diff --git a/Makefile b/Makefile
index cede5e9..d1b50f0 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ CFLAGS += -I $(OPENSSL) -g -std=gnu99 -O3
LDFLAGS += $(OPENSSL_LIB) -lcrypto -lpthread
NAME = jwtcrack
-SRCS = main.c base64.c
+SRCS = main.c base64url.c
OBJS = $(SRCS:.c=.o)
all: $(NAME)
diff --git a/base64.c b/base64.c
deleted file mode 100644
index 9551490..0000000
--- a/base64.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-/* ====================================================================
- * Copyright (c) 1995-1999 The Apache Group. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the Apache Group
- * for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- * nor may "Apache" appear in their names without prior written
- * permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the Apache Group
- * for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see .
- *
- */
-
-/* Base64 encoder/decoder. Originally Apache file ap_base64.c
- */
-
-#include
-
-#include "base64.h"
-
-/* aaaack but it's fast and const should make it shared text page. */
-static const unsigned char pr2six[256] =
-{
- /* ASCII table */
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 63,
- 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
- 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
- 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 63,
- 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
- 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64
-};
-
-int Base64decode_len(const char *bufcoded)
-{
- int nbytesdecoded;
- register const unsigned char *bufin;
- register int nprbytes;
-
- bufin = (const unsigned char *) bufcoded;
- while (pr2six[*(bufin++)] <= 63);
-
- nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
- nbytesdecoded = ((nprbytes + 3) / 4) * 3;
-
- return nbytesdecoded + 1;
-}
-
-int Base64decode(char *bufplain, const char *bufcoded)
-{
- int nbytesdecoded;
- register const unsigned char *bufin;
- register unsigned char *bufout;
- register int nprbytes;
-
- bufin = (const unsigned char *) bufcoded;
- while (pr2six[*(bufin++)] <= 63);
- nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
- nbytesdecoded = ((nprbytes + 3) / 4) * 3;
-
- bufout = (unsigned char *) bufplain;
- bufin = (const unsigned char *) bufcoded;
-
- while (nprbytes > 4) {
- *(bufout++) =
- (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
- *(bufout++) =
- (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
- *(bufout++) =
- (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
- bufin += 4;
- nprbytes -= 4;
- }
-
- /* Note: (nprbytes == 1) would be an error, so just ingore that case */
- if (nprbytes > 1) {
- *(bufout++) =
- (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
- }
- if (nprbytes > 2) {
- *(bufout++) =
- (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
- }
- if (nprbytes > 3) {
- *(bufout++) =
- (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
- }
-
- *(bufout++) = '\0';
- nbytesdecoded -= (4 - nprbytes) & 3;
- return nbytesdecoded;
-}
-
-static const char basis_64[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-int Base64encode_len(int len)
-{
- return ((len + 2) / 3 * 4) + 1;
-}
-
-int Base64encode(char *encoded, const char *string, int len)
-{
- int i;
- char *p;
-
- p = encoded;
- for (i = 0; i < len - 2; i += 3) {
- *p++ = basis_64[(string[i] >> 2) & 0x3F];
- *p++ = basis_64[((string[i] & 0x3) << 4) |
- ((int) (string[i + 1] & 0xF0) >> 4)];
- *p++ = basis_64[((string[i + 1] & 0xF) << 2) |
- ((int) (string[i + 2] & 0xC0) >> 6)];
- *p++ = basis_64[string[i + 2] & 0x3F];
- }
- if (i < len) {
- *p++ = basis_64[(string[i] >> 2) & 0x3F];
- if (i == (len - 1)) {
- *p++ = basis_64[((string[i] & 0x3) << 4)];
- // *p++ = '=';
- }
- else {
- *p++ = basis_64[((string[i] & 0x3) << 4) |
- ((int) (string[i + 1] & 0xF0) >> 4)];
- *p++ = basis_64[((string[i + 1] & 0xF) << 2)];
- }
- //*p++ = '=';
- }
-
- *p++ = '\0';
- return p - encoded;
-}
diff --git a/base64.h b/base64.h
deleted file mode 100644
index 2915796..0000000
--- a/base64.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-/* ====================================================================
- * Copyright (c) 1995-1999 The Apache Group. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the Apache Group
- * for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- * nor may "Apache" appear in their names without prior written
- * permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the Apache Group
- * for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see .
- *
- */
-
-
-
-#ifndef _BASE64_H_
-#define _BASE64_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int Base64encode_len(int len);
-int Base64encode(char * coded_dst, const char *plain_src,int len_plain_src);
-
-int Base64decode_len(const char * coded_src);
-int Base64decode(char * plain_dst, const char *coded_src);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif //_BASE64_H_
diff --git a/base64url.c b/base64url.c
new file mode 100644
index 0000000..c8fc788
--- /dev/null
+++ b/base64url.c
@@ -0,0 +1,55 @@
+#include
+#include
+#include
+
+// Convert base64url to base64
+// Fix b64 alignement
+// Replace '-' by '+' and '_' by '/'
+static unsigned char *base64url_to_base64(const unsigned char *base64) {
+ size_t base64len = strlen(base64);
+ // \0 + possible padding
+ unsigned char *nbase64 = malloc(base64len + 3);
+
+ memset(nbase64, 0, base64len + 3);
+ strcat(nbase64, base64);
+
+ // Fix b64 alignement
+ while (base64len % 4 != 0) {
+ nbase64[base64len++] = '=';
+ }
+ for (int i = 0; i < base64len; ++i) {
+ if (nbase64[i] == '-')
+ nbase64[i] = '+';
+ if (nbase64[i] == '_')
+ nbase64[i] = '/';
+ }
+ return nbase64;
+}
+
+int base64url_decode(const unsigned char *in, unsigned char **out)
+{
+ size_t inlen, outlen;
+
+ unsigned char *outbuf;
+ unsigned char *base64 = base64url_to_base64(in);
+
+ inlen = strlen(base64);
+ outlen = (inlen / 4) * 3;
+ outbuf = malloc(outlen);
+ if (outbuf == NULL) {
+ goto err;
+ }
+
+ outlen = EVP_DecodeBlock(outbuf, (unsigned char *)base64, inlen);
+ if (outlen < 0) {
+ goto err;
+ }
+
+ *out = outbuf;
+ free(base64);
+ return outlen;
+err:
+ free(base64);
+ free(outbuf);
+ return -1;
+}
diff --git a/base64url.h b/base64url.h
new file mode 100644
index 0000000..a0b9319
--- /dev/null
+++ b/base64url.h
@@ -0,0 +1,14 @@
+#ifndef _BASE64URL_H_
+#define _BASE64URL_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int base64url_decode(const unsigned char *in, unsigned char **out);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif //_BASE64URL_H_
diff --git a/main.c b/main.c
index 3a6b9a9..2a91988 100644
--- a/main.c
+++ b/main.c
@@ -5,7 +5,7 @@
#include
#include
#include
-#include "base64.h"
+#include "base64url.h"
char *g_header_b64 = NULL; // Holds the Base64 header of the original JWT
char *g_payload_b64 = NULL; // Holds the Base64 payload of the original JWT
@@ -190,17 +190,12 @@ int main(int argc, char **argv) {
sprintf((char *) g_to_encrypt, "%s.%s", g_header_b64, g_payload_b64);
// Decode the signature
- g_signature_len = Base64decode_len((const char *) g_signature_b64);
- g_signature = malloc(g_signature_len);
- // We re-assign the length, because Base64decode_len returned us an approximation
- // of the size so we could malloc safely. But we need the real decoded size, which
- // is returned by this function
- g_signature_len = Base64decode((char *) g_signature, (const char *) g_signature_b64);
+ g_signature_len = base64url_decode((const unsigned char *) g_signature_b64, (unsigned char **) &g_signature);
struct s_thread_data *pointers_data[g_alphabet_len];
pthread_t *tid = malloc(g_alphabet_len * sizeof(pthread_t));
-
+
for (size_t i = 0; i < g_alphabet_len; i++) {
pointers_data[i] = malloc(sizeof(struct s_thread_data));
init_thread_data(pointers_data[i], g_alphabet[i], max_len);