App13 Bruteforce Guide

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

App13 Bruteforce Guide

Post by overflownull on Fri Apr 03, 2009 1:55 pm
([msg=21105]see App13 Bruteforce Guide[/msg])

Look the absolute easiest way to do app13 is with a bruteforce method. Note this method will consume your computers processor time significantly and will cause your system to run slow during execution. To not give away the actual code heres a pseudocode shell:

loop i 1..999
loop j 1...999
loop k 1...999
loop l 1...999
run app13 with 1 j k l params and >> the results to a file.


also note: This code will loop up to 999^4 to it will take awhile
overflownull
New User
New User
 
Posts: 2
Joined: Fri Apr 03, 2009 1:49 pm
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by Dredric1 on Fri Apr 03, 2009 3:35 pm
([msg=21108]see Re: App13 Bruteforce Guide[/msg])

i made a brute forcer for passwords

and it is like 64^8 at its max
and that would like take forever

so 999^4 is litteraly inconcivible how does it go that fast

to be able to crack it in a worh while ammount of time

if the computer can try 200 a second
it would take 315.8314295 years to go through all the combinaitons
if im correct

but i think all you would need would be

Code: Select all
int[] crack = { 1,2,3,4,5,6,7,8,9,0}
this is C# - not all the code you would need
which in turn is all the combinatons of 999^4

so that would end up being 10^4

at the same computing power it would take - about a minute or two to crack it
im not understanding why you need 1-999 what is the point of wasting that time.

please explain
-
the code for the void exception between the ear brackets
Code: Select all
public static }void(exception x = new exception(null)){

ok my brackets dont realy look like ears.
if you didnt get that it means there is nothing(no brains) between your ears.
User avatar
Dredric1
Poster
Poster
 
Posts: 188
Joined: Fri Jan 09, 2009 7:29 pm
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by overflownull on Fri Apr 03, 2009 3:59 pm
([msg=21109]see Re: App13 Bruteforce Guide[/msg])

I was putting a basic nested for loop that would test every combination..im not saying i did it with this code. However if you do have 4 nested loops that will test 999*999*999*999 combinations which is 999^4. i wasnt refering to the O(n) of my program or how fast it would solve it just saying if you do it with a basic for-loop nested 4 times, this is what will happen.

Also, your code with crack = {1..9} is basically what i did, i was just putting out there that if you have unlimited resources time and nothing better to do, it is possible.

Heres an example of what i was referring to
Code: Select all
for (int i=1; i<999; i++)
  for (int j=1; j<999; j++)
   for (int k =1; k<999; k++)
    for (int l=1; l<999; l+++)

This will eventually return every combination and permutation of each number however ineffecient it is.
overflownull
New User
New User
 
Posts: 2
Joined: Fri Apr 03, 2009 1:49 pm
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by eljonto on Sun Apr 05, 2009 3:45 am
([msg=21165]see Re: App13 Bruteforce Guide[/msg])

This is a ridiculous way to solve the mission XD - if they wanted you to do it this way they would've made the password quite a few numbers shorter. They give you a hint about how some hackers monitored activity whilst trying different password for smartcards so you have to apply the same concept here.

pseudocode:
Code: Select all
if(firstnumberinputted == correctfirstnumber){
    if(secondnumberinputted == correctsecondnumber){
        if(thirdnumberinputted == correctthirdnumber){
            if(fourthnumberinputted == correctfourthnumber){
                all correct numbers, win
            }else{
                wrong number, exit
            }
        }else{
            wrong number, exit
        }
    }else{
        wrong number, exit
    }
}else{
    wrong number, exit
}


now obviously you can't monitor what the hackers monitored for smartcards- but think like this, if the first number is wrong the program exits if it is right- it has to check the other numbers- the exiting process is significantly shorter than the checking the other numbers process so there will be a different time amount taken to do each process so what do you think you should monitor??

btw- check out defiences great article on this app mission
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by Defience on Mon Apr 06, 2009 9:07 am
([msg=21290]see Re: App13 Bruteforce Guide[/msg])

Thanks Eljonto ;)
Trying to brute force this isn't the sensible way to go and I'm not sure that would even work. The key to this is in timing how long the program will 'pause' on a certain number. Use your loop to get one set of numbers at a time.

Numbers in loop time taken before moving on to the next number

100 --------> .073
101 --------> .075
102 --------> .081
103 --------> .020
104 --------> .056
105 --------> .095
106 --------> .045

Using this set of numbers as an example, 100 would obviously be printed out first but then 102 > 100's time and then 105>102's time. It isn't necessary to print out every single number and then examine the times of each one, just have it print out if a numbers time is greater than previous ones. Link to article:
http://www.hackthissite.org/articles/read/929/
User avatar
Defience
Addict
Addict
 
Posts: 1277
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by edilVin on Mon Aug 24, 2009 12:39 am
([msg=28359]see Re: App13 Bruteforce Guide[/msg])

my question is, does the app13win tells you if any of the numbers is right? or I must go through every single combination? you know, it would be very helpful to narrow the brute force algorithm to a smaller number of combinations.

EDIT: Never mind I got it. My first approach was insanely devastating to my comp. I totally solved it with a batch, was not necessary but very fun though. Brute force alg. not hard at all just had to keep in mind that a process must be done before to try another set of numbers or the computer will be drowsy for a while (is not gonna happen again baby :cry: I promise) :)


"Seamos realistas y hagamos lo imposible" Ernesto Che Gevara
User avatar
edilVin
New User
New User
 
Posts: 15
Joined: Thu Mar 05, 2009 10:57 pm
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by UKCrack on Fri Jul 30, 2010 4:06 pm
([msg=43001]see Re: App13 Bruteforce Guide[/msg])

Hey there,
Im having a bit of trouble with this app, Ive coded thee brute forcer in c# and measuring the time taken for the program to run is a nightmare, i keep getting different values each time. Ive tried measuring by use of a stop watch, checking by totalprocesstime, and userprocesstime. I get the feeling that bruting this on a slower machine should give more accurate results in terms of timing. I can get what i believe is slightly better results when running in low power mode with no interaction with the computer but still nothing accurate.
Basic: Complete
Realistic: Complete
Application: 1,2,3,4,5,6,7,8,9,10,11,12,14,15,16,17,18
Programming: 1,2,4,11,12
Javascript: Complete
Irc: 1
Extbasic: 1,2,3,4,5,6,7,8,9,10,12,13
Stego: 1,2,3,4,6,7,8,13
UKCrack
New User
New User
 
Posts: 20
Joined: Tue Mar 31, 2009 4:57 pm
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by mojo1948 on Fri Jul 30, 2010 9:57 pm
([msg=43013]see Re: App13 Bruteforce Guide[/msg])

One time is always the right time.
Never stop learning.
User avatar
mojo1948
Experienced User
Experienced User
 
Posts: 60
Joined: Sun Jul 18, 2010 5:45 am
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by xhor on Fri Sep 24, 2010 11:50 am
([msg=46417]see Re: App13 Bruteforce Guide[/msg])

mojo1948 wrote:One time is always the right time.


That's not true. I did this on an ~4 year old laptop and I was getting wildly different results every time. In that case I had to do multiple passes and average them. 5 passes worked fine for this cpu. Took like 40 minutes though :D
xhor
New User
New User
 
Posts: 8
Joined: Thu Sep 02, 2010 10:16 pm
Blog: View Blog (0)


Re: App13 Bruteforce Guide

Post by Defience on Fri Sep 24, 2010 2:49 pm
([msg=46431]see Re: App13 Bruteforce Guide[/msg])

Eliminating all other running process first helps.
User avatar
Defience
Addict
Addict
 
Posts: 1277
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Next

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests