Sign in to follow this  
ErUs

password cracker algorithm

Recommended Posts

i have tried and failed at making one ( a brute forcer ) :( can someone give me some pointers please? ( i have made an array with possible characters ) BTW brute force. ( every possible password/combination )

Share this post


Link to post
Share on other sites
I believe you have a few ways you can go about doing this.

1) Brute force. Try every combination till one works.
2) Dictonary Hacking. Try every word till something works
3) Break the encryption on the file that stores the password (Good luck)

Share this post


Link to post
Share on other sites
It's not necessarily illegal to use it. Security auditing companies and consultants do it all the time. It is of course illegal to use this to break into someone else's computer but ot audit your own, not so much.

Share this post


Link to post
Share on other sites
Use ACII values. Chars are essentially ints right? use loops and a few condition statements to increment through the alphabet and all other characters in terms of an int. Typecast that int into a char.

for a one char password:

char[] temp;
for(int i = 32; i < 137; i++){
temp[0] = (char)(i);
//check if it's the password; if true, break, else continue
}

for two characters:

for(){
char[0] = (char)(i)
for{
char[1] = (char)(j)
// Check password
{
}

it's not complete code. I'm assuming you can fill in the blanks.
I haven't made any kinda password cracking code either but I'm assuming this is the same idea.

Share this post


Link to post
Share on other sites
I'm going to code this right into the GameDev post textbox, so we'll see how it turns out...



void InitCombo(char **buf, int len)
{
//We'll store the null-terminated string
//followed by an array of indices into
//the list of legal characters.
*buf = new char[len+1+len];

//Zero out the string
memset(*buf, 0, len+1);

//And set all indices to -1 (==255)
memset((*buf)+len+1, -1, len);
}
bool NextCombo(char *buf, int len, char *legal)
{
//number of legal characters.
int legal_len = strlen(legal);

//beginning of our index array.
char *idx = buf+len+1;

while(true)
{
(*idx)++;//increment the current digit's index.

if((*idx) >= legal_len)
{
//We've rolled over this digit. Reset it to 0
//and go to the next digit.
*idx = 0;
idx++;
//If we've rolled over the last digit, return
//false (no more combos).
if(idx-buf >= len+1+len)
return(false);
}
else //This digit didn't roll over, so exit this loop.
break;
}

//Now that the indices are correctly updated,
//update actual string to represent the indices.
idx = buf+len+1;
for(int i = 0; i < len; i++)
if(idx[i] != -1)
buf[i] = legal[idx[i]];

return(true);
}
void ReleaseCombo(char *buf)
{
delete [] buf;
}

//Then in your code:
int main()
{
char *buf;
char *legal="abcdefghijklmnopqrstuvwxyz0123456789";

//Get every possible combination up to 15 characters long.
InitCombo(&buf, 15);
while(NextCombo(buf, 15, legal))
{
cout << buf << '\n';
}
ReleaseCombo(buf);
return(0);
}


Does that work? It turned out to be a little more code than I'd expected... Okay, I tested in in Visual C++. I should get a medal--it worked on the first compile :-)

A warning: This is VERY SLOW. This is a very fast implementation (it could be optimized in a few spots still), but it still takes a good long while (minutes to hours) to get up to 15 characters. Hopefully the target password is short. This algorithm checks the short ones first.

Hope you're using C++ :-) This isn't very easy code to port to VB or something.



~BenDilts( void );

Share this post


Link to post
Share on other sites
If you're interested (because I was), here's a more optimized version of the above code:


#include <iostream>
using namespace std;

void InitCombo(char **buf, int len)
{
//We'll store the null-terminated string
//followed by an array of indices into
//the list of legal characters.
*buf = new char[len+1+len];

//Zero out the string
memset(*buf, 0, len+1);

//And set all indices to -1 (==255)
memset((*buf)+len+1, -1, len);
}
bool NextCombo(char *buf, int len, char *legal, int legal_len)
{
char *pOut = buf;

//beginning of our index array.
char *idx = buf+len+1;

while(true)
{
(*idx)++;//increment the current digit's index.

if((*idx) == legal_len)
{
//We've rolled over this digit. Reset it to 0
//and go to the next digit.
*idx = 0;
idx++;

*pOut = *legal;
pOut++;

//If we've rolled over the last digit, return
//false (no more combos).
if(idx-buf == len+1+len)
return(false);
}
else //This digit didn't roll over, so exit this loop.
{
*pOut = legal[(*idx)];
return(true);
}
}
}
void ReleaseCombo(char *buf)
{
delete [] buf;
}


//Then in your code:

int main(int argc, char* argv[])
{
char *buf;
char *legal="abcdefghijklmnopqrstuvwxyz0123456789";
int legal_len = strlen(legal);

//Get every possible combination up to 15 characters long.
InitCombo(&buf, 15);
while(NextCombo(buf, 15, legal, legal_len))
{
cout << buf << '\n';
}
ReleaseCombo(buf);
return(0);
}


The optimization is somewhat of a moot point, though, since the cout statement takes hundreds of times longer than the NextCombo() function.



~BenDilts( void );

Share this post


Link to post
Share on other sites
Well I'm closing this thread. I agree that there are some legal uses of password crackers, but, frankly, I do not feel comfortable having the details of such algorithms discussed here. Read the forum rules at the link below:

The Rules

You will find the following specific rules, which are my justification for closing the post:

- "Topics that you post should be relevant to the forum in which you are posting."

This post doesn't appear to be about game development, and therefore isn't relevant to this forum. If you disagree, so be it. My answer to you is in the following rule.

- "The moderator of each forum is ultimately responsible for determining what is and isn't appropriate material for that forum"

I be the moderator, and I've decided this thread isn't appropriate.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this