[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bit 'o script & "cracking" (decrypting) a file of unknown password (of small limited set of possible passwords)

To: BerkeleyLUG <berkeleylug@googlegroups.com>
Subject: Bit 'o script & "cracking" (decrypting) a file of unknown password (of small limited set of possible passwords)
From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
Date: Mon, 23 Sep 2019 23:18:16 -0700
Arc-authentication-results: i=2; gmr-mx.google.com; spf=neutral (google.com: 198.144.192.42 is neither permitted nor denied by best guess record for domain of michael.paoli@cal.berkeley.edu) smtp.mailfrom=Michael.Paoli@cal.berkeley.edu
Arc-authentication-results: i=1; gmr-mx.google.com; spf=neutral (google.com: 198.144.192.42 is neither permitted nor denied by best guess record for domain of michael.paoli@cal.berkeley.edu) smtp.mailfrom=Michael.Paoli@cal.berkeley.edu
Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:user-agent :content-disposition:mime-version:subject:to:from:date:message-id :sender:dkim-signature; bh=3CG8FpXacNLl2x78tvWPslAQiFarFNf0yiF+kiNJ3xQ=; b=UeuuCqS0cjn+KpPqOGym6OERPpY3kJOB9coz3BvOWmOfBtSrGyqP+lr/U13Gy4Cfqz dou/9rM/UtFgbajrlAbAf1B+NligxYhQ8w7QriiObBbagP3Q11QqfTV5W6H17JBFkF/U k0g9/xqdxi5VR+xAmlTVs+J7tZb+A+KWT+mD8HWJ0ZlGNncQLi2m0AILGB8JctG+YE1n 05zDCrUwuEMo7UTkEHfGs/xuiKtBsdETRVIxVvV8kVoqepWdH+Ysxmbqwqja9RvNOo94 t48/5NSUpWEvYpibdldH6R36qxhI+czyr7D9S4vMJ1uX40pv9RgFfWHaFLjVWaniAOWU smmw==
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:content-transfer-encoding:content-disposition :mime-version:subject:to:from:date:message-id; bh=UmJ9edJX6Q1q+RYO8e1ovXIBajvjw6d9JBEun95ZUz8=; b=oGtv3QjP6O0Tjdga9L4vUtH+g2gNDvdHx3WQhkzaZ2kvNIVJk75RODqyoEEEbnxug/ 664/FjDjrYoK6twO5xQj0TyeGu355N0OX6f7/63WfAGw1YlIbiknmZnkFZK4IixhPm2z e13iw3hd3S86u372+sUMZHm6OhOEXXP2s5WTaH3Fztqq3sGxpzNMfUc76TajLMLDsjcS IJb79BHrrspXLB6zG05uprkqpedu3OF8fMA2etstY8BWMWINmN7bziXIMqfJiVO7hh+3 AWbXgSkOFo/Dfe2XQ/pYl3G6gmXg05nfqve5XM/g+nyOR4STM1ny2eDIgiOkzuJCq0hO U9Sg==
Arc-seal: i=2; a=rsa-sha256; t=1569305897; cv=pass; d=google.com; s=arc-20160816; b=qaqx/oNqo9KB0N9tO/y+8e2xTE1RV99Jhlpj8fd+zueR/r4UB71GEbEVEpPnEJlMu+ xPuBH0Pt6XyNYCZ+nIykfA1WzsDb2IsFNvYlGgzszOVIw+5Z0jIZaJnFhg+Fl/1rgXV1 1F3GRmcpwT16jdw9o+0s+IOeJCR+kFLgUmVdkKhIEa+qA6WndM8V15jIQG1DVWKdvnkE 4Ogy+P2vH37SbEBKYtykhbO3scEECRiLVGcpUCDYJesxh03kpYA8cyVTjrCZlEefvrar /zh2T0IeUb4kMMzMamf9Lh1afL0ck/+uboz7797kLjpVl4GfZV84CwJB8s3ajc3QYBUM DtYg==
Arc-seal: i=1; a=rsa-sha256; t=1569305897; cv=none; d=google.com; s=arc-20160816; b=DVSufZRyzlXQIpuqZRpArB+soLe/37O6IyBz5WUucp/PDwn/EmAQswbVtvdSIgwEQQ ZxAuEiU1R68155YxvvxyW+6Of00zyNJtpDsZ2z+6ZI+yjF361zGnDf4YCZeUGkUM53Uh FZkOHchpSNqhhFoz/LkIAg3N+MNqXUB5gn/62wKkPB318dmiPKcQ/RH/nOxfU+qmAg/D kXpbaMz6QL8PbBfSQYs+ZC/JMf/CiqzvZklCDZN7DPIN7FTcKNO/ukCleXiaPfYypXyq jWRcvIs6zXhPQbgs99gtueTyRGAJAjlpsInavGSGJVn1YC7PhE464hw3vkCJdrOdihiJ l6Cg==
Delivered-to: historian@entropia.netisland.net
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:message-id:date:from:to:subject:mime-version :content-disposition:user-agent:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:list-post:list-help:list-archive:list-subscribe :list-unsubscribe; bh=3CG8FpXacNLl2x78tvWPslAQiFarFNf0yiF+kiNJ3xQ=; b=lhLAxNN9ftFYHdoYEL0qk6LLy9vAwkrwQDpeMsJoOV1hpF0fBjxFGEiC9W2KSntYez 14koKUcBSnsY+a6C2GCLgTOygJOah5oBrohoYUnYZcitHbLNJlZH8X4IDXpCamRffWPS tLaGAB/g3ZV4YwfxYV2juEXoAMFRKEHjGPdcxqP+BJkJcd/YToF57g33Bo1Tu1S7eiom Wtfa6MkQZlMycSWB10Jw1IIw8pQhcQgpp7yEYMdYzjJ/HuprbpkOS98GrDyc63FzxkrY /9cFqoeIqP6CGQBHMdJs1E2AR4KYny925NfRNeMUQzetUoBHALIahsXEMe4bkvh9mLrC dJZw==
List-archive: <https://groups.google.com/group/berkeleylu>
List-help: <https://groups.google.com/support/>, <mailto:berkeleylug+help@googlegroups.com>
List-id: <berkeleylug.googlegroups.com>
List-post: <https://groups.google.com/group/berkeleylug/post>, <mailto:berkeleylug@googlegroups.com>
List-subscribe: <https://groups.google.com/group/berkeleylug/subscribe>, <mailto:berkeleylug+subscribe@googlegroups.com>
List-unsubscribe: <mailto:googlegroups-manage+61884646931+unsubscribe@googlegroups.com>, <https://groups.google.com/group/berkeleylug/subscribe>
Mailing-list: list berkeleylug@googlegroups.com; contact berkeleylug+owners@googlegroups.com
Reply-to: berkeleylug@googlegroups.com
Sender: berkeleylug@googlegroups.com
User-agent: Internet Messaging Program (IMP) H3 (4.2.1-RC1)

So ... this past BerkeleyLUG meeting,
someone presented bit of situation ...
they'd accidentally encrypted a file from keypad ... so probably a quite
simple password, but don't know what it is ... and also not sure the
algorithm.

So, I proceed to do exercise to simulate - and "crack":

First I create a simple plaintext file:
$ banner FOO > plaintext

Then, after having randomly selected an encryption algorithm that
openssl knows about, I encrypt the file:
$ openssl enc -rc2-cfb -in plaintext -pass pass:aaa -out encrypted

After checking with file(1) that the file is show as same type, etc.,
write wee bit 'o code to crack it.  For demo purposes, we presume the
password is 1 to 3 characters in length of all the same letter, and all
lowercase or all uppercase.  We pretend we don't know what the password
is, but that we know it's one of these.  We also pretend we don't know
what algorithm was used to encrypt it.

I take those potential passwords, and randomize their order,
then, iteratively developing it on CLI, fairly quickly put together
"throw-away" script to try all the potential ciphers and our chosen set
of possible passwords, to "crack" the encrypted file:

$ (for cipher in $(openssl enc -ciphers | sed -e 1d); do echo "cipher:$cipher ..."; for password in bb Y c q Z V WWW n AA RRR zz KKK XXX yEE lll BBB LL JJJ eee MM u W SS vv nnn sss C XX PP K FF ii ll B H bYYY ee F rrr ddd t MMM iii CC J U qq fff I ttt uu A UUU NNN gg xx ooopp D jjj oo ZZZ l O TTT d CCC ppp aa ss E p zzz VVV mmm x aaa yyy rwww s RR M xxx kk III QQ mm a GG g YY ccc PPP ZZ FFF nn bbb N qqq P ddOOO JJ HHH QQQ jj vvv hh HH GGG w h cc TT o z UU T X VV DDD i DD ttEEE uuu L G e S ff R AAA Q ggg k f v hhh II rr OO KK yy WW j NN LLL mww BB SSS kkk; do openssl enc "$cipher" -d -in encrypted -passpass:"$password" -out decrypted 2>>/dev/null; file decrypted | fgrep'decrypted: ASCII text' && { echo cipher: "$cipher" password:"$password"; break 2; }; done; done)


In our case we used file(1) to check that our decryption attempt was
successful - we could possibly have used other means.  Once we've
successfully decrypted, we report on the cipher and password, and break
out of our loops.  This last version was done to be slightly more verbose,
so we could also see some of its progress.  Took only a couple minutes
or less or so to "crack" our encrypted file.

--
You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/berkeleylug/20190923231816.68684mpfho8lkmqs%40webmail.rawbw.com.

Prev by Date: Re: Some of us here already, have ample space, AC Poser, Wi-Fi, Internet*, ...
Next by Date: "Octo"Pi
Previous by thread: Re: Some of us here already, have ample space, AC Poser, Wi-Fi, Internet*, ...
Next by thread: "Octo"Pi
Index(es):
- Date
- Thread