void scramble_323(char *to, _MYSQL_DATA *_psSessionData, const char *message, const char *password)
{
struct rand_struct rand_st;
ulong hash_pass[2], hash_message[2];
if (password && password[0])
{
char extra, *to_start=to;
const char *message_end= message + SCRAMBLE_LENGTH_323;
/* Idea borrowed from "The Database Hacker's Handbook: Defending Database Servers" */
if (_psSessionData->hashFlag == HASH)
{
if (strlen(password) != 16)
writeError(ERR_ERROR, "[%s] Invalid Hash Type (Old Style Hash Required)", MODULE_NAME);
sscanf(password, "%08lx%08lx", &hash_pass[0], &hash_pass[1]);
}
else
hash_password(hash_pass, password, strlen(password));
hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]);
for (; message < message_end; message++)
*to++= (char) (floor(my_rnd(&rand_st)*31)+64);
extra=(char) (floor(my_rnd(&rand_st)*31));
while (to_start != to)
*(to_start++)^=extra;
}
*to= 0;
}
char *scramble(char *to,const char *message,const char *password,
my_bool old_ver)
{
struct rand_struct rand_st;
ulong hash_pass[2],hash_message[2];
if (password && password[0])
{
char *to_start=to;
hash_password(hash_pass,password);
hash_password(hash_message,message);
if (old_ver)
old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
else
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
while (*message++)
*to++= (char) (floor(rnd(&rand_st)*31)+64);
if (!old_ver)
{ /* Make it harder to break */
char extra=(char) (floor(rnd(&rand_st)*31));
while (to_start != to)
*(to_start++)^=extra;
}
}
*to=0;
return to;
}
// 0x0040159b
void do_login(struct state* arg_state) {
// rsp -- 0xc0 bytes for locals -- rbp
struct state* s = arg_state; // -0xb8(rsp)
int len; // -0xa8(rsp)
char* p1; // -0xa0(rsp)
char* p2; // -0x98(rsp)
char buf[0x80]; // -0x90(rsp)
memset(buf, 0, 0x80);
send_(s->sock, "Please send password for user ");
send_(s->sock, s->username);
send_(s->sock, "\n");
p1 = p2 = recv_(s->sock);
len = strlen(p1);
for(i=0; (*p1 != ' ') && (i < len-1); i++) {
buf[i] = *p1++;
}
if(*p1 == ' ') { p1++; }
if(strncasecmp("PASS", buf, 4)) {
send_(s->sock, "login with USER PASS.\n");
return;
}
s->password = p1;
hash_password(s->password);
if(!strncmp(s->username, "blankwall", 9) && hash_password(s->password) == 0xd386d209) {
send_(s->sock, "logged in.\n");
return;
// 0x00401780: movl $0x66, 0x202c7e(%rip) // this pokes a global, but I don't know which/where it's used
} else {
send_(s->sock, "Invalid login credentials.\n");
}
}
int main() {
const char password1[] = "root";
const char password2[] = "long password test";
const char password3[] = "saf789yasfbsd89f";
ulong result[2];
char scrm[9]; // SCRAMBLE_LENGTH_323+1
struct rand_struct rand_st;
int i;
// test hash_password
hash_password((ulong*)result, password1, strlen(password1));
printf("hash_password(\"%s\") = %08x%08x\n", password1, result[0], result[1]);
hash_password((ulong*)result, password2, strlen(password2));
printf("hash_password(\"%s\") = %08x%08x\n", password2, result[0], result[1]);
hash_password((ulong*)result, password3, strlen(password3));
printf("hash_password(\"%s\") = %08x%08x\n", password3, result[0], result[1]);
// test randominit
randominit(&rand_st, 0, 0);
printf("randominit(0x00000000,0x00000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
randominit(&rand_st, 0xFFFF, 0xFFFF);
printf("randominit(0x0000FFFF,0x0000FFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
randominit(&rand_st, 0x50000000, 0x50000000);
printf("randominit(0x50000000,0x50000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
randominit(&rand_st, 0xFFFFFFFF, 0xFFFFFFFF);
printf("randominit(0xFFFFFFFF,0xFFFFFFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
// test my_rnd
randominit(&rand_st, 3252345, 7149734);
printf("randominit(3252345, 7149734) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
for (i=0; i<10; i++){
printf("my_rnd() : %.16f\n", my_rnd(&rand_st));
}
// test scramble_323
scramble_323(scrm, "8bytesofstuff", "root");
printf("scramble323(8bytesofstuff, root): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]);
scramble_323(scrm, "e8cf00cec9ec825af22", "saf789yasfbsd");
printf("scramble323(e8cf00cec9ec825af22, saf789yasfbsd): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]);
return 23;
}
bool MainWindow::CheckPass()
{
if( UserName->text().isEmpty() || PassWord->text().isEmpty() )
{
return false;
}
string user = UserName->text().toStdString();
string password = PassWord->text().toStdString();
LoginUser = NULL;
u = ds.getUser();
for (unsigned int i = 0; i < u.size(); ++i)
{
// cout << u[i]->getName() << " password: " << u[i]->getEncry()<<endl;
if ( u[i]->getName() == user )
{
LoginUser = u[i];
// cout << login->getName() <<endl;
break;
}
}
if ( LoginUser )
{
int Pass_w = hash_password( password );
if ( Pass_w == LoginUser->getEncry() )
{
return true;
}
}
return false;
}
void myp_encrypt_pass_323( const char *password, const char seed[SEED_LENGTH_323], char to[SEED_LENGTH_323] ) {
rand_ctx r;
unsigned long hash_pass[2], hash_seed[2];
char extra, *to_start = to;
const char *seed_end = seed + SEED_LENGTH_323;
hash_password(hash_pass,password,(unsigned int)strlen(password));
hash_password(hash_seed,seed,SEED_LENGTH_323);
random_init(&r,hash_pass[0] ^ hash_seed[0],hash_pass[1] ^ hash_seed[1]);
while( seed < seed_end ) {
*to++ = (char)(floor(myp_rnd(&r)*31)+64);
seed++;
}
extra= (char)(floor(myp_rnd(&r)*31));
while( to_start != to )
*(to_start++) ^= extra;
}
my_bool
check_scramble_323(const char *scrambled, const char *message,
ulong *hash_pass)
{
struct rand_struct rand_st;
ulong hash_message[2];
char buff[16],*to,extra; /* Big enough for check */
const char *pos;
hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
to=buff;
DBUG_ASSERT(sizeof(buff) > SCRAMBLE_LENGTH_323);
for (pos=scrambled ; *pos && to < buff+sizeof(buff) ; pos++)
*to++=(char) (floor(my_rnd(&rand_st)*31)+64);
if (pos-scrambled != SCRAMBLE_LENGTH_323)
return 1;
extra=(char) (floor(my_rnd(&rand_st)*31));
to=buff;
while (*scrambled)
{
if (*scrambled++ != (char) (*to++ ^ extra))
return 1; /* Wrong password */
}
return 0;
}
my_bool check_scramble(const char *scrambled, const char *message,
ulong *hash_pass, my_bool old_ver)
{
struct rand_struct rand_st;
ulong hash_message[2];
char buff[16],*to,extra; /* Big enough for check */
const char *pos;
hash_password(hash_message,message);
if (old_ver)
old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
else
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
to=buff;
for (pos=scrambled ; *pos ; pos++)
*to++=(char) (floor(rnd(&rand_st)*31)+64);
if (old_ver)
extra=0;
else
extra=(char) (floor(rnd(&rand_st)*31));
to=buff;
while (*scrambled)
{
if (*scrambled++ != (char) (*to++ ^ extra))
return 1; /* Wrong password */
}
return 0;
}
void my_make_scrambled_password_323(char *to, const char *password,
size_t pass_len)
{
ulong hash_res[2];
hash_password(hash_res, password, (uint) pass_len);
sprintf(to, "%08lx%08lx", hash_res[0], hash_res[1]);
}
int
ccnet_user_manager_update_emailuser (CcnetUserManager *manager,
int id, const char* passwd,
int is_staff, int is_active)
{
CcnetDB* db = manager->priv->db;
char sql[512];
char hashed_passwd[41];
#ifdef HAVE_LDAP
if (!manager->use_ldap || is_staff) {
#endif
hash_password (passwd, hashed_passwd);
snprintf (sql, 512, "UPDATE EmailUser SET passwd='%s', is_staff='%d', "
"is_active='%d' WHERE id='%d'", hashed_passwd, is_staff,
is_active, id);
return ccnet_db_query (db, sql);
#ifdef HAVE_LDAP
}
#endif
return 0;
}
my_bool
check_scramble_323(const unsigned char *scrambled, const char *message,
ulong *hash_pass)
{
struct rand_struct rand_st;
ulong hash_message[2];
/* Big enough for checks. */
uchar buff[16], scrambled_buff[SCRAMBLE_LENGTH_323 + 1];
uchar *to, extra;
const uchar *pos;
/* Ensure that the scrambled message is null-terminated. */
memcpy(scrambled_buff, scrambled, SCRAMBLE_LENGTH_323);
scrambled_buff[SCRAMBLE_LENGTH_323]= '\0';
scrambled= scrambled_buff;
hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
to=buff;
DBUG_ASSERT(sizeof(buff) > SCRAMBLE_LENGTH_323);
for (pos=scrambled ; *pos && to < buff+sizeof(buff) ; pos++)
*to++=(char) (floor(my_rnd(&rand_st)*31)+64);
if (pos-scrambled != SCRAMBLE_LENGTH_323)
return 1;
extra=(char) (floor(my_rnd(&rand_st)*31));
to=buff;
while (*scrambled)
{
if (*scrambled++ != (uchar) (*to++ ^ extra))
return 1; /* Wrong password */
}
return 0;
}
int
ccnet_user_manager_add_emailuser (CcnetUserManager *manager,
const char *email,
const char *passwd,
int is_staff, int is_active)
{
CcnetDB *db = manager->priv->db;
gint64 now = get_current_time();
char sql[512];
char hashed_passwd[41];
#ifdef HAVE_LDAP
if (manager->use_ldap)
return 0;
#endif
hash_password (passwd, hashed_passwd);
snprintf (sql, 512, "INSERT INTO EmailUser(email, passwd, is_staff, "
"is_active, ctime) VALUES ('%s', '%s', '%d', '%d', "
"%"G_GINT64_FORMAT")", email, hashed_passwd, is_staff,
is_active, now);
return ccnet_db_query (db, sql);
}
int main(int argc, char **argv) {
if(argc < 4) {
help();
return -1;
}
void (*action)(FILE*, FILE*, unsigned char*);
if(strcmp(argv[1], "encrypt") == 0) {
action = &encrypt_file;
// You shouldn't be able to encrypt files you don't have permission to.
setegid(getgid());
} else if(strcmp(argv[1], "decrypt") == 0) {
action = &decrypt_file;
} else {
printf("%s is not a valid action.\n", argv[1]);
help();
return -2;
}
char* src_file_path = argv[2];
char* out_file_path = argv[3];
char* file_password = calloc(1, PASSWORD_LEN);
printf("-=- Welcome to CrudeCrypt 0.1 Beta -=-\n");
FILE *src_file, *out_file;
if((src_file = fopen(src_file_path, "rb")) == NULL) {
printf("Could not open input file: %s\n", src_file_path);
return -3;
}
if((out_file = fopen(out_file_path, "wb")) == NULL) {
printf("Could not open output file: %s\n", out_file_path);
fclose(src_file); // Make sure to close the input file
return -3;
}
printf("-> File password: "******"\n");
unsigned char digest[16];
hash_password(digest, file_password);
action(src_file, out_file, digest);
free(file_password);
fclose(src_file);
fclose(out_file);
return 0;
}
local void Set(const char *name, const char *pwd)
{
unsigned char hash[HASHLEN];
char work[NAMELEN+PWLEN];
hash_password(name, pwd, hash, work);
persist->PutGeneric(
KEY_PWCACHE,
work, NAMELEN,
hash, HASHLEN,
NULL, NULL);
}
int main() {
FILE *enc = fopen("crack.enc","w");
printf("password > ");
char pw[16];
fgets(pw, 16, stdin);
unsigned char digest[16];
hash_password(digest, pw);
encrypt_file(file, sizeof(file), enc, digest);
}
void scramble_323(char *to, const char *message, const char *password)
{
struct rand_struct rand_st;
ulong hash_pass[2], hash_message[2];
if (password && password[0])
{
char extra, *to_start=to;
const char *message_end= message + SCRAMBLE_LENGTH_323;
hash_password(hash_pass,password, (uint) strlen(password));
hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
for (; message < message_end; message++)
*to++= (char) (floor(my_rnd(&rand_st)*31)+64);
extra=(char) (floor(my_rnd(&rand_st)*31));
while (to_start != to)
*(to_start++)^=extra;
}
*to= 0;
}
local void Check(const char *name, const char *pwd,
void (*done)(void *clos, int success), void *clos)
{
char work[NAMELEN+PWLEN];
check_state_t *st = amalloc(sizeof(*st));
st->done = done;
st->clos = clos;
hash_password(name, pwd, st->given, work);
persist->GetGeneric(
KEY_PWCACHE,
work, NAMELEN,
st->expected, HASHLEN,
check_done, st);
}
int
ccnet_user_manager_validate_emailuser (CcnetUserManager *manager,
const char *email,
const char *passwd)
{
CcnetDB *db = manager->priv->db;
char sql[512];
char hashed_passwd[41];
hash_password (passwd, hashed_passwd);
#ifdef HAVE_LDAP
if (manager->use_ldap) {
CcnetEmailUser *emailuser;
snprintf (sql, sizeof(sql),
"SELECT id, email, is_staff, is_active, ctime"
" FROM EmailUser WHERE email='%s' AND passwd='%s'",
email, hashed_passwd);
if (ccnet_db_foreach_selected_row (db, sql,
get_emailuser_cb, &emailuser) > 0)
{
if (ccnet_email_user_get_is_staff(emailuser)) {
g_object_unref (emailuser);
return 0;
}
g_object_unref (emailuser);
}
return ldap_verify_user_password (manager, email, passwd);
}
#endif
snprintf (sql, 512, "SELECT email FROM EmailUser WHERE email='%s' AND "
"passwd='%s'", email, hashed_passwd);
if (ccnet_db_check_for_existence (db, sql))
return 0;
return -1;
}
int
ccnet_user_manager_add_emailuser (CcnetUserManager *manager,
const char *email,
const char *passwd,
int is_staff, int is_active)
{
CcnetDB *db = manager->priv->db;
gint64 now = get_current_time();
char sql[512];
char hashed_passwd[41];
int ret;
#ifdef HAVE_LDAP
if (manager->use_ldap)
return 0;
#endif
if (manager->priv->max_users &&
manager->priv->cur_users >= manager->priv->max_users) {
ccnet_warning ("User number exceeds limit. Users %d, limit %d.\n",
manager->priv->cur_users, manager->priv->max_users);
return -1;
}
hash_password (passwd, hashed_passwd);
snprintf (sql, 512, "INSERT INTO EmailUser(email, passwd, is_staff, "
"is_active, ctime) VALUES ('%s', '%s', '%d', '%d', "
"%"G_GINT64_FORMAT")", email, hashed_passwd, is_staff,
is_active, now);
ret = ccnet_db_query (db, sql);
if (ret < 0)
return ret;
manager->priv->cur_users ++;
return 0;
}
static gboolean
validate_passwd (const char *passwd, const char *stored_passwd,
gboolean *need_upgrade)
{
char hashed_passwd[SHA256_DIGEST_LENGTH * 2 + 1];
int hash_len = strlen(stored_passwd);
*need_upgrade = FALSE;
if (hash_len == SHA256_DIGEST_LENGTH * 2) {
hash_password_salted (passwd, hashed_passwd);
*need_upgrade = TRUE;
} else if (hash_len == SHA_DIGEST_LENGTH * 2) {
hash_password (passwd, hashed_passwd);
*need_upgrade = TRUE;
} else {
return validate_passwd_pbkdf2_sha256 (passwd, stored_passwd);
}
if (strcmp (hashed_passwd, stored_passwd) == 0)
return TRUE;
else
return FALSE;
}
void make_scrambled_password_323(char *to, const char *password)
{
ulong hash_res[2];
hash_password(hash_res, password, (uint) strlen(password));
sprintf(to, "%08lx%08lx", hash_res[0], hash_res[1]);
}
void handle(int s) {
alarm(120);
// Let's handle the socket like a normal terminal or so. Makes the code much
// nicer. :)
if (dup2(s, 0)==-1 || dup2(s, 1)==-1) exit(1);
setbuf(stdout, NULL);
char password_salt[32];
char password_hash[6];
int hashfd = open("correct_hash", O_RDONLY);
if (read(hashfd, password_salt, 32) != 32 || read(hashfd, password_hash, 6) != 6) {
fputs("unable to read password hash\n", stderr);
exit(1);
}
close(hashfd);
bool logged_in = false;
while (1) {
// read and parse line
char line[50];
if (fgets(line, sizeof(line), stdin) == NULL) return;
rtrim(line);
char *cmd = line;
char *space = strchr(line, ' ');
if (space != NULL) *space = '\0';
char *arg = (space != NULL) ? (space + 1) : NULL;
// handle command
if (strcmp(cmd, "version") == 0) {
puts("This is the password-protected flag storage service, version 2.0. Now featuring a cool password login!");
} else if (strcmp(cmd, "getflag") == 0) {
if (logged_in) {
puts("Okay, sure! Let me grab that flag for you.");
system("cat flag");
fputs("someone just grabbed the flag! :)\n", stderr);
} else {
puts("Hmmmm? You ask for the flag, but you haven't logged in? Please log in first. Sorry for the hassle, but there are evil hackers around, we need to be careful with who we let into the system.");
}
} else if (strcmp(cmd, "login") == 0) {
if (arg == NULL) {
puts("Uh, sorry, logging in requires a password.");
continue;
}
char input_hash[6];
hash_password(input_hash, password_salt, arg);
// check the hash in a timing-safe way: xor it together with the expected hash,
// then check whether the result is all zeroes in a timing-safe way.
xor(password_hash, input_hash, 6);
if (test_zero_timingsafe(password_hash, 6)) {
logged_in = true;
puts("Login successful");
} else {
printf("Whoops, that didn't work out. You probably mistyped your password, so you should try again. In case you want to debug the problem, here's the difference between the correct hash and the hash of what you entered: ");
for (int i=0; i<6; i++) printf("%02hhx", password_hash[i]);
puts("");
}
} else if (strcmp(cmd, "quit") == 0) {
return;
} else {
puts("Sorry, I don't know that command. Valid commands:");
puts(" version - prints the version of the server. very useful for maintenance purposes and stuff.");
puts(" getflag - prints the flag. only available after password login in version 2.0 to make hacker attacks harder.");
puts(" login (new in 2.0!) - logs you in so you can use \"getflag\"");
puts(" quit - close the connection");
puts("By the way, my source code is available!");
}
}
}
