How to recover a lost password to the archive using a video card

Good day, Habrasoobschestvo!

It so happened that I needed to find the lost password to the 7zip archive, which contained a backup of several files from the old disk. I lost the password long ago, and the process of recovering it required some effort and turned out to be quite an entertaining affair. More about this and tell in the article.

What is a password?

Since the developers realized that storing a password in the text is insecure, we see only a hash - a set of values ​​that are generated based on a password. Such a transformation is performed by a hash function according to a given algorithm and is one-way.

There are different hashing algorithms: MD5, SHA-1, SHA-2 and others. To recover the password from the hash, you can use the brute force method. It is enough for us to create a hash for each possible password and compare it with the hash that needs to be decrypted. In fact, we need to take a file, pull out a hash from it and decrypt it with a hacker. The method of extracting the hash for each algorithm is different, and the complexity of enumerating each of them varies.
')
How to calculate the complexity of the search? Without going deep into the intricate matan, we can say that it depends on both the length of the password and the set of characters used in it:
for example, a numeric password of 0-9 contains 10 characters. The five-digit password contains m = 5 characters. The number of combinations will be P = m ^ n or 5 to the power of 10 - 9765625.

If we take into account the Latin characters - large and small, then it is 26 * 2 + 10 = 62 and our P is already 5 to the power of 62!

I have seen a password for a zip using a two 22-core Xeon within a week. I did not have such resources, or so much time for selecting a password, and thought about using a graphics chip for my own purposes. The computational power of these devices is now widely known. Graphics accelerator manufacturers are AMD and Nvidia. Nvidia has CUDA - its own closed API for computing on GPU, which according to synthetic tests is 20% faster than the open version of OpenCL, but not every program has an SDK for it . In addition, Nvidia cards are inferior to AMD cards in calculations implemented on OpenCL. This problem is partially treated with fresh drivers, but the gap still remains. In the end, we also focus on the number of computational blocks of the video card.

Below I will consider the Hashchat solution that runs on OpenCL and allows you to connect up to 128 video cards at the same time. Although there is no such possibility for this test, presumably it makes sense to give preference to the average price segment, since you can put more cards and the difference in performance is disproportionate to the price.

Password recovery tools

Hashcat is the successor to the previously used oclHashcat / cudaHashcat utilities. Declared as the fastest tool for selecting a lost password. Starting with version 3.0, it supports the use of both CPU and GPU, but not for all algorithms. For example, using the GPU can not find the password to Bcrypt. But to MD5 and SHA-1 passwords are picked up pretty quickly. Works with over 200 hashes. In fact, it is a universal cross-platform solution.

For some of them, you will need the utility below:

John The Ripper - admin tool to recover lost passwords - the legendary utility hack software. Popular because of the support of a large number of hashes and their autorecognition. Supports many modules, including third-party. John The Ripper is even included in Kali Linux, but in a reduced form. Only with this program I found absolutely necessary extensions for extracting hashes from other formats: zip2john, rar2john, pdf2john.py, pfx2john.exe and a lot of interesting stuff.

Cain & Abel - also needs no introduction. The program even has its own sniffer.

There are other tools, but they are either poorly documented and do not have a GUI, or are inferior in speed. Support for different types of hashes is also important. Thus, we stop on Hashcat.

As an example, we use arbitrary 7zip archive. We generate archive independently. 7zip uses AES256 algorithm

To restore the hash, we use the 7z2hashcat utility. In fact, this is a Perl script. Download it by reference and unpack it.

7z2hashcat64-1.2 7z.7z > hash.txt 

As a result, we will see the desired hash in the text file. Next, configure our Hashcat:

• We put the product itself
• We put the GUI at will and to get acquainted with the program.
• We go to the hashkiller - and pick up HashcatGUI from there.
• Go to the folder with HashcatGUI, run App.HashcatGUI.exe.
• When starting, specify the executable file of the program hashcat64.exe or hashcat32.exe depending on the system capacity

The GUI sometimes gives errors and crashes when the search is completed. Nevertheless, the checkpoint is provided, we can return to the last running session and continue the search on the Custom commands & Services tab.

Hashcat will detect all the GPU / CPU devices in the computer and begin decoding.

Testing the program features

Run Hashchat. We specify the hash type as m 11600 (7zip), the search status is updated every 60 seconds, the output file and the search mask.

Mask search is positioned by an improved version of brute force. Knowing something about the password pattern, we can significantly speed up the search. Suppose it is a date, a name or a year, or any intended characters, for example,? R? R? R - any three characters of the Russian alphabet.
In this case, it is any seven digits. It should be borne in mind that if the password length is six digits, we will not find it and you need to try again. To automate the process, a tick "increment" is provided.

 hashcat64.exe -a 3 --session=2018-01-24 -m 11600 -w 3 --status --status-timer=60 --potfile-disable -p : --gpu-temp-disable -o "E:\asus\result.txt" --outfile-format=3 "E:\asus\hash.txt" ?d?d?d?d?d?d?d 

Result: in the file E: \ asus \ result.txt . Password 3332221 matched in about 10 seconds.

We are trying to increase the length of the password. The search speed dropped significantly - up to 635 passwords per second.
The result: password 3334566611 - 10 characters. It took about three minutes to restore it.



Let's complicate the task. The password now consists of letters of the Latin alphabet and numbers. The password length has grown to 11 characters. The program has a number of options even more accelerating the selection. The obvious option is to select using the standard password database.

We put the dictionary HashKiller Passwords. In the program folder there is already an example - words for 1000. We add our dictionary in the tab “Wordlists & Markov”. Download the dictionary HashKiller Passwords , and then extract it, for example, in the folder Dict.

Startup example:

 hashcat64.exe -a 0 --session=2018-01-24 -m 11600 -w 3 --status --status-timer=60 --potfile-disable -p : --gpu-temp-disable -o "E:\asus\result.txt" --outfile-format=3 "E:\asus\hash.txt" "E:\asus\hashkiller-dict.txt" 

Markov is another variant of the combined selection and has a separate executable file. https://ru.wikipedia.org/wiki/Tmark_Markova
The option is poorly documented. The GUI help for dialing with the? D? L? U character (Latin letters and numbers) recommends a value of 40.

We also use a hybrid attack. This search word from the dictionary with the addition of the end of the mask, for example, Password113 , Qwe1235 .

Also in the program there are ready-made masks in the .hcmask format, which allow you to sort out the known patterns line by line. Extra lines can be commented on by opening this file with Notepad. They can also be used with the “increment” option, or combined with a word list.

In addition to hybrid attacks, the program supports selection rules based on certain algorithms that have been identified empirically, which give good results.



The so-called busting by the rules is the most technically complex attack and is a programming language. According to the developers, this approach works faster than regular expressions. Ready-made rules can already be used by uploading them to the GUI from the rules directory in Hashchat. Taking into account the specified options for 2.5 hours, the program gave the result.
Password Property123

Rainbow tables

In the example, we have a rather complicated encryption algorithm. If you select, for example, a hash to MD5 in a reasonable time, and your password has not been selected, it makes sense to pay attention to the last argument - rainbow tables. These are calculated hash values ​​for all common passwords that were calculated and stored in the conditional table. Knowing the hashing algorithm, you can load the table into memory and search for the desired hash. Usually they are used to select a large number of passwords in the shortest possible time, for example, all leaked passwords to a web application, but this is another story.

Today there are two projects supporting different types of hashes:

• Rainbowcrack - supports four hash algorithms: LN / NTLM, MD5 and SHA-1
• rcracki_mt or rcracki for Linux -MD4, MD5, DoubleMD5, SHA1, RIPEMD160, MSCACHE, MySQL323, MySQLSHA1, PIX, LMCHALL, HALFLMCHALL, NTLMCHALL, ORACLE

Conclusion

Not having large computational resources, today it is still possible to decipher even very persistent types of hashes. Given their wide distribution as a standard, at the moment, many applications are a priori vulnerable. Perhaps in the near future we will have a transition to such standards as SHA-2 or GOST_R_34.11-2012. In the meantime, it remains only to use general recommendations for generating passwords:

• Do not use common words from daily use. There are only a few thousand of them.
• Do not use words followed by numbers or alphabetic rows on the keyboard. By adding 1231231 to Qwerty, you will not make the password more secure. The entire dictionary and masks can be sorted out in half a day.
• Standard word doubling combinations, etc. easily understand the rules of selection, which are focused on such techniques.
• Do not use personal information. In our world, there is too much information in general public access.