FlyFar

password_cracker.c

Oct 28th, 2023
146
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 4.94 KB | Cybersecurity | 0 0
  1. /*
  2.   gcc password_cracker.c  -l crypto -o password_cracker.o
  3.  
  4. */
  5.  
  6. #include <string.h>
  7. #include <openssl/evp.h>
  8. #include <openssl/rand.h>
  9. #include <openssl/hmac.h>
  10.  
  11.  
  12. //================
  13. #include <stdio.h>
  14. #include <stdlib.h>
  15. #include <stdlib.h>
  16. #include <time.h>
  17.  
  18. #define PAGESIZE 1024
  19. #define PBKDF2_ITER 4000
  20. #define DISABLE_HMAC
  21. #define FILE_HEADER_SZ 16
  22.  
  23. #define TEST_ROUND 2
  24. #define LARGEST_NUM (268435456-1)
  25. #define TRUCK_SIZE 1000
  26.  
  27.  
  28.  
  29. //===================
  30. char* infile ;
  31. //const char* outfile = "decrypted_sqlite.db";
  32. char* passfile ;
  33.  
  34. const char hex_array[] = "0123456789abcdef";
  35. //===================
  36.  
  37. // 0x9955bbc
  38. unsigned long pass_sn = 0x9955bbc-2000;
  39.  
  40. void increse_num(void);
  41. int quit_flag = 0;
  42.  
  43. int main(int argc, char **argv)
  44. {
  45.  
  46.  
  47.     long pass_start;
  48.     long pass_end;
  49.     long x;
  50.  
  51.     infile = argv[1];
  52.     passfile = argv[2];
  53.     pass_start = strtol(argv[3], NULL, 0); //atoi(argv[1]);
  54.     pass_end = strtol(argv[4], NULL, 0); //atoi(argv[2]);
  55.  
  56.     char pass[8]= {'0'}; /* two bytes of hex = 4 characters, plus NULL terminator */
  57.  
  58.  
  59.     int i, csz, tmp_csz, key_sz, iv_sz, block_sz, hmac_sz, reserve_sz;
  60.     FILE *infh;
  61.     int read;
  62.     unsigned char *inbuffer, *outbuffer, *salt, *out, *key, *iv;
  63.     EVP_CIPHER *evp_cipher;
  64.     EVP_CIPHER_CTX * ectx = EVP_CIPHER_CTX_new();
  65.  
  66.     OpenSSL_add_all_algorithms();
  67.  
  68.     evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname("aes-256-cbc");
  69.  
  70.     key_sz = EVP_CIPHER_key_length(evp_cipher);
  71.     key = malloc(key_sz);
  72.  
  73.     iv_sz = EVP_CIPHER_iv_length(evp_cipher);
  74.     iv = malloc(iv_sz);
  75.  
  76.     hmac_sz = EVP_MD_size(EVP_sha1());
  77. #ifdef DISABLE_HMAC
  78.     hmac_sz = 0;
  79. #endif
  80.     block_sz = EVP_CIPHER_block_size(evp_cipher);
  81.  
  82.     reserve_sz = iv_sz + hmac_sz;
  83.     reserve_sz = ((reserve_sz % block_sz) == 0) ? reserve_sz : ((reserve_sz / block_sz) + 1) * block_sz;
  84.  
  85.     inbuffer = (unsigned char*) malloc(PAGESIZE);
  86.     outbuffer = (unsigned char*) malloc(PAGESIZE);
  87.     salt = malloc(FILE_HEADER_SZ);
  88.  
  89.     infh = fopen(infile, "r");
  90.     //outfh = fopen(outfile, "w");
  91.     read = fread(inbuffer, 1, PAGESIZE, infh);  /* read the first page */
  92.     fclose(infh);
  93.  
  94.     memcpy(salt, inbuffer, FILE_HEADER_SZ); /* first 16 bytes are the random database salt */
  95.  
  96.  
  97.     //PKCS5_PBKDF2_HMAC_SHA1(pass, strlen(pass), salt, FILE_HEADER_SZ, PBKDF2_ITER, key_sz, key);
  98.  
  99.     memset(outbuffer, 0, PAGESIZE);
  100.     out = outbuffer;
  101.  
  102.     memcpy(iv, inbuffer + PAGESIZE - reserve_sz, iv_sz); /* last iv_sz bytes are the initialization vector */
  103.  
  104.  
  105.     printf("Start from %07x to %07x.\n", pass_start, pass_end );
  106.  
  107.  
  108.     clock_t start = clock();
  109.     for (x=pass_start; x<=pass_end && x <= LARGEST_NUM; x++)
  110.     {
  111.  
  112.         pass[0] = hex_array[((x & 0xF000000) >> 24)];
  113.         pass[1] = hex_array[((x & 0x0F00000) >> 20)];
  114.         pass[2] = hex_array[((x & 0x00F0000) >> 16)];
  115.         pass[3] = hex_array[((x & 0x000F000) >> 12)];
  116.         pass[4] = hex_array[((x & 0x0000F00) >> 8)];
  117.         pass[5] = hex_array[((x & 0x00000F0) >> 4)];
  118.         pass[6] = hex_array[((x & 0x000000F) >> 0)];
  119.  
  120.         PKCS5_PBKDF2_HMAC_SHA1(pass, strlen(pass), salt, FILE_HEADER_SZ, PBKDF2_ITER, key_sz, key);
  121.         out = outbuffer;
  122.         EVP_CipherInit(ectx, evp_cipher, NULL, NULL, 0);
  123.         EVP_CIPHER_CTX_set_padding(ectx, 0);
  124.         EVP_CipherInit(ectx, NULL, key, iv, 0);
  125.         EVP_CipherUpdate(ectx, out, &tmp_csz, inbuffer + FILE_HEADER_SZ, PAGESIZE - reserve_sz - FILE_HEADER_SZ);
  126.         csz = tmp_csz;
  127.         out += tmp_csz;
  128.         EVP_CipherFinal(ectx, out, &tmp_csz);
  129.         csz += tmp_csz;
  130.         EVP_CIPHER_CTX_cleanup(ectx);
  131.  
  132.         // WeChat 7.0 use different write/read version
  133.         // [5] = 64; [6] = 32; [7] = 32; [56:(56+20)] = 0;
  134.         if( outbuffer[5] == 0x40
  135.             && outbuffer[6] == 0x20
  136.             && outbuffer[7] == 0x20
  137.             //&& outbuffer[56] == 0x00
  138.             //&& outbuffer[57] == 0x00
  139.           )
  140.         {
  141.             quit_flag = 1;
  142.  
  143.             printf("OK\n");
  144.             printf("Pass: %s\n", pass);
  145.             FILE *passfh;
  146.  
  147.             passfh = fopen(passfile, "a");
  148.             fwrite(pass, 1, strlen(pass), passfh);
  149.             fwrite("\n", 1, strlen("\n"), passfh);
  150.             fclose(passfh);
  151.  
  152.             printf("outbuffer:\n");
  153.             int kk,kkk;
  154.             for (kk=0; kk<10; kk++)
  155.             {
  156.                 for (kkk=0; kkk<10; kkk++)
  157.                 {
  158.                     printf("%02x ", outbuffer[kk*10 + kkk]);
  159.                 }
  160.                 printf("\n");
  161.             }
  162.  
  163.         }
  164.  
  165.     }
  166.  
  167.     clock_t end = clock();
  168.     unsigned long millis = (end - start) * 1000 / CLOCKS_PER_SEC;
  169.     if (millis==0)
  170.         millis = 1;
  171.     float speed = (pass_end+1-pass_start)*1000.0/(millis);
  172.  
  173.     printf("END from %07x to %07x. Speed: %f/s .\n", pass_start, pass_end, speed );
  174.  
  175.  
  176.     free(inbuffer);
  177.     free(outbuffer);
  178.     free(key);
  179.     free(salt);
  180.     free(iv);
  181.  
  182.  
  183.     return 0;
  184. }
Add Comment
Please, Sign In to add comment