Monday, May 11, 2009

Faster brute forcers

Hi there, as I realized just after posting EmDebr and EnTibr, I could interlace more SSE2 instructions. From what I've understood so far, my processor (Core2) should be able to execute 3 SSE2 instructions simultaneously. With the 0.1 releases of my brute forcers, I only try to do 2. That would make up for a nice speed increase :)

But I noticed something strange when I was playing around with this... my MD4 brute forcer (EnTibr) has the following speeds with the different interlacings:

1x SSE2 : 110 Mhashes/s
2x SSE2 : 150 Mhashes/s
3x SSE2 : 175 Mhashes/s
4x SSE2 : 200 Mhashes/s
(5x gets slower, like 170)

My MD5 brute forcer (EmDebr) has the following speeds with the different interlacings:

1x SSE2 : 77 Mhashes/s
2x SSE2 : 100 Mhashes/s
3x SSE2 : 116 Mhashes/s
4x SSE2 : 105 Mhashes/s

Now for MD5 this seems more logical, but it strikes me as odd that MD4 still gains speed with 4x SSE2. BarsMonster (from BarsWF) suggested to try again with Intel compiler. So I downloaded evaluation versions for VC and Intel compiler and tried... this one at least had logical results :)

So 'final' results with Intel compiler:

EnTibr: 3x SSE2 -> 200 Mhashes/s
EmDebr: 3x SSE2 -> 144 Mhashes/s

I probably had some luck with 4x SSE2 and the VC compiler. It probably arranges instructions well enough to actually perform 3 SSE2 instructions simultaneously. MD4 code is also smaller then MD5, maybe allowing it to just fit in the cache.

Both brute forcers can gain some more speed by tweaking the Intel compiler some more, but I can't really care at the moment. I will only release binaries compiled with VC Express, but feel free to compile your own faster version with the Intel compiler :)

I release 2 versions of the NTLM/MD4 code&binary, one with 3x SSE2, the other with 4x SSE2. I also fixed a bug where the brute forcers sometimes kept running after finding the plaintext. Uhm, I might have changed some other pieces of the code as well... don't remember.

New files:

EmDebr:
EmDebr_0.2_win32.zip
EmDebr_0.2_src.zip

EnTibr 3x SSE2:
EnTibr_0.2_3xSSE2_win32.zip
EnTibr_0.2_3xSSE2_src.zip

EnTibr 4x SSE2:
EnTibr_0.2_4xSSE2_win32.zip
EnTibr_0.2_4xSSE2_src.zip

Please feel free to leave comments or feedback about how fast you are going with the various versions. Or if you notice any bugs, please let me know!

10 comments:

  1. Hi Daniel,

    could You please add version for MS domain cached credentials bruteforcer:

    mscashe=MD4(phrase)

    phrase=NTLM+UNICODE(lowercase(username))

    NTLM=MD4(UNICODE(password))

    Thank You very much in advance.

    Best regards,

    Nenad

    ReplyDelete
  2. Hi Nenad, I might give MS cache a try some day. No promises though :)

    ReplyDelete
  3. Hi Nenad, faster then expected, check out my latest blog :)

    ReplyDelete
  4. any chance you'd be able to add the ability to feed the program a list of hashes? and by the way, great program.

    ReplyDelete
  5. another feature request. the ability to use a custom charset.

    ReplyDelete
  6. hi anonymous, tnx for your suggestions... I might give multiple hash input a try some day, but it's more likely that i'll write some modules for an upcoming cracking framework at www.cryptohaze.com (check forum).

    Same for custom charset... i might give it a try myself if i'm bored :)

    ReplyDelete
  7. how to use low priority? it lags so hard if i use this tool

    ReplyDelete
  8. use -B switch to run cracking threads at 'below normal' priority

    ReplyDelete
  9. where do i need to write it?

    my command looks like this:

    EmDebr.exe -b hash -c mixalpha-numeric -t 4

    ReplyDelete