Mode 33400: mega.nz password-protected link (PBKDF2-HMAC-SHA512) #3907
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Why isn't this already implemented? Can't wait. Plz hashcat people, do it before Christmas :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
mega.nz is a centralized file-sharing service with some nice security features, like client-side file decryption. Apparently it is not widely known, but mega password-protected links are implemented fully on the client side using
PBKDF2-HMAC-SHA512to derive a key and anHMAC-SHA256to verify the derived key.This PR adds support for cracking passwords for such links.
Relevant documentation
Example hash
P!AgD________U2XVjJi1vxkJgMPf5rkQYUn1H_6WI_sKtiic69mqBKP_____________________O_PDG0Om7BSapL1QoRAgUrz9vzaZmrYnU8t-Au6htegIt corresponds to the following link:
https://mega.nz/#P!AgD________U2XVjJi1vxkJgMPf5rkQYUn1H_6WI_sKtiic69mqBKP_____________________O_PDG0Om7BSapL1QoRAgUrz9vzaZmrYnU8t-Au6hteg
This hash follows the algorithm, but does not correspond to a real file.
Notes
I did not test this on file links (they have
01at the second byte and a different key length), but I did try to support it.I am unsure of some of the choices I made in the PR and would like some input from the maintainers:
HASH_CATEGORY_APPLICATION_DATABASE, but it's not really an application and more like a centralized service..COMPARE_Min the kernel makes sense. Intuitively, we already know the digest we want to compare with so, probablyCOMPARE_Sshould be used instead? I was not able to figure out how to use it here though