THIS WAS A MACHINE TRANSLATION! I HAVE NO TIME TO CORRECT IT - WHO CAN HELP, E-MAIL ME PLEASE! ---------------------------------------------------------------- Changes in the versions: 2.0b - ".c(1) not defined" error message has been appeared although you are not using .c(1). Has been fixed. Passwords counter is now unsigned long long for gcc compiler and double for others. Password printing in hex has been added. Compiled with Pentium Pro/II optimizations. 2.0a - "5th line" bug fixed. Only password definitions greather than 4 lines have been affected. Thanks to Dmitry Lisiy. 2.0: - Added: the support of different languages and encodings, charset definition, new modifiers and their parameters, timing and benchmarking, maximal password length now depends only by amount of free memory. The sense of max_psw_len, min_psw_len parameters is changed. 1.1: - The small defects are corrected. The support of special character sets is added. 1.0: - First version released. ----------------------------------------------------------------- Password Cracking Library (PCL) v. 2.0. (c) Copyright PSW-soft 1996-98 by P. Semjanov THE GIVEN VERSION of the LIBRARY IS the BETA-version And IS DISTRIBUTED "AS IS". You CAN USE IT FOR YOUR OWN RISK. ANY CLAIMS ON WORK of the PROGRAM WILL NOT BE ACCEPTED. ALSO AUTHOR DOES NOT GUARANTEE the FURTHER SUPPORT And UPDATING THE VERSIONS of THIS LIBRARY. The given program is FREEWARE and can be distributed freely under the following conditions: the program code may not be changed, the program is distributed in original form, and the reference on PCL in your applications is obligatory. 1. Purpose and characteristics. The Password Cracking Library is intended for simplification of writing password cracking apllicationss and allows to facilitate the following actions: - Multifunctional dictionary attack; - Brute force attack with known characters; - Recovering the incorrectly typed password and more. The library is released as the library of object files and is in- tended for use with the following compilers: - Turbo/Borland C/C ++; - Watcom C/C ++; - gcc (DJGPP) 2. Password definition file. The password definition file is a main managing file. Its compi- lation and processing is purely the basic problem of library PCL. Its format is independent of the application, to which PCL is connected, therefore this library can be used with any 2.1. Format of the password definition file. Password definition file is a plain text file divided on two parts: dictionaries and character sets descriptions and password description. These parts are divided by line '##': [ ] ## The first part can be absent, then the file should begin with symbols '##'. Thus in any other place the symbol '#' is considered as the beginning of the comment. The blanks and tabulation in a file of the descriptions are ignored and can divide any components. For a convenience, at the beginning, as against a sequence of the descriptions in a file, we shall consider the mechanism of the description of the passwords, and then description of character sets. 2.2. Description of the passwords. It is a main part of a file, necessary present in any password definition file after "##' line. It consists of textual lines, each of which sets the set of the passwords and working mode, i.e. which algorithm will be used. Each line is independent and is processed separately, thus the total number of the checked passwords is counted up. The basic components of the password definition file are: character sets and words from the dictionaries. They set one or several symbols, which will be in the password on appropriate places. 2.2.1. Character sets. The character set (charset) is set of symbols, which can be on a actual place in the password (but there is, naturally, only one of them). To can be the following: 1) Simple single symbols (a, b, and etc.). Meaning, that in the given position of the password there is just this symbol. 2) Shielded symbols. The special symbols, if they are met in the password, they should be shielded. The sense coincides with previous. They are: \$, \., \*, \?, \= - "$", ".", "*", "?", "=" \], \[, \ , \}, \(, \) - appropriate brackets \ (space) - space \\ - "\" \XX, where X is hex-digit - any symbol in hex-code \0 - empty symbol (absence of a symbol). Is usually applied in association with the "present" symbol (see examples below). Basically, any symbol can be shielded , if they are not hex-digits. 3) Symbol set macros. These sets are defined(determined) in the first part of a file of the descriptions (see item 2.3.2). Meaning, that in a current position of the password there is any symbols, determined by following macros: $a - lower Latin letters (if not redefined, in total 26 possibilities); $A - upper Latin letters (if not redefined, in total 26 possibilities); $! - special marks (if not redefined, 32 possibilities); $1 - Figures (if not redefined, 10 possibilities); $i - lower national letters; $I - upper national letters; $o - User's set; ? - Any symbol, i.e. all chars included in these macroses. Note: $v and $p (see 2.3.4) could not be used to generate passwords. 4) The combination of any of the listed symbols above. Is written down with the help of square brackets. The sense coincides with previous. Examples: [$a $A] - any Latin letter; [abc] - or a, or b, or c; [$1 abcdef] - hex-digit; [s \0] - or s, or nothing; [$a $A $1 $! $i $I $o] - is equivalent to ?. 5) Regular symbol of recurrence "*". Means that the previous cha- racter set needs to be repeated 0 or more time in the appropriate positions of the password. Examples: $a * - password of any length from the small Latin letters; [ab] * - is empty, a, b, aa, ab, ba, bb, aaa... [$a $A] [$a $A $1] * - "identifier" - sequence of the letters and figures, and first letter. Let's note, that the password of length 0 symbols has the certain physical sense, and not always is equivalent to absence of the password. Length of recurrence is calculated automatically on the basis of given maximal and minimal length of the password by a call of the basic function of library parse_rules_file(). Let's note, that these parameters influence only length of the password generated with the help of a symbol '*' and are not using, if the password consists only of words or static symbols. It is recommended to use "*" as often if possible due to the fact that it will create the most effective brute force attack. Current restriction - "*" can only be the last element of a line. 2.2.2. Word from the dictionaries and their modifiers. Contrary to a character set, the word set uses not one, but a few symbols of the password in succession. The PCL library supports two dictionaries basic (where more often used words are found ) and user (where the specific information such as names or dates). The dictionary is a text file, consisting of words, divided by end of a li- ne(EOL) symbols. Files such as DOS- (CR/LF), and UNIX-format (LF) can be used. It is desirable (including brute force speed) to have all words in one (lower) case. Thus, two macros exist: $w - Word from the basic dictionary $u - Word from the user dictionary. Also as the words can be described special sets, since they can have any length. They are designated $s(1), $s(2),... And are determi- ned to be specific to a problem. Using of special charsets it is meaningful only in the certain place. Let's assume, that $s(1) determines the first 2 symbols of the password, and $s(2) - third. Then only following examples make sense: $s(1) $s(2) $S(1) ? ?? $s(2) As is frequently known the passwords are altered words. Therefore for determining such passwords the whole set of modified words are entered. Use following switches: .u (upper) - convert to uppercase; .l (lower) - convert to lowercaser; .t (truncate) - truncate at given length; .c (convert) - transform the word; .j (joke) - convert to uppercase some letters; .r (reverse) - reverse the word; .s (shrink) - reduce a word; .d (duplicate) - repeat a word 2 times. The modifiers can have parameters which are written down in parentheses. For modifiers intended for work with the separate letters, it is possible to set as parameter number of the letter; absence of parameter or zero parameter means - " the whole word ". Further, numbers of the letters can be set both from a beginning of a word, and from the end. The end of a word is designated by a symbol '-'. For today there are only 3 of such modifiers: .u, .l, .t. So, .u or .u(0) - uppercase the whole word (PASSWORD); .u(1), .u(2) - uppeecase only first (second) letter (Password, pAssword); .u(-), .u(-1) - uppercase last (last but one) letter (passworD, passwoRd); .t(-1) - cut off last letter in a word (passwor). Other modifiers work only with the whole words and parameter sets a conversion mode. For today the following parameters to modifiers are legal: .j(0) or .j - uppercase the odd letters (PaSsWoRd); .j(1) - uppercase the even letters (pAsSwOrD): .j(2) - uppercase the vowels (pAsswOrd); .j(3) - uppercase the consonants (PaSSWoRD); .r(0) or .r - reverse a word (drowssap); .s(0) or .s - reduce a word by removing vowels, if it is not first char (password - > psswrd, offset - > offst); .d(0) or .d - duplicate a word (passwordpassword); .d(1) - add the reversed word (passworddrowssap); .c() - convert all letters in a word according to the conversion string (see item 2.3.3). All modifiers will correctly work both with latin, and with the national letters, if national character are set correctly. Certainly, that the modifier can be not unique (restriction of their number in succession - 63, which hardly is possible to exceed). Examples (let $w - password): $w.u(1).u(-) - PassworD $w.s.t(4) - pssw $w.t(4).s - pss 2.2.3. Permutation brackets. Maybe you remember the password, but it does not match. Pro- bably, you were mistaken when you typed it. For restoration of such passwords, the program has its own proper algorithm . It conside- res, the errors in typing can be following: two letters are swaped (psasword), one letter is removed (pasword), extra letter is inserted (passweord) or one is replaced with other (passwird). Let's name such changes of the password "permutations". To indicate the start and end of a possible permutation in the password permutation brackets "{" and "}" are applied . "}" is followed by the permutation number (by default - 1), separated by "." or in in parentheses. Physical sense of permutation number is a quantity of simultaneously allowed mistakes. Examples: {abc} - will receive 182 (different) passwords, such as: bac, acb - 2 swaps; bc, ac, bc - 3 removals; aabc, babc... - 4 * 26 - 3 inserts; bbc, cbc... - 3 * 25 replacements; abc - and the word; {Password}.2 or {Password}(2) - in particular, words as: "psswrod", "passwdro" and "paasswor" will be received; {$w} - all words with one error from the basic dictionary. Notes: 1) It is normal, that some passwords will not be found at on- ce, and, the higher the permutation number is, the more recur- rences there will be. Efforts on reduction of recurrences were made in the program, but they are purely empirical and are untrusted on permutation numbers greater than 2. Or else, for large numbers there is no complete reliance, that any password will not be wrongly throw out. 2) For insert and replacement it is necessary to know, which set of symbols to insert. If this set is not defined (see item 2.3.4), this program defines it automatically, inserting the set of the standard set these symbols belong (i.e. {password} should be in- serted - $a, {Password} - [$a $A]). For words the similar ope- ration must be carried out on the first word from the dic- tionary, thus modifiers are taken into account. 3) Current restrictions: the symbol "{" should be first in a line. The expressions as good_{password} are not suppoted, but {good}_password are supported. 2.3. Description of the dictionaries and character sets. All descriptions make in the beginning of a password definition file above to symbols '##'. 2.3.1. Description of the dictionaries. In the beginning are usually described the basic and user dictionary (see item 2.2.2). It is necessary only if password description will be used words from the dictionaries, i.e. $w or $ u. The dictionaries are set as follows: $w = "" # the basic dictionary $u = "c:\\dict\\user.dic" # additional Is it necessary to quote the filenames, and to shield the path symbols. LFN is supported on Windows 95/98 only (not MS DOS or Windows NT) 2.3.2. Definition of used character sets. Used character sets further are usually defined. They are divided on predefined and set by the user. Predefined consist from: $a - small latin letters, only 26 pieces; $A - large latin letters, only 26 pieces; $! - special symbols {}:"<>?[];\',./~!@#$%^&*()_+`-=\| - 32 pieces; $1 - figures, 10 pieces. User-defined sets consist of: $i - lowercase letters of the national alphabet; $I - uppercase letters of the national alphabet; $o - additional set (for example, any non-typed on keyboard symbols). The definition of sets occurs to the help of the following format: $ = [< single symbols or character sets >] Or else, the character set enters the name with the help of combination of symbols (see item 2.2.1), for example: $o = [$! $1 \FF] NOTES: 1) Yoy may define any character sets, including predefined. For example, it is possible to add in set $! additional symbols, such as a blank or \FF. 2) The definition of sets $i and $I automatically determines rules of upper/lowercase conversion. Therefore it is important, that the letters in these sets is in the same order. Only after all character sets are defined, the complete set of symbols '?' will be formed, consisting of [$a $A $1 $! $i $I $o], and just in such order (it is important for following item). 2.3.3. Definition of convert modifiers. Convert modifiers .c (see item 2.2.2) can be set further, with reference to complete set of symbols '?'. It could be done using the lines with format: ?.c() = " < conversion line > " Each symbol available in complete set will be transformed in appropriate to it, taking place in the same position in a conversion string. For example, let ? = [1234567890], then ?.c(0) = "!@#$%^&*()" sets shift-conversion. In the conversion string it is necessary to shield symbols '\' and '"". Parameters at convert modifiers can be from 0 up to 255. 2.3.4. Definition of special character sets To special character sets concern: $v - the set of vowels (in all alphabets) - is required only, if the modifiers .s and .j are used. $p - the set for insert with permutation brackets - is required only, if for some reason does not arrange automatic reception of this set (see item 2.2.3). They are set similarly to other character sets. 2.4. Useful examples of password descriptions. 1) Let me give you a fragment from the documentation on the program ZEXPL2L: " I assume, that you have archive with a password, similar to " Heaven!!!", but you have forgotten, how many '!' were at the end of a word, and which - lower/upper case vowels were. This password would be written down in PCL language as such: "He [aA] v [eE] n! * " We shall assume in addition, that you were mistaken about a set of the basic part of the password. Then it is necessary to try following: "{He [aA] v [eE] n} ! * " 2) Another citation : " Assuming, you have two variants of a line of the password: "myprog", "MyProg","my_prog" and "My_Prog". It should be written down as: "[mM] y [_ \0] [pP] rog". 3) Often passwords consist of two intelligent words, separated by some sign. The appropriate description: "$w [$1 $!] $w" or "$w.u(1) [$1 $!] $w.u(1)" It is important to note, that both $w are not equal here , and will generate a total of (if there are 20000 words in the dic- tionary): 20000 * 42 * 20000 = 1.68E10 passwords. Accordingly, it is simple two words separated by a number break in 42 times faster. 4) You remember, that your password was "MyVeryLongGoodPassword", but it does not match for some reason. Try these combinations: "{MyVeryLongGoodPassword}" - 2382 passwords "{MyVeryLongGoodPassword}.2" - 2836413 passwords 5) You know, that the password consists of an intelligent word, inside which on any position figure is inserted. The description: $p = [$1] # define insert set ## {$w} 7) Attack on syllables. Create the dictionary of allowable syllables of your language, and then it is possible to touch all intelligent-sounding word as follows: $u # all one-syllable word $u$u # two-syllables $u$u$u #etc. $u$u$u$u ... 8) To parrallel the work on 2 computers, set to them the following descriptions: "[abcdefghijklm] $a * " - first "[nopqrstuvwxyz] $a * " - second. Similarly act for n of computers. 3. Interface with the application. Is rather simple and is described in a file PCL.H. 4. How to contact to the author. Only by e-mail. FIDO: 2:5030/145.17 e-mail: psw@ssl.stu.neva.ru WWW: http://www.ssl.stu.neva.ru/psw/ The library PCL is distributed by the author as FREEWARE as files .LIB (under Borland, Watcom C) or .a (under DJGPP) with the requirement of the obligatory reference to it in your programs. Basic URL of library: http://www.ssl.stu.neva.ru/psw/crack.html#PCL Reception of the source texts - subject of separate conversation. Now it is in a stage of development, therefore I shall be very glad by any indication on mistakes and defects in it, and especially to wishes concerning its improvement and addition. 5. Thanks to. Solar Designer and Alec Muffett - for ideas of some modifiers. Eric Young - for timing function from libdes. John Vandermeersch for correcting this docs.