Thread: Running a Brute Force Attack Simulation...

  1. #1
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434

    Running a Brute Force Attack Simulation...

    Hi everyone!

    I was bored so i was running a brute force attack on a simple encryption scheme i came up with. I'm using a known plaintext and known (complementary) ciphertext. So the computer's job it to guess the key until it finds the right one.

    The encrypt() function i wrote works both as the encryptor and decryptor, it acts on two given strings (plaintext and the key) and returns a string (the enciphered one).

    My question now is, how do i get the computer to start guessing? i.e. ->
    1. "a"
    2. "b"
    3. "c"
    ...
    27. "aa"
    28. "ab"
    ...
    53. "aaa"
    54. "aab"
    ...
    etc.


    Thanks!
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  2. #2
    Hurry Slowly vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,788
    using for loops... loops inside loops...
    All problems in computer science can be solved by another level of indirection,
    except for the problem of too many layers of indirection.
    – David J. Wheeler

  3. #3
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    how exactly?

    I cant think of it, i cheated a bit, knowing that it was an 8 letter (lowercase) password, and i set the initial test string to "aaaaaaaa" and tried rotating the letters from there.

    Actually, i just had a thought i'll give a try, but suggestions are very welcome.

    Thanks!
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  4. #4
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    The same way that you would implement arbitrary precision arithmetic.

    aaaa
    Add 1 you get
    aaab

    When you get to
    aaaz
    you then carry into the next position and get
    aaba

    Think how you would do this with
    0000
    to
    9999
    and generalise it.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  5. #5
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    Yeah true, i think i know how i might implement that.

    My idea was to use a circularly-linked list, with all of the possible numerals (lowercase, numbers, and uppercase) as each item on the rotor (list). Then rotate it, make the string, and check. Then if all the items on one wheel dont work, i simply add another wheel, and so on and so forth.

    Probably overkill huh?
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  6. #6
    Deathray Engineer MacGyver's Avatar
    Join Date
    Mar 2007
    Posts
    3,210
    I actually wrote a program like this some time ago and lost it when I formatted. Perhaps I should write it again.

    I think you're thinking way too hard about this. Your alphabet should be in an array since your array cannot be longer than 256 if you use every ASCII code and then some (ie. size of a byte aka a char). If you want to, stick the alphabet in a file or get it from the user. Unless you'll be doing a unicode password, this should be sufficient.

    From what I remember, I had the length of the string as the limit of times to execute an inner loop. You need at least two loops, but maybe you need three. I wanted to make it handle a custom alphabet, but I never got around to it, if I remember correctly, and just had it go through the standard A-Z and a-z.

  7. #7
    Amazingly beautiful user.
    Join Date
    Jul 2005
    Location
    If you knew I'd have to kill you
    Posts
    254
    You could implement things recursively.
    Code:
    const char MAX = 'z', MIN = 'a';
    char key[9] = "aaaaaaaa";
    bool addKey(int position)
    {
      key[position]++;
      if (key[position] > MAX)
      {
        key[position] = MIN;
        if (position==7)
          return false;
        return addKey(position + 1);
      }
      return true;
    }
    int runSimulation()
    {
      while (addKey(0))
        testKey(); //Implement that part yourself...
    }
    EDIT: Cannot guarantee that the above code will be error free as I have not tested...
    Programming Your Mom. http://www.dandongs.com/

  8. #8
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    Thanks everyone, i'll look into that last post!

    However, i've decided to take my over-complicated Rotor idea and run with it. And so far (i'm amazed) i havent had any significant problems and it's nearly finished. I have hit a bit of a puzzler though, i dont know how to implement this next bit. Well, here's the function to Rotate the Whole Cylinder one spot. The problem is making it dynamic enough so that i dont have to nest like 8 if loops in a row. I know there's a way to do it with for loops i just cant seem to find it...

    Anyways, here's the function thus far, simple, and relys on other functions:
    Code:
    void rotateCylinder(cylinder *current, vector<char> p)
    {
    	//Rotates the entire cylinder once
    	current->rotors[0] = current->rotors[0]->next;
    	if(current->rotors[0]->value == "a") //first spot again
    	{
    		//Either rotate the second cylinder, or add a cylinder
    		if(current->rotors[1] == NULL)
    		{
    			//Add Cylinder
    			addRotor(current, p);
    		}else
    		{
    			current->rotors[1] = current->rotors[1]->next;
    		}
    	}
    }
    Ideas welcome!

    PS--------

    Is there a string.function() that clears the string? Is it string.clear()? Just wondering, i need it instead of using string = "" like i am now. Thanks!
    Last edited by Junior89; 05-28-2007 at 07:19 PM. Reason: PS-------
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  9. #9
    Deathray Engineer MacGyver's Avatar
    Join Date
    Mar 2007
    Posts
    3,210
    Yes, clear() is a member function of class std::string that should do what you want.

  10. #10
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    dankeschon!

    how about the bigger problem? the function itself? Ideas?
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  11. #11
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    ok so i had a thought, and tried implementing it, and i'm pretty sure it'll work but i get some errors:
    brute force cracker 1\main.cpp(199) : error C2446: '==' : no conversion from 'const char *' to 'int'
    And here's the new and improved function:
    Code:
    void rotateCylinder(cylinder *current, vector<char> p, int pos)
    {
    	//Rotates the entire cylinder once
    	current->rotors[pos] = current->rotors[pos]->next;
    	if(current->rotors[pos]->value == "a") //first spot again
    	{
    		//Either rotate the second cylinder, or add a cylinder
    		if(pos < NUM_ROTORS-1)
    		{
    			if(current->rotors[pos+1] == NULL)
    			{
    				//Add Cylinder
    				addRotor(current, p);
    			}else
    			{
    				rotateCylinder(current, p, pos+1);
    			}
    		}
    	}
    }
    current is the cylinder (as i named it) which has X amount of rotors in it, the pointers to these rotors are contained in the one piece of data inside the cylinder struct i created, an array named rotors[] which holds said pointers. Just thought i'd explain that if there were to be any confusion.

    Thanks!
    Last edited by Junior89; 05-28-2007 at 09:53 PM. Reason: More Explaining...
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  12. #12
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    Nevermind! Fixed it

    Now let's see how long it'll take to crack it! haha
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  13. #13
    semi-colon generator ChaosEngine's Avatar
    Join Date
    Sep 2005
    Location
    Chch, NZ
    Posts
    597
    Quote Originally Posted by Junior89 View Post
    Nevermind! Fixed it

    Now let's see how long it'll take to crack it! haha
    well assuming you have a case sensitive 8 character alphanumeric password, (upper + lower and 0-9 = 62 chars) that's 62^8 or 218340105584896 possible combinations.

    if we pluck a number out of the air and say you can try 10000 passwords a second, it'll still take you 6065002 hours (or about 700 years!)

    "I saw a sign that said 'Drink Canada Dry', so I started"
    -- Brendan Behan

    Free Compiler: Visual C++ 2005 Express
    If you program in C++, you need Boost. You should also know how to use the Standard Library (STL). Want to make games? After reading this, I don't like WxWidgets anymore. Want to add some scripting to your App?

  14. #14
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    yeah... haha, i cut the password down to 4 characters i realized that bit a little ways into things.

    I'm having trouble with displaying this info though:
    Code:
    cout<<endl<<"It took:"<<endl<<"======="<<endl<<(time&#37;60000)<<" Minutes, ";
    	time = time - (60000*(time%60000));
    	cout<<(time%1000)<<" Seconds, and ";
    	time = time - (1000 * (time%1000));
    	cout<<time<<" Milliseconds to crack the password."<<endl;
    	cout<<"With as, "<<tested<<" attempts."<<endl;
    	cout<<"At Approximately "<<aps<<" attempts per second.";
    Just to show how long it took in different units...

    Why wont it work? =(

    EDIT------------
    Actually...

    I'm getting a runtime error, div by 0, but why?
    Code:
    time = stopTimer();
    	aps = (tested/(time%1000));
    	cout<<"The Password Is: "<<conCylinder(main, ptext, ctext, p, tested)<<endl;
    	cout<<endl<<"It took:"<<endl<<"======="<<endl<<(time%60000)<<" Minutes, ";
    	time = time - (60000*(time%60000));
    	cout<<(time%1000)<<" Seconds, and ";
    	time = time - (1000 * (time%1000));
    	cout<<time<<" Milliseconds to crack the password."<<endl;
    	cout<<"With as, "<<tested<<" attempts."<<endl;
    	cout<<"At Approximately "<<aps<<" attempts per second.";
    	cin.ignore();
    And i initialized time to 1, and it gets reassigned a number when the function finishes.
    Last edited by Junior89; 05-28-2007 at 10:43 PM.
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  15. #15
    Registered User
    Join Date
    Oct 2006
    Location
    UK/Norway
    Posts
    485
    well assuming you have a case sensitive 8 character alphanumeric password, (upper + lower and 0-9 = 62 chars) that's 62^8 or 218340105584896 possible combinations.

    if we pluck a number out of the air and say you can try 10000 passwords a second, it'll still take you 6065002 hours (or about 700 years!)
    Wow, thats insane. I thought a password could be broken in much less time (thank you Hollywood for a good 'hacker' education XD)

    Is there some faster ways to break a password if you dont have any information about it?

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. 2d array Brute force test
    By grimuth in forum C++ Programming
    Replies: 5
    Last Post: 04-08-2010, 10:01 AM
  2. Brute Force
    By swgh in forum A Brief History of Cprogramming.com
    Replies: 6
    Last Post: 08-16-2007, 01:41 AM
  3. Replies: 2
    Last Post: 03-21-2004, 08:21 PM
  4. structure vs class
    By sana in forum C++ Programming
    Replies: 13
    Last Post: 12-02-2002, 07:18 AM
  5. Help : Brute Force String KeyGen
    By Tangy in forum C++ Programming
    Replies: 11
    Last Post: 03-11-2002, 09:01 PM