killbot9000 Posted May 13, 2011 Share Posted May 13, 2011 Hey all, I'm looking to generate rainbow tables for a PoC. My client has decided that hashing (no salt) credit card numbers is a good idea. To prove him wrong I wrote a little script that will crack the SHA256 hash iteratively, but with a 9 digit account number (6 digit known bank bin + account number + check digit = 16 digit card number), this obviously takes a very long time. To make the PoC more demonstrative, I'd like to gen some custom rainbow tables. I have the first 6 digits, and obviously the last digit will be a check digit. What is the best way to generate these tables? Ive looked at winrtgen and rainbowcrack, but neither gives me the option to prefix the first 6 digits, much less generate the check digit. Any help would be greatly appreciated! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 13, 2011 Share Posted May 13, 2011 I don't think there is a solution out there, that will allow you to generate rainbow tables for this purpose. The only way to make it work, would be writing a custom code that can generate the numbers you want and then have them saved into a text file. Quote Link to comment Share on other sites More sharing options...
Alias Posted May 17, 2011 Share Posted May 17, 2011 The number of unknowns you have is only 10 right? And assuming they are all numbers howsecureismypassword.net guesses that it would take a modern PC 40 seconds. If I get interested enough I may write some Python code to do it. Quote Link to comment Share on other sites More sharing options...
Alias Posted May 17, 2011 Share Posted May 17, 2011 Well I wrote some code to generate the Rainbow tables, each entry uses 40 bytes total. 8 bytes for the unencrypted cc numbers, and 32 bytes for the sha256 hash. Working it out though, just generating for a single bank branch number it will take around 350GB of space. 40b * 9999999999 = 399999999960b 399999999960b / 1024 = 390624999.9609375k 390624999.9609375k / 1024 = 381469.726524353M 381469.726524353M / 1024 = 372.529029809G Total: 372.529029809 Gigabytes If you have any ideas of how to store the information in a smaller space, let me know. Not to mention compute time, it took me around a minute to get to 0.000255790000026%, then again my computer is fairly slow. You could try various options for speeding it up. Rewrite in C or Assembly Modify Pyrit to generate your hashes instead. The code below is fairly simple to use, I'm sure you can figure out how to use it on your own. I left implementing the searcher up to you. Although if you do need help, don't hesitate to ask. #!/usr/bin/env python3 # -*- coding: utf-8 -*- # # rtgen.py # # Copyright 2011 Alias <mali0037@gmail.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. # # # Perform imports import sys, time, hashlib, struct, math # Makes sure that the bankNum is always 10 digits def convertK(k): size = len(str(k)) if(size < 10): k = ("0" * (10 - size)) + str(k) return k # Generates the SHA256 hashes and writes to a file def genTable(bankNum): # Convert bankNum to certain forms bankNum_int = int(bankNum) bankNum_str = str(bankNum) # Open the file fp = open("bank" + bankNum_str + ".rt", "wb") # Main loop for k in range(9999999999): # Concatenates the banknumber and the accunt number string = bankNum_str + convertK(k) string_int = int(string) # Convert bankNum to a C integer in bytes string_bytes = struct.pack('q', string_int) # Encrypt the string encryptedString = hashlib.sha256(string_bytes) # Write everything to a file fp.write(string_bytes) fp.write(encryptedString.digest()) # Print the output percentage = k / 9999999999 if((k % 100) == 0): print(string, ": ", encryptedString.hexdigest(), "\t", percentage, "% Complete", sep = '') return 0 def main(): genTable(sys.argv[1]) return 0 if __name__ == '__main__': main() Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.