Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: Dictionary File Vs. On-the-fly Processing

  1. #1
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default Dictionary File Vs. On-the-fly Processing

    I initially posted in the "Benefits of Time-Memory Trade-off" thread but that thread's gone off in a different direction so I'm starting a new one.

    In the previous thread, theprez98 showed how he got better results from creating a dictionary file than doing on-the-fly generation of combinations.

    My response was as follows:

    My initial reaction to your findings is that there must be some bad programming going on behind the scenes.

    Here are the two options we're considering:

    Option 1: Run an algorithm which produces combinations, and write each combination to a dictionary file, then execute a program that processes each word in the dictionary file to see if it's the correct password.

    Option 2: Run an algorithm which produces combinations, and process each word to see if it's the correct password.

    The code for Option 1 would work as follows:
    Code:
    FileHandle f = CreateFile("dict.txt");
    
    for loop (blah blah)
    {
        CreateNextCombination();
    
        WriteCombinationToFile(f);
    }
    
    CloseFile(f);
    
    FileHandle f = OpenFile("dict.txt");
    
    for loop (blah blah)
    {
        ReadCombinationFromFile();
    
        TestCombinationToSeeIfCorrect();
    }
    If we look at the second option however, it's far simpler:

    Code:
    for loop (blah blah)
    {
        CreateNextCombination();
        TestCombinationToSeeIfCorrect();
    }
    I would expect this shorter code to run way way way faster because it doesn't have to execute hundreds (if not thousands) of instructions just to read and write from a file.

    If Option 1 is working out faster for you, then there's a BIG problem with how the second one is coded. BIG BIG BIG problem.

    Actually I'd like to prove this. How about I create a dictionary file that has every combination of lowercase four-letter words (aaaa, aaab, aaac, aaad, up to zzzz). I'll use aircrack-ng to try out this password file on a WPA handshake. Next thing I'll do is download the source code for aircrack-ng and alter it so that instead of reading a word from a file, it simply calculates on-the-fly.

    I'll calculate how long it takes to produce the dictionary file and also crack the password, and I'll compare this to the "on-the-fly" version. My prediction is that the latter will be a hell of a lot faster. If it isn't a hell of a lot faster it would go against every morsel of computer knowledge I have.
    I've written an algorithm for generating all the combinations for an N-length word (e.g. aaaaaaaa, aaaaaaab, aaaaaaac .... zzzzzzzz). I'll provide this code so people can test how long it takes to create the dictionary file. Next you can use aircrack-ng to see how long it takes to crack a WPA whose passphrase is zzzzzzzz.

    At the moment I'm working on changing the aircrack-ng source code so that instead of reading from a file, it uses my algorithm to test combinations on-the-fly.

    My alteration of aircrack-ng will have two benefits:
    1) You won't need a ridiculous amount of hard disk space to store the dictionary file.
    2) It should be much faster because you won't have to read from the hard disk.

    It's getting late here now so I'll finish it off tomorrow and post my results.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Virchanza View Post
    At the moment I'm working on changing the aircrack-ng source code so that instead of reading from a file, it uses my algorithm to test combinations on-the-fly.

    My alteration of aircrack-ng will have two benefits:
    1) You won't need a ridiculous amount of hard disk space to store the dictionary file.
    2) It should be much faster because you won't have to read from the hard disk.

    It's getting late here now so I'll finish it off tomorrow and post my results.
    As far as I remember this is already possible with aircrack-ng. You can simply pipe the output of for example crunch into aircrack-ng instead of using a dictionary.

    EDIT: At least this approach works with john the ripper.
    -Monkeys are like nature's humans.

  3. #3
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Along with this, a beneficial functionality would be a user prompted (or supplied) set of known characters. I'm thinking the below for example (note, no idea what the aircrack syntax is, but -c could be the trigger for input prompts):

    Code:
    aircrack-ng -c eaopl.cap
    Enter number of characters for passphrase: 8
    Enter possible characters (u,U,1,!): u,U
    Enter known character string: SKY
    Or, maybe something like this:

    Code:
    aircrack-ng -c eaopl.cap
    Enter number of characters for passphrase: 8
    Enter possible characters (u,U,1,!): u,U
    Enter known characters with asteriks in the place of unknowns: SKY*****
    It would then compute every possibly upper and lower case passphrase combination beginning with SKY.

    Dunno, just an idea.

    Let us know if you do, I'd be interested in following it.

  4. #4
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    I've successfully added an on-the-fly generator to Aircrack.

    To give myself as little work to do as possible, and also to alter the workings of the program as little as possible, I changed the part of the code that actually reads the word from the dictionary file.

    In "aircrack-ng.c", the dictionary file is opened using "fopen". From there, each word is read from the dictionary file using "fgets". I decided to commandeer the "fgets" call so that instead of reading a word from a file, it consults an on-the-fly generator to get the next word.

    The generator I've built into it currently has the following options:
    1) What is the minimum length of the password? 3
    2) What is the maximum length of the password? 12
    3) Do you want to use all the ASCII characters (Y/N)? N
    If not, 4) Specify the characters to use: abcdefghijklmnoprstuvwxyz

    Can anyone think of more useful options to add to the generator?

    I have a favour to ask, if someone would be so kind. I currently don't have access to a WPA access point; so could someone please e-mail me a capture file that contains a handshake for a known password? I can use this capture file to test whether the generator actually works properly with Aircrack. It doesn't matter what the ESSID is, the funkier the better. Please e-mail it to me at VIRTUAL at LAVABIT dot COM.

    Presently here's the code I have for generating the combinations. I rushed it in a few hours so it's a little thrown together and by no means finished, but here's a taste nonetheless:
    Code:
    Primitive code removed, I'll post better code shortly.
    Comments, questions, suggestions, corrections welcomed.

  5. #5
    Member
    Join Date
    Jun 2007
    Posts
    218

    Default

    Originally posted by Virchanza
    I have a favour to ask, if someone would be so kind. I currently don't have access to a WPA access point; so could someone please e-mail me a capture file that contains a handshake for a known password?
    There's one in the aircrack-ng test folder.
    /pentest/wireless/aircrack-ng/test/

    The passphrase is “biscotte”.

  6. #6
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Argh you beat me to it! haha...yea there's a test one in there.

    Dude, if this works, this is a cool friggin addition to aircrack. I'd like to test it now but it will have to wait until tonight.

    My only question right now is:

    4) Specify the characters to use: abcdefghijklmnoprstuvwxyz
    Does this include capitals?

  7. #7
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    I posted an algorithm here a few weeks ago for giving all the permutations of uppercase and lowercase but there's no need for that when you can simply specify all the characters as follows:

    abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ

    I'm gonna see if I can crack "biscotte" with it. I'll post back in a half hour or so and let you know how it went.

  8. #8
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Quote Originally Posted by Virchanza View Post
    I posted an algorithm here a few weeks ago for giving all the permutations of uppercase and lowercase but there's no need for that when you can simply specify all the characters as follows:

    abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ

    I'm gonna see if I can crack "biscotte" with it. I'll post back in a half hour or so and let you know how it went.
    Gotcha, cool. Yeah please let us know how it goes.

  9. #9
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Quote Originally Posted by theberries View Post
    Gotcha, cool. Yeah please let us know how it goes.
    Works perfectly, I used the on-the-fly generator to crack "biscotte" just there.

    Do you think people will find this useful? I mean it's still gonna take a ridiculously long amount of time to crack an 8-letter password...

    It'd be nice to enhance it so that many computers can work together on cracking. For instance, let's say that there's one billion combinations to try, and that you have one hundred computers. Each computer would have an ID in the range 0 to 99. Computer 0 would work on the first ten million combinations, Computer 1 on the second ten million, Computer 3 on the third ten million.

    After that, somebody can work on making a bot that takes control of computers all over the world so we can have a million or so machines working on cracking it (YES, that's a joke )

    I'll clean up the code I have at the moment and then make the source code available.

    Again if anyone has any suggests just throw them out there.

  10. #10
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    I'd find it useful and would appreciate very much the source.

    How long did it take to break the biscotte? What was your kps?

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •