From a2d2675d43aeb59ec367c5161da2bb79a08af281 Mon Sep 17 00:00:00 2001 From: jsteube Date: Sun, 10 Feb 2019 14:22:34 +0100 Subject: [PATCH] Add -m 9500 module --- include/interface_migrate.h | 15 -- src/interface_migrate.c | 199 ---------------------- src/modules/module_09500.c | 327 ++++++++++++++++++++++++++++++++++++ 3 files changed, 327 insertions(+), 214 deletions(-) create mode 100644 src/modules/module_09500.c diff --git a/include/interface_migrate.h b/include/interface_migrate.h index da1f33dac..7078b82fd 100644 --- a/include/interface_migrate.h +++ b/include/interface_migrate.h @@ -59,13 +59,6 @@ typedef struct pbkdf2_sha512 } pbkdf2_sha512_t; -typedef struct office2010 -{ - u32 encryptedVerifier[4]; - u32 encryptedVerifierHash[8]; - -} office2010_t; - typedef struct zip2 { u32 type; @@ -165,12 +158,6 @@ typedef struct mywallet_tmp } mywallet_tmp_t; -typedef struct office2010_tmp -{ - u32 out[5]; - -} office2010_tmp_t; - typedef struct saph_sha1_tmp { u32 digest_buf[5]; @@ -299,7 +286,6 @@ typedef enum kern_type KERN_TYPE_SHA1_SLT_PW_SLT = 4900, KERN_TYPE_RIPEMD160 = 6000, KERN_TYPE_WHIRLPOOL = 6100, - KERN_TYPE_OFFICE2010 = 9500, KERN_TYPE_RADMIN2 = 9900, KERN_TYPE_SIPHASH = 10100, KERN_TYPE_SAPH_SHA1 = 10300, @@ -347,7 +333,6 @@ typedef enum kern_type typedef enum rounds_count { - ROUNDS_OFFICE2010 = 100000, ROUNDS_LIBREOFFICE = 100000, ROUNDS_OPENOFFICE = 1024, ROUNDS_DJANGOPBKDF2 = 20000, diff --git a/src/interface_migrate.c b/src/interface_migrate.c index 251247f03..de2d92638 100644 --- a/src/interface_migrate.c +++ b/src/interface_migrate.c @@ -90,7 +90,6 @@ " 14800 | iTunes backup >= 10.0 | Backup", " 12900 | Android FDE (Samsung DEK) | Full-Disk Encryption (FDE)", " 12200 | eCryptfs | Full-Disk Encryption (FDE)", - " 9500 | MS Office 2010 | Documents", " 10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents", " 10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents", " 16200 | Apple Secure Notes | Documents", @@ -164,7 +163,6 @@ static const char *ST_HASH_04700 = "92d85978d884eb1d99a51652b1139c8279fa8663"; static const char *ST_HASH_04900 = "75d280ca9a0c2ee18729603104ead576d9ca6285:347070"; static const char *ST_HASH_06000 = "012cb9b334ec1aeb71a9c8ce85586082467f7eb6"; static const char *ST_HASH_06100 = "7ca8eaaaa15eaa4c038b4c47b9313e92da827c06940e69947f85bc0fbef3eb8fd254da220ad9e208b6b28f6bb9be31dd760f1fdb26112d83f87d96b416a4d258"; -static const char *ST_HASH_09500 = "$office$*2010*100000*128*16*34170046140146368675746031258762*de5bc114991bb3a5679a6e24320bdb09*1b72a4ddffba3dcd5395f6a5ff75b126cb832b733c298e86162028ca47a235a9"; static const char *ST_HASH_09900 = "22527bee5c29ce95373c4e0f359f079b"; static const char *ST_HASH_10000 = "pbkdf2_sha256$10000$1135411628$bFYX62rfJobJ07VwrUMXfuffLfj2RDM2G6/BrTrUWkE="; static const char *ST_HASH_10100 = "583e6f51e52ba296:2:4:47356410265714355482333327356688"; @@ -244,7 +242,6 @@ static const char *HT_04700 = "sha1(md5($pass))"; static const char *HT_04900 = "sha1($salt.$pass.$salt)"; static const char *HT_06000 = "RIPEMD-160"; static const char *HT_06100 = "Whirlpool"; -static const char *HT_09500 = "MS Office 2010"; static const char *HT_09900 = "Radmin2"; static const char *HT_10000 = "Django (PBKDF2-SHA256)"; static const char *HT_10100 = "SipHash"; @@ -327,7 +324,6 @@ static const char *SIGNATURE_MSSQL2012 = "0x0200"; static const char *SIGNATURE_MYSQL_AUTH = "$mysqlna$"; static const char *SIGNATURE_MYWALLET = "$blockchain$"; static const char *SIGNATURE_MYWALLETV2 = "$blockchain$v2$"; -static const char *SIGNATURE_OFFICE2010 = "$office$"; static const char *SIGNATURE_PBKDF2_MD5 = "md5"; static const char *SIGNATURE_PBKDF2_SHA256 = "sha256"; static const char *SIGNATURE_PBKDF2_SHA512 = "sha512"; @@ -2796,152 +2792,6 @@ int peoplesoft_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE return (PARSER_OK); } -int office2010_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - office2010_t *office2010 = (office2010_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 8; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_OFFICE2010; - - token.len_min[0] = 8; - token.len_max[0] = 8; - token.sep[0] = '*'; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 4; - token.len_max[1] = 4; - token.sep[1] = '*'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[2] = 6; - token.len_max[2] = 6; - token.sep[2] = '*'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[3] = 3; - token.len_max[3] = 3; - token.sep[3] = '*'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[4] = 2; - token.len_max[4] = 2; - token.sep[4] = '*'; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; - - token.len_min[5] = 32; - token.len_max[5] = 32; - token.sep[5] = '*'; - token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[6] = 32; - token.len_max[6] = 32; - token.sep[6] = '*'; - token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len_min[7] = 64; - token.len_max[7] = 64; - token.sep[7] = '*'; - token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *version_pos = token.buf[1]; - const u8 *spinCount_pos = token.buf[2]; - const u8 *keySize_pos = token.buf[3]; - const u8 *saltSize_pos = token.buf[4]; - const u8 *osalt_pos = token.buf[5]; - const u8 *encryptedVerifier_pos = token.buf[6]; - const u8 *encryptedVerifierHash_pos = token.buf[7]; - - const u32 version = hc_strtoul ((const char *) version_pos, NULL, 10); - const u32 spinCount = hc_strtoul ((const char *) spinCount_pos, NULL, 10); - const u32 keySize = hc_strtoul ((const char *) keySize_pos, NULL, 10); - const u32 saltSize = hc_strtoul ((const char *) saltSize_pos, NULL, 10); - - if (version != 2010) return (PARSER_SALT_VALUE); - if (spinCount != 100000) return (PARSER_SALT_VALUE); - if (keySize != 128) return (PARSER_SALT_VALUE); - if (saltSize != 16) return (PARSER_SALT_VALUE); - - /** - * salt - */ - - salt->salt_len = 16; - salt->salt_iter = spinCount; - - salt->salt_buf[0] = hex_to_u32 (osalt_pos + 0); - salt->salt_buf[1] = hex_to_u32 (osalt_pos + 8); - salt->salt_buf[2] = hex_to_u32 (osalt_pos + 16); - salt->salt_buf[3] = hex_to_u32 (osalt_pos + 24); - - salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); - salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); - salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); - salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); - - /** - * esalt - */ - - office2010->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); - office2010->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); - office2010->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); - office2010->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); - - office2010->encryptedVerifier[0] = byte_swap_32 (office2010->encryptedVerifier[0]); - office2010->encryptedVerifier[1] = byte_swap_32 (office2010->encryptedVerifier[1]); - office2010->encryptedVerifier[2] = byte_swap_32 (office2010->encryptedVerifier[2]); - office2010->encryptedVerifier[3] = byte_swap_32 (office2010->encryptedVerifier[3]); - - office2010->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); - office2010->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); - office2010->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); - office2010->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); - office2010->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); - office2010->encryptedVerifierHash[5] = hex_to_u32 (encryptedVerifierHash_pos + 40); - office2010->encryptedVerifierHash[6] = hex_to_u32 (encryptedVerifierHash_pos + 48); - office2010->encryptedVerifierHash[7] = hex_to_u32 (encryptedVerifierHash_pos + 56); - - office2010->encryptedVerifierHash[0] = byte_swap_32 (office2010->encryptedVerifierHash[0]); - office2010->encryptedVerifierHash[1] = byte_swap_32 (office2010->encryptedVerifierHash[1]); - office2010->encryptedVerifierHash[2] = byte_swap_32 (office2010->encryptedVerifierHash[2]); - office2010->encryptedVerifierHash[3] = byte_swap_32 (office2010->encryptedVerifierHash[3]); - office2010->encryptedVerifierHash[4] = byte_swap_32 (office2010->encryptedVerifierHash[4]); - office2010->encryptedVerifierHash[5] = byte_swap_32 (office2010->encryptedVerifierHash[5]); - office2010->encryptedVerifierHash[6] = byte_swap_32 (office2010->encryptedVerifierHash[6]); - office2010->encryptedVerifierHash[7] = byte_swap_32 (office2010->encryptedVerifierHash[7]); - - /** - * digest - */ - - digest[0] = office2010->encryptedVerifierHash[0]; - digest[1] = office2010->encryptedVerifierHash[1]; - digest[2] = office2010->encryptedVerifierHash[2]; - digest[3] = office2010->encryptedVerifierHash[3]; - - return (PARSER_OK); -} - int radmin2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -7530,35 +7380,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, digest_buf[2], digest_buf[3]); } - else if (hash_mode == 9500) - { - office2010_t *office2010s = (office2010_t *) esalts_buf; - - office2010_t *office2010 = &office2010s[digest_cur]; - - snprintf (out_buf, out_size, "%s*%d*%d*%d*%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x%08x%08x%08x", - SIGNATURE_OFFICE2010, - 2010, - 100000, - 128, - 16, - salt.salt_buf[0], - salt.salt_buf[1], - salt.salt_buf[2], - salt.salt_buf[3], - office2010->encryptedVerifier[0], - office2010->encryptedVerifier[1], - office2010->encryptedVerifier[2], - office2010->encryptedVerifier[3], - office2010->encryptedVerifierHash[0], - office2010->encryptedVerifierHash[1], - office2010->encryptedVerifierHash[2], - office2010->encryptedVerifierHash[3], - office2010->encryptedVerifierHash[4], - office2010->encryptedVerifierHash[5], - office2010->encryptedVerifierHash[6], - office2010->encryptedVerifierHash[7]); - } else if (hash_mode == 10000) { // salt @@ -9728,23 +9549,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 9500: hashconfig->hash_type = HASH_TYPE_OFFICE2010; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE; - hashconfig->kern_type = KERN_TYPE_OFFICE2010; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = office2010_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_09500; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 9900: hashconfig->hash_type = HASH_TYPE_MD5; hashconfig->salt_type = SALT_TYPE_NONE; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -10530,7 +10334,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) switch (hashconfig->hash_mode) { - case 9500: hashconfig->esalt_size = sizeof (office2010_t); break; case 10000: hashconfig->esalt_size = sizeof (pbkdf2_sha256_t); break; case 10200: hashconfig->esalt_size = sizeof (cram_md5_t); break; case 10600: hashconfig->esalt_size = sizeof (pdf_t); break; @@ -10556,7 +10359,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) switch (hashconfig->hash_mode) { - case 9500: hashconfig->tmp_size = sizeof (office2010_tmp_t); break; case 10000: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; case 10200: hashconfig->tmp_size = sizeof (cram_md5_t); break; case 10300: hashconfig->tmp_size = sizeof (saph_sha1_tmp_t); break; @@ -10622,7 +10424,6 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co switch (hashconfig->hash_mode) { case 112: pw_max = 30; break; // https://www.toadworld.com/platforms/oracle/b/weblog/archive/2013/11/12/oracle-12c-passwords - case 9500: pw_max = PW_MAX; break; case 9900: pw_max = 100; break; // RAdmin2 sets w[25] = 0x80 case 10000: pw_max = PW_MAX; break; case 10300: pw_max = 40; break; // https://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/ diff --git a/src/modules/module_09500.c b/src/modules/module_09500.c new file mode 100644 index 000000000..ad6847822 --- /dev/null +++ b/src/modules/module_09500.c @@ -0,0 +1,327 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "MS Office 2010"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 9500; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$office$*2010*100000*128*16*34170046140146368675746031258762*de5bc114991bb3a5679a6e24320bdb09*1b72a4ddffba3dcd5395f6a5ff75b126cb832b733c298e86162028ca47a235a9"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct office2010 +{ + u32 encryptedVerifier[4]; + u32 encryptedVerifierHash[8]; + +} office2010_t; + +typedef struct office2010_tmp +{ + u32 out[5]; + +} office2010_tmp_t; + +static const char *SIGNATURE_OFFICE2010 = "$office$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (office2010_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (office2010_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + office2010_t *office2010 = (office2010_t *) esalt_buf; + + token_t token; + + token.token_cnt = 8; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_OFFICE2010; + + token.len_min[0] = 8; + token.len_max[0] = 8; + token.sep[0] = '*'; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 4; + token.len_max[1] = 4; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 6; + token.len_max[2] = 6; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[3] = 3; + token.len_max[3] = 3; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[4] = 2; + token.len_max[4] = 2; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[5] = 32; + token.len_max[5] = 32; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[6] = 32; + token.len_max[6] = 32; + token.sep[6] = '*'; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[7] = 64; + token.len_max[7] = 64; + token.sep[7] = '*'; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + const u8 *spinCount_pos = token.buf[2]; + const u8 *keySize_pos = token.buf[3]; + const u8 *saltSize_pos = token.buf[4]; + const u8 *osalt_pos = token.buf[5]; + const u8 *encryptedVerifier_pos = token.buf[6]; + const u8 *encryptedVerifierHash_pos = token.buf[7]; + + const u32 version = hc_strtoul ((const char *) version_pos, NULL, 10); + const u32 spinCount = hc_strtoul ((const char *) spinCount_pos, NULL, 10); + const u32 keySize = hc_strtoul ((const char *) keySize_pos, NULL, 10); + const u32 saltSize = hc_strtoul ((const char *) saltSize_pos, NULL, 10); + + if (version != 2010) return (PARSER_SALT_VALUE); + if (spinCount != 100000) return (PARSER_SALT_VALUE); + if (keySize != 128) return (PARSER_SALT_VALUE); + if (saltSize != 16) return (PARSER_SALT_VALUE); + + /** + * salt + */ + + salt->salt_len = 16; + salt->salt_iter = spinCount; + + salt->salt_buf[0] = hex_to_u32 (osalt_pos + 0); + salt->salt_buf[1] = hex_to_u32 (osalt_pos + 8); + salt->salt_buf[2] = hex_to_u32 (osalt_pos + 16); + salt->salt_buf[3] = hex_to_u32 (osalt_pos + 24); + + salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); + salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); + salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); + salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + + /** + * esalt + */ + + office2010->encryptedVerifier[0] = hex_to_u32 (encryptedVerifier_pos + 0); + office2010->encryptedVerifier[1] = hex_to_u32 (encryptedVerifier_pos + 8); + office2010->encryptedVerifier[2] = hex_to_u32 (encryptedVerifier_pos + 16); + office2010->encryptedVerifier[3] = hex_to_u32 (encryptedVerifier_pos + 24); + + office2010->encryptedVerifier[0] = byte_swap_32 (office2010->encryptedVerifier[0]); + office2010->encryptedVerifier[1] = byte_swap_32 (office2010->encryptedVerifier[1]); + office2010->encryptedVerifier[2] = byte_swap_32 (office2010->encryptedVerifier[2]); + office2010->encryptedVerifier[3] = byte_swap_32 (office2010->encryptedVerifier[3]); + + office2010->encryptedVerifierHash[0] = hex_to_u32 (encryptedVerifierHash_pos + 0); + office2010->encryptedVerifierHash[1] = hex_to_u32 (encryptedVerifierHash_pos + 8); + office2010->encryptedVerifierHash[2] = hex_to_u32 (encryptedVerifierHash_pos + 16); + office2010->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); + office2010->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); + office2010->encryptedVerifierHash[5] = hex_to_u32 (encryptedVerifierHash_pos + 40); + office2010->encryptedVerifierHash[6] = hex_to_u32 (encryptedVerifierHash_pos + 48); + office2010->encryptedVerifierHash[7] = hex_to_u32 (encryptedVerifierHash_pos + 56); + + office2010->encryptedVerifierHash[0] = byte_swap_32 (office2010->encryptedVerifierHash[0]); + office2010->encryptedVerifierHash[1] = byte_swap_32 (office2010->encryptedVerifierHash[1]); + office2010->encryptedVerifierHash[2] = byte_swap_32 (office2010->encryptedVerifierHash[2]); + office2010->encryptedVerifierHash[3] = byte_swap_32 (office2010->encryptedVerifierHash[3]); + office2010->encryptedVerifierHash[4] = byte_swap_32 (office2010->encryptedVerifierHash[4]); + office2010->encryptedVerifierHash[5] = byte_swap_32 (office2010->encryptedVerifierHash[5]); + office2010->encryptedVerifierHash[6] = byte_swap_32 (office2010->encryptedVerifierHash[6]); + office2010->encryptedVerifierHash[7] = byte_swap_32 (office2010->encryptedVerifierHash[7]); + + /** + * digest + */ + + digest[0] = office2010->encryptedVerifierHash[0]; + digest[1] = office2010->encryptedVerifierHash[1]; + digest[2] = office2010->encryptedVerifierHash[2]; + digest[3] = office2010->encryptedVerifierHash[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const office2010_t *office2010 = (const office2010_t *) esalt_buf; + + const int line_len = snprintf (line_buf, line_size, "%s*%d*%d*%d*%d*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x%08x%08x%08x", + SIGNATURE_OFFICE2010, + 2010, + 100000, + 128, + 16, + salt->salt_buf[0], + salt->salt_buf[1], + salt->salt_buf[2], + salt->salt_buf[3], + office2010->encryptedVerifier[0], + office2010->encryptedVerifier[1], + office2010->encryptedVerifier[2], + office2010->encryptedVerifier[3], + office2010->encryptedVerifierHash[0], + office2010->encryptedVerifierHash[1], + office2010->encryptedVerifierHash[2], + office2010->encryptedVerifierHash[3], + office2010->encryptedVerifierHash[4], + office2010->encryptedVerifierHash[5], + office2010->encryptedVerifierHash[6], + office2010->encryptedVerifierHash[7]); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +}