Crash

SHA-2 hashing with AutoIt

Started by Crash,

11 posts in this topic

#1 ·  Posted

Dear AutoIt communities,

I wish to perform SHA-256 hashing with AutoIt. I noticed Help File shows the use of MD2, MD4, MD5, SHA1. To my knowledge, all of these aren't cryptographically secure anymore and SHA-2 (SHA-256, SHA-384, SHA-512) is the way to hash passwords.

I poked around Crypt.au3 and found SHA-2 constants are commented out. Why is this? I'm using latest public release, v 3.3.14.2

; #CONSTANTS# ===================================================================================================================
Global Const $PROV_RSA_FULL = 0x1
Global Const $PROV_RSA_AES = 24
Global Const $CRYPT_VERIFYCONTEXT = 0xF0000000
Global Const $HP_HASHSIZE = 0x0004
Global Const $HP_HASHVAL = 0x0002
Global Const $CRYPT_EXPORTABLE = 0x00000001
Global Const $CRYPT_USERDATA = 1

Global Const $CALG_MD2 = 0x00008001
Global Const $CALG_MD4 = 0x00008002
Global Const $CALG_MD5 = 0x00008003
Global Const $CALG_SHA1 = 0x00008004
; Global Const $CALG_SHA_256 = 0x0000800c
; Global Const $CALG_SHA_384 = 0x0000800d
; Global Const $CALG_SHA_512 = 0x0000800e
Global Const $CALG_3DES = 0x00006603
Global Const $CALG_AES_128 = 0x0000660e
Global Const $CALG_AES_192 = 0x0000660f
Global Const $CALG_AES_256 = 0x00006610
Global Const $CALG_DES = 0x00006601
Global Const $CALG_RC2 = 0x00006602
Global Const $CALG_RC4 = 0x00006801
Global Const $CALG_USERKEY = 0
Global Const $KP_ALGID = 0x00000007

 

I thought this could be compatibility issues, and older Windows doesn't support SHA-2.

Without knowing what I am doing, MSDN help appears to say SHA256 is available since Windows Platform 10 (https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256(v=vs.110).aspx) However other sources said SHA-2 has been supported since Win XP SP 3.

What is happening? How can I implement SHA-2 with confidence that it will work on Win XP? Unfortunately I do not have an older computer or virtual PC to test it out. I'm running latest Windows 10 and SHA-256, SHA-384, SHA-512 all works fine. (If you like to try on your machine, I've attached the help file hashing example with SHA-2 algo added)

 

Thank you yet again

Crash

sdfsdaf.au3

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Share this post

Link to post
Share on other sites



#2 ·  Posted

It was decided that because the commented out algorithms weren't available in XP below SP3, they would be commented out but included in the file.

It's completely ok to uncomment them and use them in your scripts. Windows crypto API supports them in versions of Windows above XP SP3 and if you're running anything below SP3 on XP you deserve to get hacked.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post

Link to post
Share on other sites

#3 ·  Posted

It was decided that because the commented out algorithms weren't available in XP below SP3, they would be commented out but included in the file.

It's completely ok to uncomment them and use them in your scripts. Windows crypto API supports them in versions of Windows above XP SP3 and if you're running anything below SP3 on XP you deserve to get hacked.

:lol: haha Windows XP isn't supported now anyway so I think this lack of SHA-2 is the least of their concerns. Thanks for the confirmation!

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Share this post

Link to post
Share on other sites

#4 ·  Posted

Something about Dec. 23rd and remembering there is no good reason that those are commented out.  Looootttttssss of stuff doesnt work in XP.

Posted 23 Dec 2014 · Report post

Those constants are declared in the UDF and therefore don't need to be included at the top of your script.

https://www.autoitscript.com/forum/topic/166338-sha-256

 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post

Link to post
Share on other sites

#5 ·  Posted (edited)

Ahh thank you I forgot to search the forum before posting a new topic. I apologise.

I followed some links and MSDN confirmed that SHA-2 is not supported under XP SP3:

Windows XP with SP3:  This algorithm is supported by the Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype).

Windows XP with SP2, Windows XP with SP1, and Windows XP:  This algorithm is not supported.

(This is going to be useful for other forum searcher)

 

My current implementation includes a fallback. I'm not a good programmer and this is not tested on XP, but here goes:

#include <Crypt.au3>

Const $algo = 0x0000800c ; SHA-256
Const $algofallback = $CALG_SHA1

$passwd = ...... ; typed by user
$salt = ...... ; generated with _Crypt_GenRandom

Local $hash = _Crypt_HashData($passwd & $salt, $algo)
If @error Then $hash = _Crypt_HashData($passwd & $salt, $algofallback) ; fall back

I hard coded SHA-256 code to improve compatibility when others compile my code, and uses @error to see if SHA-256 can be used. I hope that's secure :lol: Any constructive criticisms welcomed!

Edited by Crash

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Share this post

Link to post
Share on other sites

#6 ·  Posted

there are many pieces in many UDFs that fail on XP.  A feature that is incompatible with XP is at most a note in the helpfile, and that is if you want to be really nice about it.  You certainly dont test the new features, then add the new features, and then comment them out because of reasons that dont hold back any other UDF, do you?

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post

Link to post
Share on other sites

#7 ·  Posted

there are many pieces in many UDFs that fail on XP.  A feature that is incompatible with XP is at most a note in the helpfile, and that is if you want to be really nice about it.  You certainly dont test the new features, then add the new features, and then comment them out because of reasons that dont hold back any other UDF, do you?

Haha I certainly don't know how I feel about this. I think it's nice for beginners like me who don't quite know our ways around. It would be quite frustrating if a function doesn't work. But I agree that in this particular case the constants shouldn't be commented out but instead only be warned in the help files.

Recently a big head scratching moment for me when I tried to change the text colour on checkboxes. Although it is noted that GUICtrlSetColor wouldn't work on checkboxes with XP theme, I'm on Win 10 as far as I'm concerned. It took a long time to figure that that the "XP theme" is at fault and I should strip the theme first. These little moments made me wanna shout at my screen.

Oh I hope AutoIt admins are reading this; I hope they will implement Windows 10 custom colour changing title bar. Or the task bar item acting as progress bar. Or Windows 10 notification centre.

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Share this post

Link to post
Share on other sites

#8 ·  Posted (edited)

That would be the too new end of the spectrum, imo (very late at night).   I have a mixture of 7.1 and 8.1 endpoint systems, and they play great.  Why not just stay with the herd and play the same game as everyone else?  Let the devs get there first and wait for the ok to move forward.    *Right, that game sux.  I went to 10 for the new powershell stuff, but I just jump to that box and run cli.  

I'd like to see the script that cannot set control color, I am not having issue with the examples from the helpfile on win 10 

Edited by iamtheky 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post

Link to post
Share on other sites

#9 ·  Posted (edited) 

#include <GUIConstantsEx.au3>

$GUI = GUICreate("Test", 200, 300)
GUISetBkColor(0x000000) ; black GUI

GUICtrlSetDefBkColor(0x000000) ; black bg controls
GUICtrlSetDefColor(0xFFFFFF) ; white text controls

$chk1 = GUICtrlCreateCheckbox("You can't see me", 25, 50)
$chk2 = GUICtrlCreateCheckbox("You saw me", 25, 100)

; strip XP theme
DllCall("UxTheme.dll", "int", "SetWindowTheme", "hwnd", GUICtrlGetHandle($chk2), "wstr", 0, "wstr", 0)

; gui stuff
GUISetState()
Do
    $msg = GUIGetMsg()
Until $msg = $GUI_EVENT_CLOSE

Here you go :) I couldn't have came up with the theme stripping code myself. Good thing I found that in forum :D

The white dotted border below is just Windows showing that control is active. The key here is that the text is not recoloured by GUICtrlSetColor (or in my case, GUICtrlSetDefColor)

Capture.PNG

Remarks from GUICtrlSetColor help:

Remarks

Only Button, Label, Checkbox, Group, Radio, Edit, Input, List, Listview, ListviewItem, Treeview, TreeviewItem, Graphic, Progress and Combo controls can currently be colored.

Checkbox, Radio, Group or Progress controls cannot be painted if the "Windows XP/Vista style" is used.

Button controls are always painted in "Windows Classic style".

If anyone could actually contribute to the help file, it'd be great to add in the strippnig code. It isn't very obvious to a beginner like me.

Edited by Crash

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Share this post

Link to post
Share on other sites

#10 ·  Posted

Here you go :) I couldn't have came up with the theme stripping code myself. Good thing I found that in forum :D

The white dotted border below is just Windows showing that control is active. The key here is that the text is not recoloured by GUICtrlSetColor (or in my case, GUICtrlSetDefColor)

 

Remarks from GUICtrlSetColor help:

If anyone could actually contribute to the help file, it'd be great to add in the strippnig code. It isn't very obvious to a beginner like me.

_WinAPI_SetWindowTheme will do the same thing and it's in AutoIt already.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post

Link to post
Share on other sites

#11 ·  Posted

_WinAPI_SetWindowTheme will do the same thing and it's in AutoIt already.

Thank you. I got it working with

#include <GUIConstantsEx.au3>
#include <WinAPITheme.au3>

$GUI = GUICreate("Test", 200, 300)
GUISetBkColor(0x000000) ; black GUI

GUICtrlSetDefBkColor(0x000000) ; black bg controls
GUICtrlSetDefColor(0xFFFFFF) ; white text controls

$chk1 = GUICtrlCreateCheckbox("You can't see me", 25, 50)
$chk2 = GUICtrlCreateCheckbox("You saw me", 25, 100)

; strip XP theme
;DllCall("UxTheme.dll", "int", "SetWindowTheme", "hwnd", GUICtrlGetHandle($chk2), "wstr", 0, "wstr", 0)
_WinAPI_SetWindowTheme(GUICtrlGetHandle($chk2), 0, "")

; gui stuff
GUISetState()
Do
Until GUIGetMsg() = $GUI_EVENT_CLOSE

 

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Go To Topic Listing AutoIt General Help and Support

  • Similar Content

    • Graeme
      Calculating Hash values
      By Graeme
      I was looking for a way to calculate the sha512 value of files downloaded and eventually came across crypt.au3 in my include folder. It looks good but when I looked at the global constants the three values for Sha 2 are commented out. Is there a reason for that or should these be made available?
    • usmiv4o
      razorwire hash check for files
      By usmiv4o
      #cs ---------------------------------------------------------------------------- AutoIt Version: 3.2.4.3 Author: usmiv4o Script Function: AutoIt script to check if files in directory are changed. It is usefull for security contra-inteligense measures. Function Name: LoadTripwireDB() Description: Loads database (text file tripwire.txt) and compare files in /test folder for changes. compares Hash (MD5) checksums. If they are not the same starts Initial() Function Name: Initial() Description: Checks directory and makes index of files and their MD5 checksums in text file (tripwire.txt) Function Name: Hush() Description: Checks file and returns its MD5 checksum. Requirement(s): Windows XP Return Value(s): On Success - Returns true. Files are the same as before. On Failure - return false. Example: LoadTripwireDB() #ce ---------------------------------------------------------------------------- #include <Crypt.au3> #include <File.au3> #include <Array.au3> $sDir = @ScriptDir & "\Test" $sFilePath = @ScriptDir & "\tripwire.txt" Func Hush(ByRef $sFile) $sRead = FileOpen( $sFile) $dHash = _Crypt_HashData($sRead, $CALG_MD5) ; Create a hash of the text entered. ConsoleWrite("Hash of file " & $sFile & " is " & $dHash & @CRLF) EndFunc ;ConsoleWrite("Files in Dir are " & $aScriptDir[0] & @CRLF) ;$sFilePath = @ScriptDir & "\Examples.txt" ;_FileWriteFromArray($sFilePath, $aScriptDir, 1) ;_ArrayDisplay($aScriptDir, "1D display") Func Initial() $aScriptDir = _FileListToArray($sDir) for $i = 1 To UBound($aScriptDir) - 1 $dHash = _Crypt_HashData($i, $CALG_MD5) ;ConsoleWrite("File " & $aScriptDir[$i] & " is " & $dHash & @CRLF) ConsoleWrite($aScriptDir[$i] & ":" & $dHash & @CRLF) ;Hush($aScriptDir[$i]) ;FileWrite $hFileOpen = FileOpen($sFilePath, $FO_APPEND) If $hFileOpen = -1 Then MsgBox($MB_SYSTEMMODAL, "", "An error occurred when reading the file.") EndIf FileWrite($hFileOpen, $aScriptDir[$i] & ":" & $dHash & @CRLF) Next EndFunc Func Monitor() $aScriptDir = _FileListToArray($sDir) for $i = 1 To UBound($aScriptDir) - 1 Next EndFunc Func LoadTripwireDB() $comparison_ok = false $dArray = _FileListToArray($sDir) ;directory $dArray0 = UBound($dArray) - 1 $fArray = FileReadToArray($sFilePath) ;file $fArray0 = UBound($fArray) ;_ArrayDisplay($dArray, "files array") if $dArray0 = $fArray0 Then ; are file same as recorded in txt file? ;ConsoleWrite("files in monitoring dir: " & $dArray[0] & " = file recorded: " & $fArray0 & @CRLF & $fArray[0]& @CRLF) for $i = 1 To UBound($dArray) - 1 ;ConsoleWrite("i = " & $i & @CRLF) $dHash = _Crypt_HashData($i, $CALG_MD5) ;binary ;$dHash = BinaryToString($dHash) $ffhash = StringSplit( $fArray[$i-1],":") $fhash = $ffhash[2] ;ConsoleWrite("IsBinary $dHash " & IsBinary($dHash) & @CRLF) if $dHash = $fhash Then ;if compared hashes are equal ;ConsoleWrite($fhash & ":" & $dHash & " equal" & @CRLF) ;ConsoleWrite("File: " & $fhash & @CRLF & "Directory: " & $dHash & @CRLF & "equal: yes " & @CRLF) Else ;if compared hashes are not equal ;ConsoleWrite("File: " & $fhash & @CRLF & "Directory: " & $dHash & @CRLF & "equal: not " & @CRLF) ;MsgBox(0,"hash md5",$fhash & ":" & $dHash & " not equal") EndIf Next ;ConsoleWrite("hashes are equal" & @CRLF) $comparison_ok = true Else ConsoleWrite("number of files in monitoring dir are not same as recorded" & @CRLF) ConsoleWrite("directory: " & $dArray[0] &":"& "files: " & UBound($fArray) - 1 & @CRLF) EndIf Return $comparison_ok EndFunc #main if LoadTripwireDB() = true Then ConsoleWrite(" hashes are equal " & @CRLF) ElseIf LoadTripwireDB() <> true Then ConsoleWrite(" hashes are not equal " & @CRLF) ConsoleWrite(" hashes are not equal " & @CRLF) Initial() EndIf  
      tripwire.au3
      tripwire.txt
    • argumentum
      sum of hash [solved]
      By argumentum
      I've got a bunch of hash from files in a folder
      0x45B265C13EC41DD3272E547A837EF0604E06EF6C 0x73418EE0D435F0995DE000A0CB9A895B8031D62B 0x6FB325DDFA9AFCB148B815F41C94F5BBC3735E0B 0xE8BC5E1676E64E9EE77A7EBD56D910D60D453A2A 0xFF311E2FEC610B2E0A3169435CBC48D5B1B53A57 0x728EDF8577DF247CBC69ED6F2F9EACB3BF845150 0x8CABC5A4BDA856E0D0E884D0F4A335CB2457941D 0xCEBB04B9099141009329E13EDBD8B5CFB14A49A5 0xD7AA968FCF6AC9691F6ED801BA9291EBBBAFED71 0xBBBA76A66C54D53BADE77245D9F205F1EB9CC685 0x39DD14E5DB99F39F68182494C0B48CEFB5DDFDDF 0x32C2A01B523D973D933FC004237CAB4B792231BF 0x6AE1A10B7505DDABEECEAFD13B2EC2A8D7286587 how can I make a sum of the hash to have a hash that'd represent these hash as a single hash resultant of these ?.
      I was thinking of sorting them and adding 'em to a string and hash that string but there may be a proper way to do it.
      Any and all ideas are welcomed.
    • Danyfirex
      VirusTotal Hash Checker
      By Danyfirex
      Hi every body. Today I want to share this small aplication(source code only) to check Hash in virustotal. (it is not a best coding practices example lol)
      VirusTotal Hash Checker Allow you to check hash and files in virustotal.com using its Public API service.
      Aplication Information.
      -Add one or more Files 
      -Add all files in a folder
      -Add a MD5
      -Add a MD5 File List
      -Automatic verification
      -Check Single File
      -Show Scan
      -Show Scan in Web
      -Open in Folder
      -Clear List
      Capture:

       
      Files in the rar file.
      VirusTotal Hash Checker.au3 Detected.ico ok.ico wait.ico nofound.ico  
      VirusTotal Hash Checker.rar
       
      Saludos
    • JoshDB
      HMAC SHA512 hash not yielding 'correct' values
      By JoshDB
      Hi all, I need to generate an HMAC hash using SHA512 according to a certain API's specs and the only HMAC example I've seen () does not work as I need it do, even adapting it from a 64-bit blocksize to 512 and adding Ward's_SHA512 UDF.

      I've tried the following:


      Func _HashHMAC512($key, $message) $key = _StringRepeat("0", 512 - StringLen($key)) & $key ; keys shorter than blocksize are zero-padded ('?' is concatenation) $o_key_pad = BitXOR(0x5c * 512, $key) ; Where blocksize is that of the underlying hash function $i_key_pad = BitXOR(0x36 * 512, $key) ; Where ? is exclusive or (XOR) Return _SHA512($o_key_pad & _SHA512($i_key_pad & $message)) EndFunc
      But, of course, it doesn't work (I suspect I'm doing something very blatantly wrong, but as I lack fundamental understanding about binary and hex number formats I can't see what's the issue right off the top of my head.)

      Note: in my case $key will always by 68 characters long so it will always prepend the leading zeroes.

      As a litmus test, I need to hash the message 1239348906120181 with the key ba63a816f030cefeea4803cd593569ce23f3815d0cc8c56d9194df6226dca2f0f48239698bc68991cfac387449b07b0f722f6f3df761dbc1fe8894dd65ff00b2 and receive 2610740031eeab61bbe6cd3f08daa6186ff0d59f5ec045dbb0e194fea8998b4f3d1da9aae0f718f8c126d6418302e081d68a82f0576eb266b68f26dc3459b62f as the output.

      I've been working on this for the past 4-odd hours now, to no avail. I really, really don't want to have to restart my project in python or php or somesuch... or, for that matter, write the hash function in js, python, or php and somehow bootleg that single function's results into my au3 project. I would greatly appreciate any help from ye wise ents, even if it's just a nudge in the right direction.