From 40a5835927f8bc8e39fffd4ed4fa7a9d8e38b69c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 13 Dec 2019 13:19:58 +0100 Subject: [PATCH] In -m 12700 and -m 15200 decrypt 48 byte of data instead of just 16 byte --- OpenCL/m12700-pure.cl | 68 +++++++++++++++++++++++++------------- src/modules/module_12700.c | 29 +++++----------- src/modules/module_15200.c | 29 +++++----------- 3 files changed, 61 insertions(+), 65 deletions(-) diff --git a/OpenCL/m12700-pure.cl b/OpenCL/m12700-pure.cl index 5f9d3e2f7..5fac76466 100644 --- a/OpenCL/m12700-pure.cl +++ b/OpenCL/m12700-pure.cl @@ -28,6 +28,20 @@ typedef struct mywallet_tmp } mywallet_tmp_t; +DECLSPEC int is_valid_char (const u32 v) +{ + if ((v & 0xff000000) < 0x09000000) return 0; + if ((v & 0xff000000) > 0x7e000000) return 0; + if ((v & 0x00ff0000) < 0x00090000) return 0; + if ((v & 0x00ff0000) > 0x007e0000) return 0; + if ((v & 0x0000ff00) < 0x00000900) return 0; + if ((v & 0x0000ff00) > 0x00007e00) return 0; + if ((v & 0x000000ff) < 0x00000009) return 0; + if ((v & 0x000000ff) > 0x0000007e) return 0; + + return 1; +} + DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) { digest[0] = ipad[0]; @@ -318,40 +332,48 @@ KERNEL_FQ void m12700_comp (KERN_ATTR_TMPS (mywallet_tmp_t)) AES256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 data[4]; + u32 iv[4]; - data[0] = salt_bufs[salt_pos].salt_buf[4]; - data[1] = salt_bufs[salt_pos].salt_buf[5]; - data[2] = salt_bufs[salt_pos].salt_buf[6]; - data[3] = salt_bufs[salt_pos].salt_buf[7]; - - u32 out[4]; - - AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); + iv[0] = salt_bufs[salt_pos].salt_buf[0]; + iv[1] = salt_bufs[salt_pos].salt_buf[1]; + iv[2] = salt_bufs[salt_pos].salt_buf[2]; + iv[3] = salt_bufs[salt_pos].salt_buf[3]; // decrypted data should be a JSON string consisting only of ASCII chars (0x09-0x7e) - for (u32 i = 0; i < 4; i++) + for (u32 i = 4; i < 12; i += 4) { - out[i] ^= salt_bufs[salt_pos].salt_buf[i]; + u32 data[4]; - if ((out[i] & 0xff000000) < 0x09000000) return; - if ((out[i] & 0xff000000) > 0x7e000000) return; + data[0] = salt_bufs[salt_pos].salt_buf[i + 0]; + data[1] = salt_bufs[salt_pos].salt_buf[i + 1]; + data[2] = salt_bufs[salt_pos].salt_buf[i + 2]; + data[3] = salt_bufs[salt_pos].salt_buf[i + 3]; - if ((out[i] & 0x00ff0000) < 0x00090000) return; - if ((out[i] & 0x00ff0000) > 0x007e0000) return; + u32 out[4]; - if ((out[i] & 0x0000ff00) < 0x00000900) return; - if ((out[i] & 0x0000ff00) > 0x00007e00) return; + AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); - if ((out[i] & 0x000000ff) < 0x00000009) return; - if ((out[i] & 0x000000ff) > 0x0000007e) return; + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_char (out[0]) == 0) return; + if (is_valid_char (out[1]) == 0) return; + if (is_valid_char (out[2]) == 0) return; + if (is_valid_char (out[3]) == 0) return; + + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; } - const u32 r0 = data[0]; - const u32 r1 = data[1]; - const u32 r2 = data[2]; - const u32 r3 = data[3]; + const u32 r0 = salt_bufs[salt_pos].salt_buf[4]; + const u32 r1 = salt_bufs[salt_pos].salt_buf[5]; + const u32 r2 = salt_bufs[salt_pos].salt_buf[6]; + const u32 r3 = salt_bufs[salt_pos].salt_buf[7]; #define il_pos 0 diff --git a/src/modules/module_12700.c b/src/modules/module_12700.c index d6fa81dc0..a88e1d03b 100644 --- a/src/modules/module_12700.c +++ b/src/modules/module_12700.c @@ -93,7 +93,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; - token.len_min[2] = 64; + token.len_min[2] = 144; token.len_max[2] = 65536; token.sep[2] = '$'; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH @@ -109,29 +109,16 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *salt_pos = token.buf[2]; - salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); - salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); - salt->salt_buf[2] = hex_to_u32 (salt_pos + 16); - salt->salt_buf[3] = hex_to_u32 (salt_pos + 24); + // first 16 byte are IV - salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); - salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); - salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); - salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + for (int i = 0, j = 0; i < 16; i += 1, j += 8) + { + salt->salt_buf[i] = hex_to_u32 (salt_pos + j); - // this is actually the CT, which is also the hash later (if matched) + salt->salt_buf[i] = byte_swap_32 (salt->salt_buf[i]); + } - salt->salt_buf[4] = hex_to_u32 (salt_pos + 32); - salt->salt_buf[5] = hex_to_u32 (salt_pos + 40); - salt->salt_buf[6] = hex_to_u32 (salt_pos + 48); - salt->salt_buf[7] = hex_to_u32 (salt_pos + 56); - - salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]); - salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]); - salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]); - salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]); - - salt->salt_len = 32; // note we need to fix this to 16 in kernel + salt->salt_len = 64; salt->salt_iter = ROUNDS_MYWALLET - 1; diff --git a/src/modules/module_15200.c b/src/modules/module_15200.c index a5b5e81e5..440a270a7 100644 --- a/src/modules/module_15200.c +++ b/src/modules/module_15200.c @@ -98,7 +98,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE | TOKEN_ATTR_VERIFY_DIGIT; token.sep[3] = '$'; - token.len_min[3] = 64; + token.len_min[3] = 144; token.len_max[3] = 999999; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; @@ -119,29 +119,16 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *data_pos = token.buf[3]; - salt->salt_buf[0] = hex_to_u32 ((const u8 *) &data_pos[ 0]); - salt->salt_buf[1] = hex_to_u32 ((const u8 *) &data_pos[ 8]); - salt->salt_buf[2] = hex_to_u32 ((const u8 *) &data_pos[16]); - salt->salt_buf[3] = hex_to_u32 ((const u8 *) &data_pos[24]); + // first 16 byte are IV - salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); - salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); - salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); - salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + for (int i = 0, j = 0; i < 16; i += 1, j += 8) + { + salt->salt_buf[i] = hex_to_u32 (data_pos + j); - // this is actually the CT, which is also the hash later (if matched) + salt->salt_buf[i] = byte_swap_32 (salt->salt_buf[i]); + } - salt->salt_buf[4] = hex_to_u32 ((const u8 *) &data_pos[32]); - salt->salt_buf[5] = hex_to_u32 ((const u8 *) &data_pos[40]); - salt->salt_buf[6] = hex_to_u32 ((const u8 *) &data_pos[48]); - salt->salt_buf[7] = hex_to_u32 ((const u8 *) &data_pos[56]); - - salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]); - salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]); - salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]); - salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]); - - salt->salt_len = 32; // note we need to fix this to 16 in kernel + salt->salt_len = 64; // hash