Date: Wed, 25 Jun 2008 18:48:50 -0500 From: "sap friend" <sapfriend@...sultant.com> To: john-users@...ts.openwall.com Subject: patch for SAP-passwords (BCODE & PASSCODE) Hello everyone, finally, here's a patch for auditing SAP-passwords. There's one module for the old (BCODE or CODVN B) and one for the new (PASSCODE or CODVN G) SAP passwords which can be obtained from the table USR02 or USH02. This patch was tested on linux/x86 only and we're quite sure it won't work on any other architecture w/o modifications. Sorry for that ;-) But: feel free to adjust/port/modify the code! Hints about adjustments to be made are welcome :-) There's an issue with cases, too. Maybe Solar Designer can give a hint here... BTW: SD, if there was more documentation for the plugins, the quality would be far better... SAP password hashes are salted only with the username (the system-ID is NOT involved!). So a special preparation of the username-password-table is nesessary (see attached .pl-script). SAP allows special characters in usernames (e.g. * $ <spaces> etc.). Whitespaces at the end of the username will be stripped. Due to the fact that the salt (remember: the username) varies in legth, we came up with the great idea to fix the salt-length to the max username legth (40, btw) and padd the rest w/ spaces, which will be stripped by the plugin. Ugly, but has proven to work :-) So basically, the format for our input-files looks like this (true for G and B): username<space-padding-to-40>$HASHCODE e.g. DDIC:DDIC $C94E2F7DD0178374 SPA*:SAP* $60A0F7E06D95BC9FB45F605BDF1F7B660E5D5D4E A small perl script is contributed as attachment of this posting. It parses the content of a tab separeted file (SAP calls those 'XLS files' - they contain the SAP table USR02 or USH02) and generates two output files: BCODE and PASSCODE which can be fed into john. If you have access to both password types (BCODE and G) you should start cracking the BCODE first 'cause it's a lot faster. Note that newer SAP-Systems (at least the ones we've seen) generate B and G! So let's talk about the algorithms... The BCODE (sapB) algorithm is pretty old and looks weak: - the length of passwords is maximum 8 chars - the password and username(=salt) are UPPER case - passwords and usernames lose entropy (non-ascii chars get replaced by 0xff) - at least, MD5 is applied twice (some magic in between), but - the result is OR'd, so we will have only 8 bytes The PASSCODE algorithm (sapG) is a bit more complex, but IDA and Olly were able to reveal it's inner working (with a little support of our brains<g>): - the max. length of passwords is 48 - some pseudo-codepage-translation for passwords (>7bit ascii) is applied - only the username(=salt) is always UPPERcase - the hash is generated with two times SHA1 and some magic between both runs. Feel free to check the details and comments in the patch. The patch itself is public domain. The patch is generated according to the infos from the wiki, so there should be no trouble patching. (please note: the patch contains the raw-MD5 and raw-SHA1 patch, too). $ wget http://www.openwall.com/john/f/john-1.7.2.tar.gz $ tar xfz john-1.7.2.tar.gz $ cd john-1.7.2/ $ patch -p1 <../john-1.7.2-SAPLover-1.diff $ cd src $ make linux-x86-mmx $ cd ../run $ ./john --test --format=sapB Benchmarking: SAP BCODE [sapb]... DONE Raw: 815536 c/s real, 815536 c/s virtual $ ./john --test --format=sapG Benchmarking: SAP CODVN G (PASSCODE) [sapg]... DONE Many salts: 643218 c/s real, 643218 c/s virtual Only one salt: 626108 c/s real, 626108 c/s virtual cheers, sap loverz -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com Download attachment "john-1.7.2-SAPLover-1.diff" of type "application/octet-stream" (42914 bytes) Download attachment "sap_prepare.pl" of type "application/octet-stream" (2892 bytes) -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ