Cracking a p12 PFX certificate
#11
Can you post the .pfx file for which you are getting high speeds? PM if fine with me. Thanks!
Reply
#12
Sample pfx which I am using: http://openwall.info/wiki/_media/john/PKCS-12.zip
Reply
#13
I checked the speed of Elcomsoft Distributed Password Recovery and it is 1831 for openwall.pfx file. My JtR
plug-in is faster than EDPR.

@aestu: do report back your speeds with openwall.pfx. I tried running it myself and it does *not* seem to be faster than my JtR plug-in.

@original poster: did you actually try running Elcomsoft Distributed Password Recovery on your pfx file? If yes, what speeds were you getting.
Reply
#14
(06-29-2012, 04:47 PM)halfie Wrote: I checked the speed of Elcomsoft Distributed Password Recovery and it is 1831 for openwall.pfx file. My JtR
plug-in is faster than EDPR.

@aestu: do report back your speeds with openwall.pfx. I tried running it myself and it does seem to be faster than my JtR plug-in.

Did your plugin support threads?

Definitely, performance depends on the PKCS#12 file. I tested with openwall.pfx and performance is 6175 per second:

Code:
> time ./crackpkcs12 -b -c a -m 4 -M 4 ~/PKCS#12/openwall.pfx

Brute force attack - Starting 4 threads

Min length: 4
Max length: 4
Use -m and -M flags to modify these values.

Brute force attack - Thread 1 - Starting with 4 characters passwords
Brute force attack - Thread 2 - Starting with 4 characters passwords
Brute force attack - Thread 3 - Starting with 4 characters passwords
Brute force attack - Thread 4 - Starting with 4 characters passwords

Brute force attack - Exhausted search

No password found

real    1m14.410s
user    4m23.976s
sys    0m0.032s

Since we are using a 26 letters alphabet we try 26*26*26*26~=457000 passwords. 457000/74 second ~= 6175 passwords per second.

I can achive a better performance cracking another .p12 file that I exported from an older version of Firefox. It is revoked but I can't attach it here because it is a personal certificate with my name, surname, etc... I will try to get a similar PKCS#12 sample file to attach here.
Reply
#15
Yes, My JtR plug-in supports multicore too (using OpenMP) though I haven't tested it much. 6175 p/s on a 4-core machine sounds right for openwall.pfx file. I get double the speeds on a pfx file generated with keytool utility.
Reply
#16
(06-30-2012, 03:35 PM)halfie Wrote: Yes, My JtR plug-in supports multicore too (using OpenMP) though I haven't tested it much. 6175 p/s on a 4-core machine sounds right for openwall.pfx file. I get double the speeds on a pfx file generated with keytool utility.

Finally, I got an example of PKCS#12 file to show you the better performace. I created it by exporting certificate from an old version of Firefox (version 3). I'm showing you performance in a two cores machine (not the previous posts 4 cores machine)

Code:
> cat /proc/cpuinfo
[ ... ]
model name    : Intel(R) Core(TM)2 Duo CPU     T7500  @ 2.20GHz
[ ... ]

> time ./crackpkcs12 -d ~/dict.txt ~/usr0052-exportado_desde_firefox_3.p12

Dictionary attack - Starting 2 threads

Dictionary attack - Exhausted search

Dictionary attack - Exhausted search

No password found

real    0m2.560s
user    0m4.504s
sys    0m0.036s

> wc -l ~/cuatruple-largo-dict.txt
400000 /home/xxxxxxx/dict.txt

400K / 2.5 seconds = 160K/s in a two cores old machine

aestu


Attached Files
.zip   usr0052-exportado_desde_firefox_3.zip (Size: 2.22 KB / Downloads: 29)
Reply
#17
$ ../run/john hash # Single-core results.
Loaded 1 password hash (pfx [32/64])
guesses: 0 time: 0:00:00:08 0.00% (3) c/s: 95412 trying: crxee
guesses: 0 time: 0:00:00:23 0.00% (3) c/s: 103019 trying: 0378905
guesses: 0 time: 0:00:00:28 0.00% (3) c/s: 103940 trying: my1dvy
guesses: 0 time: 0:00:08:17 0.00% (3) c/s: 108602 trying: ge18cl

$ ../run/john hash # AMD X3 720 (triple core)
Loaded 1 password hash (pfx [32/64])
guesses: 0 time: 0:00:00:32 0.00% (3) c/s: 255815 trying: tshwgg - tsapli
guesses: 0 time: 0:00:00:34 0.00% (3) c/s: 256920 trying: amphc - adld3
guesses: 0 time: 0:00:01:04 0.00% (3) c/s: 262909 trying: thanid - thunct

@aestu: :-), high speeds finally. Thanks for the sample certificate.
Reply
#18
I need instructions for how to crack a password in windows for a pfx certificate to desencrypt my files because i have formatted my pc and i have files encrypted, y only have de .pfx wich i forgot the password, help please im new in this
Reply