Nexus 7: A hackers toolkit. Part 3 – WEP cracking and MAC Spoofing

In the previous posts we looked at how to use a modified Nexus 7 to gain access to a WPA secured network by cracking the WPA handshake or by exploiting WPS. Now it is somewhat of a rarity to see WEP networks in existence these days, however for the sake of completeness this guide will look at how we can attack these networks. We will also look at how we can bypass MAC filtering.

TL:DR – Never use WEP

Disclaimer: the author and contributors to this document will accept no responsibility for the consequences of the actions of individuals concerning wireless networks. Penetration testing networks other than your own may be illegal in your country. It is your sole responsibility to act in compliance with all relevant legislation and regulations.

Wired Equivalent Privacy (WEP) is a RC4 stream cipher, which means a key is used to seed a pseudo-random keystream which is used for encoding (similar to a one-time pad). Because the keystream is not truly random it means the same key cannot be used twice to seed. Otherwise the key can be calculated by gathering enough data.

To combat this shortfall an Initialisation Vector (IV) is transmitted from the router to the client to add to the key so that it is not a constant value. The IV makes up 24 bits of the seed with the key making up the rest (either 36 bits or 100 bits depending on if we are using 64 bit or 128 bit WEP). Unfortunately 24 bits is not enough randomness for a busy network and there is still a 50% probability of a duplicate key after 5000 packets.

Because the first few bytes of a header of a packet are known or predictable (similar to how enigma was cracked) then it is possible to work out the key once we capture enough packets. Using the IV’s we can guess each letter of the key sequentially rather than having to bruteforce the complete key (see here.

This assumes we’ve got a device setup as discussed in the previous article. Now let’s have a go at this on our demo network:

  1. Enable monitor mode on the wifi interface
  2. Identify the network we are looking to attack
  3. Start listening and capturing ivs
  4. Deauthenticate connected clients to increase capture rate

For a complete guide to running these attacks please refer to the aircrack-ng simple wep cracking guide. For simplicity I will be using the wifite python script. This script handles all of the steps described above without us needing to remember all of the commands, and if you are interested in what is doing in each step you can view the source.

Enable monitor mode on the interface


Find the network to target.


Attack the target using wifite (automatically & recommended) or via aircrack-ng


Now we have the WEP key in plaintext and can use it to connect to the network or decrypt network traffic.

For added security a router can add MAC filtering which only allows devices with set MAC addresses access even once the password is known.

However it is pretty trivial to change the MAC address of our wireless interface and access the network as an imposter. This involves listening to a network to find the MAC address of a connected client and then setting their MAC address as our own.

  1. Find client to impersonate
  2. Disable monitor mode on the wireless interface
  3. Change MAC address of the interface
  4. Profit…

First we need to find a client to impersonate. We do this by using airodump-ng to monitor (assuming monitor mode is already enabled, see above for this step).

airodump-ng -i mon0 -c 5 -b 3C:81:D8:95:6B:EC

Where mon0 is our monitoring interface, 5 is the channel to lock to (optional), 3C:81:D8:95:6B:EC is the MAC address of our target router (optional).


Here we see that a client (AC:7B:A1:5B:CF:11) is connected to our target network (3C:81:D8:95:6B:EC).

airmon-ng stop wlan1

where wlan1 is the wireless interface to stop monitoring on

We can use ifconfig to list information about all the interfaces we have available. This will show us what our current mac address is.

ifconfig -a


macchanger -m AC:7B:A1:5B:CF:11 wlan1

Where AC:7B:A1:5B:CF:11 is the MAC address we want to change to, and wlan1 is the wireless interface we wish to change the MAC address of.


Now when we run ifconfig again we will see that the MAC address has changed

ifconfig -a


And voila! Your interface is now an imposter. Trying to connect to a MAC filtered network is not an issue as you have an approved MAC address.


This handy trick can be used to bypass time restrictions that some routers use to restrict internet usage to 30 mins or so before trying to make you pay. Change the MAC address, you appear as a new user.

We have shown how trivial it is to crack WEP keys and gain unauthorised access to a wireless network and how to bypass a MAC address filter if one is in place.

Read More

Nexus 7: A hackers toolkit. Part 2 – WPS hacking

In the last post we looked at how to obtain WPA handshakes and how to crack them in order to obtain the password using a modified Nexus 7. Now we will look at a simpler way to get the password by exploiting a vulnerability found in many routers.

TL:DR – disable WPS on your home router!


Disclaimer: the author and contributors to this document will accept no responsibility for the consequences of the actions of individuals concerning wireless networks. Penetration testing networks other than your own may be illegal in your country, it is your sole responsibility to act in compliance with all relevant legislation and regulations.

Wifi Protected Setup (WPS) is used to simplify setting up wifi networks by bypassing the need to know a complicated password. There are two main types of WPS; 1. Push button – Where a button is pressed on the router and the client device 2. Pin – Using an 8 digit number to bypass needing a complex password. Both WPS types can be seen in the images below:



We will be exploiting the pin method of WPS. Once you know the correct 8 digit pin the router will spit out the password in plain text.

So you’d think that with an 8 digit pin there would be 10^8 combinations, which would take a while to brute force as most routers can typically handle 1 guess every 10 seconds. However there are a few pitfalls with the implementation.

Our first win is that the last digit of the 8 digit number is a checksum of the previous 7 numbers. So that’s only 10^7 combinations… still a lot.

The second pitfall of the implementation is that the 8 digit pin is checked in two halfs, so you will be told when the first half is correct and then if it is, it will go on to check the second half.

So this means that you have 10,000 combinations for the first half, and then just 1000 combinations for the last half. This means you can brute force the combination in less than 11,000 attempts.


This assumes we’ve got a device setup as discussed in the previous article. Now let’s have a go at this on our demo network:

  1. Enable monitor mode on the wifi interface
  2. Identify the network we are looking to attack
  3. Run a wps attack against this network (Reaver or Bully)

Monitor mode allows us to listen to the raw packets coming into the wireless interface. We can start or stop monitor mode using airmon-ng.

airmon-ng start wlan1

where wlan1 is the interface we want to start monitor mode on.


Using aerodump-ng we can see the wireless network in range and some information about them.

airodump-ng -i mon0

Where mon0 is our newly created monitoring interface. There are lots of switches for airodump -c 1 for instance would lock the channel to 1 (see help for more airodump-ng –help).


Here we can see the ‘Intohand_Demo’ network we are looking for. Now we can use this information to start guessing WPS pins.

reaver -i mon0 -b 3c:81:d8:95:6b:ec -vv

where mon0 is the monitor mode interface to our wireless device, 3c:81:d8:95:6b:ec is
the MAC address of the router we are attacking, and -vv instructs reaver to be very verbose.


This will churn through all the possibilities (starting with a few common ones then sequentially). When we get the first 4 digits of the pin incorrect we only see messages 1 to 4, when this changes to get 5 and above the first 4 digits are correct.


When the pin is guessed correctly, the router will spit out the password in plaintext. Too easy right?!

Once the pin is known, if the user changes the password we can simply run reaver again, this time already knowing the correct pin and the new password will be revealed to us.

reaver -i mon0 -b 3c:81:d8:95:6b:ec -vv -p 27319734

Where 27319734 is the WPS pin to try.

Newer routers have a WPS lock out mode when they detect brute forcing attempt, which block WPS attempts for 5 mins to 1 day (Depending on model). This makes the bruteforcing take days to weeks rather than hours. Sometimes this lockout is MAC specific so it is possible to bypass this by changing mac address of our wireless interface. It can also be possible to force the router to restart by using a DOS style attack using MDK, however I’ve not had much success using this tool.

Some routers have attempted to bypass this method of brute forcing by using invalid pins. I.E Where the checksum is invalid. This increases the keyspace from 11,000 to 100,000. This dramatically increases the time it will take to crack a WPS pin, but does not prevent it entirely.

The best defence against WPS attacks is simply to disable WPS on your router.

It can still take a long time to crack a WPS pin, but thankfully some router manufacturers have made it easier for us. TalkTalk, a UK ISP, are a super cheap broadband provider and also it seems they have a flaw in the way the WPS pins are created.

On many routers the default ESSID (network name) has a string of randomly generated characters at the end, to avoid multiple networks with the same name. But this seemingly random string is actually the last 6 characters of the MAC address of the router. And now the security flaw: The WPS pin is calculated from the last part of this MAC address.

Extract partial MAC address from ESSID
Convert to decimal & limit to 7 digits
Calculate checksum (for last digit) & append to end
And here is a python script that can do that for you!

$ python
Essid: TALKTALK-33A3C0
WPS Pin: 33842561

We have demonstrated a devastating attack on WPS enabled networks which reveals the plaintext password in a relatively short amount of time, all using the Nexus 7. Hopefully this has convinced you to disable WPS on your home and work WiFi routers.

Read More

Nexus 7: A hackers toolkit. Part 1 – Setup and hacking WPA networks


This is the first of a series of posts where we will take an old Nexus 7 (2012 wifi) and convert it into a compact penetration testing toolkit. In this first article we’ll setup and install the Nexus 7 tablet and complete our first penetration test on a secure WPA network. It should make a good showcase for the flexibility and extensibility of the Android operating system.

This will be done by installing custom linux chroot onto our device and taking advantage of the freely available penetration testing tools that are available. We will then perform some basic penetration testing against our demo wireless networks in order to demonstrate the importance of understanding network security.

Disclaimer: the author and contributors to this document will accept no responsibility for the consequences of the actions of individuals concerning wireless networks. Penetration testing networks other than your own may be illegal in your country, it is your sole responsibility to act in compliance with all relevant legislation and regulations.

There is a choice of two popular distributions, both are built on the Kali Linux distribution – each with their own advantages and disadvantages, but with identical core functionality.

Kali Linux NetHunter

  • Supports newer version of android (4.4.4)
  • Offers an additional toolkit with a simple graphical interface that can carry out sophisticated attacks (HID Attack, BadUSB)


Pwnie Express Community Edition

  • Easier shortcuts to commonly used command line tools



  • Unlocking the bootloader will wipe all your data. So ensure your data is backed up before you start!
  • Although this process is reversible it can void your warranty

First you will need a compatible device. This will depend on which distro you decide to go with.

For Pwnie Express ( )

  • Nexus 7
  • Nexus 5

For Kali Linux NetHunter (

  • Nexus 10
  • Nexus 7
  • Nexus 5
  • OnePlus One


USB OTG Y-cable – You can use just a standard OTG cable however using a Y-cable allows us to charge the device at the same time as using a usb peripheral. Note that while the device will charge and the battery percent will increase the charging indicator may not show.

USB ethernet adapter – This allows us to connect the android device to a network via ethernet. I have had mixed success in using this as sometimes the device doesn’t seem to want to register on the network.

USB wifi adapter – It is important to select a wifi adapter that supports monitor mode. The TP­Link TL­WN722N is recommended.

Using a small amount of velcro tape we can attach the wifi and ethernet adapter to the back of the device which makes it easier to move around without accidentally unplugging them.


To install NetHunter or Pwnie Express you must first unlock the bootloader and root the device. This is explained in the respective guides, but is very similar to flashing custom roms (such as cyanogen) onto a device.


  1. Download the correct image for your device
  2. Follow this guide to install

Pwnie Express

  1. Ensure your device is running android 4.2.2, otherwise this will not work! Please downgrade to this version before continuing. You can find the factory images for Nexus devices here
  2. Download the correct image for your device and follow the installation guide here

Now we have our device set up it’s time to get to the good stuff! Below is a condensed list of some of the tools available to us:

  1. Aircrack-ng – a collection of wifi hacking tools
  2. airodump-ng – Sniffing tool
  3. aircrack-ng – Cracking tool (WEP/WPA2)
  4. airmon-ng – enabled/disables monitor mode of wireless devices connected
  5. besside-ng – useful script for capturing WPA handshakes however I’ve not had success getting it working on my Nexus 7.
    many more tools in this package, see for details.
  6. Dsniff – Script that watches an interface and scans for passwords and other sensitive strings
  7. EvilAP – Script that creates an access point and allows clients to connect to it in order to perform man-in-the-middle attacks between the client.
  8. Kismet – Sniffing tool similar to airodump
  9. MAC Changer – changes the mac address of interfaces
  10. Nmap – Powerful port scanner and OS-fingerprinting tool
  11. Tshark – command line version of wireshark for packet capture and analysis
  12. Strings Watch – Script that watches an interface and scans for strings
  13. Wifite – Python script that automates wireless attacks
  14. Ubertooth – bluetooth sniffing tool

Note that as we are running kali linux distro we can download more packages via the package manager (apt), but I have had mixed success with this.

Often we assume that our private wifi networks are secure just because they use a password and as a result sensitive information may be readily available to anyone able to connect/listen to the network. Let’s have a quick look at the wifi tools we can use to defeat basic wireless security.

There are two common types of security employed on wireless networks: Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP has several flaws in it’s implementation and was not intended to be robust to attack, fortunately this has meant that it’s popularity has decreased significantly in recent years and now it is somewhat of a rarity to see WEP networks.

WPA is much more secure and only really vulnerable to dictionary attacks. These dictionary attacks can be performed offline by capturing the 4 way handshake as a client connects to the router.

To capture a handshake we need to do the following

  1. Put the wireless interface into monitor mode (so it can sniff networks)
  2. Select a network to attack
  3. Sniff the network until a handshake is sent (sent each time a client connects)
  4. Optional: Deauthenticate clients so they must reconnect (and thus send another handshake). This massively speeds up the capture.

Thankfully the wifite script will perform all of these steps for us, which is great considering typing on the Nexus 7 can be time consuming.




Now we have the handshake but brute forcing a password is somewhat beyond the power of our little Nexus 7’s hardware (although we could use a small dictionary). However there exist dedicated and distributed hardware / services that can do this for you we just need to upload the handshake to a website. We look at a couple below: This is a distributed network of volunteers running a cracking service for free in the interest of promoting better security. You upload the handshake files and it will be tested against several dictionaries. The statistics page shows that about 15.5% of submitted networks are successfully cracked. – This is a cracking service that charges bitcoins for attempting to crack a handshake. If you know the keyspace used by the key (say a default router password) then this can be very cost effective. For example Sky Routers use an 8 uppercase letters (A-Z), this costs 0.25BTC (current valued at about £40). However if the password has changed from the default then the cracking will be unsuccessful, however many users don’t change their password from the default. Helpfully they show the success rate of each dictionary in the FAQ section on the site. – Another cracking site that accepts credit card payments and offers numerous dictionaries.

By uploading this handshake file to the password to our network is cracked in minutes. Turns out the password to our wifi network was ‘password1’…


We’ve dusted off a rather old device going unused and turned it into a very powerful security auditing tool and demonstrated how to capture a WPA handshake in order to brute force the password. Pretty neat.
In the next post we’ll look at exploiting Wifi Protected Setup (WPS) as a quicker and potentially cheaper method of gaining access to WPA protected networks.

Read More

Recreating the enigma in python

Whilst on holiday I was challenged by a friend (mikemeat) to create an enigma in python. Here is what I wrote:

# -*- coding: utf-8 -*-  
from random import shuffle,randint,choice
from copy import copy

def shift(l, n): # Method to rotate arrays/cogs
	return l[n:] + l[:n]
class cog: # Simple substitution cipher for each cog
	def create(self):
	def passthrough(self,i):
		return self.transformation[i]
	def passthroughrev(self,i):
		return self.transformation.index(i)
	def rotate(self):
		self.transformation=shift(self.transformation, 1)
	def setcog(self,a):

class enigma: # Enigma class	
	def __init__(self, nocogs,printspecialchars):
		self.oCogs=[] # Create backup of original cog positions for reset
		for i in range(0,self.nocogs): # Create cogs
		# Create reflector
		while len(refabet)>0:

	def print_setup(self): # To print the enigma setup for debugging/replication
		print "Enigma Setup:\nCogs: ",self.nocogs,"\nCog arrangement:"
		for i in range(0,self.nocogs):
			print self.cogs[i].transformation
		print "Reflector arrangement:\n",self.reflector,"\n"
	def reset(self):
		for i in range(0,self.nocogs):
	def encode(self,text):
		for l in text.lower():
			if (num>25 or num<0):
				if (self.printspecialchars): # readability
					pass # security
				for i in range(0,self.nocogs): # Move thru cogs forward...
				num=self.reflector[num] # Pass thru reflector
				for i in range(0,self.nocogs): # Move back thru cogs...
				ciphertext+=""+chr(97+num) # add encrypted letter to ciphertext
				for i in range(0,self.nocogs): # Rotate cogs...
					if ( ln % ((i*6)+1) == 0 ): # in a ticker clock style
		return ciphertext

plaintext="""The most common arrangement used a ratchet and pawl mechanism. 
Each rotor had a ratchet with 26 teeth and, every time a key was pressed, each 
of the pawls corresponding to a particular rotor would move forward in unison, 
trying to engage with a ratchet, thus stepping the attached rotor once. A thin 
metal ring attached to each rotor upon which the pawl rode normally prevented 
this. As this ring rotated with its rotor, a notch machined into it would 
eventually align itself with the pawl, allowing it to drop into position, engage 
with the ratchet, and advance the rotor. The first rotor, having no previous 
rotor (and therefore no notched ring controlling a pawl), stepped with every 
key press. The five basic rotors (I–V) had one notch each, while the additional 
naval rotors VI, VII and VIII had two notches. The position of the notch on each 
rotor was determined by the letter ring which could be adjusted in relation to 
the core containing the interconnections. The points on the rings at which they 
caused the next wheel to move were as follows"""


print "Plaintext:\n"+plaintext+"\n"
print "Ciphertext:\n"+ciphertext+"\n"

# To proove that encoding and decoding are symmetrical
# we reset the enigma to starting conditions and enter
# the ciphertext, and get out the plaintext
print "Plaintext:\n"+plaintext+"\n"

Feel free to tear it apart and show me how much better/easier it could have been!

Read More

Bitcoins a cryptocurrency, free bitcoins and a rigged casino

Update: it’s currently quite difficult to get hold of bitcoins in the UK but localbitcoins works.

If your already aware of the awesomeness of public key cryptography (e.g. PGP or OTR), then you will probably appreciate Bitcoins.

You send coins by typing in someone’s address and how many coins to send and then your transaction will propagate around the p2p network. You receive coins in the same way by giving someone your address. In order to track transactions you can also make more addresses (and labels for them) which can also add to anonymity. Bitcoins are currently worth $0.0201 per bc (source)

Bitcoin program running

Bitcoin program running

Generating Bitcoins
You can opt to generate solutions to a specific crypotgraphic problem in exchange for bitcoins, by doing so your computer’s idle CPU will be used to solve this problem and when a solution is found you will be rewarded with some bitcoins, yay. There is also talk of speeding up the generation by using CUDA or similar tools here

5 Free Bitcoins
You can get 5 free bitcoins to start off your adventure into this new currency fromhere. This is a donation from somebody who wants to ensure that this currency is sucessful and as such this is a token of good faith and should not be exploited. You can also donate bitcoins to the fund to help this project.

Bitcoin casino (A Rigged Casino)
Now onto complain about a rigged casino that operates with bitcoins (Bitcasino).

Rigged and Broken roulette game on bitcoin casino

Rigged and Broken roulette game on bitcoin casino

I continually placed a bet (free play mode) on red, and for over 40 rounds it came up black, this has a probability of (20/7)^40 or 0.000000000708%. As unfair as this was then game then started getting worse constantly resulting in 0, however it would say “31 black odd” and in the side bar of past numbers “un” kept appearing which I guess means unknown.

I also tested a few of the slot machines to see if they were rigged too, and surely enough each rotation of the slots resulted in the exact same result every time, which was of course a losing one.

This bitcoin casino is rigged, buggy and not worth wasting your time with, it is much easier to lose money in other ways.

Bitcoin is an awesome idea and hopefully it will catch on and become sucessful, however be sure to avoid bitcasino! Also if anyone would like to donate some bitcoins then please send them to:

Read More

Cracking real world salted MD5 passwords in python with several dictionaries

Recently a friend (who will remain unnamed for obvious reasons) asked me to penetration test a website he created. I found a very simple exploit where I could upload an avatar but the file was not checked to ensure it was an image, so I uploaded a php script I wrote an began exploring the server. I printed out all of the usernames, passwords and salts from the database to see how many of the 1,109 passwords could be easily cracked.

The passwords were stored as MD5 hashes with a random 6 character alphanumeric salt. To create the MD5 hash of the password the salt was prefixed to the password and then the combination was hashed. Thanks to this method we can employ a simple bruteforce/dictionary attack on the passwords. I will start with the wordlists creation, then results I obtained to keep your interest, and finally show my python code.

Creating wordlists
I already has two reasnoble sized dictionaries that I use for different things like wordcube. I used john the ripper on my double sized dictionary to create lots of common permutations on words, such as captial first letter, and a number affixed to the end. To do this you run john with the following parameters, where dic.txt is the input dictionary and dic_plus_rules.txt is the output from john with all of the additions it has made.

john –wordlist=dic.txt –rules –stdout > dic_plus_rules.txt

I also download two wordlists from openwall, one which is a list of ~3100 common passwords, and one labelled ALL that has a large amount of words (~4 million) in various languages. Because of the highly compressible nature of text the files are available in small gzip files. ALL is 11.5Mb which unzips to 41.4Mb and password 12kb which unzips to 21.8kb. There are also more wordlists avaliable for different languages, but the ALL file includes these.

The size of all of the wordlists I used is shown below:

Dictionary Combinations
English 42,987
Double-English 80,368
Double+john-rules 3,986,706
Openwall Common Passwords 3,158
Openwall ALL 3,917,116


Dictionary Cracked Percentage Time
English 60 5.41% 80s
Double-English 65 5.86% 170s
Double+john-rules 116 10.46% 2.5hrs (8393s)
Openwall Common Passwords 112 10.10% 7s
Openwall All 210 18.94% 2.45hrs (8829s)
Total Passwords Obtained 254 22.90% ~5hrs

Comical passwords

Here are some of the more amusingly bad passwords, the number in brackets shows the frequency of the password.

Crap passwords: 123456 (18), password (4), 1234567 (4), 123456789 (3) 12345678 (2), 12345 (2), abc123 (2), asdfgh (2), nintendo (2), 123123, abcd1234, abcdefg, qwerty
Self-describing passwords: catholic, cowboy, creator, doger, ginger, killer, maggot, player, princess, skater, smallcock, smooth, super, superman, superstar, tester, veggie, winner, wolverine
Some other passwords:bananas, cheese, cinnamon, hampster ,DRAGON, dribble1, poopie, poopoo

Python Program

# -*- coding: utf-8 -*-
import hashlib, sys
from time import time

# Change to commandline swtiches when you have the time!
hash = ""
hash_file = "hash2.csv"
wordlist = "mass_rules.txt"; 

# Read the hash file entered
	hashdocument = open(hash_file,"r")
except IOError:
	print "Invalid file."
	# Read the csv values seperated by colons into an array
	for line in hashdocument:
		inp = line.split(":")
		if (line.count(":")<2):

# Read wordlist in
	wordlistfile = open(wordlist,"r")
except IOError:
	print "Invalid file."

tic = time()
for line in wordlistfile:
	line = line.replace("\n","")
	for i in range(0,len(hashes)):
		m = hashlib.md5()
		word_hash = m.hexdigest()
		if word_hash==hashes[i][1]:
			toc = time()
			print hashes[i][0]," : ", line, "\t(",time()-tic,"s)"

	# Show progress evey 1000 passwords tested
	if tested%1000==0:
		print "Cracked: ",cracked," (",tested,") ", line

# Save the output of this program so we can use again 
# with another program/dictionary adding the password 
# to each line we have solved.
crackout = open("pycrackout.txt","w")
for i in hashes:
	for j in i:
		if s!="":

print "Passwords found: ",cracked,"/",len(hashes)
print "Wordlist Words :", test
print "Hashes computed: ",len(hashes)*tested
print "Total time taken: ",time()-tic,'s' 


  • Play with more dictionaries
  • Speed up code:
    • Add multi-threading: My experience with multi-threading in python is that it doesn't work well for cpu intensive tasks, if you know otherwise please let me know.
    • Have a look at PyCUDA to see if I can use my graphics card to speed up the code significantly (another type of mutli-threading really...) without having to change language like in my previous post of CUDA MD5 cracking
  • Remove hash once found to stop pointless checking
  • Add command line switches to all it to be used like a real program
Read More

Cracking MD5 hashes (or passwords) ultra-fast with GPU acceleration

Do you want to crack MD5 hashes in at a rate of ~300MHash/s without a massive rainbow table? Do you have a CUDA enabled GFX card? If you said yes or maybe to these questions then read on for a brief introduction on how to compile and run a CUDA accelerated MD5 cracker (coded by Benjamin “Titan” Vernoux ).

Pre-Requisites and Downloading

Building in Ubuntu 10.04

Extract the archive and do a make on the source code. When doing this I came across two problems that can be fixed by modifying the file.

Problem 1: (cannot be declared weak)

$ make
/usr/include/string.h:43: error: inline function ‘void* memcpy(void*, const void*, size_t)’ cannot be declared weak
/usr/include/string.h:64: error: inline function ‘void* memset(void*, int, size_t)’ cannot be declared weak
/usr/include/bits/string3.h:49: error: inline function ‘void* memcpy(void*, const void*, size_t)’ cannot be declared weak
/usr/include/bits/string3.h:78: error: inline function ‘void* memset(void*, int, size_t)’ cannot be declared weak
/opt/cuda/bin/../include/common_functions.h:59: error: inline function ‘void* memset(void*, int, size_t)’ cannot be declared weak
/opt/cuda/bin/../include/common_functions.h:62: error: inline function ‘void* memcpy(void*, const void*, size_t)’ cannot be declared weak
/opt/cuda/bin/../include/math_functions.h:422: error: inline function ‘int __signbit(double)’ cannot be declared weak
/opt/cuda/bin/../include/math_functions.h:427: error: inline function ‘int __signbitf(float)’ cannot be declared weak
/opt/cuda/bin/../include/math_functions.h:440: error: inline function ‘int __signbitl(long double)’ cannot be declared weak
/usr/include/bits/mathcalls.h:350: error: inline function ‘int __signbit(double)’ cannot be declared weak
/usr/include/bits/mathcalls.h:350: error: inline function ‘int __signbitf(float)’ cannot be declared weak
/usr/include/bits/mathcalls.h:350: error: inline function ‘int __signbitl(long double)’ cannot be declared weak
/usr/include/bits/mathinline.h:36: error: inline function ‘int __signbitf(float)’ cannot be declared weak
/usr/include/bits/mathinline.h:42: error: inline function ‘int __signbit(double)’ cannot be declared weak
/usr/include/bits/mathinline.h:48: error: inline function ‘int __signbitl(long double)’ cannot be declared weak

Solution 1

# Debug/release configuration
ifeq ($(dbg),1)
BINSUBDIR := debug
##############Change the following line to have -O0 instead of -O2
BINSUBDIR := release
NVCCFLAGS += –compiler-options -fno-strict-aliasing
CXXFLAGS += -fno-strict-aliasing
CFLAGS += -fno-strict-aliasing

Problem 2: (lcudart)

$ make
/usr/bin/ld: skipping incompatible /opt/cuda/lib/ when searching for -lcudart
/usr/bin/ld: skipping incompatible /opt/cuda/lib/ when searching for -lcudart
/usr/bin/ld: cannot find -lcudart
collect2: ld returned 1 exit status
make: *** [bin/linux/release/gpu_md5_crack_0.2.3] Error 1

Solution 2

############## Change lib to lib64 if using a 64 bit operating system

Remember that you should “make clean” in-between each attempt to compile.


Once it has compiled nicely you can give it a testdrive with its build in benchmark (with an NVIDIA 260 GFX card). Just run with the -b option:

./gpu_md5_crack_0.2.3 -b
GPU_MD5_Crack v0.2.3 09 July 2009 LGPL for BackTrack 4.
Copyright (C) 2009 TitanMKD (

Benchmark Start
Using default CUDA GPU device:0
Cuda device ID:0, Device name:GeForce GTX 260, supporting CUDA:1.3,
multiProcessorCount:27, clockRate:1466.00 MHz, TotalMem:895.31 MB
******* Test 0 Start *******
Expected Password: 1234567890
MD5 Hash:e807f1fcf82d132f9bb018ca6738a19f, Start Password:1200000000, Total pwd to check:1000000000
Charset used 0:0123456789
MD5 brute force started

MD5 Cracked pwd=1234567890 hash=e807f1fcf82d132f9bb018ca6738a19f
Instant 200.02 Mhash/s(40.00 ms)
Average 190.49 Mhash/s, Total Time:0.21s(210.00 ms)
MD5 brute force finished
******* Test 0 End *******

******* Test 1 Start *******
Expected Password: azerty
MD5 Hash:ab4f63f9ac65152575886860dde480a1, Start Password:, Total pwd to check:1000000000
Charset used 1:abcdefghijklmnopqrstuvwxyz
MD5 brute force started

MD5 Cracked pwd=azerty hash=ab4f63f9ac65152575886860dde480a1
Instant 200.02 Mhash/s(40.00 ms)
Average 240.02 Mhash/s, Total Time:0.10s(100.00 ms)
MD5 brute force finished
******* Test 1 End *******

******* Test 2 Start *******
Expected Password: azer09
MD5 Hash:41b9cabe6033932eb3037fc933060adc, Start Password:, Total pwd to check:1000000000
Charset used 2:abcdefghijklmnopqrstuvwxyz0123456789
MD5 brute force started
Progress 5%, Pwd:6lmea, Instant 280.02 Mhash/s(28.57 ms)
MD5 Cracked pwd=azer09 hash=41b9cabe6033932eb3037fc933060adc
Instant 266.69 Mhash/s(30.00 ms)
Average 287.20 Mhash/s, Total Time:0.39s(390.00 ms)
MD5 brute force finished
******* Test 2 End *******

******* Test 3 Start *******
Expected Password: AZBVSD
MD5 Hash:fd049008572788d60140aaead79336cc, Start Password:, Total pwd to check:1000000000
MD5 brute force started

MD5 Cracked pwd=AZBVSD hash=fd049008572788d60140aaead79336cc
Instant 266.69 Mhash/s(30.00 ms)
Average 240.02 Mhash/s, Total Time:0.10s(100.00 ms)
MD5 brute force finished
******* Test 3 End *******

******* Test 4 Start *******
Expected Password: AZ09AA
MD5 Hash:7a552dd9cdd49acc5320bad9c29c9722, Start Password:, Total pwd to check:1000000000
MD5 brute force started
Progress 5%, Pwd:6LMEA, Instant 266.69 Mhash/s(30.00 ms)
MD5 Cracked pwd=AZ09AA hash=7a552dd9cdd49acc5320bad9c29c9722
Instant 266.69 Mhash/s(30.00 ms)
Average 280.02 Mhash/s, Total Time:0.40s(400.00 ms)
MD5 brute force finished
******* Test 4 End *******

******* Test 5 Start *******
Expected Password: zaZAab
MD5 Hash:aef49f70bb7b923b8bc0a018f916ef64, Start Password:zCAAAA, Total pwd to check:1000000000
Charset used 5:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
MD5 brute force started
Progress 17%, Pwd:zaDpoA, Instant 280.02 Mhash/s(28.57 ms)
MD5 Cracked pwd=zaZAab hash=aef49f70bb7b923b8bc0a018f916ef64
Instant 266.69 Mhash/s(30.00 ms)
Average 283.10 Mhash/s, Total Time:0.65s(650.00 ms)
MD5 brute force finished
******* Test 5 End *******

******* Test 6 Start *******
Expected Password: za0ZA9
MD5 Hash:062cc3b1302759722f48ac0b95b75803, Start Password:zaAAAA, Total pwd to check:1000000000
Charset used 6:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
MD5 brute force started

MD5 Cracked pwd=za0ZA9 hash=062cc3b1302759722f48ac0b95b75803
Instant 266.69 Mhash/s(30.00 ms)
Average 266.69 Mhash/s, Total Time:0.06s(60.00 ms)
MD5 brute force finished
******* Test 6 End *******

******* Test 7 Start *******
Expected Password: a^-*|
MD5 Hash:cf7dcf4c3eeb6255668393242fcce273, Start Password:a0000, Total pwd to check:1000000000
Charset used 7: !”#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
MD5 brute force started

MD5 Cracked pwd=a^-*| hash=cf7dcf4c3eeb6255668393242fcce273
Instant 266.69 Mhash/s(30.00 ms)
Average 266.69 Mhash/s, Total Time:0.15s(150.00 ms)
MD5 brute force finished
******* Test 7 End *******

Benchmark End

So from the benchmark you can see that we are getting between 200 and 300 Mhash/s, that is about 250,000,000 hash attempts per second! AMAZING!!!

Number of combinations for different alphabets

Length 0-9 a-z a-z0-9 a-zA-Z a-zA-Z0-9
1 10 26 36 52 62
2 100 676 1,296 2,704 3,844
3 1,000 17,576 46,656 140,608 238,328
4 10,000 456,976 1,679,616 7,311,616 14,776,336
5 100,000 11,881,376 60,466,176 380,204,032 916,132,832
6 1,000,000 308,915,776 2,176,782,336 19,770,609,664 56,800,235,584
7 10,000,000 8,031,810,176 78,364,164,096 1,028,071,702,528 3,521,614,606,208
8 100,000,000 208,827,064,576 2,821,109,907,456 53,459,728,531,456 218,340,105,584,896
9 1,000,000,000 5,429,503,678,976 101,559,956,668,416 2,779,905,883,635,710 13,537,086,546,263,600
10 10,000,000,000 141,167,095,653,376 3,656,158,440,062,980 144,555,105,949,057,000 839,299,365,868,340,000

Estimated time (in seconds) to crack (at 250MHash/s)

Length 0-9 a-z a-z0-9 a-zA-Z a-zA-Z0-9
1 0.00 0.00 0.00 0.00 0.00
2 0.00 0.00 0.00 0.00 0.00
3 0.00 0.00 0.00 0.00 0.00
4 0.00 0.00 0.00 0.01 0.03
5 0.00 0.02 0.12 0.76 1.83
6 0.00 0.62 4.35 39.54 113.60
7 0.02 16.06 156.73 2,056.14 7,043.23
8 0.20 417.65 5,642.22 106,919.46 436,680.21
9 2.00 10,859.01 203,119.91 5,559,811.77 27,074,173.09
10 20.00 282,334.19 7,312,316.88 289,110,211.90 1,678,598,731.74

Full calculations avaliable here: MD5 hash cracking time using GPU accelerated brute forcing

What now?
Well you can crack MD5’s at an extremely accelerated rate, so enjoy doing so responsibly (let your morals guide you :P). You could also explore the source code and make additions as you see fit, I am planning on modifying it to allow an extra parameter so that prefixes can be added if you already know how the password starts. This can be the case when someone has prefixed the password with a known salt.

Read More

How to create a cryptogram in python (random substitution cipher)

Cryptograms are enjoyable puzzles created from a saying or phrase encrypted with a substitutional cipher. They can be fun to decipher by hand by looking for common letter combinations, doublets, guesswork, and other flaws in this encryption mechanism.

I wrote a quick python script which will accept an input text and create a random substitutional cipher and encrypt it. It then outputs the cipher alphabet and the encrypted text.

Source code:

# -*- coding: utf-8 -*-
import sys
from random import randint
from string import maketrans

if (len(sys.argv)>1):
	# Normal alphabet 

	# Randomly create a new cipherbet
	for i in range(0,len(alphabet)):
	# Get input text to translate  

	trantab = maketrans(alphabet,cipherbet)

	# Replace unused letters in cipherbet with _'s  
	for i in cipherbet:
		if i not in text:

	# Print cipherbet (solution) and the text (cryptogram) 
	print cipherbet
	print text

Example usage

python “The Science gets done. And you make a neat gun. For the people who are still alive.”
dri zlmixli vidz puxi. bxp oug qbai b xibd vgx. euf dri jiujci nru bfi zdmcc bcmwi.

Read More

Dell 1320c colour laser printer (Machine Identification Code microdots)

As you may or may not be aware some printers add extra information in order for the printer to be identified (primarily for counterfeiting case I believe). With colour laser printers this can be in the form of a small array of yellow dots printed onto you paper. Yellow dots are hardly visible to the naked eye, however if you are close enough and get the light at the right angle you can see them. If you have some blue leds or a blue light available this can make it much easier to see the dots (as the yellow dots will absorb the blue and look black).

CUPS test paper with non-visible yellow dots

CUPS test paper with non-visible yellow dots

CUPS test paper with non-visible yellow dots (closer)

CUPS test paper with non-visible yellow dots (closer)

Now much clearer under blue led illumination:

Yellow dots very clear under blue illumination on the dell 1320c colour laser printer

Yellow dots very clear under blue illumination on the dell 1320c colour laser printer

Yellow dots very clear under blue illumination (zoomed in)

Yellow dots very clear under blue illumination (zoomed in)

Unfortunately I my camera isn’t good enough quality and it doesn’t have a macro lens or feature so I can only show images at both extremes. Below are images captured with my microscope, you don’t have to look very far around the page, as the clusters are littered all over the page.

Microscope image of a few yellow dots on paper printed with dell 1320c

Microscope image of a few yellow dots on paper printed with dell 1320c

Microscope image of a two yellow dots (max zoom)

Microscope image of a two yellow dots (max zoom)

The Electronic frontier foundation have more information about the dots and have setup an address you can send a print test page to in order for them to build up a public defence case. Perhaps criminals will end up printing with yellow backgrounds to combat this method?

Read More

Python: Cryptography decoding a Caesar shift (frequency analysis)

Due to the simple nature of the Caesar cipher, it could easily be brute forced by trying all possible 25 keys and then looking by eye to see if the plaintext was revealed (this too can be automated by checking for common English words to see if the solution was probable). However the much more elegant method of frequency analysis can be used.

Below is a table of the frequency of letters in the English language:

Letter Frequency (percent) Frequency (decimal) Normalised Frequency
a 8.17% 0.08167 0.64297
b 1.49% 0.01492 0.11746
c 2.78% 0.02782 0.21902
d 4.25% 0.04253 0.33483
e 12.70% 0.12702 1.00000
f 2.23% 0.02228 0.17541
g 2.02% 0.02015 0.15864
h 6.09% 0.06094 0.47977
i 6.97% 0.06966 0.54842
j 0.15% 0.00153 0.01205
k 0.77% 0.00772 0.06078
l 4.03% 0.04025 0.31688
m 2.41% 0.02406 0.18942
n 6.75% 0.06749 0.53133
o 7.51% 0.07507 0.59101
p 1.93% 0.01929 0.15187
q 0.10% 0.00095 0.00748
r 5.99% 0.05987 0.47134
s 6.33% 0.06327 0.49811
t 9.06% 0.09056 0.71296
u 2.76% 0.02758 0.21713
v 0.98% 0.00978 0.07700
w 2.36% 0.02360 0.18580
x 0.15% 0.00150 0.01181
y 1.97% 0.01974 0.15541
z 0.07% 0.00074 0.00583

And shown graphically:

English Letter Frequency

English Letter Frequency

Using the following code we can use frequency analysis to find the solution to ciphertext created using the Caesar shift demonstrated previously (see Caesar shift and Caesar shift using makestrans).

from Numeric import *
from string import maketrans

def translator(text,alphabet,key):
	trantab = maketrans(alphabet,key)
	return text.translate(trantab)

def caesar_decode(ciphertext,s):
	return translator(ciphertext,alpha,alpha[-s:]+alpha[:-s])

class frequency_analysis:
	def __init__(self, ciphertext):

	def freq(self):
		for l in self.ciphertext:
			if (x>=97 and x<=122):

	def error(self):
		for i in range(0,len(self.arr)):
		return e

	def min_error(self):
		for rot in range(0,25):
			print rot,e
			if e<self.minimum[1]:
			del self.cor[-1]

ciphertext="ymjwj fwj ybt ydujx tk jshwduynts: tsj ymfy bnqq "+\
"uwjajsy dtzw xnxyjw kwtr wjfinsl dtzw infwd fsi tsj ymfy bnqq "+\
"uwjajsy dtzw ltajwsrjsy. ymnx nx f ajwd nrutwyfsy qjxxts yt "+\
"wjrjgjwjxujhnfqqd ktw fyyfhpx zxnsl kwjvzjshd fsfqdxnx bmnhm "+\
"wjvznwj qtsljw ufxxflj tk yjcy ns twijw yt fhmnjaj gjyyjw wjxzqyx."
print FA.solution

This code will calculate the error in statistical frequency for each letter squared to generate an error for each possible rotation. Using a sufficiently long piece of ciphertext this code should accurately reveal the Caesar rotation use. The table below shows the error for each rotation:

Rotation Error
0 4.11797847386
1 3.05305477067
2 3.70059678828
3 3.66330931218
4 3.5078619579
5 0.361318100755
6 3.17289666386
7 3.66072641654
8 3.39769855873
9 1.74854802027
10 2.92550921273
11 2.67524757297
12 2.86847189573
13 3.06980318397
14 2.56886153328
15 2.17180117031
16 2.24503724763
17 2.95579718798
18 1.74002183444
19 1.83328601011
20 1.74779021766
21 2.71332097813
22 1.5409364067
23 1.83209213494
24 1.54904808883

The lowest error is for 5 rotations (correctly so) with an error of 0.361318100755, the next lowest error is 22 rotations with an error of 1.5409364067. This is ~4.3x difference, which gives a very large degree of confidence to our solution and below is the deciphered text.

there are two types of encryption: one that will prevent your sister from reading your diary and one that will prevent your government. this is a very important lesson to remeberespecially for attacks using frequency analysis which require longer passage of text in order to achieve better results.

The frequency analysis presented here can be used along with some other techniques in order to crack the viginere cipher.

Read More