67 #define FSTRING_LEN 256 72 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43,
73 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54,
74 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4};
76 static const uchar perm2[48] = {14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
77 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
78 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
79 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32};
82 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
83 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
84 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
85 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7};
87 static const uchar perm4[48] = {32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
88 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
89 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
90 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1};
92 static const uchar perm5[32] = {16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23,
93 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27,
94 3, 9, 19, 13, 30, 6, 22, 11, 4, 25};
97 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
98 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
99 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
100 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25};
102 static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
105 {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
106 {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
107 {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
108 {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
110 {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
111 {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
112 {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
113 {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
115 {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
116 {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
117 {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
118 {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
120 {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
121 {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
122 {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
123 {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
125 {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
126 {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
127 {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
128 {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
130 {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
131 {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
132 {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
133 {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
135 {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
136 {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
137 {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
138 {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
140 {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
141 {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
142 {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
143 {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
149 for (i = 0; i < n; i++)
150 out[i] = in[p[i] - 1];
158 for (i = 0; i < n; i++)
159 out[i] = d[(i + count) % n];
160 for (i = 0; i < n; i++)
165 concat (
char *out,
char *in1,
char *in2,
int l1,
int l2)
173 static void xor(
char *out,
char *in1,
char *in2,
int n)
177 out[i] = in1[i] ^ in2[i];
180 static void dohash(
char *out,
char *in,
char *key,
int forw)
194 for (i = 0; i < 28; i++)
196 for (i = 0; i < 28; i++)
199 for (i = 0; i < 16; i++)
204 concat (cd, c, d, 28, 28);
210 for (j = 0; j < 32; j++)
216 for (i = 0; i < 16; i++)
227 xor(erk, er, ki[forw ? i : 15 - i], 48);
229 for (j = 0; j < 8; j++)
230 for (k = 0; k < 6; k++)
231 b[j][k] = erk[j * 6 + k];
233 for (j = 0; j < 8; j++)
236 m = (b[j][0] << 1) | b[j][5];
238 n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4];
240 for (k = 0; k < 4; k++)
241 b[j][k] = (
sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0;
244 for (j = 0; j < 8; j++)
245 for (k = 0; k < 4; k++)
246 cb[j * 4 + k] = b[j][k];
251 for (j = 0; j < 32; j++)
254 for (j = 0; j < 32; j++)
258 concat (rl, r, l, 32, 32);
268 key[0] = str[0] >> 1;
269 key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
270 key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
271 key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
272 key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
273 key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
274 key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
275 key[7] = str[6] & 0x7F;
276 for (i = 0; i < 8; i++)
278 key[i] = (key[i] << 1);
293 for (i = 0; i < 64; i++)
295 inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
296 keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
300 dohash (outb, inb, keyb, forw);
302 for (i = 0; i < 8; i++)
307 for (i = 0; i < 64; i++)
310 out[i / 8] |= (1 << (7 - (i % 8)));
317 uchar sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
319 smbhash (p16 + 8, sp8, p14 + 7, 1);
326 smbhash (p24 + 8, c8, p21 + 7, 1);
327 smbhash (p24 + 16, c8, p21 + 14, 1);
353 for (ind = 0; ind < 256; ind++)
355 hash[ind] = (
uchar) ind;
358 for (ind = 0; ind < 256; ind++)
362 j += (hash[ind] + key[ind % 16]);
368 for (ind = 0; ind < len; ind++)
374 index_j += hash[index_i];
377 hash[index_i] = hash[index_j];
380 t = hash[index_i] + hash[index_j];
381 data[ind] = data[ind] ^ hash[t];
402 memcpy (p21, passwd, 16);
403 E_P24 (p21, c8, p24);
412 memset (p21,
'\0', 21);
413 memcpy (p21, lm_hash, 16);
423 memset (p21,
'\0', 21);
424 memcpy (p21, nt_hash, 16);
433 uchar partial_lm_hash[16];
435 memcpy (partial_lm_hash, lm_hash, 8);
436 memset (partial_lm_hash + 8, 0xbd, 8);
438 memcpy (sess_key, p24, 16);
458 dpass = g_utf8_strup (passwd, pass_len);
459 memcpy (dospwd, dpass, pass_len);
464 E_P16 ((
unsigned char *) dospwd, p16);
466 if (strlen (dospwd) > 14)
490 int address_list_len)
497 uchar client_chal[8];
498 uint8_t *response = g_malloc0 (28 + address_list_len);
500 int header = 0x00000101;
501 int zeros = 0x00000000;
506 SIVAL (response, 0, header);
507 SIVAL (response, 4, zeros);
508 memcpy (response + 4 + 4, long_date, 8);
509 memcpy (response + 4 + 4 +
sizeof (long_date), client_chal, 8);
510 SIVAL (response, 24, zeros);
511 for (i = 0; i < address_list_len; i++)
513 *(response + 28 + i) = *(addr_list + i);
521 const char *server_chal,
522 const char *address_list,
523 int address_list_len, uint8_t *nt_response)
525 uchar ntlmv2_response[16];
526 uint8_t *ntlmv2_client_data;
535 int client_data_len = 28 + address_list_len;
537 ntlmv2_client_data, client_data_len,
539 memcpy (nt_response, ntlmv2_response,
sizeof (ntlmv2_response));
540 memcpy (nt_response +
sizeof (ntlmv2_response), ntlmv2_client_data,
546 const char *server_chal, uint8_t *lm_response)
548 uchar lmv2_response[16];
549 uint8_t lmv2_client_data[8];
557 lmv2_client_data,
sizeof (lmv2_client_data),
559 memcpy (lm_response, lmv2_response,
sizeof (lmv2_response));
563 memcpy (lm_response +
sizeof (lmv2_response), lmv2_client_data,
564 sizeof (lmv2_client_data));
569 uchar ntlm_v2_hash[16],
const char *server_chal,
570 const char *address_list,
int address_list_len,
571 uint8_t *lm_response, uint8_t *nt_response,
572 uint8_t *user_session_key)
577 address_list_len, nt_response);
uint8_t * NTLMv2_generate_client_data_ntlmssp(const char *addr_list, int address_list_len)
void smbhash(uchar *out, const uchar *in, const uchar *key, int forw)
static void xor(char *out, char *in1, char *in2, int n)
char fstring[FSTRING_LEN]
static void dohash(char *out, char *in, char *key, int forw)
void SamOEMhash(uchar *data, const uchar *key, int val)
static const uchar sc[16]
void E_P16(uchar *p14, uchar *p16)
void SMBOWFencrypt_ntlmssp(const uchar passwd[16], const uchar *c8, uchar p24[24])
void LMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16], const char *server_chal, uint8_t *lm_response)
static const uchar perm1[56]
static const uchar perm4[48]
void hmac_md5_init_limK_to_64(const uchar *key, int key_len, HMACMD5Context *ctx)
The microsoft version of hmac_md5 initialisation.
#define SIVAL(buf, pos, val)
bool E_deshash_ntlmssp(const char *passwd, uint8_t pass_len, uchar p16[16])
void mdfour_ntlmssp(unsigned char *out, const unsigned char *in, int n)
static void concat(char *out, char *in1, char *in2, int l1, int l2)
static const uchar perm5[32]
void SMBNTLMv2encrypt_hash_ntlmssp(const char *user, const char *domain, uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *user_session_key)
void generate_random_buffer_ntlmssp(unsigned char *out, int len)
static const uchar perm6[64]
void SMBOWFencrypt_ntv2_ntlmssp(const uchar kr[16], const uint8_t *srv_chal, int srv_chal_len, const uint8_t *cli_chal, int cli_chal_len, uchar resp_buf[16])
static void permute(char *out, char *in, const uchar *p, int n)
static const uchar perm3[64]
void SMBencrypt_hash_ntlmssp(const uchar lm_hash[16], const uchar *c8, uchar p24[24])
void hmac_md5_final(uchar *digest, HMACMD5Context *ctx)
Finish off hmac_md5 "inner" buffer and generate outer one.
void put_long_date_ntlmssp(char *p, time_t t)
void hmac_md5_update(const uchar *text, int text_len, HMACMD5Context *ctx)
Update hmac_md5 "inner" buffer.
static void str_to_key(const uchar *str, uchar *key)
void SMBsesskeygen_ntv2_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
static const uchar perm2[48]
static const uchar sbox[8][4][16]
void NTLMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *nt_response)
void SMBsesskeygen_ntv1_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
void E_P24(const uchar *p21, const uchar *c8, uchar *p24)
static void lshift(char *d, int count, int n)
void SMBsesskeygen_lm_sess_key_ntlmssp(const uchar lm_hash[16], const uchar lm_resp[24], uint8 sess_key[16])
void SMBNTencrypt_hash_ntlmssp(const uchar nt_hash[16], uchar *c8, uchar *p24)
Unix SMB/Netbios implementation. Version 1.9.