1 /**
2 * Author......: See docs/credits.txt
3 * License.....: MIT
4 */
5
6 #include "common.h"
7 #include "types.h"
8 #include "modules.h"
9 #include "bitops.h"
10 #include "convert.h"
11 #include "shared.h"
12
13 static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
14 static const u32 DGST_POS0 = 0;
15 static const u32 DGST_POS1 = 1;
16 static const u32 DGST_POS2 = 2;
17 static const u32 DGST_POS3 = 3;
18 static const u32 DGST_SIZE = DGST_SIZE_4_4;
19 static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER;
20 static const char *HASH_NAME = "KeePass 1 (AES/Twofish) and KeePass 2 (AES)";
21 static const u64 KERN_TYPE = 13400;
22 static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE;
23 static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
24 | OPTS_TYPE_MAXIMUM_THREADS;
25 static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
26 static const char *ST_PASS = "hashcat";
27 static const char *ST_HASH = "$keepass$*2*24569*0*c40432355cce7348c48053ceea0a28e7d18859c4ea47e3a799c6300861f64b95*265dafcc42e1537ff42e97e1e283c70014133be0fe2d420b4d24c6d57c9d2207*a00e20a852694c15aabb074d61b902fa*48dd553fb96f7996635f2414bfe6a1a8429ef0ffb71a1752abbef31853172c35*a44ae659958ad7fae8c8952cb83f3cf03fec2371ce22a8bf7fac1e687af2f249*1*64*5a26ea376cc5afc955104c334571d30486acbac512a94b75ca82a9e31dd97bf7";
28
module_attack_exec(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)29 u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
module_dgst_pos0(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)30 u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
module_dgst_pos1(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)31 u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
module_dgst_pos2(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)32 u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
module_dgst_pos3(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)33 u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
module_dgst_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)34 u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
module_hash_category(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)35 u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
module_hash_name(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)36 const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
module_kern_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)37 u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
module_opti_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)38 u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
module_opts_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)39 u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
module_salt_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)40 u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
module_st_hash(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)41 const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
module_st_pass(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)42 const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
43
44 typedef struct keepass
45 {
46 u32 version;
47 u32 algorithm;
48
49 /* key-file handling */
50 u32 keyfile_len;
51 u32 keyfile[8];
52
53 u32 final_random_seed[8];
54 u32 transf_random_seed[8];
55 u32 enc_iv[4];
56 u32 contents_hash[8];
57
58 /* specific to version 1 */
59 u32 contents_len;
60 u32 contents[0x200000];
61
62 /* specific to version 2 */
63 u32 expected_bytes[8];
64
65 } keepass_t;
66
67 typedef struct keepass_tmp
68 {
69 u32 tmp_digest[8];
70
71 } keepass_tmp_t;
72
73 static const char *SIGNATURE_KEEPASS = "$keepass$";
74
module_esalt_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)75 u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
76 {
77 const u64 esalt_size = (const u64) sizeof (keepass_t);
78
79 return esalt_size;
80 }
81
module_tmp_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)82 u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
83 {
84 const u64 tmp_size = (const u64) sizeof (keepass_tmp_t);
85
86 return tmp_size;
87 }
88
module_pw_max(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)89 u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
90 {
91 // this overrides the reductions of PW_MAX in case optimized kernel is selected
92 // IOW, even in optimized kernel mode it support length 256
93
94 const u32 pw_max = PW_MAX;
95
96 return pw_max;
97 }
98
module_hash_decode(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED void * digest_buf,MAYBE_UNUSED salt_t * salt,MAYBE_UNUSED void * esalt_buf,MAYBE_UNUSED void * hook_salt_buf,MAYBE_UNUSED hashinfo_t * hash_info,const char * line_buf,MAYBE_UNUSED const int line_len)99 int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
100 {
101 u32 *digest = (u32 *) digest_buf;
102
103 keepass_t *keepass = (keepass_t *) esalt_buf;
104
105 bool is_keyfile_present = false;
106
107 if (line_len < 128) return (PARSER_SALT_LENGTH);
108
109 if ((line_buf[line_len - (64 + 1 + 2 + 1 + 2)] == '*')
110 && (line_buf[line_len - (64 + 1 + 2 + 1 + 1)] == '1')
111 && (line_buf[line_len - (64 + 1 + 2 + 1 + 0)] == '*')) is_keyfile_present = true;
112
113 token_t token;
114
115 token.signatures_cnt = 1;
116 token.signatures_buf[0] = SIGNATURE_KEEPASS;
117
118 token.sep[0] = '*';
119 token.len_min[0] = 9;
120 token.len_max[0] = 9;
121 token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH
122 | TOKEN_ATTR_VERIFY_SIGNATURE;
123
124 token.sep[1] = '*';
125 token.len_min[1] = 1;
126 token.len_max[1] = 1;
127 token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
128 | TOKEN_ATTR_VERIFY_DIGIT;
129
130 token.sep[2] = '*';
131 token.len_min[2] = 1;
132 token.len_max[2] = 10;
133 token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
134 | TOKEN_ATTR_VERIFY_DIGIT;
135
136 token.sep[3] = '*';
137 token.len_min[3] = 1;
138 token.len_max[3] = 3;
139 token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
140 | TOKEN_ATTR_VERIFY_DIGIT;
141
142 if (line_len < 16) return (PARSER_SALT_LENGTH);
143
144 const u8 version = line_buf[10];
145
146 if (version == '1')
147 {
148 token.token_cnt = 11;
149
150 token.sep[4] = '*';
151 token.len_min[4] = 32;
152 token.len_max[4] = 32;
153 token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
154 | TOKEN_ATTR_VERIFY_HEX;
155
156 token.sep[5] = '*';
157 token.len_min[5] = 64;
158 token.len_max[5] = 64;
159 token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
160 | TOKEN_ATTR_VERIFY_HEX;
161
162 token.sep[6] = '*';
163 token.len_min[6] = 32;
164 token.len_max[6] = 32;
165 token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH
166 | TOKEN_ATTR_VERIFY_HEX;
167
168 token.sep[7] = '*';
169 token.len_min[7] = 64;
170 token.len_max[7] = 64;
171 token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH
172 | TOKEN_ATTR_VERIFY_HEX;
173
174 token.sep[8] = '*';
175 token.len_min[8] = 1;
176 token.len_max[8] = 1;
177 token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH
178 | TOKEN_ATTR_VERIFY_DIGIT;
179
180 token.sep[9] = '*';
181 token.len_min[9] = 1;
182 token.len_max[9] = 8;
183 token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH
184 | TOKEN_ATTR_VERIFY_DIGIT;
185
186 token.sep[10] = '*';
187 token.len_min[10] = 2;
188 token.len_max[10] = 0x1000000;
189 token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH
190 | TOKEN_ATTR_VERIFY_HEX;
191
192 if (is_keyfile_present == true)
193 {
194 token.token_cnt = 14;
195
196 token.sep[11] = '*';
197 token.len_min[11] = 1;
198 token.len_max[11] = 1;
199 token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH
200 | TOKEN_ATTR_VERIFY_DIGIT;
201
202 token.sep[12] = '*';
203 token.len_min[12] = 2;
204 token.len_max[12] = 2;
205 token.attr[12] = TOKEN_ATTR_VERIFY_LENGTH
206 | TOKEN_ATTR_VERIFY_DIGIT;
207
208 token.sep[13] = '*';
209 token.len_min[13] = 64;
210 token.len_max[13] = 64;
211 token.attr[13] = TOKEN_ATTR_VERIFY_LENGTH
212 | TOKEN_ATTR_VERIFY_HEX;
213 }
214 }
215 else if (version == '2')
216 {
217 token.token_cnt = 9;
218
219 token.sep[4] = '*';
220 token.len_min[4] = 64;
221 token.len_max[4] = 64;
222 token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
223 | TOKEN_ATTR_VERIFY_HEX;
224
225 token.sep[5] = '*';
226 token.len_min[5] = 64;
227 token.len_max[5] = 64;
228 token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
229 | TOKEN_ATTR_VERIFY_HEX;
230
231 token.sep[6] = '*';
232 token.len_min[6] = 32;
233 token.len_max[6] = 32;
234 token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH
235 | TOKEN_ATTR_VERIFY_HEX;
236
237 token.sep[7] = '*';
238 token.len_min[7] = 64;
239 token.len_max[7] = 64;
240 token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH
241 | TOKEN_ATTR_VERIFY_HEX;
242
243 token.sep[8] = '*';
244 token.len_min[8] = 64;
245 token.len_max[8] = 64;
246 token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH
247 | TOKEN_ATTR_VERIFY_HEX;
248
249 if (is_keyfile_present == true)
250 {
251 token.token_cnt = 12;
252
253 token.sep[9] = '*';
254 token.len_min[9] = 1;
255 token.len_max[9] = 1;
256 token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH
257 | TOKEN_ATTR_VERIFY_DIGIT;
258
259 token.sep[10] = '*';
260 token.len_min[10] = 2;
261 token.len_max[10] = 2;
262 token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH
263 | TOKEN_ATTR_VERIFY_DIGIT;
264
265 token.sep[11] = '*';
266 token.len_min[11] = 64;
267 token.len_max[11] = 64;
268 token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH
269 | TOKEN_ATTR_VERIFY_HEX;
270 }
271 }
272 else
273 {
274 return (PARSER_SALT_VALUE);
275 }
276
277 const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
278
279 if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
280
281 // version
282
283 const u8 *version_pos = token.buf[1];
284
285 keepass->version = hc_strtoul ((const char *) version_pos, NULL, 10);
286
287 // iter
288
289 const u8 *rounds_pos = token.buf[2];
290
291 salt->salt_iter = hc_strtoul ((const char *) rounds_pos, NULL, 10);
292
293 // algo
294
295 const u8 *algorithm_pos = token.buf[3];
296
297 keepass->algorithm = hc_strtoul ((const char *) algorithm_pos, NULL, 10);
298
299 // final_random_seed_pos
300
301 const u8 *final_random_seed_pos = token.buf[4];
302
303 keepass->final_random_seed[0] = hex_to_u32 ((const u8 *) &final_random_seed_pos[ 0]);
304 keepass->final_random_seed[1] = hex_to_u32 ((const u8 *) &final_random_seed_pos[ 8]);
305 keepass->final_random_seed[2] = hex_to_u32 ((const u8 *) &final_random_seed_pos[16]);
306 keepass->final_random_seed[3] = hex_to_u32 ((const u8 *) &final_random_seed_pos[24]);
307
308 keepass->final_random_seed[0] = byte_swap_32 (keepass->final_random_seed[0]);
309 keepass->final_random_seed[1] = byte_swap_32 (keepass->final_random_seed[1]);
310 keepass->final_random_seed[2] = byte_swap_32 (keepass->final_random_seed[2]);
311 keepass->final_random_seed[3] = byte_swap_32 (keepass->final_random_seed[3]);
312
313 if (keepass->version == 2)
314 {
315 keepass->final_random_seed[4] = hex_to_u32 ((const u8 *) &final_random_seed_pos[32]);
316 keepass->final_random_seed[5] = hex_to_u32 ((const u8 *) &final_random_seed_pos[40]);
317 keepass->final_random_seed[6] = hex_to_u32 ((const u8 *) &final_random_seed_pos[48]);
318 keepass->final_random_seed[7] = hex_to_u32 ((const u8 *) &final_random_seed_pos[56]);
319
320 keepass->final_random_seed[4] = byte_swap_32 (keepass->final_random_seed[4]);
321 keepass->final_random_seed[5] = byte_swap_32 (keepass->final_random_seed[5]);
322 keepass->final_random_seed[6] = byte_swap_32 (keepass->final_random_seed[6]);
323 keepass->final_random_seed[7] = byte_swap_32 (keepass->final_random_seed[7]);
324 }
325
326 // transf_random_seed_pos
327
328 const u8 *transf_random_seed_pos = token.buf[5];
329
330 keepass->transf_random_seed[0] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[ 0]);
331 keepass->transf_random_seed[1] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[ 8]);
332 keepass->transf_random_seed[2] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[16]);
333 keepass->transf_random_seed[3] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[24]);
334 keepass->transf_random_seed[4] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[32]);
335 keepass->transf_random_seed[5] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[40]);
336 keepass->transf_random_seed[6] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[48]);
337 keepass->transf_random_seed[7] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[56]);
338
339 keepass->transf_random_seed[0] = byte_swap_32 (keepass->transf_random_seed[0]);
340 keepass->transf_random_seed[1] = byte_swap_32 (keepass->transf_random_seed[1]);
341 keepass->transf_random_seed[2] = byte_swap_32 (keepass->transf_random_seed[2]);
342 keepass->transf_random_seed[3] = byte_swap_32 (keepass->transf_random_seed[3]);
343 keepass->transf_random_seed[4] = byte_swap_32 (keepass->transf_random_seed[4]);
344 keepass->transf_random_seed[5] = byte_swap_32 (keepass->transf_random_seed[5]);
345 keepass->transf_random_seed[6] = byte_swap_32 (keepass->transf_random_seed[6]);
346 keepass->transf_random_seed[7] = byte_swap_32 (keepass->transf_random_seed[7]);
347
348 // enc_iv_pos
349
350 const u8 *enc_iv_pos = token.buf[6];
351
352 keepass->enc_iv[0] = hex_to_u32 ((const u8 *) &enc_iv_pos[ 0]);
353 keepass->enc_iv[1] = hex_to_u32 ((const u8 *) &enc_iv_pos[ 8]);
354 keepass->enc_iv[2] = hex_to_u32 ((const u8 *) &enc_iv_pos[16]);
355 keepass->enc_iv[3] = hex_to_u32 ((const u8 *) &enc_iv_pos[24]);
356
357 keepass->enc_iv[0] = byte_swap_32 (keepass->enc_iv[0]);
358 keepass->enc_iv[1] = byte_swap_32 (keepass->enc_iv[1]);
359 keepass->enc_iv[2] = byte_swap_32 (keepass->enc_iv[2]);
360 keepass->enc_iv[3] = byte_swap_32 (keepass->enc_iv[3]);
361
362 const u8 *keyfile_pos = NULL;
363
364 if (keepass->version == 1)
365 {
366 // contents_hash
367
368 const u8 *contents_hash_pos = token.buf[7];
369
370 keepass->contents_hash[0] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 0]);
371 keepass->contents_hash[1] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 8]);
372 keepass->contents_hash[2] = hex_to_u32 ((const u8 *) &contents_hash_pos[16]);
373 keepass->contents_hash[3] = hex_to_u32 ((const u8 *) &contents_hash_pos[24]);
374 keepass->contents_hash[4] = hex_to_u32 ((const u8 *) &contents_hash_pos[32]);
375 keepass->contents_hash[5] = hex_to_u32 ((const u8 *) &contents_hash_pos[40]);
376 keepass->contents_hash[6] = hex_to_u32 ((const u8 *) &contents_hash_pos[48]);
377 keepass->contents_hash[7] = hex_to_u32 ((const u8 *) &contents_hash_pos[56]);
378
379 keepass->contents_hash[0] = byte_swap_32 (keepass->contents_hash[0]);
380 keepass->contents_hash[1] = byte_swap_32 (keepass->contents_hash[1]);
381 keepass->contents_hash[2] = byte_swap_32 (keepass->contents_hash[2]);
382 keepass->contents_hash[3] = byte_swap_32 (keepass->contents_hash[3]);
383 keepass->contents_hash[4] = byte_swap_32 (keepass->contents_hash[4]);
384 keepass->contents_hash[5] = byte_swap_32 (keepass->contents_hash[5]);
385 keepass->contents_hash[6] = byte_swap_32 (keepass->contents_hash[6]);
386 keepass->contents_hash[7] = byte_swap_32 (keepass->contents_hash[7]);
387
388 // contents
389
390 const u8 *contents_pos = token.buf[10];
391 const int contents_len = token.len[10];
392
393 keepass->contents_len = contents_len / 2;
394
395 for (int i = 0, j = 0; j < contents_len; i += 1, j += 8)
396 {
397 keepass->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[j]);
398
399 keepass->contents[i] = byte_swap_32 (keepass->contents[i]);
400 }
401
402 if (is_keyfile_present == true)
403 {
404 keyfile_pos = token.buf[13];
405 }
406 }
407 else if (keepass->version == 2)
408 {
409 // expected_bytes
410
411 const u8 *expected_bytes_pos = token.buf[7];
412
413 keepass->expected_bytes[0] = hex_to_u32 ((const u8 *) &expected_bytes_pos[ 0]);
414 keepass->expected_bytes[1] = hex_to_u32 ((const u8 *) &expected_bytes_pos[ 8]);
415 keepass->expected_bytes[2] = hex_to_u32 ((const u8 *) &expected_bytes_pos[16]);
416 keepass->expected_bytes[3] = hex_to_u32 ((const u8 *) &expected_bytes_pos[24]);
417 keepass->expected_bytes[4] = hex_to_u32 ((const u8 *) &expected_bytes_pos[32]);
418 keepass->expected_bytes[5] = hex_to_u32 ((const u8 *) &expected_bytes_pos[40]);
419 keepass->expected_bytes[6] = hex_to_u32 ((const u8 *) &expected_bytes_pos[48]);
420 keepass->expected_bytes[7] = hex_to_u32 ((const u8 *) &expected_bytes_pos[56]);
421
422 keepass->expected_bytes[0] = byte_swap_32 (keepass->expected_bytes[0]);
423 keepass->expected_bytes[1] = byte_swap_32 (keepass->expected_bytes[1]);
424 keepass->expected_bytes[2] = byte_swap_32 (keepass->expected_bytes[2]);
425 keepass->expected_bytes[3] = byte_swap_32 (keepass->expected_bytes[3]);
426 keepass->expected_bytes[4] = byte_swap_32 (keepass->expected_bytes[4]);
427 keepass->expected_bytes[5] = byte_swap_32 (keepass->expected_bytes[5]);
428 keepass->expected_bytes[6] = byte_swap_32 (keepass->expected_bytes[6]);
429 keepass->expected_bytes[7] = byte_swap_32 (keepass->expected_bytes[7]);
430
431 // contents_hash
432
433 const u8 *contents_hash_pos = token.buf[8];
434
435 keepass->contents_hash[0] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 0]);
436 keepass->contents_hash[1] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 8]);
437 keepass->contents_hash[2] = hex_to_u32 ((const u8 *) &contents_hash_pos[16]);
438 keepass->contents_hash[3] = hex_to_u32 ((const u8 *) &contents_hash_pos[24]);
439 keepass->contents_hash[4] = hex_to_u32 ((const u8 *) &contents_hash_pos[32]);
440 keepass->contents_hash[5] = hex_to_u32 ((const u8 *) &contents_hash_pos[40]);
441 keepass->contents_hash[6] = hex_to_u32 ((const u8 *) &contents_hash_pos[48]);
442 keepass->contents_hash[7] = hex_to_u32 ((const u8 *) &contents_hash_pos[56]);
443
444 keepass->contents_hash[0] = byte_swap_32 (keepass->contents_hash[0]);
445 keepass->contents_hash[1] = byte_swap_32 (keepass->contents_hash[1]);
446 keepass->contents_hash[2] = byte_swap_32 (keepass->contents_hash[2]);
447 keepass->contents_hash[3] = byte_swap_32 (keepass->contents_hash[3]);
448 keepass->contents_hash[4] = byte_swap_32 (keepass->contents_hash[4]);
449 keepass->contents_hash[5] = byte_swap_32 (keepass->contents_hash[5]);
450 keepass->contents_hash[6] = byte_swap_32 (keepass->contents_hash[6]);
451 keepass->contents_hash[7] = byte_swap_32 (keepass->contents_hash[7]);
452
453 if (is_keyfile_present == true)
454 {
455 keyfile_pos = token.buf[11];
456 }
457 }
458
459 if (is_keyfile_present == true)
460 {
461 keepass->keyfile_len = 32;
462
463 keepass->keyfile[0] = hex_to_u32 ((const u8 *) &keyfile_pos[ 0]);
464 keepass->keyfile[1] = hex_to_u32 ((const u8 *) &keyfile_pos[ 8]);
465 keepass->keyfile[2] = hex_to_u32 ((const u8 *) &keyfile_pos[16]);
466 keepass->keyfile[3] = hex_to_u32 ((const u8 *) &keyfile_pos[24]);
467 keepass->keyfile[4] = hex_to_u32 ((const u8 *) &keyfile_pos[32]);
468 keepass->keyfile[5] = hex_to_u32 ((const u8 *) &keyfile_pos[40]);
469 keepass->keyfile[6] = hex_to_u32 ((const u8 *) &keyfile_pos[48]);
470 keepass->keyfile[7] = hex_to_u32 ((const u8 *) &keyfile_pos[56]);
471
472 keepass->keyfile[0] = byte_swap_32 (keepass->keyfile[0]);
473 keepass->keyfile[1] = byte_swap_32 (keepass->keyfile[1]);
474 keepass->keyfile[2] = byte_swap_32 (keepass->keyfile[2]);
475 keepass->keyfile[3] = byte_swap_32 (keepass->keyfile[3]);
476 keepass->keyfile[4] = byte_swap_32 (keepass->keyfile[4]);
477 keepass->keyfile[5] = byte_swap_32 (keepass->keyfile[5]);
478 keepass->keyfile[6] = byte_swap_32 (keepass->keyfile[6]);
479 keepass->keyfile[7] = byte_swap_32 (keepass->keyfile[7]);
480 }
481
482 if (keepass->version == 1)
483 {
484 digest[0] = keepass->contents_hash[0];
485 digest[1] = keepass->contents_hash[1];
486 digest[2] = keepass->contents_hash[2];
487 digest[3] = keepass->contents_hash[3];
488 }
489 else
490 {
491 digest[0] = keepass->expected_bytes[0];
492 digest[1] = keepass->expected_bytes[1];
493 digest[2] = keepass->expected_bytes[2];
494 digest[3] = keepass->expected_bytes[3];
495 }
496
497 salt->salt_buf[0] = keepass->transf_random_seed[0];
498 salt->salt_buf[1] = keepass->transf_random_seed[1];
499 salt->salt_buf[2] = keepass->transf_random_seed[2];
500 salt->salt_buf[3] = keepass->transf_random_seed[3];
501 salt->salt_buf[4] = keepass->transf_random_seed[4];
502 salt->salt_buf[5] = keepass->transf_random_seed[5];
503 salt->salt_buf[6] = keepass->transf_random_seed[6];
504 salt->salt_buf[7] = keepass->transf_random_seed[7];
505
506 salt->salt_len = 32;
507
508 return (PARSER_OK);
509 }
510
module_hash_encode(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const void * digest_buf,MAYBE_UNUSED const salt_t * salt,MAYBE_UNUSED const void * esalt_buf,MAYBE_UNUSED const void * hook_salt_buf,MAYBE_UNUSED const hashinfo_t * hash_info,char * line_buf,MAYBE_UNUSED const int line_size)511 int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
512 {
513 const keepass_t *keepass = (const keepass_t *) esalt_buf;
514
515 u32 version = keepass->version;
516 u32 rounds = salt->salt_iter;
517 u32 algorithm = keepass->algorithm;
518 u32 keyfile_len = keepass->keyfile_len;
519
520 u32 *ptr_final_random_seed = (u32 *) keepass->final_random_seed;
521 u32 *ptr_transf_random_seed = (u32 *) keepass->transf_random_seed;
522 u32 *ptr_enc_iv = (u32 *) keepass->enc_iv;
523 u32 *ptr_contents_hash = (u32 *) keepass->contents_hash;
524 u32 *ptr_keyfile = (u32 *) keepass->keyfile;
525
526 // specific to version 2
527 u32 expected_bytes_len;
528 u32 *ptr_expected_bytes;
529
530 u32 final_random_seed_len;
531 u32 transf_random_seed_len;
532 u32 enc_iv_len;
533 u32 contents_hash_len;
534
535 transf_random_seed_len = 8;
536 enc_iv_len = 4;
537 contents_hash_len = 8;
538 final_random_seed_len = 8;
539
540 if (version == 1)
541 final_random_seed_len = 4;
542
543 snprintf (line_buf, line_size, "%s*%u*%u*%u",
544 SIGNATURE_KEEPASS,
545 version,
546 rounds,
547 algorithm);
548
549 char *ptr_data = line_buf;
550
551 ptr_data += strlen (line_buf);
552
553 *ptr_data = '*';
554 ptr_data++;
555
556 for (u32 i = 0; i < final_random_seed_len; i++, ptr_data += 8)
557 sprintf (ptr_data, "%08x", ptr_final_random_seed[i]);
558
559 *ptr_data = '*';
560 ptr_data++;
561
562 for (u32 i = 0; i < transf_random_seed_len; i++, ptr_data += 8)
563 sprintf (ptr_data, "%08x", ptr_transf_random_seed[i]);
564
565 *ptr_data = '*';
566 ptr_data++;
567
568 for (u32 i = 0; i < enc_iv_len; i++, ptr_data += 8)
569 sprintf (ptr_data, "%08x", ptr_enc_iv[i]);
570
571 *ptr_data = '*';
572 ptr_data++;
573
574 if (version == 1)
575 {
576 u32 contents_len = keepass->contents_len;
577 u32 *ptr_contents = (u32 *) keepass->contents;
578
579 for (u32 i = 0; i < contents_hash_len; i++, ptr_data += 8)
580 sprintf (ptr_data, "%08x", ptr_contents_hash[i]);
581
582 *ptr_data = '*';
583 ptr_data++;
584
585 // inline flag
586 *ptr_data = '1';
587 ptr_data++;
588
589 *ptr_data = '*';
590 ptr_data++;
591
592 char ptr_contents_len[10] = { 0 };
593
594 sprintf ((char*) ptr_contents_len, "%u", contents_len);
595
596 sprintf (ptr_data, "%u", contents_len);
597
598 ptr_data += strlen (ptr_contents_len);
599
600 *ptr_data = '*';
601 ptr_data++;
602
603 for (u32 i = 0; i < contents_len / 4; i++, ptr_data += 8)
604 sprintf (ptr_data, "%08x", ptr_contents[i]);
605 }
606 else if (version == 2)
607 {
608 expected_bytes_len = 8;
609 ptr_expected_bytes = (u32 *) keepass->expected_bytes;
610
611 for (u32 i = 0; i < expected_bytes_len; i++, ptr_data += 8)
612 sprintf (ptr_data, "%08x", ptr_expected_bytes[i]);
613
614 *ptr_data = '*';
615 ptr_data++;
616
617 for (u32 i = 0; i < contents_hash_len; i++, ptr_data += 8)
618 sprintf (ptr_data, "%08x", ptr_contents_hash[i]);
619 }
620
621 if (keyfile_len)
622 {
623 *ptr_data = '*';
624 ptr_data++;
625
626 // inline flag
627 *ptr_data = '1';
628 ptr_data++;
629
630 *ptr_data = '*';
631 ptr_data++;
632
633 sprintf (ptr_data, "%u", keyfile_len * 2);
634
635 ptr_data += 2;
636
637 *ptr_data = '*';
638 ptr_data++;
639
640 for (u32 i = 0; i < 8; i++, ptr_data += 8)
641 sprintf (ptr_data, "%08x", ptr_keyfile[i]);
642 }
643
644 return strlen (line_buf);
645 }
646
module_init(module_ctx_t * module_ctx)647 void module_init (module_ctx_t *module_ctx)
648 {
649 module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
650 module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
651
652 module_ctx->module_attack_exec = module_attack_exec;
653 module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
654 module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
655 module_ctx->module_benchmark_mask = MODULE_DEFAULT;
656 module_ctx->module_benchmark_salt = MODULE_DEFAULT;
657 module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
658 module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
659 module_ctx->module_deprecated_notice = MODULE_DEFAULT;
660 module_ctx->module_dgst_pos0 = module_dgst_pos0;
661 module_ctx->module_dgst_pos1 = module_dgst_pos1;
662 module_ctx->module_dgst_pos2 = module_dgst_pos2;
663 module_ctx->module_dgst_pos3 = module_dgst_pos3;
664 module_ctx->module_dgst_size = module_dgst_size;
665 module_ctx->module_dictstat_disable = MODULE_DEFAULT;
666 module_ctx->module_esalt_size = module_esalt_size;
667 module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
668 module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
669 module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT;
670 module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
671 module_ctx->module_hash_binary_count = MODULE_DEFAULT;
672 module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
673 module_ctx->module_hash_binary_save = MODULE_DEFAULT;
674 module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
675 module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
676 module_ctx->module_hash_decode = module_hash_decode;
677 module_ctx->module_hash_encode_status = MODULE_DEFAULT;
678 module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
679 module_ctx->module_hash_encode = module_hash_encode;
680 module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
681 module_ctx->module_hash_mode = MODULE_DEFAULT;
682 module_ctx->module_hash_category = module_hash_category;
683 module_ctx->module_hash_name = module_hash_name;
684 module_ctx->module_hashes_count_min = MODULE_DEFAULT;
685 module_ctx->module_hashes_count_max = MODULE_DEFAULT;
686 module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
687 module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
688 module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
689 module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
690 module_ctx->module_hook12 = MODULE_DEFAULT;
691 module_ctx->module_hook23 = MODULE_DEFAULT;
692 module_ctx->module_hook_salt_size = MODULE_DEFAULT;
693 module_ctx->module_hook_size = MODULE_DEFAULT;
694 module_ctx->module_jit_build_options = MODULE_DEFAULT;
695 module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
696 module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
697 module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
698 module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
699 module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
700 module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
701 module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
702 module_ctx->module_kern_type = module_kern_type;
703 module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
704 module_ctx->module_opti_type = module_opti_type;
705 module_ctx->module_opts_type = module_opts_type;
706 module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
707 module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
708 module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
709 module_ctx->module_potfile_disable = MODULE_DEFAULT;
710 module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
711 module_ctx->module_pwdump_column = MODULE_DEFAULT;
712 module_ctx->module_pw_max = module_pw_max;
713 module_ctx->module_pw_min = MODULE_DEFAULT;
714 module_ctx->module_salt_max = MODULE_DEFAULT;
715 module_ctx->module_salt_min = MODULE_DEFAULT;
716 module_ctx->module_salt_type = module_salt_type;
717 module_ctx->module_separator = MODULE_DEFAULT;
718 module_ctx->module_st_hash = module_st_hash;
719 module_ctx->module_st_pass = module_st_pass;
720 module_ctx->module_tmp_size = module_tmp_size;
721 module_ctx->module_unstable_warning = MODULE_DEFAULT;
722 module_ctx->module_warmup_disable = MODULE_DEFAULT;
723 }
724