Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 24 Feb 2008 04:14:19 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Question about incremental Mode

On Wed, Feb 20, 2008 at 12:11:43AM +0100, Norbert Zacharias wrote:
> sadly there are no examples for rules in incremental Mode. So i have to ask 
> for a special case:
> I want to check passwords from 4 to 16 chars containing [a-z24!|&]
> how will this rule look like ?

Andy has already provided the correct answer to this specific question -
the "rules" are not used with "incremental" mode.  (Thank you, Andy!)

The specific "incremental" mode definition from Andy's message:

[Incremental:Custom]
File = $JOHN/alpha.chr
MinLen = 4
MaxLen = 16
Extra = 24!|&

will only work for lengths up to 8 with default builds of JtR.  Please
refer to this older posting for information on how to get it to work for
higher lengths (up to 13) as well as for how to generate your custom
.chr file (maybe including your special characters):

http://www.openwall.com/lists/john-users/2007/07/04/6

You're probably out of luck cracking that password if it's 16 characters
long and you don't have any additional information on it.

As an alternative to a custom "incremental" mode, you may also use an
external mode.  Its drawback is that, unlike "incremental" mode, it will
not deal with character frequencies, effectively treating all characters
as equally probable.

Here's a generic external mode implementing dumb exhaustive search,
given a range of lengths and an arbitrary charset.

It is pre-configured for Norbert's desired lengths and charset, although
it will obviously never get to length 16 in practice.  (The only chance
to crack passwords that long is with smarter cracking modes and/or by
making use of more information.)

# Dumb exhaustive search, given a range of lengths and an arbitrary charset
[List.External:DumbForce]
int maxlength;		// Maximum password length to try
int last;		// Last character position, zero-based
int lastid;		// Character index in the last position
int id[0x7f];		// Current character indices for other positions
int charset[0x100], c0;	// Character set

void init()
{
	int minlength;
	int i, c;

	minlength = 4;	// Initial password length to try
	maxlength = 16;	// Maximum password length to try

/* This defines the character set */
	i = 0;
	c = 'a'; while (c <= 'z') charset[i++] = c++;
	charset[i++] = '2';
	charset[i++] = '4';
	charset[i++] = '!';
	charset[i++] = '|';
	charset[i++] = '&';

/* Zero-terminate it, and cache the first character */
	charset[i] = 0;
	c0 = charset[0];

	last = minlength - 1;
	i = 0;
	while (i <= last) {
		id[i] = 0;
		word[i++] = c0;
	}
	lastid = -1;
	word[i] = 0;
}

void generate()
{
	int i;

/* Handle the typical case specially */
	if (word[last] = charset[++lastid]) return;

	lastid = 0;
	word[last] = c0;

	i = last;
	while (i--) {			// Have a preceding position?
		if (word[i] = charset[++id[i]]) return;
		id[i] = 0;
		word[i] = c0;
	}

	if (++last < maxlength) {	// Next length?
		id[last] = lastid = 0;
		word[last] = c0;
	} else				// We're done
		word = 0;
}

void restore()
{
	int i, c;

/* Calculate the current length and infer the character indices */
	last = 0;
	while (c = word[last]) {
		i = 0; while (charset[i] != c && charset[i]) i++;
		if (!charset[i]) i = 0;
		id[last++] = i;
	}
	lastid = id[--last];
}

Here's another implementation:

# Same as above, but uses a "cyclic" charset, which is slightly slower
# but makes the restore() function simpler.
[List.External:DumbForce-Cyclic]
int maxlength;		// Maximum password length to try
int running;		// Are we already running?
int last;		// Last character position, zero-based
int c0, cc[0x100];	// Cyclic charset

void init()
{
	int minlength;
	int charset[0x100];
	int i, c, n;

	minlength = 4;	// Initial password length to try
	maxlength = 16;	// Maximum password length to try

/* This defines the character set */
	i = 0;
	c = 'a'; while (c <= 'z') charset[i++] = c++;
	charset[i++] = '2';
	charset[i++] = '4';
	charset[i++] = '!';
	charset[i++] = '|';
	charset[i++] = '&';

/* Convert the "sequential" charset to a "cyclic" one */
	n = i;
	c = c0 = charset[i = 0];
	while (++i < n) c = cc[c] = charset[i];
	cc[c] = c0;

	running = 0;
	last = minlength - 1;
	i = 0; while (i <= last) word[i++] = c;
	word[i] = 0;
}

void generate()
{
	int i;

/* Handle the typical case specially */
	if ((word[last] = cc[word[last]]) != c0) return;

	i = last;
	while (i--) {			// Have a preceding position?
		if ((word[i] = cc[word[i]]) != c0) return;
	}

	if (running++) {
		if (++last < maxlength)	// Next length?
			word[last] = c0;
		else			// We're done
			word = 0;
	}
}

void restore()
{
	running = 1;
	last = 0;			// Calculate the length
	while (word[last]) last++;
	last--;				// We need the last character index
}

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ