make_redux.c

跟rainbow table结合破解windoes登陆密码及各种hash密码

/*

    This file is part of Ophcrack (Time-Memory-Trade-Off-crack).

    Ophcrack is a Lanmanager/NTLM hash cracker based on the faster time-memory
    trade-off using rainbow tables. 
    
    Created with the help of: Maxime Mueller, Luca Wullschleger, Claude
    Hochreutiner and Andreas Huber.

    Copyright 2004 Philippe Oechslin

    Ophcrack is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    Ophcrack is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Ophcrack; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

#include "make_hash.h"
#include "make_redux.h"


/* Reduction functions to make passwords from hashes */

static char rcsid[] = "$Id: make_redux.c,v 1.0 2004/07/09 12:54:15 oechslin Exp $";

/* 
 * $Log: make_redux.c,v $
 * Revision 1.0  2004/07/09 12:54:15  oechslin
 * Initial revision
 *
 */


unsigned char chars[]="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
int n_redux = 0; /* current number of the redux fucntion */
int ident_redux =0; /* row at which all tables share the same redux function */
int length_redux =0;
int limit_redux;

/* initializes the variables that are necessary to find out which reduction 
   has to be applied in each column of each table */
void init_redux(int length, int ident)
{
  ident_redux=ident;
  length_redux=length;
}

void next_redux()
{
  n_redux++;
  if (n_redux == limit_redux)
    n_redux=ident_redux;
}	

void set_redux(int col, int table)
{
  n_redux = col + table*length_redux;
  /* cache this value to avoid recalculating it over and over in next_redux */
  limit_redux = (n_redux / length_redux)*length_redux + ident_redux;
  if (n_redux >= limit_redux )
    n_redux=n_redux % length_redux;
}

/* creates a new password from a given hash. 
   First the higher 4 bytes are Xored
   with n_redux. A variable length password is derived
   from the two ints that form the hash.*/

void make_redux(unsigned char *in, unsigned char *out)
{
  int i;
  unsigned int n;
  union {
    unsigned char p_bytes[8];
    unsigned int p_int[2];
  } p;

  
  /* xor with nredux */
  p.p_int[0] = *(int*)&in[0] ^ (int)n_redux;
  p.p_int[1] = *(int*)&in[4];



  /* generate a variable length password from the result */
  /* set the limits to chose the password lengths */
  /*
     there are 2238976117 x 36 possible passwords
               62193781 x 36 passwords of length 6 or less
               1727605 x 36 length 5 or less
               47989 x 36 length 4 or less
               1333 x 36 length 3 or less
               37 x 36 of length 2 or less
               1 x 36 of length 1

	       in proportion to 2^32 (max_int): */


#define    MAX7 119304647
#define    MAX6 3314018
#define    MAX5 92056
#define    MAX4 2557
#define    MAX3 71
#define    MAX2 2 /* to be exact this should be 1.92, we'll have 4%
		   * too many single character passwords */

  n = p.p_int[1];
  /* get four chars out of the uper word and 3 of the lower 
     (avoids calculations with long long ints */
  for (i=0; i<4; i++) {out[i]=chars[p.p_int[0]%36]; p.p_int[0]/=36;} 
  for (i=4; i<7; i++) {out[i]=chars[p.p_int[1]%36]; p.p_int[1]/=36;} 
  
  /* truncate the password */
  if (n<MAX7) {
    out[6]=0; 
    if (n<MAX6) {
      out[5]=0; 
      if (n<MAX5) {
	out[4]=0; 
	if (n<MAX4) {
	  out[3]=0; 
	  if (n<MAX3) {
	    out[2]=0; 
	    if (n<MAX2) { 
	      out[1]=0;	
	      /*	      printf ("single char password found (%s), yeah!\n",out);*/
	    }
	  }
	}
      }
    }
  } 
}