1 /**
2 * Author......: See docs/credits.txt
3 * License.....: MIT
4 */
5
6 #include "common.h"
7 #include "types.h"
8 #include "modules.h"
9 #include "bitops.h"
10 #include "convert.h"
11 #include "shared.h"
12 #include "memory.h"
13 #include "emu_inc_cipher_aes.h"
14 #include "cpu_crc32.h"
15 #include "ext_lzma.h"
16 #include "zlib.h"
17
18 static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
19 static const u32 DGST_POS0 = 0;
20 static const u32 DGST_POS1 = 1;
21 static const u32 DGST_POS2 = 2;
22 static const u32 DGST_POS3 = 3;
23 static const u32 DGST_SIZE = DGST_SIZE_4_4;
24 static const u32 HASH_CATEGORY = HASH_CATEGORY_ARCHIVE;
25 static const char *HASH_NAME = "7-Zip";
26 static const u64 KERN_TYPE = 11600;
27 static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE;
28 static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
29 | OPTS_TYPE_HOOK23;
30 static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
31 static const char *ST_PASS = "hashcat";
32 static const char *ST_HASH = "$7z$0$14$0$$11$33363437353138333138300000000000$2365089182$16$12$d00321533b483f54a523f624a5f63269";
33
module_attack_exec(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)34 u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
module_dgst_pos0(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)35 u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
module_dgst_pos1(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)36 u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
module_dgst_pos2(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)37 u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
module_dgst_pos3(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)38 u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
module_dgst_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)39 u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
module_hash_category(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)40 u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
module_hash_name(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)41 const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
module_kern_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)42 u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
module_opti_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)43 u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
module_opts_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)44 u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
module_salt_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)45 u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
module_st_hash(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)46 const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
module_st_pass(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)47 const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
48
49 typedef struct seven_zip_tmp
50 {
51 u32 h[8];
52
53 u32 w0[4];
54 u32 w1[4];
55 u32 w2[4];
56 u32 w3[4];
57
58 int len;
59
60 } seven_zip_tmp_t;
61
62 typedef struct seven_zip_hook
63 {
64 u32 ukey[8];
65
66 u32 hook_success;
67
68 } seven_zip_hook_t;
69
70 typedef struct seven_zip_hook_salt
71 {
72 u32 iv_buf[4];
73 u32 iv_len;
74
75 u32 salt_buf[4];
76 u32 salt_len;
77
78 u32 crc;
79 u32 crc_len;
80
81 u8 data_type;
82
83 u32 data_buf[0x200000];
84 u32 data_len;
85
86 u32 unpack_size;
87
88 char coder_attributes[5 + 1];
89 u8 coder_attributes_len;
90
91 int aes_len; // pre-computed length of the maximal (subset of) data we need for AES-CBC
92
93 } seven_zip_hook_salt_t;
94
95 typedef struct seven_zip_hook_extra
96 {
97 void **aes;
98 void **unp;
99
100 } seven_zip_hook_extra_t;
101
102 static const char *SIGNATURE_SEVEN_ZIP = "$7z$";
103
module_jit_build_options(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra,MAYBE_UNUSED const hashes_t * hashes,MAYBE_UNUSED const hc_device_param_t * device_param)104 char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param)
105 {
106 char *jit_build_options = NULL;
107
108 // Extra treatment for Apple systems
109 if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE)
110 {
111 return jit_build_options;
112 }
113
114 // HIP
115 if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD_USE_HIP)
116 {
117 hc_asprintf (&jit_build_options, "-D _unroll");
118 }
119
120 // ROCM
121 if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true))
122 {
123 hc_asprintf (&jit_build_options, "-D _unroll");
124 }
125
126 return jit_build_options;
127 }
128
module_hook_extra_param_init(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra,MAYBE_UNUSED const folder_config_t * folder_config,MAYBE_UNUSED const backend_ctx_t * backend_ctx,void * hook_extra_param)129 bool module_hook_extra_param_init (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const folder_config_t *folder_config, MAYBE_UNUSED const backend_ctx_t *backend_ctx, void *hook_extra_param)
130 {
131 seven_zip_hook_extra_t *seven_zip_hook_extra = (seven_zip_hook_extra_t *) hook_extra_param;
132
133 #define AESSIZE 8 * 1024 * 1024
134 #define UNPSIZE 9999999
135
136 seven_zip_hook_extra->aes = hccalloc (backend_ctx->backend_devices_cnt, sizeof (void *));
137
138 if (seven_zip_hook_extra->aes == NULL) return false;
139
140 seven_zip_hook_extra->unp = hccalloc (backend_ctx->backend_devices_cnt, sizeof (void *));
141
142 if (seven_zip_hook_extra->unp == NULL) return false;
143
144 for (int backend_devices_idx = 0; backend_devices_idx < backend_ctx->backend_devices_cnt; backend_devices_idx++)
145 {
146 hc_device_param_t *device_param = &backend_ctx->devices_param[backend_devices_idx];
147
148 if (device_param->skipped == true) continue;
149
150 seven_zip_hook_extra->aes[backend_devices_idx] = hcmalloc (AESSIZE);
151
152 if (seven_zip_hook_extra->aes[backend_devices_idx] == NULL) return false;
153
154 seven_zip_hook_extra->unp[backend_devices_idx] = hcmalloc (UNPSIZE);
155
156 if (seven_zip_hook_extra->unp[backend_devices_idx] == NULL) return false;
157 }
158
159 return true;
160 }
161
module_hook_extra_param_term(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra,MAYBE_UNUSED const folder_config_t * folder_config,MAYBE_UNUSED const backend_ctx_t * backend_ctx,void * hook_extra_param)162 bool module_hook_extra_param_term (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const folder_config_t *folder_config, MAYBE_UNUSED const backend_ctx_t *backend_ctx, void *hook_extra_param)
163 {
164 seven_zip_hook_extra_t *seven_zip_hook_extra = (seven_zip_hook_extra_t *) hook_extra_param;
165
166 for (int backend_devices_idx = 0; backend_devices_idx < backend_ctx->backend_devices_cnt; backend_devices_idx++)
167 {
168 hc_device_param_t *device_param = &backend_ctx->devices_param[backend_devices_idx];
169
170 if (device_param->skipped == true) continue;
171
172 hcfree (seven_zip_hook_extra->aes[backend_devices_idx]);
173 hcfree (seven_zip_hook_extra->unp[backend_devices_idx]);
174 }
175
176 hcfree (seven_zip_hook_extra->aes);
177 hcfree (seven_zip_hook_extra->unp);
178
179 return true;
180 }
181
module_hook23(hc_device_param_t * device_param,MAYBE_UNUSED const void * hook_extra_param,const void * hook_salts_buf,const u32 salt_pos,const u64 pw_pos)182 void module_hook23 (hc_device_param_t *device_param, MAYBE_UNUSED const void *hook_extra_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos)
183 {
184 seven_zip_hook_t *hook_items = (seven_zip_hook_t *) device_param->hooks_buf;
185
186 seven_zip_hook_salt_t *seven_zips = (seven_zip_hook_salt_t *) hook_salts_buf;
187 seven_zip_hook_salt_t *seven_zip = &seven_zips[salt_pos];
188
189 seven_zip_hook_extra_t *seven_zip_hook_extra = (seven_zip_hook_extra_t *) hook_extra_param;
190
191 u8 data_type = seven_zip->data_type;
192 u32 *data_buf = seven_zip->data_buf;
193 u32 unpack_size = seven_zip->unpack_size;
194
195 // this hook data needs to be updated (the "hook_success" variable):
196
197 seven_zip_hook_t *hook_item = &hook_items[pw_pos];
198
199 const u32 *ukey = (const u32 *) hook_item->ukey;
200
201 // init AES
202
203 AES_KEY aes_key;
204
205 memset (&aes_key, 0, sizeof (aes_key));
206
207 aes256_set_decrypt_key (aes_key.rdk, ukey, (u32 *) te0, (u32 *) te1, (u32 *) te2, (u32 *) te3, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3);
208
209 int aes_len = seven_zip->aes_len;
210
211 u32 data[4];
212 u32 out[4];
213 u32 iv[4];
214
215 iv[0] = seven_zip->iv_buf[0];
216 iv[1] = seven_zip->iv_buf[1];
217 iv[2] = seven_zip->iv_buf[2];
218 iv[3] = seven_zip->iv_buf[3];
219
220 u32 *out_full = (u32 *) seven_zip_hook_extra->aes[device_param->device_id];
221
222 // if aes_len > 16 we need to loop
223
224 int i = 0;
225 int j = 0;
226
227 for (i = 0, j = 0; i < aes_len - 16; i += 16, j += 4)
228 {
229 data[0] = data_buf[j + 0];
230 data[1] = data_buf[j + 1];
231 data[2] = data_buf[j + 2];
232 data[3] = data_buf[j + 3];
233
234 aes256_decrypt (aes_key.rdk, data, out, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3, (u32 *) td4);
235
236 out[0] ^= iv[0];
237 out[1] ^= iv[1];
238 out[2] ^= iv[2];
239 out[3] ^= iv[3];
240
241 iv[0] = data[0];
242 iv[1] = data[1];
243 iv[2] = data[2];
244 iv[3] = data[3];
245
246 out_full[j + 0] = out[0];
247 out_full[j + 1] = out[1];
248 out_full[j + 2] = out[2];
249 out_full[j + 3] = out[3];
250 }
251
252 // we need to run it at least once:
253
254 data[0] = data_buf[j + 0];
255 data[1] = data_buf[j + 1];
256 data[2] = data_buf[j + 2];
257 data[3] = data_buf[j + 3];
258
259 aes256_decrypt (aes_key.rdk, data, out, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3, (u32 *) td4);
260
261 out[0] ^= iv[0];
262 out[1] ^= iv[1];
263 out[2] ^= iv[2];
264 out[3] ^= iv[3];
265
266 out_full[j + 0] = out[0];
267 out_full[j + 1] = out[1];
268 out_full[j + 2] = out[2];
269 out_full[j + 3] = out[3];
270
271 /*
272 * check the CRC32 "hash"
273 */
274
275 u32 seven_zip_crc = seven_zip->crc;
276
277 u32 crc;
278
279 if (data_type == 0) // uncompressed
280 {
281 crc = cpu_crc32_buffer ((u8 *) out_full, unpack_size);
282 }
283 else
284 {
285 u32 crc_len = seven_zip->crc_len;
286
287 char *coder_attributes = seven_zip->coder_attributes;
288
289 // input buffers and length
290
291 u8 *compressed_data = (u8 *) out_full;
292
293 SizeT compressed_data_len = aes_len;
294
295 // output buffers and length
296
297 unsigned char *decompressed_data = (unsigned char *) seven_zip_hook_extra->unp[device_param->device_id];
298
299 SizeT decompressed_data_len = crc_len;
300
301 int ret;
302
303 if (data_type == 1) // LZMA1
304 {
305 ret = hc_lzma1_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes);
306 }
307 else if (data_type == 7) // inflate using zlib (DEFLATE compression)
308 {
309 ret = SZ_ERROR_DATA;
310
311 z_stream inf;
312
313 inf.zalloc = Z_NULL;
314 inf.zfree = Z_NULL;
315 inf.opaque = Z_NULL;
316
317 inf.avail_in = compressed_data_len;
318 inf.next_in = compressed_data;
319
320 inf.avail_out = decompressed_data_len;
321 inf.next_out = decompressed_data;
322
323 // inflate:
324
325 inflateInit2 (&inf, -MAX_WBITS);
326
327 int zlib_ret = inflate (&inf, Z_NO_FLUSH);
328
329 inflateEnd (&inf);
330
331 if ((zlib_ret == Z_OK) || (zlib_ret == Z_STREAM_END))
332 {
333 ret = SZ_OK;
334 }
335 }
336 else // we only support LZMA2 in addition to LZMA1
337 {
338 ret = hc_lzma2_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes);
339 }
340
341 if (ret != SZ_OK)
342 {
343 hook_item->hook_success = 0;
344
345 return;
346 }
347
348 crc = cpu_crc32_buffer (decompressed_data, crc_len);
349 }
350
351 if (crc == seven_zip_crc)
352 {
353 hook_item->hook_success = 1;
354 }
355 else
356 {
357 hook_item->hook_success = 0;
358 }
359 }
360
module_hook_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)361 u64 module_hook_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
362 {
363 const u64 hook_size = (const u64) sizeof (seven_zip_hook_t);
364
365 return hook_size;
366 }
367
module_hook_salt_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)368 u64 module_hook_salt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
369 {
370 const u64 hook_salt_size = (const u64) sizeof (seven_zip_hook_salt_t);
371
372 return hook_salt_size;
373 }
374
module_hook_extra_param_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)375 u64 module_hook_extra_param_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
376 {
377 const u64 hook_extra_param_size = (const u64) sizeof (seven_zip_hook_extra_t);
378
379 return hook_extra_param_size;
380 }
381
module_tmp_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)382 u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
383 {
384 const u64 tmp_size = (const u64) sizeof (seven_zip_tmp_t);
385
386 return tmp_size;
387 }
388
module_pw_max(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)389 u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
390 {
391 const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL);
392
393 u32 pw_max = PW_MAX;
394
395 if (optimized_kernel == true)
396 {
397 pw_max = 20;
398 }
399
400 return pw_max;
401 }
402
module_kernel_loops_min(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)403 u32 module_kernel_loops_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
404 {
405 const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL);
406
407 u32 kernel_loops_min = KERNEL_LOOPS_MIN;
408
409 if (optimized_kernel == true)
410 {
411 kernel_loops_min = 4096;
412 }
413
414 return kernel_loops_min;
415 }
416
module_kernel_loops_max(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)417 u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
418 {
419 const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL);
420
421 u32 kernel_loops_max = KERNEL_LOOPS_MAX;
422
423 if (optimized_kernel == true)
424 {
425 kernel_loops_max = 4096;
426 }
427
428 return kernel_loops_max;
429 }
430
module_hash_decode(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED void * digest_buf,MAYBE_UNUSED salt_t * salt,MAYBE_UNUSED void * esalt_buf,MAYBE_UNUSED void * hook_salt_buf,MAYBE_UNUSED hashinfo_t * hash_info,const char * line_buf,MAYBE_UNUSED const int line_len)431 int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
432 {
433 u32 *digest = (u32 *) digest_buf;
434
435 seven_zip_hook_salt_t *seven_zip = (seven_zip_hook_salt_t *) hook_salt_buf;
436
437 token_t token;
438
439 token.token_cnt = 11;
440
441 token.signatures_cnt = 1;
442 token.signatures_buf[0] = SIGNATURE_SEVEN_ZIP;
443
444 token.len[0] = 4;
445 token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
446 | TOKEN_ATTR_VERIFY_SIGNATURE;
447
448 token.sep[1] = '$';
449 token.len_min[1] = 1;
450 token.len_max[1] = 1;
451 token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
452 | TOKEN_ATTR_VERIFY_DIGIT;
453
454 token.sep[2] = '$';
455 token.len_min[2] = 1;
456 token.len_max[2] = 2;
457 token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
458 | TOKEN_ATTR_VERIFY_DIGIT;
459
460 token.sep[3] = '$';
461 token.len_min[3] = 1;
462 token.len_max[3] = 1;
463 token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
464 | TOKEN_ATTR_VERIFY_DIGIT;
465
466 token.sep[4] = '$';
467 token.len_min[4] = 0;
468 token.len_max[4] = 64;
469 token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH;
470
471 token.sep[5] = '$';
472 token.len_min[5] = 1;
473 token.len_max[5] = 2;
474 token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
475 | TOKEN_ATTR_VERIFY_DIGIT;
476
477 token.sep[6] = '$';
478 token.len_min[6] = 32;
479 token.len_max[6] = 32;
480 token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH
481 | TOKEN_ATTR_VERIFY_HEX;
482
483 token.sep[7] = '$';
484 token.len_min[7] = 1;
485 token.len_max[7] = 10;
486 token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH
487 | TOKEN_ATTR_VERIFY_DIGIT;
488
489 token.sep[8] = '$';
490 token.len_min[8] = 1;
491 token.len_max[8] = 8;
492 token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH
493 | TOKEN_ATTR_VERIFY_DIGIT;
494
495 token.sep[9] = '$';
496 token.len_min[9] = 1;
497 token.len_max[9] = 8;
498 token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH
499 | TOKEN_ATTR_VERIFY_DIGIT;
500
501 token.sep[10] = '$';
502 token.len_min[10] = 2;
503 token.len_max[10] = 0x200000 * 4 * 2;
504 token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH;
505
506 const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
507
508 if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
509
510 const u8 *data_type_pos = token.buf[ 1];
511 const u8 *NumCyclesPower_pos = token.buf[ 2];
512 const u8 *salt_len_pos = token.buf[ 3];
513 const u8 *salt_buf_pos = token.buf[ 4];
514 const u8 *iv_len_pos = token.buf[ 5];
515 const u8 *iv_buf_pos = token.buf[ 6];
516 const u8 *crc_buf_pos = token.buf[ 7];
517 const u8 *data_len_pos = token.buf[ 8];
518 const u8 *unpack_size_pos = token.buf[ 9];
519 const u8 *data_buf_pos = token.buf[10];
520
521 const int data_type_len = token.len[ 1];
522 const int NumCyclesPower_len = token.len[ 2];
523 const int salt_len_len = token.len[ 3];
524 const int salt_buf_len = token.len[ 4];
525 const int iv_len_len = token.len[ 5];
526 const int iv_buf_len = token.len[ 6];
527 const int crc_buf_len = token.len[ 7];
528 const int data_len_len = token.len[ 8];
529 const int unpack_size_len = token.len[ 9];
530 int data_buf_len = token.len[10];
531
532 // fields only used when data was compressed:
533
534 u8 *crc_len_pos = (u8 *) strchr ((const char *) data_buf_pos, '$');
535
536 u32 crc_len_len = 0;
537 u8 *coder_attributes_pos = 0;
538 u32 coder_attributes_len = 0;
539
540 if (crc_len_pos != NULL)
541 {
542 data_buf_len = crc_len_pos - data_buf_pos;
543
544 crc_len_pos++;
545
546 coder_attributes_pos = (u8 *) strchr ((const char *) crc_len_pos, '$');
547
548 if (coder_attributes_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
549
550 crc_len_len = coder_attributes_pos - crc_len_pos;
551
552 coder_attributes_pos++;
553 }
554
555 if (is_valid_hex_string (data_buf_pos, data_buf_len) == false) return (PARSER_SALT_ENCODING);
556
557 const int iter = hc_strtoul ((const char *) NumCyclesPower_pos, NULL, 10);
558 const int crc = hc_strtoul ((const char *) crc_buf_pos, NULL, 10);
559 const int data_type = hc_strtoul ((const char *) data_type_pos, NULL, 10);
560 const int salt_len = hc_strtoul ((const char *) salt_len_pos, NULL, 10);
561 const int iv_len = hc_strtoul ((const char *) iv_len_pos, NULL, 10);
562 const int unpack_size = hc_strtoul ((const char *) unpack_size_pos, NULL, 10);
563 const int data_len = hc_strtoul ((const char *) data_len_pos, NULL, 10);
564
565 // if neither uncompressed nor truncated, then we need the length for crc and coder attributes
566
567 int crc_len = 0;
568
569 bool is_compressed = ((data_type != 0) && (data_type != 0x80));
570
571 if (is_compressed == true)
572 {
573 if (crc_len_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
574
575 coder_attributes_len = line_len - 1 - 2 - 1 - data_type_len - 1 - NumCyclesPower_len - 1 - salt_len_len - 1 - salt_buf_len - 1 - iv_len_len - 1 - iv_buf_len - 1 - crc_buf_len - 1 - data_len_len - 1 - unpack_size_len - 1 - data_buf_len - 1 - crc_len_len - 1;
576
577 crc_len = hc_strtoul ((const char *) crc_len_pos, NULL, 10);
578 }
579
580 /**
581 * verify some data
582 */
583
584 // this check also returns an error with data_type == 0x80 (special case that means "truncated")
585
586 if ((data_type != 0) && (data_type != 1) && (data_type != 2) && (data_type != 7))
587 {
588 return (PARSER_SALT_VALUE);
589 }
590
591 if (salt_len != 0) return (PARSER_SALT_VALUE);
592
593 if ((data_len * 2) != data_buf_len) return (PARSER_SALT_VALUE);
594
595 if (data_len > 0x200000 * 4) return (PARSER_SALT_VALUE);
596
597 if (unpack_size > data_len) return (PARSER_SALT_VALUE);
598
599 if (is_compressed == true)
600 {
601 if (crc_len_len > 7) return (PARSER_SALT_VALUE);
602
603 if (coder_attributes_len > 10) return (PARSER_SALT_VALUE);
604
605 if ((coder_attributes_len % 2) != 0) return (PARSER_SALT_VALUE);
606
607 // we should be more strict about the needed attribute_len:
608
609 if (data_type == 1) // LZMA1
610 {
611 if ((coder_attributes_len / 2) != 5) return (PARSER_SALT_VALUE);
612 }
613 else if (data_type == 2) // LZMA2
614 {
615 if ((coder_attributes_len / 2) != 1) return (PARSER_SALT_VALUE);
616 }
617 }
618
619 /**
620 * store data
621 */
622
623 seven_zip->data_type = data_type;
624
625 seven_zip->iv_buf[0] = hex_to_u32 (iv_buf_pos + 0);
626 seven_zip->iv_buf[1] = hex_to_u32 (iv_buf_pos + 8);
627 seven_zip->iv_buf[2] = hex_to_u32 (iv_buf_pos + 16);
628 seven_zip->iv_buf[3] = hex_to_u32 (iv_buf_pos + 24);
629
630 seven_zip->iv_len = iv_len;
631
632 memcpy (seven_zip->salt_buf, salt_buf_pos, salt_buf_len); // we just need that for later ascii_digest()
633
634 seven_zip->salt_len = 0;
635
636 seven_zip->crc = crc;
637
638 for (int i = 0, j = 0; j < data_buf_len; i += 1, j += 8)
639 {
640 seven_zip->data_buf[i] = hex_to_u32 (data_buf_pos + j);
641 }
642
643 seven_zip->data_len = data_len;
644
645 seven_zip->unpack_size = unpack_size;
646
647 seven_zip->crc_len = crc_len;
648
649 memset (seven_zip->coder_attributes, 0, sizeof (seven_zip->coder_attributes));
650
651 seven_zip->coder_attributes_len = 0;
652
653 if (is_compressed == 1)
654 {
655 if (is_valid_hex_string (coder_attributes_pos, coder_attributes_len) == false) return (PARSER_SALT_ENCODING);
656
657 for (u32 i = 0, j = 0; j < coder_attributes_len; i += 1, j += 2)
658 {
659 seven_zip->coder_attributes[i] = hex_to_u8 ((const u8 *) &coder_attributes_pos[j]);
660
661 seven_zip->coder_attributes_len++;
662 }
663 }
664
665 // normally: crc_len <= unpacksize <= packsize (== data_len)
666
667 int aes_len = data_len;
668
669 if (crc_len != 0) // it is 0 only in case of uncompressed data or truncated data
670 {
671 // in theory we could just use crc_len, but sometimes (very rare) the compressed data
672 // is larger than the original data! (because of some additional bytes from lzma/headers)
673 // the +0.5 is used to round up (just to be sure we don't truncate)
674
675 if (data_type == 1) // LZMA1 uses more bytes
676 {
677 aes_len = 32.5f + (float) crc_len * 1.05f; // +5% max (only for small random inputs)
678 }
679 else if (data_type == 2) // LZMA2 is more clever (e.g. uncompressed chunks)
680 {
681 aes_len = 4.5f + (float) crc_len * 1.01f; // +1% max (only for small random inputs)
682 }
683
684 // just make sure we never go beyond the data_len limit itself
685
686 aes_len = MIN (aes_len, data_len);
687 }
688
689 seven_zip->aes_len = aes_len;
690
691 // real salt
692
693 salt->salt_buf[0] = seven_zip->data_buf[0];
694 salt->salt_buf[1] = seven_zip->data_buf[1];
695 salt->salt_buf[2] = seven_zip->data_buf[2];
696 salt->salt_buf[3] = seven_zip->data_buf[3];
697
698 salt->salt_len = 16;
699
700 salt->salt_sign[0] = data_type;
701
702 salt->salt_iter = 1u << iter;
703
704 /**
705 * digest
706 */
707
708 digest[0] = crc;
709 digest[1] = 0;
710 digest[2] = 0;
711 digest[3] = 0;
712
713 return (PARSER_OK);
714 }
715
module_hash_encode(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const void * digest_buf,MAYBE_UNUSED const salt_t * salt,MAYBE_UNUSED const void * esalt_buf,MAYBE_UNUSED const void * hook_salt_buf,MAYBE_UNUSED const hashinfo_t * hash_info,char * line_buf,MAYBE_UNUSED const int line_size)716 int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
717 {
718 seven_zip_hook_salt_t *seven_zip = (seven_zip_hook_salt_t *) hook_salt_buf;
719
720 const u32 data_len = seven_zip->data_len;
721
722 char *data_buf = (char *) hcmalloc ((data_len * 2) + 1);
723
724 for (u32 i = 0, j = 0; i < data_len; i += 1, j += 2)
725 {
726 const u8 *ptr = (const u8 *) seven_zip->data_buf;
727
728 snprintf (data_buf + j, (data_len * 2) + 1 - j, "%02x", ptr[i]);
729 }
730
731 u32 salt_iter = salt->salt_iter;
732
733 u32 iv[4];
734
735 iv[0] = byte_swap_32 (seven_zip->iv_buf[0]);
736 iv[1] = byte_swap_32 (seven_zip->iv_buf[1]);
737 iv[2] = byte_swap_32 (seven_zip->iv_buf[2]);
738 iv[3] = byte_swap_32 (seven_zip->iv_buf[3]);
739
740 u32 iv_len = seven_zip->iv_len;
741
742 u32 cost = 0; // the log2 () of salt_iter
743
744 while (salt_iter >>= 1)
745 {
746 cost++;
747 }
748
749 int bytes_written = snprintf (line_buf, line_size, "%s%u$%u$%u$%s$%u$%08x%08x%08x%08x$%u$%u$%u$%s",
750 SIGNATURE_SEVEN_ZIP,
751 salt->salt_sign[0],
752 cost,
753 seven_zip->salt_len,
754 (char *) seven_zip->salt_buf,
755 iv_len,
756 iv[0],
757 iv[1],
758 iv[2],
759 iv[3],
760 seven_zip->crc,
761 seven_zip->data_len,
762 seven_zip->unpack_size,
763 data_buf);
764
765 if (seven_zip->data_type > 0)
766 {
767 bytes_written += snprintf (line_buf + bytes_written, line_size - bytes_written, "$%u$", seven_zip->crc_len);
768
769 const u8 *ptr = (const u8 *) seven_zip->coder_attributes;
770
771 for (u32 i = 0, j = 0; i < seven_zip->coder_attributes_len; i += 1, j += 2)
772 {
773 bytes_written += snprintf (line_buf + bytes_written, line_size - bytes_written, "%02x", ptr[i]);
774 }
775 }
776
777 hcfree (data_buf);
778
779 return bytes_written;
780 }
781
module_init(module_ctx_t * module_ctx)782 void module_init (module_ctx_t *module_ctx)
783 {
784 module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
785 module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
786
787 module_ctx->module_attack_exec = module_attack_exec;
788 module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
789 module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
790 module_ctx->module_benchmark_mask = MODULE_DEFAULT;
791 module_ctx->module_benchmark_salt = MODULE_DEFAULT;
792 module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
793 module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
794 module_ctx->module_deprecated_notice = MODULE_DEFAULT;
795 module_ctx->module_dgst_pos0 = module_dgst_pos0;
796 module_ctx->module_dgst_pos1 = module_dgst_pos1;
797 module_ctx->module_dgst_pos2 = module_dgst_pos2;
798 module_ctx->module_dgst_pos3 = module_dgst_pos3;
799 module_ctx->module_dgst_size = module_dgst_size;
800 module_ctx->module_dictstat_disable = MODULE_DEFAULT;
801 module_ctx->module_esalt_size = MODULE_DEFAULT;
802 module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
803 module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
804 module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT;
805 module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
806 module_ctx->module_hash_binary_count = MODULE_DEFAULT;
807 module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
808 module_ctx->module_hash_binary_save = MODULE_DEFAULT;
809 module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
810 module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
811 module_ctx->module_hash_decode = module_hash_decode;
812 module_ctx->module_hash_encode_status = MODULE_DEFAULT;
813 module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
814 module_ctx->module_hash_encode = module_hash_encode;
815 module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
816 module_ctx->module_hash_mode = MODULE_DEFAULT;
817 module_ctx->module_hash_category = module_hash_category;
818 module_ctx->module_hash_name = module_hash_name;
819 module_ctx->module_hashes_count_min = MODULE_DEFAULT;
820 module_ctx->module_hashes_count_max = MODULE_DEFAULT;
821 module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
822 module_ctx->module_hook_extra_param_size = module_hook_extra_param_size;
823 module_ctx->module_hook_extra_param_init = module_hook_extra_param_init;
824 module_ctx->module_hook_extra_param_term = module_hook_extra_param_term;
825 module_ctx->module_hook12 = MODULE_DEFAULT;
826 module_ctx->module_hook23 = module_hook23;
827 module_ctx->module_hook_salt_size = module_hook_salt_size;
828 module_ctx->module_hook_size = module_hook_size;
829 module_ctx->module_jit_build_options = module_jit_build_options;
830 module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
831 module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
832 module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
833 module_ctx->module_kernel_loops_max = module_kernel_loops_max;
834 module_ctx->module_kernel_loops_min = module_kernel_loops_min;
835 module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
836 module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
837 module_ctx->module_kern_type = module_kern_type;
838 module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
839 module_ctx->module_opti_type = module_opti_type;
840 module_ctx->module_opts_type = module_opts_type;
841 module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
842 module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
843 module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
844 module_ctx->module_potfile_disable = MODULE_DEFAULT;
845 module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
846 module_ctx->module_pwdump_column = MODULE_DEFAULT;
847 module_ctx->module_pw_max = module_pw_max;
848 module_ctx->module_pw_min = MODULE_DEFAULT;
849 module_ctx->module_salt_max = MODULE_DEFAULT;
850 module_ctx->module_salt_min = MODULE_DEFAULT;
851 module_ctx->module_salt_type = module_salt_type;
852 module_ctx->module_separator = MODULE_DEFAULT;
853 module_ctx->module_st_hash = module_st_hash;
854 module_ctx->module_st_pass = module_st_pass;
855 module_ctx->module_tmp_size = module_tmp_size;
856 module_ctx->module_unstable_warning = MODULE_DEFAULT;
857 module_ctx->module_warmup_disable = MODULE_DEFAULT;
858 }
859