Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 8 Nov 2017 17:18:34 +0100
From: Solar Designer <>
Subject: Re: Testing ZTEX boards?

On Mon, Nov 06, 2017 at 11:18:20AM +0100, Jeroen wrote:
> I'd like to get a ZTEX board and make sure that it's working properly before
> I buy it, to run some kind of diagnostics. Preferably really simple since
> I'm not experiences with FPGAs, JTAG etc.
> According to john documentation and earlier postings, it seems to me that
> the following should work:
> - Install libusb-dev.
> - Configure with ZTEX enabled, compile.
> - Hook up the ZTEX device to USB.
> - Run john with a *-ztex format, this will automatically upload the correct
> firmware.

Yes, and the bitstream too.

> - Cracking starts == working board.
> Is this correct and does it sound like a good approach?

Yes, that's fine.  Like with any hardware, there are possible issues
that would only be discovered after a while, though.

Some of the tests I run use the pw-fake-unix file from:

"3107 of Unix crypt(3) hashes (4 flavors, plus bigcrypt for length 9+)
and corresponding plaintext passwords"

You can take portions of it like:

egrep '^([^:]*:){4}[a-z]{4}:' pw-fake-unix > pw-fake-len4
egrep '^([^:]*:){4}[a-z]{6}:' pw-fake-unix > pw-fake-len6

and ensure that commands like:

for n in `seq 1 7`; do rm john.pot; ./john -form=bcrypt-ztex -mask='?l?l?l?l' -verb=1 pw-fake-len4; done
for n in `seq 1 7`; do rm john.pot; ./john -form=descrypt-ztex -mask='?l?l?l?l?l?l' -verb=1 pw-fake-len6; done

consistently give you the same numbers of cracks that similar ones would
on CPU.  Actually, all of the passwords in those files should be getting
cracked - 239 and 915, respectively.  This takes a few minutes per test.
You can also run these commands on the full pw-fake-unix for longer tests.

To better test communication between host and device (such as to detect
improper cables), try combining mask mode with another mode (using '?w'
inside the mask to refer to the other mode's output), or in the case of
bcrypt you can have all of the candidates generated on host with little
performance impact (since bcrypt is slow enough for that even on FPGA):

for n in `seq 1 7`; do rm john.pot; ./john -form=bcrypt-ztex -inc -min-len=4 -max-len=4 -verb=1 pw-fake-len4; done

doc/README-ZTEX also includes a section called "Troubleshooting ZTEX
board", which currently only mentions testing using Ztex SDK.  You can
do that.  Personally, before we got anything into JtR, I was testing
these boards with cgminer-3.1.1 built with "./configure --enable-ztex".
(IIRC, newer versions of cgminer dropped this support.)

> If I check ztex/* after compiling I don't see anything that looks like newly
> compiled FPGA code. But again, as an FPGA newbie I might overlook things.

We provide pre-generated bitstream files.  We also provide the original
project trees, but it'd take some gigabytes of proprietary software,
some hours of CPU time, and some skills to regenerate the bitstreams -
that's not something we expect end-users to do, and besides it doesn't
work the same way each time (there's some randomness involved).


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.