What are
the minimum hardware requirements?
We believe the minimum requirements are a PalmPilot with PalmOS 2.
We wrote the software using the GCC SDK for Win32 with GCC 2.7.2.2, the
GNU Emacs editor version 19.34.1 for Win32 and the CoPilot version 1.0b9for
emulation. We tested the program using the following hardware configurations:
-
3Com PalmPilot Professional with PalmOS 2.0.5 Pro and 1MB
-
IBM WorkPad (PalmIIIx) with PalmOS 3.1 and 4MB
It was also tested using the PalmOS Emulator (POSE) v2.1d29 with the following
configurations:
-
3Com PalmPilot Professional with PalmOS 2.0.5 Pro and 1MB
-
3Com PalmIII with PalmOS 3 and 2MB
-
3Com PalmIIIx with PalmOS 3.1 and 4MB
-
3Com PalmV with PalmOS 3.1 and 4MB
Note: This program has not been tested on PalmOS 3.3 or higher. There
have been reports of the copy function/button not working on PalmOS 3.3.
What are
the memory requirements?
The program itself takes approximately 31KB (version1.1).
As an example, a dictionary with 4000 words yields
a PDB fileof 63KB, which loaded into the Pilot as a size of 101KB.
What is the
performance?
The current performance* for UNIX dictionary wordlist comparisons is
25/sec.^ The current performance* for NT dictionary wordlist comparisons
is 60/sec. The performance for Cisco decryption is not considered
since it doesn't perform Crack-style password breaking.
* Note, this is based on unmodified clock speed of a PalmPilot Professional.
Using the ClockMaster hack or other clock speed modifying programs will
change these performance results.
^ Note, Alec Muffett says that in 1992 when working on Crack, replacing
crypt() with fcrypt() yielded 25/sec on a Sun 3/60. This makes sense
because the Sun 3/60 was based on a Motorola processor!
How can I
get an encrypted password string into the program?
You can get the encrypted password strings into the program via three
methods:
-
Use graffiti to manually enter the encrypted password entry.
-
Enter the entry(s) into a Memo on the PC (using cut and paste from a UNIX
window) and Hotsync the Memo to the Pilot. Then use the Edit menu
options for cutting and pasting an entry into the password field of the
application.
-
Use the Online program from Mark/Space Softworks to connect to a serial
port and have VT100 access to the target UNIX box. Once you reach
this point, you can have your sessions logged to the Memo pad, so just
cat/etc/password
(or /etc/shadow) and you'll have your password entry in a Memo. Follow
step two above.
What types
of passwords are supported?
This program currently works on standard UNIX passwords based on the
crypt() function (not FreeBSD-type) and on NT LANMAN password hashes (not
the NT challenge response MD4 hashes). See http://www.l0pht.com/l0phtcrack/
for more information on NT passwords.
Cisco Type 7 (not Type 5 MD5 hashes) password decryption support is
now available. See http://www.cisco.com/warp/public/701/64.html
for more information.
How do I
get an NT encrypted password?
On an NT box, run pwdump (or pwdump2
if SYSKEY is enabled) from a DOS window in order to dump the password file
entry. The pwdump command can be found in the L0phtcrack distribution
found at http://www.l0pht.com/l0phtcrack/.
How does
brute force checking work?
The brute force crack is very compute intensive,
mainly because of the number of iterations required. As a result,
the brute force check is disabled by default. Check the menus
tour for information on enabling brute force checking.
Number of Iterations
Category |
Base
Calculation |
UNIX (x=8) |
NT (x=14) |
NT Case Insensitive |
Lower case |
26^x |
2 x 10^11 |
6 x 10^19 |
|
Lower case w/nums |
36^x |
3 x 10^12 |
6 x 10^21 |
|
Mixed case |
52^x |
5 x 10^13 |
|
6 x 10^19 |
Mixed case w/nums |
62^x |
2 x 10^14 |
|
6 x 10^21 |
All symbols |
92^x |
5 x 10^15 |
|
3 x 10^25 |
As you can see, the number of iterations is pretty
huge and not really feasible for a tiny, single CPU Dragonball Pilot. As
an estimate, for passwords up to 4 characters in length, it takes approximately
5 hours just to check the entire space for UNIX for only lower case characters!
26+26^2+26^3+26^4 iterations / 25iterations/sec
/ 3600 secs/hr = 5.25 hours
How can I
create my own custom dictionary?
A pc.pdb file can be made with a perl program called pcmwdb
(PalmCrack Make Wordlist DataBase). The only platform that pcmwdb
has been tested on is Sun SPARC running Solaris 7 using Perl 5.005.
Contact Noncon for more information about developing custom wordlist dictionaries.
How do
I contact Noncon, Inc?
You can contact us using the following email addresses:
|