PZAPRParallel Zip Archive Password
Recovery
CSCI5576 - High Perf Sci ComputingUniv. of Colorado
Spring 2011
Neelam AgrawalRodney BeedeYogesh Virkar
2011-04-29
Topics• The Team• Introduction• Framework• Brute Force• Dictionary• Password Verification Process• Data Collection• Results & Conclusions• Questions
Introduction• ZipCrypto was first ZIP encryption
o Easily defeated
• AES-256o Standardo 2003 integrated into ZIP spec
• Password recovery of ZIP's not newo Proprietary companies
• Open source solutiono Free (if you have hardware)
Framework• MPI with C++ & C
• 3 Componentso Password Generator
Brute Force Dictionary
o Password Verification
• Command Parameterso Log Patho Zip Patho Method (BRUTE | DICTIONARY)o Dictionary Path
Initialize password generator
Next Password(BRUTE|DICTIONARY)
AttemptPassword()
Correct?
Tell Everyone Else I Found It
Anyone Else Find It?
END
NO MORE?
NO YES
NO YES
Framework (cont)
Initialize decrypt engine
Brute Force• All alphanumeric from 1 to 7 length
o 0-9, A-Z, a-zo 62 possible characters
• 3,579,345,993,194 possible passwordso 62^7 + 62^6 + ... 62^1
• Traditional incremento 'a' + 1 ==> 'b'o 'az' + 1 ==> 'b0'o Not feasible for parallel
Brute Force - Algorithm• Pick number from 1 to 3 trillion
o Called position• Know password without increment• The Algorithm:
f(position) = factor1 * (ALPHA_LEN)^(n - 1) + factor2 * (ALPHA_LEN)^(n - 2) + ... + factorn-1 * (ALPHA_LEN)^(n - (n-1)) + factorn * (ALPHA_LEN)^(n - n)
Brute Force - Algorithm (cont)
f(position) = factor1 * (ALPHA_LEN)^(n - 1) + factor2 * (ALPHA_LEN)^(n - 2) + ... + factorn-1 * (ALPHA_LEN)^(n - (n-1)) + factorn * (ALPHA_LEN)^(n - n)
• ALPHA_LEN => Alphabet lengtho Number possible characterso 62 (easy to expand)
Brute Force - Algorithm (cont)
f(position) = factor1 * (ALPHA_LEN)^(n - 1) + factor2 * (ALPHA_LEN)^(n - 2) + ... + factorn-1 * (ALPHA_LEN)^(n - (n-1)) + factorn * (ALPHA_LEN)^(n - n)
• n = PASSWORD LENGTHo Start at maximum possible (7)o Based on position find max possible < positiono Password length is 1 more than that length
Brute Force - Algorithm (cont)
f(position) = factor1 * (ALPHA_LEN)^(n - 1) + factor2 * (ALPHA_LEN)^(n - 2) + ... + factorn-1 * (ALPHA_LEN)^(n - (n-1)) + factorn * (ALPHA_LEN)^(n - n)
• factori is the ith character of the passwordo No factor can be zeroo Must borrow from previous if zero
• factori points to alphabet array index
Brute Force - Example• position = 1,000,000• ALPHA_LEN = 62• n = 4 (password length)
f(1,000,000) = factor1 * (62)^(3) + factor2 * (62)^(2) + factor3 * (62)^(1) + factor4 * (62)^(0)
factors = 4, 12, 9, 2
Brute Force - Example (cont)• factors = 4, 12, 9, 2
o Correspond to alphabet indexes
const char PASSWORD_ALPHABET[] = { '\0', // always idx 0'0', '1', '2', '3', '4', '5', '6', '7', '8', '9','A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W','X', 'Y', 'Z','a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w','x', 'y', 'z'};
• PASSWORD = '3', 'B', '8', '1' or "3B81"
Dictionary Attack Mode
• Defeating a cipher or authentication mechanism byo Searching likely possibilities.o i.e. searching part of the key space.
• Not brute force
• Assumption: Potentially weak passwords
Building Dictionary
• Tool Used: John the Rippero Permutationso Combinations
• Commando john --wordlist=all.lst --rules --stdout |
unique mangled.lst
Building Dictionary (2)
• Ruleso l (convert to lowercase)o C (lowercase the first character, and uppercase the rest)o r (reverse: "Fred" ==> "derF")o f (reflect: "Fred" ==> "FredderF")o d (duplicate: "Fred ==> "FredFred"")o ..........and many more!!
• Time to permute: little over 4 hours
• Newer versions: o John the Ripper 1.7.6+
Support for OpenMP directives. (Source:openwall.info/wiki/john/parallelization)
Reading the Dictionary: Initialization
Reading the Dictionary: Indexing
• Indexing uses o displacement array o rank o per process word count
• Load is evenly distributed.o Eg: n = 103, m = 10o n/m = 103/10 = 10o n%m = 103%10 = 3
o rank 0 : 11 wordso rank 1 : 11 wordso rank 2 = 11 wordso rank 3-9 = 10 words
Requirements for Cracking a zip file
• Zip file format• Extracting information from zip file• Verifying the password• Decrypting the file data• Used Dr. Brian Gladman’s code
oC library for AES encryptionoUsed by WinZip
Zip file format
HEADER
FILE NAME
EXTRA FIELD
SALT
PASSWORD VERIFIER
ENCRYPTED FILE DATA
AUTHENTICATION CODE (MAC)
Password Verification Process
ZipFile
GivenPassword
Password Verification Process
ZipFile
SaltGiven
Password
Password Verification Process
ZipFile
SaltGiven
PasswordPassword
Verifier
Password Verification Process
ZipFile
Salt
Password Verifier
GivenPassword
Password Verifier
Password Verification Process
ZipFile
Salt
Password Verifier
Password Verifier
Match
GivenPassword
Password Verification Process
ZipFile
Salt
Password Verifier
GivenPassword
Password Verifier
Match Return False
Password Verification Process
ZipFile
Salt
Password Verifier
GivenPassword
Password Verifier
Match Return False
Password Verification Process
ZipFile
Salt
Password Verifier
Data
GivenPassword
Password Verifier
Match Return False
Password Verification Process
ZipFile
Salt
Password Verifier
Data
GivenPassword
Password Verifier
Match
Decrypt MAC
Return False
Password Verification Process
ZipFile
Salt
Password Verifier
Data
MAC
GivenPassword
Password Verifier
Match
Decrypt MAC
Return False
Password Verification Process
ZipFile
Salt
Password Verifier
Data
MAC
GivenPassword
Password Verifier
Match
Decrypt MAC
Match
Return False
Password Verification Process
ZipFile
Salt
Password Verifier
Data
MAC
GivenPassword
Password Verifier
Match
Decrypt MAC
Match
Return False
Return False
Password Verification Process
ZipFile
Salt
Password Verifier
Data
MAC
GivenPassword
Password Verifier
Match
Decrypt MAC
Match
Return False
Return False
Return True
Speed ups
• Reducing file handling operations• Quick 2 byte check• Parallel implementation on GPU
Data Collection & Testing• Frost
o 32-bit, 700Mhz, 512MB Ram• Janus
o 64-bit, 2.8GHz, 2GB Ramo Ran in 32-bit mode
• Test Typeso Brute and Dictionaryo Nodes: 128, 1024, 2048, 4096o First, Middle, Last, Never
(password positions)• Model
o Passwords / time unit for X nodeso Time to solution for X nodes
Results (Estimated Time: Brute, Janus )
Results(Estimated Time: Brute, Janus vs Frost)
Results(Estimated Time: Dictionary, Janus )
Results(Estimated Time: Dict., Janus vs Frost)
Conclusions• Max throughput (Janus)
o Brute = 172 passwords / secondo Dictionary = 86 passwords / second
• Brute (Janus)o 7 alphanumeric = 60 days with 4096 processorso 8 alphanumeric = 9.9 years with 4096 processorso 10 alphanumeric = 38395 years with 4096 processors
• Dictionary (Janus)o 1 billion = 47.3 minutes with 4096 processorso 100 billion = 78.85 hours with 4096 processors
• Conclusiono Choose good passwords
Questions?
http://code.google.com/p/pzapr/