asleap: apply random patches submitted by users, fix https://github.com/pentoo/pentoo-overlay/issues/683

app-crypt/asleap/files/003_fix_and_improve_bruteforce_option.patch

@@ -0,0 +1,155 @@
+Binary files ../asleap-2.2.orig/asleap and ./asleap differ
+diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c
+--- ../asleap-2.2.orig/asleap.c	2020-09-30 15:29:57.712000000 +0300
++++ ./asleap.c	2020-09-30 15:13:52.758000000 +0300
+@@ -70,9 +70,7 @@ struct pcap_pkthdr h;
+ char errbuf[PCAP_ERRBUF_SIZE];
+ int success = 0; /* For return status of attack */
+ unsigned long pcount=0;
+-/* for password generation */
+-const char * charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+-
++const char *alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+ 
+ /* prototypes */
+ void usage(char *message);
+@@ -138,7 +136,10 @@ void usage(char *message)
+ 	       "\t-V \tPrint program version and exit\n"
+ 	       "\t-C \tChallenge value in colon-delimited bytes\n"
+ 	       "\t-R \tResponse value in colon-delimited bytes\n"
+-	       "\t-W \tASCII dictionary file (special purpose)\n" "\n");
++	       "\t-W \tASCII dictionary file (special purpose)\n"
++	       "\t-G \tBruteforce attack\n"
++	       "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n"
++	       "\n");
+ }
+ 
+ void print_pptpexch(struct asleap_data *asleap_ptr)
+@@ -307,7 +308,7 @@ int testchal(struct asleap_data *asleap_
+ 	int j;
+ 
+ 	DesEncrypt(asleap_ptr->challenge, zpwhash, cipher);
+-
++/*
+ 	printf("\tgiven hash 1:      ");
+ 	for (j = 0; j < 8; j++)
+ 		printf("%02x", cipher[j]);
+@@ -316,12 +317,12 @@ int testchal(struct asleap_data *asleap_
+ 	for (j = 0; j < 8; j++)
+ 		printf("%02x", asleap_ptr->response[j]);
+ 	printf("\n");
+-
++*/
+ 	if (memcmp(cipher, asleap_ptr->response, 8) != 0)
+ 		return (1);
+ 
+ 	DesEncrypt(asleap_ptr->challenge, zpwhash + 7, cipher);
+-
++/*
+ 	printf("\tgiven hash 2:      ");
+ 	for (j = 0; j < 8; j++)
+ 		printf("%02x", cipher[j]);
+@@ -330,7 +331,7 @@ int testchal(struct asleap_data *asleap_
+ 	for (j = 0; j < 8; j++)
+ 		printf("%02x", asleap_ptr->response[j+8]);
+ 	printf("\n");
+-
++*/
+ 	if (memcmp(cipher, asleap_ptr->response + 8, 8) != 0)
+ 		return (1);
+ 
+@@ -408,12 +409,13 @@ int trypasswords(struct asleap_data *asl
+ /* generate all possible charset combinations */
+ int permute(struct asleap_data *asleap_ptr, int level, char * password)
+ {
+-	const char* charset_ptr = charset;
++	const char* charset_ptr =
++		asleap_ptr->custom_charset ? asleap_ptr->charset : alphanum;
+ 	unsigned char pwhash[MD4_SIGNATURE_SIZE];
+ 
+ 	if(level == -1) {	/* got generated password */
+ 		/* debug */
+-		/* printf("%s\n", password); */
++		/*printf("%s\n", password);*/
+ 		NtPasswordHash(password, strlen(password), pwhash);
+ 
+ 		if (pwhash[14] != asleap_ptr->endofhash[0] ||
+@@ -1029,14 +1031,16 @@ int attack_leap(struct asleap_data *asle
+ 	}
+ 
+ 	if (asleap->verbose)
+-		printf("\tStarting dictionary lookups.\n");
++		printf(asleap->gen_password
++				? "\tStarting bruteforce.\n"
++				:"\tStarting dictionary lookups.\n");
+ 
+-	if (!IsBlank(asleap->wordfile)) {
++	if (asleap->gen_password) {
++		/* Attack MS-CHAP exchange with brute-force password generation */
++		getmschappwret = trypasswords(asleap);
++	} else if (!IsBlank(asleap->wordfile)) {
+ 		/* Attack MS-CHAP exchange with a straight dictionary list */
+ 		getmschappwret = getmschapbrute(asleap);
+-	} else if(asleap->gen_password) {
+-		/* Attack MS-CHAP exchange with brute-force password generation */
+-	    getmschappwret = trypasswords(asleap);
+ 	} else {
+ 		getmschappwret = getmschappw(asleap);
+ 	}
+@@ -1085,7 +1089,10 @@ int attack_pptp(struct asleap_data *asle
+ 	if (asleap->verbose)
+ 		printf("\tStarting dictionary lookups.\n");
+ 
+-	if (!IsBlank(asleap->wordfile)) {
++	if (asleap->gen_password) {
++		/* Attack MS-CHAP exchange with brute-force  password generation */
++		getmschappwret = trypasswords(asleap);
++	} else if (!IsBlank(asleap->wordfile)) {
+ 		/* Attack MS-CHAP exchange with a straight dictionary list */
+ 		getmschappwret = getmschapbrute(asleap);
+ 	} else {
+@@ -1509,7 +1516,7 @@ int main(int argc, char *argv[])
+ 	printf("asleap %s - actively recover LEAP/PPTP passwords. "
+ 	       "<jwright@hasborg.com>\n", VER);
+ 
+-	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:W:C:R:G:A:B:U:P:")) != EOF) {
++	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
+ 		switch (c) {
+ 		case 's':
+ 			asleap.skipeapsuccess = 1;
+@@ -1657,7 +1664,11 @@ int main(int argc, char *argv[])
+ 			break;
+ 		case 'G':
+ 			asleap.gen_password = 1;
+-			sscanf(optarg, "%d", &asleap.pass_len); /* save desired password lentgh */
++			sscanf(optarg, "%d", &asleap.pass_len); /* save desired password length */
++			break;
++		case 'g':
++			asleap.custom_charset = 1;
++			strncpy(asleap.charset, optarg, sizeof(asleap.charset) - 1);
+ 			break;
+ 		default:
+ 			usage("");
+Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ
+diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h
+--- ../asleap-2.2.orig/asleap.h	2020-09-30 15:29:57.706000000 +0300
++++ ./asleap.h	2020-09-30 15:09:52.307000000 +0300
+@@ -63,9 +63,11 @@ struct asleap_data {
+ 	int verbose;
+ 	int gen_password;
+ 	int pass_len;
++	int custom_charset;
+ 	char dictfile[255];
+ 	char dictidx[255];
+ 	char wordfile[255];
++	char charset[255];
+ 
+ 	/* Tracking values */
+ 	uint8_t leapchalfound;
+Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ
+Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ
+Binary files ../asleap-2.2.orig/common.o and ./common.o differ
+Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ
+Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ
+Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ
+Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ

app-crypt/asleap/files/004_add_user_opt_and_pptp_chal_resp_cmdline_parsing.patch

@@ -0,0 +1,209 @@
+Binary files ../asleap-2.2.orig/asleap and ./asleap differ
+diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.c ./asleap.c
+--- ../asleap-2.2.orig/asleap.c	2020-10-02 14:57:07.512000000 +0300
++++ ./asleap.c	2020-10-02 15:01:55.719000000 +0300
+@@ -136,6 +136,7 @@ void usage(char *message)
+ 	       "\t-V \tPrint program version and exit\n"
+ 	       "\t-C \tChallenge value in colon-delimited bytes\n"
+ 	       "\t-R \tResponse value in colon-delimited bytes\n"
++	       "\t-U \tUsername (required if PPTP Challenge/Response specified)\n"
+ 	       "\t-W \tASCII dictionary file (special purpose)\n"
+ 	       "\t-G \tBruteforce attack\n"
+ 	       "\t-g \tBruteforce charset (default: a-zA-Z0-9)\n"
+@@ -1502,11 +1503,14 @@ int main(int argc, char *argv[])
+ 	int ret=0;
+ 	extern int success;
+ 	uint8_t verifypassword = 0;
++	int username_specified = 0;
+ 
+ 	memset(dictfile, 0, sizeof(dictfile));
+ 	memset(dictidx, 0, sizeof(dictidx));
+ 	memset(pcapfile, 0, sizeof(pcapfile));
+ 	memset(&asleap, 0, sizeof(asleap));
++	asleap.challenge = asleap.leapchallenge;
++	asleap.response  = asleap.leapresponse;
+ 	device = NULL;
+ 
+ 	signal(SIGINT, cleanup);
+@@ -1516,57 +1520,94 @@ int main(int argc, char *argv[])
+ 	printf("asleap %s - actively recover LEAP/PPTP passwords. "
+ 	       "<jwright@hasborg.com>\n", VER);
+ 
+-	while ((c = getopt(argc, argv, "DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
++	while ((c = getopt(argc, argv,
++		"DsoavhVi:f:n:r:w:c:t:g:W:C:R:G:A:B:U:P:")) != EOF) {
+ 		switch (c) {
+ 		case 's':
+ 			asleap.skipeapsuccess = 1;
+ 			break;
+ 		case 'C':
+-			if (strlen(optarg) == 23) {
+-				if (str2hex(optarg, asleap.challenge, 
+-					sizeof(asleap.challenge)) < 0) {
++			if (strlen(optarg) == 47) {
++				if (str2hex(optarg, asleap.pptpchallenge,
++					sizeof(asleap.pptpchallenge)) < 0) {
+ 					usage("Malformed value specified as "
+-						"challenge.\n");
++						"pptp challenge.\n");
++					exit(1);
++				}
++				asleap.challenge = asleap.pptpchallenge;
++				asleap.pptpchalfound=1;
++			} else if (strlen(optarg) == 32) {
++				if (decodeHexString(optarg, asleap.pptpchallenge,
++					sizeof(asleap.pptpchallenge)) < 0) {
++					usage("Malformed value specified as "
++						"pptp challenge.\n");
+ 					exit(1);
+ 				}
++				asleap.challenge = asleap.pptpchallenge;
++				asleap.pptpchalfound=1;
++			} else if (strlen(optarg) == 23) {
++				if (str2hex(optarg, asleap.leapchallenge, 
++					sizeof(asleap.leapchallenge)) < 0) {
++					usage("Malformed value specified as "
++						"leap challenge.\n");
++					exit(1);
++				}
++				asleap.leapchalfound=1;
+ 			} else if (strlen(optarg) == 16) {
+-				if (decodeHexString(optarg, asleap.challenge, 
+-					sizeof(asleap.challenge)) < 0) {
++				if (decodeHexString(optarg, asleap.leapchallenge, 
++					sizeof(asleap.leapchallenge)) < 0) {
+ 					usage("Malformed value specified as "
+-						"challenge.\n");
++						"leap challenge.\n");
+ 					exit(1);
+ 				}
++				asleap.leapchalfound=1;
+ 			} else {
+ 				usage("Incorrect challenge input length "
+ 					"specified.\n");
+ 				exit(1);
+ 			}
+-
+-			asleap.leapchalfound=1;
+ 			asleap.manualchalresp=1;
+ 			break;
+ 		case 'R':
+-			if (strlen(optarg) == 71) {
+-				if (str2hex(optarg, asleap.response, 
+-					sizeof(asleap.response)) < 0) {
++			if (strlen(optarg) == 146) {
++				if (str2hex(optarg, asleap.pptpresponse,
++					sizeof(asleap.pptpresponse)) < 0) {
++					usage("Malformed value specified as "
++						"pptp response1.\n");
++					exit(1);
++				}
++				asleap.response = asleap.pptpresponse;
++				asleap.pptprespfound=1;
++			} else if (strlen(optarg) == 98) {
++				if (decodeHexString(optarg, asleap.pptpresponse,
++					sizeof(asleap.pptpresponse)) < 0) {
++					usage("Malformed value specified as "
++						"pptp response2.\n");
++					exit(1);
++				}
++				asleap.response = asleap.pptpresponse;
++				asleap.pptprespfound=1;
++			} else if (strlen(optarg) == 71) {
++				if (str2hex(optarg, asleap.leapresponse,
++					sizeof(asleap.leapresponse)) < 0) {
+ 					usage("Malformed value specified as "
+-						"response.\n");
++						"leap response.\n");
+ 					exit(1);
+ 				}
++				asleap.leaprespfound=1;
+ 			} else if (strlen(optarg) == 48) {
+-				if (decodeHexString(optarg, asleap.response,
+-					sizeof(asleap.response)) < 0) {
++				if (decodeHexString(optarg, asleap.leapresponse,
++					sizeof(asleap.leapresponse)) < 0) {
+ 					usage("Malformed value specified as "
+-						"response.\n");
++						"leap response.\n");
+ 					exit(1);
+ 				}
++				asleap.leaprespfound=1;
+ 			} else {
+ 				usage("Incorrect response input length "
+ 					"specified.\n");
+ 				exit(1);
+ 			}
+-
+-			asleap.leaprespfound=1;
+ 			asleap.manualchalresp=1;
+ 			break;
+ 		case 'A':
+@@ -1613,6 +1654,7 @@ int main(int argc, char *argv[])
+ 			break;
+ 		case 'U':
+ 			memcpy(asleap.username, optarg, strlen(optarg));
++			username_specified=1;
+ 			break;
+ 		case 'P':
+ 			verifypassword = 1;
+@@ -1704,7 +1746,7 @@ int main(int argc, char *argv[])
+ 		}
+ 	}
+ 
+-	if (asleap.leapchalfound && asleap.leaprespfound && 
++	if (asleap.leapchalfound && asleap.leaprespfound &&
+ 			asleap.manualchalresp) {
+ 		/* User specified manual challenge/response on the command
+ 		 * line (aka, the "Jay Beale" feature).
+@@ -1712,6 +1754,23 @@ int main(int argc, char *argv[])
+ 		return(attack_leap(&asleap));
+ 	}
+ 
++	if (asleap.pptpchalfound && asleap.pptprespfound &&
++			asleap.manualchalresp) {
++		if (!username_specified) {
++			usage("PPTP Challenge/Reponse requires "
++				"Username (-U option) to be specified.\n");
++			exit(1);
++		}
++
++		uint8_t peerresp[24];
++		memcpy(peerresp, asleap.pptpresponse + 24, 24);
++		memcpy(asleap.pptpauthchal, asleap.pptpchallenge, 16);
++		memcpy(asleap.pptppeerchal, asleap.pptpresponse, 16);
++		//memset(asleap.pptpresponse, 0, sizeof(asleap.pptpresponse));
++		memcpy(asleap.pptpresponse, peerresp, 24);
++		return(attack_pptp(&asleap));
++	}
++
+ 	if (verifypassword) {
+ 
+ 		int j;
+Binary files ../asleap-2.2.orig/.asleap.c.un~ and ./.asleap.c.un~ differ
+diff '--color=always' '--color=never' -pruN ../asleap-2.2.orig/asleap.h ./asleap.h
+--- ../asleap-2.2.orig/asleap.h	2020-10-02 14:57:07.514000000 +0300
++++ ./asleap.h	2020-10-02 14:05:28.630000000 +0300
+@@ -47,8 +47,12 @@
+ struct asleap_data {
+ 	char username[256 + 1];
+ 	uint8_t eapid;
+-	uint8_t challenge[8];
+-	uint8_t response[24];
++	uint8_t pptpchallenge[16];
++	uint8_t pptpresponse[49];
++	uint8_t leapchallenge[8];
++	uint8_t leapresponse[24];
++	uint8_t *challenge;
++	uint8_t *response;
+ 	uint8_t endofhash[2];
+ 	char password[32];
+ 	uint8_t nthash[16];
+Binary files ../asleap-2.2.orig/.asleap.h.un~ and ./.asleap.h.un~ differ
+Binary files ../asleap-2.2.orig/asleap.o and ./asleap.o differ
+Binary files ../asleap-2.2.orig/common.o and ./common.o differ
+Binary files ../asleap-2.2.orig/genkeys and ./genkeys differ
+Binary files ../asleap-2.2.orig/genkeys.o and ./genkeys.o differ
+Binary files ../asleap-2.2.orig/sha1.o and ./sha1.o differ
+Binary files ../asleap-2.2.orig/.utils.c.un~ and ./.utils.c.un~ differ
+Binary files ../asleap-2.2.orig/utils.o and ./utils.o differ