Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2WIREXXX Improvement #11

Closed
initiate6 opened this issue Jan 25, 2018 · 2 comments
Closed

2WIREXXX Improvement #11

initiate6 opened this issue Jan 25, 2018 · 2 comments

Comments

@initiate6
Copy link

Hi there, great work. I just wanted to let you know about my 2WIREXXX bruteforce hack I made a while back. The passwords these 2wire routers generate have a flaw where they are to random. Meaning they don't repeat a number more then 3 or 4 times in a row. so you wont see 333, 777, 999 in any char position. I have came across a few where I have seen it happen but very rare. I have never see a number repeat 4 times. So I created a python script to filter out all of these passwords. I'm sure you can add an option so first you can filter out 3+ out filter out 4+ if the 3+ didn't work for cracking the password.

I suck at writing C or I would just do a pull request.

I haven't cracked 2WIREXXX lately so I don't have stats on my 2x 1080ti but when I was using my AMD 7950 I was able to do the entire ?d^10 keyspace in 24 hours. using my script I cut that down to 4 hours where I would typically find the password in 1 to 2 hours.

Anyways here is my repo: https://github.com/initiate6/2WIRE_BRUTEFORCE/blob/master/2wireBruteForce.py

Would be great to see you add it to your tool. Let me know if you have any questions.
@soxrok2212
Copy link
Owner

soxrok2212 commented Jan 25, 2018
edited

Hi! Thanks for your suggestion. By default, Hashcat uses "Markov-chain like optimizations". This means that it will automatically try more likely candidates such as 0193847263 before it tries 0222333887.

FWIW, on two stock 1080 Ti, you can run the entire 10^10 keyspace in a max of roughly 2.5 hours, which, on pure bruteforce, would take 1 hour 15 mins on a statistical average. In practice, you will see even shorter than that with Markov enabled.

Given that Hashcat already implements a more advanced approach of this, I feel like it would be wasteful and would add more overhead and would be best to let Hashcat do the work. It appears that the script you wrote is from ~5 years ago, so during that time it would've been effective since Hashcat didn't get use optimizations, it was just a straight, incremental bruteforce. Let me know if you have any other questions or concerns (or if you have something that might make me consider otherwise to add this feature).

Source: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#i_want_to_optimize_my_brute-force_attack_by_ordering_letters_by_frequency_in_a_custom_charset_how_to_do_it_does_it_make_sense

@initiate6
Copy link
Author

Duh!, yeah, you are right :D I don't think it would be worth it. Back in the day it was awesome. I forgot about how the Markov chains would work in this scenario and it would be a lot faster.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@initiate6 @soxrok2212