Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20080625234850.68C47BE4078@ws1-9.us4.outblaze.com>
Date: Wed, 25 Jun 2008 18:48:50 -0500
From: "sap friend" <sapfriend@...sultant.com>
To: john-users@...ts.openwall.com
Subject: patch for SAP-passwords (BCODE & PASSCODE)

Hello everyone,

finally, here's a patch for auditing SAP-passwords. There's one
module for the old (BCODE or CODVN B) and one for the new (PASSCODE
or CODVN G) SAP passwords which can be obtained from the table
USR02 or USH02.

This patch was tested on linux/x86 only and we're quite sure it
won't work on any other architecture w/o modifications. Sorry for
that ;-) But: feel free to adjust/port/modify the code! Hints about
adjustments to be made are welcome :-) There's an issue with cases,
too. Maybe Solar Designer can give a hint here... BTW: SD, if there
was more documentation for the plugins, the quality would be far
better...

SAP password hashes are salted only with the username (the
system-ID is NOT involved!). So a special preparation of the
username-password-table is nesessary (see attached .pl-script). SAP
allows special characters in usernames (e.g. * $ <spaces> etc.).
Whitespaces at the end of the username will be stripped. Due to the
fact that the salt (remember: the username) varies in legth, we
came up with the great idea to fix the salt-length to the max
username legth (40, btw) and padd the rest w/ spaces, which will be
stripped by the plugin. Ugly, but has proven to work :-) So
basically, the format for our input-files looks like this (true for
G and B):

     username<space-padding-to-40>$HASHCODE
e.g.
     DDIC:DDIC                                    $C94E2F7DD0178374
     SPA*:SAP*
$60A0F7E06D95BC9FB45F605BDF1F7B660E5D5D4E

A small perl script is contributed as attachment of this posting.
It parses the content of a tab separeted file (SAP calls those 'XLS
files' - they contain the SAP table USR02 or USH02) and generates
two output files: BCODE and PASSCODE which can be fed into john.

If you have access to both password types (BCODE and G) you should
start cracking the BCODE first 'cause it's a lot faster. Note that
newer SAP-Systems (at least the ones we've seen) generate B and G!

So let's talk about the algorithms...

The BCODE (sapB) algorithm is pretty old and looks weak:
- the length of passwords is maximum 8 chars
- the password and username(=salt) are UPPER case
- passwords and usernames lose entropy (non-ascii chars get replaced by 0xff)
- at least, MD5 is applied twice (some magic in between), but
- the result is OR'd, so we will have only 8 bytes

The PASSCODE algorithm (sapG) is a bit more complex, but IDA and
Olly were able to reveal it's inner working (with a little support
of our brains<g>):
- the max. length of passwords is 48
- some pseudo-codepage-translation for passwords (>7bit ascii) is applied
- only the username(=salt) is always UPPERcase
- the hash is generated with two times SHA1 and some magic between both runs.

Feel free to check the details and comments in the patch. The patch
itself is public domain.

The patch is generated according to the infos from the wiki, so
there should be no trouble patching.
(please note: the patch contains the raw-MD5 and raw-SHA1 patch, too).

$ wget http://www.openwall.com/john/f/john-1.7.2.tar.gz
$ tar xfz john-1.7.2.tar.gz
$ cd john-1.7.2/
$ patch -p1 <../john-1.7.2-SAPLover-1.diff
$ cd src
$ make linux-x86-mmx
$ cd ../run
$ ./john --test --format=sapB
Benchmarking: SAP BCODE [sapb]... DONE
Raw:    815536 c/s real, 815536 c/s virtual

$ ./john --test --format=sapG
Benchmarking: SAP CODVN G (PASSCODE) [sapg]... DONE
Many salts:     643218 c/s real, 643218 c/s virtual
Only one salt:  626108 c/s real, 626108 c/s virtual

cheers,
       sap loverz


-- 
Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com


Download attachment "john-1.7.2-SAPLover-1.diff" of type "application/octet-stream" (42914 bytes)

Download attachment "sap_prepare.pl" of type "application/octet-stream" (2892 bytes)

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.