I’m very forgetful these days. Even though I could not remember what I ate yesterday or what I wore, I have password protected everything. As a result, most of the times I have ended up with a locked zip, tar.gz or other file. Yesterday I had same experience and I decided to write a brute force python application to crack my password protected file.
Unfortunately I knew that it would take time for the app to crack with brute force technique, but I could use some tricks to improve performance. For instance I can limit the alphabet to attack (most of you use same pattern, special characters, password scheme for encryption) which would save time significantly.
I should mention that BruteForcer supports multithreading. So, if you have a multicore CPU then configure thread count value in config.py file and run cracker with the desired value. But increasing thread count will not always give you performance. It has a limit, if you set it with a high value your computer will have trashing. Trashing can be defined as “your computer is so busy in managing overloaded resources that it can not execute your real code”, it makes swap writes/reads more than optimal and your program works much more slower than its single threaded version. As a recommendation, set it to a value 1 less than your CPU core count (for example if your CPU is 4 core and 8 core with hyper-threading you can set it to 7).
Cracker application written in python 3.x. It’s extensible to support to crack new executables. My file was 7z format. If one wants to extend it, the architecture of the application is very convenient to do so.
I’ve used factory design pattern, and iterator design pattern.
Test cases are added for the important methods.
Setup scripts are added as well.
If you want to add a zip support for instance, you need to add a function in format_checker to check the file if it is really a zip file. Checking can be similar to mine but zip file may have different magic number or other definitive property.
Second thing to do is, adding required code to create a zip decoder in dialect_factory module. It will also be very similar to my code (I guess off course).
And the last and the core thing is to add dialect to try your password within the dialect module. You should inherit base Dialect module for the new dialect you’re adding.
More discussion can be made based on cracking. If I found enough energy and time, I would also like to write this cracker’s distributed version. In distributed version centralized password generator server would give passwords to crackers (either physical or virtual servers) and passwords will be generated per request basis and thread-safe. Passwords will always be ready in a cache and if a cracker server requests new passwords to try, this cache will be used. If the number of passwords drop below a threshold in password server cache then new bucket of passwords will be fed to this passwords cache. I would use message queue to pass passwords between cracker servers and password server.
Another approach is more simple and elegant way to solve if we want distributed cracking. One can enter alphabet and digit count for the attack. The distributed cracker should only provide sub-alphabets to cracker servers. For instance if your alphabet is:
“ABCDEFG”
and you have three servers then your distributed cracker will only output for sub-alphabet ranges for the server count. For the example case:
Server-1: start password: AAAAAAA, end password: BGGGGGG
Server-2: start password: CAAAAAA, end password: DGGGGGG
Server-3: start password: EAAAAAA, end password: GGGGGGG
This sounds easy, does not it? So in that case we need to write a sub-alphabet calculator.
But if you looked at the password generator function, it has base len(Config.ALPHABET) which is more than 70. So we’ll be dealing with very big numbers for password attack, and these numbers will probably not fit into integer range. One solution to this problem is a divide&conquer method. The highest possible string length size chunks will produce larger passwords. And string addition will take place at that case.
Project is released under MIT licence at the: https://bitbucket.org/iclykofte/bruteforcer
note to self 