Posts: 10
Threads: 5
Joined: Nov 2022
I try to decode the 7Z file (Qlocker) using Brute-Force with pseudo-random passwords. I wrote a fully configurable password generator that works with Hashcat, John the ripper and 7-ZIP. The passwords found by HC and JTR are checked by 7Z to exclude false positive ones. Maybe someone will use this program, maybe someone will improve it.
https://github.com/Arduan77/MikiDecoder
Posts: 10
Threads: 5
Joined: Nov 2022
I think I should say something more about my idea.
Qlocker has encoded some important data for me, so I have to wait for the solution or try to do something myself. I know... with a 32 character password it is a waste of time, but there are also winners in the lottery, so my idea... try random passwords.
The first problem was, how to save already checked random passwords???. The Lehmer algorithm is the solution. This algorithm with an appropriate Increment parameter is able to generate unique passwords. In addition, algorithm allows resume session, and divide the entire pool of passwords into many smaller ones to run decoder on several machines, without fear of checking the same passwords again.
Here another problem appeared, very large numbers, in the case of 32 character password it is 62^32 = 2272657884496751345355241563627544170162852933518655225855 :-)
This is far above the Decimal variable accuracy. In addition, the calculations at Decimal are slow, so I had to get around it in some other way.
I wrote a calculator that transforms the string-number into a Long list, performs something like the Written Method Calculations, then the Long list (result) turns into a string. In this way I am able to perform accurate calculations on numbers to the maximum length of the string chain. In the next step the result is transformed into a password.
In other words, the password is the number (Password-Number) generated by Lehmer algorithm and transformed into a N-system, depending on the number of characters in the password, in my case decimal to 62-system. So...
0 is 00000000000000000000000000000000 and
2272657884496751345355241563627544170162852933518655225855 is zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
The program can transform passwords into the number and numbers into the password, and this was used in the generator test mode to check if all functions give correct results.
Only in the 7z mode, the generated passwords go directly to the command line, for HashCat and JohnTheRipper, dictionaries are created, which size can be set for HC and JTR separately. In addition, after starting HC or JTR, new dictionary is created, this way there are no breaks between HC/JTR sessions. The last checked iteration is saved in the SessionProgress.txt file, where maximum iteration for a given pool is also determined.
To set Increment, I used the power function, in my case Base = 3, Power = 108 (3381391913522726342930221472392241170198527451848561) this way next password is very different from the previous one, but then Iteration !=Password-Number. However, both parameters can be set to 1, passwords will be generated in normal order (0000, 0001, 0002 a.s.o), and then Iteration == Password-Number.
Knowing Iteration and Increment, you can always count the last Password-Number, which is seed for the next Password-Number.
To make the generator faster, almost all calculations are performed on the List<long>, I skipped unnecessary conversions string <-> List<long>.
I think it is worth to test, whether in the case of shorter passwords, the random method will be faster than classic. I think it should, especially if the password is at the end of the pool.
Posts: 10
Threads: 5
Joined: Nov 2022
Big changes, new functions, huge speed increase.
.Net 8.
Release, on i7-9750H CPU @ 2.60GHz, 32 char password, 0-9+A-Z+a-z, constant length without mask: about 170k/s, it is more then 20x faster then previous version.
Now full configurable, constant or 1-n length passwords, masks for each char in password (for non constant length password too), Self checking modes (Calculator Random and Test Generator), 7z, HC, JTR modes.
The greatest profit of performance was when I changed the way of conversion number to password.
I changed the conversion by dividing into conversion by tables, lists, basically two conversion lists. This significantly reduced the number of calculations and speed-up the program.
Maybe someone else will improve something ???
https://github.com/Arduan77/MikiDecoder
Posts: 10
Threads: 5
Joined: Nov 2022
Hi. Next big changes. A few things have been corrected.
First of all, in password you can use any character you want, unicode too. I changed masking concept, from now, all generated passwords fit to the mask with no speed decrease. This was done by introducing a concept of polynomial numbering system.
Constant and non-constant length passwords, but always constant number of passwords in wordlist.
I attached to the project little documentation (docx), descryption of main concept and solutions.
I hope the program does not make errors.
Have a nice testing and cracking.