Programming and Scripting :: C question

yeh, wdef's code is somewhat similar to some c code i used before to generate strings;
just change MAX to 30 and the 'check' routine.

Code Sample

#include <stdio.h>

#define MAX 4

int check (char *s)
{
printf ("%s\n", s);
if (!strcmp (s, "help")) return (1);
return (0);
}
//--------------------------------------
char s[MAX+1];

int try_again (int pos)
{
char c;

s[pos+1]='\0';

for (c='a'; c<'z'+1; c++)
{
s[pos] = c;
if (check (s)) return(1); //success!

if (pos == MAX-1) continue;
if (try_again (pos+1)) return(1);
}
return (0);
}
//--------------------------------------
int main ()
{
if (try_again (0)) printf ("cracked :)\n");
else printf ("failed :(\n");
}

the trick is to recurse, but to also use a global var so you don't blow the stack memory!

I don't understand this part:

if (!strcmp (s, "help")) return (1);

So if the string is not found, return success?

Ah - that's the perversity of C

the strings are equal when strcmp fails!

Agreed.. Weird indeed, considering the function is "compare strings".

How about a modification to the perl code similar to dd, that when you receive SIGUSR1 you output where you are going?

There's one problem with openssl for this brute forcing purpose: it will output binary garbage and return success when given certain incorrect passphrases. So it appears to decrypt when it doesn't.

As a workaround, I've just edited the example above so it runs cat on the outputted file - it it isn't text, cat will return 1 and the program won't exit. That should get rid of false positives (I think).

Next Page...
original here.