search

iagox86 / hash_extender

Other
1.07k stars 182 forks source link

Can't make hash_extender #1

Open codyaray opened 10 years ago

codyaray commented 10 years ago

Assumed we just need to run make. Got this error at the start of the process.

$ make uname: illegal option -- o usage: uname [-amnprsv] [CC] buffer.o In file included from :162: :2:9: error: macro names must be identifiers

define -DDISABLE_WHIRLPOOL 1

    ^

1 error generated. make: *\ [buffer.o] Error 1

As you can see, just using the make that comes with Apple.

$ make --version GNU Make 3.81 Copyright (C) 2006 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This program built for i386-apple-darwin11.3.0

rbhitchcock commented 10 years ago

Are you using OS X? Modifying the Makefile to use the -s flag for uname will fix this problem. I'm not sure if that would subsequently break the make on a Linux box, though.

iagox86 commented 10 years ago

I've been tryign to track down an OS X box to replicate, but it's not easy. I found one at work, but it didn't have dev tools, and installing dev tools required an OS upgrade, so that didn't go far. :)

If anybody else can get this working in such a way that it works on Mac + Linux, I'd be super grateful!

codyaray commented 10 years ago

Right, I'm on OS X.

Changed -o to -s:

-OS              := $(shell uname -o | tr '/[[:lower:]]' '_[[:upper:]]')
+OS              := $(shell uname -s | tr '/[[:lower:]]' '_[[:upper:]]')

Now we get:

$ make
[CC] buffer.o
[CC] formats.o
[CC] hash_extender.o
[CC] hash_extender_engine.o
hash_extender_engine.c:6:10: fatal error: 'endian.h' file not found
#include <endian.h>
         ^
1 error generated.
make: *** [hash_extender_engine.o] Error 1

SO [2] suggests we can replace

#include <endian.h>

with 

#include <sys/types.h>

but this results in a whole slew of errors (mostly deprecation errors). Adding -Wno-deprecated to the CFLAGS fixes these, but several "implicit declaration of function" errors still remain. Adding another flag, -Wimplicit-function-declaration, removes these warnings, but we end up with linker errors:

$ make
[CC] hash_extender_engine.o
[CC] test.o
[CC] util.o
[LD] hash_extender
Undefined symbols for architecture x86_64:
  "_htobe32", referenced from:
      _sha_hash in hash_extender_engine.o
      _sha1_hash in hash_extender_engine.o
      _sha256_hash in hash_extender_engine.o
  "_htobe64", referenced from:
      _sha512_hash in hash_extender_engine.o
  "_htole32", referenced from:
      _md4_hash in hash_extender_engine.o
      _md5_hash in hash_extender_engine.o
      _ripemd160_hash in hash_extender_engine.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [hash_extender] Error 1

So... these functions actually weren't defined. Turns out that "OS X doesn't ship with any GNU endian functions (i.e htole32)" [1], so we've gotta take another approach here.

Looks like adding these definitions to hash_extender_engine.c will do the trick [3]:

#ifdef __APPLE__
  #include <libkern/OSByteOrder.h>

  #define htobe16(x) OSSwapHostToBigInt16(x)
  #define htole16(x) OSSwapHostToLittleInt16(x)
  #define be16toh(x) OSSwapBigToHostInt16(x)
  #define le16toh(x) OSSwapLittleToHostInt16(x)

  #define htobe32(x) OSSwapHostToBigInt32(x)
  #define htole32(x) OSSwapHostToLittleInt32(x)
  #define be32toh(x) OSSwapBigToHostInt32(x)
  #define le32toh(x) OSSwapLittleToHostInt32(x)

  #define htobe64(x) OSSwapHostToBigInt64(x)
  #define htole64(x) OSSwapHostToLittleInt64(x)
  #define be64toh(x) OSSwapBigToHostInt64(x)
  #define le64toh(x) OSSwapLittleToHostInt64(x)
#endif  /* __APPLE__ */

Now make works, ./hash_extender_test passes, and we get the expected example output [4]:

$ ./hash_extender --data data --secret 6 --append append --signature 6036708eba0d11f6ef52ad44e8b74d5b --out-data-format html --table
md4       89df68618821cd4c50dfccd57c79815b data%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00P%00%00%00%00%00%00%00append
md5       6ee582a1669ce442f3719c47430dadee data%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00P%00%00%00%00%00%00%00append

I'll package this up into a pull request so you can see if it still works on your system. I don't write a lot of C, so feel free to make whatever suggestions you see fit. Fingers crossed it works!

[1] https://code.google.com/p/nfc-tools/issues/detail?id=21 [2] http://stackoverflow.com/questions/20813028/endian-h-not-found-on-mac-osx [3] https://gist.github.com/yinyin/2027912 [4] https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks