New Tool: kwprocessor
#1
A few weeks back I was in need of a keyboard-walk generator but none of the options available did satisfy my needs. I've decide to write my own. Please check out the GitHub repository README.md on how to use it, it's features etc. You can find it here:

https://github.com/hashcat/kwprocessor
#2
nice! I'm obviously interested in this. Out of curiosity what deficiencies did you find with my methods?

https://hashcat.net/forum/thread-3614.html
https://github.com/Rich5/Keyboard-Walk-Generators

I get pretty good results with Method 2, but obviously it doesn't catch all the walks. Looking forward to using this. Thanks!

EDIT:
As I'm going through the README I see you solved the infinite walk problem I had with my Method 1 (Tree Walks) for large walks. Cool stuff.
#3
(08-15-2016, 11:09 AM)atom Wrote: A few weeks back I was in need of a keyboard-walk generator but none of the options available did satisfy my needs. I've decide to write my own. Please check out the GitHub repository README.md on how to use it, it's features etc. You can find it here:

https://github.com/hashcat/kwprocessor

Read it. Tried it. - Wonderful concept! Thanks for sharing !!!

---
addon:

A user could possibly do combined walks or also walks that have "skips" or "distances" between keys. A simple example would be combining the walk 1,2,3,4 with A,S,D,F so the whole keyboard line Q,W,E,R is "skipped" ... which would then result into 1A2S3D4F etc. - No idea how common this is and if statistically relevant at all, but thinking about keyboard walks i think i would end up doing something like that if somebody asks me to do one. As a result of this, i'd suggest to add something like "SKIP".
#4
I love this, I've had the same issue in the past (although I didn't find richk's tool at the time).

One comment: I've seen a lot of keyboard walk passwords working with the military (DoD password standards are ridiculous). One of the more common examples is starting on various rows. For example, horizontally: 123qwe!@#QWE or vertically: 1qaz@WSX

KWP doesn't seem to be able to account for these, as each section of the password has a different starting point. I believe you could generate multiple lists and then use combinator. I'm not sure exact what the consequences of this would be (disk space utilized for lists, time tradeoff, etc.) Please correct me if I'm wrong about any of this. I just wanted to bring it up as multiple starting points may be a good feature to add if the tool continues to expand.
#5
looking so good, thanks
#6
For those of us that don't compile, can you release a few executables?
#7
(08-15-2016, 02:00 PM)jodler303 Wrote:
(08-15-2016, 11:09 AM)atom Wrote: A few weeks back I was in need of a keyboard-walk generator but none of the options available did satisfy my needs. I've decide to write my own. Please check out the GitHub repository README.md on how to use it, it's features etc. You can find it here:

https://github.com/hashcat/kwprocessor

Read it. Tried it. - Wonderful concept! Thanks for sharing !!!

---
addon:

A user could possibly do combined walks or also walks that have "skips" or "distances" between keys. A simple example would be combining the walk 1,2,3,4 with A,S,D,F so the whole keyboard line Q,W,E,R is "skipped" ... which would then result into 1A2S3D4F etc.  - No idea how common this is and if statistically relevant at all, but thinking about keyboard walks i think i would end up doing something like that if somebody asks me to do one.  As a result of this, i'd suggest to add something like "SKIP".

If I'm reading it correctly I think the non-skip is by design. I'm guessing you would use a combination attack in conjunction with kwprocessor to get the row skipping walks....just guessing though until atom clarifies.
#8
(08-15-2016, 10:30 PM)richk Wrote: If I'm reading it correctly I think the non-skip is by design. I'm guessing you would use a combination attack in conjunction with kwprocessor to get the row skipping walks....just guessing though until atom clarifies.

Attention, BeanBagKing and you are referring to something different than what i was having in mind:

1234 ASDF != 1A 2S 3D 4F
("skipping rows between keyboard walks" != "skipping individual letters while walking")

I really meant skipping while doing the walk, e.g. taking every second character while traversing the keyboard. Someone could do a walk like this: 1,3,5,7,9. ... you can't do this by combining two walks using the -a1 attack mode. if there is a way doing so, i will be truly happy to learn about it.

My initial example was more "complex": the underlying walk would be 1QA 2WS 3ED 4RF and the skipping logic i had in mind was "skip every letter that resides on the second line": 1qA 2wS 3eD 4rF => which results to 1A 2S 3D 4F.
#9
(08-15-2016, 11:25 PM)jodler303 Wrote:
(08-15-2016, 10:30 PM)richk Wrote: If I'm reading it correctly I think the non-skip is by design. I'm guessing you would use a combination attack in conjunction with kwprocessor to get the row skipping walks....just guessing though until atom clarifies.

Attention, BeanBagKing and you are referring to something different than what i was having in mind:

1234 ASDF != 1A 2S 3D 4F  
("skipping rows between keyboard walks" != "skipping individual letters while walking")

I really meant skipping while doing the walk, e.g. taking every second character while traversing the keyboard.   Someone could do a walk like this: 1,3,5,7,9. ...  you can't do this by combining two walks using the -a1 attack mode. if there is a way doing so, i will be truly happy to learn about it.

My initial example was more "complex":  the underlying walk would be 1QA 2WS 3ED 4RF and the skipping logic i had in mind was "skip every letter that resides on the second line": 1qA 2wS 3eD 4rF => which results to 1A 2S 3D 4F.

Ok I see what you mean. Have you seen this alot?
#10
grep "1a2s3d4f" 10-million-combos.txt | wc -l
176

grep "1a2s3d" 10-million-combos.txt | wc -l
266

grep "adgjl" 10-million-combos.txt | wc -l
70

grep "qetu" 10-million-combos.txt | wc -l
163

grep "123zxc" 10-million-combos.txt | wc -l
365

grep "1234zxcv" 10-million-combos.txt | wc -l
85

grep "1234asdf" 10-million-combos.txt | wc -l
105

grep "123asd" 10-million-combos.txt | wc -l
542

grep "qzwxec" 10-million-combos.txt | wc -l
104

grep "1z2x3c4v" 10-million-combos.txt | wc -l
161



Values for comparison (keyboard walks without "skip"):

grep "asdfgh" rockyou.txt | wc -l
518

grep "qwerty" rockyou.txt | wc -l
1775

grep "qwertz" rockyou.txt | wc -l
53


As expected the counts are less than with simpler non-skipping walks. It's not nothing, though. I let you guys decide if thats worth further work, or not. I just came up with the idea because i thought i'd use it myself if someone asked/forced me to do a keyboard walk.


Some people seem to be really creative about their skipping tactics. Most of the "funny ideas" i've tried within the last minutes would find at least one match:

grep "1awx3drv" 10-million-combos.txt | wc -l
1

grep "piyrw" 10-million-combos.txt | wc -l
13

grep "ljgda" 10-million-combos.txt | wc -l
10

grep "1z2x3c4v5b" 10-million-combos.txt | wc -l
76