16 Systems ®
DocumentationMiscSoftware
Contact
All Rights Reserved.
I was a one man cracking team again this year at the Defcon password cracking contest. I used my own software along with John the Ripper. No fancy, high-priced GPUs and no proprietary, closed-source software. I won two first place prizes by cracking most of the TrueCrypt volumes before anyone else. I cracked these on an old Intel Celeron running Debian GNU/Linux that serves as the gateway into my home network. Also, I cracked most of the fast hashes on an old Intel Atom netbook running OpenBSD. Efficiency is so under-appreciated these days. I used a few EC2 extra-large CPU instance to crack most of the harder hashes. My final, over-all position was 7th place, although I held 5th place for most of the contest. There were 17 registered teams.
List of software I used- Word Machine
- TCHead - For TrueCrypt Cracking
- John The Ripper
It was fun. Thanks to jpd (my former colleague from the ITSO) for getting the registration code for me. Thanks to KoreLogic for hosting the contest. I found a small memory leak in TCHead and discovered a few other interesting things about TrueCrypt volumes. This is my last year participating in the contest as a one man team. The same big teams always win and the little guys stand no real chance. Here are my suggestions for future contests:
- Create team divisions so that big teams with dozens of members and dozens of GPUs would only compete with each other. Sort of similar to divisions in boxing (heavy weights, middle weights, light weights). That would make for a more evenly balanced contest and ensure that small teams have just as much of a chance to win as the big teams.
- Provide bonus points to teams that use software they wrote themselves or hardware they built themselves from scratch. Anyone can download and execute other people's software and/or buy lots of high-priced video cards. Neither of those require much thought or creativity and neither of those are a cool hack suitable for Defcon.
Experimenting a bit this afternoon (day after the contest ended) I've seen that the focus this year seems to have been on pass phrases more so than passwords. I should have known that based on the hints provided toward the end of the contest. Here are some examples:
for some time all (RawMD4)
him to say what (RawMD4)
no out no they (RawMD4)
not get over it (RawMD4)
that she could get (RawMD4)
that would be a (RawMD4)
them as if they (RawMD4)
to use now that (RawMD4)
we the people of (RawMD4)
what could be his (RawMD4)
with me to the (RawMD4)
you know out and (RawMD4)
can just make out (paulw)
him out of this (smithjo)
if I have not (martindo)
in which he will (aslim)
now look than would (nelsons)
of what could be (sara.morgan)
the other day at (daperez)
Had I had time to work on the contest more, I would have cracked lots of these. Here's how I used word machine and John the Ripper with this word list to crack the above four word pass phrases:
wm --awords most_common_english_words.txt --words stdin | wm --append 1 --chars=" " --words stdin | \
wm --awords most_common_english_words.txt --words stdin | wm --append 1 --chars=" " --words stdin | \
wm --awords most_common_english_words.txt --words stdin | \
/usr/local/bin/john-1.7.9-jumbo-6/run/john --format=raw-md4 --pipe hashes-8.raw-md4.txt --pot=day_after.pot
Date: July 29, 2012