password_cracker.c

1. /*
2.   gcc password_cracker.c  -l crypto -o password_cracker.o
3.  
4. */
5.  
6. #include <string.h>
7. #include <openssl/evp.h>
8. #include <openssl/rand.h>
9. #include <openssl/hmac.h>
10.  
11.  
12. //================
13. #include <stdio.h>
14. #include <stdlib.h>
15. #include <stdlib.h>
16. #include <time.h>
17.  
18. #define PAGESIZE 1024
19. #define PBKDF2_ITER 4000
20. #define DISABLE_HMAC
21. #define FILE_HEADER_SZ 16
22.  
23. #define TEST_ROUND 2
24. #define LARGEST_NUM (268435456-1)
25. #define TRUCK_SIZE 1000
26.  
27.  
28.  
29. //===================
30. char* infile ;
31. //const char* outfile = "decrypted_sqlite.db";
32. char* passfile ;
33.  
34. const char hex_array[] = "0123456789abcdef";
35. //===================
36.  
37. // 0x9955bbc
38. unsigned long pass_sn = 0x9955bbc-2000;
39.  
40. void increse_num(void);
41. int quit_flag = 0;
42.  
43. int main(int argc, char **argv)
44. {
45.  
46.  
47.     long pass_start;
48.     long pass_end;
49.     long x;
50.  
51.     infile = argv[1];
52.     passfile = argv[2];
53.     pass_start = strtol(argv[3], NULL, 0); //atoi(argv[1]);
54.     pass_end = strtol(argv[4], NULL, 0); //atoi(argv[2]);
55.  
56.     char pass[8]= {'0'}; /* two bytes of hex = 4 characters, plus NULL terminator */
57.  
58.  
59.     int i, csz, tmp_csz, key_sz, iv_sz, block_sz, hmac_sz, reserve_sz;
60.     FILE *infh;
61.     int read;
62.     unsigned char *inbuffer, *outbuffer, *salt, *out, *key, *iv;
63.     EVP_CIPHER *evp_cipher;
64.     EVP_CIPHER_CTX * ectx = EVP_CIPHER_CTX_new();
65.  
66.     OpenSSL_add_all_algorithms();
67.  
68.     evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname("aes-256-cbc");
69.  
70.     key_sz = EVP_CIPHER_key_length(evp_cipher);
71.     key = malloc(key_sz);
72.  
73.     iv_sz = EVP_CIPHER_iv_length(evp_cipher);
74.     iv = malloc(iv_sz);
75.  
76.     hmac_sz = EVP_MD_size(EVP_sha1());
77. #ifdef DISABLE_HMAC
78.     hmac_sz = 0;
79. #endif
80.     block_sz = EVP_CIPHER_block_size(evp_cipher);
81.  
82.     reserve_sz = iv_sz + hmac_sz;
83.     reserve_sz = ((reserve_sz % block_sz) == 0) ? reserve_sz : ((reserve_sz / block_sz) + 1) * block_sz;
84.  
85.     inbuffer = (unsigned char*) malloc(PAGESIZE);
86.     outbuffer = (unsigned char*) malloc(PAGESIZE);
87.     salt = malloc(FILE_HEADER_SZ);
88.  
89.     infh = fopen(infile, "r");
90.     //outfh = fopen(outfile, "w");
91.     read = fread(inbuffer, 1, PAGESIZE, infh);  /* read the first page */
92.     fclose(infh);
93.  
94.     memcpy(salt, inbuffer, FILE_HEADER_SZ); /* first 16 bytes are the random database salt */
95.  
96.  
97.     //PKCS5_PBKDF2_HMAC_SHA1(pass, strlen(pass), salt, FILE_HEADER_SZ, PBKDF2_ITER, key_sz, key);
98.  
99.     memset(outbuffer, 0, PAGESIZE);
100.     out = outbuffer;
101.  
102.     memcpy(iv, inbuffer + PAGESIZE - reserve_sz, iv_sz); /* last iv_sz bytes are the initialization vector */
103.  
104.  
105.     printf("Start from %07x to %07x.\n", pass_start, pass_end );
106.  
107.  
108.     clock_t start = clock();
109.     for (x=pass_start; x<=pass_end && x <= LARGEST_NUM; x++)
110.     {
111.  
112.         pass[0] = hex_array[((x & 0xF000000) >> 24)];
113.         pass[1] = hex_array[((x & 0x0F00000) >> 20)];
114.         pass[2] = hex_array[((x & 0x00F0000) >> 16)];
115.         pass[3] = hex_array[((x & 0x000F000) >> 12)];
116.         pass[4] = hex_array[((x & 0x0000F00) >> 8)];
117.         pass[5] = hex_array[((x & 0x00000F0) >> 4)];
118.         pass[6] = hex_array[((x & 0x000000F) >> 0)];
119.  
120.         PKCS5_PBKDF2_HMAC_SHA1(pass, strlen(pass), salt, FILE_HEADER_SZ, PBKDF2_ITER, key_sz, key);
121.         out = outbuffer;
122.         EVP_CipherInit(ectx, evp_cipher, NULL, NULL, 0);
123.         EVP_CIPHER_CTX_set_padding(ectx, 0);
124.         EVP_CipherInit(ectx, NULL, key, iv, 0);
125.         EVP_CipherUpdate(ectx, out, &tmp_csz, inbuffer + FILE_HEADER_SZ, PAGESIZE - reserve_sz - FILE_HEADER_SZ);
126.         csz = tmp_csz;
127.         out += tmp_csz;
128.         EVP_CipherFinal(ectx, out, &tmp_csz);
129.         csz += tmp_csz;
130.         EVP_CIPHER_CTX_cleanup(ectx);
131.  
132.         // WeChat 7.0 use different write/read version
133.         // [5] = 64; [6] = 32; [7] = 32; [56:(56+20)] = 0;
134.         if( outbuffer[5] == 0x40
135.             && outbuffer[6] == 0x20
136.             && outbuffer[7] == 0x20
137.             //&& outbuffer[56] == 0x00
138.             //&& outbuffer[57] == 0x00
139.           )
140.         {
141.             quit_flag = 1;
142.  
143.             printf("OK\n");
144.             printf("Pass: %s\n", pass);
145.             FILE *passfh;
146.  
147.             passfh = fopen(passfile, "a");
148.             fwrite(pass, 1, strlen(pass), passfh);
149.             fwrite("\n", 1, strlen("\n"), passfh);
150.             fclose(passfh);
151.  
152.             printf("outbuffer:\n");
153.             int kk,kkk;
154.             for (kk=0; kk<10; kk++)
155.             {
156.                 for (kkk=0; kkk<10; kkk++)
157.                 {
158.                     printf("%02x ", outbuffer[kk*10 + kkk]);
159.                 }
160.                 printf("\n");
161.             }
162.  
163.         }
164.  
165.     }
166.  
167.     clock_t end = clock();
168.     unsigned long millis = (end - start) * 1000 / CLOCKS_PER_SEC;
169.     if (millis==0)
170.         millis = 1;
171.     float speed = (pass_end+1-pass_start)*1000.0/(millis);
172.  
173.     printf("END from %07x to %07x. Speed: %f/s .\n", pass_start, pass_end, speed );
174.  
175.  
176.     free(inbuffer);
177.     free(outbuffer);
178.     free(key);
179.     free(salt);
180.     free(iv);
181.  
182.  
183.     return 0;
184. }