Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (13) </ ... 3 4 5 6 7 [8] 9 10 11 12 13 ... >/

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: C question, loops< Next Oldest | Next Newest >
curaga Offline





Group: Members
Posts: 2163
Joined: Feb. 2007
Posted: Jan. 17 2008,15:18 QUOTE

Okay, the fire test began yesterday. I chose a new password of 22 chars for this test, with the same charateristics of my previous one. This to prevent waiting of a lifetime.

In order to behave like a smart cracker, I decided to run multiple processes simultaniously. That, with the optimization of skipping permutations with 3+ of the same char, should bring the time to an acceptable window. And will still be an interesting result.

To simulate a multi-core environment, I shared the work to 4 of my (8) comps. Each of them runs two processes, distributed like this:
P1 100Mhz - length 1-3 and 4-6
P1 133Mhz - length 7-8 and 9-10
P3 733Mhz - length 11-13 and 14-16
P3 1Ghz - length 17-19 and 20-23

First three have nothing to do but this, but the final one (my best comp :P) is my main comp, which will be used for daily tasks such as browsing, so the cracking processes are niced to 19 on this comp (I'm on it now, too :D)


--------------
There's no such thing as life. Those mean little jocks invented it ;)
-
Windows is not a virus. A virus does something!
Back to top
Profile PM 
WDef Offline





Group: Members
Posts: 798
Joined: Sep. 2005
Posted: Jan. 17 2008,23:14 QUOTE

Amazing,  I didn't think it would actually be useful code!  

That uninitialized var error is easily fixed.  Re:  multiple instances - a proper cracking prog would use threads to tackle different slabs of the passphrase space simultaneously.

I've been trying the perl module Algorithm::Permute on this, which is many times faster than that hack above.  I've installed it and think I follow how to use it, but am having issues passing its results to openssl via system for unknown reasons.

So I've posted on Perl Monks to try to get some help from those Enlightened Priests of Perl.

When I have it working I'll post the improved code and a module extension - that should speed up your cracking by several orders of magnitude.
Back to top
Profile PM 
curaga Offline





Group: Members
Posts: 2163
Joined: Feb. 2007
Posted: Jan. 18 2008,13:03 QUOTE

No need for the module ext - I can easily use cpan

--------------
There's no such thing as life. Those mean little jocks invented it ;)
-
Windows is not a virus. A virus does something!
Back to top
Profile PM 
WDef Offline





Group: Members
Posts: 798
Joined: Sep. 2005
Posted: Jan. 18 2008,16:38 QUOTE

Here is the permute module anyway, for use with the gtk2 .dsl extension which contains perl-5.8.7:

http://www.uploadhut.com/id169109/AlgorithmPermute-pm-5.8.7.dsl

Turns out my code wasn't broken after all, I just wasn't waiting long enough!  Doesn't mean it couldn't be improveable.  A few points:

1.  It's fast.  You can see how fast it is by commenting out the system call to openssl (which slows everything down) and turning printall on ( = 1).  The Algorithm::Permute module is written in XS code so is efficient.  This is the brand new version of the module (0.11).

2. It doesn't work though perms in lexicographic order ie the earlier program always started with the 1st char in the set etc.  I don't follow the order at this stage.

3. As I discovered after adding one, there's no need for a filter to remove adjacent chars that are repeated say 3 times, since, in order to make it repeat chars, you just have to repeat the range or list in @set the number of times that you want to allow repetitions from that subset.  We want to allow 2x reprtitions but not 3x, so just repeat the entire contents of your existing @set once.

So for eg in my test:

Code Sample

my @set = (  "r", "r", "t", "t", "a" .."d",  "a" .."d" ); # ranges and lists to permute


will produce perms containing 'aa' but not 'aaa' etc.

Here it is:

Code Sample

#!/usr/bin/perl

# Demonstration brute force password cracker

use strict;
use warnings;
use Algorithm::Permute;

#==========================// SETTINGS // =========================


my @set = ( 'a'..'d', 'r', 't', 'a'..'d');
my $printall = 0;  # set to 1 to print every perm
my $startlen;
my $endlen;

# Leave the following  commented out to do all length perms within @set

#~ $startlen = 3;  # begin processing with strings of length $startlen

#~ $endlen = 5;   # end processing with strings of length $endlen

#================================================================

my $perm = "";
my $k;
my $i;

sub print_perm {
print "Perm no. $k = $perm\n";
}



#================================// MAIN // =======================

$SIG{'HUP'} = 'print_perm';  # print current perm on receipt of sighup


$k = 0;
my $setlen = $#set + 1;

# defaults
unless (defined($startlen)) { $startlen = 1 }
unless (defined($endlen)) { $endlen = $setlen }

unless ($startlen >= 1) { die "Error: startlen must be >= 1" }
unless ($endlen >= $startlen) { die "Error: startlen must be <= endlen" }
unless ($endlen <= $setlen) { die "Error: endlen must be <= $setlen" }


foreach $i ($startlen..$endlen) {
my $p = new Algorithm::Permute([@set], $i);
my @res;
while (@res = $p->next) {
$k++;
$perm = join("", @res);
if ($printall == 1) {
print "$k $perm\n";
}
system("echo $perm | 2>/dev/null openssl bf -pass stdin -d -in encryptedfile -out out.txt && file -b out.txt | grep -q '^ASCII text'") == 0 && die "Found passphrase \"$perm\"";

}

}




EDIT1:  added perm counter to sighup print
EDIT2:  added variable length string ranges and defaults
Back to top
Profile PM 
curaga Offline





Group: Members
Posts: 2163
Joined: Feb. 2007
Posted: Jan. 18 2008,17:06 QUOTE

Will try that soon. There's something wrong with your previous 3+ char recognition with long strings (with over 15 chars none got skipped, despite the string ääääääääääääääö having clearly more than three adjacent ä's). I guess that doesn't matter anymore though.

Anyway, is it guaranteed that this new algorithm does try every combination?


--------------
There's no such thing as life. Those mean little jocks invented it ;)
-
Windows is not a virus. A virus does something!
Back to top
Profile PM 
64 replies since Jan. 12 2008,13:35 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (13) </ ... 3 4 5 6 7 [8] 9 10 11 12 13 ... >/
reply to topic new topic new poll
Quick Reply: C question

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code