Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
158 lines (111 sloc) 10.5 KB
## Tokens ##
The software can accept as input a list of what are called password “tokens”. A token is simply a portion of a password which you do remember, even if you don't remember where that portion appears in the actual password. It will combine these tokens in different ways to create different whole password guesses to try.
### Basics ###
Let’s say that you remember your password contains 3 parts, you just can’t remember in what order you used them. Here are the contents of a simple tokens list:
When used with these contents, the software will try all possible combinations using one or more of these three tokens, e.g. `Hotel_california` (just one token), `BettlejuiceCairo` (two tokens pasted together), etc.
### Mutual Exclusion ###
Maybe you’re not sure about how you spelled or capitalized one of those words. Take this token file:
Beetlejuice beetlejuice Betelgeuse betelgeuse
Tokens listed on the same line, separated by spaces, are mutually exclusive and will never be tried together in a password guess. The software will try `Cairo` and `bettlejuiceCairoHotel_california`, but it will skip over `Betelgeusebetelgeuse`. Had all four Beetlejuice versions been listed out on separate lines, this would have resulted in trying thousands of additional passwords which we know to be incorrect. As is, this token file only needs to try 48 passwords to account for all possible combinations. Had they all been on separate lines, it would have had to try 1,956 different combinations.
In short, when you’re sure that certain tokens or variations of a token have no chance of appearing together in a password, placing them all on the same line can save a lot of time.
### Required Tokens ###
What if you’re certain that `Cairo` appears in the password, but you’re not so sure about the other tokens?
+ Cairo
Beetlejuice beetlejuice Betelgeuse betelgeuse
Placing a `+` (and some space after it) at the beginning of a line tells the software to only try passwords that include `Cairo` in them. You can also combine these two last features. Here’s a longer example:
Cairo cairo Katmai katmai
+ Beetlejuice beetlejuice Betelgeuse betelgeuse
Hotel_california hotel_california
In this example above, passwords will be constructed by taking at most one token from the first line, exactly one token from the second line (it’s required), and at most one token from the third line. So `Hotel_californiaBetelgeuse` would be tried, but `cairoKatmaiBetelgeuse` would be skipped (`cairo` and `Katmai` are on the same line, so they’re never tried together) and `katmaiHotel_california` is also skipped (because one token from the second line is required in every try).
This file will create a total of just 244 different combinations. Had all ten of those tokens been listed on separate lines, it would have produced 9,864,100 guesses, which could take days longer to test!
### Anchors ###
#### Beginning and Ending Anchors ####
Another way to save time is to use “anchors”. You can tell the software that certain tokens, if they are present at all, are definitely at the beginning or end of the password:
Beetlejuice beetlejuice Betelgeuse betelgeuse
In this example above, the `^` symbol is considered special if it appears at the beginning of any token (it’s not actually a part of the password), and the `$` symbol is special if it appears at the end of any token. `Cairo`, if it is tried, is only tried at the beginning of a password, and `Hotel_california`, if it is tried, is only tried at the end. Note that neither is required to be tried in password guesses with the example above. As before, all of these options can be combined:
Beetlejuice beetlejuice Betelgeuse betelgeuse
+ ^Hotel_california ^hotel_california
In this example above, either `Hotel_california` or `hotel_california` is *required* at the beginning of every password that is tried (and the other tokens are tried normally after that).
#### Positional Anchors ####
Tokens with positional anchors may only appear at one specific position in the password -- there are always a specific number of other tokens which precede the anchored one. In the example below you'll notice a number in between the two `^` symbols added to the very beginning to create positionally anchored tokens (with no spaces):
As you can guess, `Second_or_bust`, if it is tried, is only tried as the second token in a password, and `Third_or_bust`, if it is tried, is only tried as the third. (Neither token is required because there is no `+` at the beginning these of these lines.)
#### Middle Anchors ####
Middle anchors are a bit like positional anchors, only more flexible: the anchored tokens may appear once throughout a specific *range* of positions in the password.
**Note** that placing a middle anchor on a token introduces a special restriction: it *forces* the token into the *middle* of a password. A token with a middle anchor (unlike any of the other anchors described above) will *never* be tried as the first or last token of a password.
You specify a middle anchor by adding a comma and two numbers (between the `^` symbols) at the very beginning of a token (all with no spaces):
As mentioned above, neither of those middle-anchored tokens will ever be tried as the last token in a password, so something (one or more of the non-anchored tokens) will appear after the middle-anchored ones in every guess in which they appear. Since tokens with middle anchors never appear at the beginning either, the smallest value you can use for that first number is 2. Finally, when you specify the range, you can leave out one (or even both) of the numbers, like this:
You can't leave out the comma (that's what makes it a middle anchor instead of a positional anchor). Leaving out a number doesn't change the “never at the beginning or the end” rule which always applies to middle anchors. If you do need a token with a middle anchor to also possibly appear at the beginning or end of a password, you can add second copy to the same line with a beginning or end anchor (because at most one token on a line can appear in any guess):
^,^Anywhere_in_the_middle_or_end Anywhere_in_the_middle_or_end$
^,^Anywhere_in_the_middle_or_beginning ^Anywhere_in_the_middle_or_beginning
### Token Counts ###
There are a number of command-line options that affect the combinations tried. The `--max-tokens` option limits the number of tokens that are added together and tried. With `--max-tokens` set to 2, `Hotel_californiaCairo`, made from two tokens, would be tried from the earlier example, but `Hotel_californiaCairoBeetlejuice` would be skipped because it’s made from three tokens. You can still use the software even if you have a large number of tokens, as long as `--max-tokens` is set to something reasonable. If you’d like to re-run the software with a larger number of `--max-tokens` if at first it didn’t succeed, you can also specify `--min-tokens` to avoid trying combinations you’ve already tried.
### Expanding Wildcards ###
What if you think one of the tokens has a number in it, but you’re not sure what that number is? For example, if you think that Cairo is definitely followed by a single digit, you could do this:
Cairo0 Cairo1 Cairo2 Cairo3 Cairo4 Cairo5 Cairo6 Cairo7 Cairo8 Cairo9
While this definitely works, it’s not very convenient. This next token file has the same effect, but it’s easier to write:
The `%d` is a wildcard which is replaced by all combinations of a single digit. Here are some examples of the different types of wildcards you can use:
* `%d` - a single digit
* `%2d` - exactly 2 digits
* `%1,3d` - between 1 and 3 digits (all possible permutations thereof)
* `%0,2d` - between 0 and 2 digits (in other words, the case where there are no digits is also tried)
* `%a` - a single ASCII lowercase letter
* `%1,3a` - between 1 and 3 lowercase letters
* `%A` - a single ASCII uppercase letter
* `%n` - a single digit or lowercase letter
* `%N` - a single digit or uppercase letter
* `%ia` - a “case-insensitive” version of %a: a single lower or uppercase letter
* `%in` - a single digit, lower or uppercase letter
* `%1,2in`- between 1 and 2 characters long of digits, lower or uppercase letters
* `%[chars]` - exactly 1 of the characters between `[` and `]` (e.g. either a `c`, `h`, `a`, `r`, or `s`)
* `%1,3[chars]` - between 1 and 3 of the characters between `[` and `]`
* `%[0-9a-f]` - exactly 1 of these characters: `0123456789abcdef`
* `%2i[0-9a-f]` - exactly 2 of these characters: `0123456789abcdefABCDEF`
* `%s` - a single space
* `%l` - a single line feed character
* `%r` - a single carriage return character
* `%R` - a single line feed or carriage return character
* `%t` - a single tab character
* `%T` - a single space or tab character
* `%w` - a single space, line feed, or carriage return character
* `%W` - a single space, line feed, carriage return, or tab character
* `%y` - any single ASCII symbol
* `%Y` - any single ASCII digit or symbol
* `%p` - any single ASCII letter, digit, or symbol
* `%P` - any single character from either `%p` or `%W` (pretty much everything)
* `%c` - a single character from a custom set specified at the command line with `--custom-wild characters`
* `%C` - an uppercased version of `%c` (the same as `%c` if `%c` has no lowercase letters)
* `%ic` - a case-insensitive version of `%c`
* `%%` - a single `%` (so that `%`’s in your password aren’t confused as wildcards)
* `%^` - a single `^` (so it’s not confused with an anchor if it’s at the beginning of a token)
* `%S` - a single `$` (yes, that’s `%` and a capital `S` that gets replaced by a dollar sign, sorry if that’s confusing)
Up until now, most of the features help by reducing the number of passwords that need to be tried by exploiting your knowledge of what’s probably in the password. Wildcards significantly expand the number of passwords that need to be tried, so they’re best used in moderation.
You can’t perform that action at this time.