Jump to content

[SOLVED] Hmac_PBKDF2 Wrong hash

paradox109
 Share

Recommended Posts

paradox109 Seeker

paradox109

Posted
Posted (edited)

Today i tried using _CryptoNG_PBKDF2 Function of CryptoNG.au3 UDF 490-cryptong-udf-cryptography-api-next-generation 

Unfortunately, i keep getting the wrong salted Password! 

#include <CryptoNG.au3>

$pass = "[test]"
$salt = "fd4b1e6ad1b05db6ff288928fed3005ef4fdc9ade8be276220a8f41adcccda29"

ConsoleWrite('pass: '&@TAB&@TAB&$pass&@CRLF)
ConsoleWrite('salt: '&@TAB&@TAB&$salt&@CRLF)

$iDKeyBitLength=256
$resKey = _CryptoNG_PBKDF2($pass, $salt, 100,$iDKeyBitLength,'SHA256')
If @error Then MsgBox(0,"","ERROR: " & _CryptoNG_LastErrorMessage(),0)

If StringLower(Hex($resKey)) <> '5fc52bc04cbe1ed40e549b52e5c636168242c1395df2dd696a327ad5e005198f' Then
   ConsoleWrite('saltedPassword: '&StringLower(Hex($resKey))&' WRONG! ---> 5fc52bc04cbe1ed40e549b52e5c636168242c1395df2dd696a327ad5e005198f'&@CRLF)
Else
   ConsoleWrite('saltedPassword: '&StringLower(Hex($resKey))&' !Correct'&@CRLF)
EndIf
Spoiler

2a29395ecbfbd766fc3f232b500b1557.png

 

And here are working examples in php and python.

Python

Php

 

Edited by paradox109
Link to comment
Share on other sites
TheXman Universalist

TheXman

Posted
Posted (edited)
5 hours ago, paradox109 said:

Unfortunately, i keep getting the wrong salted Password!

You are getting the wrong result because you used the wrong data.  The examples in the links that you provided used binary salts.  You were not converting the salt to binary before passing it to the function. 

The example below, which is a modified version of the example supplied with the CryptoNG UDF lib, would be the equivalent conversion using CryptoNG: 

#include <MyIncludes\CryptoNG\CryptoNG.au3>  ; <== Modify as needed


pbkdf2_example()

Func pbkdf2_example()

    Const $PASSWORD       = "[test]"
    Const $SALT           = _CryptoNG_CryptStringToBinary("fd4b1e6ad1b05db6ff288928fed3005ef4fdc9ade8be276220a8f41adcccda29", $CNG_CRYPT_STRING_HEX)
;~  Const $SALT           = Binary("0xfd4b1e6ad1b05db6ff288928fed3005ef4fdc9ade8be276220a8f41adcccda29") ;Alternate way
    Const $ITERATIONS     = 100
    Const $KEY_BIT_LENGTH = 256
    Const $ALGORITHM      = $CNG_BCRYPT_SHA256_ALGORITHM

    Local $xPasswordHash = Binary("")


    ;PBKDF2 Example
    $xPasswordHash = _CryptoNG_PBKDF2($PASSWORD, $SALT, $ITERATIONS, $KEY_BIT_LENGTH, $ALGORITHM)
    If @error Then
        ConsoleWrite("ERROR: " & _CryptoNG_LastErrorMessage() & @CRLF)
        Exit 1
    EndIf

    ;Display results
    ConsoleWrite(@CRLF)
    ConsoleWrite("CryptoNG Password-Based Key Derivation Function 2 (PBKDF2) Example" & @CRLF)
    ConsoleWrite(StringFormat("PBKDF2_%s Password      = %s", $ALGORITHM, $PASSWORD) & @CRLF)
    ConsoleWrite(StringFormat("PBKDF2_%s Salt          = %s", $ALGORITHM, $SALT) & @CRLF)
    ConsoleWrite(StringFormat("PBKDF2_%s Iterations    = %s", $ALGORITHM, $ITERATIONS) & @CRLF)
    ConsoleWrite(StringFormat("PBKDF2_%s Key Length    = %i bits / %i bytes", $ALGORITHM, $KEY_BIT_LENGTH, $KEY_BIT_LENGTH / 8) & @CRLF)
    ConsoleWrite(StringFormat("PBKDF2_%s Password Hash = %s", $ALGORITHM, $xPasswordHash) & @CRLF)

EndFunc

Console: 

CryptoNG Password-Based Key Derivation Function 2 (PBKDF2) Example
PBKDF2_SHA256 Password      = [test]
PBKDF2_SHA256 Salt          = 0xFD4B1E6AD1B05DB6FF288928FED3005EF4FDC9ADE8BE276220A8F41ADCCCDA29
PBKDF2_SHA256 Iterations    = 100
PBKDF2_SHA256 Key Length    = 256 bits / 32 bytes
PBKDF2_SHA256 Password Hash = 0x5FC52BC04CBE1ED40E549B52E5C636168242C1395DF2DD696A327AD5E005198F

 

Edited by TheXman
Added alternate way of converting hex string to binary

CryptoNG UDF: Cryptography API: Next Gen
jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor
Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script
About Me
How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief)

"Any fool can know.  The point is to understand."  -Albert Einstein
"If you think you're a big fish, it's probably because you only swim in small ponds."  ~TheXman

Link to comment
Share on other sites
TheXman Universalist

TheXman

Posted
Posted

You're welcome! :)

CryptoNG UDF: Cryptography API: Next Gen
jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor
Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script
About Me
How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief)

"Any fool can know.  The point is to understand."  -Albert Einstein
"If you think you're a big fish, it's probably because you only swim in small ponds."  ~TheXman

Link to comment
Share on other sites
TheXman Universalist

TheXman

Posted
Posted (edited)
21 hours ago, paradox109 said:

i swear i tried every combination with binary and hex

For the record, you could have also used the CryptoNG helper function to convert the hex string to binary: 

Const $SALT = _CryptoNG_CryptStringToBinary("fd4b1e6ad1b05db6ff288928fed3005ef4fdc9ade8be276220a8f41adcccda29", $CNG_CRYPT_STRING_HEX)

 

As opposed to the Binary() function, the _CryptoNG_CryptStringToBinary() function is more flexible for converting hex strings to binary because it can handle more input formats.  For example, all of the following strings would yield the same binary result, 0x0011223344: 

"0011223344"

or

"00 11 22 33 44"

or

"00 11" & @CRLF & _
"22"    & @CRLF & _
"3344"

or

"ABEiM0Q="  (BASE64)

The_CryptoNG_CryptStringToBinary()  function can also convert BASE64 strings, in multiple formats, to binary.  So as you can see, it's quite flexible, especially for testing purposes.  Its companion function, _CryptoNG_CryptBinaryToString(), is very useful too.  See this post for examples.

Edited by TheXman

CryptoNG UDF: Cryptography API: Next Gen
jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor
Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script
About Me
How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief)

"Any fool can know.  The point is to understand."  -Albert Einstein
"If you think you're a big fish, it's probably because you only swim in small ponds."  ~TheXman

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...