Z_PK != 1) return (PARSER_SIGNATURE_UNMATCHED); apple_secure_notes->Z_PK = Z_PK; // ZCRYPTOSALT const u8 *ZCRYPTOSALT_pos = token.buf[3]; apple_secure_notes->ZCRYPTOSALT[ 0] = hex_to_u32 ((const u8 *) &ZCRYPTOSALT_pos[ 0]); apple_secure_notes->ZCRYPTOSALT[ 1] = hex_to_u32 ((const u8 *) &ZCRYPTOSALT_pos[ 8]); apple_secure_notes->ZCRYPTOSALT[ 2] = hex_to_u32 ((const u8 *) &ZCRYPTOSALT_pos[16]); apple_secure_notes->ZCRYPTOSALT[ 3] = hex_to_u32 ((const u8 *) &ZCRYPTOSALT_pos[24]); apple_secure_notes->ZCRYPTOSALT[ 4] = 0; apple_secure_notes->ZCRYPTOSALT[ 5] = 0; apple_secure_notes->ZCRYPTOSALT[ 6] = 0; apple_secure_notes->ZCRYPTOSALT[ 7] = 0; apple_secure_notes->ZCRYPTOSALT[ 8] = 0; apple_secure_notes->ZCRYPTOSALT[ 9] = 0; apple_secure_notes->ZCRYPTOSALT[10] = 0; apple_secure_notes->ZCRYPTOSALT[11] = 0; apple_secure_notes->ZCRYPTOSALT[12] = 0; apple_secure_notes->ZCRYPTOSALT[13] = 0; apple_secure_notes->ZCRYPTOSALT[14] = 0; apple_secure_notes->ZCRYPTOSALT[15] = 0; // ZCRYPTOITERATIONCOUNT const u8 *ZCRYPTOITERATIONCOUNT_pos = token.buf[4]; const u32 ZCRYPTOITERATIONCOUNT = hc_strtoul ((const char *) ZCRYPTOITERATIONCOUNT_pos, NULL, 10); apple_secure_notes->ZCRYPTOITERATIONCOUNT = ZCRYPTOITERATIONCOUNT; // ZCRYPTOWRAPPEDKEY const u8 *ZCRYPTOWRAPPEDKEY_pos = token.buf[5]; apple_secure_notes->ZCRYPTOWRAPPEDKEY[0] = hex_to_u32 ((const u8 *) &ZCRYPTOWRAPPEDKEY_pos[ 0]); apple_secure_notes->ZCRYPTOWRAPPEDKEY[1] = hex_to_u32 ((const u8 *) &ZCRYPTOWRAPPEDKEY_pos[ 8]); apple_secure_notes->ZCRYPTOWRAPPEDKEY[2] = hex_to_u32 ((const u8 *) &ZCRYPTOWRAPPEDKEY_pos[16]); apple_secure_notes->ZCRYPTOWRAPPEDKEY[3] = hex_to_u32 ((const u8 *) &ZCRYPTOWRAPPEDKEY_pos[24]); apple_secure_notes->ZCRYPTOWRAPPEDKEY[4] = hex_to_u32 ((const u8 *) &ZCRYPTOWRAPPEDKEY_pos[32]); apple_secure_notes->ZCRYPTOWRAPPEDKEY[5] = hex_to_u32 ((const u8 *) &ZCRYPTOWRAPPEDKEY_pos[40]); // fake salt salt->salt_buf[0] = apple_secure_notes->ZCRYPTOSALT[0]; salt->salt_buf[1] = apple_secure_notes->ZCRYPTOSALT[1]; salt->salt_buf[2] = apple_secure_notes->ZCRYPTOSALT[2]; salt->salt_buf[3] = apple_secure_notes->ZCRYPTOSALT[3]; salt->salt_buf[4] = apple_secure_notes->Z_PK; salt->salt_iter = apple_secure_notes->ZCRYPTOITERATIONCOUNT - 1; salt->salt_len = 20; // fake hash digest[0] = apple_secure_notes->ZCRYPTOWRAPPEDKEY[0]; digest[1] = apple_secure_notes->ZCRYPTOWRAPPEDKEY[1]; digest[2] = apple_secure_notes->ZCRYPTOWRAPPEDKEY[2]; digest[3] = apple_secure_notes->ZCRYPTOWRAPPEDKEY[3]; return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 4; token.sep[0] = ':'; token.len_min[0] = 32; token.len_max[0] = 32; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; token.sep[1] = ':'; token.len_min[1] = 1; token.len_max[1] = 32; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; token.sep[2] = ':'; token.len_min[2] = 1; token.len_max[2] = 32; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; token.sep[3] = ':'; token.len_min[3] = 1; token.len_max[3] = 6; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); // ok, the plan for this algorithm is the following: // we have 2 salts here, the domain-name and a random salt // while both are used in the initial transformation, // only the random salt is used in the following iterations // so we create two buffer, one that includes domain-name (stored into salt_buf_pc[]) // and one that includes only the real salt (stored into salt_buf[]). // the domain-name length is put into array position 7 of salt_buf_pc[] since there is not salt_pc_len const u8 *hash_pos = token.buf[0]; const int hash_len = token.len[0]; u8 tmp_buf[100] = { 0 }; base32_decode (itoa32_to_int, hash_pos, hash_len, tmp_buf); memcpy (digest, tmp_buf, 20); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); // domain const u8 *domain_pos = token.buf[1]; const int domain_len = token.len[1]; u8 *salt_buf_pc_ptr = (u8 *) salt->salt_buf_pc; memcpy (salt_buf_pc_ptr, domain_pos, domain_len); if (salt_buf_pc_ptr[0] != '.') return (PARSER_SALT_VALUE); u8 *len_ptr = salt_buf_pc_ptr; *len_ptr = 0; for (int i = 1; i < domain_len; i++) { if (salt_buf_pc_ptr[i] == '.') { len_ptr = salt_buf_pc_ptr + i; *len_ptr = 0; } else { *len_ptr += 1; } } salt->salt_len_pc = domain_len; // "real" salt const u8 *salt_pos = token.buf[2]; const int salt_len = token.len[2]; const bool parse_rc = generic_salt_decode (hashconfig, salt_pos, salt_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); if (parse_rc == false) return (PARSER_SALT_LENGTH); // iteration const u8 *iter_pos = token.buf[3]; salt->salt_iter = hc_strtoul ((const char *) iter_pos, NULL, 10); return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; odf12_t *odf12 = (odf12_t *) esalt_buf; token_t token; token.token_cnt = 12; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_ODF; token.len_min[0] = 5; token.len_max[0] = 5; token.sep[0] = '*'; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.len_min[1] = 1; token.len_max[1] = 1; token.sep[1] = '*'; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.len_min[2] = 1; token.len_max[2] = 1; token.sep[2] = '*'; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.len_min[3] = 4; token.len_max[3] = 6; token.sep[3] = '*'; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.len_min[4] = 2; token.len_max[4] = 2; token.sep[4] = '*'; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.len_min[5] = 64; token.len_max[5] = 64; token.sep[5] = '*'; token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.len_min[6] = 2; token.len_max[6] = 2; token.sep[6] = '*'; token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.len_min[7] = 32; token.len_max[7] = 32; token.sep[7] = '*'; token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.len_min[8] = 2; token.len_max[8] = 2; token.sep[8] = '*'; token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.len_min[9] = 32; token.len_max[9] = 32; token.sep[9] = '*'; token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.len_min[10] = 1; token.len_max[10] = 1; token.sep[10] = '*'; token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.len[11] = 2048; token.attr[11] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *checksum = token.buf[5]; const u8 *iv = token.buf[7]; const u8 *salt_buf = token.buf[9]; const u8 *encrypted_data = token.buf[11]; const u32 cipher_type = strtol ((const char *) token.buf[1], NULL, 10); const u32 checksum_type = strtol ((const char *) token.buf[2], NULL, 10); const u32 iterations = strtol ((const char *) token.buf[3], NULL, 10); const u32 key_size = strtol ((const char *) token.buf[4], NULL, 10); const u32 iv_len = strtol ((const char *) token.buf[6], NULL, 10); const u32 salt_len = strtol ((const char *) token.buf[8], NULL, 10); const u32 unused = strtol ((const char *) token.buf[10], NULL, 10); if (cipher_type != 1) return (PARSER_SALT_VALUE); if (checksum_type != 1) return (PARSER_SALT_VALUE); if (key_size != 32) return (PARSER_SALT_VALUE); if (iv_len != 16) return (PARSER_SALT_VALUE); if (salt_len != 16) return (PARSER_SALT_VALUE); if (unused != 0) return (PARSER_SALT_VALUE); // esalt odf12->iterations = iterations; odf12->checksum[0] = hex_to_u32 (&checksum[ 0]); odf12->checksum[1] = hex_to_u32 (&checksum[ 8]); odf12->checksum[2] = hex_to_u32 (&checksum[16]); odf12->checksum[3] = hex_to_u32 (&checksum[24]); odf12->checksum[4] = hex_to_u32 (&checksum[32]); odf12->checksum[5] = hex_to_u32 (&checksum[40]); odf12->checksum[6] = hex_to_u32 (&checksum[48]); odf12->checksum[7] = hex_to_u32 (&checksum[56]); odf12->iv[0] = hex_to_u32 (&iv[0]); odf12->iv[1] = hex_to_u32 (&iv[8]); odf12->iv[2] = hex_to_u32 (&iv[16]); odf12->iv[3] = hex_to_u32 (&iv[24]); for (int i = 0, j = 0; i < 256; i += 1, j += 8) { odf12->encrypted_data[i] = hex_to_u32 (&encrypted_data[j]); } // salt salt->salt_len = salt_len; salt->salt_iter = iterations - 1; salt->salt_buf[0] = hex_to_u32 (&salt_buf[ 0]); salt->salt_buf[1] = hex_to_u32 (&salt_buf[ 8]); salt->salt_buf[2] = hex_to_u32 (&salt_buf[16]); salt->salt_buf[3] = hex_to_u32 (&salt_buf[24]); /** * digest */ digest[0] = odf12->checksum[0]; digest[1] = odf12->checksum[1]; digest[2] = odf12->checksum[2]; digest[3] = odf12->checksum[3]; digest[4] = odf12->checksum[4]; digest[5] = odf12->checksum[5]; digest[6] = odf12->checksum[6]; digest[7] = odf12->checksum[7]; return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; pbkdf2_sha256_t *pbkdf2_sha256 = (pbkdf2_sha256_t *) esalt_buf; token_t token; token.token_cnt = 3; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_CISCO8; token.len[0] = 3; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.len_min[1] = 14; token.len_max[1] = 14; token.sep[1] = '$'; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; token.len[2] = 43; token.attr[2] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_BASE64B; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); // salt is not encoded const u8 *salt_pos = token.buf[1]; const int salt_len = token.len[1]; u8 *salt_buf_ptr = (u8 *) pbkdf2_sha256->salt_buf; memcpy (salt_buf_ptr, salt_pos, salt_len); salt_buf_ptr[17] = 0x01; salt_buf_ptr[18] = 0x80; // add some stuff to normal salt to make sorted happy salt->salt_buf[0] = pbkdf2_sha256->salt_buf[0]; salt->salt_buf[1] = pbkdf2_sha256->salt_buf[1]; salt->salt_buf[2] = pbkdf2_sha256->salt_buf[2]; salt->salt_buf[3] = pbkdf2_sha256->salt_buf[3]; salt->salt_len = salt_len; salt->salt_iter = ROUNDS_CISCO8 - 1; // base64 decode hash const u8 *hash_pos = token.buf[2]; const int hash_len = token.len[2]; u8 tmp_buf[100] = { 0 }; const int tmp_len = base64_decode (itoa64_to_int, hash_pos, hash_len, tmp_buf); if (tmp_len != 32) return (PARSER_HASH_LENGTH); memcpy (digest, tmp_buf, 32); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); digest[5] = byte_swap_32 (digest[5]); digest[6] = byte_swap_32 (digest[6]); digest[7] = byte_swap_32 (digest[7]); return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; dpapimk_t *dpapimk = (dpapimk_t *) esalt_buf; token_t token; token.token_cnt = 10; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_DPAPIMK; // signature token.len[0] = 9; token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; // version token.len_min[1] = 1; token.len_max[1] = 1; token.sep[1] = '*'; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; // context token.len_min[2] = 1; token.len_max[2] = 1; token.sep[2] = '*'; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; // sid token.len_min[3] = 10; token.len_max[3] = 60; token.sep[3] = '*'; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH; // cipher token.len_min[4] = 4; token.len_max[4] = 6; token.sep[4] = '*'; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; // hash token.len_min[5] = 4; token.len_max[5] = 6; token.sep[5] = '*'; token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH; // iterations token.len_min[6] = 1; token.len_max[6] = 6; token.sep[6] = '*'; token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; // iv token.len_min[7] = 32; token.len_max[7] = 32; token.sep[7] = '*'; token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; // content len token.len_min[8] = 1; token.len_max[8] = 6; token.sep[8] = '*'; token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; // content token.len_min[9] = 0; token.len_max[9] = 1024; token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *version_pos = token.buf[1]; const u8 *context_pos = token.buf[2]; const u8 *SID_pos = token.buf[3]; const u8 *rounds_pos = token.buf[6]; const u8 *iv_pos = token.buf[7]; const u8 *contents_len_pos = token.buf[8]; const u8 *contents_pos = token.buf[9]; /** * content verification */ const int version = hc_strtoul ((const char *) version_pos, NULL, 10); const int contents_len = hc_strtoul ((const char *) contents_len_pos, NULL, 10); if (version == 1) { if (contents_len != 208) return (PARSER_SALT_LENGTH); } else if (version == 2) { if (contents_len != 288) return (PARSER_SALT_LENGTH); } else { return (PARSER_SALT_VALUE); } if (contents_len != token.len[9]) return (PARSER_SALT_LENGTH); dpapimk->contents_len = contents_len; dpapimk->context = hc_strtoul ((const char *) context_pos, NULL, 10); // division by 4 should be fine because contents_len is either 208 or 288 for (u32 i = 0; i < dpapimk->contents_len / 4; i++) { dpapimk->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[i * 8]); dpapimk->contents[i] = byte_swap_32 (dpapimk->contents[i]); } // SID const int SID_len = token.len[3]; u8 SID_utf16le[128] = { 0 }; for (int i = 0; i < SID_len; i++) { SID_utf16le[i * 2] = SID_pos[i]; } /* Specific to DPAPI: needs trailing '\0' while computing hash */ dpapimk->SID_len = (SID_len + 1) * 2; SID_utf16le[dpapimk->SID_len] = 0x80; memcpy ((u8 *) dpapimk->SID, SID_utf16le, sizeof (SID_utf16le)); for (u32 i = 0; i < 32; i++) { dpapimk->SID[i] = byte_swap_32 (dpapimk->SID[i]); } // iv dpapimk->iv[0] = hex_to_u32 ((const u8 *) &iv_pos[ 0]); dpapimk->iv[1] = hex_to_u32 ((const u8 *) &iv_pos[ 8]); dpapimk->iv[2] = hex_to_u32 ((const u8 *) &iv_pos[16]); dpapimk->iv[3] = hex_to_u32 ((const u8 *) &iv_pos[24]); dpapimk->iv[0] = byte_swap_32 (dpapimk->iv[0]); dpapimk->iv[1] = byte_swap_32 (dpapimk->iv[1]); dpapimk->iv[2] = byte_swap_32 (dpapimk->iv[2]); dpapimk->iv[3] = byte_swap_32 (dpapimk->iv[3]); digest[0] = dpapimk->iv[0]; digest[1] = dpapimk->iv[1]; digest[2] = dpapimk->iv[2]; digest[3] = dpapimk->iv[3]; salt->salt_buf[0] = dpapimk->iv[0]; salt->salt_buf[1] = dpapimk->iv[1]; salt->salt_buf[2] = dpapimk->iv[2]; salt->salt_buf[3] = dpapimk->iv[3]; salt->salt_len = 16; // iter salt->salt_iter = hc_strtoul ((const char *) rounds_pos, NULL, 10) - 1; return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; wpa_pmkid_t *wpa_pmkid = (wpa_pmkid_t *) esalt_buf; token_t token; // real 16801 pmkid hash-lines token.token_cnt = 3; token.sep[0] = ':'; token.len_min[0] = 32; token.len_max[0] = 32; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[1] = ':'; token.len_min[1] = 12; token.len_max[1] = 12; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[2] = ':'; token.len_min[2] = 12; token.len_max[2] = 12; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) { // we'll accept normal 16800 pmkid hash-lines, too token.token_cnt = 4; token.sep[0] = ':'; token.len_min[0] = 32; token.len_max[0] = 32; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[1] = ':'; token.len_min[1] = 12; token.len_max[1] = 12; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[2] = ':'; token.len_min[2] = 12; token.len_max[2] = 12; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; token.sep[3] = ':'; token.len_min[3] = 0; token.len_max[3] = 64; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer2 = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer2 != PARSER_OK) return (rc_tokenizer); // essid const u8 *essid_buf = token.buf[3]; const int essid_len = token.len[3]; if (essid_len & 1) return (PARSER_SALT_VALUE); wpa_pmkid->essid_len = hex_decode (essid_buf, essid_len, (u8 *) wpa_pmkid->essid_buf); } // pmkid const u8 *pmkid_buf = token.buf[0]; wpa_pmkid->pmkid[0] = hex_to_u32 (pmkid_buf + 0); wpa_pmkid->pmkid[1] = hex_to_u32 (pmkid_buf + 8); wpa_pmkid->pmkid[2] = hex_to_u32 (pmkid_buf + 16); wpa_pmkid->pmkid[3] = hex_to_u32 (pmkid_buf + 24); // mac_ap const u8 *macap_buf = token.buf[1]; wpa_pmkid->orig_mac_ap[0] = hex_to_u8 (macap_buf + 0); wpa_pmkid->orig_mac_ap[1] = hex_to_u8 (macap_buf + 2); wpa_pmkid->orig_mac_ap[2] = hex_to_u8 (macap_buf + 4); wpa_pmkid->orig_mac_ap[3] = hex_to_u8 (macap_buf + 6); wpa_pmkid->orig_mac_ap[4] = hex_to_u8 (macap_buf + 8); wpa_pmkid->orig_mac_ap[5] = hex_to_u8 (macap_buf + 10); // mac_sta const u8 *macsta_buf = token.buf[2]; wpa_pmkid->orig_mac_sta[0] = hex_to_u8 (macsta_buf + 0); wpa_pmkid->orig_mac_sta[1] = hex_to_u8 (macsta_buf + 2); wpa_pmkid->orig_mac_sta[2] = hex_to_u8 (macsta_buf + 4); wpa_pmkid->orig_mac_sta[3] = hex_to_u8 (macsta_buf + 6); wpa_pmkid->orig_mac_sta[4] = hex_to_u8 (macsta_buf + 8); wpa_pmkid->orig_mac_sta[5] = hex_to_u8 (macsta_buf + 10); // pmkid_data wpa_pmkid->pmkid_data[0] = 0x204b4d50; // "PMK " wpa_pmkid->pmkid_data[1] = 0x656d614e; // "Name" wpa_pmkid->pmkid_data[2] = (wpa_pmkid->orig_mac_ap[0] << 0) | (wpa_pmkid->orig_mac_ap[1] << 8) | (wpa_pmkid->orig_mac_ap[2] << 16) | (wpa_pmkid->orig_mac_ap[3] << 24); wpa_pmkid->pmkid_data[3] = (wpa_pmkid->orig_mac_ap[4] << 0) | (wpa_pmkid->orig_mac_ap[5] << 8) | (wpa_pmkid->orig_mac_sta[0] << 16) | (wpa_pmkid->orig_mac_sta[1] << 24); wpa_pmkid->pmkid_data[4] = (wpa_pmkid->orig_mac_sta[2] << 0) | (wpa_pmkid->orig_mac_sta[3] << 8) | (wpa_pmkid->orig_mac_sta[4] << 16) | (wpa_pmkid->orig_mac_sta[5] << 24); // salt salt->salt_buf[0] = wpa_pmkid->pmkid_data[0]; salt->salt_buf[1] = wpa_pmkid->pmkid_data[1]; salt->salt_buf[2] = wpa_pmkid->pmkid_data[2]; salt->salt_buf[3] = wpa_pmkid->pmkid_data[3]; salt->salt_buf[4] = wpa_pmkid->pmkid_data[4]; salt->salt_buf[5] = wpa_pmkid->pmkid_data[5]; salt->salt_buf[6] = wpa_pmkid->pmkid_data[6]; salt->salt_buf[7] = wpa_pmkid->pmkid_data[7]; salt->salt_len = 32; salt->salt_iter = ROUNDS_WPA_PMK - 1; // hash digest[0] = wpa_pmkid->pmkid[0]; digest[1] = wpa_pmkid->pmkid[1]; digest[2] = wpa_pmkid->pmkid[2]; digest[3] = wpa_pmkid->pmkid[3]; digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); return (PARSER_OK); }
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; token_t token; token.token_cnt = 4; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_EPISERVER; token.len_min[0] = 11; token.len_max[0] = 11; token.sep[0] = '*'; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; token.len_min[1] = 1; token.len_max[1] = 6; token.sep[1] = '*'; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.len_min[2] = ((SALT_MIN * 8) / 6) + 0; token.len_max[2] = ((SALT_MAX * 8) / 6) + 3; token.sep[2] = '*'; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_BASE64A; token.len_min[3] = 27; token.len_max[3] = 27; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_BASE64A; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *hash_pos = token.buf[3]; const int hash_len = token.len[3]; u8 tmp_buf[100] = { 0 }; base64_decode (base64_to_int, hash_pos, hash_len, tmp_buf); memcpy (digest, tmp_buf, 20); digest[0] = byte_swap_32 (digest[0]); digest[1] = byte_swap_32 (digest[1]); digest[2] = byte_swap_32 (digest[2]); digest[3] = byte_swap_32 (digest[3]); digest[4] = byte_swap_32 (digest[4]); if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { digest[0] -= SHA1M_A; digest[1] -= SHA1M_B; digest[2] -= SHA1M_C; digest[3] -= SHA1M_D; digest[4] -= SHA1M_E; } const u8 *salt_pos = token.buf[2]; const int salt_len = token.len[2]; const bool parse_rc = generic_salt_decode (hashconfig, salt_pos, salt_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); if (parse_rc == false) return (PARSER_SALT_LENGTH); return (PARSER_OK); }