Home Embedded Security Investigation into DES cracking with John the Ripper and Ztex FPGA

Investigation into DES cracking with John the Ripper and Ztex FPGA

Matthias NiedermaierPosted on Posted in Embedded Security, IT-Security, Linux, Make, Reverse Engineering No Comments

DES has not been considered safe for a long time. For some time now, cracking tool John the Ripp has even made it possible to accelerate cracking with FPGAs. Since I find this topic exciting, I tried it with an FPGA board.

System

  • Lenovo Thinkpad X230
  • Ubuntu 18.04 LTS
  • Ztex 1.15y FPGA Board

Install necessary requirements: 

sudo apt install libbz2-1.0 libbz2-dev libgmp-dev libkrb5-dev libnss3-dev libpcap0.8-dev libpcap-dev libssl-dev libusb-dev pkg-config python-usb yasm zlib1g-dev libusb-1.0 git

Clone John the Ripper

mkdir ~/gits
cd ~/gits
git clone https://github.com/magnumripper/JohnTheRipper.git
cd ~/gits/JohnTheRipper/src
./configure --enable-ztex
make -s clean && make -sj4

We generate a new example shadow file, to test the DES cracking

root:roEhj0vy.MdZw:16560:0:99999:7:::
daemon:*:16560:0:99999:7:::
bin:*:16560:0:99999:7:::
sys:*:16560:0:99999:7:::
sync:*:16560:0:99999:7:::
games:*:16560:0:99999:7:::
man:*:16560:0:99999:7:::
lp:*:16560:0:99999:7:::
mail:*:16560:0:99999:7:::
news:*:16560:0:99999:7:::
uucp:*:16560:0:99999:7:::
proxy:*:16560:0:99999:7:::
www-data:*:16560:0:99999:7:::
backup:*:16560:0:99999:7:::
list:*:16560:0:99999:7:::
irc:*:16560:0:99999:7:::
gnats:*:16560:0:99999:7:::
nobody:*:16560:0:99999:7:::
messagebus:!:16560:0:99999:7:::

And test the cracking with the following parameters

sudo ~/gits/JohnTheRipper/run/john -form=descrypt-ztex --progress-every=60 -inc=lower -min-len=8 -max-len=8 -mask='?w?l?l?l?l' shadow

The output should look like this

SN: XXXXXXXXXX productId: 10.15.0.0 "inouttraffic 1.0.0 JtR" busnum:1 devnum:6 
Using default input encoding: UTF-8
Loaded 1 password hash (descrypt-ztex, traditional crypt(3) [DES ZTEX])
SN XXXXXXXXXX FPGA #2 error: pkt_comm_status=0x01, debug=0x0000
SN XXXXXXXXXX error -1 doing r/w of FPGAs (LIBUSB_ERROR_IO)
SN XXXXXXXXXX FPGA #2 error: pkt_comm_status=0x09, debug=0x0000
SN XXXXXXXXXX error -1 doing r/w of FPGAs (LIBUSB_ERROR_IO)
Press 'q' or Ctrl-C to abort, almost any other key for status
testtest         (root)
1g 0:00:00:02 DONE (2020-02-10 14:10) 0.3875g/s 952210Kp/s 952210Kc/s 952210KC/s testtest..tonyaikz
Use the "--show" option to display all of the cracked passwords reliably
Session completed

Leave a Reply

Your email address will not be published. Required fields are marked *

*

three × 3 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.