Jump to content

Search the Community

Showing results for tags 'decryption'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 6 results

  1. After 3 months of work I've released version 0.1 of Abrute. Abrute is a Multi-threaded AES brute force file decryption tool. It has much of the same character sequencer support that the crunch tool does. I've spent a good portion of my development time discovering and implementing sequence algorithms to shave off as many wasted CPU cycles as I can and I feel pretty good about it. The beauty of it is that it works. Now the computers I own only have 4 cores so I'm limited in the amount of processing power to get work loads done. I can say that with a finite amount of cores the workload goes up exponentially as the password length goes up. Also true for the longer a character set is to work with. I so want the new AMD Thread-Ripper with all its cores. My journey started with finding some of my old archived encrypted files and discovering I am unable to remember the password correctly. This led me to look for answers on Security/StackExchange. I went from creating a detailed question, as I was unable to find the answers I was looking for, and got a few small tips pointing me towards the tool known as crunch. I have answered my own question on the forum with many helpful ways I've tried to implement a solution to opening my AES encrypted files. That thread is here: https://security.stackexchange.com/questions/161592/how-to-brute-force-a-somewhat-remembered-aescrypt-password On that thread I first developed a likely word list with shuffling sequences, ordering, and generating plenty of output to test against. That didn't open the file for me but that code has already helped one other person open their encrypted file. Next I learned how to do the equivalent of multi-threading with only using Bash and xargs which will let you spin up parallel processes to run across all your cores. And that works well with crunch. But this was a bit crude as I had to let it run many weeks and could only check the progress by peeking into data being passed through Linux pipes. Not to mention a power outage had me lose a good chunk of progress. So yeah, I wanted to have something better. So I wrote Abrute. I ended up rewriting most of the crunch tool into my own sequencer with my algorithm improvements to save CPU cycles. And the attempts for decrypting are all calls to the aescrypt command for now. But the threading work is handled brilliantly (some one elses library) and at the moment I have Standard Out including progress. Over time I plan to write my own code for decrypting AES files and drop the need for the aescrypt executable. I also want to add GPU support for processing with ArrayFire but I first need to look into how feasible this is. Abrute works well on Mac and Linux and is untested on Windows (it shouldn't take too long to try it out on Windows). The commands are fairly straight forward and detailed in the help you get with -h. You can set the range of characters, character set, limit adjacent same characters, and start point. This uses your CPU cores at 100% so you'll likely need to do this work on a secondary system. I'm playing with the idea of divvying out the work to the cloud. You can rent an Amazon multi-core system for around 64 cores @ $3 to $5 an hour. So I can only imagine the performance gains from splitting the work across so many systems and system cores. Benchmarking is next for my project. I plan to have this program be one of those system benchmarks that everyone compares their computer by . I have some numbers from the original bash/crunch/xargs: At two character passwords I got about 35 passwords tried per second, at 3 character passwords I get about 12 passwords tried per second. At 8 characters with 4 cores a month isn't out of the question. So long passwords would be a long term commitment to try to crack unless you own Amazon or the like . I may never get my files open again. I have a tendency towards longer passwords. But this whole journey has been an amazing learning experience for me allowing me to sharpen many skills and develop many new ones. Anyway I hope you all find this tool useful. I'll get back to you with the newer benchmark numbers when I have them. Feel free to contribute to the project in any way. _I have enough details for you to get it running on a Docker image so cloud is already possible._ I'm just excited about it. Enjoy! ~6ftdan
  2. Hi Guys, My friend has lent me his harddrive with some music production files (.wav and .mp3 files) on it but he has somehow encrypted the files and has asked me to remove the encryption from it. He says he used Windows 10 and after some digging around found Microsoft uses EFS Encryption. I tried his laptop to remove the encryption as it would have had the key to it and after an hour of playing around he tells me that he re-installed the OS so the key would have been lost. I have searched online for a few answers and found a couple which haven't convinced me. I found this site https://www.elcomsoft.co.uk/aefsdr.html that says it can remove EFS on NTFS but I am not willing to pay the price tag unless I have proof of success If anyone can verify for me that they have a good success rate that would be awesome Or does anyone know if GitHub has any programs that can be run in a Linux OS like Kali or Parrot that I can use to break the encryption?
  3. I got the crib and the encrypted version, i need to find the key. The input is a 16 byte Hex sequence and the output is a 64-byte Hex sequence. Im not sure of the type of enccryption, im thinking about SHA256-512. but im not sure How can I do the known plaintext attack. its not a file, its a simple text Which type of encryption do you think its possible to be ?
  4. Salutations Hak5, I'm S0AndS0 a long time watcher (and big fan) of the various shows that have been made available by the Hak5 teem. What is shared here maybe thought of as a "tricky treat" for the holiday. https://github.com/S0AndS0/Perinoid_Pipes The above project has been documented in detail (because we've heard that the show hosts of Hak5 like that out of project authors) and as of latest local & remote tests is operating as expected. Simply put this project facilitates common encryption & decryption options of GnuPG via a named pipe (similar to anonymous pipes `|` but addressable via file path) and a customized listening loop that parses incoming data. Think of it as a *short-cut* for operations involving public key crypto; for example of normal encryption echo "some secret" | gpg -a -e user@email.host >> out.file And for comparison an example of encrypting via named pipe file echo "some secret" > /var/log/named.pipe This allows any service to utilize encryption by way of output redirection; logging daemons, web host logging, and/or your own custom services. So far three usage scenarios have been written but we're hoping that with this communities' help we can write at least two more together; perhaps a guide on using this tool with Rubber Ducky to automatically encrypt data off a target to either a second storage device or to the Ducky it's self. Notes for beginners; If you (the reader) are new or unfamiliar with encryption via GnuPG then ya may want to start with the documents in above code repo that begin with `Gnupg_` after coming to terms with the options available then check the script's help documentation via the following commands chmod u+x Paranoid_Pipes ./Paranoid_Pipes --help Use the output from above to modify your next commands, add `--help` at the end to check your settings prior to committing to them. Easy as pie. Notes for Moderators; If this has been posted in the wrong section please move or notify the OP's author to move it to the proper section. This tool has been shared with the this community in the hopes that readers will find it useful but without warranties of any kind. Notes for Show Hosts; If you wish to include this tool within a publication then you have permission, prematurely given, to utilize any of the tools found in the above code repository for either your own projects or for featuring the main project itself.
  5. I know that decrypting WiFi WPA encrypted traffic when 4-way handshake is in the traffic dump and when passphrase is known is a trivial task. However, what about decrypting WPA traffic when 4-way handshake is not available. I have the SSID, I have the passphrase, I have messages 3 and 4 (I know it is useless) of the 4-way handshake. Is there a way of decrypting the traffic?
  6. NY Times: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp&pagewanted=all&_r=0 Full announcement: http://www.nist.gov/director/cybersecuritystatement-091013.cfm In short: They think there is a back-door in the RNG for making encryption witch would lead into a easy way for them to decrypt anything that used this RNG List of Company encryption usage: http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html Company's like Apple, Cisco, Juniper, ...
×
×
  • Create New...