1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 |
- #include <ctype.h>
- #include "curl.h"
- #include "sha.h"
- // https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange
- #define HASH_PREFIX_SIZE 5
- #define HASH_SUFFIX_SIZE 35
- #define URL_SIZE 43
- char *getURL(char* hash) {
- const char *baseURL = "https://api.pwnedpasswords.com/range/";
- char *url = calloc(URL_SIZE, 1);
- strncpy(url, baseURL, strlen(baseURL));
- strncat(url, hash, HASH_PREFIX_SIZE);
- return url;
- }
- char *getSuffixUppercase(char *hash) {
- char hashSuffix[HASH_SUFFIX_SIZE + 1];
- strncpy(hashSuffix, hash+HASH_PREFIX_SIZE, HASH_SUFFIX_SIZE);
- char *suffixUpper = malloc(HASH_SUFFIX_SIZE + 1);
- for(int i = 0; i < HASH_SUFFIX_SIZE; i++) {
- int c = hashSuffix[i];
- if (islower(c)) c = toupper(c);
- sprintf(suffixUpper+i, "%c", c);
- }
- return suffixUpper;
- }
- int findSuffix(char *suffix, char *data) {
- int found = 0;
- int check = 1;
-
- int suffixCount = 0;
- for(unsigned long i = 0; i < strlen(data); i++) {
- if (found) return found;
-
- if (check) {
- if (data[i] == ':') found = 1;
- if (suffix[suffixCount] != data[i]) check = 0;
- suffixCount++;
- }
-
- if (data[i] == '\n') {
- check = 1;
- suffixCount = 0;
- }
- }
- return found;
- }
- void usage(char *app) {
- printf("Usage:\n%s <password>\n", app);
- }
- int main(int argc, char **argv) {
- if (argc < 2) {
- usage(argv[0]);
- return 1;
- }
- char *hash = getHash(argv[1]);
- char *url = getURL(hash);
- char *suffix = getSuffixUppercase(hash);
- free(hash);
- char *data = getData(url);
- free(url);
-
- if (findSuffix(suffix, data)) puts("Your password is well known!");
- free(data);
- free(suffix);
- }
|