Programming and Scripting :: C question



Okay, the fire test began yesterday. I chose a new password of 22 chars for this test, with the same charateristics of my previous one. This to prevent waiting of a lifetime.

In order to behave like a smart cracker, I decided to run multiple processes simultaniously. That, with the optimization of skipping permutations with 3+ of the same char, should bring the time to an acceptable window. And will still be an interesting result.

To simulate a multi-core environment, I shared the work to 4 of my (8) comps. Each of them runs two processes, distributed like this:
P1 100Mhz - length 1-3 and 4-6
P1 133Mhz - length 7-8 and 9-10
P3 733Mhz - length 11-13 and 14-16
P3 1Ghz - length 17-19 and 20-23

First three have nothing to do but this, but the final one (my best comp :P) is my main comp, which will be used for daily tasks such as browsing, so the cracking processes are niced to 19 on this comp (I'm on it now, too :D)

Amazing,  I didn't think it would actually be useful code!  

That uninitialized var error is easily fixed.  Re:  multiple instances - a proper cracking prog would use threads to tackle different slabs of the passphrase space simultaneously.

I've been trying the perl module Algorithm::Permute on this, which is many times faster than that hack above.  I've installed it and think I follow how to use it, but am having issues passing its results to openssl via system for unknown reasons.

So I've posted on Perl Monks to try to get some help from those Enlightened Priests of Perl.

When I have it working I'll post the improved code and a module extension - that should speed up your cracking by several orders of magnitude.

No need for the module ext - I can easily use cpan
Here is the permute module anyway, for use with the gtk2 .dsl extension which contains perl-5.8.7:

http://www.uploadhut.com/id169109/AlgorithmPermute-pm-5.8.7.dsl

Turns out my code wasn't broken after all, I just wasn't waiting long enough!  Doesn't mean it couldn't be improveable.  A few points:

1.  It's fast.  You can see how fast it is by commenting out the system call to openssl (which slows everything down) and turning printall on ( = 1).  The Algorithm::Permute module is written in XS code so is efficient.  This is the brand new version of the module (0.11).

2. It doesn't work though perms in lexicographic order ie the earlier program always started with the 1st char in the set etc.  I don't follow the order at this stage.

3. As I discovered after adding one, there's no need for a filter to remove adjacent chars that are repeated say 3 times, since, in order to make it repeat chars, you just have to repeat the range or list in @set the number of times that you want to allow repetitions from that subset.  We want to allow 2x reprtitions but not 3x, so just repeat the entire contents of your existing @set once.

So for eg in my test:

Code Sample

my @set = (  "r", "r", "t", "t", "a" .."d",  "a" .."d" ); # ranges and lists to permute


will produce perms containing 'aa' but not 'aaa' etc.

Here it is:

Code Sample

#!/usr/bin/perl

# Demonstration brute force password cracker

use strict;
use warnings;
use Algorithm::Permute;

#==========================// SETTINGS // =========================


my @set = ( 'a'..'d', 'r', 't', 'a'..'d');
my $printall = 0;  # set to 1 to print every perm
my $startlen;
my $endlen;

# Leave the following  commented out to do all length perms within @set

#~ $startlen = 3;  # begin processing with strings of length $startlen

#~ $endlen = 5;   # end processing with strings of length $endlen

#================================================================

my $perm = "";
my $k;
my $i;

sub print_perm {
print "Perm no. $k = $perm\n";
}



#================================// MAIN // =======================

$SIG{'HUP'} = 'print_perm';  # print current perm on receipt of sighup


$k = 0;
my $setlen = $#set + 1;

# defaults
unless (defined($startlen)) { $startlen = 1 }
unless (defined($endlen)) { $endlen = $setlen }

unless ($startlen >= 1) { die "Error: startlen must be >= 1" }
unless ($endlen >= $startlen) { die "Error: startlen must be <= endlen" }
unless ($endlen <= $setlen) { die "Error: endlen must be <= $setlen" }


foreach $i ($startlen..$endlen) {
my $p = new Algorithm::Permute([@set], $i);
my @res;
while (@res = $p->next) {
$k++;
$perm = join("", @res);
if ($printall == 1) {
print "$k $perm\n";
}
system("echo $perm | 2>/dev/null openssl bf -pass stdin -d -in encryptedfile -out out.txt && file -b out.txt | grep -q '^ASCII text'") == 0 && die "Found passphrase \"$perm\"";

}

}




EDIT1:  added perm counter to sighup print
EDIT2:  added variable length string ranges and defaults

Will try that soon. There's something wrong with your previous 3+ char recognition with long strings (with over 15 chars none got skipped, despite the string ההההההההההההההצ having clearly more than three adjacent ה's). I guess that doesn't matter anymore though.

Anyway, is it guaranteed that this new algorithm does try every combination?

Next Page...
original here.