Pt. 2: Fast and targeted cracking approaches for longer Tezos ICO passwords
In part 1, we showed how to setup the required NVIDIA and OpenCL drivers. We then put John the Ripper to work cracking a Tezos ICO password using brute force. If you have a high-powered NVIDIA GPU and you chose a password of 6 characters or less, things are looking up!
The odds don’t look good if you picked more than 6 characters. If your XTZ objectively have enough value, it may be worth scaling a cracking solution like this one on the cloud. If you donated a smaller amount during the ICO, it may not be worth it (yet).
Fortunately, many businesses and individuals (you) have gravitated to creating passwords with certain length and formatting. For example, you may know that your passwords are always 8 to 10 characters long, they may always end in 2 special characters and a number, they may always start with a hashtag or an uppercase letter, etc.
Below are two powerful options to employ a targeted cracking approach using a NVIDIA GPU and John the Ripper.
Option 1 — Masks
This is a powerful way to perform a brute force crack by specifying the nature of each character, cutting down on the combinations that need to be tried.
See the below example, where we have specified the minimum and maximum length and set a mask. In this instance, we’re saying that the first character is an uppercase letter, the next 4 are lowercase letters, the next 2 are special characters, and the last is a digit.
./john hashes --format=tezos-opencl --mask=?u?l?l?l?l?s?s?dThe above code takes about a week on the laptop with the RTX 2080 Max-Q doing about 170K passwords per second.
You can find the documentation and how to use mask options here.
Option 2 — Rules and Wordlists
At DEFCON 2010, KoreLogic sponsored their first annual password cracking contest called Crack Me if You Can. Winners have to submit the techniques and rules they use in order to claim prizes. We’re going to import those rules into John the Ripper so that we can use them.
Download the txt file of the rules here (to your Downloads folder like before): http://openwall.info/wiki/_media/john/korelogic-rules-20100801.txt
Now we’re going to navigate to the Downloads folder, and then insert those rules into John the Ripper’s configuration file.
cd ~/Downloads
cat korelogic-rules-20100801.txt >> ~/JohnTheRipper/run/john.confSee all the rules here to determine if some can work for you. Some example rules:
- KoreLogicRulesAppend3NumSpecial: This rule appends 3 Numbers — and then appends a special character to a word (word123!).
- KoreLogicRulesPrepend2NumbersAppend2Numbers: This rule prepends 2 numbers and then appends 2 numbers.
Now that the rules can be called upon, we need a wordlist to use them with!
You can find wordlists for John the Ripper by searching. Here are a couple very large lists that you can download: https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
Using the graphical file explorer, go to your Downloads folder and open (double-click) the .gz compressed file (like a Zip file but Linux) that you just downloaded. You should see a .txt file inside the new window that popped up. In the graphical file explorer window, go to the Home/JohnTheRipper/Run folder. Now drag the .txt file into the Run folder you just opened.
For this example, let’s say the .txt file was named “samplepasswords.txt”. Change the code below to match the name of the .txt file you put into the Run folder, and change the name of the rule to the one you’d like to use!
All set. Let’s run it.
./john hashes --devices=1 --format=tezos-opencl --rules=KoreLogicRulesAppend3NumSpecial --max-len=10 --min-len=8 --wordlist=samplepasswords.txtUsing the 247MB (compressed) wordlist file linked above that contains 64 million entries, this task takes about 6 days. This is a desktop RTX 2070 GPU that does about 215K passwords per second.
The rabbit hole obviously doesn’t stop here but I will. Good luck!
Edit: We tried some new stuff and cracked the password. Check out part 3.
