0

Good evening, I have a problem with this C code I'm making for my uni project.

It's a cryptography class, and I'm making a script that will grab the hashed password and its salt from a shadow.txt, then compare the hashed password with possible passwords from the .txt. It all works fine up to the point where I call the decryptwithTXT() function. It just gives me a core dump problem. I've put some prints inside the function, to see where it crashes but it never prints anything, meaning it just crashes as it calls the function, but I can't figure out why.

If you have any tips regarding what I'm doing wrong and causing it to crash, I would really appreciate it. If you have also ANY other tips regarding the quality of my code, please feel free to give me some tips, I'm trying to get better at C so I'm very open to criticism.

This is my main.

#include <stdio.h>
#include <crypt.h>
#include <string.h>

int getSaltnPassword(char* name,char* salt,char* pwd);
int decryptwithTXT(char* pwd,char* hpwd,char* salt,char* file);

int main()
{
    int x;
    char salt[8],hashedpwd[18],pwd[255],name[255],answer,flag,filename[25];
    do{
        printf("   Give username of targeted account.\n");
        scanf("%s",name);
        if (getSaltnPassword(name,salt,hashedpwd)==1){
            printf("Salt: %s\nHashed Password: %s\n",salt,hashedpwd);
            printf("   Proceed with attack on selected user? Y/N \n");
            scanf("%c",&answer);
            scanf("%c",&answer);
        }
        else
            printf("User not found, try again.\n"); 
    }while (answer!='Y'&&answer!='y');
    printf("   Choose one of the following:\n");
    printf("   a) Attack using datamined passwords.\n");
    printf("   b) Dictionary attack.\n");
    printf("   c) 4 character brute-force attack\n");
    scanf("%c",&flag);
    scanf("%c",&flag);
    switch(flag){

        case 'a':
            printf("Datamine\n");
            x=decryptwithTXT(pwd,hashedpwd,salt,"tom_datamine.txt");
        case 'b':
            printf("Dictionary.\n");
        case 'c':
            printf("Brute force.\n");
    }
return 0;
}

This is my decryptwithTXT function. For now I just want it to print all the passwords in the tom_datamine.txt

int decryptwithTXT(char* pwd,char* hpwd,char* salt,char* file){
    printf("entered function");
    int flag=0;
    FILE *fp;
    char temppwd[255];
        printf("declarations");
    fp=fopen(file,"r");
        printf("fopen");
    while(!feof(fp)){
            printf("loop");
        fgets(temppwd,255,(FILE*) fp);
            printf("fgets");
        printf("%s",temppwd);
            printf("print pwd");
    }
    fclose(fp);
    return 0;
}

And this is the function that gets the salt and hashed password from the shadow.txt. It works as intended for now.

int getSaltnPassword(char* name,char* salt, char* pwd){
    FILE *fp;
    char line[255],name_txt[255];
    int i,salta,saltb,pwda,pwdb;
    int j=0;
    fp=fopen("my_shadow.txt","r");
    while(!feof(fp)){
        i=0;
        fgets(line,255,(FILE*) fp);
        while (line[i]!=':'){
            name_txt[i]=line[i];    
            i++;
        }
        name_txt[i] = '\0';
        if (strcmp(name_txt,name)==0){
            printf("User found.\n");
            salta=i+4;
            saltb=i+12;
            for (i=salta;i<saltb;i++){
                salt[j]=line[i];
                j++;
            }
            salt[8]='\0';
            pwda=saltb+1;
            pwdb=pwda+18;
            j=0;
            for (i=pwda;i<pwdb;i++){
                pwd[j]=line[i];
                j++;
            }
            pwd[18]='\0';
            fclose(fp);
            return 1;
        }
      }
    fclose(fp); 
    return 0;
}

This is what my shadow.txt looks like

babis:$1$asff83lt$gggggg9nvR6civ7fZP.tt/:
anna:$1$kwif83lt$ZaNUkA9nvR6civ7fZP.tt/:

And this is what my tom_datamine.txt is like.

tom
marousi
anna
pinkfloyd
bowling
tommarousi
tomarousi
tomanna
tompf
tompinkfloyd
bowlingfloyd
pink floyd
tombowling
Paris Laras
  • 31
  • 1
  • 1
  • 7
  • 1
    Put some newlines in those printf debugs, else you will be misled as to progress. Even better, use a proper debugger. – ThingyWotsit May 06 '17 at 16:29
  • Then there's: http://stackoverflow.com/q/5431941/7761980 – ThingyWotsit May 06 '17 at 16:31
  • 2
    `while(!feof(fp))` ==> `while(fgets(temppwd,255,(FILE*) fp) != NULL)`. Please see [Why is “while ( !feof (file) )” always wrong?](http://stackoverflow.com/questions/5431941/why-is-while-feof-file-always-wrong) And, you `printf("fopen");` without even checking if the file was successfully opened. – Weather Vane May 06 '17 at 16:33
  • Ok, cool, thanks guys, so as far I understand (!feof(fp)) is bad practice and very flimsy and unsafe. I'll make sure to change it. – Paris Laras May 06 '17 at 16:37
  • Why the double `scanf("%c",&answer); scanf("%c",&answer);` (etc)? The second one will read a `newline`. Replace with a single `scanf(" %c",&answer);` with that space in front of `%c`. – Weather Vane May 06 '17 at 16:38
  • Thanks @WeatherVane, I did it, because I've seen it done before as a quick fix for scanf's being skipped during runtime. Your fix works much better. Not sure why the skip happens in the first place, but I'll make sure to do it like that from now on. – Paris Laras May 06 '17 at 16:41
  • It happens because most format specifiers skip any whitespace characters in the input buffer: except `%c` does not. However it *does* leave the `newline` you typed to be read the next time. That space instructs `scanf` to skip any leading whitespace. – Weather Vane May 06 '17 at 16:43
  • Oh, now I understand. That makes alot of sense... Btw, regarding to my main core dump problem, I'm afraid I should be using malloc somewhere I'm not, but I have no idea where. – Paris Laras May 06 '17 at 16:46
  • Until you check the return value from `fopen` there is no point looking deeper. – Weather Vane May 06 '17 at 16:48
  • Assuming you mean the fopen in the decryptwithTXT (), it never even gets to the fopen, it doesn't even print the first two fprints of entered function and declarations, so unless I'm mistaken it feels like the problem is elsewhere. – Paris Laras May 06 '17 at 16:53
  • There is never an excuse not to check the return value from `fopen`. Did you add the newlines you were advised to add? Or call `fflush(stdout);`? – Weather Vane May 06 '17 at 16:55
  • Ok, I was mistaken, for some reason the new lines actually made the printfs show up. No idea why... It seems like it crashes whilst calling the while. I think I can work it out from here...? Where would you advise to call fflush(stdout)? – Paris Laras May 06 '17 at 17:01
  • Because the output sits in a buffer until it is discharged to the device either by being full, or by a `newline`, or by `fflush(stdout)` so when the program crashes, the messages were never printed. Note that it is a frequently seen mistake to write, say `printf("\nMy message");` instead of `printf("My message\n");` – Weather Vane May 06 '17 at 17:02
  • Ok, that is very interesting, had no clue the output was buffered. You've really helped me out mate. I think I should be able to figure out what's wrong from here. – Paris Laras May 06 '17 at 17:11
  • By the way, you really stayed to help me out and you've made a difference. I've fixed it now. Is there a way for me to show some appreciation for your help? I've tried to upvote your other answers but i'm below 15 reputation, so that didn't do anything. – Paris Laras May 06 '17 at 17:23
  • Meh - @WeatherVane already has too much rep:) Why not learn how to use your debugger - it'll help us all in the longer run.. – ThingyWotsit May 06 '17 at 18:26
  • @ThingyWotsit you can post an answer. – Weather Vane May 06 '17 at 18:55
  • Nah - I didn't have a definitive answer for OP's problems, so I'm happy with just the comments:) – ThingyWotsit May 06 '17 at 19:47
  • @DoomfallBleak Feel free to post an answer yourself if you think it helps other people fall in the same traps. If you think - in hindsight - that the issues you got will not be found using a google search or similar then you can also delete the question. The question is not that specific, so chances are that it will never be found. – Maarten Bodewes May 09 '17 at 18:48
  • @MaartenBodewes After all it was a bad file read, but because of the debug printfs not actually printing due to my error, as pointed out by WeatherVane, I couldn't locate the error before posting. I don't think it's a problem that other people might run into, it was too circumstancial.I'll be closing the question now. – Paris Laras May 10 '17 at 23:28

1 Answers1

1

Because the output sits in a buffer until it is discharged to the device either by being full, or by a newline, or by fflush(stdout, when the program crashes, the messages are never printed. Note that it is a frequently seen mistake to write, say printf("\nMy message"); instead of printf("My message\n")

Because of that, the debug printf's I put in, never printed and I assumed there was something wrong with my function call, whilst after all, it was a bad file-read.

Credit for the answer goes to @WeatherVane for his valuable help at solving this as well as improving my programming knowledge in the comment section.

Paris Laras
  • 31
  • 1
  • 1
  • 7