1 /**
2 * Author......: See docs/credits.txt
3 * License.....: MIT
4 */
5
6 #include "common.h"
7 #include "types.h"
8 #include "modules.h"
9 #include "bitops.h"
10 #include "convert.h"
11 #include "shared.h"
12 #include "emu_inc_hash_sha512.h"
13 #include "memory.h"
14
15 static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
16 static const u32 DGST_POS0 = 0;
17 static const u32 DGST_POS1 = 1;
18 static const u32 DGST_POS2 = 2;
19 static const u32 DGST_POS3 = 3;
20 static const u32 DGST_SIZE = DGST_SIZE_8_8;
21 static const u32 HASH_CATEGORY = HASH_CATEGORY_OS;
22 static const char *HASH_NAME = "QNX /etc/shadow (SHA512)";
23 static const u64 KERN_TYPE = 19200;
24 static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
25 | OPTI_TYPE_USES_BITS_64;
26 static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE;
27 static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
28 static const char *ST_PASS = "hashcat";
29 static const char *ST_HASH = "@S@715df9e94c097805dd1e13c6a40f331d02ce589765a2100ec7435e76b978d5efc364ce10870780622cee003c9951bd92ec1020c924b124cfff7e0fa1f73e3672@2257314490293159";
30
module_attack_exec(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)31 u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
module_dgst_pos0(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)32 u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
module_dgst_pos1(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)33 u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
module_dgst_pos2(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)34 u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
module_dgst_pos3(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)35 u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
module_dgst_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)36 u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
module_hash_category(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)37 u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
module_hash_name(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)38 const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
module_kern_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)39 u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
module_opti_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)40 u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
module_opts_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)41 u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
module_salt_type(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)42 u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
module_st_hash(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)43 const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
module_st_pass(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)44 const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
45
46 typedef struct qnx_sha512_tmp
47 {
48 sha512_ctx_t sha512_ctx;
49
50 u32 sav; // to trigger sha512 bug
51
52 } qnx_sha512_tmp_t;
53
54 static const int ROUNDS_QNX = 1000;
55
module_unstable_warning(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra,MAYBE_UNUSED const hc_device_param_t * device_param)56 bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param)
57 {
58 if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE)
59 {
60 // self-test failed
61 if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU))
62 {
63 return true;
64 }
65 }
66
67 return false;
68 }
69
module_tmp_size(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const user_options_t * user_options,MAYBE_UNUSED const user_options_extra_t * user_options_extra)70 u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
71 {
72 const u64 tmp_size = (const u64) sizeof (qnx_sha512_tmp_t);
73
74 return tmp_size;
75 }
76
module_hash_decode(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED void * digest_buf,MAYBE_UNUSED salt_t * salt,MAYBE_UNUSED void * esalt_buf,MAYBE_UNUSED void * hook_salt_buf,MAYBE_UNUSED hashinfo_t * hash_info,const char * line_buf,MAYBE_UNUSED const int line_len)77 int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
78 {
79 u64 *digest = (u64 *) digest_buf;
80
81 token_t token;
82
83 token.token_cnt = 4;
84
85 token.sep[0] = '@';
86 token.len_min[0] = 0;
87 token.len_max[0] = 0;
88 token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH;
89
90 token.sep[1] = '@';
91 token.len_min[1] = 1;
92 token.len_max[1] = 8;
93 token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
94
95 token.sep[2] = '@';
96 token.len_min[2] = 32;
97 token.len_max[2] = 128;
98 token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
99 | TOKEN_ATTR_VERIFY_HEX;
100
101 token.sep[3] = '@';
102 token.len_min[3] = 8;
103 token.len_max[3] = 16;
104 token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH;
105
106 const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
107
108 if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
109
110 // check hash type
111
112 if (token.buf[1][0] != 'S') return (PARSER_SIGNATURE_UNMATCHED);
113
114 // check iter
115
116 u32 iter = ROUNDS_QNX;
117
118 if (token.len[1] > 1)
119 {
120 if (token.buf[1][1] != ',') return (PARSER_SEPARATOR_UNMATCHED);
121
122 iter = hc_strtoul ((const char *) token.buf[1] + 2, NULL, 10);
123 }
124
125 // iter++; the additinal round is added in the init kernel
126
127 salt->salt_iter = iter;
128
129 // digest
130
131 if (token.len[2] != 128) return (PARSER_HASH_LENGTH);
132
133 digest[0] = hex_to_u64 ((const u8 *) token.buf[2] + 0);
134 digest[1] = hex_to_u64 ((const u8 *) token.buf[2] + 16);
135 digest[2] = hex_to_u64 ((const u8 *) token.buf[2] + 32);
136 digest[3] = hex_to_u64 ((const u8 *) token.buf[2] + 48);
137 digest[4] = hex_to_u64 ((const u8 *) token.buf[2] + 64);
138 digest[5] = hex_to_u64 ((const u8 *) token.buf[2] + 80);
139 digest[6] = hex_to_u64 ((const u8 *) token.buf[2] + 96);
140 digest[7] = hex_to_u64 ((const u8 *) token.buf[2] + 112);
141
142 // salt
143
144 if ((token.len[3] == 8) || (token.len[3] == 16))
145 {
146 memcpy (salt->salt_buf, token.buf[3], token.len[3]);
147
148 salt->salt_len = token.len[3];
149 }
150 else
151 {
152 return (PARSER_SALT_LENGTH);
153 }
154
155 return (PARSER_OK);
156 }
157
module_hash_encode(MAYBE_UNUSED const hashconfig_t * hashconfig,MAYBE_UNUSED const void * digest_buf,MAYBE_UNUSED const salt_t * salt,MAYBE_UNUSED const void * esalt_buf,MAYBE_UNUSED const void * hook_salt_buf,MAYBE_UNUSED const hashinfo_t * hash_info,char * line_buf,MAYBE_UNUSED const int line_size)158 int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
159 {
160 const u64 *digest = (const u64 *) digest_buf;
161
162 int line_len = 0;
163
164 const int iter = salt->salt_iter;
165
166 if (iter == ROUNDS_QNX)
167 {
168 line_buf[line_len++] = '@';
169 line_buf[line_len++] = 'S';
170 line_buf[line_len++] = '@';
171 }
172 else
173 {
174 line_buf[line_len++] = '@';
175 line_buf[line_len++] = 'S';
176 line_buf[line_len++] = ',';
177
178 line_len += snprintf (line_buf + line_len, line_size - line_len, "%d", iter);
179
180 line_buf[line_len++] = '@';
181 }
182
183 u64_to_hex (digest[0], (u8 *) line_buf + line_len); line_len += 16;
184 u64_to_hex (digest[1], (u8 *) line_buf + line_len); line_len += 16;
185 u64_to_hex (digest[2], (u8 *) line_buf + line_len); line_len += 16;
186 u64_to_hex (digest[3], (u8 *) line_buf + line_len); line_len += 16;
187 u64_to_hex (digest[4], (u8 *) line_buf + line_len); line_len += 16;
188 u64_to_hex (digest[5], (u8 *) line_buf + line_len); line_len += 16;
189 u64_to_hex (digest[6], (u8 *) line_buf + line_len); line_len += 16;
190 u64_to_hex (digest[7], (u8 *) line_buf + line_len); line_len += 16;
191
192 line_buf[line_len++] = '@';
193
194 memcpy (line_buf + line_len, salt->salt_buf, salt->salt_len);
195
196 line_len += salt->salt_len;
197
198 line_buf[line_len] = 0;
199
200 return line_len;
201 }
202
module_init(module_ctx_t * module_ctx)203 void module_init (module_ctx_t *module_ctx)
204 {
205 module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
206 module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
207
208 module_ctx->module_attack_exec = module_attack_exec;
209 module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
210 module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
211 module_ctx->module_benchmark_mask = MODULE_DEFAULT;
212 module_ctx->module_benchmark_salt = MODULE_DEFAULT;
213 module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
214 module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
215 module_ctx->module_deprecated_notice = MODULE_DEFAULT;
216 module_ctx->module_dgst_pos0 = module_dgst_pos0;
217 module_ctx->module_dgst_pos1 = module_dgst_pos1;
218 module_ctx->module_dgst_pos2 = module_dgst_pos2;
219 module_ctx->module_dgst_pos3 = module_dgst_pos3;
220 module_ctx->module_dgst_size = module_dgst_size;
221 module_ctx->module_dictstat_disable = MODULE_DEFAULT;
222 module_ctx->module_esalt_size = MODULE_DEFAULT;
223 module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
224 module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
225 module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT;
226 module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
227 module_ctx->module_hash_binary_count = MODULE_DEFAULT;
228 module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
229 module_ctx->module_hash_binary_save = MODULE_DEFAULT;
230 module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
231 module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
232 module_ctx->module_hash_decode = module_hash_decode;
233 module_ctx->module_hash_encode_status = MODULE_DEFAULT;
234 module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
235 module_ctx->module_hash_encode = module_hash_encode;
236 module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
237 module_ctx->module_hash_mode = MODULE_DEFAULT;
238 module_ctx->module_hash_category = module_hash_category;
239 module_ctx->module_hash_name = module_hash_name;
240 module_ctx->module_hashes_count_min = MODULE_DEFAULT;
241 module_ctx->module_hashes_count_max = MODULE_DEFAULT;
242 module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
243 module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
244 module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
245 module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
246 module_ctx->module_hook12 = MODULE_DEFAULT;
247 module_ctx->module_hook23 = MODULE_DEFAULT;
248 module_ctx->module_hook_salt_size = MODULE_DEFAULT;
249 module_ctx->module_hook_size = MODULE_DEFAULT;
250 module_ctx->module_jit_build_options = MODULE_DEFAULT;
251 module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
252 module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
253 module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
254 module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
255 module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
256 module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
257 module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
258 module_ctx->module_kern_type = module_kern_type;
259 module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
260 module_ctx->module_opti_type = module_opti_type;
261 module_ctx->module_opts_type = module_opts_type;
262 module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
263 module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
264 module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
265 module_ctx->module_potfile_disable = MODULE_DEFAULT;
266 module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
267 module_ctx->module_pwdump_column = MODULE_DEFAULT;
268 module_ctx->module_pw_max = MODULE_DEFAULT;
269 module_ctx->module_pw_min = MODULE_DEFAULT;
270 module_ctx->module_salt_max = MODULE_DEFAULT;
271 module_ctx->module_salt_min = MODULE_DEFAULT;
272 module_ctx->module_salt_type = module_salt_type;
273 module_ctx->module_separator = MODULE_DEFAULT;
274 module_ctx->module_st_hash = module_st_hash;
275 module_ctx->module_st_pass = module_st_pass;
276 module_ctx->module_tmp_size = module_tmp_size;
277 module_ctx->module_unstable_warning = module_unstable_warning;
278 module_ctx->module_warmup_disable = MODULE_DEFAULT;
279 }
280