// wp_hash_test.php
<?php
class PasswordHash {
var $itoa64;
function PasswordHash()
{
$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
}
function encode64($input, $count)
{
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count)
$value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
break;
if ($i < $count)
$value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
function crypt_private($password, $salt)
{
$count = 8192;
$hash = md5($salt . $password, TRUE);
do {
$tmp = $hash . $password;
$hash = md5($tmp, TRUE);
} while (--$count);
$output = '$P$B';
$output .= $salt;
$output .= $this->encode64($hash, 16);
return $output;
}
function HashPassword($password, $salt)
{
$hash = $this->crypt_private($password, $salt);
return $hash;
}
}
//for test from WordPress v4.1
//$P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY/
$passwordValue = "123123";
$saltValue = "YEYcHEj3";
$wp_hasher = new PasswordHash();
$sigPassword = $wp_hasher->HashPassword($passwordValue, $saltValue);
echo "生成的密码hash为:".$sigPassword."\n";
echo '正确的密码hash为:$P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY/'."\n";
?>
// main.c
#include <stdio.h>
#include <string.h>
/* build.sh
* gcc -c md5.c -o md5.o
* gcc -c wordpress.c -o wordpress.o
* gcc -c main.c -o main.o
* gcc -o wp_hash main.o md5.o wordpress.o
*/
/* wordpress.c */
extern int wordpress( unsigned char * salt, unsigned char *passwd, int count, unsigned char *code );
int main(int argc, char* argv[])
{
if (3 != argc)
{
printf("usage: ./wp_hash DICFILE 'WORDPRESS_HASH'\n");
printf("example: ./wp_hash pwd.txt '$P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY/'\n");
return -1;
}
char* filename = argv[1];
char* hash = argv[2];
char salt[9];
memcpy(salt, hash+4, 8);
salt[8] = '\0';
printf("hash = [%s]\n", hash);
printf("salt = [%s]\n", salt);
const int MAX_LINE_LEN = 512; // 单行所允许的最大长度
char szLineBuf[MAX_LINE_LEN];
FILE *fp = fopen(filename, "rb");
if (fp)
{
while ( NULL != fgets(szLineBuf, sizeof(szLineBuf), fp) )
{
szLineBuf[strlen(szLineBuf)-1] = '\0';
if ( '\r' == szLineBuf[strlen(szLineBuf)-1] )
{
szLineBuf[strlen(szLi