[The Alchemist]

MD5 Bruteforce Program

Hello everyone...
I've just created a MD5 bruteforce script using Java. This has a very high efficiency... You can modify my code and increase the length easily(I've given instructions in the code)...

Its supports numbers, both uppercase and lowercase alphabets and some special symbols too that people use in their passwords...
Here's the code :

Code:

/*Program coded by The Alchemist
* This is a MD5 bruteforce script
* DEQUE HELPED ME WITH THE BRUTEFORCING CODE
* Works upto words that are as long as the user desires it to be
* Supports numbers,characters(both uppercase and lowercase)
* and special characters normally used in passwords
*/
import java.util.*;
import java.security.*;
public class Bruteforce
{  
    static String answer="";
    public static void main(String[] args)
    {
        Scanner in=new Scanner(System.in);
        char ar[]={ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
                's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K',
                'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3',
                '4', '5', '6', '7', '8', '9','`','~','!','@','#','$','%','^','&','*','(',')','-','_','=','+',
                '|','{','}','[',']',';',':',',','<','.','>','/','?'};
        String enc;
        System.out.println("Please don't enter anything that is not MD5 encrypted");
        System.out.print("Enter MD5 encrypted text : ");
        enc=in.nextLine();
        //HERE, 20 denotes the maximum wordlength 20
        final int MAX_WORDLENGTH = 20;//YOU JUST NEED TO CHANGE THIS TO MODIFY THE MAXIMUM WORDLENGTH
        for(int wordlength = 1; wordlength <= MAX_WORDLENGTH; wordlength++)
        {
            if(generate(wordlength,ar,enc))
            {
                System.out.print("Match found!! The decrypted string is : "+ answer);
                break;
            }
            else
            {
                System.out.println("Not a word of "+wordlength+" characters");
            }
        }
    }
    private static boolean generate(int wordlength, char[] alphabet,String enc)
    {
        final long MAX_WORDS = (long) Math.pow(alphabet.length, wordlength);
        final int RADIX = alphabet.length;
        for (long i = 0; i < MAX_WORDS; i++)
        {
            int[] indices = convertToRadix(RADIX, i, wordlength);
            char[] word = new char[wordlength];
            for (int k = 0; k < wordlength; k++)
            {
                word[k] = alphabet[indices[k]];
            }
            String ss=new String(word);
            if(compareit(encrypt(ss),enc))
            {
                answer=ss;
                return true;
            }
        }
        return false;
    }
    private static int[] convertToRadix(int radix, long number, int wordlength)
    {
        int[] indices = new int[wordlength];
        for (int i = wordlength - 1; i >= 0; i--)
        {
            if (number > 0)
            {
                int rest = (int) (number % radix);
                number /= radix;
                indices[i] = rest;
            }
            else
            {
                indices[i] = 0;
            }

        }
        return indices;
    }
    public static String encrypt(String str)
    {
            byte[] defaultBytes = str.getBytes();
            try
            {
                MessageDigest algorithm = MessageDigest.getInstance("MD5");
                algorithm.reset();
                algorithm.update(defaultBytes);
                byte messageDigest[] = algorithm.digest();
                StringBuffer hexString = new StringBuffer();
                for (int i = 0; i < messageDigest.length; i++)
                {
                    hexString.append(Integer.toHexString(0xFF & messageDigest[i]));
                }
                str = hexString + "";
            } catch(NoSuchAlgorithmException e)
              {
                  e.printStackTrace();
              }
            return str;
    }
    public static boolean compareit(String s2, String s1)
    {
        String a=s1;
        if(s1.contains(s2))
            return true;
        else
        {
            /*Java often misses out some zeroes while encrypting text, so here
             * I'm removing zeroes one by one from the original string and then
             * performing the check again*/
            while(a.indexOf('0')!=-1)
            {
                a=a.substring(0,a.indexOf('0'))+a.substring(a.indexOf('0')+1,a.length());
                if(a.contains(s2))
                    return true;
            }
        }
        return false;
    }
}

Run it in your Java platform. Enter the MD5 encrypted text that you would like to 'decrypt'. And wait till the decrypted text appears...

Thats it...
Enjoy..

APPRECIATION AND CRITICISM, BOTH ARE WELCOME...
DON'T FORGET TO GIVE FEEDBACK!!

[Deque]

The bruteforcing part (word generation) is my code. You should give credit for that.
Also using threads would make it highly efficient.

[The Alchemist]

The bruteforcing part (word generation) is my code. You should give credit for that.
Also using threads would make it highly efficient.

Ofcourse.... Thanks for the code mate... You're a very good programmer... Would be a pleasure to learn from you...

[Frooxius]

Why do you think that it's highly efficient?

This isn't very efficient, it contains a lot of method calls, constant allocations and deallocations, unnecessary copying of data around, so I wonder what are you basing the "highly efficient" claim on? All that is going to show on the performance especially if you feed it a hash of something that has more words, in fact, did you try feeding it a hash of a 20 character word and seeing how long it takes to find a match? There's still a long way before you can call this efficient. Also using C might help up to speed up things a lot, especially if you use the simplest Cstrings, instead of some wrapper with a bunch of functions.

Secondly you don't have to type out all the characters as you do in the code for the ar[] array of characters. Look at the ASCII table and you'll see that the characters are also grouped nicely, so you can simply use a range of character indexes, instead of typing them all out, it might be even faster based on conditions (it compares one variable to a predetermined value with the code, instead of fetching data from the memory which might take longer). Like this for example:

Code:

if(ch >= 'a' && ch <= 'z')

Or you can populate that array with the code, using the trick I've shown above.

Additionally, don't return the answer via a function side effect, it's not a nice OOP practice and makes it harder to take the function and put it somewhere else. In fact, returning true or false with the generate function is completely redundant. Return the string instead and in case no match is found, return an empty string (or null), which will indicate that no match was found. Easy as that.

Lastly, I would like to clarify the difference between encryption and hash function. Hashing is not encryption and therefore decrypting a hash doesn't make any sense, because it's not encrypted data.

Hash transforms the data one way, into a fixed width string, basically generating unique foot-print of the data that was used to create it, but doesn't store the original data. Encryption only transforms a way the data is expressed in some way, so it's unreadable to anyone who doesn't know a way to transform it back (decrypt it), but all of the data are still there, so they can be decrypted.

[The Alchemist]

Why do you think that it's highly efficient?

This isn't very efficient, it contains a lot of method calls, constant allocations and deallocations, unnecessary copying of data around, so I wonder what are you basing the "highly efficient" claim on? All that is going to show on the performance especially if you feed it a hash of something that has more words, in fact, did you try feeding it a hash of a 20 character word and seeing how long it takes to find a match? There's still a long way before you can call this efficient. Also using C might help up to speed up things a lot, especially if you use the simplest Cstrings, instead of some wrapper with a bunch of functions.

Secondly you don't have to type out all the characters as you do in the code for the ar[] array of characters. Look at the ASCII table and you'll see that the characters are also grouped nicely, so you can simply use a range of character indexes, instead of typing them all out, it might be even faster based on conditions (it compares one variable to a predetermined value with the code, instead of fetching data from the memory which might take longer). Like this for example:

Code:

if(ch >= 'a' && ch <= 'z')

Or you can populate that array with the code, using the trick I've shown above.

Additionally, don't return the answer via a function side effect, it's not a nice OOP practice and makes it harder to take the function and put it somewhere else. In fact, returning true or false with the generate function is completely redundant. Return the string instead and in case no match is found, return an empty string (or null), which will indicate that no match was found. Easy as that.

Lastly, I would like to clarify the difference between encryption and hash function. Hashing is not encryption and therefore decrypting a hash doesn't make any sense, because it's not encrypted data.

Hash transforms the data one way, into a fixed width string, basically generating unique foot-print of the data that was used to create it, but doesn't store the original data. Encryption only transforms a way the data is expressed in some way, so it's unreadable to anyone who doesn't know a way to transform it back (decrypt it), but all of the data are still there, so they can be decrypted.

Ok... Thanks for the suggestions on making my programs more efficient... Will remember them next time...

[Deque]

Another possibility to initialize the alphabet:

Code:

public static char[] initAllowedCharacters(int start, int end) {
        char[] allowedCharacters = new char[end - start + 1];
        for (int i = start; i <= end; i++) {
            allowedCharacters[i - start] = (char) i;
        }
        return allowedCharacters;
    }

I.e. for the letters a-z you do:

Code:

char[] alphabet = initAllowedCharacters('a', 'z');

[Phibedy]

Thx for code, even if it's not that efficient. For people who want's to see how a "cracker" (don't know the word for) for md5-hash works

[Frooxius]

Deque: That's actually the possibility that I suggested, but I didn't give any particular code, but rather pointed to a feature that would allow to implement it in some way.

[Deque]

Deque: That's actually the possibility that I suggested, but I didn't give any particular code, but rather pointed to a feature that would allow to implement it in some way.

Yes, I know. Is anything wrong?

Edit: Ah, I get it. I misunderstood something.

[The Alchemist]

Deque : Thanks again for the snippet.