creating password hash with python/understanding JTR module code

[haicen]

I have a bit of an odd question that I'm hoping someone here can point me in the right direction to figure out. I have been looking at a DVR which I purchased for the express purpose of poking around on. I was able to gain access to it via telnet, and found some interesting things. I found the password hashes for the web portal. The passwords themselves are hashed using an algorithm detected by JTR as "dahua". Outside of the source code for the JTR module located at http://fossies.org/linux/john/src/dahua_fmt_plug.c I cannot find any information about how this algorithm works. I spent several hours using my google-fu, but I haven't found anything yet.

 

Here is what I have so far from reading the source code from above:

The password is hashed using MD5, then compressed using the compress method included above. I don't know C well enough to be able to translate the rest of it, but that seems to be 99% of the work. I am getting hashes in the correct format using the code posted below, but they aren't correct. The code from the JTR module expects a 16 character hash, but MD5 returns a 32 character hash. I am quite rusty on C/C++, but I'm having a really hard time understanding the flow of the C program of the JTR module, particularly with pointers, and memory allocations. I know my python file has some errors in it, because it wasn't until I started writing this that I realized it was only checking the first 16 characters of the hash, not the full 32. It doesn't matter because the compressor as written only reduces the length by 2 anyway. 

dahua_hash.py

[digininja]

Ask on the jtr mailing list, you'll probably get the person who wrote the code to help you.

 

http://www.openwall.com/lists/john-users

[haicen]

Thanks. I did that and got an answer.

[digininja]

always better to go direct to the source