|
Message-ID: <b18c24a9-3263-88c9-7f63-aaa534643e5d@gmail.com> Date: Tue, 10 Sep 2019 20:59:32 +1000 From: Marcin Gębarowski <marcing.dev@...il.com> To: john-users@...ts.openwall.com Subject: Re: SHA256(XOR(salt+pass, key)) On 9/09/2019 16:09, magnum wrote: > On 2019-09-07 15:05, Marcin Gębarowski wrote: >> Looking for help with using john to crack the hashes I got, the >> application creates them as follows: >> >> SHA256(XOR(salt + pass, key)) >> >> >> Salt and key are both 32 bytes long. I have the key. Hashes are stored >> in format: >> base64(salt + hash) >> but I can easily change that to anything else. >> >> >> The main problem I'm having is the XOR function, which I was unable to >> find in dynamic scripts library. Having something like: >> sha256(xor($s.$p, $key)) >> as dynamic script would definitely solve this... > > So is key like a 2nd (fixed) salt (pepper)? What application is that? > I'm sure Jim could add XOR to dynamic compiler format with ease. Can you > post a sample or two with known pass and key that we can use as test > vectors? > > There's a minor optimization possible - we could save state of SHA256 > after the first 8 rounds with a given salt, and reuse that for as many > password candidates we like. > > magnum > Hi Magnum, Unfortunately I cannot disclose the name of the application and any specifics about it. It's a thick client connecting to a database. The key, whatever we call it, is used to XOR salt and the password (pepper kinda makes sense). I'll go through whole process below. Credentials: admin:SecretP@...0rd Hash (providing both in Base64 and HEX form, the database contains Base64 form): admin:JAdLh0jerQthm2tSrfFYje4/7AGvc8NIhDRNcUZldlk4HBzlWaSxwYH9v68E1O++9IWmH1oLNttA27UtKVbIIA== or in hex form: admin:24074B8748DEAD0B619B6B52ADF1588DEE3FEC01AF73C34884344D7146657659381C1CE559A4B1C181FDBFAF04D4EFBEF485A61F5A0B36DB40DBB52D2956C820 If above is translated into admin:salt:hash it turns into (salt is the first half of whole hash): admin:24074B8748DEAD0B619B6B52ADF1588DEE3FEC01AF73C34884344D7146657659:381C1CE559A4B1C181FDBFAF04D4EFBEF485A61F5A0B36DB40DBB52D2956C820 Hardcoded XOR key: 8148e6237b1412fad5ab21c35082363b7d5f7003ae31571e16b4d66ce7cce398 To check the hash the application does the following: 1. Salt value is extracted: 0000h: 24 07 4B 87 48 DE AD 0B 61 9B 6B 52 AD F1 58 8D $.K‡HÞ.a›kRñX 0010h: EE 3F EC 01 AF 73 C3 48 84 34 4D 71 46 65 76 59 î?ì.¯sÃH„4MqFevY 2. Provided password is appended to it: 0000h: 24 07 4B 87 48 DE AD 0B 61 9B 6B 52 AD F1 58 8D $.K‡HÞ.a›kRñX 0010h: EE 3F EC 01 AF 73 C3 48 84 34 4D 71 46 65 76 59 î?ì.¯sÃH„4MqFevY 0020h: 53 65 63 72 65 74 50 40 73 73 77 30 72 64 SecretP@...0rd 3. Resulting data is XORed with hardcoded key: 0000h: A5 4F AD A4 33 CA BF F1 B4 30 4A 91 FD 73 6E B6 ¥O¤3Ê¿ñ´0J‘ýsn¶ 0010h: 93 60 9C 02 01 42 94 56 92 80 9B 1D A1 A9 95 C1 “`œ..B”V’€›.¡©•Á 0020h: D2 2D 85 51 1E 60 42 BA A6 D8 56 F3 22 E6 Ò-…Q.`Bº¦ØVó"æ 4. This goes through SHA256 giving: 381c1ce559a4b1c181fdbfaf04d4efbef485a61f5a0b36db40dbb52d2956c820 As can be seen the resulting hashes are the same. Other credentials and their hashes (same XOR key used): admin:admin admin:LS2Y6dg3J6twutTSiKKNKRxwCjTYrUp0pvOxlw4/tahRg+6H0Cjx8uul+yJ3JBTPSow9d0zGz9D/38rlQLAOfw== admin:2D2D98E9D83727AB70BAD4D288A28D291C700A34D8AD4A74A6F3B1970E3FB5A8:5183EE87D028F1F2EBA5FB22772414CF4A8C3D774CC6CFD0FFDFCAE540B00E7F user:password user:cevg02yNV9rG7X+tpOtOquN49D5L3auDKaMfBU0mlDkv7W10xQuTBSSixXrupUnC7XEYMT9HnSn1BQ0Axmiw0A== user:71EBE0D36C8D57DAC6ED7FADA4EB4EAAE378F43E4BDDAB8329A31F054D269439:2FED6D74C50B930524A2C57AEEA549C2ED7118313F479D29F5050D00C668B0D0 I imagine the dynamic format for cracking these would look something like: sha256(xor($s.$p, $c1)),c1=8148e6237b1412fad5ab21c35082363b7d5f7003ae31571e16b4d66ce7cce398 Please treat above as pseudocode, I'm new to the dynamic formats and not aware how HEX data is passed to them. Of course above could be changed into: sha256(xor($s, $c1).xor($p, $c1)),c1=8148e6237b1412fad5ab21c35082363b7d5f7003ae31571e16b4d66ce7cce398 which most likely would do better performance-wise. Let me know if you have any further questions. Marcin
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.