CMake

CMake cannot find OpenSSL 3 on linux machine and using enviroment variables does not help

Crypto files

Describes functions for encryption, decryption and hashing.

• Wrapper for EVP_Cipher
• AES_128_CBC function using wrapper;
• RC4 function using wrapper;
• MD5 function;
• Enumeration for encryption/decryption;

Summary

Write API function that takes function pointer to NTLM specific callback. Change decrypt_ntlm_hash switch logic to multiple if blocks. In first checks existance of hash, and second sets proper callback function for decryption.

Basic example

// ...
int exists_cmp = 0x14;
decrypt_callback_t decrypt_callback = &ntlmv1_decrypt_callback;
uint8_t* salt = hash_type ? NTPASSWORD : LMPASSWORD;
if (revision == 2)
{
    exists_cmp = 0x38;
    decrypt_callback = &ntlmv2_decrypt_callback;
    salt = encrypted_hash_salt;
}

if (hash_exists != exists_cmp)
{
    memcpy(hash_pointer, hash_type ? EMPTY_NT_HASH : EMPTY_LM_HASH, 16);
    return 0;
}

if (decrypt_hash(
    encrypted_hash,
    hashed_bootkey,
    salt,
    user_info_ptr,
    decrypt_callback,
    hash_pointer
) != 0)
    return error;

return 0;

Motivation

• Simpler maintain;
• Works faster, because «if» uses cmovcc instead of jmpcc;
• Less code;

Description

Program does not support binaries.

Expected behavior

Work in BE mode as in LE

Fix

Add convertion lines in macros conditions.

Summary

Write commiting rules to help developers follow the course;
Suggest commiting rules in comments, please.

Basic example

• All commits must have got breif, but specific comment;
• Commits must follow single responsibility principle;
• Developer must use own branch and follow rules described in contrbuting guidelines;

Motivation

If commits are properly constructed, developers will easily join to the development process and understand what everything is doing.

Summary

Update CMakeLists.txt to make it more useful.

• Add RELEASE and DEBUG flags, which provides different levels of optimization and debug info;
• Add install parameter, that copies compiled binary to specified paths;

Motivation

Contributers and users will interact more efficiently with our application

Hashed bootkey

Create a function that constructs hashed bootkey depending on NTLM version

What have to be done:

• #4
• Error enumeration;
• NTLMv1 hashing function;
• NTLMv2 hashing function;

Summary

Write rules for pulling request.
Suggest rules in the comments.

Basic example

• Developer must fork the repository and create own working branch;
• When creating a pull request developer should use existing quick pull templates;
• Commited code have to be reviewed by contributors;
• Developers must follow single responsibility princple;

Suggestions

• Add "patch/fix" template;

Motivation

Pull requests help integrate new developers and provide safety for end product.

Linux Support

Linux does not support realtime dump, but it can dump hashes from given hive files.

What have to be done:

• #2
• #6
• Macros for linux;
• Functions dummy defenitions;

Summary

Use GitFlow in order to develop a new own model of branching.
Please suggest rules in the comments.

Suggestions

• Add protection rules
• Decide procedure of pulling requests;
• Decide branching strategy;

Motivation

Developing a branching strategy will make integration of new code safer and faster.

Summary

Write a CMakeLists for proper Visual Studio solution generation. CMake generates wrong configuration for Visual Studio, that totally cannot be used inside Visual Studio.

Motivation

By using cmake developers can skip setting up a VS solution and project, so they can add new features and fix bugs faster.

Summary

• Change condition in line 319 of hive.c to inversion;
• Add parameters validation macro #define validate_parameters(condition, error);
• Add doxygen documentation comments;

Motivation

Make code more standarized and easier to understand.

Summary

Write a guidelines for contributors, to help developers cooperate more effective.
Suggest good practices in the comments.

What have to be included?

• #27
• #28
• #29

Motivation

Contributors will integrate faster into development process and in the result develop more effective and efficient.

Description

Linux GCC operates with 4 byte wchar_t instead of 2. This cause invalid parsing and conversion of bootkey. Besides that characters displayed with it are unreadable.

To Reproduce

Steps to reproduce the behavior:

1. Compile on linux with clang or gcc
2. Run the binary

Expected behavior

Properly displayed characters, valid bootkey parsing and conversion.

Summary

When unknown parameter was specified, app will show message only about this fact, without pointing to wrong argument.

Basic example

1. Add a static global variable, which contains unknown parameter key;
2. Set the variable's value if unknown parameter was specified;
3. Add a function that returns value of the variable;

Motivation

User will recognize a mistake in command much easier.

Description

Using full leak check in valgrind, was found out that 1300 bytes of data were leaked

To Reproduce

Command used

$ valgrind --leak-check all ./hash_dumper --sam hives/sam --system hives/system

Expected behavior

Expected to free all used memory

Solution

Create deletion functions for core structures of hive and create end label in every function where will be full cleanup, than on error just goto label

Delete example.c.bak, because it is not in use