Find out passwords for encrypted data by a brute force approach.
Currently this project is limited on the decryption of zip files, by trying password candidates from a txt file.
Extending the code on further file types, e.g. PDF, was one of the underlying architecture design principles.
"...the 25 most common passwords made up more than 10% of the surveyed passwords, with the most common password of 2016, "123456", making up 4%..." (https://time.com/4639791/worst-passwords-2016/)
-
start docker by using one of the provided start scripts, depending on your OS:
./startDocker_linux.sh ./startDocker_windows.batThis mounts your currently checked out folder into the docker
-
build the project in the docker:
mkdir build && cd build cmake .. && make && make install cd ../binAfter installation the
BruteForceCrackerbinary is located in<folder>/bin
- get/create a list of passwords. The passwords must be in a txt file and separated by line break
- you can specify some parameters for 'BruteForceCracker' binary:
example with provided files:
./BruteForceCracker <path-to-zip-file> <path-to-passwordList> <number of threads>./BruteForceCracker ../testData/testZip.zip ../testData/testPWList.txt 2
- if you want to extend this project on further datatypes you just have to
- provide your own class of type EncryptedFile
- extend the BruteForceCracker with a create-method using your instance of your type of EncryptedFile
- if you want to extend this project with further sources of password candidates (e.g. randomly created pw) you just have to
- provide your own class of type PwProvider
- provider your own class of type PwProviderManager
- extend the BruteForceCracker with a create-method using your instance of type of PwProviderManager
- you can combine different types of EncryptedFile and PwProviderManager by extending the BruteForceCracker with a create-Function using the desired combination
- zip decoding is based on
libzip. API documentation - libzip (tested with V1.8.0) turned out to be unreliable in checking the validity of a given password
Therefore an additional system call tounzipchecks whether the password really matches - here you can find some lists of popular passwords
The given files and lines are not the only examples!
-
Loops, Functions, I/O:
- Read from file: PwProviderMangerList.h, l.46
- Read user input: main.cpp, l.16
- Functions: PwProviderManagerList.h, l. 16, 30, 35
-
Object Oriented Programming:
- Classes: every file (except main.cpp) contains classes
- access specifiers: PwProviderMangerList.h, l.40
- virtual base class functions: EncryptedFile.h, l.10
- Templates: BruteForceCracker.h, l.17
- same function to operate on different parameters: SystemCallValidation.h, l.24
-
Memory Management:
- references in function calls: SystemCallValidation.h, l.25
- move semantics: BruteForceCracker.h, l.58, PwProviderList.h, l.11
- smart pointer: BruteForceCracker.h, l.45
- destructors: EncryptedFileZip.h, l.86
-
Concurrency:
- multithreading: BruteForceCracker.h, l.32
- mutex/lock: BruteForceCracker.h, l.58