Last active
November 19, 2018 22:27
-
-
Save red0xff/034c32990f9ed6c3f0f913cc99e0e2fc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// https://red0xff.blogspot.com/2018/11/ritsec-cictrohash-writeup.html | |
#include<stdint.h> | |
#include<stdio.h> | |
unsigned char state[8] = { 31, 56, 156, 167, 38, 240, 174, 248 }; | |
unsigned char* w[2]; | |
void reset() | |
{ | |
for (int i = 0; i < 4; i++) | |
w[0][i] = state[i]; | |
for (int i = 0; i < 4; i++) | |
w[1][i] = state[4+i]; | |
} | |
int32_t hash(char a, char b, char c, char d) | |
{ | |
w[0][0] ^= a; | |
w[0][1] ^= b; | |
w[0][2] ^= c; | |
w[0][3] ^= d; | |
f(); | |
return (w[0][0]<<24) | (w[0][1] << 16) | (w[0][2] << 8) | w[0][3]; | |
} | |
void f() | |
{ | |
for (int i = 0; i < 50; i++) | |
myround(); | |
} | |
void myround() | |
{ | |
alpha(); | |
beta(); | |
mygamma(); | |
sigma(); | |
} | |
void alpha() | |
{ | |
char* tmp = w[0]; | |
w[0] = w[1]; | |
w[1] = tmp; | |
} | |
void beta() | |
{ | |
w[0][0] ^= w[1][3]; | |
w[0][1] ^= w[1][2]; | |
w[0][2] ^= w[1][1]; | |
w[0][3] ^= w[1][0]; | |
} | |
void mygamma() | |
{ | |
char a, b, c, d, e, f, g, h; | |
a = w[0][0]; | |
b = w[0][1]; | |
c = w[0][2]; | |
d = w[0][3]; | |
e = w[1][0]; | |
f = w[1][1]; | |
g = w[1][2]; | |
h = w[1][3]; | |
w[0][0] = h; | |
w[0][1] = e; | |
w[0][2] = g; | |
w[0][3] = a; | |
w[1][0] = f; | |
w[1][1] = d; | |
w[1][2] = b; | |
w[1][3] = c; | |
} | |
void sigma() | |
{ | |
w[0][0] = (w[0][0] << 1) | (w[0][0] >> 7); | |
w[1][0] = (w[1][0] << 1) | (w[1][0] >> 7); | |
w[0][2] = (w[0][2] << 1) | (w[0][2] >> 7); | |
w[1][2] = (w[1][2] << 1) | (w[1][2] >> 7); | |
w[0][1] = (w[0][1] >> 1) | (w[0][1] << 7); | |
w[1][1] = (w[1][1] >> 1) | (w[1][1] << 7); | |
w[0][3] = (w[0][3] >> 1) | (w[0][3] << 7); | |
w[1][3] = (w[1][3] >> 1) | (w[1][3] << 7); | |
} | |
int32_t values[500000]; | |
int32_t elems[500000]; | |
FILE* output; | |
FILE* output2; | |
FILE* elems_file; | |
int main() | |
{ | |
w[0] = malloc(4*sizeof(char)); | |
w[1] = malloc(4*sizeof(char)); | |
output = fopen("4bytehashes","w"); | |
output2 = fopen("8bytehashes", "w"); | |
elems_file = fopen("8byteprefixes","w"); | |
reset(); | |
int i = 0; | |
int rounds = 0; | |
for (unsigned char a = 122; a != 32; a--) | |
{ | |
for (unsigned char b = 122; b != 32; b--) | |
{ | |
for (unsigned char c = 122; c != 32; c--) | |
{ | |
for (unsigned char d = 122; d != 32; d--) | |
{ | |
int32_t h = hash(a, b, c, d); | |
reset(); | |
//int32_t h = hash(0xde, 0xad, 0xbe, 0xef); | |
values[i++] = h; | |
if (i == 500000) | |
{ | |
rounds += 1; | |
write_to_file(i); | |
i = 0; | |
if (rounds == 100) goto out; | |
} | |
} | |
} | |
} | |
} | |
out: | |
fclose(output); | |
rounds = 0; | |
for (unsigned char a = 65; a != 127; a++) | |
{ | |
for (unsigned char b = 65; b != 127; b++) | |
{ | |
for (unsigned char c = 65; c != 127; c++) | |
{ | |
for (unsigned char d = 65; d != 127; d++) | |
{ | |
char r1 = 32 + (rand() % (126-32)); | |
char r2 = 32 + (rand() % (126-32)); | |
char r3 = 32 + (rand() % (126-32)); | |
char r4 = 32 + (rand() % (126-32)); | |
int32_t h = hash(r1, r2, r3, r4); | |
h = hash(a, b, c, d); | |
reset(); | |
values[i] = h; | |
elems[i++] = (r1 << 24) | (r2 << 16) | (r3 << 8) | r4; | |
if (i == 500000) | |
{ | |
rounds += 1; | |
write_to_other(i); | |
i = 0; | |
if (rounds == 100) goto out2; | |
} | |
} | |
} | |
} | |
} | |
out2: | |
fclose(output); | |
} | |
void write_to_file(int i) | |
{ | |
printf("[+] saved another %d hashes in (1)\n", i); | |
for (int k = 0; k < i; k++) | |
fprintf(output, "%u\n", values[k]); | |
} | |
void write_to_other(int i) | |
{ | |
printf("[+] saved another %d hashes in (2)\n", i); | |
for (int k = 0; k < i; k++) | |
{ | |
fprintf(output2, "%u\n", values[k]); | |
fprintf(elems_file, "%u\n", elems[k]); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment