Trying to understand the source of MySQLFast cracker

Moderator: BarsMonster

Post Reply [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
User avatar
Rolf
Posts: 122
Joined: Fri Dec 26, 2008 10:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Trying to understand the source of MySQLFast cracker

Post by Rolf » Sun Jun 06, 2010 7:58 pm

Howdy.
Here's the code : http://paste2.org/p/865399
It's marvellous that Secret Squirrel released the source, but, as I see, he either wasnt lazy to obfuscate it, was in a weird mood or wrote the code while being under dope.
Can any experts point to the idea/main principle used to crack mysql hashes so fast?

User avatar
schwarzwaldhacker
Posts: 170
Joined: Tue Apr 07, 2009 7:18 am
Location: Россия
Contact:

Re: Trying to understand the source of MySQLFast cracker

Post by schwarzwaldhacker » Sun Jun 06, 2010 8:12 pm

I don't know for sure, but I see 2 reasons:

1. The algorithm isn't very complex. In DES, you have this 25*Loop and I think in FreeBSD you even have a 1000*loop.

2. It is linear(As I once told you ;) ). And because of this, you might calculate a "range" instead of a single key at once.

Спокойной ночи, выспаться! :)

User avatar
Rolf
Posts: 122
Joined: Fri Dec 26, 2008 10:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Trying to understand the source of MySQLFast cracker

Post by Rolf » Mon Jun 07, 2010 7:24 am

Image

Sc00bz
Posts: 136
Joined: Fri Oct 03, 2008 8:28 am
Contact:

Re: Trying to understand the source of MySQLFast cracker

Post by Sc00bz » Mon Jun 07, 2010 8:26 pm

Secret Squirrel did not obfuscate it and was not in a weird mood or on drugs. He or she came up with a method of predicting the last two characters of the password.

User avatar
schwarzwaldhacker
Posts: 170
Joined: Tue Apr 07, 2009 7:18 am
Location: Россия
Contact:

Re: Trying to understand the source of MySQLFast cracker

Post by schwarzwaldhacker » Tue Jun 08, 2010 6:42 am

Yes, Sc00bz wrote what I wanted to say. Because I noticed that schwarzwaldMYSQL calculates:

26*26*26*26*26*26*26*26*95*95 checks if you try s=0, e=10, c=loweralpha.

And not 26*26*26*26*26*26*26*26*26*26

So Sc00bz English is better than mine! That's because I am Real Russian Man... :D

User avatar
schwarzwaldhacker
Posts: 170
Joined: Tue Apr 07, 2009 7:18 am
Location: Россия
Contact:

Re: Trying to understand the source of MySQLFast cracker

Post by schwarzwaldhacker » Tue Jun 08, 2010 6:44 am

And of course, 26*26*26*26*26*26*26*26*95*95, because the last 2 characters are "predicted".

User avatar
Rolf
Posts: 122
Joined: Fri Dec 26, 2008 10:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Trying to understand the source of MySQLFast cracker

Post by Rolf » Tue Jun 08, 2010 6:44 am

MySQL(64) ignores spaces.

User avatar
schwarzwaldhacker
Posts: 170
Joined: Tue Apr 07, 2009 7:18 am
Location: Россия
Contact:

Re: Trying to understand the source of MySQLFast cracker

Post by schwarzwaldhacker » Tue Jun 08, 2010 8:57 am

I think this is not as complicated as it looks?

It all starts with this:

Code: Select all

 if (data[5]!=0){
    f1 = f1 ^ ((( (f1 & 0x3f) + fadd ) * data[5] ) + (f1 << 8));
    f2 = f2 + ((f2 << 8) ^ f1 );
    fadd = fadd + data[5];}
 if (data[4]!=0){
    f1 = f1 ^ ((( (f1 & 0x3f) + fadd ) * data[4] ) + (f1 << 8));
    f2 = f2 + ((f2 << 8) ^ f1 );
    fadd = fadd + data[4];}
 if (data[3]!=0){
    f1 = f1 ^ ((( (f1 & 0x3f) + fadd ) * data[3] ) + (f1 << 8));
    f2 = f2 + ((f2 << 8) ^ f1 );
    fadd = fadd + data[3];}
 if (data[2]!=0){
    f1 = f1 ^ ((( (f1 & 0x3f) + fadd ) * data[2] ) + (f1 << 8));
    f2 = f2 + ((f2 << 8) ^ f1 );
    fadd = fadd + data[2];}
 if (data[1]!=0){
    f1 = f1 ^ ((( (f1 & 0x3f) + fadd ) * data[1] ) + (f1 << 8));
    f2 = f2 + ((f2 << 8) ^ f1 );
    fadd = fadd + data[1];}
 if (data[0]!=0){
    f1 = f1 ^ ((( (f1 & 0x3f) + fadd ) * data[0] ) + (f1 << 8));
    f2 = f2 + ((f2 << 8) ^ f1 );
    fadd = fadd + data[0];}
This is needed, in case we are looking for a password>4 characters(Which sometimes, can happen! :) )

And then, you have 3 loops. But 2 of them are particularly interesting, as they probably concern the 3rd and the 4th character:

Code: Select all

for (DWORD dd4 = 0; dd4<lens; dd4++){
[...]
for (DWORD dd3 = 0; dd3 < lens; dd3++) {
And finally, you have a couple of calculations, where one probably checks whether the last two characters could produce real results, therefore normal keyboard ascii results(ddd2 < '!' || ddd2 > '~'):

Code: Select all

DWORD tmp3 = (compd[(i*4)+2] - tmp2) ^ (tmp2 << 8);
DWORD div = (tmp1 & 0x3f) + fadd4 + ddd3;
DWORD diff = ((tmp3 ^ tmp1) - (tmp1 << 8)) & 0x7fffffff;
if (diff > (div << 7)) continue;
if (diff % div != 0) continue;
DWORD ddd2 = diff / div;
if (ddd2 < '!' || ddd2 > '~') continue;
It is probably there that Secret Squirrel "predicts" the last two characters?

But sincerely, I am too busy? Wrote a lot of letters and now I am working on a new cracker myself. Besides, сейчас убираю квартиру. ;)

issue
Posts: 19
Joined: Sun Jun 21, 2009 1:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Trying to understand the source of MySQLFast cracker

Post by issue » Wed Jun 09, 2010 7:15 pm

schwarzwaldhacker, is probably one of the best progammers for this kind of software, IMHO.
I wonder how far he could go writing an MD5 or any other piece of software, again probably, with even
faster speed than BarsWF or ighashgpu ? Possible ? Not asking for it, just doing "simple cafe" question.

User avatar
schwarzwaldhacker
Posts: 170
Joined: Tue Apr 07, 2009 7:18 am
Location: Россия
Contact:

Re: Trying to understand the source of MySQLFast cracker

Post by schwarzwaldhacker » Wed Jun 09, 2010 9:16 pm

Yes, he is indeed one of the best... ;)

But unfortunately, he started to waste his life with "гулять"? Lots and lots of them... And so now, he hasn't any time anymore for writing good Crackers, as he is spending most of his days walking around, taking pictures and meeting funny animals:

http://sphotos.ak.fbcdn.net/hphotos-ak- ... 8936_n.jpg

But more seriously, me too I have a social life. And so from time to time, I have to meet friends before they forget about me :crazy: :

http://www.facebook.com/video/video.php ... 4094161007

Post Reply
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Who is online

Users browsing this forum: No registered users and 1 guest