Skip to content

Readme improvements #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Readme improvements #29

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7c9133f
Update README.md
HelderMagalhaes Sep 21, 2020
75b9009
Update README.md
HelderMagalhaes Sep 21, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 14 additions & 15 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ By means of a dictionary attack, BitCracker tries to find the correct User Passw
## Paper

Several journals delayed the publication of our BitCracker paper (almost 3 years, with final rejection after several revisions) which explains the details of our attack, the BitLocker Drive Encryption (BDE) volume format and possible weaknesses in the encryption/decryption procedure.
Finally, we published the paper here: https://arxiv.org/abs/1901.01337 . Please feel free to comment and share.
Finally, we published the paper here: https://arxiv.org/abs/1901.01337. Please feel free to comment and share.

## Requirements

Expand All @@ -27,7 +27,7 @@ Running the `build.sh` script generates 4 executables inside the `build` directo

In order to build `bitcracker_cuda` coherently with your NVIDIA GPU and CUDA version, you need to modify the `src_CUDA/Makefile` chosing the correct SM version. As a reference, you can use the following table:

| GPU Architecture | Suggested CUDA | Makefile |
| GPU Architecture | Suggested CUDA | Makefile |
| ---------------- | -------------- | -------------------------- |
| Kepler | CUDA 7.5 | arch=compute_35,code=sm_35 |
| Maxwell | CUDA 8.0 | arch=compute_52,code=sm_52 |
Expand Down Expand Up @@ -91,11 +91,11 @@ Output file for recovery password attack: "hash_recv_pass.txt"

You can use this type of attack if the storage device has been encrypted with an user supplied password as shown in the following image.
![alt text](http://openwall.info/wiki/_media/john/bitcracker_img1.png)
BitCracker performs a dictionary attack, thus you need to provide a wordlist of possibile user passwords.
BitCracker performs a dictionary attack, thus you need to provide a wordlist of possible user passwords.

To start the attack you need:
- the `hash_user_pass.txt` file
- a wordlist of possibile user passwords (you need to provide it by yourself)
- a wordlist of possible user passwords (you need to provide it by yourself)

A command line example:

Expand Down Expand Up @@ -168,9 +168,9 @@ As for the user password, BitCracker is able to perform a dictionary attack to f

To start the attack you need:
- the `hash_recv_pass.txt` file
- a wordlist of possibile recovery passwords
- a wordlist of possible recovery passwords

Generate and store all the possibile passwords it's an hard problem. For this reason, we created a Recovery Password generator named `bitcracker_rpgen`. With this tool you can create a bunch of Recovery Passwords wordlists you can use for your attacks. As an example:
Generate and store all the possible passwords it's an hard problem. For this reason, we created a Recovery Password generator named `bitcracker_rpgen`. With this tool you can create a bunch of Recovery Passwords wordlists you can use for your attacks. As an example:

```./build/bitcracker_rpgen -n 300 -p 10000000 -s 000000-000011-000022-000033-000044-000055-008459-015180```

Expand Down Expand Up @@ -203,9 +203,9 @@ The `-d` option enables the possibility to have duplicates in the same Recovery

For all the available options, type `./build/bitcracker_rpgen -h`.

**NOTE:** Please note that the amount of possible Recovery Passwords is huge: <br>
`recovery password = 65536 x 65536 x 65536 x 65536 x 65536 x 65536 x 65536 x 65536`<br>
According to our research, the password distribution is uniform and there is no way to find "more probable" numbers. So far, we didn't find a rule to reduce the amount of possible candidates. This means that the Recovery Password attack could take forever (the User Passwod attack is always the preferred one). Soon we'll modify the `bitcracker_rpgen` tool to generate Recovery Password in a casual way rather than in ordered sequence.
**NOTE:** Please note that the amount of possible Recovery Passwords is huge:\
`recovery password = 65536 x 65536 x 65536 x 65536 x 65536 x 65536 x 65536 x 65536`\
According to our research, the password distribution is uniform and there is no way to find "more probable" numbers. So far, we didn't find a rule to reduce the amount of possible candidates. This means that the Recovery Password attack could take forever (the User Password attack is always the preferred one). Soon we'll modify the `bitcracker_rpgen` tool to generate Recovery Password in a casual way rather than in ordered sequence.

A command line example:

Expand Down Expand Up @@ -300,7 +300,7 @@ N.B. Each password requires about 2.097.152 SHA-256
## John The Ripper

We released BitCracker as the [OpenCL-BitLocker](http://openwall.info/wiki/john/OpenCL-BitLocker) format in [John The Ripper](https://github.com/magnumripper/JohnTheRipper) (`--format=bitlocker-opencl`).
The hash files generated by `bitcracker_hash` (see *How To* section) are fully compatible with the John format.<br>
The hash files generated by `bitcracker_hash` (see *How To* section) are fully compatible with the John format.\
On the GTV100 password rate is about 3150p/s. JtR team developed the CPU version of this attack (`--format=bitlocker`); on a CPU Intel(R) Xeon(R) v4 2.20GHz, password rate is about 78p/s.

## Hashcat
Expand All @@ -309,7 +309,7 @@ This is a work in progress...

## Changelog

08/16 : New `bitcracker_rpgen` executable to generate wordlists of possible Recovery Passwords<br>
08/16 : New `bitcracker_rpgen` executable to generate wordlists of possible Recovery Passwords\
06/14 : User Password attack mode now supports passwords length up to 55

#### What's next
Expand All @@ -323,9 +323,8 @@ Plase share and test our project: we need your feedback!

Special thanks to the John The Ripper team, [Dislocker](https://github.com/Aorimn/dislocker) and [LibBDE](https://github.com/libyal/libbde) projects.

This is a research project in collaboration with the National Research Council of Italy released under GPLv2 license.<br />
Copyright (C) 2013-2017 Elena Ago (elena dot ago at gmail dot com) and Massimo Bernaschi (massimo dot bernaschi at gmail dot com)<br />
We will provide some additional info about BitCracker's attack in a future paper.
This is a research project in collaboration with the National Research Council of Italy released under GPLv2 license.\
Copyright (C) 2013-2017 Elena Ago (elena dot ago at gmail dot com) and Massimo Bernaschi (massimo dot bernaschi at gmail dot com)\

Although we use the GPLv2 licence, we are open to collaborations.
For any additional info, collaborations or bug report please contact us or open an issue
For any additional info, collaborations or bug report please contact us or open an issue.