# Thread: Running a Brute Force Attack Simulation...

1. ## Running a Brute Force Attack Simulation...

Hi everyone!

I was bored so i was running a brute force attack on a simple encryption scheme i came up with. I'm using a known plaintext and known (complementary) ciphertext. So the computer's job it to guess the key until it finds the right one.

The encrypt() function i wrote works both as the encryptor and decryptor, it acts on two given strings (plaintext and the key) and returns a string (the enciphered one).

My question now is, how do i get the computer to start guessing? i.e. ->
1. "a"
2. "b"
3. "c"
...
27. "aa"
28. "ab"
...
53. "aaa"
54. "aab"
...
etc.

Thanks!

2. using for loops... loops inside loops...

3. how exactly?

I cant think of it, i cheated a bit, knowing that it was an 8 letter (lowercase) password, and i set the initial test string to "aaaaaaaa" and tried rotating the letters from there.

Actually, i just had a thought i'll give a try, but suggestions are very welcome.

Thanks!

4. The same way that you would implement arbitrary precision arithmetic.

aaaa
aaab

When you get to
aaaz
you then carry into the next position and get
aaba

Think how you would do this with
0000
to
9999
and generalise it.

5. Yeah true, i think i know how i might implement that.

My idea was to use a circularly-linked list, with all of the possible numerals (lowercase, numbers, and uppercase) as each item on the rotor (list). Then rotate it, make the string, and check. Then if all the items on one wheel dont work, i simply add another wheel, and so on and so forth.

Probably overkill huh?

6. I actually wrote a program like this some time ago and lost it when I formatted. Perhaps I should write it again.

I think you're thinking way too hard about this. Your alphabet should be in an array since your array cannot be longer than 256 if you use every ASCII code and then some (ie. size of a byte aka a char). If you want to, stick the alphabet in a file or get it from the user. Unless you'll be doing a unicode password, this should be sufficient.

From what I remember, I had the length of the string as the limit of times to execute an inner loop. You need at least two loops, but maybe you need three. I wanted to make it handle a custom alphabet, but I never got around to it, if I remember correctly, and just had it go through the standard A-Z and a-z.

7. You could implement things recursively.
Code:
```const char MAX = 'z', MIN = 'a';
char key[9] = "aaaaaaaa";
{
key[position]++;
if (key[position] > MAX)
{
key[position] = MIN;
if (position==7)
return false;
}
return true;
}
int runSimulation()
{
testKey(); //Implement that part yourself...
}```
EDIT: Cannot guarantee that the above code will be error free as I have not tested...

8. Thanks everyone, i'll look into that last post!

However, i've decided to take my over-complicated Rotor idea and run with it. And so far (i'm amazed) i havent had any significant problems and it's nearly finished. I have hit a bit of a puzzler though, i dont know how to implement this next bit. Well, here's the function to Rotate the Whole Cylinder one spot. The problem is making it dynamic enough so that i dont have to nest like 8 if loops in a row. I know there's a way to do it with for loops i just cant seem to find it...

Anyways, here's the function thus far, simple, and relys on other functions:
Code:
```void rotateCylinder(cylinder *current, vector<char> p)
{
//Rotates the entire cylinder once
current->rotors[0] = current->rotors[0]->next;
if(current->rotors[0]->value == "a") //first spot again
{
//Either rotate the second cylinder, or add a cylinder
if(current->rotors[1] == NULL)
{
}else
{
current->rotors[1] = current->rotors[1]->next;
}
}
}```
Ideas welcome!

PS--------

Is there a string.function() that clears the string? Is it string.clear()? Just wondering, i need it instead of using string = "" like i am now. Thanks!

9. Yes, clear() is a member function of class std::string that should do what you want.

10. dankeschon!

how about the bigger problem? the function itself? Ideas?

11. ok so i had a thought, and tried implementing it, and i'm pretty sure it'll work but i get some errors:
brute force cracker 1\main.cpp(199) : error C2446: '==' : no conversion from 'const char *' to 'int'
And here's the new and improved function:
Code:
```void rotateCylinder(cylinder *current, vector<char> p, int pos)
{
//Rotates the entire cylinder once
current->rotors[pos] = current->rotors[pos]->next;
if(current->rotors[pos]->value == "a") //first spot again
{
//Either rotate the second cylinder, or add a cylinder
if(pos < NUM_ROTORS-1)
{
if(current->rotors[pos+1] == NULL)
{
}else
{
rotateCylinder(current, p, pos+1);
}
}
}
}```
current is the cylinder (as i named it) which has X amount of rotors in it, the pointers to these rotors are contained in the one piece of data inside the cylinder struct i created, an array named rotors[] which holds said pointers. Just thought i'd explain that if there were to be any confusion.

Thanks!

12. Nevermind! Fixed it

Now let's see how long it'll take to crack it! haha

13. Originally Posted by Junior89
Nevermind! Fixed it

Now let's see how long it'll take to crack it! haha
well assuming you have a case sensitive 8 character alphanumeric password, (upper + lower and 0-9 = 62 chars) that's 62^8 or 218340105584896 possible combinations.

if we pluck a number out of the air and say you can try 10000 passwords a second, it'll still take you 6065002 hours (or about 700 years!)

14. yeah... haha, i cut the password down to 4 characters i realized that bit a little ways into things.

I'm having trouble with displaying this info though:
Code:
```cout<<endl<<"It took:"<<endl<<"======="<<endl<<(time&#37;60000)<<" Minutes, ";
time = time - (60000*(time%60000));
cout<<(time%1000)<<" Seconds, and ";
time = time - (1000 * (time%1000));
cout<<time<<" Milliseconds to crack the password."<<endl;
cout<<"With as, "<<tested<<" attempts."<<endl;
cout<<"At Approximately "<<aps<<" attempts per second.";```
Just to show how long it took in different units...

Why wont it work? =(

EDIT------------
Actually...

I'm getting a runtime error, div by 0, but why?
Code:
```time = stopTimer();
aps = (tested/(time%1000));
cout<<"The Password Is: "<<conCylinder(main, ptext, ctext, p, tested)<<endl;
cout<<endl<<"It took:"<<endl<<"======="<<endl<<(time%60000)<<" Minutes, ";
time = time - (60000*(time%60000));
cout<<(time%1000)<<" Seconds, and ";
time = time - (1000 * (time%1000));
cout<<time<<" Milliseconds to crack the password."<<endl;
cout<<"With as, "<<tested<<" attempts."<<endl;
cout<<"At Approximately "<<aps<<" attempts per second.";
cin.ignore();```
And i initialized time to 1, and it gets reassigned a number when the function finishes.

15. well assuming you have a case sensitive 8 character alphanumeric password, (upper + lower and 0-9 = 62 chars) that's 62^8 or 218340105584896 possible combinations.

if we pluck a number out of the air and say you can try 10000 passwords a second, it'll still take you 6065002 hours (or about 700 years!)
Wow, thats insane. I thought a password could be broken in much less time (thank you Hollywood for a good 'hacker' education XD)

Is there some faster ways to break a password if you dont have any information about it?