|
Conrad Meyer |
247e1f8 |
01_port_to_gcrypt.patch
|
|
Conrad Meyer |
247e1f8 |
Paul Wise <pabs@debian.org>
|
|
Conrad Meyer |
247e1f8 |
Placed in the public domain
|
|
Conrad Meyer |
247e1f8 |
Port to libgcrypt to avoid GPL/OpenSSL incompatibility
|
|
Conrad Meyer |
247e1f8 |
Forwarded to Petter Nordahl-Hagen <pnordahl@eunet.no>
|
|
Conrad Meyer |
247e1f8 |
Updated by Philippe Coval <rzr@gna.org> for debian
|
|
Conrad Meyer |
247e1f8 |
|
|
Conrad Meyer |
247e1f8 |
--- a/chntpw.c
|
|
Conrad Meyer |
247e1f8 |
+++ b/chntpw.c
|
|
Conrad Meyer |
247e1f8 |
@@ -16,6 +16,7 @@
|
|
Conrad Meyer |
247e1f8 |
* 2010-jun: Syskey not visible in menu, but is selectable (2)
|
|
Conrad Meyer |
247e1f8 |
* 2010-apr: Interactive menu adapts to show most relevant
|
|
Conrad Meyer |
247e1f8 |
* selections based on what is loaded
|
|
Conrad Meyer |
247e1f8 |
+ * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility [Debian]
|
|
Conrad Meyer |
247e1f8 |
* 2008-mar: Minor other tweaks
|
|
Conrad Meyer |
247e1f8 |
* 2008-mar: Interactive reg ed moved out of this file, into edlib.c
|
|
Conrad Meyer |
247e1f8 |
* 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev
|
|
Conrad Meyer |
247e1f8 |
@@ -79,8 +80,14 @@
|
|
Conrad Meyer |
247e1f8 |
*/
|
|
Conrad Meyer |
247e1f8 |
|
|
Conrad Meyer |
247e1f8 |
#ifdef DOCRYPTO
|
|
|
affa7b3 |
+#if defined(USEOPENSSL)
|
|
|
affa7b3 |
#include <openssl/des.h>
|
|
|
affa7b3 |
#include <openssl/md4.h>
|
|
|
affa7b3 |
+#elif defined(USELIBGCRYPT)
|
|
|
affa7b3 |
+ #include <gcrypt.h>
|
|
|
affa7b3 |
+#else
|
|
|
affa7b3 |
+ #error No DES encryption and MD4 hashing library found
|
|
|
affa7b3 |
+#endif
|
|
Conrad Meyer |
247e1f8 |
#endif
|
|
|
affa7b3 |
|
|
Conrad Meyer |
247e1f8 |
#define uchar u_char
|
|
Conrad Meyer |
247e1f8 |
@@ -155,7 +162,9 @@
|
|
|
affa7b3 |
for (i=0;i<8;i++) {
|
|
|
affa7b3 |
key[i] = (key[i]<<1);
|
|
|
affa7b3 |
}
|
|
|
affa7b3 |
+#if defined(USEOPENSSL)
|
|
|
affa7b3 |
DES_set_odd_parity((des_cblock *)key);
|
|
|
affa7b3 |
+#endif
|
|
|
affa7b3 |
}
|
|
|
affa7b3 |
|
|
|
affa7b3 |
/*
|
|
Conrad Meyer |
247e1f8 |
@@ -200,6 +209,7 @@
|
|
|
affa7b3 |
|
|
|
affa7b3 |
void E1(uchar *k, uchar *d, uchar *out)
|
|
|
affa7b3 |
{
|
|
|
affa7b3 |
+#if defined(USEOPENSSL)
|
|
|
affa7b3 |
des_key_schedule ks;
|
|
|
affa7b3 |
des_cblock deskey;
|
|
|
affa7b3 |
|
|
Conrad Meyer |
247e1f8 |
@@ -210,6 +220,15 @@
|
|
|
affa7b3 |
des_set_key((des_cblock *)deskey,ks);
|
|
|
affa7b3 |
#endif /* __FreeBsd__ */
|
|
|
affa7b3 |
des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT);
|
|
|
affa7b3 |
+#elif defined(USELIBGCRYPT)
|
|
|
affa7b3 |
+ gcry_cipher_hd_t ks;
|
|
|
affa7b3 |
+ uchar deskey[8];
|
|
|
affa7b3 |
+ str_to_key(k,deskey);
|
|
|
affa7b3 |
+ gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
|
|
|
affa7b3 |
+ gcry_cipher_setkey(ks, deskey, 8);
|
|
|
affa7b3 |
+ gcry_cipher_encrypt(ks, out, 8, d, 8);
|
|
|
affa7b3 |
+ gcry_cipher_close(ks);
|
|
|
affa7b3 |
+#endif
|
|
|
affa7b3 |
}
|
|
|
affa7b3 |
|
|
Conrad Meyer |
247e1f8 |
#endif /* DOCRYPTO */
|
|
Conrad Meyer |
247e1f8 |
@@ -343,9 +362,16 @@
|
|
Conrad Meyer |
247e1f8 |
int i;
|
|
Conrad Meyer |
247e1f8 |
char md4[32],lanman[32];
|
|
Conrad Meyer |
247e1f8 |
char newunipw[34], despw[20], newlanpw[16], newlandes[20];
|
|
|
affa7b3 |
+#ifdef USEOPENSSL
|
|
|
affa7b3 |
des_key_schedule ks1, ks2;
|
|
|
affa7b3 |
des_cblock deskey1, deskey2;
|
|
|
affa7b3 |
MD4_CTX context;
|
|
|
affa7b3 |
+#elif defined(USELIBGCRYPT)
|
|
|
affa7b3 |
+ gcry_cipher_hd_t ks1, ks2;
|
|
|
affa7b3 |
+ uchar deskey1[8], deskey2[8];
|
|
|
affa7b3 |
+ unsigned char *p;
|
|
|
affa7b3 |
+ gcry_md_hd_t context;
|
|
|
affa7b3 |
+#endif
|
|
|
affa7b3 |
unsigned char digest[16];
|
|
Conrad Meyer |
247e1f8 |
uchar x1[] = {0x4B,0x47,0x53,0x21,0x40,0x23,0x24,0x25};
|
|
Conrad Meyer |
247e1f8 |
#endif
|
|
Conrad Meyer |
247e1f8 |
@@ -460,6 +486,7 @@
|
|
|
affa7b3 |
}
|
|
|
affa7b3 |
|
|
Conrad Meyer |
247e1f8 |
#ifdef DOCRYPTO
|
|
|
affa7b3 |
+#if defined(USEOPENSSL)
|
|
|
affa7b3 |
/* Get the two decrpt keys. */
|
|
|
affa7b3 |
sid_to_key1(rid,(unsigned char *)deskey1);
|
|
|
affa7b3 |
des_set_key((des_cblock *)deskey1,ks1);
|
|
Conrad Meyer |
247e1f8 |
@@ -477,6 +504,25 @@
|
|
|
affa7b3 |
(des_cblock *)lanman, ks1, DES_DECRYPT);
|
|
|
affa7b3 |
des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8),
|
|
|
affa7b3 |
(des_cblock *)&lanman[8], ks2, DES_DECRYPT);
|
|
|
affa7b3 |
+#elif defined(USELIBGCRYPT)
|
|
|
affa7b3 |
+ /* Start the keys */
|
|
|
affa7b3 |
+ gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
|
|
|
affa7b3 |
+ gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
|
|
|
affa7b3 |
+
|
|
|
affa7b3 |
+ /* Get the two decrpt keys. */
|
|
|
affa7b3 |
+ sid_to_key1(rid,deskey1);
|
|
|
affa7b3 |
+ gcry_cipher_setkey(ks1, deskey1, 8);
|
|
|
affa7b3 |
+ sid_to_key2(rid,deskey2);
|
|
|
affa7b3 |
+ gcry_cipher_setkey(ks2, deskey2, 8);
|
|
|
affa7b3 |
+
|
|
|
affa7b3 |
+ /* Decrypt the NT md4 password hash as two 8 byte blocks. */
|
|
|
affa7b3 |
+ gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8);
|
|
|
affa7b3 |
+ gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8);
|
|
|
affa7b3 |
+
|
|
|
affa7b3 |
+ /* Decrypt the lanman password hash as two 8 byte blocks. */
|
|
|
affa7b3 |
+ gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8);
|
|
|
affa7b3 |
+ gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8);
|
|
|
affa7b3 |
+#endif
|
|
|
affa7b3 |
|
|
|
affa7b3 |
if (gverbose) {
|
|
|
affa7b3 |
hexprnt("MD4 hash : ",(unsigned char *)md4,16);
|
|
Conrad Meyer |
247e1f8 |
@@ -544,9 +590,17 @@
|
|
|
affa7b3 |
|
|
|
affa7b3 |
/* printf("Ucase Lanman: %s\n",newlanpw); */
|
|
|
affa7b3 |
|
|
|
affa7b3 |
+#if defined(USEOPENSSL)
|
|
|
affa7b3 |
MD4Init (&context);
|
|
|
affa7b3 |
MD4Update (&context, newunipw, pl<<1);
|
|
|
affa7b3 |
MD4Final (digest, &context);
|
|
|
affa7b3 |
+#elif defined(USELIBGCRYPT)
|
|
|
affa7b3 |
+ gcry_md_open(&context, GCRY_MD_MD4, 0);
|
|
|
affa7b3 |
+ gcry_md_write(context, newunipw, pl<<1);
|
|
|
affa7b3 |
+ p = gcry_md_read(context, GCRY_MD_MD4);
|
|
|
affa7b3 |
+ if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4));
|
|
|
affa7b3 |
+ gcry_md_close(context);
|
|
|
affa7b3 |
+#endif
|
|
|
affa7b3 |
|
|
|
affa7b3 |
if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16);
|
|
|
affa7b3 |
|
|
Conrad Meyer |
247e1f8 |
@@ -555,6 +609,7 @@
|
|
|
affa7b3 |
|
|
|
affa7b3 |
if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16);
|
|
|
affa7b3 |
|
|
|
affa7b3 |
+#if defined(USEOPENSSL)
|
|
|
affa7b3 |
/* Encrypt the NT md4 password hash as two 8 byte blocks. */
|
|
|
affa7b3 |
des_ecb_encrypt((des_cblock *)digest,
|
|
|
affa7b3 |
(des_cblock *)despw, ks1, DES_ENCRYPT);
|
|
Conrad Meyer |
247e1f8 |
@@ -565,6 +620,18 @@
|
|
|
affa7b3 |
(des_cblock *)newlandes, ks1, DES_ENCRYPT);
|
|
|
affa7b3 |
des_ecb_encrypt((des_cblock *)(lanman+8),
|
|
|
affa7b3 |
(des_cblock *)&newlandes[8], ks2, DES_ENCRYPT);
|
|
|
affa7b3 |
+#elif defined(USELIBGCRYPT)
|
|
|
affa7b3 |
+ /* Encrypt the NT md4 password hash as two 8 byte blocks. */
|
|
|
affa7b3 |
+ gcry_cipher_encrypt(ks1, despw, 8, digest, 8);
|
|
|
affa7b3 |
+ gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8);
|
|
|
affa7b3 |
+
|
|
|
affa7b3 |
+ gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8);
|
|
|
affa7b3 |
+ gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8);
|
|
|
affa7b3 |
+
|
|
|
affa7b3 |
+ /* Close keys, not needed after this */
|
|
|
affa7b3 |
+ gcry_cipher_close(ks1);
|
|
|
affa7b3 |
+ gcry_cipher_close(ks2);
|
|
|
affa7b3 |
+#endif
|
|
|
affa7b3 |
|
|
|
affa7b3 |
if (gverbose) {
|
|
|
affa7b3 |
hexprnt("NEW DES crypt : ",(unsigned char *)despw,16);
|
|
Conrad Meyer |
247e1f8 |
--- a/Makefile
|
|
Conrad Meyer |
247e1f8 |
+++ b/Makefile
|
|
Conrad Meyer |
247e1f8 |
@@ -2,28 +2,10 @@
|
|
|
affa7b3 |
# Makefile for the Offline NT Password Editor
|
|
|
affa7b3 |
#
|
|
|
affa7b3 |
-#
|
|
|
affa7b3 |
-# Change here to point to the needed OpenSSL libraries & .h files
|
|
|
affa7b3 |
-# See INSTALL for more info.
|
|
|
affa7b3 |
-#
|
|
|
affa7b3 |
-
|
|
|
affa7b3 |
-#SSLPATH=/usr/local/ssl
|
|
|
affa7b3 |
-OSSLPATH=/usr
|
|
|
affa7b3 |
-OSSLINC=$(OSSLPATH)/include
|
|
|
affa7b3 |
|
|
|
affa7b3 |
CC=gcc
|
|
|
affa7b3 |
+CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS)
|
|
|
affa7b3 |
|
|
|
affa7b3 |
-# Force 32 bit
|
|
Conrad Meyer |
fd64259 |
-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32
|
|
|
affa7b3 |
-OSSLLIB=$(OSSLPATH)/lib
|
|
|
affa7b3 |
-
|
|
|
affa7b3 |
-# 64 bit if default for compiler setup
|
|
|
affa7b3 |
-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall
|
|
|
affa7b3 |
-#OSSLLIB=$(OSSLPATH)/lib64
|
|
|
affa7b3 |
-
|
|
|
affa7b3 |
-
|
|
|
affa7b3 |
-# This is to link with whatever we have, SSL crypto lib we put in static
|
|
Conrad Meyer |
247e1f8 |
-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a
|
|
Conrad Meyer |
247e1f8 |
-LIBS=-L$(OSSLLIB)
|
|
|
affa7b3 |
+LIBS=$(shell libgcrypt-config --libs)
|
|
|
affa7b3 |
|
|
|
affa7b3 |
|
|
Conrad Meyer |
247e1f8 |
all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static
|