OpenOffice.org Forum at OOoForum.orgThe OpenOffice.org Forum
 
 [Home]   [FAQ]   [Search]   [Memberlist]   [Usergroups]   [Register
 [Profile]   [Log in to check your private messages]   [Log in

Writing a password cracker

 
Post new topic   Reply to topic    OOoForum.org Forum Index -> OpenOffice.org Macros and API
View previous topic :: View next topic  
Author Message
pitonyak
Administrator
Administrator


Joined: 09 Mar 2004
Posts: 3655
Location: Columbus, Ohio, USA

PostPosted: Mon Aug 22, 2005 11:58 am    Post subject: Writing a password cracker Reply with quote

If I open a document with a password and I use the wrong password, an empty frame is opened. I seem to remember seeing this issue before, but I can not remember the solution.

Assume that I the 1000 years required to crack an eight character password, each attempt will leave an open frame.

I suppose that I can create a blank document with a named frame and open the document every time into the named frame, but I am curious if there is another solution.

If you already have a "cracker", I would appreciate a copy, but I am really looking for a solution to the opening issue.
_________________
--
Andrew Pitonyak
http://www.pitonyak.org/oo.php
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address
avantman42
Super User
Super User


Joined: 28 Jul 2003
Posts: 751
Location: Staffordshire, UK

PostPosted: Mon Aug 22, 2005 2:11 pm    Post subject: Reply with quote

I have a cracker that uses dictionary files. I wrote it in OOo 1.1.4, and haven't tried it in 1.9.x

The relevant lines are:

Code:

'Try to open file
oDoc = StarDesktop.LoadComponentFromURL(ConvertToURL (SXC_FILE), "_default", 0, OpenProperties())
   
'Check for success
if not (IsNull (oDoc)) then
   msgbox "Document opened. Password is:" & chr (10) & sPass


If the password is wrong, then oDoc is null, since it couldn't open the file. It doesn't leave a frame behind. This may be different in 1.9.x

Does that help?

If you want a copy of the cracker, just PM or e-mail me.

Russ
Back to top
View user's profile Send private message
pitonyak
Administrator
Administrator


Joined: 09 Mar 2004
Posts: 3655
Location: Columbus, Ohio, USA

PostPosted: Mon Aug 22, 2005 7:19 pm    Post subject: Reply with quote

I would really like a copy of your dictionary version (andrew@pitonyak.org). Also, your simple example showed me what I needed to do solve my problem. I used the frame name as "_blank" and you used "_default". If you use "_blank", then it opens into a NEW blank window even if the document can NOT be opened.

I started on a brute force method in Basic, but it is way to slow to be practical. I can shoot you a copy of what I have, or even post the existing code here. It is not too long. Well, here is the code that I have so far. Not really usable Smile but it did pass one simple test...
Code:
Sub Main
  Dim sChars(0 To 25) As String
  Dim i%
  Dim sURL$

  For i=0 To 25
    sChars(i) = CHR$(97 + i)
    'sChars(i+26) = CHR$(65 + i)
  Next
  sURL = "file:///c:/password.sxw"
  sURL = "file:///andrew0/home/andy/Password2.odt"
  Print CrackIt(sChars(), 5, 5, sURL)
End Sub

Function CrackIt(chars() As String, nMinChars%, nMaxChars%, sURL$) As Variant
  Dim nCharIdx(1 To nMaxChars) As Integer
  Dim sChars(1 To nMaxChars) As String
  Dim s$
  Dim i%
  Dim nLB%, nUB%
  Dim nNumChars
  Dim bPassFound As Boolean
  Dim bNumWrapped As Boolean
  Dim n As Long
  Dim tStart
  Dim tEnd
  Dim oDoc
  Dim oArgs(1) As New com.sun.star.beans.PropertyValue
 
  oArgs(0).Name = "Password"
  oArgs(1).Name = "Hidden"
  oArgs(1).Value = True

  For i=1 To nMaxChars
    nCharIdx(i) = nLB
    sChars(i) = ""
  Next
 
  tStart = GetSystemTicks()

  n = 0
  nLB = LBound(chars())
  nUB = UBound(chars())
  bPassFound = False
  For nNumChars = nMinChars To nMaxChars
    For i=1 To nNumChars
      nCharIdx(i) = nLB
      sChars(i) = chars(nLB)
    Next
    bNumWrapped = False
    Do Until bPassFound OR bNumWrapped
      n = n + 1
      's = ""
      bNumWrapped = True
      s = Join(sChars(), "")
      'Print "s = " & s
      oArgs(0).Value = s
      REM I must use "_default" rather than "_blank" or a new
      REM blank document is opened no matter what.
      oDoc = StarDesktop.loadComponentFromURL(sURL, "_default", 0, oArgs())
      If NOT IsNull(oDoc) Then
        CrackIt = "Found:" & s
        tEnd = GetSystemTicks() - tStart
        MsgBox "Total ticks = " & tEnd & CHR$(10) & _
               "Iterations = " & n & CHR$(10) & _
               "Iterations / tick = " &  (n / tEnd)
        Exit Function
      End If
      For i = 1 To nNumChars
        's = s & chars(nCharIdx(i))
        If bNumWrapped Then
          nCharIdx(i) = nCharIdx(i) + 1
          If nCharIdx(i) <= nUB Then
            bNumWrapped = False
            sChars(i) = chars(nCharIdx(i))
            Exit For
          Else
            nCharIdx(i) = nLB
            sChars(i) = chars(nLB)
          End If
        End If
      Next
    Loop
  Next
  tEnd = GetSystemTicks() - tStart
  MsgBox "Total ticks = " & tEnd & CHR$(10) & _
         "Iterations = " & n & CHR$(10) & _
         "Iterations / tick = " &  (n / tEnd)
 
  'Print "n = " & n
  CrackIt = "Not Found:" & s
End Function

_________________
--
Andrew Pitonyak
http://www.pitonyak.org/oo.php
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address
avantman42
Super User
Super User


Joined: 28 Jul 2003
Posts: 751
Location: Staffordshire, UK

PostPosted: Tue Aug 23, 2005 12:40 am    Post subject: Reply with quote

pitonyak wrote:
I would really like a copy of your dictionary version (andrew@pitonyak.org)


It's at home (I'm at work at the moment) but I'll send it on later.

pitonyak wrote:
I started on a brute force method in Basic, but it is way to slow to be practical. I can shoot you a copy of what I have, or even post the existing code here. It is not too long.


My cracker has dictionary & brute force routines, but the brute force takes far too long to be useable. I'd be interested in seeing your code if you get it to a useable state. I doubt I'll ever need it, but it could be interesting to examine Smile

While we're talking about such things, I had thought about putting my cracker up on OOoMacros, but wasn't sure about the ethics of doing so. Any thoughts?

Russ
Back to top
View user's profile Send private message
pitonyak
Administrator
Administrator


Joined: 09 Mar 2004
Posts: 3655
Location: Columbus, Ohio, USA

PostPosted: Tue Aug 23, 2005 5:24 am    Post subject: Reply with quote

I have no problems with a password cracker available on the internet. My feeling is that anyone who really wants one can (and will) write one. It is sort of like publishing a study against SHA1, which they can attack faster than before.

Assume that the password has exactly n characters chosen from a set of k characters. There are k^n possibilities. If k=64 and n=8 then there are 218,340,105,584,896 possibilities.

Assume that the password is from 1 to n characters chosen from a set of k characters. The number of possibilities would be: k^1 + k^2 + k^3 + ... + k^n. Again, for n=8 and k=64, there are 221,919,451,578,090 possibilities.

My Macro can generate roughly 126 passwords a second in Basic, it is much slower if I try to use the password, but it would take me around 800 years just ot generate all of the passwords to check for n=8 and k=64.

Sure, Basic is slow, and I could use a faster language. I would be more careful with my code if I could quickly break an OOo document; and then I would be in a dialog with the developers to use better encryption.

I consider the code to be mostly educational with an occassional good use and an occassional bad use. I am willing to allow the occassional bad use. If there was no purpose other than bad then I would feel differently.
_________________
--
Andrew Pitonyak
http://www.pitonyak.org/oo.php
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address
pitonyak
Administrator
Administrator


Joined: 09 Mar 2004
Posts: 3655
Location: Columbus, Ohio, USA

PostPosted: Tue Aug 23, 2005 6:41 am    Post subject: Reply with quote

Here is my final "brute force" code
Code:
Sub Main
  Dim sChars(0 To 3) As String
  Dim i%
  Dim sURL$
 
  For i=0 To UBound(sChars())
    If (i < 26) Then
      sChars(i) = CHR$(97 + i)
    ElseIf (i < 52) Then
      sChars(i) = CHR$(65 + i - 26)
    End If
    'sChars(i+26) = CHR$(97 + i)
  Next
  sURL = "file:///c:/password.sxw"
  Print CrackIt(sChars(), 4, 5, sURL)
End Sub

Function CrackIt(chars() As String, nMinChars%, nMaxChars%, sURL$) As Variant
  Dim s$        ' Holds the password string.
  Dim sLB$      ' The first character.
  Dim i%        ' General index variable.
  Dim nTemp%    ' Temporary integer used to increment the password.
  Dim nLB%      ' Lower bound of the character array.
  Dim nUB%      ' Upper bound of the character array.
  Dim n As Long ' Total number of passwords checked.
  Dim tStart    ' Starting ticks.
  Dim tEnd      ' Total elapsed ticks
  Dim oDoc As Object ' If I leave this as an Object then it defaults to NULL
  Dim oArgs(1) As New com.sun.star.beans.PropertyValue
  Dim nCharIdx(1 To nMaxChars) As Integer

  REM Set the actual password just before testing
  oArgs(0).Name = "Password"
  oArgs(1).Name = "Hidden"
  oArgs(1).Value = True

  REM Some initial values
  nLB = LBound(chars())
  nUB = UBound(chars())
  sLB = chars(nLB)

  REM Set the initial password in s.
  REM nCharIdx holds the index into chars() for the corresponding character.
  s = ""
  For i=1 To nMinChars
    nCharIdx(i) = nLB
    s = s & sLB
  Next

  REM Initialize to one before the first character.
  REM When the previous charcter rolls into this character,
  REM the value will be incremented to nLB, which is the first
  REM character.
  For i=nMinChars + 1 To nMaxChars
    nCharIdx(i) = nLB - 1
  Next

  REM Get ready to start!
  n = 0
  tStart = GetSystemTicks()
  Do While True
    n = n + 1
    'Print s
    'if ((n MOD 50) = 0) Then Print "n = " & n & " s = " & s
    oArgs(0).Value = s
    REM If I use "_blank", then a new frame opens even if the load fails.
    oDoc = StarDesktop.loadComponentFromURL(sURL, "_default", 0, oArgs())
    If IsNull(oDoc) Then
      REM The last password was NOT valid
      REM try a new one!
      For i = 1 To nMaxChars
        nTemp = nCharIdx(i) + 1
        If nTemp <= nUB Then
          nCharIdx(i) = nTemp
          Mid(s, i, 1, chars(nTemp))
          Exit For
        Else
          nCharIdx(i) = nLB
          Mid(s, i, 1, sLB)
          If i = nMaxChars Then Exit Do
        End If
      Next
    Else
      oDoc.close(True)
      CrackIt = s
      tEnd = GetSystemTicks() - tStart
      MsgBox "Total ticks = " & tEnd & CHR$(10) & _
             "Iterations = " & n & CHR$(10) & _
             "Iterations / tick = " &  (n / tEnd) & CHR$(10) & _
             "ticks / Iteration = " &  (tEnd / n) & CHR$(10) & _
             "Iterations / second = " &  (n / tEnd * 1000)
      Exit Function
    End If
  Loop
  tEnd = GetSystemTicks() - tStart
  MsgBox "Total ticks = " & tEnd & CHR$(10) & _
         "Iterations = " & n & CHR$(10) & _
         "Iterations / tick = " &  (n / tEnd) & CHR$(10) & _
         "ticks / Iteration = " &  (tEnd / n) & CHR$(10) & _
         "Iterations / second = " &  (n / tEnd * 1000)
 
  CrackIt = "Not Found:" & s
End Function

The revised code is much faster than the old while generating the passwords. I can now generate around 8300 passwords a second on a 3.19Ghz Pentium. Just comment out "LoadComponentFromURL" to see this speed.
The real speed killer, however, is attempting to load the document from the URL. I can only check approximately 16.8 passwords a second. If I really need to crack a document, I would need to use a different method for evaluating the password for a match.
_________________
--
Andrew Pitonyak
http://www.pitonyak.org/oo.php
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address
avantman42
Super User
Super User


Joined: 28 Jul 2003
Posts: 751
Location: Staffordshire, UK

PostPosted: Tue Aug 23, 2005 7:38 am    Post subject: Reply with quote

pitonyak wrote:
I have no problems with a password cracker available on the internet. My feeling is that anyone who really wants one can (and will) write one. It is sort of like publishing a study against SHA1, which they can attack faster than before.


I'm inclined to agree, although I'm happier now that I've got another opinion. Not publishing it smells of "security through obscurity". On the other hand, I was a bit worried about people claiming that OOoMacros was doing something bad & wrong by publishing something like that. On balance, I think I'll publish and be damned Wink I just need to clean the code up a bit first.

Russ
Back to top
View user's profile Send private message
Dale
Super User
Super User


Joined: 21 Feb 2005
Posts: 1440
Location: Australia

PostPosted: Tue Aug 23, 2005 3:27 pm    Post subject: Reply with quote

avantman42 wrote:
pitonyak wrote:
I have no problems with a password cracker available on the internet. My feeling is that anyone who really wants one can (and will) write one. It is sort of like publishing a study against SHA1, which they can attack faster than before.


I'm inclined to agree, although I'm happier now that I've got another opinion. Not publishing it smells of "security through obscurity".
FWIW you have a second concurrence with your opinion. Not making password crackers available is particularly ridiculous when others are selling them for reasonably big bucks (eg. http://www.atstake.com/products/lc/consultant.html ).

Also, if you figure out a crack someone else will in turn work out a better implementation and we all get more security.
_________________
Dale
To err is human, but to destroy your slippers in the process takes a real son of a bitch: Me!

OOo documentation from the source
http://documentation.openoffice.org
Guides, FAQ, How Tos
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    OOoForum.org Forum Index -> OpenOffice.org Macros and API All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group