From d56820bd0fc2de6cd244dbaf9ec767fe86895b5e Mon Sep 17 00:00:00 2001 From: Matthew Ewer Date: Thu, 1 Aug 2013 23:43:11 -0700 Subject: [PATCH] Extracted the important bits from the keystore loader; improved speed by 2-3x. Assumes keystores all have a 20 byte SHA hash at the end (which was the case for me, seemed probable, and looked likely to have been assumed, anyway.) --- README.md | 3 + binary/Breaker.jar | Bin 7051 -> 15726 bytes src/se/bes/br/Breaker.java | 18 +++--- src/se/bes/br/PasswordChecker.java | 86 +++++++++++++++++++++++++++++ 4 files changed, 99 insertions(+), 8 deletions(-) create mode 100644 src/se/bes/br/PasswordChecker.java diff --git a/README.md b/README.md index 05064da..9934e23 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,9 @@ Performance On Linux with a Core2Quad I got about 150000 keys / second, but on a Windows 7 machine (Also Core2Quad) I only got about 100000 keys / second. +EDIT: I believe I've managed to increase that by 2-3x. + + Proof of concept ---------------- There is a .keystore file in the test/ directory that has been prepared with the diff --git a/binary/Breaker.jar b/binary/Breaker.jar index fba05226d893c6e703250df8d5b5eb6e67d9d3ca..4a682b628673be5028db70cbc20f75a48f636519 100644 GIT binary patch literal 15726 zcmcgz3wRXQbw0DN*&U6fMMwgHfCU6dt2YP%l8})E0)bYNk$4DjV6{7v)=0bZ?uv)= zaNW3R(md@_Cvj8Tanh-QV*s5bCHdF`$oFz`v!U&Uw)QoC|UJA zs9N}&2RD8L)%mX!f61!8u7SSZeZwOSzFwa{92(bR@%p1$G!}}4+dRz;O@&HVI4!4Z z#vho}Jjg@g&W4skr6;QS<65x3`y$tGZD=~(vb}z+skOdkdvkqrv#+J4snt{6H8V4% zdHTYEh8i@P^2cKJL;m<=o2O7YUf(n5^X(fLY4iB}p>Vw@^_&k)O?k#Nk3SgHf*${D zJTmQ%hXVeosf(U5{68C-3KlA<25p|0)-a~U8pfgx-O<^&#zlonp_0jmG>(xKA2F?Q z@d~nD0aTZ$gymo=Txl$tRqv|r+c zGkN&nuirb;4jJXY8dS_7Up0g|pN~X?`!x*BACE+{*bsBkD%zvaYU<)tH$Qs#u~(se z)a#=CbU>j#Iw;d21%v5wQa`_a{21WJAQulQXmYDUhiO=*b^I~H?T_%|C{G6bdCSB6 zb&Ma!Wg3;~1m-loSDT4XVtRe}2t;PXad6IZ5?_T_u6SRZM~y9l8eBa-8H!akVGa6o zrrM6;j!-xh@04gob)NFRnxhigdLlurb8&wttPRXgk7>~n{}``)Nq+<~f7Blh@wbs_ z`l2H=JFmxvPbO*PQH;s9=i6(PMDJF~jQ@WR{?; za5(M{ob~x<#PDP~Dbp#Lwqk&wmSk1Wq(6#5+pACZ)qrQ#Q1Akp>bxC^7^My_Wtvh5 zRU)$x&c!!^N*idSN>y~5N^5DIN*-FTQYEdC>2)fdrZY16RoYEsG6hr$(rs9Ql<*J7 zqu4;*tVgt{M5{50XdF47nC6cLCOzYks7G+6&7+b=volP&`t=IN@wYe zN^R7x(iBar6y`^SW>mU^KzCz~MC2|&#-<#ZglYh5^X${*snMfWsucypVrOr#aLXMmZ(gx7m73vfkkmJO7l;ns@{EOwnXv_ zSDM0BaQJ6tv@nKVU!B&I&gb^@&NEmK!j;v1OBFlg5xqtBBn;9RalQ`06g$*p7`w=1 z#P+705|!uMg*6A$Yk^&6lh!5(az(x-CwqjXniY32lk@IyRD)=)f-+<6X<-Q!ss}PF z-Vj^pP&Z4ns3Ae5H$k&*#@B7A&*xNyxAqE2-g&Zkr7L9h+OCkzTX}`-kD<^)TktFw z>iKEtz9*>&N6vD3hE~$&s9Kb-Rca>Hi ztNRp2>%KwOZ_sH z$kYNwxBW%3y+oU3YDGCTg0XD#;3O}b&$_#|@>GNE%wT2hjYp`uwz5H=V#SRQ(yH1@ z>)<^WiHjC~VAPvi_*QN04O=i-&lY@`WZN9stdAzAynzuQ{S;mP49oo=Sjy)iLqCVy z{3oXT0=3Yu(x&7~F1wHQB!+0AL$pf>08dHbDYztW`5rETCNm~+9|Vd8qPq6Rb-T~n zxrV1uS;wPW6Evn#yQZP#$URnRZsCVmB6CS}QT%VT{|yz=|3LbG18M$WF(xl)LT^$B z`eznZCr4LpjLr^*?@lsYCChIa6SYb&qTE8AXk(#Us1|QVAgge2d&!cCKsr}H|Dpvv z;y>O-i!0#~0A4K{e!P*P#(st$2W09~Fist4*coM5$;ZV&8Fm_!8Dl7PE9V@RX;{I0 zM`T7A#dN@h$5Dlj(Q&Rb%Bd3youpG-dK*qD&NHl>c0pg->K*TNG?pz;b~NOeAKmPcd1dR#It&}va~u^eS1K~H zGw0&smOM`Zv$}EqLu(u7kbtWDE(Cy3fVe=;fImehNYR%t2m5ST0{iGqK+DM;5BR4A z)Jh$X$&)1;+hCOfG68W9V_MN!oO=54D*>sbk2iTfqYukW0Qe$pH0Hp2Cba;J08~i_ zRFEE-x*#1mgcdad46w6-&{!4Y#<|SwW>AF5=s?HFOXD>c1IkR$q=A`2bUO}UlR`dG z<0fYXt}-D&=87=x!6+(Hdn{{yDpYQrz+hpDs5HY+=?;p?6jy1M&Z%^s00r}b8sOZq~(}0_8e9osKKVg zHQ?Ir8rTQojatP5771iL67>hLB=#{~zD>Z;%zz<37y&-EN41#7@Yld_Te)^V#NU>0 zH`k;|TQ;|nHWwD{m7&u`t%Bki!;bU$<8TXL^R7-YEKTa#`v8_ODRVO0UMZ+*=8Abi z)rp!DNl<0QfuMsbi#S3UObJkhd`ZA6hEznq#L)wDl@2Ds)HSk>*5R-oxJLHT`gwA+ z+3FJ{zxBGa&F-zR-?&1~3R?x>jO&>98Y!a{_IWC}LMo#dR4jT7^kIF{UZ{O5KpO#1 z72tUvaxYN{-H&m-5BU!OcYOfI@`I@RLDYT-ht|U|P#+PeQzu4M0vxslhoKcMHsMI* zV{#MHwP4_w&I|aX@|^6M5bLfj88w%dHxHa z!UuZb8WjVsx%+EziaXtWf|2QzqCsFG$ zOye@@K2E)qK#M0Zu`A@Gc{)m0X^cK2n8XY@2wEM$2F!+l!3HM|)K1_5$O&NH9xzyE zND0}0ODkmRmZ_%!kGoZdkIq2jR8av$Jz?W~-2I0fb(LH*YluG_f1R%ka)|8UEx(;`5il2mV`u z200RuwZnexf+Bb~Kim-z7~3M`rXWqL2W1K-Cv@0aNT1$_TgetbZt zKVuwzzk)S+kW&xw<6##R^dmBThzEMVlRnJvKj+6^@MBJ)zod_F#gEGLF>d-O=X{(g zenO^CayOq+px7Sc$0rmhw#WJL1lPKvfOdk1Gp{=zN&2+{758bGKBGXtUoKXKA^ z?(MTqy5XcJo%EEG{z|5&6_}XMIO%gt?5}0|8<{>Y)8Aqxb2fcGq>uxc({zS1Jrs$> zLhvyP1P%|JYp82@_;mkZ&ms0grl4`sbL5=vi}k`G2!{_lL7mgWJIKB?39zVWT9la( z4ccKk2|OfvrG820w2tjCsEsG{s2!7h63;6WQ;{+M6z5|K)25yS#Ld&%EQRh$_tB>2 zYM23iufazv0rN{>BRewLi)@J0}gFv>X>6Ld;K{G1ja<6ieA3v+>YW zqp%k_8*?kq^dVoIG5yGO`m$y==tx^@_R9JLu#ek2K_}Z5g6utwO@spYd70xglTm+6 zThvR(Hk~JpdS4inqq8%(JxVw4Tw<~#A-2i%i3`Dkgat$6<9fb}lSZ};u6R^+#UpY5 zlwMpU(!!(58Q5Mj{T=o+2qt?1|4cZ#G!hqQo>^7E@ZSk?o0M*ffh`xB(}%bO5KdKF z%F}Ch{92u$X8R=_omi!gz?5;{p~IP_U_lSxJaqL1}WI#60ncCk~eqUmARqzQvDkt8g@)g#fB>Hhx!yxAA*s&w^O8u}a^k=T!O^ z`hiOS%Co+y$*a-;4f2G3DASKr`ZxNqN3VCAR&8WBd^&|L`0|2V98}i>kEP+?^nvO!77r?s4^+qHbieKbgE|Dpp^H0rc zgX4^Wd(y8Yl4}GtXvLLu)|G>CCbEfZi-qolHiGCw>8CU06+zPfhbxrSea&J{4=dC; zPcY+BCVA|;0yq?oGM~gOam3k$tAm-?!~PMw(BCls@|Y3rY3koNT*c*8N-huMu2on4 z7)A1%L22}s1}a%dEi5A0ed8M2Tsxy!zUIn zZOu%3!ycQ0wZ;=X$fM15?Np*5XJ&?az$oDp0%vGFuwgr}tqX7%iVrFFUH9VM&8kkk zp$740|2&tMupSg|>~m2LT`9hy?(k+4VwgtoJc34WU*JEI0zm6dHX3BFi|=Zz*X?|H zBVHD`FGV zGPo_uOI9R!JSa#|MS@l(XtkC55m}EA-#AJ9RR+IJ}Jr_ZPv&DZ_u2Fk`B*+&i%7d+=W$7I_5Aej4u(mOYMzzYFiTVc{>K^dY=If@OaK zOa3Gl{aGyd*Ksud5+~aN&bH<7ID6<;X)_&_>gl+&okpc@#3~%7lhP@q$8c463?mtb zh2=x<$7vL{*mN@W&SdJp;QTlNhlgF-2@71LSZL@JDBvGbufr(Ws0h#*)U$|`A1N#K zNvq(H31GHCRAuqgb2Q|PBd3Lw1$6I_X+ow+NsuYld^NoUr_+n@ zbxCwPZuBfdh-HXyF(^HEl{SIvxKP}TwM)>Jt5m%Q8S(>kUC*z1KV3#Vp?4{(r zN_BIjw8<5?lx#rBdTocyh2?f_hs(92pj>ucdXS3BU8U3*Dwn5s6rj>N4PVnc3e&`^ z8REt56125s8`9;t%iLN5!C6_3;cPA0F7lXGp&(y4joUdFm$ahf8toWGHg@Aqe3k6N zL&#{`+(M60W=GklFzZHm?smfNvkFNXfCqr!nOAVP>4uDyf+w5cTd%6I~-Iy z;XQAI^ZXXvO7=pA2I(9W!FjCp1+2*HQR|Jk@%(+{T>vygi+iL?q(BO4MK}dA|Igxg3z0>v^t?my!oFE zZXzCzl+Frt`3LkCqh>1x!gW=?%eUU9_;D zgn5=%%e=Qi&E_tll%I_5S2IQdFWuYe9Y*7gVgZQ?u2DM<66fP&V@00Mw?b5Tr{K)H zu*nF@-3EVihY%!HsB()q$JxuwzMgK%3NZA3`a7k&aSHQacF3O*m6+wqLg?9YYIeb= zzs*T43if%cQ+V*%iQMd@UHoq2N4tU^cgxf%(=B|_yoVoM+@jk_J#cZ$v@gw-p_^Z? z$(x+%;x)z%Bx9RKR3+b9oy>td0%a|A4Qlg8Cjh#Z=V=PUd=H!HXfp62jN5eY2m4Y| z9uRp9w{N&Y1=(Ex4#um@q`4)s{TCjYdcjQ8N;w5&+K=z_YuBP=G^vQbRH2v4WHw9z z)gPyOxws3#Sw8TE9W)d2e=QO(2C>-2PpnTV(|e1t`ypC>ZzF+4h0 z*F(be1>M1@K{QWT>#L@_l<}&F0VD8@O;%w}4$-YL9cKGB2tp$a%`#+>E4#+ffi zRA``Ec?M-z%9KY4v2<_~vXz)&))``z0l7_^Fb#$4a&S}QHG_;9%J#cm04!!8y=E)z z=8eh4AdV;MuPP5j2)=1CD^Yqj!66I3A+X%Va45c*3z{DFFnx zJ%+?JM3l{wT;jx4s@Do24ZNhF4C#KiW4BxB^xC#wrGnjFJHI;T$lhkVMunrbm22jy zsLjUUzPQZ}QVDV=pC(z@B`$GIt5em>`3|xJ0K|u(Tg9!yLCl^Id*mPwfckn2egpEW zpn5k`D{ez}0kU@h6!+lT^&l=@2XWh1$%L12|XNE?a{u z9mXv025k@CtpH@}L0baFqd-PgU{nY8(>pxA=`wxGorz+W}$*#XV?3fH<~0n~w` zynHVPq$5)u5D>~32{qua5orrGWkx%#4gcch@8dFx|2U*DFMSBD~4LA=C~!tguFKa%|Huhcyjz(DX1J=T@UmI)RH= zg&`s$S7eTAIzxVijRhBwsm7^sAUimZ4s;D4INiT*VE@Pg-8Ej=6A42xhU3DkfV);I z#r@GVoGfc}sg7wd-r=Wd^dXuR>UM8v0xmW-tc{Qg%SnU`IpC?D^-sYq?(5p$*K>M! zD|M*(q|$52!|q+Qg42mCRFzprP<#ZA^gLdya% z#GnztmF5AqXo&3DtW!V?&5>|yc4j6LWsiS25DDVcNglmePRH0R;-TWXp--jRa?Hw3 z#dg}P@{Ut^v#Ho;cpwzOJnhh77H=e4C)8w8pma$};~o<|%a19JS_;d0z|tMy`tX4+ z6;@G9h4F)KXDQ5~=U}GW7n+!iU-We0`U6wqy9nEnkzNFco1slrqSKqqf2jy6nJ%g@ zfnG1u8&p^`Z<6UQ6_&-_DvXLZXB>Ry`I+>T_6;UEjFrfo{Xk@RHZa*WHNjrc$?3F; zTQVyKv}nAs2anKrD1h6Rw3^%V2mCB4H0(r!)7Iol8v6x^ba6yg?<{`lBV1?QTzz%s zfHD*T1Scpo0vL~9D?k+#K$81}PT|0-<~)bv&7|54zjDmZAj}d(@&FPidND*EVO(N> zX}1IIVkE_>Z1D>mfLFBA0}eAI@{Lm)oDogLrNmTZVgh@lu^(?n0xq;Q(+&B$)JKu0 zEq0e45|~-0oztK&9mD&M?mN6M8KRk62hFV*j6^*~uX(EEav&`yi5;=R*sWy(L)c*< zF^Yhq7snch_v!~IR1c0tKI*Wk@m|GS4R1aMvFq{Vh<6{#*(6=T;RzfUZv@A?OF5uP z*mf42uk1(V)43eam9W|>aQ3efC$0`@R^Y_vXkrN`emzJs>6dWeaiGU3uNPrqc93SM zagF3r4upbp$2m_fMkVY40_fn(1QoQw?T93>iehbblsVj`kIDc*{zS> zaj4o5$yc(}#dFTyV{;1vHs8I*%j5~Iq+)dV(sRJQn2pE%AyolU3 zI z!nOt>;+`{*`oq%_oxJ+*T*#J^(-CM=-=`nRY={|thLs&c? z20wsF3}UE5@S+YN_b^yA4BzF5U{Q-c%p_w1f(aZ4c#B}01yZz|_JBoJ(CWf}Z0a*R z3dyz{?yCa!Uhb+Ayl`Ol9YD)Y*!!mNy$jWuyH(Pml4T_&@J1h+Luk};Dno$WRa$YG zR!X&SP_iEYK1@{_C4RPL{SU>-1K}Gzmq=%)qgXZYMSp? zquhZ1efVzPFUh89zadTUoGFOv#)FZa{*OD~1|bDdU8(_Zz*GYmqb9OlsuAy`R3jWA zW+U^|31@f`Qf`in9dOpiDr@kF*+{KCY${u zh7{RVh%sH9tR4)LpJsMQV~XY(c%O4=nwM+&sbxoPrKo)Yc3}>+{6w-nW+@_yrlJgH`-rOy22GAnHED6oa<6Tjs*aD(cugv@vbAb4 zseMvb0?#RfraeF)u;L@d6ZaGM2PhiK7??V^ZgWDvPWt_5{NMSX|8_q4ueTmhc1x%S zyQMq3l)INFRMo=Hna#@4!owq7$5@|Im-y~UhYHzDMnn#*Lb{F)tcabyh|(Yx8}Tfh zFAbWBXPWvo2`4POnwyBdPHe9Z`O(%NldVfH=%u*Q?IZ(w@})U&a>e6ZY_-?lZ|6ch z&=13$pbjSvGwzy8KRvLv(tW>@=zZg1J9;sy6~_5IycXIOzXbmwF^3v_S-B}BDM_1> zze*J4?BiwkG~^?LWfZmvNU+v_MX*w-#X;X#i&pp49_}!umvDDvCKp<^iLH_m5e6x` ziqbL%-Rkb~gew(NwKWtEyi$K#GXh`psdb@cbp0_~wTrG*p(dR4BY1}C83)w-R7E!Z z_(lTA$QgfO7(b8YDOB|N#9bH%z){$os7H7yQFt@jM#<%3hvBf^r#B}QAE^ax>Gfrb z-e$Ht6b2jC>)rP0N#=dbxp5tU8?5vKc&^HiNL5Vwbsshz+$KdS`lBiL!S<_2t~s)S za}j8@oOMp0)JHQ7;atYLpCzB)dqdEjF;(t`=X{6lK9wr1kqFadOpJ9yH-x5NookFS zxM6q;(!#sI%bk7i>R(Tp{%FwWk>QJ`I>KT=t+OT0QYZ+LT9p;ysAq7!Vm-#KNVy~% z3xjzKzuURb?M+f8!b_g#b;EoUDZ)y!bJ09yMEEH0TX+Nx+;P=~KmAZy zb>C_NA`C0>O$^w%D+Q*;H>>(^}GH%J>1&C%cSHtnrCmk?V=`d6a$JC z0r;{{)C$z>KS2z`z$w6|q)n==NO$g#pGc}G#wd1LNqdy?cZw2V=~iO| z!4^K@CFdF29nrJEejod?SiF|p5|Oe~l6kW?&iQNbXN?O({-oGE8tm~y^N4Y&XPuWU zM|Dt3BjP|gR+@m=$hu>bY|;J_f6r%&L-t~Fxol$8xpdpMgSpYTw0;PyvUAJ=D{RVY zH2CE0KsVR9fkKv&R%-*x*rL($vqAqol+`k!@c{v?R*4xG1 zS{~{Qb+_48Uqs&64dTdS^~!}&8hR|e2;8`TR(^_ z9rWzv`UUP>2=74djzdvjE@u&~Tf!zCk`=);**x^3Wo45vo3W%`G|X zQ#AC|=AR)HBjukf-YdKk(Z*T%9BMSF#9dG3l!EY|8|7{%Z2pp=d8RkManhO0nCNy| zKkeHKC6(6o*PdqMI-Y6jY$+&WYY!JCp@8BS%PFxuk`9mKdQZ4ip3;E(3FpWhmS$`Z zjbd6i`@y9|cT(pE^;v^5CGHzKnFqqPxaDU@;t(3-{3-S}I=o)J-cKGSq*@Hy5a(3T zE#>PZhn+G{P<&7`bP)5@JB8DRqRabq0bA&uoIoNV7YidLpE$ILL(1@H!4aUgb6 zT%=&AWdaSf@hOlF*LlS9AKIojWClR71-!QQ41IlG*^!&USb5WL084F3ZHkqrN;*OFjba*OqBv$4?I_6f zP12ubPCkvarb1{B3fncU#D8qIPwCA!e@a4;`5_EK9${^U@oy#-*Xp%W&Z27w{mP#l5q)UKE8ow)?MCJDa5u225 zgMqhtZqZByiH$feJLTL_D^$mW#0Bq}(xr+SZGV2sUEX?{($=EYFd+kT05|gOB1Vd@ z(d1JzimZGePONn45Nu#A`+g(F?VY5>r989I5`KNQmqPspo*&WLz#6ZWmLJ5R1g4r20I}fJ){aX?*kAyB6n#mZ)+CMLB}Poe!h@Kv z6)V=HABfFl&kXKmp#)woMaJaDGNBxjd&EL^0_<*>vE^=E=&SNDasnf9nPG#ie89mL zaBSBIu{jn65-GHKr0(ARy(Nz9ZO`E}YPVCSnBF^xlf~V{-sLk{Ro_}+o(j|N9uxO#~hKzCxn50ESCf>YcUgAg$8d2QZVY)1yiDukJUsHu}15rUx{JRkW6?xXj@$|>USj~<(;+$H zF3goKra#5Hj$!%u^iR9hG)wVorEPR|KY2>jMQ9II4TebE_q(olzgg`GdVuRhWo$M2 zfYjOXSipU8f?^=t+xbq0qDGPxzG>DBDLKE(nKq+exL-(0+sNBb3VFhS_ezm{vPt1K zo6gmlG8b(gS7DH&itbDG@`)i?Yj{MejS$BC{cjpQ#+ZX4(SFe==0DNsvwx&f9jJ#V z^xqsBuj}-iLj#>51`3&{dQ24tu;5q7>F=NPU?q%cN|aC2c>wj_2-%Vd`P`bAWo{n? zdI%+K>I^475rR``2FD2`tmdA$T=G+$bmVAANDYsuoF9o!30??J3GN&f+~1s1zQn#% z2vshme=g0VIuVpj(1RD(%aPV=t zgq#C9iHA;vny+A^Hz!f37a3tsvs6B#8S4AMn>Opi2d2W~4-|@}rFggkW%v`Q6TwQ7 zyi}wDz4Nx}Bx22dbxZ1)JZQy!nx4A-Up%{`QpcZxCtmpVue%v{c)fJkBW|M`I zj|{a#85q5bnY9t8%G}d2l-zblJaXKM^m!cBX};_(zB(OfYBa2fAfwQhs{9gEPOFh< zF9{ul7CgA*8c-tO@eMQRJAOxWxn{l+*@nrCG-`<3s}jH|WBZ(<$M}08W|&X9u23Ij zAU+_^=%0#lo_3+y%2)Urr=dV!*UiONMtMETO&f z?R<)$-8H_P)NnxekR|!Z>+xSX!N$>{Xj$_B1uDOq=JH`OR9$z%ok7jJe^|TuV8voz zGd#Cr+MaP>D_tGH|Qx7Z%Ec8#IOzb=%D>z#GFZe6Oup- zJlbG)N3g8FQ9?E+FlKeRLX5zG(pS?-%lv`eq}*er58T0xw#Il>m3{%UXD1Pz@0I zQ#9}xeew9hvB+ckcvHj|KKV$e5AH3~+M{8X;wtN2`7Fz1OdVpz|uW5*Va z5BZG7m*9erLvXID74wBRz{nAxIy$Q_qa`XTJDyn>tKNEV;DJ^bJn42!d(ZMdtp&3r z;ofYfQ)!>Se5mba+FyQBeSP>s=Dts5e)ojl<0jg$MmrQ2BBJhwCo5l~Jf1Z^M$zHJ z-;JjnAV3XpU$V29?n=EG9e<;^%na#ugQXRC&GU5n&Ut68ts4NHEo!er?rdszo)wZ%`r7fN&M>8 zd5E9r%NLAjt|(Rzv3f#%{770l*~SzFIkB&;2>Nax(O4UA$r~b4d_3kze-xVVT|;3K z{FDKa%C4$ThwYQSc^4Gnh5BT=artSdvG-067qJ--^>0Q^IfHpfsn7M8TiVA<9uL*? z+T~5zcJWU|nWuVLP;ag4cUZ(%o?G*`8KLdd9w=ZKrlC0!$I!-MeNB3#t;*X}lJY`{`Y9DAjS5kCSM$}|hE}5|*I5Pzqly% zH+OwwouTbEY5fAno6Jq`;-*ZD`_bq*%jL*ZE56Mt*aej{ICBIfs{c3;Hqy;E2Qbb; zVA08X3D-EyCSs~=`ftPADWbp5tRb-7oh8^p!C>4GhYCaKz`oNTl&5{N&rDhNAY0LK z^fL_+UIJ6UlmFHeUR3u01!WWUpMGkj|0((ZngrtY{S1ib0r$9FV~t}kqe3L(YhyaA zDT;MD&1+&fLzo5`86>o*;TU9}^}W&kc@@7f1bmUp=~c-=l*Oy&G}~J@&~e(O_8wd( zi_KiH9E#ue1|FInlKvEK8gMXl%t-98ofO?!@|e2H^EfsMILu~2;ahWo5Hn>td}|Ty zH2jiUyPQ4O@<8-3+*tCng_A;6yj^tf;#~fK@1WLNVjH9C%x?5vSxCr{+@s!B>UCs) z#vG#O@u;yoF9k92P|o=BNWY9u@HAsxynn-Y9?`;1wa0WW*GTQdV=T+1YIHP1q>A*anB?%{6}|aKyLj(pidIR(V6h_!AVuO=mL0=OuE_KmvxW8o33 z{1?I)@di5Tq`^!%;_FT1^(hZxIco7P2@uqT$VsZV)CaSkQ8H~Y!fvE)6{T98#Osy_ z?}+*)gHRZijvFRLgEM1Os)@LOc6cMfE<|Ryi6cNCU~8lT(}Xw@zh5K#c0oVU9570RZNxrY3N>ae*K~yynrB9Q46cf2JfKYlwBM+ywfef z4<<7#0p<7YJo4u>RmTG5K-0B-w1%`pMg=Pzp&XTmaZN`Ho;^lk*yA0z!{w$Q)s=f7 zDO^tZJu0zD7P1&x^5YU3X>766nSkoCdGuNfs7`fOu-87StWSb@>5x&AoY9z~2>TWi z^@8}oCK|9_#Z_>du7F~eqI8fZy|oYO4R)EHMd4q4RbPTg?VVLJGGb-DbZ#Ts<$k`$ zdURNYQlu=}BOwqjus?q_Oxs27MFTtRTZbVGlG-zp6A`qRcd`D-^36 z-|z7gfb+eVOdU>;anZ7G9cXZ<{D4?W5Pp&E&cHX(+OVydJ<-JaNyMw7Q_+2l^_16r z;w&;XbT6v+OOkW3kT!o*q`#9A2UR>Lx_oW8hpkMsLDq^-$F5JFC3#MLY|Gjvb%Z=~ zMYy}uM!WWr$oYFpykXRiV^`Kp>@d+rk1uCiPYNyo37{4h4aF|(OFd=LD?sAAPl6%) z`G{id)`tD7?_W|GscsD{Jq&j}&F%C$)-)-~?6x$bUeV2Spwg{!WJH=w`9^5wQR{`v z5gh2q;Zq=lrd#rghK_bI=kTnob_w}105f?+~ANTsHjEyBxE*B~RBFI+p3Ab&qhI35G8qgT0zz z!ecI!{fB(~p|vB!;TT7kWO{6*xa3eXTg?&LwIYJ)EImZ-KJg6))fi(9aI& zHoHG}IC$bpTBA|2zQ+&5y(9JRuA}cH9y$gRz$E&g$r5NT8Jm2S`8KTNovCL@JID?!vgyNuU!E( zKG_uaYXJwV-N{$@dLXx|#*m9D{38uMWNYIi(@~%&3x)#Cpef%|-$x;%bW5RrhuUlS zD-mr()KWbUFR&~XmeohYpFtl0`-Jzd#eQD1b?3ZHP}g|=ygbNK^tKxh2qls-jJYOR z10}>?d_-K2VD*X1y?N25-z`vq)SN2a$v_^93)EYVSlavJQ}pA9oeo6DVAkU zCS~80jyvhZ5t|%@B1gt9XU{zZCM=#`jqQt^oh(58*Htbkn5&DO@bdL~&?(}6vc zJ5?;T-+uyq(Mr>MuP%!<_u}UP+OUerHXqXwfrv>W>Eg8hq0@C7IgoOguUxrhQ9dJY zOln@5A#VtaKg<1N8onh61Gg(WqoMj+xDD%uf}ZwixBs0v??bN`I+7?){3jALL^JBH zWYt#>oP{D}an89In6uv*0oC>`P9F|z?DXNo*D?ED(>kA%)pm{aL}GQ2CME~w{-jqa zdws1Il3?L6ElOkduI-?i)l#W8#oa9&1L^d>B?x@~HuSjB*hvy~HPrv;@MXfWbnhIz z2t)j(e~n$(79O3ML&`J-@f|7ll9i*rbJ?duxU#c4pf|#P+A7R0xIVbC@#zhwIDBzI zDM3Z_wKb}`8c)4cj-k*>cljyNJO8p##F-#yOIs%}ra%x>^*$MBKxQ;>2d9&N;}|nJ zbrMT16uUs<;Z@dou6#54v7&V+Y9ZDjZQpQ&I9?yQA3Z^=;%IZFEeP@`E5AX1o98+X zEnp2VDn0nzk)ZnN%JdGUdh}C8R`HqN4V`-K#r9E|&xQ$eAI;%T0n+w5$>Rj3g(P*4 z5V%XXO4_VK-sAo5sz$$lxFx_sLCGih-Bmq6B}VzntNGJK`R&#G|M+jt&7Ua09hW~f z-QSMOU-9zS_P_csf5QA0fdAAqeha{Vg}|>b`xE9L<>0@={y9?o7DWDvpkKH0-(mlh zNB)laXQxX07vQg*{*(WN`Ts|gzoY$`q2Jx@U!jBlAJG2Q>uM-J`X!;GprHR+W51f_ J%KyFj{{b0sq#6JK diff --git a/src/se/bes/br/Breaker.java b/src/se/bes/br/Breaker.java index 2596a30..e1fc1d7 100644 --- a/src/se/bes/br/Breaker.java +++ b/src/se/bes/br/Breaker.java @@ -123,7 +123,9 @@ public String getPassphrase() throws InterruptedException { long totalTime = (System.currentTimeMillis() - totalStartTime) / 1000; System.out.print("Tested " + mCounter - + " pws (" + totalTime + " s -- " + rate + " pw/s): " + + " pws (" + totalTime + " s -- " + rate + " pw/s avg: " + + (totalTime > 0 ? (mCounter / totalTime) : 0) + + "): " + new String(globalPass) + " \r"); } @@ -135,6 +137,7 @@ private class PasswordTester extends Thread { * The bytes of a {@link KeyStore} loaded into RAM. */ private ByteArrayInputStream mStream; + private int dataLength; /** * Loads a {@link KeyStore} on file into a {@link ByteArrayInputStream} @@ -147,6 +150,8 @@ public PasswordTester(String fileName) { FileInputStream fis = new FileInputStream(file); byte[] fileBytes = new byte[(int)file.length()]; + + dataLength = fileBytes.length; fis.read(fileBytes); @@ -162,19 +167,16 @@ public PasswordTester(String fileName) { */ @Override public void run() { - KeyStore ks = null; - try { - ks = KeyStore.getInstance(KeyStore.getDefaultType()); - } catch (KeyStoreException e) { - e.printStackTrace(); - } + PasswordChecker pc = new PasswordChecker(); + pc.bytes = new byte[dataLength - PasswordChecker.HASH_LENGTH]; char[] passwd = null; while(!mIsFound) { //System.out.println("Next pw"); mStream.reset(); try { passwd = mGenerator.getNextPassword(); - ks.load(mStream, passwd); + if (!pc.passwordMatches(mStream, dataLength, passwd)) + continue; } catch (Throwable t) { continue; } diff --git a/src/se/bes/br/PasswordChecker.java b/src/se/bes/br/PasswordChecker.java new file mode 100644 index 0000000..741ed07 --- /dev/null +++ b/src/se/bes/br/PasswordChecker.java @@ -0,0 +1,86 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ +package se.bes.br; + +import java.io.DataInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.security.DigestInputStream; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.logging.Level; +import java.util.logging.Logger; + +/** + * + * @author mewer + */ +public class PasswordChecker { + public static final int HASH_LENGTH = 20; + private MessageDigest md = null; + public byte[] bytes = null; + private byte[] actual = new byte[HASH_LENGTH]; + private static final byte[] MAGIC_STRING; + static { + byte[] bucket = null; + try { + bucket = "Mighty Aphrodite".getBytes("UTF8"); + } catch (UnsupportedEncodingException ex) { + Logger.getLogger(PasswordChecker.class.getName()).log(Level.SEVERE, null, ex); + } + MAGIC_STRING = bucket; + } + + /** + * Checks if the given password yields a SHA digest matching the one at the + * end of the keystore stream. One instance should not have this method run + * more than once at a time; it reuses one MessageDigest for the instance. + * Also reuses several arrays in the same way. + */ + public boolean passwordMatches(InputStream stream, int length, char[] password) + throws IOException, NoSuchAlgorithmException, CertificateException { + DataInputStream dis; + + md = getPreKeyedHash(password); + dis = new DataInputStream(new DigestInputStream(stream, md)); + + dis.readFully(bytes); + + byte[] computed = md.digest(); + dis.readFully(actual); + for (int i = 0; i < HASH_LENGTH; i++) { + if (computed[i] != actual[i]) { + return false; + } + } + return true; + } + + /** + * To guard against tampering with the keystore, we append a keyed + * hash with a bit of whitener. + */ + private MessageDigest getPreKeyedHash(char[] password) + throws NoSuchAlgorithmException, UnsupportedEncodingException + { + int i, j; + + if (md == null) { + md = MessageDigest.getInstance("SHA"); + } else { + md.reset(); + } + byte[] passwdBytes = new byte[password.length * 2]; + for (i=0, j=0; i> 8); + passwdBytes[j++] = (byte)password[i]; + } + md.update(passwdBytes); + md.update(MAGIC_STRING); + return md; + } +} \ No newline at end of file