1 /*
2 * This file is part of John the Ripper password cracker,
3 * based on rawSHA256_fmt.c code
4 *
5 * This software is Copyright (c) 2012 magnum, and it is hereby released to the
6 * general public under the following terms: Redistribution and use in source
7 * and binary forms, with or without modification, are permitted.
8 *
9 * The DragonFly BSD 2.10.1-REL crypt-sha2 hashes are seriously broken. See
10 * http://www.openwall.com/lists/john-dev/2012/01/16/1
11 *
12 */
13
14 #if FMT_EXTERNS_H
15 extern struct fmt_main fmt_dragonfly3_32;
16 extern struct fmt_main fmt_dragonfly3_64;
17 #elif FMT_REGISTERS_H
18 john_register_one(&fmt_dragonfly3_32);
19 john_register_one(&fmt_dragonfly3_64);
20 #else
21
22 #include <string.h>
23
24 #ifdef _OPENMP
25 #include <omp.h>
26 #endif
27
28 #include "arch.h"
29 #include "params.h"
30 #include "common.h"
31 #include "formats.h"
32 #include "sha2.h"
33
34 #define FORMAT_LABEL_32 "dragonfly3-32"
35 #define FORMAT_LABEL_64 "dragonfly3-64"
36 #define FORMAT_NAME_32 "DragonFly BSD $3$ w/ bug, 32-bit"
37 #define FORMAT_NAME_64 "DragonFly BSD $3$ w/ bug, 64-bit"
38 #define ALGORITHM_NAME "SHA256 32/" ARCH_BITS_STR SHA2_LIB
39 #define FORMAT_TAG "$3$"
40 #define FORMAT_TAG_LEN (sizeof(FORMAT_TAG)-1)
41
42 #define BENCHMARK_COMMENT ""
43 #define BENCHMARK_LENGTH 7
44
45 #define PLAINTEXT_LENGTH 125
46 #define CIPHERTEXT_LENGTH 44
47
48 #define BINARY_SIZE 32
49 #define BINARY_ALIGN 4
50 #define SALT_SIZE_32 (1+4+8) // 1st char is length
51 #define SALT_SIZE_64 (1+8+8)
52 #define SALT_ALIGN 1
53
54 #define MIN_KEYS_PER_CRYPT 1
55 #define MAX_KEYS_PER_CRYPT 64
56
57 #ifndef OMP_SCALE
58 #define OMP_SCALE 4 // Tuned w/ MKPC for core i7
59 #endif
60
61 static struct fmt_tests tests_32[] = {
62 {"$3$z$EBG66iBCGfUfENOfqLUH/r9xQxI1cG373/hRop6j.oWs", "magnum"},
63 {"$3$f6daU5$Xf/u8pKp.sb4VCLKz7tTZMUKJ3J4oOfZgUSHYOFL.M0n", ""},
64 {"$3$PNPA2tJ$ppD4bXqPMYFVdYVYrxXGMWeYB6Xv8e6jmXbvrB5V.okl", "password"},
65 {"$3$jWhDSrS$bad..Dy7UAyabPyfrEi3fgQ2qtT.5fE7C5EMNo/n.Qk5", "John the Ripper"},
66 {"$3$SSYEHO$hkuDmUQHT2Tr0.ai.lUVyb9bCC875Up.CZVa6UJZ.Muv", "DragonFly BSD"},
67 {"$3$pomO$a2ltqo.LlUSt1DG68sv2FZOdLcul0gYQ3xmn6z0G.I6Y", "123"},
68 {"$3$F$8Asqp58WwQ3WDMhaR3yQMSJGdCtpBqckemkCSNnJ.gRr", "12345678"},
69 {NULL}
70 };
71
72 static struct fmt_tests tests_64[] = {
73 {"$3$z$sNV7KLtLxvJRsj2MfBtGZFuzXP3CECITaFq/rvsy.Y.Q", "magnum"},
74 {"$3$f6daU5$eV2SX9vUHTMsoy3Ic7cWiQ4mOxyuyenGjYQWkJmy.AF3", ""},
75 {"$3$PNPA2tJ$GvXjg6zSge3YDh5I35JlYZHoQS2r0/.vn36fQzSY.A0d", "password"},
76 {"$3$jWhDSrS$5yBH7KFPmsg.PhPeDMj1MY4fv9061zdbYumPe2Ve.Y5J", "John the Ripper"},
77 {"$3$SSYEHO$AMYLyanRYs8F2U07FsBrSFuOIygJ4kgqvpBB17BI.61N", "DragonFly BSD"},
78 {"$3$e$TzMK1ePmjnZI/YbGes/1PAKqbj8aOV31Hf8Tz9es.kkq", "123"},
79 {"$3$XcMa$idKoaBQXdRlhfJFDjnV0jDryW/nEBAGXONyzJvnH.cR3", "12345678"},
80 {NULL}
81 };
82
83 static int (*saved_len);
84 static char (*saved_key)[PLAINTEXT_LENGTH + 1];
85 static uint32_t (*crypt_out)
86 [(BINARY_SIZE + sizeof(uint32_t) - 1) / sizeof(uint32_t)];
87 static char *cur_salt;
88 static int salt_len;
89
init(struct fmt_main * self)90 static void init(struct fmt_main *self)
91 {
92 omp_autotune(self, OMP_SCALE);
93
94 saved_len = mem_calloc(self->params.max_keys_per_crypt,
95 sizeof(*saved_len));
96 saved_key = mem_calloc(self->params.max_keys_per_crypt,
97 sizeof(*saved_key));
98 crypt_out = mem_calloc(self->params.max_keys_per_crypt,
99 sizeof(*crypt_out));
100 }
101
done(void)102 static void done(void)
103 {
104 MEM_FREE(crypt_out);
105 MEM_FREE(saved_key);
106 MEM_FREE(saved_len);
107 }
108
valid(char * ciphertext,struct fmt_main * self)109 static int valid(char *ciphertext, struct fmt_main *self)
110 {
111 char *pos, *start;
112
113 if (strncmp(ciphertext, FORMAT_TAG, FORMAT_TAG_LEN))
114 return 0;
115
116 ciphertext += FORMAT_TAG_LEN;
117
118 for (pos = ciphertext; *pos && *pos != '$'; pos++);
119 if (!*pos || pos < ciphertext || pos > &ciphertext[8]) return 0;
120
121 start = ++pos;
122 while (atoi64[ARCH_INDEX(*pos)] != 0x7F) pos++;
123 if (*pos || pos - start != CIPHERTEXT_LENGTH) return 0;
124
125 return 1;
126 }
127
128 #define TO_BINARY(b1, b2, b3) \
129 value = (uint32_t)atoi64[ARCH_INDEX(pos[0])] | \
130 ((uint32_t)atoi64[ARCH_INDEX(pos[1])] << 6) | \
131 ((uint32_t)atoi64[ARCH_INDEX(pos[2])] << 12) | \
132 ((uint32_t)atoi64[ARCH_INDEX(pos[3])] << 18); \
133 pos += 4; \
134 out[b1] = value >> 16; \
135 out[b2] = value >> 8; \
136 out[b3] = value;
137
get_binary(char * ciphertext)138 static void *get_binary(char *ciphertext)
139 {
140 static uint32_t outbuf[BINARY_SIZE/4];
141 uint32_t value;
142 char *pos;
143 unsigned char *out = (unsigned char*)outbuf;
144 int i;
145
146 pos = strrchr(ciphertext, '$') + 1;
147
148 for (i = 0; i < 10; i++) {
149 TO_BINARY(i, i + 11, i + 21);
150 }
151 value = (uint32_t)atoi64[ARCH_INDEX(pos[0])] |
152 ((uint32_t)atoi64[ARCH_INDEX(pos[1])] << 6) |
153 ((uint32_t)atoi64[ARCH_INDEX(pos[2])] << 12) |
154 ((uint32_t)atoi64[ARCH_INDEX(pos[3])] << 18);
155 out[10] = value >> 16;
156 out[31] = value >> 8;
157
158 return (void *)out;
159 }
160
161 #define COMMON_GET_HASH_VAR crypt_out
162 #include "common-get-hash.h"
163
set_key(char * key,int index)164 static void set_key(char *key, int index)
165 {
166 saved_len[index] = strnzcpyn(saved_key[index], key, sizeof(*saved_key));
167 }
168
get_key(int index)169 static char *get_key(int index)
170 {
171 saved_key[index][saved_len[index]] = 0;
172 return saved_key[index];
173 }
174
crypt_all(int * pcount,struct db_salt * salt)175 static int crypt_all(int *pcount, struct db_salt *salt)
176 {
177 const int count = *pcount;
178 int index;
179 #ifdef _OPENMP
180 #pragma omp parallel for
181 #endif
182 for (index = 0; index < count; index++) {
183 SHA256_CTX ctx;
184
185 SHA256_Init(&ctx);
186
187 /* First the password */
188 SHA256_Update(&ctx, saved_key[index], saved_len[index]);
189
190 /* Then the salt, including the $3$ magic */
191 SHA256_Update(&ctx, cur_salt, salt_len);
192
193 SHA256_Final((unsigned char*)crypt_out[index], &ctx);
194 }
195
196 return count;
197 }
198
set_salt(void * salt)199 static void set_salt(void *salt)
200 {
201 salt_len = (int)*(char*)salt;
202 cur_salt = (char*)salt + 1;
203 }
204
205 // For 32-bit version of the bug, our magic is "$3$\0" len 4
get_salt_32(char * ciphertext)206 static void *get_salt_32(char *ciphertext)
207 {
208 static char *out;
209 int len;
210
211 if (!out) out = mem_alloc_tiny(SALT_SIZE_32, MEM_ALIGN_WORD);
212
213 memset(out, 0, SALT_SIZE_32);
214 ciphertext += FORMAT_TAG_LEN;
215 strcpy(&out[1], FORMAT_TAG);
216 for (len = 0; ciphertext[len] != '$'; len++);
217
218 memcpy(&out[5], ciphertext, len);
219 out[0] = len + 4;
220
221 return out;
222 }
223
224 // For 64-bit version of the bug, our magic is "$3$\0sha5" len 8
get_salt_64(char * ciphertext)225 static void *get_salt_64(char *ciphertext)
226 {
227 static char *out;
228 int len;
229
230 if (!out) out = mem_alloc_tiny(SALT_SIZE_64, MEM_ALIGN_WORD);
231
232 memset(out, 0, SALT_SIZE_64);
233 ciphertext += FORMAT_TAG_LEN;
234 memcpy(&out[1], "$3$\0sha5", 8);
235 for (len = 0; ciphertext[len] != '$'; len++);
236
237 memcpy(&out[9], ciphertext, len);
238 out[0] = len + 8;
239
240 return out;
241 }
242
cmp_all(void * binary,int count)243 static int cmp_all(void *binary, int count)
244 {
245 int index;
246
247 for (index = 0; index < count; index++)
248 if (!memcmp(binary, crypt_out[index], ARCH_SIZE))
249 return 1;
250 return 0;
251 }
252
cmp_one(void * binary,int index)253 static int cmp_one(void *binary, int index)
254 {
255 return !memcmp(binary, crypt_out[index], BINARY_SIZE);
256 }
257
cmp_exact(char * source,int index)258 static int cmp_exact(char *source, int index)
259 {
260 return 1;
261 }
262
263 // Public domain hash function by DJ Bernstein
salt_hash(void * salt)264 static int salt_hash(void *salt)
265 {
266 unsigned char *s = (unsigned char*)salt + 1;
267 unsigned int hash = 5381;
268 unsigned int i;
269
270 for (i = 0; i < *(unsigned char*)salt; i++)
271 hash = ((hash << 5) + hash) ^ s[i];
272
273 return hash & (SALT_HASH_SIZE - 1);
274 }
275
276 struct fmt_main fmt_dragonfly3_32 = {
277 {
278 FORMAT_LABEL_32,
279 FORMAT_NAME_32,
280 ALGORITHM_NAME,
281 BENCHMARK_COMMENT,
282 BENCHMARK_LENGTH,
283 0,
284 PLAINTEXT_LENGTH,
285 BINARY_SIZE,
286 BINARY_ALIGN,
287 SALT_SIZE_32,
288 SALT_ALIGN,
289 MIN_KEYS_PER_CRYPT,
290 MAX_KEYS_PER_CRYPT,
291 FMT_CASE | FMT_8_BIT | FMT_OMP | FMT_OMP_BAD,
292 { NULL },
293 { FORMAT_TAG },
294 tests_32
295 }, {
296 init,
297 done,
298 fmt_default_reset,
299 fmt_default_prepare,
300 valid,
301 fmt_default_split,
302 get_binary,
303 get_salt_32,
304 { NULL },
305 fmt_default_source,
306 {
307 fmt_default_binary_hash_0,
308 fmt_default_binary_hash_1,
309 fmt_default_binary_hash_2,
310 fmt_default_binary_hash_3,
311 fmt_default_binary_hash_4,
312 fmt_default_binary_hash_5,
313 fmt_default_binary_hash_6
314 },
315 salt_hash,
316 NULL,
317 set_salt,
318 set_key,
319 get_key,
320 fmt_default_clear_keys,
321 crypt_all,
322 {
323 #define COMMON_GET_HASH_LINK
324 #include "common-get-hash.h"
325 },
326 cmp_all,
327 cmp_one,
328 cmp_exact
329 }
330 };
331
332 struct fmt_main fmt_dragonfly3_64 = {
333 {
334 FORMAT_LABEL_64,
335 FORMAT_NAME_64,
336 ALGORITHM_NAME,
337 BENCHMARK_COMMENT,
338 BENCHMARK_LENGTH,
339 0,
340 PLAINTEXT_LENGTH,
341 BINARY_SIZE,
342 BINARY_ALIGN,
343 SALT_SIZE_64,
344 SALT_ALIGN,
345 MIN_KEYS_PER_CRYPT,
346 MAX_KEYS_PER_CRYPT,
347 FMT_CASE | FMT_8_BIT | FMT_OMP | FMT_OMP_BAD,
348 { NULL },
349 { NULL },
350 tests_64
351 }, {
352 init,
353 done,
354 fmt_default_reset,
355 fmt_default_prepare,
356 valid,
357 fmt_default_split,
358 get_binary,
359 get_salt_64,
360 { NULL },
361 fmt_default_source,
362 {
363 fmt_default_binary_hash_0,
364 fmt_default_binary_hash_1,
365 fmt_default_binary_hash_2,
366 fmt_default_binary_hash_3,
367 fmt_default_binary_hash_4,
368 fmt_default_binary_hash_5,
369 fmt_default_binary_hash_6
370 },
371 salt_hash,
372 NULL,
373 set_salt,
374 set_key,
375 get_key,
376 fmt_default_clear_keys,
377 crypt_all,
378 {
379 #define COMMON_GET_HASH_LINK
380 #include "common-get-hash.h"
381 },
382 cmp_all,
383 cmp_one,
384 cmp_exact
385 }
386 };
387
388 #endif /* plugin stanza */
389