That's only part of it. You can reverse the whole last round and a few partial steps in the 3 round. All you do is keep everything but the first 4 bytes in the password constant. Then just do all the steps in reverse. For each reverse step do REV_II:
#define REV_II(a,b,c,d,data,shift,constant) \
a = ROTATE_RIGHT((a - b), shift) - data - constant - (c ^ (b | (~d)));
All the way to the first step in the last round. The first step in last round you need to do REV_II(a,b,c,d,0
,6,0xf4292244) not REV_II(a,b,c,d,data
,6,0xf4292244) because data is not constant.
Now start MD5 as normal and stop at the end of round 3 then just add data to A and if it matches exactly with the partial reversed hash you found the password. The way you check passwords is like this: reverse the MD5 with "????aaa" then check "aaaa
aaa" then modify the first four characters "aaab
aaa" and re-check then "aaac
aaa" .... "zzzz
aaa" then you need to re-reverse the MD5 with the new data "????baa" then check "aaaa
baa" and so on.
BTW you can skip the last 3 steps in round 3 and just check A+data with revA if that matches check do one more round and check D with revD, same with C, and same with B.
You can also partially reverse steps in round 3 (this saves you about the time of one step so about 2.27% faster).
End of reversing code:
Code: Select all
REV_II(revA,revB,revC,revD, 0, 6,0xf4292244);
revB = ROTATE_RIGHT((revB - revC), 23) - data - 0xc4ac5665;
revC2 = ROTATE_RIGHT((revC - revD), 16) - 0x1fa27cf8;
End of checking code:
Code: Select all
revA2 = revA - data;
revB2 = revB - (revA2 ^ revC ^ revD); // "revC ^ revD" can be precomputed in the reversing code.
if (revC2 - (revA2 ^ revB2 ^ revD) == c)
if (revB2 == b)
HH(a,b,c,d,data[ 9], 4,0xd9d4d039)
if (revA2 == a)
if (revD == d)
// MD5 is cracked!
Please note you can make it even faster by not adding in data and others that are just zero. Or you can pre-add data[1 to 14] to the constants so that you only need to add data. Oh right there might be a bug/typo somewhere in the code because I just wrote it and haven't tested it.