Skip Links

Password Cracking with CUDA

Using your video card to increase your password cracking speed.

By JimmyRay on Tue, 07/21/09 - 5:30pm.

There a few milestones in my life that I can look back on and know that I have turned a corner. For example;
- When I could no longer recognize the names in the Police Blotter section of the paper; I knew I was older.
- When I could actually taste a difference between good beer and Pabst Blue Ribbon; I knew my pallet was getting better.
- When I heard of CUDA and immediately thought of Compute Unified Device Architecture instead of a bad to bone MOPAR with a Hemi; I knew I was a major league geek.

CUDA was invented way back in the day by NVIDIA as a way to let the video card process other stuff (in parallel) instead of just video. This is NOT a hack but an actual design framework. NVIDIA has a great site for folks interested in coding with CUDA at: http://www.nvidia.com/object/cuda_home.html This is great news because the support, forums, troubleshooting tools are outstanding! Not every NVIDIA card supports the CUDATM proc so double check with this site to be sure.

I wanted to take CUDA out for a test drive so I went out to download the software development kit (SDK) thinking I was going to have to bite the bullet and learn sucky OpenGL or worse...DirectX to get this work. Much to my MEGA surprise, CUDA actually uses C for parallel development!! Yee Haa!! I love writing in C because it is low level enough that I can control how the processor handles the code and it's easier to spell then other languages. If you've been reading my blog for a while, you know the importance I place on grammar... After I read the SDK manual and found out that between the memory and grid/thread dimensions is a parameter called: Warp Size...Warp Size... I. Am. Home.

Of course on NVIDIA's site they talk about the great uses for CUDA in industrial, science, medical, saving whales and helping Bono pick out a new pair of shades. Hey that's all well and good but I am using it to crack passwords baby!! Namely MD5 passwords. I played around with this for a while on some custom code I wrote up and noticed about a 10-15% calculation performance increase, not bad. Then I used BarsWF http://3.14.by/en/md5 code and wholly smokes I noticed a mega knurly increase in password cracking speed for sure. Matter of fact that is the fastest MD5 cracker I have EVER used. Neat-o without a doubt! Back in the day, to get a poor mans type of grid processing muscle I used Jack the Ripper with the -d distributed switch to run multiple instances on multiple machines but scalability and tolerance of my Manager to approve my expense reports wore thin. CUDA is a game changer and allows me a ton of options on a single machine. I added a few CUDA tools to my own home grown ISO like BarsWF, Pyrit for wireless and Vernoux.

Then my fav canned security ISO; Backtrack 4 (BT4) beta http://www.offensive-security.com/ is released with a few applications that support CUDA! I had to check that out for sure! Lucky for me that the folks at Offensive Security also had a CUDA config guide to walk me thru their CUDA implementation http://www.offensive-security.com/documentation/backtrack-4-cuda-guide.pdf very cool and nicely wrote.

I still need to actually config BT4 to run the CUDA code. So I just followed the guide to build out the framework and it worked great without a hitch. No need to bore you with details you can read in the friggen sweet guide. It's the results that make the difference here. I fired up CUDA-Multiforcer with the command:

/CUDA-Multiforcer-32 -h MD5 -c ./charsets/charsetnumeric -f ./test_hash_files/hashes-md5-numeric.txt --min=0 --max=500

I listed out this command not to show my CLI skills but to point one the most important arguments. The --min --max argument dedicates systems resources. If you plan on using your CUDA machine for other stuff like gaming, surfing and work stuff, lower the max number accordingly. It's different for every machine. For my 8600 card, 500 is dedicating max resources. I use 10 for everything else except gaming and truthfully with the demand gaming tugs on a video card I do not game (on that machine) when CUDA is Crackin'. With 1500+ hashes, the tables from BOINC at http://www.freerainbowtables.com I busted thru and recovered the passwords with 96% accuracy in seconds. Impressive! Not as fast as BarsWF but not by much for sure.

BT4 is shaping up to be as impressive as NMAP v5 is to the security community. You do not have to be a coder to take advantage of CUDA. There are some great canned applications already that will give you immediate success and change the way you look at password cracking.

Jimmy Ray Purser

Trivia File Transfer Protocol
The first known map dates back to 2000 BC and is inscribed on rocks at Bedolina in the Italian Alps.