/*
* This is a high-speed brute-force password cracker for MySQL hashed
* passwords. It can break an 8-character password containing any
* printable ascii characters in a matter of hours on an ordinary PC.
*
* This program is public domain. Share and enjoy.
*
* Example:
*  $ gcc -O2 -fomit-frame-pointer mysqlfast.c -o mysqlfast
*  $ mysqlfast 6294b50f67eda209
*  Hash: 6294b50f67eda209
*  Trying length 3
*  Trying length 4
*  Found pass: barf
*
* The MySQL password hash function could be strengthened considerably
* by:
* - making two passes over the password
* - using a bitwise rotate instead of a left shift
* - causing more arithmetic overflows
*/
 
#include <stdio.h>
 
typedef unsigned long u32;
 
/* Allowable characters in password; 33-126 is printable ascii */
#define MIN_CHAR  33
#define MAX_CHAR  126
 
/* Maximum length of password */
#define MAX_LEN  12
 
#define MASK  0x7fffffffL
 
int crack0(int stop, u32 targ1, u32 targ2, int *pass_ary)
{
  int i, c;
  u32 d, e, sum, step, diff, div, xor1, xor2, state1, state2;
  u32 newstate1, newstate2, newstate3;
  u32 state1_ary[MAX_LEN-2], state2_ary[MAX_LEN-2];
  u32 xor_ary[MAX_LEN-3], step_ary[MAX_LEN-3];
  i = -1;
  sum = 7;
  state1_ary[0] = 1345345333L;
  state2_ary[0] = 0x12345671L;
 
  while (1) {
    while (i < stop) {
      i++;
      pass_ary[i] = MIN_CHAR;
      step_ary[i] = (state1_ary[i] & 0x3f) + sum;
      xor_ary[i]  = step_ary[i]*MIN_CHAR + (state1_ary[i] << 8);
      sum += MIN_CHAR;
      state1_ary[i+1] = state1_ary[i] ^ xor_ary[i];
      state2_ary[i+1] = state2_ary[i]
        + ((state2_ary[i] << 8) ^ state1_ary[i+1]);
    }
 
    state1 = state1_ary[i+1];
    state2 = state2_ary[i+1];
    step = (state1 & 0x3f) + sum;
    xor1 = step*MIN_CHAR + (state1 << 8);
    xor2 = (state2 << 8) ^ state1;
 
    for (c = MIN_CHAR; c <= MAX_CHAR; c++, xor1 += step) {
      newstate2 = state2 + (xor1 ^ xor2);
      newstate1 = state1 ^ xor1;
 
      newstate3 = (targ2 - newstate2) ^ (newstate2 << 8);
      div  = (newstate1 & 0x3f) + sum + c;
      diff = ((newstate3 ^ newstate1) - (newstate1 << 8)) & MASK;
      if (diff % div != 0) continue;
      d = diff / div;
      if (d < MIN_CHAR || d > MAX_CHAR) continue;
 
      div  = (newstate3 & 0x3f) + sum + c + d;
      diff = ((targ1 ^ newstate3) - (newstate3 << 8)) & MASK;
      if (diff % div != 0) continue;
      e = diff / div;
      if (e < MIN_CHAR || e > MAX_CHAR) continue;
 
      pass_ary[i+1] = c;
      pass_ary[i+2] = d;
      pass_ary[i+3] = e;
      return 1;
    }
 
    while (i >= 0 && pass_ary[i] >= MAX_CHAR) {
      sum -= MAX_CHAR;
      i--;
    }
    if (i < 0) break;
    pass_ary[i]++;
    xor_ary[i] += step_ary[i];
    sum++;
    state1_ary[i+1] = state1_ary[i] ^ xor_ary[i];
    state2_ary[i+1] = state2_ary[i]
      + ((state2_ary[i] << 8) ^ state1_ary[i+1]);
  }
 
  return 0;
}
 
void crack(char *hash)
{
  int i, len;
  u32 targ1, targ2, targ3;
  int pass[MAX_LEN];
 
  if ( sscanf(hash, "%8lx%lx", &targ1, &targ2) != 2 ) {
    printf("Invalid password hash: %s\n", hash);
    return;
  }
  printf("Hash: %08lx%08lx\n", targ1, targ2);
  targ3 = targ2 - targ1;
  targ3 = targ2 - ((targ3 << 8) ^ targ1);
  targ3 = targ2 - ((targ3 << 8) ^ targ1);
  targ3 = targ2 - ((targ3 << 8) ^ targ1);
 
  for (len = 3; len <= MAX_LEN; len++) {
    printf("Trying length %d\n", len);
    if ( crack0(len-4, targ1, targ3, pass) ) {
      printf("Found pass: ");
      for (i = 0; i < len; i++)
        putchar(pass[i]);
      putchar('\n');
      break;
    }
  }
  if (len > MAX_LEN)
    printf("Pass not found\n");
}
 
int main(int argc, char *argv[])
{
  int i;
  if (argc <= 1)
    printf("usage: %s hash\n", argv[0]);
  for (i = 1; i < argc; i++)
    crack(argv[i]);
  return 0;
}

LyoKKiBUaGlzIGlzIGEgaGlnaC1zcGVlZCBicnV0ZS1mb3JjZSBwYXNzd29yZCBjcmFja2VyIGZvciBNeVNRTCBoYXNoZWQKKiBwYXNzd29yZHMuIEl0IGNhbiBicmVhayBhbiA4LWNoYXJhY3RlciBwYXNzd29yZCBjb250YWluaW5nIGFueQoqIHByaW50YWJsZSBhc2NpaSBjaGFyYWN0ZXJzIGluIGEgbWF0dGVyIG9mIGhvdXJzIG9uIGFuIG9yZGluYXJ5IFBDLgoqCiogVGhpcyBwcm9ncmFtIGlzIHB1YmxpYyBkb21haW4uIFNoYXJlIGFuZCBlbmpveS4KKgoqIEV4YW1wbGU6CiogICQgZ2NjIC1PMiAtZm9taXQtZnJhbWUtcG9pbnRlciBteXNxbGZhc3QuYyAtbyBteXNxbGZhc3QKKiAgJCBteXNxbGZhc3QgNjI5NGI1MGY2N2VkYTIwOQoqICBIYXNoOiA2Mjk0YjUwZjY3ZWRhMjA5CiogIFRyeWluZyBsZW5ndGggMwoqICBUcnlpbmcgbGVuZ3RoIDQKKiAgRm91bmQgcGFzczogYmFyZgoqCiogVGhlIE15U1FMIHBhc3N3b3JkIGhhc2ggZnVuY3Rpb24gY291bGQgYmUgc3RyZW5ndGhlbmVkIGNvbnNpZGVyYWJseQoqIGJ5OgoqIC0gbWFraW5nIHR3byBwYXNzZXMgb3ZlciB0aGUgcGFzc3dvcmQKKiAtIHVzaW5nIGEgYml0d2lzZSByb3RhdGUgaW5zdGVhZCBvZiBhIGxlZnQgc2hpZnQKKiAtIGNhdXNpbmcgbW9yZSBhcml0aG1ldGljIG92ZXJmbG93cwoqLwoKI2luY2x1ZGUgPHN0ZGlvLmg+Cgp0eXBlZGVmIHVuc2lnbmVkIGxvbmcgdTMyOwoKLyogQWxsb3dhYmxlIGNoYXJhY3RlcnMgaW4gcGFzc3dvcmQ7IDMzLTEyNiBpcyBwcmludGFibGUgYXNjaWkgKi8KI2RlZmluZSBNSU5fQ0hBUiAgMzMKI2RlZmluZSBNQVhfQ0hBUiAgMTI2CgovKiBNYXhpbXVtIGxlbmd0aCBvZiBwYXNzd29yZCAqLwojZGVmaW5lIE1BWF9MRU4gIDEyCgojZGVmaW5lIE1BU0sgIDB4N2ZmZmZmZmZMCgppbnQgY3JhY2swKGludCBzdG9wLCB1MzIgdGFyZzEsIHUzMiB0YXJnMiwgaW50ICpwYXNzX2FyeSkKewogIGludCBpLCBjOwogIHUzMiBkLCBlLCBzdW0sIHN0ZXAsIGRpZmYsIGRpdiwgeG9yMSwgeG9yMiwgc3RhdGUxLCBzdGF0ZTI7CiAgdTMyIG5ld3N0YXRlMSwgbmV3c3RhdGUyLCBuZXdzdGF0ZTM7CiAgdTMyIHN0YXRlMV9hcnlbTUFYX0xFTi0yXSwgc3RhdGUyX2FyeVtNQVhfTEVOLTJdOwogIHUzMiB4b3JfYXJ5W01BWF9MRU4tM10sIHN0ZXBfYXJ5W01BWF9MRU4tM107CiAgaSA9IC0xOwogIHN1bSA9IDc7CiAgc3RhdGUxX2FyeVswXSA9IDEzNDUzNDUzMzNMOwogIHN0YXRlMl9hcnlbMF0gPSAweDEyMzQ1NjcxTDsKCiAgd2hpbGUgKDEpIHsKICAgIHdoaWxlIChpIDwgc3RvcCkgewogICAgICBpKys7CiAgICAgIHBhc3NfYXJ5W2ldID0gTUlOX0NIQVI7CiAgICAgIHN0ZXBfYXJ5W2ldID0gKHN0YXRlMV9hcnlbaV0gJiAweDNmKSArIHN1bTsKICAgICAgeG9yX2FyeVtpXSAgPSBzdGVwX2FyeVtpXSpNSU5fQ0hBUiArIChzdGF0ZTFfYXJ5W2ldIDw8IDgpOwogICAgICBzdW0gKz0gTUlOX0NIQVI7CiAgICAgIHN0YXRlMV9hcnlbaSsxXSA9IHN0YXRlMV9hcnlbaV0gXiB4b3JfYXJ5W2ldOwogICAgICBzdGF0ZTJfYXJ5W2krMV0gPSBzdGF0ZTJfYXJ5W2ldCiAgICAgICAgKyAoKHN0YXRlMl9hcnlbaV0gPDwgOCkgXiBzdGF0ZTFfYXJ5W2krMV0pOwogICAgfQoKICAgIHN0YXRlMSA9IHN0YXRlMV9hcnlbaSsxXTsKICAgIHN0YXRlMiA9IHN0YXRlMl9hcnlbaSsxXTsKICAgIHN0ZXAgPSAoc3RhdGUxICYgMHgzZikgKyBzdW07CiAgICB4b3IxID0gc3RlcCpNSU5fQ0hBUiArIChzdGF0ZTEgPDwgOCk7CiAgICB4b3IyID0gKHN0YXRlMiA8PCA4KSBeIHN0YXRlMTsKCiAgICBmb3IgKGMgPSBNSU5fQ0hBUjsgYyA8PSBNQVhfQ0hBUjsgYysrLCB4b3IxICs9IHN0ZXApIHsKICAgICAgbmV3c3RhdGUyID0gc3RhdGUyICsgKHhvcjEgXiB4b3IyKTsKICAgICAgbmV3c3RhdGUxID0gc3RhdGUxIF4geG9yMTsKCiAgICAgIG5ld3N0YXRlMyA9ICh0YXJnMiAtIG5ld3N0YXRlMikgXiAobmV3c3RhdGUyIDw8IDgpOwogICAgICBkaXYgID0gKG5ld3N0YXRlMSAmIDB4M2YpICsgc3VtICsgYzsKICAgICAgZGlmZiA9ICgobmV3c3RhdGUzIF4gbmV3c3RhdGUxKSAtIChuZXdzdGF0ZTEgPDwgOCkpICYgTUFTSzsKICAgICAgaWYgKGRpZmYgJSBkaXYgIT0gMCkgY29udGludWU7CiAgICAgIGQgPSBkaWZmIC8gZGl2OwogICAgICBpZiAoZCA8IE1JTl9DSEFSIHx8IGQgPiBNQVhfQ0hBUikgY29udGludWU7CgogICAgICBkaXYgID0gKG5ld3N0YXRlMyAmIDB4M2YpICsgc3VtICsgYyArIGQ7CiAgICAgIGRpZmYgPSAoKHRhcmcxIF4gbmV3c3RhdGUzKSAtIChuZXdzdGF0ZTMgPDwgOCkpICYgTUFTSzsKICAgICAgaWYgKGRpZmYgJSBkaXYgIT0gMCkgY29udGludWU7CiAgICAgIGUgPSBkaWZmIC8gZGl2OwogICAgICBpZiAoZSA8IE1JTl9DSEFSIHx8IGUgPiBNQVhfQ0hBUikgY29udGludWU7CgogICAgICBwYXNzX2FyeVtpKzFdID0gYzsKICAgICAgcGFzc19hcnlbaSsyXSA9IGQ7CiAgICAgIHBhc3NfYXJ5W2krM10gPSBlOwogICAgICByZXR1cm4gMTsKICAgIH0KCiAgICB3aGlsZSAoaSA+PSAwICYmIHBhc3NfYXJ5W2ldID49IE1BWF9DSEFSKSB7CiAgICAgIHN1bSAtPSBNQVhfQ0hBUjsKICAgICAgaS0tOwogICAgfQogICAgaWYgKGkgPCAwKSBicmVhazsKICAgIHBhc3NfYXJ5W2ldKys7CiAgICB4b3JfYXJ5W2ldICs9IHN0ZXBfYXJ5W2ldOwogICAgc3VtKys7CiAgICBzdGF0ZTFfYXJ5W2krMV0gPSBzdGF0ZTFfYXJ5W2ldIF4geG9yX2FyeVtpXTsKICAgIHN0YXRlMl9hcnlbaSsxXSA9IHN0YXRlMl9hcnlbaV0KICAgICAgKyAoKHN0YXRlMl9hcnlbaV0gPDwgOCkgXiBzdGF0ZTFfYXJ5W2krMV0pOwogIH0KCiAgcmV0dXJuIDA7Cn0KCnZvaWQgY3JhY2soY2hhciAqaGFzaCkKewogIGludCBpLCBsZW47CiAgdTMyIHRhcmcxLCB0YXJnMiwgdGFyZzM7CiAgaW50IHBhc3NbTUFYX0xFTl07CgogIGlmICggc3NjYW5mKGhhc2gsICIlOGx4JWx4IiwgJnRhcmcxLCAmdGFyZzIpICE9IDIgKSB7CiAgICBwcmludGYoIkludmFsaWQgcGFzc3dvcmQgaGFzaDogJXNcbiIsIGhhc2gpOwogICAgcmV0dXJuOwogIH0KICBwcmludGYoIkhhc2g6ICUwOGx4JTA4bHhcbiIsIHRhcmcxLCB0YXJnMik7CiAgdGFyZzMgPSB0YXJnMiAtIHRhcmcxOwogIHRhcmczID0gdGFyZzIgLSAoKHRhcmczIDw8IDgpIF4gdGFyZzEpOwogIHRhcmczID0gdGFyZzIgLSAoKHRhcmczIDw8IDgpIF4gdGFyZzEpOwogIHRhcmczID0gdGFyZzIgLSAoKHRhcmczIDw8IDgpIF4gdGFyZzEpOwoKICBmb3IgKGxlbiA9IDM7IGxlbiA8PSBNQVhfTEVOOyBsZW4rKykgewogICAgcHJpbnRmKCJUcnlpbmcgbGVuZ3RoICVkXG4iLCBsZW4pOwogICAgaWYgKCBjcmFjazAobGVuLTQsIHRhcmcxLCB0YXJnMywgcGFzcykgKSB7CiAgICAgIHByaW50ZigiRm91bmQgcGFzczogIik7CiAgICAgIGZvciAoaSA9IDA7IGkgPCBsZW47IGkrKykKICAgICAgICBwdXRjaGFyKHBhc3NbaV0pOwogICAgICBwdXRjaGFyKCdcbicpOwogICAgICBicmVhazsKICAgIH0KICB9CiAgaWYgKGxlbiA+IE1BWF9MRU4pCiAgICBwcmludGYoIlBhc3Mgbm90IGZvdW5kXG4iKTsKfQoKaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKmFyZ3ZbXSkKewogIGludCBpOwogIGlmIChhcmdjIDw9IDEpCiAgICBwcmludGYoInVzYWdlOiAlcyBoYXNoXG4iLCBhcmd2WzBdKTsKICBmb3IgKGkgPSAxOyBpIDwgYXJnYzsgaSsrKQogICAgY3JhY2soYXJndltpXSk7CiAgcmV0dXJuIDA7Cn0=

LyogIEJlcmVjaG51bmcgZGVzIEhhbW1pbmctQWJzdGFuZGVzIHp3aXNjaGVuIHp3ZWkgMTI4LUJpdCBXZXJ0ZW4gaW4gCSovCi8qCWVpbmVyIFRleHRkYXRlaS4gCQkJCQkJCQkJCQkJCSovCi8qICBEaWUgV2VydGUgbSZ1dW1sO3NzZW4gYXVmIGVpbmVyIHNlcGFyYXRlbiBaZWlsZSBnZXNwZWljaGVydCBzZWluCQkJKi8KLyogCQkJCQkJCQkJCQkJCQkJCQkJKi8KLyoJRXJzdGVsbHQ6IDE3LjUuMjAxMAkJCQkJCQkJCQkJCQkqLwovKiAgQXV0b3I6IFRob21hcyBTY2hlZmZsZXIJCQkJCQkJCQkJCQkqLwoKI2luY2x1ZGUgJmx0O3N0ZGlvLmgmZ3Q7CiNpbmNsdWRlICZsdDtzdGRsaWIuaCZndDsKCiNkZWZpbmUgQVJSQVlfU0laRSAzMgoKdW5zaWduZWQgSGFtZGlzdCh1bnNpZ25lZCB4LCB1bnNpZ25lZCB5KQp7CiAgdW5zaWduZWQgZGlzdCA9IDAsIHZhbCA9IHggXiB5OwogCiAgLy8gQ291bnQgdGhlIG51bWJlciBvZiBzZXQgYml0cwogIHdoaWxlKHZhbCkKICB7CiAgICArK2Rpc3Q7IAogICAgdmFsICZhbXA7PSB2YWwgLSAxOwogIH0KIAogIHJldHVybiBkaXN0Owp9CgoKCmludCBtYWluICh2b2lkKQp7CgljaGFyIGhleDsKCWludCBpOwoJaW50IGFbQVJSQVlfU0laRV07CglpbnQgYltBUlJBWV9TSVpFXTsKCWludCBoYW1EaXN0ID0gMDsKCUZJTEUqIGZwOwoJCgkvL0FycmF5cyBtaXQgMCBpbml0aWFsaXNpZXJlbgoJZm9yIChpID0gMDsgaSAmbHQ7IEFSUkFZX1NJWkU7ICsraSkKCXsKICAJCWFbaV0gPSAwOwogIAkJYltpXSA9IDA7Cgl9CgoJCglmcCA9IGZvcGVuKCZxdW90O2hleC50eHQmcXVvdDssJnF1b3Q7ciZxdW90Oyk7CglpZiAoZnAgPT0gTlVMTCkgCgl7CgkJcHJpbnRmKCZxdW90O0RpZSBEYXRlaSBoZXgudHh0IHd1cmRlIG5pY2h0IGdlZnVuZGVuISZxdW90Oyk7CgkJZXhpdChFWElUX0ZBSUxVUkUpOwoJfQoKCWk9MDsKCXByaW50ZigmcXVvdDsxLlplaWxlIGVpbmxlc2VuLlxuJnF1b3Q7KTsKCiAJd2hpbGUoKGhleD1mZ2V0YyhmcCkpIT0nXG4nICZhbXA7JmFtcDsgaGV4ICE9IEVPRikKICAgIHsKICAgICAgICBhW2ldPXN0cnRvbCgmYW1wO2hleCwwLDE2KTsKCQlpKys7CiAgICB9CglpPTA7CglwcmludGYoJnF1b3Q7Mi5aZWlsZSBlaW5sZXNlbi5cbiZxdW90Oyk7CgogCXdoaWxlKChoZXg9ZmdldGMoZnApKSE9J1xuJyAmYW1wOyZhbXA7IGhleCAhPSBFT0YpCiAgICB7CiAgICAJYltpXT1zdHJ0b2woJmFtcDtoZXgsMCwxNik7CiAgICAgICAgaSsrOwogICAgfQoJZmNsb3NlKGZwKTsKCglwcmludGYoJnF1b3Q7SGFtbWluZy1BYndlaWNodW5nIHBybyBOaWJibGU6XG4mcXVvdDspOwoJZm9yIChpID0gMDsgaSAmbHQ7IEFSUkFZX1NJWkU7ICsraSkKCXsKCQlwcmludGYgKCZxdW90OyVpXHQlaVx0JWlcbiZxdW90OyxhW2ldLGJbaV0sSGFtZGlzdChhW2ldLGJbaV0pKTsKCQloYW1EaXN0ICs9IEhhbWRpc3QoYVtpXSxiW2ldKTsKCX0KCXByaW50ZiAoJnF1b3Q7XG5IYW1taW5nLUFid2VpY2h1bmcgZGVyIEhhc2gtV2VydGU6JWRcbiZxdW90OyxoYW1EaXN0KTsKfQoK

/*  Berechnung des Hamming-Abstandes zwischen zwei 128-Bit Werten in 	*/
/*	einer Textdatei. 													*/
/*  Die Werte müssen auf einer separaten Zeile gespeichert sein			*/
/* 																		*/
/*	Erstellt: 17.5.2010													*/
/*  Autor: Thomas Scheffler												*/

#include <stdio.h>
#include <stdlib.h>

#define ARRAY_SIZE 32

unsigned Hamdist(unsigned x, unsigned y)
{
  unsigned dist = 0, val = x ^ y;
 
  // Count the number of set bits
  while(val)
  {
    ++dist; 
    val &= val - 1;
  }
 
  return dist;
}



int main (void)
{
	char hex;
	int i;
	int a[ARRAY_SIZE];
	int b[ARRAY_SIZE];
	int hamDist = 0;
	FILE* fp;
	
	//Arrays mit 0 initialisieren
	for (i = 0; i < ARRAY_SIZE; ++i)
	{
  		a[i] = 0;
  		b[i] = 0;
	}

	
	fp = fopen("hex.txt","r");
	if (fp == NULL) 
	{
		printf("Die Datei hex.txt wurde nicht gefunden!");
		exit(EXIT_FAILURE);
	}

	i=0;
	printf("1.Zeile einlesen.\n");

 	while((hex=fgetc(fp))!='\n' && hex != EOF)
    {
        a[i]=strtol(&hex,0,16);
		i++;
    }
	i=0;
	printf("2.Zeile einlesen.\n");

 	while((hex=fgetc(fp))!='\n' && hex != EOF)
    {
    	b[i]=strtol(&hex,0,16);
        i++;
    }
	fclose(fp);

	printf("Hamming-Abweichung pro Nibble:\n");
	for (i = 0; i < ARRAY_SIZE; ++i)
	{
		printf ("%i\t%i\t%i\n",a[i],b[i],Hamdist(a[i],b[i]));
		hamDist += Hamdist(a[i],b[i]);
	}
	printf ("\nHamming-Abweichung der Hash-Werte:%d\n",hamDist);
}