masterzorag's Activity

Friday, October 26, 2012


busy with many stuff, random list:
no ps3, no OpenCL
no code, no bruteforge
badblock, e2fsck, mkfs.ext4, dumpe2fs and a couple of HDD to recover
code aes-cbc-256
test AMD E2-1800 and E350/ATI6310
laptop become headless: recover work and use it as a server
ssh, sshfs, x11 forwarding, rdp

* Here is how I've recovered a corrupted HDD and use it as EXT4 *

# unmount device, at first
umount /dev/sdc1

# read about checking program
-v verbose
-d debugging output
-c call badblocks to add newly badblocks to blacklisted list
-k When combined with the -c option, any existing bad blocks in the bad blocks list are preserved, and any new bad blocks found by running badblocks(8) will be added to the existing bad blocks list.

e2fsck -v -d -c -k /dev/sdc1
# this method should work, but I'm used to do my own, so go deeper:

# know the blocksize and pass it at every tool, here 4096

# read and write the badblock list, get total
dumpe2fs -b -o blocksize=4096 /dev/sdc1 > badlist
wc -l badlist

# scan for badblocks, skipping already known in badlist
badblocks -b 4096 -s -v -o badblocks.out -i badlist /dev/sdc1

# manually add badblocks
e2fsck -B 4096 -v -d -k -l badblocks.out /dev/sdc1
# verify
e2fsck -B 4096 -v -d -f /dev/sdc1

# badblocks count should reflect wc output:
dumpe2fs -b -o blocksize=4096 /dev/sdc1 > total_badblock
wc -l total_badblock

# format passing the badblock list, large_file needs CONFIG_LBDAF into kernel
mkfs.ext4 -l total_badblock -b 4096 -m 0 -O dir_index,extent,large_file,sparse_super,flex_bg -v /dev/sdc1

# (manually excluding large_file and huge_file can be done at format time as this:)
# mkfs.ext4 ... -O ^large_file,^huge_file ...

# once you've done, mount your device.
# as usual, reading man pages can help you a lot!

Tuesday, July 3, 2012

time to make us questions

would be useful analyze some kind of wordlist to know some statistics, for example:
how many times is used this char? and this one?
which is the most frequent character used?
and again, for example:
in word of 8 chars how many times is used this character? minimum/maximum times?
how many times comes abc, abcd, abcde...? and how much is the minimal/maximum consecutive recursion of the same character?
and in word of 32 chars length?
analyzing some kind of hashes which will be the results? which are the most frequent characters?
knowing some analysis result we could target better words

analyze some billion of words will be time consuming, we could program something, but parallelizing with OpenCL would be great!

blackhole has support for sqlite database and OpenCL yet, lately we can melt this new analyze feature into.
I've just write a few lines, now I'm planning how to store variables in a better way.

Monday, June 4, 2012

bruteforge gets updates!

Here some news, I've updated our custom wordlist generator to 0.70r03, listing changes:
. bigger changes at option parsing:
added support to comments on CONFIGFILE, easier comment one line instead of cancel it directly, but also useful leave comment in it.
this surely leads to confusion playing with the last line, where Locked mode uses # to set changing characters, so...
. no more sixth line to use the Locked mode, just use the cli with -L '#exampl#'.
. added hidden -T switch to start the Tutorial mode, it pauses generation when a skip will be performed.
. added -G to generate a default CONFIGFILE to start from, it is also full commented, so read it, edit or take it as a template. When selected an interactive prompt will ask for a file name to write to.

Every character in charset has two variables (lines two and three):
maximum uses and Pattern lenght, it's from 0.70 that I've implemented a single Pattern length for each character, now I'm working on the new variable!

Hardcoded rules is: can't never be a triple in word, so when getting aaa it skips to aab; this happens for each character.
I'm working to set this limit for each character as the new variable, something like: maximum number of consecutive same character;
user can use this to use max 4 'd' globally per word, AND '3' to generate word with max consecutives 3 'd', something like:
dddafdee, aabcddde...
or to bypass the hardcoded limit, to say something like:
use max 4 'a', but max '2' consecutive 'a' in word,
use max 2 'b', but max '1' consecutive 'b' in word,
use max 3 'c', but max '2' consecutive 'c' in word,
use max 4 'd', but max '3' consecutive 'd' in word...
to get
This is a work in progress, but it's easy to implement; while awaiting this new feature, feel free to try my latest 070r03 there on the right!
if you get any issue, leave a comment below.

go directly for 070_r04 and use -G to generate default CONFIGFILE, I'll use this method to keep uptodate changelog/instruction/rules througth comments!

Every revision prints out its updated instructions now, avoiding confusion

yes, in the example I've forgot that abc will be skipped... eheh
./bruteforge advanced3 -q
daccdabdaac, 11 chars, attempt #1000000
bdaddcacacda, 12 chars, attempt #2000000
dcbdcbdadccb, 12 chars, attempt #3000000
adbcbcbadadac, 13 chars, attempt #4000000
bdabdcbdcdacb, 13 chars, attempt #5000000
cbdcbaacdbaab, 13 chars, attempt #6000000
dbcaccacdadad, 13 chars, attempt #7000000
abaacacdbdcdbc, 14 chars, attempt #8000000
acddabdccbaadb, 14 chars, attempt #9000000
baccababdccdab, 14 chars, attempt #10000000
bccbdaacaacddd, 14 chars, attempt #11000000
caacdbddcbadab, 14 chars, attempt #12000000
cbdadbcacbaacd, 14 chars, attempt #13000000
cdcadcacbaabdd, 14 chars, attempt #14000000
dbcbccaadbabdc, 14 chars, attempt #15000000
ddbdcdaaccbacb, 14 chars, attempt #16000000
abdbdccabadcbda, 15 chars, attempt #17000000
acdcdcdabaadbcb, 15 chars, attempt #18000000
bababddcaddccac, 15 chars, attempt #19000000
badddcadbccbcab, 15 chars, attempt #20000000
bccdadaabdbdacb, 15 chars, attempt #21000000
bdccdabaacdbdba, 15 chars, attempt #22000000
cadbdbadbcacdcb, 15 chars, attempt #23000000
cbdcabacadcbdba, 15 chars, attempt #24000000
cdbabdaccacdbad, 15 chars, attempt #25000000
dacdcacabdbacdb, 15 chars, attempt #26000000
dbddbcaababadcc, 15 chars, attempt #27000000
ddbccbcabdabaac, 15 chars, attempt #28000000
abdcbdcaacdbadcb, 16 chars, attempt #29000000
adbcbcbdadcdcaba, 16 chars, attempt #30000000
baccbcbdaadbdacd, 16 chars, attempt #31000000
bcbcadacbaddadbc, 16 chars, attempt #32000000
bdbdccbdaabdcaac, 16 chars, attempt #33000000
cacdbdabdccbabda, 16 chars, attempt #34000000
cbdcadddabacbcab, 16 chars, attempt #35000000
cdbdccbdcaabdaab, 16 chars, attempt #36000000
dbadccbcbadabdac, 16 chars, attempt #37000000
dcdababaacddbccb, 16 chars, attempt #38000000
Reached max word's length of 16 chars, last word 'dddcdccbcbababaa', attempt #38463782

this is with 4 characters, doing -o you'll get your targeted wordlist

Friday, March 30, 2012

developing bruteforge 0.70

after 20 revisions the code was cleanup and improved, here I'll try to explain the core changes:

. no more one unique global pattern_length for all character set (no more -p swich)
we can set now a pattern_lenght for every char, this can lead to user confusion, so I'll try to eleborate more:
the third line on CONFIGFILE is now readed as single pattern_lenght for the respective char listed at first line (the character set), so we can now exclude patterns like: abcd, tu, mnopq, xyz... but include abc, mnop, xy
user can get the same effect of old default -p 3 by feeding the third line with '3' for all the chars listed at first line.

. added a simple, but useful tutorial mode
this mode let user check what's goin'on when a skip will be done stopping generation of word (until user input), user can read output to understand how bruteforge is doing a jump into bruteforce generation flow, to help understanding how setup CONFIGFILE about second and third line, maybe the hardest to get by user;
this mode it's only useful to understand! (yes, understand: that's seems very important)

. shifted variant will be a mode
I've never added this mode due generation of duplicated, who want skip useless words but reelaborate something agaist duplicated records?
so I've thinked to add this features as -F (the Filter mode), where user must pass an existent unique wordlist to perform word shifting on STDOUT, but validating every shifted variant over criteria!
user will be warned about duplicated words, so user should filter later them out with some other technique, that's seems finally the right implementation to this mode!

. linking gmplib static by default, and some bug (buffer overflow) were fixed, memory accesses are optimized (I've to test if I got improvement also on ppc)

. new skipping rules can be easily added (if you have some ideas, leave a comment below)

here the new bruteforge 0.70r02, x86 ELF 32-bit executable, statically linked and stripped, for free!
post your question, user
I've to update documantation aswell.

UPDATE #2, early 2017
bruteforge is being rewritten

Tuesday, March 6, 2012

bruteforge 0.6r19

. Added -c 0 to skip all couples of char
. Added missing -h option
. Cache Fixedset_index into P array instead of calling idx_in_item everytime: speedup
. Cosmetic changes
. Compiled static against gmplib

Grab i386 binary from here

Thursday, February 16, 2012 cannot open shared object file

To everyone having this issue... bruteforge binary is linked with only one shared library:
You have to locate the library:
# find / -name
1. if you have no output you have to install gmp (, ask your package manager about;
in my system is located in a usual place such as ‘/usr/local/lib’ or ‘/usr/lib’, so bruteforge can load in memory the library and run!

2. If the library is not located in one of these directories it must be added to the load path.
The simplest way to set the load path is through the environment variable LD_LIBRARY_PATH.
Anyway, get a look at here and use your mind.

3. If you have a different version of that library, try to update the symbolic link, letting point to your installed version, for example now I have this:
# ls -ln /usr/lib/*
lrwxrwxrwx 1 0 0 16 Feb 16 15:41 /usr/lib/ ->
lrwxrwxrwx 1 0 0 16 Feb 16 15:41 /usr/lib/ ->
-rwxr-xr-x 1 0 0 399968 Feb 16 15:41 /usr/lib/
first two rows are symbolic links to the real library, watch also file dimensions...

4. If you can't resolv this issue, grab this static version of bruteforge and you'll get it running!

Wednesday, January 25, 2012

OpenCL + PS3: Improvements!

To anyone follow this story, here some things to see!
I'm doing Pairwise Master Keys with all 7 compute units on a PS3 via OpenCL, check out my three kernel's output:
This is always pyrit related, but it works alone (for now), porting to a pyrit plugin will take the last step of my interests.
Was January 14, 2011 when I've told: "Correctly improve that is possible, we have tools." I was right, I've wrote the fastest implementation ever!
Now I need to improve more, there's again!