(C)

[freerainbowtables] / Client Applications / rcracki_mt / HashAlgorithm.cpp

/*\r
 * rcracki_mt is a multithreaded implementation and fork of the original \r
 * RainbowCrack\r
 *\r
 * Copyright (C) Zhu Shuanglei <shuanglei@hotmail.com>\r
 * Copyright 2009, 2010, 2011 Martin Westergaard Jørgensen <martinwj2005@gmail.com>\r
 * Copyright 2009, 2010 Daniël Niggebrugge <niggebrugge@fox-it.com>\r
 * Copyright 2009, 2010, 2011 James Nobis <frt@quelrod.net>\r
 *\r
 * This file is part of rcracki_mt.\r
 *\r
 * rcracki_mt is free software: you can redistribute it and/or modify\r
 * it under the terms of the GNU General Public License as published by\r
 * the Free Software Foundation, either version 2 of the License, or\r
 * (at your option) any later version.\r
 *\r
 * rcracki_mt is distributed in the hope that it will be useful,\r
 * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\r
 * GNU General Public License for more details.\r
 *\r
 * You should have received a copy of the GNU General Public License\r
 * along with rcracki_mt.  If not, see <http://www.gnu.org/licenses/>.\r
 *\r
 * Changes: not using OpenSSL routines the slow way anymore, as suggested by jci.\r
 */\r
\r
#include "HashAlgorithm.h"\r
\r
#include "Public.h"\r
\r
#include <openssl/des.h>\r
//#include <openssl/md2.h>\r
#include <openssl/md4.h>\r
#include <openssl/sha.h>\r
//#include <openssl/ripemd.h>\r
#include "fast_md5.h"\r
#include "md4.h"\r
//#include "sha1.h"\r
#if defined(_WIN32) && !defined(__GNUC__)\r
        #pragma comment(lib, "libeay32.lib")\r
#endif\r
\r
#ifdef __NetBSD__\r
        #include <des.h>\r
#endif\r
\r
#define MSCACHE_HASH_SIZE 16\r
void setup_des_key(unsigned char key_56[], des_key_schedule &ks)\r
{\r
        des_cblock key;\r
\r
        key[0] = key_56[0];\r
        key[1] = (key_56[0] << 7) | (key_56[1] >> 1);\r
        key[2] = (key_56[1] << 6) | (key_56[2] >> 2);\r
        key[3] = (key_56[2] << 5) | (key_56[3] >> 3);\r
        key[4] = (key_56[3] << 4) | (key_56[4] >> 4);\r
        key[5] = (key_56[4] << 3) | (key_56[5] >> 5);\r
        key[6] = (key_56[5] << 2) | (key_56[6] >> 6);\r
        key[7] = (key_56[6] << 1);\r
\r
        //des_set_odd_parity(&key);\r
        des_set_key(&key, ks);\r
}\r
\r
void HashLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        /*\r
        unsigned char data[7] = {0};\r
        memcpy(data, pPlain, nPlainLen > 7 ? 7 : nPlainLen);\r
        */\r
\r
        int i;\r
        for (i = nPlainLen; i < 7; i++)\r
                pPlain[i] = 0;\r
\r
        static unsigned char magic[] = {0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};\r
        des_key_schedule ks;\r
        //setup_des_key(data, ks);\r
        setup_des_key(pPlain, ks);\r
        des_ecb_encrypt((des_cblock*)magic, (des_cblock*)pHash, ks, DES_ENCRYPT);\r
}\r
\r
void HashLMCHALL(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        unsigned char pass[14];\r
        unsigned char pre_lmresp[21];\r
        static unsigned char magic[] = {0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};\r
        static unsigned char spoofed_challange[] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; \r
        des_key_schedule ks;\r
\r
        memset (pass,0,sizeof(pass));\r
        memset (pre_lmresp,0,sizeof(pre_lmresp));\r
\r
        memcpy (pass,pPlain, nPlainLen);\r
\r
        setup_des_key(pass, ks);\r
        des_ecb_encrypt((des_cblock*)magic, (des_cblock*)pre_lmresp, ks, DES_ENCRYPT);\r
\r
        setup_des_key(&pass[7], ks);\r
        des_ecb_encrypt((des_cblock*)magic, (des_cblock*)&pre_lmresp[8], ks, DES_ENCRYPT);\r
\r
        setup_des_key(pre_lmresp, ks);\r
        des_ecb_encrypt((des_cblock*)spoofed_challange, (des_cblock*)pHash, ks, DES_ENCRYPT);\r
\r
        setup_des_key(&pre_lmresp[7], ks);\r
        des_ecb_encrypt((des_cblock*)spoofed_challange, (des_cblock*)&pHash[8], ks, DES_ENCRYPT);\r
\r
        setup_des_key(&pre_lmresp[14], ks);\r
        des_ecb_encrypt((des_cblock*)spoofed_challange, (des_cblock*)&pHash[16], ks, DES_ENCRYPT);\r
\r
} \r
\r
void HashHALFLMCHALL(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{       \r
        unsigned char pre_lmresp[8];\r
        static unsigned char magic[] = {0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};\r
        static unsigned char salt[] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88};\r
\r
        des_key_schedule ks;\r
        unsigned char plain[8] = {0};   \r
        memcpy(plain, pPlain, nPlainLen);\r
        setup_des_key(plain, ks);\r
        des_ecb_encrypt((des_cblock*)magic, (des_cblock*)pre_lmresp, ks, DES_ENCRYPT);\r
\r
        setup_des_key(pre_lmresp, ks);\r
        des_ecb_encrypt((des_cblock*)salt, (des_cblock*)pHash, ks, DES_ENCRYPT);\r
} \r
\r
\r
\r
void HashNTLMCHALL(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        unsigned char UnicodePlain[MAX_PLAIN_LEN];\r
        static unsigned char spoofed_challange[] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; \r
        \r
        int len = (nPlainLen < 127) ? nPlainLen : 127;\r
        int i;\r
        \r
        for (i = 0; i < len; i++)\r
        {\r
        UnicodePlain[i * 2] = pPlain[i];\r
        UnicodePlain[i * 2 + 1] = 0x00;\r
        }\r
        \r
        des_key_schedule ks;\r
        unsigned char lm[21];\r
        \r
        /*MD4_CTX ctx;\r
        MD4_Init(&ctx);\r
        MD4_Update(&ctx, UnicodePlain, len * 2);\r
        MD4_Final(lm, &ctx);  */\r
        MD4_NEW(UnicodePlain, len * 2, lm);\r
        \r
        //MD4(UnicodePlain, len * 2, lm);\r
        lm[16] = lm[17] = lm[18] = lm[19] = lm[20] = 0;\r
        \r
        setup_des_key(lm, ks);\r
        des_ecb_encrypt((des_cblock*)spoofed_challange, (des_cblock*)pHash, ks, DES_ENCRYPT);\r
        \r
        setup_des_key(&lm[7], ks);\r
        des_ecb_encrypt((des_cblock*)spoofed_challange, (des_cblock*)&pHash[8], ks, DES_ENCRYPT);\r
        \r
        setup_des_key(&lm[14], ks);\r
        des_ecb_encrypt((des_cblock*)spoofed_challange, (des_cblock*)&pHash[16], ks, DES_ENCRYPT);\r
}\r
\r
void HashORACLE(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        char ToEncrypt[256];\r
        char temp[256];\r
        char username[256];\r
\r
        DES_cblock iv,iv2;\r
        DES_key_schedule ks1,ks2;\r
        unsigned char deskey_fixed[]={ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};\r
        int i,j;\r
#if defined(_WIN32) && !defined(__GNUC__)\r
        strcpy_s(username, sizeof(username), "SYS");\r
#else\r
        strcpy(username, "SYS");\r
#endif\r
        int userlen = 3;\r
#if defined(_WIN32) && !defined(__GNUC__)\r
        _strupr((char*) pPlain);\r
#else\r
        strupr((char*) pPlain);\r
#endif\r
        memset (ToEncrypt,0,sizeof(ToEncrypt));\r
\r
        for (i=1,j=0; j<userlen; i++,j++)\r
        {\r
                ToEncrypt[i] = username[j];\r
                i++;\r
        }\r
\r
        for (j=0; j<nPlainLen; i++,j++)\r
        {\r
                ToEncrypt[i] = pPlain[j];\r
                i++;\r
        }\r
\r
        i=i-1;\r
        memset (iv,0,8);\r
        memset (iv2,0,8);\r
        DES_set_key((DES_cblock*) deskey_fixed, &ks1);\r
        DES_ncbc_encrypt((unsigned char*) ToEncrypt, (unsigned char*) temp, i, &ks1, &iv, DES_ENCRYPT);\r
        DES_set_key((DES_cblock*) &iv, &ks2);\r
        DES_ncbc_encrypt((unsigned char*) ToEncrypt, (unsigned char*) temp, i, &ks2, &iv2, DES_ENCRYPT);\r
        memcpy (pHash,iv2,8);\r
}\r
\r
void HashNTLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        unsigned char UnicodePlain[MAX_PLAIN_LEN * 2];\r
        int i;\r
        for (i = 0; i < nPlainLen; i++)\r
        {\r
                UnicodePlain[i * 2] = pPlain[i];\r
                UnicodePlain[i * 2 + 1] = 0x00;\r
        }\r
\r
        MD4_NEW(UnicodePlain, nPlainLen * 2, pHash);\r
}\r
\r
/*\r
void HashMD2(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        MD2_CTX ctx;\r
        MD2_Init(&ctx);\r
        MD2_Update(&ctx, pPlain, nPlainLen);\r
        MD2_Final(pHash, &ctx);\r
\r
        //MD2(pPlain, nPlainLen, pHash);\r
}\r
*/\r
\r
void HashMD4(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        MD4_NEW(pPlain, nPlainLen, pHash);\r
}\r
\r
void HashMD5(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        fast_MD5(pPlain, nPlainLen, pHash);\r
}\r
void HashDoubleMD5(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        fast_MD5(pPlain, nPlainLen, pHash);\r
        unsigned char hash[16];\r
        memcpy(hash, pHash, 16);\r
        fast_MD5(hash, 16, pHash);\r
}\r
\r
void HashSHA1(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        SHA_CTX ctx;\r
        SHA1_Init(&ctx);\r
        SHA1_Update(&ctx, (unsigned char *) pPlain, nPlainLen);\r
        SHA1_Final(pHash, &ctx);\r
}\r
\r
/*\r
void HashRIPEMD160(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        RIPEMD160_CTX ctx;\r
        RIPEMD160_Init(&ctx);\r
        RIPEMD160_Update(&ctx, pPlain, nPlainLen);\r
        RIPEMD160_Final(pHash, &ctx);  \r
\r
        //RIPEMD160(pPlain, nPlainLen, pHash);\r
}\r
*/\r
\r
void HashMSCACHE(unsigned char *pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        char unicode_pwd[256];\r
        char unicode_user[256];\r
        static unsigned char username[] = "administrator";\r
        static int userlen = 13;\r
        unsigned char   final1[MD4_DIGEST_LENGTH];\r
        MD4_CTX ctx;\r
        int i;\r
\r
//      strcpy (username, "administrator");\r
//      userlen = 13;\r
\r
        for (i=0; i<nPlainLen; i++)\r
        {\r
                unicode_pwd[i*2] = pPlain[i];\r
                unicode_pwd[i*2+1] = 0x00;\r
        }\r
\r
        for (i=0; i<userlen; i++)\r
        {\r
                unicode_user[i*2] = username[i];\r
                unicode_user[i*2+1] = 0x00;\r
        }\r
\r
        MD4_NEW( (unsigned char*)unicode_pwd, nPlainLen*2, final1 );\r
\r
        MD4_Init(&ctx);\r
        MD4_Update(&ctx,final1,MD4_DIGEST_LENGTH);\r
        MD4_Update(&ctx,(unsigned char*) unicode_user,userlen*2);\r
        MD4_Final(pHash,&ctx);\r
\r
        /*\r
        unsigned char unicode_pwd[256];\r
        for (int i=0; i<nPlainLen; i++)\r
        {\r
                unicode_pwd[i*2] = pPlain[i];\r
                unicode_pwd[i*2+1] = 0x00;\r
        }*/\r
        /*\r
        unsigned char *buf = (unsigned char*)calloc(MSCACHE_HASH_SIZE + nSaltLength, sizeof(unsigned char));    \r
        HashNTLM(pPlain, nPlainLen, buf, NULL);\r
        //MD4(unicode_pwd, nPlainLen*2, buf);\r
        memcpy(buf + MSCACHE_HASH_SIZE, pSalt, nSaltLength);\r
        MD4(buf, MSCACHE_HASH_SIZE + nSaltLength, pHash); \r
        free(buf);\r
        */\r
}\r
\r
//*********************************************************************************\r
// Code for MySQL password hashing\r
//*********************************************************************************\r
\r
inline void mysql_hash_password_323(unsigned long *result, const char *password) \r
{\r
        register unsigned long nr=1345345333L, add=7, nr2=0x12345671L;\r
        unsigned long tmp;\r
        for (; *password ; password++) \r
        {\r
                if (*password == ' ' || *password == '\t') continue;\r
                tmp= (unsigned long) (unsigned char) *password;\r
                nr^= (((nr & 63)+add)*tmp)+ (nr << 8);\r
                nr2+=(nr2 << 8) ^ nr;\r
                add+=tmp;\r
        }\r
        result[0]=nr & (((unsigned long) 1L << 31) -1L); /* Don't use sign bit (str2int) */;\r
        result[1]=nr2 & (((unsigned long) 1L << 31) -1L);\r
        return;\r
}\r
\r
void HashMySQL323(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        unsigned long hash_pass[2];     \r
        unsigned char* f = (unsigned char*) hash_pass;\r
\r
        unsigned char* pass = (unsigned char*) calloc (nPlainLen+4,sizeof(unsigned char));\r
        memcpy(pass,pPlain,nPlainLen);\r
\r
        mysql_hash_password_323(hash_pass, (char*) pass);\r
        pHash[0]=*(f+3); pHash[1]=*(f+2); pHash[2]=*(f+1); pHash[3]=*(f+0);\r
        pHash[4]=*(f+7); pHash[5]=*(f+6); pHash[6]=*(f+5); pHash[7]=*(f+4);\r
\r
        free (pass);\r
}\r
\r
void HashMySQLSHA1(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        unsigned char hash_stage1[SHA_DIGEST_LENGTH];\r
        SHA_CTX ctx;\r
\r
        SHA1_Init(&ctx);\r
        SHA1_Update(&ctx, (unsigned char *) pPlain, nPlainLen);\r
        SHA1_Final(hash_stage1, &ctx);\r
        SHA1_Init(&ctx);\r
        SHA1_Update(&ctx, hash_stage1, SHA_DIGEST_LENGTH);\r
        SHA1_Final(pHash, &ctx);\r
}\r
\r
//*********************************************************************************\r
// Code for PIX password hashing\r
//*********************************************************************************\r
static char itoa64[] =          /* 0 ... 63 => ascii - 64 */\r
        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";\r
\r
void _crypt_to64(char *s, unsigned long v, int n)\r
{\r
        while (--n >= 0) {\r
                *s++ = itoa64[v&0x3f];\r
                v >>= 6;\r
        }\r
}\r
\r
void HashPIX(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)\r
{\r
        char temp[MD5_DIGEST_LENGTH+1];\r
        unsigned char final[MD5_DIGEST_LENGTH];\r
        char* pass = (char*) calloc (nPlainLen+MD5_DIGEST_LENGTH,sizeof(char));\r
\r
        memcpy (pass,pPlain,nPlainLen);\r
\r
        fast_MD5((unsigned char *) pass, MD5_DIGEST_LENGTH, final);\r
\r
        char* p = (char*) temp;\r
        _crypt_to64(p,*(unsigned long*) (final+0),4); p += 4;\r
        _crypt_to64(p,*(unsigned long*) (final+4),4); p += 4;\r
        _crypt_to64(p,*(unsigned long*) (final+8),4); p += 4;\r
        _crypt_to64(p,*(unsigned long*) (final+12),4); p += 4;\r
        *p=0;\r
\r
        memcpy(pHash,temp,MD5_DIGEST_LENGTH);\r
\r
        free (pass);\r
}\r
\r
#if !defined(_WIN32) || defined(__GNUC__)\r
char *strupr(char *s1)\r
{\r
        char *p = s1;\r
        while(*p)\r
        {\r
                *p = (char) toupper(*p);\r
                p++;\r
        }\r
        return s1;\r
}\r
#endif\r