void bruteforceAttack(Account **accounts, int max_len)
{
int i, j, k, nb, found;
char *word = NULL;
char *hash = NULL;
Account *account = NULL;
/* *** Check parameters *** */
if (accounts == NULL)
goto exit;
if (max_len < 1)
max_len = BRUTE_FORCE_DEFAULT_LEN;
/* *** Init *** */
nb = AccountsLen(accounts);
found = 0;
word = malloc((max_len + 1) * sizeof(char));
if (word == NULL)
{
fprintf(stderr, "error : memory allocation failed\n");
goto exit;
}
for (i = 1; i <= max_len; i++)
{
for (j = 0; j < i; j++)
word[j]='a';
word[i]=0;
do
{
/* *** If all accounts have been cracked *** */
if (found == nb)
goto exit;
/* *** Display the testing word *** */
printf(" %s\n", word);
/* *** Try the word for each account *** */
for (k = 0; k < nb; k++)
{
account = accounts[k];
/* *** Get the hash of the word *** */
switch(account->id)
{
case MD5:
hash = crypt_md5(word, account->salt,
account->rounds);
break;
case SHA256:
hash = crypt_sha256(word, account->salt,
account->rounds);
break;
case SHA512:
hash = crypt_sha512(word, account->salt,
account->rounds);
break;
}
/* *** Check if the word hash is identical *** */
if (hash != NULL)
{
if (account->password == NULL &&
!strcmp(account->hash, hash))
{
printf("\nlogin : %s\n", account->login);
printf("password : %s\n", word);
account->password = (char *) malloc(strlen(word)
+ 1);
if (account->password == NULL)
fprintf(stderr, "error : memory allocation "\
"failed\n");
memset(account->password + strlen(word), '\0', 1);
getchar();
found++;
}
free(hash);
hash = NULL;
}
}
} while (inc(word));
}
/* *** Restore memory *** */
free(word);
word = NULL;
exit:
if (hash != NULL)
free(hash);
return ;
}
void dictionaryAttack(Account **accounts, const char *dico)
{
int i, nb, found;
size_t read, len;
char *line = NULL;
char *word = NULL;
char *hash = NULL;
FILE *f = NULL;
Account *account = NULL;
/* *** Init *** */
nb = AccountsLen(accounts);
found = 0;
/* *** Check parameters *** */
if (accounts == NULL || dico == NULL)
goto exit;
/* *** Try to open the dictionary *** */
f = fopen(dico, "r");
if (f == NULL)
{
fprintf(stderr, "error : unable to open %s\n", dico);
goto exit;
}
/* *** Try each word in the dictionary *** */
while ((read = getline(&line, &len, f)) != EOF)
{
/* *** If all accounts have been cracked *** */
if (found == nb)
goto exit;
word = strtok(line, "\r\n");
if (word == NULL)
continue;
/* *** Print the word *** */
printf(" %s\n", word);
/* *** Try the word for each account *** */
for (i = 0; i < nb; i++)
{
account = accounts[i];
switch(account->id)
{
case MD5:
hash = crypt_md5(word, account->salt, account->rounds);
break;
case SHA256:
hash = crypt_sha256(word, account->salt,
account->rounds);
break;
case SHA512:
hash = crypt_sha512(word, account->salt,
account->rounds);
break;
}
/* *** Check if the hash is identical *** */
if (hash != NULL)
{
if (account->password == NULL &&
!strcmp(account->hash, hash))
{
printf("\nlogin : %s\n", account->login);
printf("password : %s\n", word);
account->password = (char *) malloc(strlen(word) + 1);
if (account->password == NULL)
{
fprintf(stderr, "error : memory allocation "\
"failed\n");
goto exit;
}
strcpy(account->password, word);
memset(account->password + strlen(word), '\0', 1);
found++;
getchar();
}
free(hash);
}
}
/* *** Restore memory *** */
free(line);
line = NULL;
word = NULL;
hash = NULL;
}
exit:
if (f != NULL)
fclose(f);
if (line != NULL)
free(line);
if (hash != NULL)
free(hash);
}
int
main(void)
{
SHA512_CTX ctx;
uint8_t sum[64];
int result = 0;
int i, cnt;
for (cnt = 0; cnt < (int)ntests; ++cnt) {
SHA512_Init(&ctx);
SHA512_Update(&ctx, tests[cnt].input, strlen(tests[cnt].input));
SHA512_Final(sum, &ctx);
if (memcmp(tests[cnt].result, sum, 64) != 0) {
printf("test %d run %d failed\n", cnt, 1);
result = 1;
}
SHA512_Init(&ctx);
for (i = 0; tests[cnt].input[i] != '\0'; ++i)
SHA512_Update(&ctx, &tests[cnt].input[i], 1);
SHA512_Final(sum, &ctx);
if (memcmp(tests[cnt].result, sum, 64) != 0) {
printf("test %d run %d failed\n", cnt, 2);
result = 1;
}
}
/* Test vector from FIPS 180-2: appendix C.3. */
char buf[1000];
memset(buf, 'a', sizeof(buf));
SHA512_Init(&ctx);
for (i = 0; i < 1000; ++i)
SHA512_Update(&ctx, buf, sizeof(buf));
SHA512_Final(sum, &ctx);
static const char expected[64] =
"\xe7\x18\x48\x3d\x0c\xe7\x69\x64\x4e\x2e\x42\xc7\xbc\x15\xb4\x63"
"\x8e\x1f\x98\xb1\x3b\x20\x44\x28\x56\x32\xa8\x03\xaf\xa9\x73\xeb"
"\xde\x0f\xf2\x44\x87\x7e\xa6\x0a\x4c\xb0\x43\x2c\xe5\x77\xc3\x1b"
"\xeb\x00\x9c\x5c\x2c\x49\xaa\x2e\x4e\xad\xb2\x17\xad\x8c\xc0\x9b";
if (memcmp(expected, sum, 64) != 0) {
printf("test %d failed\n", cnt);
result = 1;
}
for (cnt = 0; cnt < ntests2; ++cnt) {
char *cp = crypt_sha512(tests2[cnt].input, tests2[cnt].salt);
if (strcmp(cp, tests2[cnt].expected) != 0) {
printf("test %d: expected \"%s\", got \"%s\"\n",
cnt, tests2[cnt].expected, cp);
result = 1;
}
}
if (result == 0)
puts("all tests OK");
return result;
}