├── .gitignore
├── LICENSE
├── Lib
    ├── __init__.py
    ├── opencl.py
    └── pbkdf2-sha1_aes-256-cbc.cl
├── README.md
├── Run.py
└── genTestDB.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.db
2 | *.dll
3 | *.pyc
4 | password.txt
5 | .vscode
6 | __pycache__
7 | Library/__pycache__
8 | Library/*.pyc


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 whiteblackitty
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/Lib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/whiteblackitty/SQLCipher-Password-Cracker-OpenCL/7dc8147c315d625426e79673a5dc5bad7f0177b3/Lib/__init__.py


--------------------------------------------------------------------------------
/Lib/opencl.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python3
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import os
  5 | import pyopencl as cl
  6 | import numpy as np
  7 | 
  8 | class opencl_information: # opencl information class by B. Kerler
  9 | 
 10 |     def __init__(self):
 11 |         pass
 12 |     
 13 |     def printplatforms(self):
 14 |         platformNum=0
 15 |         for platform in cl.get_platforms():
 16 |             print('Platform %d - Name %s, Vendor %s' %(platformNum, platform.name, platform.vendor))
 17 |             platformNum+=1
 18 | 
 19 |     def printfullinfo(self):
 20 |         print('\n' + '=' * 60 + '\nOpenCL Platforms and Devices')
 21 |         platformNum=0
 22 |         for platform in cl.get_platforms():
 23 |             print('=' * 60)
 24 |             print('Platform %d - Name: ' %platformNum + platform.name)
 25 |             print('Platform %d - Vendor: ' %platformNum + platform.vendor)
 26 |             print('Platform %d - Version: ' %platformNum + platform.version)
 27 |             print('Platform %d - Profile: ' %platformNum + platform.profile)
 28 | 
 29 |             for device in platform.get_devices():
 30 |                 print(' ' + '-' * 56)
 31 |                 print(' Device - Name: ' \
 32 |                       + device.name)
 33 |                 print(' Device - Type: ' \
 34 |                       + cl.device_type.to_string(device.type))
 35 |                 print(' Device - Max Clock Speed: {0} Mhz' \
 36 |                       .format(device.max_clock_frequency))
 37 |                 print(' Device - Compute Units: {0}' \
 38 |                       .format(device.max_compute_units))
 39 |                 print(' Device - Local Memory: {0:.0f} KB' \
 40 |                       .format(device.local_mem_size / 1024.0))
 41 |                 print(' Device - Constant Memory: {0:.0f} KB' \
 42 |                       .format(device.max_constant_buffer_size / 1024.0))
 43 |                 print(' Device - Global Memory: {0:.0f} GB' \
 44 |                       .format(device.global_mem_size / 1073741824.0))
 45 |                 print(' Device - Max Buffer/Image Size: {0:.0f} MB' \
 46 |                       .format(device.max_mem_alloc_size / 1048576.0))
 47 |                 print(' Device - Max Work Group Size: {0:.0f}' \
 48 |                       .format(device.max_work_group_size))
 49 |                 print('\n')
 50 |             platformNum+=1
 51 | 
 52 | 
 53 | class pbkdf2_aes_opencl:
 54 | 
 55 |     OPENCL_CODE_PATH=os.path.join(os.path.dirname(__file__),"pbkdf2-sha1_aes-256-cbc.cl")
 56 | 
 57 |     def __init__(self,platform,pbkdf_salt,aes_iv,encrypted_data):
 58 |         
 59 |         platforms = cl.get_platforms()
 60 |         if (platform > len(platforms)):
 61 |             assert("Selected platform %d doesn't exist" % platform)
 62 | 
 63 |         saltlen = int(len(pbkdf_salt))
 64 |         if (saltlen>int(64)):
 65 |             print('Salt longer than 64 chars is not supported!')
 66 |             exit(0)
 67 | 
 68 |         self.pbkdf_salt=np.fromstring(pbkdf_salt, dtype=np.uint32)
 69 |         self.aes_iv=np.fromstring(aes_iv,dtype=np.uint8)
 70 |         self.encrypted_data=np.fromstring(encrypted_data,dtype=np.uint8)
 71 | 
 72 |         # Get platforms
 73 |         devices = platforms[platform].get_devices()
 74 |         # Create context for GPU/CPU
 75 |         print("Using Platform %d:" % platform)
 76 |         self.ctx = cl.Context(devices)
 77 |         
 78 |         for device in devices:
 79 |             print('--------------------------------------------------------------------------')
 80 |             print(' Device - Name: '+ device.name)
 81 |             print(' Device - Type: '+ cl.device_type.to_string(device.type))
 82 |             print(' Device - Compute Units: {0}'.format(device.max_compute_units))
 83 |             print(' Device - Max Work Group Size: {0:.0f}'.format(device.max_work_group_size))
 84 | 
 85 |         # Create queue for each kernel execution, here we only use 1 device
 86 |         self.queue = cl.CommandQueue(self.ctx,devices[0],cl.command_queue_properties.PROFILING_ENABLE)
 87 |     
 88 | 
 89 |     def compile(self,marcos=dict,writeProcessedOpenCLCode=False):
 90 |         ori_src =""
 91 |         with open(self.OPENCL_CODE_PATH, "r") as rf:
 92 |             ori_src += rf.read()
 93 | 
 94 |         proc_src=""
 95 |         for line in ori_src.splitlines():
 96 |             if marcos:# processed all the needed marcos
 97 |                 for k,v in marcos.items():
 98 |                     if line.startswith("#define "+k+" "):
 99 |                         line="#define "+k+" "+v# re-define marcos
100 |                         del(marcos[k])
101 |                         break
102 |             proc_src += line+"\n"
103 |         if marcos:
104 |             print("Error! No matched marcos in "+self.OPENCL_CODE_PATH+" :")
105 |             for k,v in marcos.iteritems():
106 |                 print(k)
107 |         if writeProcessedOpenCLCode:
108 |             with open(os.path.join(os.path.dirname(self.OPENCL_CODE_PATH),"processed.cl"), "w", encoding='utf-8') as f:
109 |                 f.write(proc_src)
110 | 
111 |         # Kernel function instantiation
112 |         self.prg = cl.Program(self.ctx, proc_src).build()
113 | 
114 | 
115 |     def run(self,password_start,password_step,printspeed=True):
116 | 
117 |         pwdim = (password_step,)# set a 1-dimension tuple to tell the runtime to generate a totalpws of kernel execution
118 |         
119 |         mf = cl.mem_flags# opencl memflag enum
120 |         
121 |         pass_g =  cl.Buffer(self.ctx, mf.READ_ONLY | mf.COPY_HOST_PTR, hostbuf=np.array(password_start,dtype=np.uint64))
122 |         salt_g = cl.Buffer(self.ctx, mf.READ_ONLY | mf.COPY_HOST_PTR, hostbuf=self.pbkdf_salt)
123 |         iv_g = cl.Buffer(self.ctx, mf.READ_ONLY | mf.COPY_HOST_PTR, hostbuf=self.aes_iv)
124 |         data_g = cl.Buffer(self.ctx, mf.READ_ONLY | mf.COPY_HOST_PTR, hostbuf=self.encrypted_data)
125 | 
126 |         result = np.zeros(password_step, dtype=np.bool)# np.zeros(numberOftheElement,elementType) name should be sync with the "result variable" in OpenCL code
127 |         result_g = cl.Buffer(self.ctx, mf.WRITE_ONLY, result.nbytes)# size should be in byte, 1byte=8bit; notice that in python, bool=8bit=1byte
128 | 
129 |         # The total time GPU used can be indicated by measuring the finish_event-start_event
130 |         #******************Call Kernel******************
131 |         start_event=cl.enqueue_marker(self.queue)
132 |         finish_event=self.prg.func_pbkdf2(self.queue, pwdim,(512,), pass_g, salt_g, iv_g, data_g, result_g)
133 |         finish_event.wait()
134 |         #******************Call Kernel****************** ,if set localsize (512,) to None,the runtime will automatically takes care of block/grid distribution
135 | 
136 |         if(printspeed):
137 |             print("OpenCL Speed: "+str(password_step/1e-9/(finish_event.profile.END-start_event.profile.START)/1000)+" K passphrase/s")
138 | 
139 |         cl.enqueue_copy(self.queue, result, result_g)# copy the result from device to host,type of "result" is a list of unsigned integer(32bit,4byte)
140 | 
141 |         return np.transpose(np.nonzero(result))+password_start# the array number of nonzero value is written to a list added by password_start value
142 | 
143 | 
144 |     
145 | 


--------------------------------------------------------------------------------
/Lib/pbkdf2-sha1_aes-256-cbc.cl:
--------------------------------------------------------------------------------
  1 | /*
  2 |     PBKDF2 SHA1 OpenCL Optimized kernel, limited to max. 32 chars for salt and password
  3 |     (c) B. Kerler 2017
  4 |     MIT License
  5 | */
  6 | /*
  7 |     AES roundkeys computing code by adrianbelgun
  8 | */
  9 | /*
 10 |     AES-256-CBC decrypting code by Omegaice
 11 | */
 12 | 
 13 | 
 14 | //PBKDF2 Related
 15 | #define CONST_BYT_ACTUAL_PWLEN 7 //actual password length.
 16 | #define CONST_BYT_SALTLEN 16 //should always be 16, according to PBKDF2 standard
 17 | #define PBKDFITER 4000//significantly affects the speed(almost linear), however, wrong iter value won't harvest expected correct result.
 18 | 
 19 | //AES Related
 20 | #define AES_CBC_256_KEY_BYTE_SIZE 32//AES-256-CBC uses a key of 256bit=32byte, this will also significantly affect the speed(longer->slower)
 21 | #define ENC_DATA_BLOCKSIZE 16 //should be always 16, according to the AES standard 
 22 | 
 23 | 
 24 | //----------------------------------------------PBKDF2-SHA1-------------------------------------------------------
 25 | 
 26 | #define rotl32(a,n) rotate ((a), (n)) 
 27 | 
 28 | uint SWAP (uint val)
 29 | {
 30 |     return (rotate(((val) & 0x00FF00FF), 24U) | rotate(((val) & 0xFF00FF00), 8U));
 31 | }
 32 | 
 33 | #define mod(x,y) x-(x/y*y)
 34 | 
 35 | #define F2(x,y,z)  ((x) ^ (y) ^ (z))
 36 | #define F1(x,y,z)   (bitselect(z,y,x))
 37 | #define F0(x,y,z)   (bitselect (x, y, (x ^ z)))
 38 | 
 39 | #define SHA1M_A 0x67452301u
 40 | #define SHA1M_B 0xefcdab89u
 41 | #define SHA1M_C 0x98badcfeu
 42 | #define SHA1M_D 0x10325476u
 43 | #define SHA1M_E 0xc3d2e1f0u
 44 | 
 45 | #define SHA1C00 0x5a827999u
 46 | #define SHA1C01 0x6ed9eba1u
 47 | #define SHA1C02 0x8f1bbcdcu
 48 | #define SHA1C03 0xca62c1d6u
 49 | 
 50 | #define SHA1_STEP(f,a,b,c,d,e,x)    \
 51 | {                                   \
 52 |   e += K;                           \
 53 |   e += x;                           \
 54 |   e += f (b, c, d);                 \
 55 |   e += rotl32 (a,  5u);             \
 56 |   b  = rotl32 (b, 30u);             \
 57 | }
 58 | 
 59 | static void sha1_process2 (const uint *W, uint *digest)
 60 | {
 61 |   uint A = digest[0];
 62 |   uint B = digest[1];
 63 |   uint C = digest[2];
 64 |   uint D = digest[3];
 65 |   uint E = digest[4];
 66 | 
 67 |   uint w0_t = W[0];
 68 |   uint w1_t = W[1];
 69 |   uint w2_t = W[2];
 70 |   uint w3_t = W[3];
 71 |   uint w4_t = W[4];
 72 |   uint w5_t = W[5];
 73 |   uint w6_t = W[6];
 74 |   uint w7_t = W[7];
 75 |   uint w8_t = W[8];
 76 |   uint w9_t = W[9];
 77 |   uint wa_t = W[10];
 78 |   uint wb_t = W[11];
 79 |   uint wc_t = W[12];
 80 |   uint wd_t = W[13];
 81 |   uint we_t = W[14];
 82 |   uint wf_t = W[15];
 83 | 
 84 |   #undef K
 85 |   #define K SHA1C00
 86 | 
 87 |   SHA1_STEP (F1, A, B, C, D, E, w0_t);
 88 |   SHA1_STEP (F1, E, A, B, C, D, w1_t);
 89 |   SHA1_STEP (F1, D, E, A, B, C, w2_t);
 90 |   SHA1_STEP (F1, C, D, E, A, B, w3_t);
 91 |   SHA1_STEP (F1, B, C, D, E, A, w4_t);
 92 |   SHA1_STEP (F1, A, B, C, D, E, w5_t);
 93 |   SHA1_STEP (F1, E, A, B, C, D, w6_t);
 94 |   SHA1_STEP (F1, D, E, A, B, C, w7_t);
 95 |   SHA1_STEP (F1, C, D, E, A, B, w8_t);
 96 |   SHA1_STEP (F1, B, C, D, E, A, w9_t);
 97 |   SHA1_STEP (F1, A, B, C, D, E, wa_t);
 98 |   SHA1_STEP (F1, E, A, B, C, D, wb_t);
 99 |   SHA1_STEP (F1, D, E, A, B, C, wc_t);
100 |   SHA1_STEP (F1, C, D, E, A, B, wd_t);
101 |   SHA1_STEP (F1, B, C, D, E, A, we_t);
102 |   SHA1_STEP (F1, A, B, C, D, E, wf_t);
103 |   w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (F1, E, A, B, C, D, w0_t);
104 |   w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (F1, D, E, A, B, C, w1_t);
105 |   w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (F1, C, D, E, A, B, w2_t);
106 |   w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (F1, B, C, D, E, A, w3_t);
107 | 
108 |   #undef K
109 |   #define K SHA1C01
110 | 
111 |   w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (F2, A, B, C, D, E, w4_t);
112 |   w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (F2, E, A, B, C, D, w5_t);
113 |   w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (F2, D, E, A, B, C, w6_t);
114 |   w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (F2, C, D, E, A, B, w7_t);
115 |   w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (F2, B, C, D, E, A, w8_t);
116 |   w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (F2, A, B, C, D, E, w9_t);
117 |   wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (F2, E, A, B, C, D, wa_t);
118 |   wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (F2, D, E, A, B, C, wb_t);
119 |   wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (F2, C, D, E, A, B, wc_t);
120 |   wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (F2, B, C, D, E, A, wd_t);
121 |   we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (F2, A, B, C, D, E, we_t);
122 |   wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (F2, E, A, B, C, D, wf_t);
123 |   w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (F2, D, E, A, B, C, w0_t);
124 |   w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (F2, C, D, E, A, B, w1_t);
125 |   w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (F2, B, C, D, E, A, w2_t);
126 |   w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (F2, A, B, C, D, E, w3_t);
127 |   w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (F2, E, A, B, C, D, w4_t);
128 |   w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (F2, D, E, A, B, C, w5_t);
129 |   w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (F2, C, D, E, A, B, w6_t);
130 |   w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (F2, B, C, D, E, A, w7_t);
131 | 
132 |   #undef K
133 |   #define K SHA1C02
134 | 
135 |   w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (F0, A, B, C, D, E, w8_t);
136 |   w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (F0, E, A, B, C, D, w9_t);
137 |   wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (F0, D, E, A, B, C, wa_t);
138 |   wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (F0, C, D, E, A, B, wb_t);
139 |   wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (F0, B, C, D, E, A, wc_t);
140 |   wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (F0, A, B, C, D, E, wd_t);
141 |   we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (F0, E, A, B, C, D, we_t);
142 |   wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (F0, D, E, A, B, C, wf_t);
143 |   w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (F0, C, D, E, A, B, w0_t);
144 |   w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (F0, B, C, D, E, A, w1_t);
145 |   w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (F0, A, B, C, D, E, w2_t);
146 |   w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (F0, E, A, B, C, D, w3_t);
147 |   w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (F0, D, E, A, B, C, w4_t);
148 |   w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (F0, C, D, E, A, B, w5_t);
149 |   w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (F0, B, C, D, E, A, w6_t);
150 |   w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (F0, A, B, C, D, E, w7_t);
151 |   w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (F0, E, A, B, C, D, w8_t);
152 |   w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (F0, D, E, A, B, C, w9_t);
153 |   wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (F0, C, D, E, A, B, wa_t);
154 |   wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (F0, B, C, D, E, A, wb_t);
155 | 
156 |   #undef K
157 |   #define K SHA1C03
158 | 
159 |   wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (F2, A, B, C, D, E, wc_t);
160 |   wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (F2, E, A, B, C, D, wd_t);
161 |   we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (F2, D, E, A, B, C, we_t);
162 |   wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (F2, C, D, E, A, B, wf_t);
163 |   w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (F2, B, C, D, E, A, w0_t);
164 |   w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (F2, A, B, C, D, E, w1_t);
165 |   w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (F2, E, A, B, C, D, w2_t);
166 |   w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (F2, D, E, A, B, C, w3_t);
167 |   w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (F2, C, D, E, A, B, w4_t);
168 |   w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (F2, B, C, D, E, A, w5_t);
169 |   w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (F2, A, B, C, D, E, w6_t);
170 |   w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (F2, E, A, B, C, D, w7_t);
171 |   w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (F2, D, E, A, B, C, w8_t);
172 |   w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (F2, C, D, E, A, B, w9_t);
173 |   wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (F2, B, C, D, E, A, wa_t);
174 |   wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (F2, A, B, C, D, E, wb_t);
175 |   wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (F2, E, A, B, C, D, wc_t);
176 |   wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (F2, D, E, A, B, C, wd_t);
177 |   we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (F2, C, D, E, A, B, we_t);
178 |   wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (F2, B, C, D, E, A, wf_t);
179 | 
180 |   digest[0] += A;
181 |   digest[1] += B;
182 |   digest[2] += C;
183 |   digest[3] += D;
184 |   digest[4] += E;
185 | } 
186 | 
187 | static void pbkdf(const uint *pass, int pass_len,__constant const uint *salt, int salt_len,uint* hash)
188 | {
189 |     int plen=pass_len/4;
190 |     if (mod(pass_len,4)) plen++;
191 | 
192 |     int slen=salt_len/4;
193 |     if (mod(salt_len,4)) slen++;
194 | 
195 |     uint* p = hash;
196 | 
197 |     uint ipad[16];
198 |     ipad[0x0]=0x36363636;
199 |     ipad[0x1]=0x36363636;
200 |     ipad[0x2]=0x36363636;
201 |     ipad[0x3]=0x36363636;
202 |     ipad[0x4]=0x36363636;
203 |     ipad[0x5]=0x36363636;
204 |     ipad[0x6]=0x36363636;
205 |     ipad[0x7]=0x36363636;
206 |     ipad[0x8]=0x36363636;
207 |     ipad[0x9]=0x36363636;
208 |     ipad[0xA]=0x36363636;
209 |     ipad[0xB]=0x36363636;
210 |     ipad[0xC]=0x36363636;
211 |     ipad[0xD]=0x36363636;
212 |     ipad[0xE]=0x36363636;
213 |     ipad[0xF]=0x36363636;
214 | 
215 |     uint opad[16];
216 |     opad[0x0]=0x5C5C5C5C;
217 |     opad[0x1]=0x5C5C5C5C;
218 |     opad[0x2]=0x5C5C5C5C;
219 |     opad[0x3]=0x5C5C5C5C;
220 |     opad[0x4]=0x5C5C5C5C;
221 |     opad[0x5]=0x5C5C5C5C;
222 |     opad[0x6]=0x5C5C5C5C;
223 |     opad[0x7]=0x5C5C5C5C;
224 |     opad[0x8]=0x5C5C5C5C;
225 |     opad[0x9]=0x5C5C5C5C;
226 |     opad[0xA]=0x5C5C5C5C;
227 |     opad[0xB]=0x5C5C5C5C;
228 |     opad[0xC]=0x5C5C5C5C;
229 |     opad[0xD]=0x5C5C5C5C;
230 |     opad[0xE]=0x5C5C5C5C;
231 |     opad[0xF]=0x5C5C5C5C;
232 | 
233 |     #pragma unroll CONST_BYT_ACTUAL_PWLEN
234 |     for (int m=0;m<plen && m<16;m++)
235 |     {
236 |         ipad[m]^=SWAP(pass[m]);
237 |         opad[m]^=SWAP(pass[m]);
238 |     }
239 | 
240 |     // precompute ipad
241 |             uint stateipad[5]={0};
242 |             stateipad[0] = 0x67452301;
243 |             stateipad[1] = 0xefcdab89;
244 |             stateipad[2] = 0x98badcfe;
245 |             stateipad[3] = 0x10325476;
246 |             stateipad[4] = 0xc3d2e1f0;
247 | 
248 |             //->sha256_update(state,W,ilenor,wposr,ipad,0x40);
249 |             uint W[0x10]={0};
250 |             W[0]=ipad[0];
251 |             W[1]=ipad[1];
252 |             W[2]=ipad[2];
253 |             W[3]=ipad[3];
254 |             W[4]=ipad[4];
255 |             W[5]=ipad[5];
256 |             W[6]=ipad[6];
257 |             W[7]=ipad[7];
258 |             W[8]=ipad[8];
259 |             W[9]=ipad[9];
260 |             W[10]=ipad[10];
261 |             W[11]=ipad[11];
262 |             W[12]=ipad[12];
263 |             W[13]=ipad[13];
264 |             W[14]=ipad[14];
265 |             W[15]=ipad[15];
266 |             sha1_process2(W,stateipad);
267 | 
268 |         // precompute ipad
269 |             uint stateopad[5]={0};
270 |             stateopad[0] = 0x67452301;
271 |             stateopad[1] = 0xefcdab89;
272 |             stateopad[2] = 0x98badcfe;
273 |             stateopad[3] = 0x10325476;
274 |             stateopad[4] = 0xc3d2e1f0;
275 | 
276 |             //->sha1_update(state,W,ilenor,wposr,ipad,0x40);
277 |             W[0]=opad[0];
278 |             W[1]=opad[1];
279 |             W[2]=opad[2];
280 |             W[3]=opad[3];
281 |             W[4]=opad[4];
282 |             W[5]=opad[5];
283 |             W[6]=opad[6];
284 |             W[7]=opad[7];
285 |             W[8]=opad[8];
286 |             W[9]=opad[9];
287 |             W[10]=opad[10];
288 |             W[11]=opad[11];
289 |             W[12]=opad[12];
290 |             W[13]=opad[13];
291 |             W[14]=opad[14];
292 |             W[15]=opad[15];
293 |             sha1_process2(W,stateopad);
294 | 
295 |     uint counter = 1;
296 |     uint state[5]={0};
297 |     
298 |     uint tkeylen=AES_CBC_256_KEY_BYTE_SIZE;
299 | 	uint cplen=0;
300 | 	while(tkeylen>0) 
301 |     {
302 | 		if(tkeylen > 20) cplen = 20;
303 | 		else cplen=tkeylen;
304 |         
305 |         //hmac_sha1_init(state,W,ileno,wpos,ipad,opad,pwd);
306 |         //->sha1_init(state,W,ileno,wpos);
307 |         //->sha1_update(state,W,ileno,wpos,ipad,0x40);
308 |         state[0] = stateipad[0];
309 |         state[1] = stateipad[1];
310 |         state[2] = stateipad[2];
311 |         state[3] = stateipad[3];
312 |         state[4] = stateipad[4];
313 |         //hmac_sha1_update(state,W,ileno,wpos,ipad,opad,salt,salt_len);
314 |         //->sha1_update(state,W,ileno,wpos,salt,salt_len);
315 |         //hmac_sha1_update(state,W,ileno,wpos,ipad,opad,itmp,4);
316 |         //->sha1_update(state,W,ileno,wpos,itmp,4);
317 |         W[0]=0;
318 |         W[1]=0;
319 |         W[2]=0;
320 |         W[3]=0;
321 |         W[4]=0;
322 |         W[5]=0;
323 |         W[6]=0;
324 |         W[7]=0;
325 |         W[8]=0;
326 |         W[9]=0;
327 |         W[10]=0;
328 |         W[11]=0;
329 |         W[12]=0;
330 |         W[13]=0;
331 |         W[14]=0;
332 |         #pragma unroll 16
333 |         for (int m=0;m<slen;m++)
334 |         {
335 |             W[m]=SWAP(salt[m]);
336 |         }
337 |         W[slen]=counter;
338 | 
339 |         uint padding=0x80<<(((salt_len+4)-((salt_len+4)/4*4))*8);
340 |         W[((mod((salt_len+4),(16*4)))/4)]|=SWAP(padding);
341 |             // Let's add length
342 |         W[0x0F]=(0x40+(salt_len+4))*8;
343 | 
344 |         //W[slen+1]=0x80000000;
345 |         //W[15]=0x54*8;
346 |         //hmac_sha1_final(state,W,ileno,ipad,opad,digtmp);
347 |         //->sha1_finish(state,W,ileno,&opad[0x10]);
348 |         sha1_process2(W,state);
349 | 
350 |         //sha1(opad,0x54,digtmp);
351 | 		//->sha1_init(state,W,ileno,wpos);
352 | 		//->sha1_update(state,W,ileno,wpos,opad,0x54);
353 | 		//->sha1_finish(state,W,ileno,digtmp);
354 |         
355 |         W[0]=state[0];
356 |         W[1]=state[1];
357 |         W[2]=state[2];
358 |         W[3]=state[3];
359 |         W[4]=state[4];
360 |         W[5]=0x80000000;
361 |         W[6]=0x0;
362 |         W[7]=0x0;
363 |         W[8]=0x0;
364 |         W[9]=0;
365 |         W[10]=0;
366 |         W[11]=0;
367 |         W[12]=0;
368 |         W[13]=0;
369 |         W[14]=0;
370 |         W[15]=0x54*8;
371 | 
372 |         state[0]=stateopad[0];
373 |         state[1]=stateopad[1];
374 |         state[2]=stateopad[2];
375 |         state[3]=stateopad[3];
376 |         state[4]=stateopad[4];
377 | 
378 |         //sha256_finish(state,W,ileno,digtmp);
379 |         sha1_process2(W,state);
380 | 
381 |         p[0]=W[0]=state[0];
382 |         p[1]=W[1]=state[1];
383 |         p[2]=W[2]=state[2];
384 |         p[3]=W[3]=state[3];
385 |         p[4]=W[4]=state[4];
386 | 
387 |         uint M[0x10];
388 |         //very time consuming
389 |         #pragma unroll
390 |         for(int j = 1; j < PBKDFITER; j++) 
391 |         {
392 |             //hmac_sha1(pwd,digtmp,32,digtmp);
393 |             //->sha1_init(state,W,ilenor,wposr);
394 |             //->sha1_update(state,W,ilenor,wposr,digtmp,32);
395 |             //->sha1_finish(state,W,ileno,&opad[0x10]);
396 | 
397 |             W[5]=0x80000000; //Padding
398 |             W[6]=0;
399 |             W[7]=0;
400 |             W[8]=0;
401 |             W[9]=0;
402 |             W[10]=0;
403 |             W[11]=0;
404 |             W[12]=0;
405 |             W[13]=0;
406 |             W[14]=0;
407 |             W[15]=0x54*8;
408 |             state[0] = stateipad[0];
409 |             state[1] = stateipad[1];
410 |             state[2] = stateipad[2];
411 |             state[3] = stateipad[3];
412 |             state[4] = stateipad[4];
413 |             sha1_process2(W,state);
414 | 
415 |             
416 |             
417 |             M[0]=state[0];
418 |             M[1]=state[1];
419 |             M[2]=state[2];
420 |             M[3]=state[3];
421 |             M[4]=state[4];
422 |             M[5]=0x80000000; //Padding
423 |             M[6]=0;
424 |             M[7]=0;
425 |             M[8]=0;
426 |             M[9]=0;
427 |             M[10]=0;
428 |             M[11]=0;
429 |             M[12]=0;
430 |             M[13]=0;
431 |             M[14]=0;
432 |             M[15]=0x54*8;
433 | 
434 |             //->sha1_init(state,W,ilenor,wposr);
435 |             //->sha1_update(state,W,ilenor,wposr,opad,0x60);
436 |             state[0] = stateopad[0];
437 |             state[1] = stateopad[1];
438 |             state[2] = stateopad[2];
439 |             state[3] = stateopad[3];
440 |             state[4] = stateopad[4];
441 | 
442 |             //->sha1_finish(state,W,ilenor,digtmp);
443 |             sha1_process2(M,state);
444 | 
445 |             W[0]=state[0];
446 |             W[1]=state[1];
447 |             W[2]=state[2];
448 |             W[3]=state[3];
449 |             W[4]=state[4];
450 | 
451 |             p[0] ^= state[0];
452 |             p[1] ^= state[1];
453 |             p[2] ^= state[2];
454 |             p[3] ^= state[3];
455 |             p[4] ^= state[4];
456 |         }
457 |         
458 |         p[0]=SWAP(p[0]);
459 |         p[1]=SWAP(p[1]);
460 |         p[2]=SWAP(p[2]);
461 |         p[3]=SWAP(p[3]);
462 |         p[4]=SWAP(p[4]);
463 |         
464 |         tkeylen-= cplen;
465 |         counter++;
466 |         p+= cplen/4;
467 |     }
468 |     return;
469 | }
470 | 
471 | //----------------------------------------------AES-------------------------------------------------------
472 | 
473 | __constant uchar AES_SBox[256] = 
474 | {
475 |    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
476 |    0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
477 |    0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
478 |    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
479 |    0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
480 |    0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
481 |    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
482 |    0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
483 |    0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
484 |    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
485 |    0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
486 |    0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
487 |    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
488 |    0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
489 |    0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
490 |    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
491 | };
492 | 
493 | __constant uchar Rcon[256] = {
494 | 	0x8D, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, 
495 | 	0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39, 
496 | 	0x72, 0xE4, 0xD3, 0xBD, 0x61, 0xC2, 0x9F, 0x25, 0x4A, 0x94, 0x33, 0x66, 0xCC, 0x83, 0x1D, 0x3A, 
497 | 	0x74, 0xE8, 0xCB, 0x8D, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36, 0x6C, 0xD8, 
498 | 	0xAB, 0x4D, 0x9A, 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 
499 | 	0xC5, 0x91, 0x39, 0x72, 0xE4, 0xD3, 0xBD, 0x61, 0xC2, 0x9F, 0x25, 0x4A, 0x94, 0x33, 0x66, 0xCC, 
500 | 	0x83, 0x1D, 0x3A, 0x74, 0xE8, 0xCB, 0x8D, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 
501 | 	0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, 0xD4, 0xB3, 
502 | 	0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39, 0x72, 0xE4, 0xD3, 0xBD, 0x61, 0xC2, 0x9F, 0x25, 0x4A, 0x94, 
503 | 	0x33, 0x66, 0xCC, 0x83, 0x1D, 0x3A, 0x74, 0xE8, 0xCB, 0x8D, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 
504 | 	0x40, 0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 
505 | 	0x6A, 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39, 0x72, 0xE4, 0xD3, 0xBD, 0x61, 0xC2, 0x9F, 
506 | 	0x25, 0x4A, 0x94, 0x33, 0x66, 0xCC, 0x83, 0x1D, 0x3A, 0x74, 0xE8, 0xCB, 0x8D, 0x01, 0x02, 0x04, 
507 | 	0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, 0x2F, 0x5E, 0xBC, 0x63, 
508 | 	0xC6, 0x97, 0x35, 0x6A, 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39, 0x72, 0xE4, 0xD3, 0xBD, 
509 | 	0x61, 0xC2, 0x9F, 0x25, 0x4A, 0x94, 0x33, 0x66, 0xCC, 0x83, 0x1D, 0x3A, 0x74, 0xE8, 0xCB, 0x8D
510 | };
511 | 
512 | __constant uchar InvSBox[256] = {
513 |    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
514 |    0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
515 |    0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
516 |    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
517 |    0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
518 |    0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
519 |    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
520 |    0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
521 |    0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
522 |    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
523 |    0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
524 |    0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
525 |    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
526 |    0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
527 |    0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
528 |    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
529 | };
530 | 
531 | __constant uchar fieldNine[] = {
532 | 	0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77, 
533 | 	0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf, 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 
534 | 	0x3b, 0x32, 0x29, 0x20, 0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c, 
535 | 	0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8, 0xc7, 0xce, 0xd5, 0xdc, 
536 | 	0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49, 0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, 
537 | 	0xe6, 0xef, 0xf4, 0xfd, 0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91, 
538 | 	0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e, 0x21, 0x28, 0x33, 0x3a, 
539 | 	0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2, 0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, 
540 | 	0xec, 0xe5, 0xfe, 0xf7, 0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b, 
541 | 	0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f, 0x10, 0x19, 0x02, 0x0b, 
542 | 	0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8, 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 
543 | 	0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30, 
544 | 	0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9, 0xf6, 0xff, 0xe4, 0xed, 
545 | 	0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35, 0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, 
546 | 	0xa1, 0xa8, 0xb3, 0xba, 0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6, 
547 | 	0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62, 0x5d, 0x54, 0x4f, 0x46
548 | };
549 | 
550 | __constant uchar fieldEleven[] = {
551 | 	0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69, 
552 | 	0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81, 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 
553 | 	0x7b, 0x70, 0x6d, 0x66, 0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12, 
554 | 	0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e, 0xbf, 0xb4, 0xa9, 0xa2, 
555 | 	0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7, 0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, 
556 | 	0x46, 0x4d, 0x50, 0x5b, 0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f, 
557 | 	0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8, 0xf9, 0xf2, 0xef, 0xe4, 
558 | 	0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c, 0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, 
559 | 	0xf7, 0xfc, 0xe1, 0xea, 0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e, 
560 | 	0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02, 0x33, 0x38, 0x25, 0x2e, 
561 | 	0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd, 0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, 
562 | 	0x3c, 0x37, 0x2a, 0x21, 0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55, 
563 | 	0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44, 0x75, 0x7e, 0x63, 0x68, 
564 | 	0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80, 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 
565 | 	0x7a, 0x71, 0x6c, 0x67, 0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13, 
566 | 	0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f, 0xbe, 0xb5, 0xa8, 0xa3
567 | };
568 | 
569 | __constant uchar fieldThirteen[] = {
570 | 	0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b, 
571 | 	0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3, 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 
572 | 	0xbb, 0xb6, 0xa1, 0xac, 0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0, 
573 | 	0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14, 0x37, 0x3a, 0x2d, 0x20, 
574 | 	0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e, 0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 
575 | 	0xbd, 0xb0, 0xa7, 0xaa, 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6, 
576 | 	0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9, 0x8a, 0x87, 0x90, 0x9d, 
577 | 	0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25, 0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, 
578 | 	0xda, 0xd7, 0xc0, 0xcd, 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91, 
579 | 	0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75, 0x56, 0x5b, 0x4c, 0x41, 
580 | 	0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42, 0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, 
581 | 	0xb1, 0xbc, 0xab, 0xa6, 0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa, 
582 | 	0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8, 0xeb, 0xe6, 0xf1, 0xfc, 
583 | 	0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44, 0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 
584 | 	0x0c, 0x01, 0x16, 0x1b, 0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47, 
585 | 	0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3, 0x80, 0x8d, 0x9a, 0x97
586 | };
587 | 
588 | __constant uchar fieldFourteen[] = {
589 | 	0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a, 
590 | 	0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca, 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 
591 | 	0xdb, 0xd5, 0xc7, 0xc9, 0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81, 
592 | 	0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59, 0x73, 0x7d, 0x6f, 0x61, 
593 | 	0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87, 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 
594 | 	0x4d, 0x43, 0x51, 0x5f, 0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17, 
595 | 	0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14, 0x3e, 0x30, 0x22, 0x2c, 
596 | 	0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc, 0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, 
597 | 	0x41, 0x4f, 0x5d, 0x53, 0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b, 
598 | 	0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3, 0xe9, 0xe7, 0xf5, 0xfb, 
599 | 	0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0, 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 
600 | 	0x7a, 0x74, 0x66, 0x68, 0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20, 
601 | 	0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e, 0xa4, 0xaa, 0xb8, 0xb6, 
602 | 	0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26, 0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, 
603 | 	0x37, 0x39, 0x2b, 0x25, 0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d, 
604 | 	0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5, 0x9f, 0x91, 0x83, 0x8d, 
605 | };
606 | 
607 | void ComputeRoundKeys(uchar* roundKeys, uint rounds,uchar* key)
608 | {
609 | 
610 | 	uchar rotWord[4];
611 | 
612 | 	//	The first n bytes of the expanded key are simply the encryption key.
613 | 	for (uint k = 0; k < AES_CBC_256_KEY_BYTE_SIZE; k++)
614 | 	{
615 | 		roundKeys[k] = key[k];
616 | 	}
617 | 
618 | 	for (int k = 1; k < (rounds); k++)
619 |     {
620 |         size_t offset = AES_CBC_256_KEY_BYTE_SIZE + (k - 1) * 16; // in bytes
621 | 
622 |         if (k & 1) {
623 |             // Calculate the rotated word
624 |             rotWord[0] = AES_SBox[roundKeys[offset - 3]] ^ Rcon[(k + 1) >> 1];
625 |             rotWord[1] = AES_SBox[roundKeys[offset - 2]];
626 |             rotWord[2] = AES_SBox[roundKeys[offset - 1]];
627 |             rotWord[3] = AES_SBox[roundKeys[offset - 4]];
628 |         } else {
629 |             rotWord[0] = AES_SBox[roundKeys[offset - 4]];
630 |             rotWord[1] = AES_SBox[roundKeys[offset - 3]];
631 |             rotWord[2] = AES_SBox[roundKeys[offset - 2]];
632 |             rotWord[3] = AES_SBox[roundKeys[offset - 1]];
633 |         }
634 | 
635 |         // First word
636 |         roundKeys[offset + 0] = roundKeys[offset - 32] ^ rotWord[0];
637 |         roundKeys[offset + 1] = roundKeys[offset - 31] ^ rotWord[1];
638 |         roundKeys[offset + 2] = roundKeys[offset - 30] ^ rotWord[2];
639 |         roundKeys[offset + 3] = roundKeys[offset - 29] ^ rotWord[3];
640 | 
641 |         // Second, third and forth words
642 |         ((uint *)roundKeys)[offset/4 + 1] =
643 |                 ((uint *)roundKeys)[offset/4 + 0] ^
644 |                 ((uint *)roundKeys)[offset/4 - 7];
645 |         ((uint *)roundKeys)[offset/4 + 2] =
646 |                 ((uint *)roundKeys)[offset/4 + 1] ^
647 |                 ((uint *)roundKeys)[offset/4 - 6];
648 |         ((uint *)roundKeys)[offset/4 + 3] =
649 |                 ((uint *)roundKeys)[offset/4 + 2] ^
650 |                 ((uint *)roundKeys)[offset/4 - 5];
651 |     }
652 | }
653 | 
654 | void AddRoundKey( uchar *rkey,uchar* block, const uint round ) {
655 | 	for( uint i = 0; i < ENC_DATA_BLOCKSIZE; i++ ) block[i] ^= rkey[round*ENC_DATA_BLOCKSIZE+i];
656 | }
657 | 
658 | void InverseShiftRows(uchar* block ) {
659 | 	uchar temp[ENC_DATA_BLOCKSIZE];
660 | 	for( uint i = 0; i < ENC_DATA_BLOCKSIZE; i++ ) temp[i] = block[i];
661 | 	
662 | 	for (uint i = 0; i < ENC_DATA_BLOCKSIZE; i++) {
663 | 		uint k = (i - (i % 4 * 4)) % ENC_DATA_BLOCKSIZE;
664 | 		block[i] = temp[k];
665 | 	}
666 | }
667 | 
668 | void InverseSubBytes(uchar* block ) {
669 | 	for( uint i = 0; i < ENC_DATA_BLOCKSIZE; i++ ) block[i] = InvSBox[block[i]];
670 | }
671 | 
672 | void InverseMixColumn(uchar* column,uint pos ) {
673 | 	const uchar a = fieldFourteen[column[pos+0]] ^ fieldNine[column[pos+3]] ^ fieldThirteen[column[pos+2]] ^ fieldEleven[column[pos+1]];
674 | 	const uchar b = fieldFourteen[column[pos+1]] ^ fieldNine[column[pos+0]] ^ fieldThirteen[column[pos+3]] ^ fieldEleven[column[pos+2]];
675 | 	const uchar c = fieldFourteen[column[pos+2]] ^ fieldNine[column[pos+1]] ^ fieldThirteen[column[pos+0]] ^ fieldEleven[column[pos+3]];
676 | 	const uchar d = fieldFourteen[column[pos+3]] ^ fieldNine[column[pos+2]] ^ fieldThirteen[column[pos+1]] ^ fieldEleven[column[pos+0]];
677 | 	
678 | 	column[pos+0] = a; column[pos+1] = b; column[pos+2] = c; column[pos+3] = d;
679 | }
680 | 
681 | void InverseMixColumns(uchar* block ) {
682 | 	InverseMixColumn( block, 0 );
683 | 	InverseMixColumn( block, 4 );
684 | 	InverseMixColumn( block, 8 );
685 | 	InverseMixColumn( block, 12 );
686 | }
687 | 
688 | 
689 | 
690 | //----------------------------------------------Kernel-------------------------------------------------------
691 | __kernel void func_pbkdf2(__constant const ulong * pwstart, __constant const uint * salt,__constant const uchar* iv, __constant const uchar* oridata, __global bool * result)
692 | {
693 |     ulong idx = get_global_id(0);
694 | 
695 |     //calculate hex char to enum the passwords for sqlcipher db
696 |     ulong pwidx=idx+*pwstart;
697 |     uchar pw[CONST_BYT_ACTUAL_PWLEN]={0};
698 |     for(ulong i=0;i<=CONST_BYT_ACTUAL_PWLEN-1;i++){
699 |         ulong val=pwidx%16;
700 |         if(val>=10)
701 |         {
702 |             pw[CONST_BYT_ACTUAL_PWLEN-1-i]=val+87;//hex char, sqlcipher db uses lower case of abcdef, a means 10, 'a'=97, offset=97-10=87
703 |         }else
704 |         {
705 |             pw[CONST_BYT_ACTUAL_PWLEN-1-i]=val+48;//numbers, 0 means 0, '0'=48, offset=48-0=48
706 |         }
707 |         pwidx=pwidx/16;
708 |     }
709 | 
710 |     //-------------------------PBKDF2-SHA1 Actions----------------------
711 |     
712 |     uint hash[AES_CBC_256_KEY_BYTE_SIZE/4]={0};//Store the pbkdf2 results
713 |     pbkdf((uint*)pw, CONST_BYT_ACTUAL_PWLEN , salt, CONST_BYT_SALTLEN, hash);//Do pbkdf2_sha1.After that, "hash" got the correct 32byte key for AES-256-CBC.
714 | 
715 |     //-------------------------AES Actions------------------------------
716 |     uchar* key=(uchar*)hash;//let rkey be the pointer of uchar,1/byte each place ,rkey=32byte
717 |     uchar data[ENC_DATA_BLOCKSIZE]={0};//AES Block size(size),always 16
718 | 
719 |     #pragma unroll ENC_DATA_BLOCKSIZE
720 |     for(uint i=0;i<ENC_DATA_BLOCKSIZE;i++)
721 |     {
722 |         data[i]=oridata[i];//Copy the data obtained from the host, because the functions below will modify the data as the output.
723 |     }
724 | 
725 |     uchar rkey[256]={0};//store roundkey,actually we only use 240, 256 is to ensure not to overflow
726 | 
727 |     uint rounds=0;//rounds of roundkey
728 |     switch (AES_CBC_256_KEY_BYTE_SIZE)
729 | 	{
730 | 	case 16: rounds = 11; break;
731 | 	case 24: rounds = 12; break;
732 | 	case 32: rounds = 15; break;
733 | 	}
734 | 
735 |     //core AES decryption
736 |     ComputeRoundKeys(rkey,rounds,key);
737 | 
738 | 	AddRoundKey( rkey, data, rounds-1 );
739 |     
740 | 	for( uint j = 1; j < rounds-1; ++j ){
741 | 		const uint round = rounds-1 - j;
742 | 		InverseShiftRows( data );
743 | 		InverseSubBytes( data );
744 | 		AddRoundKey( rkey, data, round );
745 | 		InverseMixColumns( data );
746 | 	}
747 | 	InverseSubBytes( data );
748 | 	InverseShiftRows( data );
749 | 	AddRoundKey( rkey, data, 0 );
750 |     
751 | 	//for sqlcipherv2 standard, verify the first 4 B at GPU side is reasonably enough, so we only need to decrypt the first block of data, and the finally decrypted text should be the data^iv(CBS Mode)
752 |     if(((uint)(data[0] ^ iv[0])==4) && ((uint)(data[1] ^ iv[1])==0) && ((uint)(data[2] ^ iv[2])==1) && ((uint)(data[3] ^ iv[3])==1))
753 | 	{
754 | 		result[idx]=true;
755 | 	}
756 |     
757 | }
758 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | Description
 2 | ===========
 3 | 
 4 | **PBKDF2-noHMAC-SHA1--AES-256-CBC** encrypted SQLite database (**SQLCipher v2** standard) password bruteforcing using OpenCL(utilize the great power of GPU) and Python. The code here is for cracking **password which only consists of fixed-length hex chars**, but can be easily adapted for universal use. This repository is the result of many developers' effort.
 5 | 
 6 | **Warning**: This repository is only for studies on computer safety, anyone who use it illegally should bear the responsibility of their own.
 7 | 
 8 | Installation
 9 | =============
10 | 
11 | 1. Get **python 3.7 64-Bit**
12 | 2. Download and install the **OpenCL SDK** (Note that only OpenCL runtime is not enough for our cracking journey, we need SDK.)(e.g. from [Intel](https://software.intel.com/en-us/opencl-sdk) to get the Intel CPU platform SDK, and from [Nvidia](https://developer.nvidia.com/cuda-toolkit-archive) to get CUDA SDK (test passed for CUDA version 10.0 and 10.2, other versions are not tested) for NVIDIA GPUs). Generally Intel SDK is not required, CUDA SDK is just enough. AMD CPUs and GPUs are not supported because of the problematic AMD APP SDK.
13 | 3. Install **[pyOpenCL](https://pypi.org/project/pyopencl/)** using:
14 |    `python -m pip install pyopencl`  
15 |    Maybe you cannot just run the command above to finish the installation, then you should manually download pyOpenCL package and configure something about your OpenCL SDK path, refer to pyOpenCL [wiki](https://wiki.tiker.net/PyOpenCL/Installation/)
16 | 4. Install **[pysqlcipher3](https://github.com/rigglemania/pysqlcipher3)** using the manual there, or see the information below.
17 | 
18 | Hints for pysqlcipher3 Installation
19 | ======================
20 | Following the manual of pysqlcipher3 will not always get things run, because of the lack of maintainence of the repository and the development of the depended tools. What's more, it's painful to configure these annoying things. Here are some suggested steps for the installation of pysqlcipher3.
21 | 
22 | ## Suggestion for Windows users ##
23 | 
24 | In the typical process of installing pysqlcipher3, you should install **[OpenSSL x64 libraries](http://slproweb.com/products/Win32OpenSSL.html)**  and then compile **[sqlcipher](https://github.com/sqlcipher/sqlcipher)** first. I suggest "Build against amalgamation", requiring no actual build of sqlcipher, which is tested on my computer, whose steps after installing **[OpenSSL x64 libraries](http://slproweb.com/products/Win32OpenSSL.html)** are as following:
25 | 
26 | 1. Compile the amalgamation files of sqlcipher:
27 | Run the **Developer Command Prompt of Visual Studio**, then cded to the **sqlcipher folder**, run:
28 | 
29 |     `nmake /f Makefile.msc sqlite3.c`
30 | 
31 | 2. Copy to pysqlcipher3 folder: Make a folder named ***amalgamation*** in **pysqlcipher3 folder**,  then copy the generated ***sqlite3.c*** and ***sqlite3.h*** to the folder.
32 | 
33 | 3. Modify the source files of pysqlcipher3: In ***pysqlcipher3\src\python3***, change the ***"#include "sqlcipher\sqlite3.h""*** to ***"#include "sqlite3.h""*** of ***connection.h***, ***statement.h*** and ***util.h***.
34 | 
35 | 4. Modify the setup.py of pysqlcipher3: First, change the ***"openssl = os.path..."*** to ***"openssl = [your openssl installation folder]"***. Then change the string ***"openssl_lib_path = os.path.join(openssl, "lib")"*** to ***"openssl_lib_path = os.path.join(openssl, "lib\VC")"*** Then, change the string ***"libeay32.lib"*** to ***"libcrypto64MD.lib"***, then add a following statement: ***ext.extra_link_args.append("libssl64MD.lib")*** . We need **x64** OpenSSL Libraries because the python is 64-bit and thus uses x64 MSVC Compiler during the process of building pysqlcipher sources along with sqlite3.c, sqlite3.h.
36 | 
37 | 5. Build and Install: cded to **pysqlcipher3 folder**:
38 | 
39 |     `python setup.py build_amalgamation`  
40 |     `python setup.py install`
41 | 
42 | 6. Finally copy the ***libcrypto-1_1-x64.dll*** and ***libssl-1_1-x64.dll*** in the OpenSSL path to **this repository folder**. If you choose to *copy the libraries to system32 folder* when installing the OpenSSL libraries, you needn't perform this step.
43 | 
44 | 7. That's all.
45 | 
46 | ## Suggestion for Linux users ##
47 | 
48 | 1. You can directly get sqlcipher dev package:
49 | 
50 |     `sudo apt-get install libsqlcipher-dev`
51 | 
52 | 2. Then install pysqlcipher3:
53 | 
54 |     `python -m pip install pysqlcipher3`  
55 | 
56 | 3. That's all.
57 | 
58 | Run
59 | ===
60 | 
61 | 1. Run `python genTestDB.py [password]` to get a password encrypted SQLite database for test.
62 | 2. Modify the variables from the header of ***Run.py*** to satisfy your requirments.
63 | 3. `python Run.py`
64 | 4. Now you get the available platforms and their number in console output.
65 | 5. `python Run.py [platform number]`
66 | 
67 | Thanks for support
68 | ==================
69 | 
70 | - OpenCL code for PBKDF2-SHA1 and python code framework: [opencl_brute](https://github.com/bkerler/opencl_brute) by *B. Kerler*
71 | - OpenCL code for AES roundkeys: [AES-OpenCL](https://github.com/adrianbelgun/AES-OpenCL) by *adrianbelgun*
72 | - OpenCL code for AES-CBC-256 decrypting: [CryptoCL](https://github.com/Omegaice/CryptoCL) by *Omegaice*
73 | - General ideas on validating the decrypted database: [EnMicroMsg.db-Password-Cracker](https://github.com/chg-hou/EnMicroMsg.db-Password-Cracker) by *chg-hou*
74 | 
75 | Ideas
76 | =====
77 | 
78 | - Using a small trick to map the **hex string password representation** with **OpenCL kernel numeric global id** at a low cost in performance, so this code does not "generate" password in memory thus uses little (video and main) memory.
79 | - Reasonably divide the tasks of CPU and GPU, avoid large data transfer between devices.
80 | 
81 | Issues
82 | ======
83 | 
84 | - Tested with : Intel Core i5 8300H, NVIDIA GTX 1050 Ti(As OpenCL platform) on Windows 10.
85 | - Tested with : Intel Xeon E3 1231 V3, NVIDIA RTX 2070(As OpenCL platform) on Windows 10.
86 | - AMD APP SDK is **not** supported because the AMD OpenCL compiler will wrongly parse the marcos in OpenCL code, thus get mistaken result. Theoritically you can replace the marcos with real functions to solve the problem, as all OpenCL functions will get inlined so no overhead would appear, but I have not practically tested this.
87 | - Only support maximum 16 chars for password with hex chars ranged from 0-9,a-f.
88 | - Commandline parser and distributed cracking is being developed, will be released soon.
89 | - More decryption algorithm of sqlcipher and its variant is considered for future development.
90 | 


--------------------------------------------------------------------------------
/Run.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | import sys
  3 | import os
  4 | import time
  5 | from pysqlcipher3 import dbapi2 as sqlite
  6 | from Lib import opencl
  7 | 
  8 | 
  9 | TOTAL_PASS_LENGTH = 7 # max=16, otherwise will out of the range of uint64 used by opencl code. this value will affect the '0' padding if passphrase less than length
 10 | OUTER_PASS_LENGTH = 2 # control the outer cycle number, more cycle means more context change overhead and more exchange rate and less useless computation in last cycle
 11 | PASS_CHARS_Variety = 16 # 0-9,a-f
 12 | 
 13 | PBKDF2_ITER = 4000 # sqlcipherv2 standard is 4000
 14 | PAGE_SIZE = 1024 # value varies on application specification, we assume db is encrypted by each page, of 1024 byte
 15 | 
 16 | 
 17 | Encrypted_DB_PATH="EnCrypted_keyis_0205541.db"
 18 | PASS_RESULT_FILE="password.txt"
 19 | 
 20 | PYOPENCL_COMPILER_OUTPUT='1' # set to '1' to see the openCL compile errors
 21 | 
 22 | correct_pw=""
 23 | 
 24 | 
 25 | def tryDecryptSQLiteDB(passwordnumlist):
 26 | 
 27 |     for value in passwordnumlist:
 28 | 
 29 |         passphrase=""
 30 |         pwords=[1] * TOTAL_PASS_LENGTH
 31 | 
 32 |         for i in range(0,TOTAL_PASS_LENGTH,1):
 33 |             val=value%16
 34 |             if(val>=10):
 35 |                 pwords[TOTAL_PASS_LENGTH-1-i]=val+87 # hex char, sqlcipher db uses lower case of abcdef, a means 10, 'a'=97, offset=97-10=87
 36 |             else:
 37 |                 pwords[TOTAL_PASS_LENGTH-1-i]=val+48 # numbers, 0 means 0, '0'=48, offset=48-0=48
 38 |             value=value/16
 39 | 
 40 |         for pword in pwords:
 41 |             passphrase+=chr(pword)
 42 | 
 43 |         print("     After validating first 4 bytes of the decrypted data on GPU, possible password is "+passphrase)
 44 |         print("     Now try to use SQLite driver to formally decrypt the database using this password.")
 45 | 
 46 |         successMark=False
 47 |         try:
 48 |             conn = sqlite.connect(Encrypted_DB_PATH)
 49 |             c = conn.cursor()
 50 | 
 51 |             c.execute("PRAGMA key = '" + passphrase + "';")
 52 |             c.execute("PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1;")
 53 |             c.execute("PRAGMA cipher_use_hmac = OFF;")
 54 |             c.execute("PRAGMA cipher_page_size = "+str(PAGE_SIZE)+";")
 55 |             c.execute("PRAGMA kdf_iter = "+str(PBKDF2_ITER)+";")
 56 |             c.execute("SELECT name FROM sqlite_master WHERE type='table'")
 57 | 
 58 |             c.execute("ATTACH DATABASE '" + Encrypted_DB_PATH+".decrypted.db" + "' AS db KEY '';")
 59 |             c.execute("SELECT sqlcipher_export('db');")
 60 |             c.execute("DETACH DATABASE db;")
 61 | 
 62 |             print("     Decrypt and dump database to {} ... ".format(Encrypted_DB_PATH+".decrypted.db"))
 63 |             print('     OK!')
 64 |             successMark=True
 65 |         except Exception as e:
 66 |             print("     Error: "+str(e))
 67 |             if str(e)=="file is not a database":
 68 |                 print("     This password is wrong, just proceed on trying......")
 69 |             elif str(e).endswith("already exists"):
 70 |                 successMark=True
 71 |                 print("     The dumped database filename has already exist, so the error occur, but the password is correct.")
 72 |             else:
 73 |                 print("     Unknown error for database decrypting.")
 74 |         finally:
 75 |             conn.close()
 76 |             if successMark==True: # finnaly get the correct answer
 77 |                 global correct_pw
 78 |                 correct_pw=passphrase
 79 |                 return True
 80 | 
 81 |     return False
 82 | 
 83 | 
 84 | def main(argv):
 85 | 
 86 |     os.system("title PBKDF2-noHMAC-SHA1--AES-256-CBC encrypted SQLite database cracking")
 87 | 
 88 |     program_start=time.perf_counter()
 89 | 
 90 |     if (not (len(argv)==2)):
 91 |         print("PBKDF2-noHMAC-SHA1--AES-256-CBC encrypted SQLite database cracking v2018")
 92 |         info=opencl.opencl_information()
 93 |         info.printfullinfo()
 94 |         print("============================================================")
 95 |         info.printplatforms()
 96 |         print("============================================================")
 97 |         print("\nPlease run as: python opencl_test.py [platform number]")
 98 |         os.system("pause")
 99 |         exit(0)
100 | 
101 |     strx=r'''
102 |         ____  _____  _    _ _______ ______      _____  ____  _  _______  ______ ___  
103 |         |  _ \|  __ \| |  | |__   __|  ____|    |  __ \|  _ \| |/ /  __ \|  ____|__ \ 
104 |         | |_) | |__) | |  | |  | |  | |__       | |__) | |_) | ' /| |  | | |__     ) |
105 |         |  _ <|  _  /| |  | |  | |  |  __|      |  ___/|  _ <|  < | |  | |  __|   / / 
106 |         | |_) | | \ \| |__| |  | |  | |____     | |    | |_) | . \| |__| | |     / /_ 
107 |         |____/|_|  \_\\____/   |_|  |______|    |_|    |____/|_|\_\_____/|_|    |____|
108 |                                                                                
109 |             '''
110 |     stry=r'''                                                                                    
111 |                                                                                                                                                                                                                                                                                                                                                                        
112 |                                                                                                     
113 |                 itLDEW#WKKEKEKEEEEDDEWKG                 tGWEGGGGGDDDGGGLLLDKWEGLfti                
114 |            #############################KGLKKWKKKWWW#WKKKW####################W#WWWWWK,             
115 |            W#####WKKWDfjtttttttttititLKW###GE######WK#W###KKtiiiiiiiiiiiiiitfDWKW##WWWi             
116 |            W####LttttttttttttttttttttttiiW###DG#W##KK##WLttttttttttttttttttttittLK##WW              
117 |           ,W###WjttttttttttttttttttttttttttE###EDD####EttttttttttttttttttttttttttG##WW              
118 |            W###E                   ttttt, ,,W########K  ,itttt,,,,,,,,,,,,,,,,,,,G##WW              
119 |            jW##D                   tttt,  ,,K########E  , tttt,,,,,,,,,,,,,,,,,,,jW#Wt              
120 |             jW#E                  ttttt    ,K########E  ,,,tttt,,,,,,,,,,,,,,,,,,G#Wi               
121 |              K#K                  tttt      W#W   i##W ,  ,tttt  ,,,,,,,,,,,,,,, L#W                
122 |               #W                  tttt      W#t    K#K ,  , tttt,,,,,,,,,,,,,,,, E#K                
123 |               W#t                tttt       ##,     #Ki     tttt,           ,,,,jK#                 
124 |              ,W#j                ttj       L##      WWt      ttt                L#W                 
125 |               G#G               ,ttt       K#,      L#j     ,tttt              iG#W                 
126 |                WK                tt        W#        #E       ttt               K#W                 
127 |                W#j               i        G##        WWt      , ,              fW#i                 
128 |                K#D                        ##         i#Ki                     tE#W                  
129 |                 #Wfi                    tW#f          K#EL                   jD#WG                  
130 |                 K#KEj                 iW##W,           W#EEi              ,jLK##K,                  
131 |                  KW#fGf           , j####j              WW#GEGjiiiiitttjLLLWE#W#                    
132 |                   tW##KGDE###WWW##KW###K                  WW#WLfLGDGGGLLGE##WW                      
133 |                     ,E#WWW#########WWi                      iWW##W#WW#W#WWWt                        
134 |                             itjji                                                                   
135 |                                                                                                     
136 |                                                                                                     
137 |                                                                                                     
138 |                                                                                                     '''
139 | 
140 |     print(strx)
141 | 
142 |     print("Encrypted Database: "+Encrypted_DB_PATH)
143 |     print("Reading encrypted data...")
144 | 
145 |     with open(Encrypted_DB_PATH, 'rb') as infile:
146 | 
147 |         salt=infile.read(16) # salt for PBKDF2-SHA1 iteration
148 |         encrypted_data=infile.read(16*1) # AES Block size, 16, the minimum size to be decrypt. We only need the first 4 byte to do initial validation, so read first 16 byte.
149 |         # The more data sent for decryption, the more time will be wasted. The whole validation will be done through pycrypto if a pass phrase passed the initial validation.
150 |         infile.read(PAGE_SIZE-16-16*1-16)
151 |         iv = infile.read(16) # iv for AES-256-CBC decryption, the last 16 byte
152 | 
153 | 
154 |     print("Init OpenCL...")
155 |     print(" ")
156 |     platform = int(argv[1])
157 |     opencl_ctx = opencl.pbkdf2_aes_opencl(platform,salt,iv,encrypted_data)
158 | 
159 |     print(" ")
160 |     print("Compiling OpenCL Code...")
161 |     os.environ['PYOPENCL_COMPILER_OUTPUT'] = PYOPENCL_COMPILER_OUTPUT
162 |     opencl_ctx.compile({"CONST_BYT_ACTUAL_PWLEN":str(TOTAL_PASS_LENGTH),"PBKDFITER":str(PBKDF2_ITER)})# redefine marcos in OpenCL code using new value
163 | 
164 |     print(" ")
165 |     print("Starting OpenCL Kernel...")
166 |     print(" ")
167 | 
168 |     Outercycle=PASS_CHARS_Variety**OUTER_PASS_LENGTH
169 |     Innercycle=PASS_CHARS_Variety**(TOTAL_PASS_LENGTH-OUTER_PASS_LENGTH)
170 | 
171 |     for i in range(Outercycle):
172 | 
173 |         time_begin=time.perf_counter()
174 | 
175 |         result=opencl_ctx.run(Innercycle*i,Innercycle,False) # core function, it's suggested that the Innercycle should be integer number of workgroupsize
176 |         
177 |         if(tryDecryptSQLiteDB(result)==True): # validation
178 |            break
179 |         
180 |         time_end=time.perf_counter()
181 | 
182 |         print("Cycle (each "+str(Innercycle)+" passphrase) "+str(i+1)+" of "+str(Outercycle)+", Time: "+str(round(time_end-time_begin,6))+" secs, TotalSpeed: "+str(round(Innercycle/1000/(time_end-time_begin),2))+" K Passphrase/s, "+
183 |             "Estimated worst finish time: "+str(round((time_end-time_begin)*(Outercycle-i-1)/60,1))+" min,")
184 |     
185 |     os.system("title Brute Try Completed")
186 |     print(" ")
187 |     print("Brute Try completed after a total time of "+str(round((time.perf_counter()-program_start)/60,1))+" min.")
188 | 
189 |     if correct_pw=="":
190 |         print("Sorry, no correct password is found.")
191 |     else:
192 |         print("The password is: "+correct_pw)
193 |         with open(PASS_RESULT_FILE, 'a') as f:
194 |             f.write("Password of "+Encrypted_DB_PATH+" is:\""+correct_pw+"\"")
195 |             f.write('\n')
196 |         print("Password is written to file: "+PASS_RESULT_FILE)
197 | 
198 |     print("Thank you for your usage.")
199 |     exit(0)
200 | 
201 | if __name__ == '__main__':
202 |     main(sys.argv)
203 | 
204 | 
205 | 


--------------------------------------------------------------------------------
/genTestDB.py:
--------------------------------------------------------------------------------
 1 | import sys
 2 | import os
 3 | from pysqlcipher3 import dbapi2 as sqlite
 4 | 
 5 | PBKDF2_ITER = 4000 # sqlcipherv2 standard is 4000
 6 | PAGE_SIZE = 1024
 7 | 
 8 | if not (len(sys.argv)==2 and len(sys.argv[1])>0):
 9 |     password="0090456"
10 |     print("Password is not explicitly specified via argument.")
11 |     print("Using default password:\""+password+"\"")
12 | else:
13 |     password=sys.argv[1]
14 |     print("Using password:\""+password+"\"")
15 | 
16 | Target_DB_PATH="EnCrypted_keyis_"+password+".db"
17 | if os.path.exists(Target_DB_PATH):
18 |     print("The db file has already exists, so no new file generated.")
19 |     exit(0)
20 | 
21 | try:
22 |     conn = sqlite.connect(":memory:")
23 |     c = conn.cursor()
24 |     c.execute("CREATE TABLE testTable(col1 INTEGER, col2 INTEGER)") # create a nonsense table just for test
25 |     c.execute("SELECT name FROM sqlite_master WHERE type='table'")
26 | 
27 |     c.execute("ATTACH DATABASE '" + Target_DB_PATH + "' AS db KEY '" + password + "';")
28 |     c.execute("PRAGMA db.cipher_kdf_algorithm = PBKDF2_HMAC_SHA1;")
29 |     c.execute("PRAGMA db.cipher_use_hmac = OFF;")
30 |     c.execute("PRAGMA db.cipher_page_size = "+str(PAGE_SIZE)+";")
31 |     c.execute("PRAGMA db.kdf_iter = "+str(PBKDF2_ITER)+";")
32 |     c.execute("SELECT sqlcipher_export('db');")
33 |     c.execute("DETACH DATABASE db;")
34 |     print("Encrypted db creation is finished for "+Target_DB_PATH)
35 | except Exception as e:
36 |     print(str(e))
37 | finally:
38 |     conn.close()


--------------------------------------------------------------------------------