Jump to content

Custom Rainbow Tables


killbot9000

Recommended Posts

Hey all, I'm looking to generate rainbow tables for a PoC. My client has decided that hashing (no salt) credit card numbers is a good idea. To prove him wrong I wrote a little script that will crack the SHA256 hash iteratively, but with a 9 digit account number (6 digit known bank bin + account number + check digit = 16 digit card number), this obviously takes a very long time.

To make the PoC more demonstrative, I'd like to gen some custom rainbow tables. I have the first 6 digits, and obviously the last digit will be a check digit. What is the best way to generate these tables?

Ive looked at winrtgen and rainbowcrack, but neither gives me the option to prefix the first 6 digits, much less generate the check digit. Any help would be greatly appreciated!

Link to comment
Share on other sites

I don't think there is a solution out there, that will allow you to generate rainbow tables for this purpose.

The only way to make it work, would be writing a custom code that can generate the numbers you want and then have them saved into a text file.

Link to comment
Share on other sites

The number of unknowns you have is only 10 right?

And assuming they are all numbers howsecureismypassword.net guesses that it would take a modern PC 40 seconds.

If I get interested enough I may write some Python code to do it.

Link to comment
Share on other sites

Well I wrote some code to generate the Rainbow tables, each entry uses 40 bytes total. 8 bytes for the unencrypted cc numbers, and 32 bytes for the sha256 hash.

Working it out though, just generating for a single bank branch number it will take around 350GB of space.

40b * 9999999999 = 399999999960b

399999999960b / 1024 = 390624999.9609375k

390624999.9609375k / 1024 = 381469.726524353M

381469.726524353M / 1024 = 372.529029809G

Total: 372.529029809 Gigabytes

If you have any ideas of how to store the information in a smaller space, let me know.

Not to mention compute time, it took me around a minute to get to 0.000255790000026%, then again my computer is fairly slow.

You could try various options for speeding it up.

  1. Rewrite in C or Assembly
  2. Modify Pyrit to generate your hashes instead.

The code below is fairly simple to use, I'm sure you can figure out how to use it on your own. I left implementing the searcher up to you. Although if you do need help, don't hesitate to ask.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
#       rtgen.py
#       
#       Copyright 2011 Alias <mali0037@gmail.com>
#       
#       This program is free software; you can redistribute it and/or modify
#       it under the terms of the GNU General Public License as published by
#       the Free Software Foundation; either version 2 of the License, or
#       (at your option) any later version.
#       
#       This program is distributed in the hope that it will be useful,
#       but WITHOUT ANY WARRANTY; without even the implied warranty of
#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#       GNU General Public License for more details.
#       
#       You should have received a copy of the GNU General Public License
#       along with this program; if not, write to the Free Software
#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
#       MA 02110-1301, USA.
#       
#       

# Perform imports
import sys, time, hashlib, struct, math


# Makes sure that the bankNum is always 10 digits
def convertK(k):
	size = len(str(k))
	if(size < 10):
		k = ("0" * (10 - size)) + str(k)
	return k

# Generates the SHA256 hashes and writes to a file
def genTable(bankNum):
	# Convert bankNum to certain forms
	bankNum_int = int(bankNum)
	bankNum_str = str(bankNum)

	# Open the file
	fp = open("bank" + bankNum_str + ".rt", "wb")

	# Main loop
	for k in range(9999999999):
		# Concatenates the banknumber and the accunt number
		string = bankNum_str + convertK(k)

		string_int = int(string)

		# Convert bankNum to a C integer in bytes
		string_bytes = struct.pack('q', string_int)

		# Encrypt the string
		encryptedString = hashlib.sha256(string_bytes)

		# Write everything to a file
		fp.write(string_bytes)
		fp.write(encryptedString.digest())

		# Print the output
		percentage = k / 9999999999
		if((k % 100) == 0):
			print(string, ":  ", encryptedString.hexdigest(), "\t", percentage, "% Complete", sep = '')

	return 0

def main():
	genTable(sys.argv[1])

	return 0


if __name__ == '__main__':
	main()

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...