C/C++ Bruteforce, Dictionary Creation... Need a method
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
C/C++ Bruteforce, Dictionary Creation... Need a method
I've recently had an awesome idea which I don't really want to explain YET. (If this becomes a moral thread I may)
I'm looking for some code to cycle X bytes through all possible combinations...
Code:
// Say I have 4 characters (bytes)
// '00000000' (looks like this in mem as hex)
// I want to go from this to:
// 'FFFFFFFF'
The big thing is that I will need to make the number of characters dynamic (recursion perhaps)
ATM I am stumped on how to do this dynamically. If it were a set of 4 bytes always it'd be a breeze, but due to bandwidth I'll need this number to be changeable on the fly.
I'd really like to get this code to work properly to find out IF my idea has even a chance at working before I just go around saying "W00t! New Idea for doing XY!"
One Idea I've had so far is to create an unsigned long and just increment this. It works, BUT i need it to be dynamic in length. (Do an array of unsigned longs? Or perhaps treat an unsigned char like one?)
It cycles through all the possible combinations and calls the function passed to the recursive function as the first argument each time a change is made. So, in this example, in some_checker_func you could put, like, a call to crypt then compare it with a hashed password or something. It can't be null terminated, so the length is a must.
There's no real need for it to be recursive, just add an outer loop from 0 through SIZE-1 Probably something like:
Code:
unsigned char d[SIZE];
// init array
for(j = 0; j < SIZE; j++)
{
data[j] = 0;
}
// cycle through array
for(j = 0; j < SIZE; j++)
{
for(i = 0; i < 256; i++)
{
data[j]++;
// Do something with this particular cycle here...
}
}
<snip>Just corrected a couple of errors I spotted.
This doesn't work. It just goes from 00000000 to 000000FF to 0000FFFF to 00FFFFFF to FFFFFFFF. You see? Each time it takes a byte from 00 to FF, but it doesn't reset it and carry. It just goes through 4*256 combinations, not what you want.
Because of the exponential nature of the problem, recursion (or something equivalent to it) is necessary.
Is recursion the only way? If so, so be it...
It has to be dynamic in the length of the array.
(I'll be playing with 95se's code this evening)
Any way of doing it requires the same number of steps (256^SIZE). Recursion is the easiest way to implement it. Otherwise, you can emulate recursion by having a while loop, and then when you make a recursive call, just increment the "pos" variable, and use the data[j] to keep track of where in the 256 you are, and when it reaches the end, decrement the "pos" variable to "return" from the recursive call. But this is more complicated.
Any way of doing it requires the same number of steps (256^SIZE). Recursion is the easiest way to implement it. Otherwise, you can emulate recursion by having a while loop, and then when you make a recursive call, just increment the "pos" variable, and use the data[j] to keep track of where in the 256 you are, and when it reaches the end, decrement the "pos" variable to "return" from the recursive call. But this is more complicated.
I've been thinking about it... I'll leave the recursion =D
Thanks!
(Preliminary info: 4 Byte array takes 1m 17s in a Virtual PC over SSH)
It should be alright because, as I understand, it will only need SIZE recursive calls, where SIZE is the number of bytes required. But yes, care should be taken.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.