Diversamente da quanto detto nella puntata precedente mi sono concentrato sul verificare l’algoritmo di codifica della password, realizzando un programmino allo scopo:
package net.b0sh.yiCameraClient.test;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
public class EncryptionTest {
public static void main(String[] params) {
String toBoFound = "OMESSO";
String cleanPassword = "OMESSO";
byte[] secret = "secret".getBytes();
if (digest(cleanPassword, "SHA-256").equals(toBoFound)) {
System.out.println("success");
}
if (digest(cleanPassword, "SHA-1").equals(toBoFound)) {
System.out.println("success");
}
if (digest(cleanPassword, "MD5").equals(toBoFound)) {
System.out.println("success");
}
if (hmac(cleanPassword,"HmacSHA256",secret).equals(toBoFound)) {
System.out.println("success");
}
}
private static String digest(String password, String alg) {
try {
MessageDigest md = MessageDigest.getInstance(alg);
byte[] bytes = md.digest(password.getBytes());
System.out.println(alg + " Bytes " + new String(bytes));
System.out.println(alg + " Base64 " + new String(Base64.getEncoder().encode(bytes)));
return new String(Base64.getEncoder().encode(bytes));
} catch (NoSuchAlgorithmException e) {
System.out.println("NoSuchAlgorithmException");
return "";
}
}
private static String hmac(String password, String alg, byte[] secret) {
try {
SecretKeySpec keySpec = new SecretKeySpec(secret, alg);
Mac mac = Mac.getInstance(alg);
mac.init(keySpec);
mac.update(password.getBytes());
byte[] bytes = mac.doFinal();
System.out.println(alg + " Bytes " + new String(bytes));
System.out.println(alg + " Base64 " + new String(Base64.getEncoder().encode(bytes)));
return new String(Base64.getEncoder().encode(bytes));
} catch (NoSuchAlgorithmException e) {
return "";
} catch (InvalidKeyException i) {
return "";
}
}
}
Avendo definitiva conferma che l’algoritmo utilizzato è HMAC SHA256, quindi un hash “salato” con un segreto. Il problema quindi resta individuare il segreto. HashCat pare supportare il bruteforce del sale dell’HmacSHA256. Qualcuno ha qualche PetaFLOP da prestarmi?