From 5dd87b9eaf164a97facec8b30c3d0f54ee72f065 Mon Sep 17 00:00:00 2001
From: dsk <dhiru.kholia@gmail.com>
Date: Fri, 23 Mar 2012 21:34:07 +0530
Subject: [PATCH] PoC V2 cracker for Mozilla Firefox and Thunderbird
 passwords.

---
 src/Makefile      |    9 +++-
 src/john.c        |    8 +++
 src/mozilla_fmt.c |  156 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 171 insertions(+), 2 deletions(-)
 create mode 100644 src/mozilla_fmt.c

diff --git a/src/Makefile b/src/Makefile
index 0cbf68b..4cda1e9 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -37,12 +37,16 @@ OMPFLAGS =
 # icc with OpenMP (for make target linux-x86-64-icc)
 #ICCOMPFLAGS = -openmp
 
-CFLAGS = -c -Wall -O2 -fomit-frame-pointer -I/usr/local/include $(OMPFLAGS) $(JOHN_CFLAGS)
+# NSS (and NSPR) flag
+#HAVE_NSS =
+HAVE_NSS = -DHAVE_NSS
+
+CFLAGS = -c -Wall -O2 -fomit-frame-pointer -I/usr/local/include $(HAVE_NSS) $(OMPFLAGS) $(JOHN_CFLAGS) `pkg-config --cflags nss`
 # -DHAVE_SKEY
 # CFLAGS for use on the main john.c file only
 CFLAGS_MAIN = $(CFLAGS)
 ASFLAGS = -c $(JOHN_CFLAGS) $(OMPFLAGS)
-LDFLAGS = -s -L/usr/local/lib -L/usr/local/ssl/lib -lssl -lcrypto -lm -lz $(JOHN_CFLAGS) $(OMPFLAGS)
+LDFLAGS = -s -L/usr/local/lib -L/usr/local/ssl/lib -lssl -lcrypto -lm -lz $(JOHN_CFLAGS) $(OMPFLAGS) `pkg-config --libs nss`
 # -lskey
 LDFLAGS_SOLARIS = -lrt -lnsl -lsocket -lm -lz -lcrypto -lssl
 LDFLAGS_MKV = -s -lm
@@ -103,6 +107,7 @@ JOHN_OBJS = \
 	rar_fmt.o rar2john.o \
 	zip_fmt.o zip2john.o gladman_hmac.o gladman_pwd2key.o \
 	racf2john.o \
+	mozilla_fmt.o \
 	$(PLUGFORMATS_OBJS) \
 	plugin.o \
 	dummy.o \
diff --git a/src/john.c b/src/john.c
index bd44a35..04b55f6 100644
--- a/src/john.c
+++ b/src/john.c
@@ -102,6 +102,10 @@ extern struct fmt_main fmt_cryptsha512;
 extern struct fmt_main fmt_SKEY;
 #endif
 
+#ifdef HAVE_NSS
+extern struct fmt_main mozilla_fmt;
+#endif
+
 #ifdef CL_VERSION_1_0
 extern struct fmt_main fmt_opencl_NSLDAPS;
 extern struct fmt_main fmt_opencl_rawMD5;
@@ -203,6 +207,10 @@ static void john_register_all(void)
 	john_register_one(&fmt_cryptsha512);
 #endif
 
+#ifdef HAVE_NSS
+	john_register_one(&mozilla_fmt);
+#endif
+
 #ifdef HAVE_CRYPT
 	john_register_one(&fmt_crypt);
 #endif
diff --git a/src/mozilla_fmt.c b/src/mozilla_fmt.c
new file mode 100644
index 0000000..68d8408
--- /dev/null
+++ b/src/mozilla_fmt.c
@@ -0,0 +1,156 @@
+/* Mozilla cracker patch for JtR. Hacked together during March of 2012 by
+ * Dhiru Kholia <dhiru.kholia at gmail.com> */
+
+#ifdef HAVE_NSS
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+#include "arch.h"
+#include "misc.h"
+#include "common.h"
+#include "formats.h"
+#include "params.h"
+#include "options.h"
+#include <nss.h>
+#include <pk11pub.h>
+#include <nssb64.h>
+#include <pk11sdr.h>
+#include <prinit.h>
+
+#define FORMAT_LABEL		"mozilla"
+#define FORMAT_NAME		"Mozilla"
+#define ALGORITHM_NAME		"32/" ARCH_BITS_STR
+#define BENCHMARK_COMMENT	""
+#define BENCHMARK_LENGTH	-1
+#define PLAINTEXT_LENGTH	16
+#define BINARY_SIZE		16
+#define SALT_SIZE		512
+#define MIN_KEYS_PER_CRYPT	1
+#define MAX_KEYS_PER_CRYPT	1
+
+static char saved_key[PLAINTEXT_LENGTH + 1];
+static int cracked;
+static int cleanup_required = 0;
+
+static void init(struct fmt_main *pFmt)
+{
+
+}
+
+static int valid(char *ciphertext, struct fmt_main *pFmt)
+{
+	return !strncmp(ciphertext, "$mozilla$", 9);
+}
+
+static void *get_salt(char *ciphertext)
+{
+	return ciphertext;
+}
+
+
+static void set_salt(void *salt)
+{
+	char *saltcopy = strdup(salt);
+	char *keeptr = saltcopy;
+	static char path[4096];
+	saltcopy += 9;	/* skip over "$mozilla$*" */
+	char *p = strtok(saltcopy, "*");
+	strcpy(path, p);
+	if(cleanup_required) {
+		NSS_Shutdown();
+		PL_ArenaFinish();
+		PR_Cleanup();
+	}
+	if(NSS_Init(path) != SECSuccess) {
+		fprintf(stderr, "NSS_Init fails\r\n");
+	}
+	cleanup_required = 1;
+	cracked = 0;
+	free(keeptr);
+}
+
+static void crypt_all(int count)
+{
+	void *keySlot;
+	if((keySlot = PK11_GetInternalKeySlot()) == NULL) {
+		fprintf(stderr, "PK11_GetInternalKeySlot fails\r\n");
+		fflush(stderr);
+	}
+	if(PK11_CheckUserPassword(keySlot, (const char*)saved_key) == SECSuccess) {
+		cracked = 1;
+	}
+	PK11_FreeSlot(keySlot);
+}
+
+static int cmp_all(void *binary, int count)
+{
+	return cracked;
+}
+
+static int cmp_one(void *binary, int index)
+{
+	return cracked;
+}
+
+static int cmp_exact(char *source, int index)
+{
+    return 1;
+}
+
+static void mozilla_set_key(char *key, int index)
+{
+	int saved_key_length = strlen(key);
+	if (saved_key_length > PLAINTEXT_LENGTH)
+		saved_key_length = PLAINTEXT_LENGTH;
+	memcpy(saved_key, key, saved_key_length);
+	saved_key[saved_key_length] = 0;
+}
+
+static char *get_key(int index)
+{
+	return saved_key;
+}
+
+struct fmt_main mozilla_fmt = {
+	{
+		FORMAT_LABEL,
+		FORMAT_NAME,
+		ALGORITHM_NAME,
+		BENCHMARK_COMMENT,
+		BENCHMARK_LENGTH,
+		PLAINTEXT_LENGTH,
+		BINARY_SIZE,
+		SALT_SIZE,
+		MIN_KEYS_PER_CRYPT,
+		MAX_KEYS_PER_CRYPT,
+		FMT_CASE | FMT_8_BIT,
+		NULL
+	}, {
+		init,
+		fmt_default_prepare,
+		valid,
+		fmt_default_split,
+		fmt_default_binary,
+		get_salt,
+		{
+			fmt_default_binary_hash
+		},
+		fmt_default_salt_hash,
+		set_salt,
+		mozilla_set_key,
+		get_key,
+		fmt_default_clear_keys,
+		crypt_all,
+		{
+			fmt_default_get_hash
+		},
+		cmp_all,
+		cmp_one,
+		cmp_exact
+	}
+};
+#else
+#ifdef __GNUC__
+#warning Note: Mozilla format disabled - it needs NSS (and NSPR) installed
+#endif
+#endif
-- 
1.7.5.4