Cracking a p12 PFX certificate

[fizikalac]

Hello!

My friend forgot his password for a .p12 certificate file. I can't find a good program for cracking it except for Elcomsoft distributed password recovery, which cracks at speed 500k/s, which is not enough for me.

Do you know of a program that can utilise a GPU for .p12 perhaps?

Thank you!

[Mem5]

Elcomsoft distributed password already uses GPU, no ?

[fizikalac]

(06-27-2012 08:26 PM)Mem5 Wrote:  Elcomsoft distributed password already uses GPU, no ?

Not for this algorithm.

[blazer]

Sorry. I have a better solution..

I am going to assume you have already imported the certificate on a machine and now want to import it elsewhere but have forgotten the pwd.

a) On windows export the certificate with the certificate snap-in through MMC (will work if certificate has not been marked as non-exportable)
b) On mac export the certificate through the keychain ? or just clone the keychain across

Will save you time cracking it.

Just saying...

[aestu]

(06-27-2012 08:33 PM)fizikalac Wrote:  

(06-27-2012 08:26 PM)Mem5 Wrote:  Elcomsoft distributed password already uses GPU, no ?

Not for this algorithm.

I wrote a program to crack PKCS#12 files some time ago: crackpkcs12.

It doesn't support GPU but it's multithreaded so you can get more than 500k/s if you have a modern CPU. Try it:

http://sourceforge.net/projects/crackpkcs12/

It's written in C and is tested on GNU/Linux

Aestu

[halfie]

@aestu: OpenSSL is not thread safe (especially its error handling part) unless some callbacks have been implemented.

See http://curl.haxx.se/libcurl/c/threaded-ssl.html. How much speed are you getting with your cracker?

[halfie]

I implemented support for cracking PKCS #12 files in JtR (based on aestu's program).

$ ../run/john -format=pfx -t
Benchmarking: pfx [32/32]... DONE
Raw: 2121 c/s real, 2121 c/s virtual

How does Elcomsoft distributed password recovery (which cracks at speed 500k/s) achieve those nice speeds?

[aestu]

(06-29-2012 08:34 AM)halfie Wrote:  @aestu: OpenSSL is not thread safe (especially its error handling part) unless some callbacks have been implemented.

See http://curl.haxx.se/libcurl/c/threaded-ssl.html. How much speed are you getting with your cracker?

crackpkcs12 use openssl into two steps:

1.- Every thread loads its own pkcs#12 struct from file
2.- Check passwords

Step 1: I avoid concurrency by using a mutex.
Step 2: Every thread has its own struct and there is no concurrency problems

You can check crackpkcs12 works.

Regarding speed, I achieve 260k/s using brute force and this CPU (not a cutting edge one):

Intel® Core™2 Quad CPU Q8300 @ 2.50GHz

aestu

---

(06-29-2012 11:14 AM)halfie Wrote:  I implemented support for cracking PKCS #12 files in JtR (based on aestu's program).

$ ../run/john -format=pfx -t
Benchmarking: pfx [32/32]... DONE
Raw: 2121 c/s real, 2121 c/s virtual

How does Elcomsoft distributed password recovery (which cracks at speed 500k/s) achieve those nice speeds?

Could I see your code? Is there a public repository?

Thanks,

aestu

[halfie]

aestu: are you sure about the speeds you are getting? I am getting very low speeds (2K/s).

Can you take a look at https://github.com/magnumripper/magnum-j.../pfx_fmt.c
and see if anything is wrong?

[aestu]

(06-29-2012 11:29 AM)halfie Wrote:  aestu: are you sure about the speeds you are getting? I am getting very low speeds (2K/s).

Can you take a look at https://github.com/magnumripper/magnum-j.../pfx_fmt.c
and see if anything is wrong?

The problem could be the PKCS#12 sample file you are using. How did you get it?

If you exported it from Internet Explorer having "Secure protection" enabled, openssl functions performance falls a lot. I don't know whether it is the case with "Elcomsoft distributed password recovery" or not.

aestu