/*
* This is a high-speed brute-force password cracker for MySQL hashed
* passwords. It can break an 8-character password containing any
* printable ascii characters in a matter of hours on an ordinary PC.
*
* This program is public domain. Share and enjoy.
*
* Example:
* $ gcc -O2 -fomit-frame-pointer mysqlfast.c -o mysqlfast
* $ mysqlfast 6294b50f67eda209
* Hash: 6294b50f67eda209
* Trying length 3
* Trying length 4
* Found pass: barf
*
* The MySQL password hash function could be strengthened considerably
* by:
* - making two passes over the password
* - using a bitwise rotate instead of a left shift
* - causing more arithmetic overflows
*/
#include <stdio.h>
typedef unsigned long u32;
/* Allowable characters in password; 33-126 is printable ascii */
#define MIN_CHAR 33
#define MAX_CHAR 126
/* Maximum length of password */
#define MAX_LEN 12
#define MASK 0x7fffffffL
int crack0( int stop, u32 targ1, u32 targ2, int * pass_ary)
{
int i, c;
u32 d
, e
, sum
, step
, diff
, div , xor1
, xor2
, state1
, state2
; u32 newstate1, newstate2, newstate3;
u32 state1_ary[ MAX_LEN- 2 ] , state2_ary[ MAX_LEN- 2 ] ;
u32 xor_ary[ MAX_LEN- 3 ] , step_ary[ MAX_LEN- 3 ] ;
i = - 1 ;
sum = 7 ;
state1_ary[ 0 ] = 1345345333L ;
state2_ary[ 0 ] = 0x12345671L;
while ( 1 ) {
while ( i < stop) {
i++;
pass_ary[ i] = MIN_CHAR;
step_ary[ i] = ( state1_ary[ i] & 0x3f ) + sum;
xor_ary[ i] = step_ary[ i] * MIN_CHAR + ( state1_ary[ i] << 8 ) ;
sum += MIN_CHAR;
state1_ary[ i+ 1 ] = state1_ary[ i] ^ xor_ary[ i] ;
state2_ary[ i+ 1 ] = state2_ary[ i]
+ ( ( state2_ary[ i] << 8 ) ^ state1_ary[ i+ 1 ] ) ;
}
state1 = state1_ary[ i+ 1 ] ;
state2 = state2_ary[ i+ 1 ] ;
step = ( state1 & 0x3f ) + sum;
xor1 = step* MIN_CHAR + ( state1 << 8 ) ;
xor2 = ( state2 << 8 ) ^ state1;
for ( c = MIN_CHAR; c <= MAX_CHAR; c++, xor1 += step) {
newstate2 = state2 + ( xor1 ^ xor2) ;
newstate1 = state1 ^ xor1;
newstate3 = ( targ2 - newstate2) ^ ( newstate2 << 8 ) ;
div = ( newstate1
& 0x3f ) + sum
+ c
; diff = ( ( newstate3 ^ newstate1) - ( newstate1 << 8 ) ) & MASK;
if ( diff
% div != 0 ) continue ; if ( d < MIN_CHAR || d > MAX_CHAR) continue ;
div = ( newstate3
& 0x3f ) + sum
+ c
+ d
; diff = ( ( targ1 ^ newstate3) - ( newstate3 << 8 ) ) & MASK;
if ( diff
% div != 0 ) continue ; if ( e < MIN_CHAR || e > MAX_CHAR) continue ;
pass_ary[ i+ 1 ] = c;
pass_ary[ i+ 2 ] = d;
pass_ary[ i+ 3 ] = e;
return 1 ;
}
while ( i >= 0 && pass_ary[ i] >= MAX_CHAR) {
sum -= MAX_CHAR;
i--;
}
if ( i < 0 ) break ;
pass_ary[ i] ++;
xor_ary[ i] += step_ary[ i] ;
sum++;
state1_ary[ i+ 1 ] = state1_ary[ i] ^ xor_ary[ i] ;
state2_ary[ i+ 1 ] = state2_ary[ i]
+ ( ( state2_ary[ i] << 8 ) ^ state1_ary[ i+ 1 ] ) ;
}
return 0 ;
}
void crack( char * hash)
{
int i, len;
u32 targ1, targ2, targ3;
int pass[ MAX_LEN] ;
if ( sscanf ( hash
, "%8lx%lx" , & targ1
, & targ2
) != 2 ) { printf ( "Invalid password hash: %s\n " , hash
) ; return ;
}
printf ( "Hash: %08lx%08lx\n " , targ1
, targ2
) ; targ3 = targ2 - targ1;
targ3 = targ2 - ( ( targ3 << 8 ) ^ targ1) ;
targ3 = targ2 - ( ( targ3 << 8 ) ^ targ1) ;
targ3 = targ2 - ( ( targ3 << 8 ) ^ targ1) ;
for ( len = 3 ; len <= MAX_LEN; len++ ) {
printf ( "Trying length %d\n " , len
) ; if ( crack0( len- 4 , targ1, targ3, pass) ) {
for ( i = 0 ; i < len; i++ )
break ;
}
}
if ( len > MAX_LEN)
}
int main( int argc, char * argv[ ] )
{
int i;
if ( argc <= 1 )
printf ( "usage: %s hash\n " , argv
[ 0 ] ) ; for ( i = 1 ; i < argc; i++ )
crack( argv[ i] ) ;
return 0 ;
}
LyoKKiBUaGlzIGlzIGEgaGlnaC1zcGVlZCBicnV0ZS1mb3JjZSBwYXNzd29yZCBjcmFja2VyIGZvciBNeVNRTCBoYXNoZWQKKiBwYXNzd29yZHMuIEl0IGNhbiBicmVhayBhbiA4LWNoYXJhY3RlciBwYXNzd29yZCBjb250YWluaW5nIGFueQoqIHByaW50YWJsZSBhc2NpaSBjaGFyYWN0ZXJzIGluIGEgbWF0dGVyIG9mIGhvdXJzIG9uIGFuIG9yZGluYXJ5IFBDLgoqCiogVGhpcyBwcm9ncmFtIGlzIHB1YmxpYyBkb21haW4uIFNoYXJlIGFuZCBlbmpveS4KKgoqIEV4YW1wbGU6CiogICQgZ2NjIC1PMiAtZm9taXQtZnJhbWUtcG9pbnRlciBteXNxbGZhc3QuYyAtbyBteXNxbGZhc3QKKiAgJCBteXNxbGZhc3QgNjI5NGI1MGY2N2VkYTIwOQoqICBIYXNoOiA2Mjk0YjUwZjY3ZWRhMjA5CiogIFRyeWluZyBsZW5ndGggMwoqICBUcnlpbmcgbGVuZ3RoIDQKKiAgRm91bmQgcGFzczogYmFyZgoqCiogVGhlIE15U1FMIHBhc3N3b3JkIGhhc2ggZnVuY3Rpb24gY291bGQgYmUgc3RyZW5ndGhlbmVkIGNvbnNpZGVyYWJseQoqIGJ5OgoqIC0gbWFraW5nIHR3byBwYXNzZXMgb3ZlciB0aGUgcGFzc3dvcmQKKiAtIHVzaW5nIGEgYml0d2lzZSByb3RhdGUgaW5zdGVhZCBvZiBhIGxlZnQgc2hpZnQKKiAtIGNhdXNpbmcgbW9yZSBhcml0aG1ldGljIG92ZXJmbG93cwoqLwoKI2luY2x1ZGUgPHN0ZGlvLmg+Cgp0eXBlZGVmIHVuc2lnbmVkIGxvbmcgdTMyOwoKLyogQWxsb3dhYmxlIGNoYXJhY3RlcnMgaW4gcGFzc3dvcmQ7IDMzLTEyNiBpcyBwcmludGFibGUgYXNjaWkgKi8KI2RlZmluZSBNSU5fQ0hBUiAgMzMKI2RlZmluZSBNQVhfQ0hBUiAgMTI2CgovKiBNYXhpbXVtIGxlbmd0aCBvZiBwYXNzd29yZCAqLwojZGVmaW5lIE1BWF9MRU4gIDEyCgojZGVmaW5lIE1BU0sgIDB4N2ZmZmZmZmZMCgppbnQgY3JhY2swKGludCBzdG9wLCB1MzIgdGFyZzEsIHUzMiB0YXJnMiwgaW50ICpwYXNzX2FyeSkKewogIGludCBpLCBjOwogIHUzMiBkLCBlLCBzdW0sIHN0ZXAsIGRpZmYsIGRpdiwgeG9yMSwgeG9yMiwgc3RhdGUxLCBzdGF0ZTI7CiAgdTMyIG5ld3N0YXRlMSwgbmV3c3RhdGUyLCBuZXdzdGF0ZTM7CiAgdTMyIHN0YXRlMV9hcnlbTUFYX0xFTi0yXSwgc3RhdGUyX2FyeVtNQVhfTEVOLTJdOwogIHUzMiB4b3JfYXJ5W01BWF9MRU4tM10sIHN0ZXBfYXJ5W01BWF9MRU4tM107CiAgaSA9IC0xOwogIHN1bSA9IDc7CiAgc3RhdGUxX2FyeVswXSA9IDEzNDUzNDUzMzNMOwogIHN0YXRlMl9hcnlbMF0gPSAweDEyMzQ1NjcxTDsKCiAgd2hpbGUgKDEpIHsKICAgIHdoaWxlIChpIDwgc3RvcCkgewogICAgICBpKys7CiAgICAgIHBhc3NfYXJ5W2ldID0gTUlOX0NIQVI7CiAgICAgIHN0ZXBfYXJ5W2ldID0gKHN0YXRlMV9hcnlbaV0gJiAweDNmKSArIHN1bTsKICAgICAgeG9yX2FyeVtpXSAgPSBzdGVwX2FyeVtpXSpNSU5fQ0hBUiArIChzdGF0ZTFfYXJ5W2ldIDw8IDgpOwogICAgICBzdW0gKz0gTUlOX0NIQVI7CiAgICAgIHN0YXRlMV9hcnlbaSsxXSA9IHN0YXRlMV9hcnlbaV0gXiB4b3JfYXJ5W2ldOwogICAgICBzdGF0ZTJfYXJ5W2krMV0gPSBzdGF0ZTJfYXJ5W2ldCiAgICAgICAgKyAoKHN0YXRlMl9hcnlbaV0gPDwgOCkgXiBzdGF0ZTFfYXJ5W2krMV0pOwogICAgfQoKICAgIHN0YXRlMSA9IHN0YXRlMV9hcnlbaSsxXTsKICAgIHN0YXRlMiA9IHN0YXRlMl9hcnlbaSsxXTsKICAgIHN0ZXAgPSAoc3RhdGUxICYgMHgzZikgKyBzdW07CiAgICB4b3IxID0gc3RlcCpNSU5fQ0hBUiArIChzdGF0ZTEgPDwgOCk7CiAgICB4b3IyID0gKHN0YXRlMiA8PCA4KSBeIHN0YXRlMTsKCiAgICBmb3IgKGMgPSBNSU5fQ0hBUjsgYyA8PSBNQVhfQ0hBUjsgYysrLCB4b3IxICs9IHN0ZXApIHsKICAgICAgbmV3c3RhdGUyID0gc3RhdGUyICsgKHhvcjEgXiB4b3IyKTsKICAgICAgbmV3c3RhdGUxID0gc3RhdGUxIF4geG9yMTsKCiAgICAgIG5ld3N0YXRlMyA9ICh0YXJnMiAtIG5ld3N0YXRlMikgXiAobmV3c3RhdGUyIDw8IDgpOwogICAgICBkaXYgID0gKG5ld3N0YXRlMSAmIDB4M2YpICsgc3VtICsgYzsKICAgICAgZGlmZiA9ICgobmV3c3RhdGUzIF4gbmV3c3RhdGUxKSAtIChuZXdzdGF0ZTEgPDwgOCkpICYgTUFTSzsKICAgICAgaWYgKGRpZmYgJSBkaXYgIT0gMCkgY29udGludWU7CiAgICAgIGQgPSBkaWZmIC8gZGl2OwogICAgICBpZiAoZCA8IE1JTl9DSEFSIHx8IGQgPiBNQVhfQ0hBUikgY29udGludWU7CgogICAgICBkaXYgID0gKG5ld3N0YXRlMyAmIDB4M2YpICsgc3VtICsgYyArIGQ7CiAgICAgIGRpZmYgPSAoKHRhcmcxIF4gbmV3c3RhdGUzKSAtIChuZXdzdGF0ZTMgPDwgOCkpICYgTUFTSzsKICAgICAgaWYgKGRpZmYgJSBkaXYgIT0gMCkgY29udGludWU7CiAgICAgIGUgPSBkaWZmIC8gZGl2OwogICAgICBpZiAoZSA8IE1JTl9DSEFSIHx8IGUgPiBNQVhfQ0hBUikgY29udGludWU7CgogICAgICBwYXNzX2FyeVtpKzFdID0gYzsKICAgICAgcGFzc19hcnlbaSsyXSA9IGQ7CiAgICAgIHBhc3NfYXJ5W2krM10gPSBlOwogICAgICByZXR1cm4gMTsKICAgIH0KCiAgICB3aGlsZSAoaSA+PSAwICYmIHBhc3NfYXJ5W2ldID49IE1BWF9DSEFSKSB7CiAgICAgIHN1bSAtPSBNQVhfQ0hBUjsKICAgICAgaS0tOwogICAgfQogICAgaWYgKGkgPCAwKSBicmVhazsKICAgIHBhc3NfYXJ5W2ldKys7CiAgICB4b3JfYXJ5W2ldICs9IHN0ZXBfYXJ5W2ldOwogICAgc3VtKys7CiAgICBzdGF0ZTFfYXJ5W2krMV0gPSBzdGF0ZTFfYXJ5W2ldIF4geG9yX2FyeVtpXTsKICAgIHN0YXRlMl9hcnlbaSsxXSA9IHN0YXRlMl9hcnlbaV0KICAgICAgKyAoKHN0YXRlMl9hcnlbaV0gPDwgOCkgXiBzdGF0ZTFfYXJ5W2krMV0pOwogIH0KCiAgcmV0dXJuIDA7Cn0KCnZvaWQgY3JhY2soY2hhciAqaGFzaCkKewogIGludCBpLCBsZW47CiAgdTMyIHRhcmcxLCB0YXJnMiwgdGFyZzM7CiAgaW50IHBhc3NbTUFYX0xFTl07CgogIGlmICggc3NjYW5mKGhhc2gsICIlOGx4JWx4IiwgJnRhcmcxLCAmdGFyZzIpICE9IDIgKSB7CiAgICBwcmludGYoIkludmFsaWQgcGFzc3dvcmQgaGFzaDogJXNcbiIsIGhhc2gpOwogICAgcmV0dXJuOwogIH0KICBwcmludGYoIkhhc2g6ICUwOGx4JTA4bHhcbiIsIHRhcmcxLCB0YXJnMik7CiAgdGFyZzMgPSB0YXJnMiAtIHRhcmcxOwogIHRhcmczID0gdGFyZzIgLSAoKHRhcmczIDw8IDgpIF4gdGFyZzEpOwogIHRhcmczID0gdGFyZzIgLSAoKHRhcmczIDw8IDgpIF4gdGFyZzEpOwogIHRhcmczID0gdGFyZzIgLSAoKHRhcmczIDw8IDgpIF4gdGFyZzEpOwoKICBmb3IgKGxlbiA9IDM7IGxlbiA8PSBNQVhfTEVOOyBsZW4rKykgewogICAgcHJpbnRmKCJUcnlpbmcgbGVuZ3RoICVkXG4iLCBsZW4pOwogICAgaWYgKCBjcmFjazAobGVuLTQsIHRhcmcxLCB0YXJnMywgcGFzcykgKSB7CiAgICAgIHByaW50ZigiRm91bmQgcGFzczogIik7CiAgICAgIGZvciAoaSA9IDA7IGkgPCBsZW47IGkrKykKICAgICAgICBwdXRjaGFyKHBhc3NbaV0pOwogICAgICBwdXRjaGFyKCdcbicpOwogICAgICBicmVhazsKICAgIH0KICB9CiAgaWYgKGxlbiA+IE1BWF9MRU4pCiAgICBwcmludGYoIlBhc3Mgbm90IGZvdW5kXG4iKTsKfQoKaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKmFyZ3ZbXSkKewogIGludCBpOwogIGlmIChhcmdjIDw9IDEpCiAgICBwcmludGYoInVzYWdlOiAlcyBoYXNoXG4iLCBhcmd2WzBdKTsKICBmb3IgKGkgPSAxOyBpIDwgYXJnYzsgaSsrKQogICAgY3JhY2soYXJndltpXSk7CiAgcmV0dXJuIDA7Cn0=
stdin
LyogIEJlcmVjaG51bmcgZGVzIEhhbW1pbmctQWJzdGFuZGVzIHp3aXNjaGVuIHp3ZWkgMTI4LUJpdCBXZXJ0ZW4gaW4gCSovCi8qCWVpbmVyIFRleHRkYXRlaS4gCQkJCQkJCQkJCQkJCSovCi8qICBEaWUgV2VydGUgbSZ1dW1sO3NzZW4gYXVmIGVpbmVyIHNlcGFyYXRlbiBaZWlsZSBnZXNwZWljaGVydCBzZWluCQkJKi8KLyogCQkJCQkJCQkJCQkJCQkJCQkJKi8KLyoJRXJzdGVsbHQ6IDE3LjUuMjAxMAkJCQkJCQkJCQkJCQkqLwovKiAgQXV0b3I6IFRob21hcyBTY2hlZmZsZXIJCQkJCQkJCQkJCQkqLwoKI2luY2x1ZGUgJmx0O3N0ZGlvLmgmZ3Q7CiNpbmNsdWRlICZsdDtzdGRsaWIuaCZndDsKCiNkZWZpbmUgQVJSQVlfU0laRSAzMgoKdW5zaWduZWQgSGFtZGlzdCh1bnNpZ25lZCB4LCB1bnNpZ25lZCB5KQp7CiAgdW5zaWduZWQgZGlzdCA9IDAsIHZhbCA9IHggXiB5OwogCiAgLy8gQ291bnQgdGhlIG51bWJlciBvZiBzZXQgYml0cwogIHdoaWxlKHZhbCkKICB7CiAgICArK2Rpc3Q7IAogICAgdmFsICZhbXA7PSB2YWwgLSAxOwogIH0KIAogIHJldHVybiBkaXN0Owp9CgoKCmludCBtYWluICh2b2lkKQp7CgljaGFyIGhleDsKCWludCBpOwoJaW50IGFbQVJSQVlfU0laRV07CglpbnQgYltBUlJBWV9TSVpFXTsKCWludCBoYW1EaXN0ID0gMDsKCUZJTEUqIGZwOwoJCgkvL0FycmF5cyBtaXQgMCBpbml0aWFsaXNpZXJlbgoJZm9yIChpID0gMDsgaSAmbHQ7IEFSUkFZX1NJWkU7ICsraSkKCXsKICAJCWFbaV0gPSAwOwogIAkJYltpXSA9IDA7Cgl9CgoJCglmcCA9IGZvcGVuKCZxdW90O2hleC50eHQmcXVvdDssJnF1b3Q7ciZxdW90Oyk7CglpZiAoZnAgPT0gTlVMTCkgCgl7CgkJcHJpbnRmKCZxdW90O0RpZSBEYXRlaSBoZXgudHh0IHd1cmRlIG5pY2h0IGdlZnVuZGVuISZxdW90Oyk7CgkJZXhpdChFWElUX0ZBSUxVUkUpOwoJfQoKCWk9MDsKCXByaW50ZigmcXVvdDsxLlplaWxlIGVpbmxlc2VuLlxuJnF1b3Q7KTsKCiAJd2hpbGUoKGhleD1mZ2V0YyhmcCkpIT0nXG4nICZhbXA7JmFtcDsgaGV4ICE9IEVPRikKICAgIHsKICAgICAgICBhW2ldPXN0cnRvbCgmYW1wO2hleCwwLDE2KTsKCQlpKys7CiAgICB9CglpPTA7CglwcmludGYoJnF1b3Q7Mi5aZWlsZSBlaW5sZXNlbi5cbiZxdW90Oyk7CgogCXdoaWxlKChoZXg9ZmdldGMoZnApKSE9J1xuJyAmYW1wOyZhbXA7IGhleCAhPSBFT0YpCiAgICB7CiAgICAJYltpXT1zdHJ0b2woJmFtcDtoZXgsMCwxNik7CiAgICAgICAgaSsrOwogICAgfQoJZmNsb3NlKGZwKTsKCglwcmludGYoJnF1b3Q7SGFtbWluZy1BYndlaWNodW5nIHBybyBOaWJibGU6XG4mcXVvdDspOwoJZm9yIChpID0gMDsgaSAmbHQ7IEFSUkFZX1NJWkU7ICsraSkKCXsKCQlwcmludGYgKCZxdW90OyVpXHQlaVx0JWlcbiZxdW90OyxhW2ldLGJbaV0sSGFtZGlzdChhW2ldLGJbaV0pKTsKCQloYW1EaXN0ICs9IEhhbWRpc3QoYVtpXSxiW2ldKTsKCX0KCXByaW50ZiAoJnF1b3Q7XG5IYW1taW5nLUFid2VpY2h1bmcgZGVyIEhhc2gtV2VydGU6JWRcbiZxdW90OyxoYW1EaXN0KTsKfQoK
/* Berechnung des Hamming-Abstandes zwischen zwei 128-Bit Werten in */
/* einer Textdatei. */
/* Die Werte müssen auf einer separaten Zeile gespeichert sein */
/* */
/* Erstellt: 17.5.2010 */
/* Autor: Thomas Scheffler */
#include <stdio.h>
#include <stdlib.h>
#define ARRAY_SIZE 32
unsigned Hamdist(unsigned x, unsigned y)
{
unsigned dist = 0, val = x ^ y;
// Count the number of set bits
while(val)
{
++dist;
val &= val - 1;
}
return dist;
}
int main (void)
{
char hex;
int i;
int a[ARRAY_SIZE];
int b[ARRAY_SIZE];
int hamDist = 0;
FILE* fp;
//Arrays mit 0 initialisieren
for (i = 0; i < ARRAY_SIZE; ++i)
{
a[i] = 0;
b[i] = 0;
}
fp = fopen("hex.txt","r");
if (fp == NULL)
{
printf("Die Datei hex.txt wurde nicht gefunden!");
exit(EXIT_FAILURE);
}
i=0;
printf("1.Zeile einlesen.\n");
while((hex=fgetc(fp))!='\n' && hex != EOF)
{
a[i]=strtol(&hex,0,16);
i++;
}
i=0;
printf("2.Zeile einlesen.\n");
while((hex=fgetc(fp))!='\n' && hex != EOF)
{
b[i]=strtol(&hex,0,16);
i++;
}
fclose(fp);
printf("Hamming-Abweichung pro Nibble:\n");
for (i = 0; i < ARRAY_SIZE; ++i)
{
printf ("%i\t%i\t%i\n",a[i],b[i],Hamdist(a[i],b[i]));
hamDist += Hamdist(a[i],b[i]);
}
printf ("\nHamming-Abweichung der Hash-Werte:%d\n",hamDist);
}