/* 
_____________________________________________________________________________

	Subject: Oracle 9i TNS 3DES authentication details 
	Authors: Massimiliano Montoro <mao@oxid.it>
	Issue date: June, 21, 2008
______________________________________________________________________________


	This code shows the encryption algorithm used by Oracle 9i TNS protocol authentication.
		
	Recently I found on the Internet interesting articles about Oracle TNS security but no 
	one of them	covers the algorithm used by version 9i in details. 

	The following documents:

		http://www.pwc.com/extweb/service.nsf/docid/3AC99308583CCE398025727400391E31/$file/oraauthdg_pub.pdf
		http://freeworld.thc.org/papers/thc-orakelsniffert.pdf

	do not describe the 3DES algorithm used by Oracle TNS 9i and the article 

		http://soonerorlater.hu/index.khtml?article_id=511
		
	only describe the oracle DLL functions used by it. The software "oradecrypt" at this link
		
		http://www.soonerorlater.hu/download/oradecrypt.zip
		
	can be used to check the correctness of encrypted authentication parameters AUTH_PASSWORD and AUTH_SESSKEY
	sent on the network but since it uses the native "oran10.dll" functions it is not useful to prove
	the effort made by Oracle guys to improve the security of TNS authentication protocol from version 8i 
	to version 9i.


	Test authentication parameters captured from the network:

	username:		PASSWORD9	
	AUTH_PASSWORD:	3078D7DE44385654CC952A9C56E2659B	
	AUTH_SESSKEY:	8CF28B36E4F3D2095729CF59510003BF


	The following code will show the 3DES encryption algorithm to be used in order to check the correctness
	of the password "PASSWORD9" associated to the Oracle username "PASSWORD9".


	NOTE: The following code does not use native functions of "oran10.dll" or "oran9.dll" but the algorithm
	has been adapted to work with OpenSSL software. The code could be incomplete but correct enough to prove 
	the concept. 


__________________________________________________________________________

	The information in this document is provided "AS IS" without warranty
	of any kind. In no event shall the authors be liable for any damages
	whatsoever including direct, indirect, incidental, consequential, loss 
	of business profits or special damages due to the misuse of any	information 
	provided in this document and in the use of the software compiled from 
	the following code.
______________________________________________________________________________

*/

// filename: oracle_tns_3des_check.cpp

#include "windows.h"
#include <openssl/des.h>
#include <openssl/sha.h>

unsigned char deskey_fixed[]={ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};

unsigned char oracle_xor_table1[] = {	0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0,
										0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0,
										0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0,
										0, 0, 1, 0, 0, 0, 0, 0, 0, 0};


int ORACLE_Hash (char* username, char *passwd, int passwd_len, unsigned char* oracle_hash)
{
	char ToEncrypt[256];
	char temp[256];
	DES_cblock iv,iv2;
	DES_key_schedule ks1, ks2;
	int len=0;
	int j,ulen,plen;

	memset (ToEncrypt,0,sizeof(ToEncrypt));

	strupr (username);
	strupr (passwd);

	ulen = strlen(username);
	plen = passwd_len;

	for (len=1,j=0; j<ulen; len++,j++)
	{
		ToEncrypt[len] = username[j];
		len++;
	}

	for (j=0; j<plen; len++,j++)
	{
		ToEncrypt[len] = passwd[j];
		len++;
	}

	len=len-1;
	memset (iv,0,8);
	memset (iv2,0,8);

	DES_set_key((DES_cblock*) deskey_fixed, &ks1);
	DES_ncbc_encrypt((unsigned char*) ToEncrypt, (unsigned char*) temp, len, &ks1, &iv, DES_ENCRYPT);

	DES_set_key((DES_cblock*) &iv, &ks2);
	DES_ncbc_encrypt((unsigned char*) ToEncrypt, (unsigned char*) temp, len, &ks2, &iv2, DES_ENCRYPT);

	memcpy (oracle_hash,iv2,8);

	return TRUE;
}


int ORACLE_TNS_Create_Key_SHA1 (unsigned char* input, int input_len, unsigned char* Entropy, int EntropyLen, int desired_keylen, unsigned char* out_key)
{
	unsigned char fixed23 [] = {0xF2,0xFF,0x97,0x87,0x15,0x37,0x07,0x76,0x07,0x27,0xE2,0x7F,0xA3,0xB1,0xD6,0x73,0x3F,0x2F,0xD1,0x52,0xAB,0xAC,0xC0};
	unsigned char sha_hash[20];
	unsigned char sha_hash2[20];	
	SHA_CTX ctx;
	int Ento_Len = EntropyLen;

	if (Entropy == NULL) 
	{
		Entropy = fixed23;
		EntropyLen = 23;
	}

	for (int i=0; i<desired_keylen; i+=20)
	{
		SHA1_Init (&ctx);
		SHA1_Update (&ctx, input, input_len);
		if (i != 0) 
		{
			sha_hash2[0]=2;
			SHA1_Update (&ctx, sha_hash2, i);		
		}
		SHA1_Update (&ctx, Entropy, EntropyLen);
		SHA1_Final (sha_hash, &ctx);

		memcpy (sha_hash2, sha_hash, 20);
		memcpy (out_key+i, sha_hash, desired_keylen-i);
	}

	return 0;
	
}

int ORACLE_TNS_Decrypt_3DES_CBC (unsigned char* input, int input_len, unsigned char key[24], unsigned char* decrypted)
{
	DES_key_schedule ks1,ks2,ks3;
	unsigned char iv[] = {0x80,0x20,0x40,0x04,0x08,0x02,0x10,0x01};	
	
	DES_set_key((DES_cblock*) &key[0], &ks1);
	DES_set_key((DES_cblock*) &key[8], &ks2);
	DES_set_key((DES_cblock*) &key[16], &ks3);

	DES_ede3_cbc_encrypt(input,decrypted,input_len,&ks1,&ks2,&ks3,(DES_cblock*) iv,DES_DECRYPT);

	return 0;	
}

void ORACLE_TNS_DeObfuscate (unsigned char* key, unsigned char* InOutBytes, int* pLen)
{

	__asm {
     		
        mov     edx, [pLen] 
        push    ebx
        push    esi
        push    edi
        mov     eax, [edx]      
        mov     edi, [InOutBytes] 
        mov     bl, [edi]
        lea     esi, [eax+edi]
        mov     cl, [esi-4]
        lea     eax, [esi-4]
        mov     [eax], bl
        inc     eax
        mov     [edi], cl
        lea     ecx, [edi+1]
        mov     bl, [eax]
        inc     eax
        mov     byte ptr [InOutBytes+3], bl
        mov     bl, [ecx]
        mov     [eax-1], bl
        mov     bl, byte ptr [InOutBytes+3]
        mov     [ecx], bl
        mov     bl, [eax]
        inc     ecx
        mov     byte ptr [InOutBytes+3], bl
		inc     eax
        mov     bl, [ecx]
        inc     ecx
        mov     [eax-1], bl
        mov     bl, byte ptr [InOutBytes+3]
        mov     [ecx-1], bl
        mov     bl, [eax]
        mov     byte ptr [InOutBytes+3], bl
        mov     bl, [ecx]
        mov     [eax], bl
        mov     al, byte ptr [InOutBytes+3]
        mov     [ecx], al
        mov     ecx, [edx]
        test    ecx, ecx
        mov     [InOutBytes], 0
        jbe     short uscita

        mov     edx, [key]
        add     edx, 24

ciclo:                                   
        dec     esi
        xor     eax, eax
        xor     ebx, ebx
        mov     al, [esi]
        mov     bl, [edx]
        xor     eax, ebx
        mov     ebx, eax
        and     eax, 0Fh
        shr     ebx, 4
        mov     ebx, dword ptr oracle_xor_table1[ebx*4]
        xor     ebx, dword ptr oracle_xor_table1[eax*4]
        jnz     short sotto
        mov     eax, [InOutBytes]
        inc     eax
        inc     edx
        cmp     eax, ecx
        mov     [InOutBytes], eax
        jb      short ciclo

sotto:                                  
        mov     edx, [pLen]

uscita:                                 
        sub     esi, edi
        pop     edi
        mov     [edx], esi     
        pop     esi
        xor     eax, eax
        pop     ebx
	}


}	

int ORACLE_TNS_Decrypt_Password_9i (unsigned char OracleHash[8], unsigned char auth_sesskey[16], unsigned char auth_password[16], char* decrypted)
{

	unsigned char fixed31 [] = {0xA2,0xFB,0xE6,0xAD,0x4C,0x7D,0x1E,0x3D,0x6E,0xB0,0xB7,0x6C,0x97,0xEF,0xFF,0x84,0x44,0x71,0x02,0x84,0xAC,0xF1,0x3B,0x29,0x5C,0x0F,0x0C,0xB1,0x87,0x75,0xEF};
	unsigned char triple_des_key[64];
	unsigned char sesskey[16];
	unsigned char obfuscated[16];
	int PassLen = 16;

	ORACLE_TNS_Create_Key_SHA1 (OracleHash, 8, fixed31, sizeof(fixed31), 24, triple_des_key);
	ORACLE_TNS_Decrypt_3DES_CBC (auth_sesskey, 16, triple_des_key, sesskey);
	ORACLE_TNS_Create_Key_SHA1 (sesskey, 16, NULL, 0, 40, triple_des_key);
	ORACLE_TNS_Decrypt_3DES_CBC (auth_password, 16, triple_des_key, obfuscated);
	ORACLE_TNS_DeObfuscate (triple_des_key, obfuscated, &PassLen);

	memcpy (decrypted, obfuscated, PassLen);

	return PassLen;	
}


int main(int argc, char* argv[])
{
	char username [32]; 
	char password [32];
	unsigned char Oracle_Hash[8];
	char decrypted_password[32];

	memset (decrypted_password,0,sizeof(decrypted_password));
	
	// Hashes transmitted on the network during authentication phase
	unsigned char AUTH_PASSWORD [] = {0x30,0x78,0xD7,0xDE,0x44,0x38,0x56,0x54,0xCC,0x95,0x2A,0x9C,0x56,0xE2,0x65,0x9B};
	unsigned char AUTH_SESSKEY  [] = {0x8C,0xF2,0x8B,0x36,0xE4,0xF3,0xD2,0x09,0x57,0x29,0xCF,0x59,0x51,0x00,0x03,0xBF};

	// User and password to test
	strcpy (username, "password9");
	strcpy (password, "password9");


	// TNS 3DES encryption algorithm 
	ORACLE_Hash (username, password, strlen (password), Oracle_Hash);
	ORACLE_TNS_Decrypt_Password_9i (Oracle_Hash, AUTH_SESSKEY, AUTH_PASSWORD, decrypted_password);
	

	printf ("*********************************************************\n");
	printf ("Oracle 9i TNS 3DES encryption tester by mao <mao@oxid.it>\n");
	printf ("*********************************************************\n\n");
	
	printf ("Decrypted password: %s	", decrypted_password);

	if (strcmp (decrypted_password, "password9") == 0)
		printf ("(correct)\n");
	else
		printf ("(failed)\n");



	return 0;
}