Cracking a p12 PFX certificate
#11
Can you post the .pfx file for which you are getting high speeds? PM if fine with me. Thanks!
Reply
#12
Sample pfx which I am using: http://openwall.info/wiki/_media/john/PKCS-12.zip
Reply
#13
I checked the speed of Elcomsoft Distributed Password Recovery and it is 1831 for openwall.pfx file. My JtR
plug-in is faster than EDPR.

@aestu: do report back your speeds with openwall.pfx. I tried running it myself and it does *not* seem to be faster than my JtR plug-in.

@original poster: did you actually try running Elcomsoft Distributed Password Recovery on your pfx file? If yes, what speeds were you getting.
Reply
#14
(06-29-2012, 04:47 PM)halfie Wrote: I checked the speed of Elcomsoft Distributed Password Recovery and it is 1831 for openwall.pfx file. My JtR
plug-in is faster than EDPR.

@aestu: do report back your speeds with openwall.pfx. I tried running it myself and it does seem to be faster than my JtR plug-in.

Did your plugin support threads?

Definitely, performance depends on the PKCS#12 file. I tested with openwall.pfx and performance is 6175 per second:

Code:
> time ./crackpkcs12 -b -c a -m 4 -M 4 ~/PKCS#12/openwall.pfx

Brute force attack - Starting 4 threads

Min length: 4
Max length: 4
Use -m and -M flags to modify these values.

Brute force attack - Thread 1 - Starting with 4 characters passwords
Brute force attack - Thread 2 - Starting with 4 characters passwords
Brute force attack - Thread 3 - Starting with 4 characters passwords
Brute force attack - Thread 4 - Starting with 4 characters passwords

Brute force attack - Exhausted search

No password found

real    1m14.410s
user    4m23.976s
sys    0m0.032s

Since we are using a 26 letters alphabet we try 26*26*26*26~=457000 passwords. 457000/74 second ~= 6175 passwords per second.

I can achive a better performance cracking another .p12 file that I exported from an older version of Firefox. It is revoked but I can't attach it here because it is a personal certificate with my name, surname, etc... I will try to get a similar PKCS#12 sample file to attach here.
Reply
#15
Yes, My JtR plug-in supports multicore too (using OpenMP) though I haven't tested it much. 6175 p/s on a 4-core machine sounds right for openwall.pfx file. I get double the speeds on a pfx file generated with keytool utility.
Reply
#16
(06-30-2012, 03:35 PM)halfie Wrote: Yes, My JtR plug-in supports multicore too (using OpenMP) though I haven't tested it much. 6175 p/s on a 4-core machine sounds right for openwall.pfx file. I get double the speeds on a pfx file generated with keytool utility.

Finally, I got an example of PKCS#12 file to show you the better performace. I created it by exporting certificate from an old version of Firefox (version 3). I'm showing you performance in a two cores machine (not the previous posts 4 cores machine)

Code:
> cat /proc/cpuinfo
[ ... ]
model name    : Intel(R) Core(TM)2 Duo CPU     T7500  @ 2.20GHz
[ ... ]

> time ./crackpkcs12 -d ~/dict.txt ~/usr0052-exportado_desde_firefox_3.p12

Dictionary attack - Starting 2 threads

Dictionary attack - Exhausted search

Dictionary attack - Exhausted search

No password found

real    0m2.560s
user    0m4.504s
sys    0m0.036s

> wc -l ~/cuatruple-largo-dict.txt
400000 /home/xxxxxxx/dict.txt

400K / 2.5 seconds = 160K/s in a two cores old machine

aestu


Attached Files
.zip   usr0052-exportado_desde_firefox_3.zip (Size: 2.22 KB / Downloads: 32)
Reply
#17
$ ../run/john hash # Single-core results.
Loaded 1 password hash (pfx [32/64])
guesses: 0 time: 0:00:00:08 0.00% (3) c/s: 95412 trying: crxee
guesses: 0 time: 0:00:00:23 0.00% (3) c/s: 103019 trying: 0378905
guesses: 0 time: 0:00:00:28 0.00% (3) c/s: 103940 trying: my1dvy
guesses: 0 time: 0:00:08:17 0.00% (3) c/s: 108602 trying: ge18cl

$ ../run/john hash # AMD X3 720 (triple core)
Loaded 1 password hash (pfx [32/64])
guesses: 0 time: 0:00:00:32 0.00% (3) c/s: 255815 trying: tshwgg - tsapli
guesses: 0 time: 0:00:00:34 0.00% (3) c/s: 256920 trying: amphc - adld3
guesses: 0 time: 0:00:01:04 0.00% (3) c/s: 262909 trying: thanid - thunct

@aestu: :-), high speeds finally. Thanks for the sample certificate.
Reply
#18
I need instructions for how to crack a password in windows for a pfx certificate to desencrypt my files because i have formatted my pc and i have files encrypted, y only have de .pfx wich i forgot the password, help please im new in this
Reply
#19
Hi everyone,
First of all, I wanna apologize for bringing an 8-9 years old theme, but I have a question/issue about the .p12 certificate.
Now, my administrator in the firm sent me a year ago certificate .p12, then he sent me the password via SMS. At the time I tried to import the certificate, but the password was wrong. I contacted him and told him that the password is wrong, so he sent me the password again via SMS (this time the password was a bit different - two symbols were different). I tried again the new password and again - didn't work. So I contacted him again and this time he said that I quote: You don't know how to import the certificate, come to with the computer and I will import it for you.
Well, I tried few more times, I started thinking that actually, I don't know how to import the certificate (i already imported in the old work a few certificates and always was successful, so I am pretty sure that I know how to import it) so I started digging on the internet and seems that just the password I have is wrong.

When I met the Administrator in the office the next day, I thought that he will use the certificate and password he sent me, but no he bring a flash drive where the certificate and password are saved. (My opinion, he found that he made a mistake when he sent me the password via SMS and that's why he refused to use the one sent me the day before, so I think I have most of the password, just a few or 1 symbol is wrong).

However, that's the story, now the password is 14 symbols, including not only letters and numbers but seems that even letters with dots and tires on the top, also other symbols. When he imported the certificate I remember that the password he used was almost the same as the one he sent me, I don't remember just 4-5 symbols from it, the rest I know. Below is what I would like to do:

**XXXX********
* - This means that I am sure is the same as the password I have
X - I don't remember it
Or maybe the worst scenario: *XXXXX******** - 5 symbols, so I think that should be really fast?

Can someone help me with preparing brute-force for those 4 symbols I don't remember (there is probably letters like ěščřžýáíůä - those are from the Czech and German alphabet)?

I want to install the certificate on my new computer but still both passwords he sent me a year ago are wrong, so I wanna try brute-force before calling again the rude guy from a year ago. I saw the password he used when he imported the certificate but I don't remember it fully.

I have Windows, Linux, and macOS (this one is a slow laptop), the rest is a pretty strong PC I can use.

Thank you for your help in advance
Martin
Reply