diff -urpN jumbo-unstable3/doc/DYNAMIC jumbo-unstable2/doc/DYNAMIC --- jumbo-unstable3/doc/DYNAMIC 2012-06-04 17:20:51.500000000 +0000 +++ jumbo-unstable2/doc/DYNAMIC 2012-06-04 17:17:20.046875000 +0000 @@ -27,6 +27,25 @@ The format of the input file lines will userID:$dynamic_#$base_16_hash[$salt] +Salts can contain some problematic characters. Some of these would be +characters such as: : \r \n \ NULL, etc. The : (colon) char is used +by JtR as a field separator. If it exists in the salt, it will split +the salt into multiple fields (i.e. wrong). A carriage return or line +feed, will cause the line to split, and JtR to not read it right. +NULL bytes are a problem in any C file, using normal 'string' functions. +The \ char, is used as a quoting char within dynamic, and can cause issues. +DUE to all of these problems, dynamic has been expanded to take this as +the salt: $dyanamic_#$base_16_hash$HEX$hex_bytes_of_salt. In this +format, if the salt was 1234, then $HEX$31323334 would be the equivelent +value. This allows salts such as $\x0:\r\nBadSalt to actually be encoded. +This salt CAN be used, if you use the representation: +$HEX$003a0a0d42616453616c74. +There is an application in ./run which can 'help' This is ./run/raw2dyna +This process will convert files in the format of hashCsalt (c can be any char), +into the proper $dynamic_#$hash$salt It can also handle saltChash (if +salt is a fixed size). It also properly handle the problematic characters, +and uses the $HEX$hex_salt method, if there are bad characters in the salt. + There may be a 2nd salt added in the near future, but not sure how it will be implemented. diff -urpN jumbo-unstable3/src/Makefile jumbo-unstable2/src/Makefile --- jumbo-unstable3/src/Makefile 2012-06-04 17:20:52.093750000 +0000 +++ jumbo-unstable2/src/Makefile 2012-06-04 15:38:03.765625000 +0000 @@ -196,7 +196,7 @@ PROJ = ../run/john ../run/unshadow ../ru ../run/ssh2john ../run/pdf2john ../run/rar2john ../run/zip2john \ ../run/genmkvpwd ../run/mkvcalcproba ../run/calc_stat \ ../run/tgtsnarf ../run/racf2john ../run/mozilla2john ../run/hccap2john \ - ../run/pwsafe2john + ../run/pwsafe2john ../run/raw2dyna PROJ_DOS = ../run/john.bin ../run/john.com \ ../run/unshadow.com ../run/unafs.com ../run/unique.com \ ../run/undrop.com \ @@ -209,14 +209,14 @@ PROJ_WIN32 = ../run/john.exe \ ../run/ssh2john.exe ../run/pdf2john.exe ../run/rar2john.exe ../run/zip2john.exe \ ../run/genmkvpwd.exe ../run/mkvcalcproba.exe ../run/calc_stat.exe \ ../run/racf2john.exe ../run/mozilla2john.exe ../run/hccap2john.exe \ - ../run/pwsafe2john.exe + ../run/pwsafe2john.exe ../run/raw2dyna.exe PROJ_WIN32_MINGW = ../run/john-mingw.exe \ ../run/unshadow.exe ../run/unafs.exe ../run/unique.exe \ ../run/undrop.exe \ ../run/ssh2john.exe ../run/pdf2john.exe ../run/rar2john.exe ../run/zip2john.exe \ ../run/genmkvpwd.exe ../run/mkvcalcproba.exe ../run/calc_stat.exe \ ../run/racf2john.exe ../run/mozilla2john.exe ../run/hccap2john.exe \ - ../run/pwsafe2john.exe + ../run/pwsafe2john.exe ../run/raw2dyna.exe default: @echo "To build John the Ripper, type:" @@ -1608,6 +1608,12 @@ endif ../run/calc_stat.exe: calc_stat.o $(LD) calc_stat.o $(LDFLAGS_MKV) -o ../run/calc_stat.exe +../run/raw2dyna: raw2dyna.o + $(LD) raw2dyna.o $(LDFLAGS) -o ../run/raw2dyna + +../run/raw2dyna.exe: raw2dyna.o + $(LD) raw2dyna.o $(LDFLAGS) -o ../run/raw2dyna.exe + SIPdump: SIPdump.o $(LD) SIPdump.o $(LDFLAGS) -lpcap -o ../run/SIPdump diff -urpN jumbo-unstable3/src/raw2dyna.c jumbo-unstable2/src/raw2dyna.c --- jumbo-unstable3/src/raw2dyna.c 1970-01-01 00:00:00.000000000 +0000 +++ jumbo-unstable2/src/raw2dyna.c 2012-06-04 15:50:33.312500000 +0000 @@ -0,0 +1,106 @@ +// convert a 'raw' file of hash:salt or hash$salt or $dynamic_n$hash$salt into JtR dynamic format. +// It will make sure the salt does not contain any 'bad' characters, and if so, it will convert +// the salt into the $HEX$ format. + +#include +#include +#include + +// isatty() in different locations, for VC, vs *unix. +#ifdef _MSC_VER +#include +#else +#include +#endif + +int dyna_num=12; +int all_hex=0; +int leading_salt=0; +char salt_sep=':'; +int salt_len=5; +char itoa16[16] = "0123456789abcdef"; + +void ParseOptions(int argc, char **argv); +char *GetSalt(char*); + +void usage(char *proc_name) { + fprintf(stderr, "\ +usage %s [options] < input > output\n\ +\tOptions:\n\ +\t\t-d=# dyna number (-d=12 and $dynamic_12$hash$salt is used)\n\ +\t\t-a ALL hashes get $HEX$ and not simply hashes which have problems\n\ +\t\t-ls=# The salt is the leading data, and it is # bytes long\n\ +\t\t-ss=b The salt separator char is b a blank -ss= means no separator char\n\ +\tdefaults are -d=12 -ss=:\n", proc_name); + exit(1); +} + +int main(int argc, char **argv) { + char Buf[256], *cps, *cph; + + // if no input redirection then give usage. I 'guess' we could allow + // a user to type in hashes, but is that really likely? It is almost + // certain that if there is no input redirection, the user does not + // know how to use the tool, so tell him how. + if (isatty(fileno(stdin))) + usage(argv[0]); + + ParseOptions(argc, argv); + fgets(Buf, sizeof(Buf), stdin); + while (!feof(stdin)) { + strtok(Buf, "\r\n"); + if (!leading_salt) { + cph = Buf; + cps = &Buf[32]; + if (salt_sep && *cps == salt_sep) ++cps; + } else { + cps = Buf; + cph = &Buf[leading_salt]; + if (salt_sep && *cph == salt_sep) {*cph++ = 0;} + } + printf("$dynamic_%d$%32.32s$%s\n", dyna_num, cph, GetSalt(cps)); + fgets(Buf, sizeof(Buf), stdin); + } + return 0; +} + + +char *GetSalt(char *s) { + static char hexbuf[256]; + char *cpo=hexbuf, *cp; + int tohex=0; + int max = leading_salt; + if (all_hex) tohex=1; + else { + cp = s; + while (*cp) { + // NOTE, some of these chars will never be seen in this app, due to strtok taking them out, or + // due to the C language not allowing them (i.e. null). But they are listed here for documenation + if (*cp == ':' || *cp == '\\' || *cp == '\n' || *cp == '\r' || *cp == '\x0') { tohex=1; break; } + ++cp; + } + } + if (!tohex) return s; + cpo += sprintf(hexbuf, "HEX$"); + while (*s) { + *cpo++ = itoa16[(((unsigned char)*s)>>4)&0xF]; + *cpo++ = itoa16[((unsigned char)*s)&0xF]; + ++s; + if (max) { + if (--max == 0) break; + } + } + *cpo = 0; + return hexbuf; +} + +void ParseOptions(int argc, char **argv) { + int i; + for (i = 1; i < argc; ++i) { + if (!strncmp(argv[i], "-d=", 3)) { dyna_num=strtol(&argv[i][3],NULL,10); continue; } + if (!strcmp(argv[i], "-a")) { all_hex=1; continue; } + if (!strncmp(argv[i], "-ls=",4)) { leading_salt=strtol(&argv[i][4],NULL,10); continue; } + if (!strncmp(argv[i], "-ss=",4)) { salt_sep=argv[i][4]; continue; } + usage(argv[0]); + } +}