Yaping's Weblog

October 23, 2008

orapw11g

Filed under: Oracle — Yaping @ 7:17 am
Tags: ,

I wrote  one C script to generate hash value for Oracle 11g sha1 algorithm.

@>alter user system identified by p1;
User altered.
 
@>select NAME,PASSWORD,SPARE4 from user$ where NAME=’SYSTEM’;
NAME                 PASSWORD                       SPARE4
——— ———————– ———————————————————————-
SYSTEM    2E1168309B5B9B7A        S:09043B9ABFA366DF41DD16DE6768FDC04C57EF1374E0B04DAC8616716074
 
 
[oracle@chen src]$ cat orapw11g.c
#include <openssl/sha.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#define SALT_LEN 10
#define HASH_LEN 20
 
/********************************************************
Function: Generate password hash value for Oracle 11g
Author: Yaping Chen
Email: yaping123@gmail.com
Revised: Yaping Chen, 2008/10
Comment: Compiled with gcc 3.2.3 on RHEL 4
*********************************************************/

main(int argc,char *argv[])
{
  char *md;
  char *pwd;
  char *data;
  char *saltraw;
  char *saltstr;
  int i,n;
  char *c1;
  char *c2;
  char *c5;
  char *c6;

  if (argc!=3) {
     printf(“Parameters invalid.\nUsage:\nargv[0] pwd salt(hex)\n\n”);
     return -1;
  }

  if (strlen((char *)argv[2]) != SALT_LEN * 2) {
     printf(“salt’s length error, it must be %d in hex\n”,SALT_LEN*2);
     return -1;
  }
 
  pwd=malloc(strlen((char *)argv[1]));
  saltraw=malloc(SALT_LEN * 2);
  saltstr=malloc(SALT_LEN);
  data=malloc(strlen((char *)argv[1]) + SALT_LEN);
  md=malloc(HASH_LEN);
  c1=malloc(2);
  c2=malloc(40);
  c5=malloc(8);
  c6=malloc(8);
 
  if (!pwd || !saltraw || !data || !md || !c1 || !c2 || !c5 || !c6) {
     perror(“malloc fail”);
     return -1;
  }
 
  pwd=argv[1];
  saltraw=argv[2];
  for(i=0;i<SALT_LEN;i++) {
     strncpy(c1,saltraw+i*2,2);
     sscanf(c1,”%X”,&n);
     saltstr[i]=(char)n;
  }
 
  memcpy(data,pwd,strlen((char*)pwd));
  memcpy(data+strlen((char*)pwd),saltstr,SALT_LEN);
  SHA1(data,strlen((char*)pwd) + SALT_LEN,md);
 
  printf(“pwd:%s,\tsaltraw:%s,\tsaltstr:%s,\tsha1 value:\n”,pwd,saltraw,saltstr);
  for(i=0;i<HASH_LEN;i++) {
     sprintf(c5,”%X”,md[i]);
     sprintf(c6,”%s”,c5);
     n=strlen(c6);
     if (n == 1) {
        c2[i*2]=’0′;
        c2[i*2 + 1]=c6[0];
     }
     else if (n == 2) {
        c2[i*2]=c6[0];
        c2[i*2 + 1]=c6[1];
     }
     else {
        c2[i*2]=c6[n-2];
        c2[i*2 + 1]=c6[n-1];
     }
  }
  printf(“%s\n\n”,c2);
  return 0;
}

[oracle@chen src]$ gcc orapw11g.c -lssl -o orapw11g
[oracle@chen src]$
[oracle@chen src]$
[oracle@chen src]$ ./orapw11g p1 74E0B04DAC8616716074
pwd:p1, saltraw:74E0B04DAC8616716074,   saltstr:tà°M??q`t,      sha1 value:
09043B9ABFA366DF41DD16DE6768FDC04C57EF13
[oracle@chen src]$

But this script has issue when password contains special symbols.

Advertisements

1 Comment »

  1. You could use this command on Linux:

    [oracle@chen src]$ echo -ne “p1\x74\xE0\xB0\x4D\xAC\x86\x16\x71\x60\x74” |sha1sum
    09043b9abfa366df41dd16de6768fdc04c57ef13 –

    Where p1 is the password and \x .. is the salt.

    Comment by abdelcaro — October 20, 2009 @ 8:56 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: