Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ;######################### Created by Bearchik http://crazyasm.blogspot.com
- ;######################### Sha-1Brute.rc
- #define IDD_MAIN 101
- #define KEYEDIT 102
- #define STRINGEDIT 103
- #define IDC_STC1 104
- #define COUNTEDIT 106
- #define IDC_STC3 107
- #define DICTEDIT 108
- #define IDC_STC4 109
- #define String 105
- IDD_MAIN DIALOGEX 6,6,234,81
- CAPTION "SHA-1 BrutForcer"
- FONT 8,"Tahoma",0,0,0
- STYLE 0x10CF0800
- BEGIN
- CONTROL "OK",1,"Button",0x50010000,180,66,48,13
- CONTROL "Cancel",2,"Button",0x50010000,128,66,48,13
- CONTROL "",KEYEDIT,"Edit",0x50010000,33,12,195,12,0x00000200
- CONTROL "",STRINGEDIT,"Edit",0x50010000,33,30,195,12,0x00000200
- CONTROL "SHA-1:",IDC_STC1,"Static",0x50000000,6,15,27,9
- CONTROL "",COUNTEDIT,"Edit",0x58010000,33,66,90,12,0x00000200
- CONTROL "Count:",IDC_STC3,"Static",0x50000000,6,69,21,9
- CONTROL "",DICTEDIT,"Edit",0x50010000,33,48,195,12,0x00000200
- CONTROL "Dict:",IDC_STC4,"Static",0x50000000,6,51,18,9
- CONTROL "String:",String,"Static",0x50000000,6,33,24,9
- END
- ;######################### Sha-1Brute.inc
- include windows.inc
- include kernel32.inc
- include user32.inc
- include Comctl32.inc
- include shell32.inc
- includelib kernel32.lib
- includelib user32.lib
- includelib Comctl32.lib
- includelib shell32.lib
- DlgProc PROTO :HWND,:UINT,:WPARAM,:LPARAM
- Permute PROTO :DWORD, :DWORD, :DWORD
- f1 PROTO :DWORD, :DWORD, :DWORD
- f2 PROTO :DWORD, :DWORD, :DWORD
- f3 PROTO :DWORD, :DWORD, :DWORD
- compileString PROTO :DWORD, :DWORD
- topLVL PROTO :DWORD, :DWORD
- CheckSHA PROTO :DWORD, :DWORD
- Counter PROTO :DWORD, :DWORD
- SymbLower PROTO :DWORD
- PermuteThread PROTO :DWORD
- CalcKey PROTO :DWORD
- CreateHEX PROTO
- .const
- IDD_MAIN equ 101
- KEYEDIT equ 102
- STRINGEDIT equ 103
- COUNTEDIT equ 106
- DICTEDIT equ 108
- WM_FINISH EQU WM_USER+100h
- ;#########################################################################
- .data
- dict db "abcdefghiklmnopqrstuvwxyzABCDEFGHIKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()-=_+,./?|\[]",0
- errTitle db "ERROR", 0h
- errText1 db "SHA key size must be 40 symbols!",0h
- errText2 db "Nothing found!",0h
- foundTitle db "String Found!",0h
- foundText db "sdfsdf",0h
- H0 dd 67452301h
- H1 dd 0EFCDAB89h
- H2 dd 98BADCFEh
- H3 dd 10325476h
- H4 dd 0C3D2E1F0h
- K1 dd 5A827999h
- K2 dd 6ED9EBA1h
- K3 dd 8F1BBCDCh
- K4 dd 0CA62C1D6h
- .data?
- hWintmp dd ?
- fflag db ?
- shakeystring db 29h dup (?)
- sha1H0 dd ?
- sha1H1 dd ?
- sha1H2 dd ?
- sha1H3 dd ?
- sha1H4 dd ?
- tmpH0 dd ?
- tmpH1 dd ?
- tmpH2 dd ?
- tmpH3 dd ?
- tmpH4 dd ?
- aav dd ?
- bbv dd ?
- ccv dd ?
- ddv dd ?
- eev dd ?
- k dd ?
- temp dd ?
- lengh db ?
- hInstance dd ?
- recKey dd ?
- pThread dd ?
- mkey db 320 DUP (?)
- string db 10h dup (?)
- clearstring db 10h dup (?)
- tempdict db 53h dup(?)
- pBrut dd 51h dup(?)
- itercount db 20h dup (?)
- ;######################### Sha-1Brute.asm
- .486
- .model flat, stdcall ;32 bit memory model
- option casemap :none ;case sensitive
- include Sha-1Brute.inc
- .code
- start:
- invoke GetModuleHandle,NULL
- mov hInstance,eax
- invoke InitCommonControls
- invoke DialogBoxParam,hInstance,IDD_MAIN,NULL,addr DlgProc,NULL
- invoke ExitProcess,0
- ;########################################################################
- DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
- mov eax, hWin
- mov hWintmp, eax
- mov eax,uMsg
- .if eax==WM_INITDIALOG
- invoke SetDlgItemText, hWin, DICTEDIT, addr dict
- ;initialization here
- .elseif eax==WM_COMMAND
- mov edx,wParam
- movzx eax,dx
- shr edx,16
- .if edx==BN_CLICKED
- .if eax==IDOK
- invoke GetDlgItemText, hWin, KEYEDIT, addr shakeystring, sizeof shakeystring
- .if eax != 28h
- invoke MessageBox, hWin, addr errText1, addr errTitle, MB_ICONERROR
- jmp @f
- .endif
- invoke SymbLower, addr shakeystring
- invoke CreateHEX
- invoke GetDlgItemText, hWin, DICTEDIT, addr tempdict, sizeof tempdict
- invoke CreateThread, NULL, 10240, offset PermuteThread, eax, NULL, pThread
- .if eax == -1
- invoke MessageBox, hWin, addr errText2, addr errTitle, MB_ICONERROR
- .endif
- @@:
- .elseif eax==IDCANCEL
- invoke SendMessage,hWin,WM_CLOSE,NULL,NULL
- .endif
- .endif
- .elseif eax==WM_FINISH
- invoke SetDlgItemText, hWin, STRINGEDIT, addr clearstring
- .elseif eax==WM_CLOSE
- invoke EndDialog,hWin,0
- .else
- mov eax,FALSE
- ret
- .endif
- mov eax,TRUE
- ret
- DlgProc endp
- Permute proc uses ebx ecx edx esi edi countSym:DWORD, recur:DWORD, pBrutaddr:DWORD
- lea esi, tempdict
- mov edi, pBrutaddr
- .if recur == 0
- invoke topLVL, countSym, pBrutaddr
- mov eax, recur
- inc eax
- mov ebx, pBrutaddr
- add ebx, 4h
- invoke Permute, countSym, eax, ebx
- mov DWORD PTR [edi], esi
- jmp exitTopLvl
- .endif
- mov eax, esi
- add eax, countSym
- .if DWORD PTR [edi-4h] == eax && DWORD PTR [edi] == 0
- mov DWORD PTR [edi], esi
- .elseif
- .if DWORD PTR [edi] == eax
- mov eax, recur
- inc eax
- mov ebx, pBrutaddr
- add ebx, 4h
- invoke Permute, countSym, eax, ebx
- mov DWORD PTR [edi], esi
- .elseif
- inc DWORD PTR [edi]
- .endif
- .endif
- exitTopLvl:
- mov eax, countSym
- dec eax
- .if recur > eax
- mov recKey, -1h
- .endif
- ret
- Permute endp
- topLVL proc uses eax ebx ecx edx esi edi countSym:DWORD, pBrutaddr:DWORD
- lea esi, tempdict
- mov edi, pBrutaddr
- xor ecx, ecx
- mov DWORD PTR [edi], esi
- @@:
- invoke compileString, offset string, offset pBrut
- invoke CalcKey, offset string
- invoke CheckSHA, offset sha1H0, offset tmpH0
- inc DWORD PTR [edi]
- inc ecx
- .if ecx == countSym
- jmp @f
- .endif
- jmp @b
- @@:
- lea esi, dict
- ret
- topLVL endp
- PermuteThread proc countSym:DWORD
- @@:
- invoke Permute, countSym, 0, offset pBrut
- .if recKey == -1h
- jmp nf
- .endif
- .if fflag == 1h
- jmp @f
- .endif
- jmp @b
- nf:
- mov eax, -1h
- @@:
- ret
- PermuteThread endp
- compileString proc uses eax ecx esi edi tmpString:DWORD, pBrutaddr:DWORD
- mov edi, tmpString
- mov esi, pBrutaddr
- @@:
- mov eax, DWORD PTR [esi]
- mov al, BYTE PTR [eax]
- mov BYTE PTR [edi], al
- .if DWORD PTR [esi+4h] == 0
- jmp @f
- .endif
- inc edi
- add esi, 4h
- jmp @b
- @@:
- ret
- compileString endp
- SymbLower proc uses ecx edi straddr:DWORD
- mov ecx, 28h
- mov edi, straddr
- @@:
- .if BYTE PTR [edi] < 61h && BYTE PTR [edi] >= 41h
- add BYTE PTR [edi], 20h
- .endif
- inc edi
- loop @b
- ret
- SymbLower endp
- CreateHEX proc uses eax ebx ecx edx esi edi
- lea edi, shakeystring+27h
- lea esi, sha1H4
- push esi
- nextquad:
- mov ecx, 8h
- mov esi, 10h
- xor eax, eax
- mov edx, 1h
- nextsymb:
- xor ebx, ebx
- mov bl, BYTE PTR [edi]
- .if ebx > 39h
- sub bl, 57h
- jmp @f
- .endif
- sub bl, 30h
- @@:
- imul ebx, edx
- add eax, ebx
- imul edx, esi
- dec edi
- loop nextsymb
- pop esi
- mov DWORD PTR [esi], eax
- sub esi, 4h
- push esi
- .if edi != offset shakeystring-1h
- jmp nextquad
- .endif
- pop esi
- ret
- CreateHEX endp
- CalcKey proc uses ecx edi esi stroka:DWORD
- lea eax, mkey
- mov ecx, 320
- @@:
- mov BYTE PTR [eax], 0h
- inc eax
- loop @b
- mov eax, stroka
- xor ecx, ecx
- @@:
- cmp BYTE PTR [eax], 0
- jz @f
- inc ecx
- inc eax
- jmp @b
- @@:
- mov lengh, cl
- lea edi, mkey
- mov esi, stroka
- rep movsb
- mov BYTE PTR [edi], 80h
- lea eax, mkey
- add eax, 3Eh
- xor ebx, ebx
- mov bl, lengh
- shl ebx, 3h
- xchg bl, bh
- mov WORD PTR [eax], bx
- lea edi, mkey
- mov ecx, 10h
- @@:
- mov eax,DWORD PTR [edi]
- bswap eax
- mov DWORD PTR [edi], eax
- add edi, 4h
- loop @b
- lea eax, mkey
- mov ebx, edi
- sub ebx, eax
- shr ebx, 2h
- mov eax, 50h
- sub eax, ebx
- @@:
- mov ebx, DWORD PTR [edi-3*4h]
- xor ebx, DWORD PTR [edi-8*4h]
- xor ebx, DWORD PTR [edi-0Eh*4h]
- xor ebx, DWORD PTR [edi-10h*4h]
- rol ebx, 1
- mov DWORD PTR [edi], ebx
- add edi, 4
- inc ecx
- .if ecx < eax
- jmp @b
- .endif
- xor ecx, ecx
- mov ebx, H0
- mov aav, ebx
- mov ebx, H1
- mov bbv, ebx
- mov ebx, H2
- mov ccv, ebx
- mov ebx, H3
- mov ddv, ebx
- mov ebx, H4
- mov eev, ebx
- mainloop:
- cmp ecx, 14h
- jge nf2
- invoke f1, bbv, ccv, ddv
- mov eax, K1
- mov k, eax
- jmp ef
- nf2:
- cmp ecx, 28h
- jge nf3
- invoke f2, bbv, ccv, ddv
- mov eax, K2
- mov k, eax
- jmp ef
- nf3:
- cmp ecx, 3Ch
- jge nf4
- invoke f3, bbv, ccv, ddv
- mov eax, K3
- mov k, eax
- jmp ef
- nf4:
- invoke f2, bbv, ccv, ddv
- mov eax, K4
- mov k, eax
- ef:
- lea edi, mkey
- xor eax, eax
- mov eax, aav
- rol eax, 5
- add eax, ebx
- add eax, eev
- add eax, k
- add eax, DWORD PTR [edi+ecx*4]
- mov temp, eax
- mov eax, ddv
- mov eev, eax
- mov eax, ccv
- mov ddv, eax
- mov eax, bbv
- ror eax, 2
- mov ccv, eax
- mov eax, aav
- mov bbv, eax
- mov eax, temp
- mov aav, eax
- inc ecx
- .if ecx == 80
- jmp exitmainloop
- .endif
- jmp mainloop
- exitmainloop:
- mov eax, H0
- add eax, aav
- mov tmpH0, eax
- mov eax, H1
- add eax, bbv
- mov tmpH1, eax
- mov eax, H2
- add eax, ccv
- mov tmpH2, eax
- mov eax, H3
- add eax, ddv
- mov tmpH3, eax
- mov eax, H4
- add eax, eev
- mov tmpH4, eax
- ret
- CalcKey endp
- f1 proc bv:DWORD, cv:DWORD, dv:DWORD
- mov ebx, bv
- and ebx, cv
- mov edx, bv
- not edx
- and edx, dv
- or ebx, edx
- ret
- f1 endp
- f2 proc bv:DWORD, cv:DWORD, dv:DWORD
- mov ebx, bv
- xor ebx, cv
- xor ebx, dv
- ret
- f2 endp
- f3 proc bv:DWORD, cv:DWORD, dv:DWORD
- mov ebx, bv
- and ebx, cv
- mov edx, bv
- and edx, dv
- or ebx, edx
- mov edx, cv
- and edx, dv
- or ebx, edx
- ret
- f3 endp
- CheckSHA proc uses ecx edi esi origsha:DWORD, gensha:DWORD
- mov esi, origsha
- mov edi, gensha
- mov ecx, 5h
- @@:
- mov eax, DWORD PTR[esi]
- .if eax != DWORD PTR[edi]
- jmp @f
- .endif
- add esi, 4h
- add edi, 4h
- loop @b
- mov fflag, 1
- invoke lstrcpy, offset clearstring, offset string
- invoke PostMessage, hWintmp, WM_FINISH,NULL, NULL
- @@:
- invoke Counter, 0, offset itercount
- push ebx
- lea ebx, itercount
- add ebx, 20h
- @@:
- .if BYTE PTR [ebx-1h] == 0
- jmp @f
- .endif
- dec ebx
- jmp @b
- @@:
- invoke SetDlgItemText, hWintmp, COUNTEDIT, ebx
- pop ebx
- ret
- CheckSHA endp
- Counter proc uses edi eax ebx recur:DWORD, countaddr:DWORD
- mov edi, countaddr
- add edi, 20h
- .if BYTE PTR [edi] == 0
- .if recur == 0
- mov BYTE PTR [edi], 30h
- .elseif
- mov BYTE PTR [edi], 31h
- .endif
- .elseif BYTE PTR [edi] == 39h
- mov eax, recur
- inc eax
- mov ebx, countaddr
- dec ebx
- invoke Counter, eax, ebx
- mov BYTE PTR [edi], 30h
- .elseif
- inc BYTE PTR [edi]
- .endif
- ret
- Counter endp
- end start
Add Comment
Please, Sign In to add comment