QCrack, v1.01 - Copyright (c) 1995, The Crypt Keeper

------------------------------------------------------------------------------

5/9/95

[UPDATE/INFO] -------------------===========================================**


Changed from v1.00 -> v1.01:
 -  Added credits to the author of the fcrypt routines.  The original copy I
    obtained didn't have them and I beileve the code was just more public
    domain no-name code.  The real author is Eric Young; see the fcrypt.c code
    for details on reaching him.

 -  Modified memory allocation routines/linked list maintainance.   

 -  Rewrote password file parser.

 -  Included small program to check byte ordering on systems.  Make sure you
    change the Makefile to represent the appropriate byte ordering
    (endianness) :).

-------

Many people had problems compiling v1.00 code.  This code has been developed
and tested with gcc 2.5.8 under Linux 1.1.73.  There were reports of problems
with 2.6.3, although I think I have fixed them.

I have decided to include linux executables in this distribution.   

I would really appreciate knowing what sorts of numbers (statistics) you
obtain with this, so I can try to optimize it a bit for various platforms.
If you could describe the rates you obtain, your hardware (mem, disk (size/
speed if known, interface if known), cpu) that might also be valueable.
Please don't distribute this.

[QCRACK] ------------------------===========================================**

QCrack is meant to be a first line defensive manuever for SysAdmins.  Often,
users choose poor passwords.  They want something easy to remember and 
often these words will find their way into large dictionaries.  The problem
with dictionary attacks are that encryption data is lost.  Cracker Jack
subverts this problem somewhat by storing the Hash:PW string in a hidden
file called, "JACK.POT" - allowing an "instant" crack on many password files
once this has been built.  However, these passwords might be on many systems,
except with different salt's, requiring an admin to recrack the passwords
anyways, and there is little benefit.  

QCrack attempts to solve this problem, somewhat, at the expensive of storage.
QCrack takes a file with a special format (produced by QInit; see later)
and effectively does double layered hashing in order to speed things up.  The
file built by QINIT is basically an initialized hash table, and then lookups
can be done based on what exists in the actual password file.  
What that means is that you get impressive cracking speeds for an
exchange of disk space.  The only caveat other than disk space is that the
file needs to be built, which can be expensive.  More on this below.

QCrack is a suggested alternative to forcing users to use passwords like
"h23ui@;F" or other random, difficult to memorize passwords.  This can 
keep users bugging the sysadmin constantly asking for their password.

Others force /usr/bin/passwd to check the entered password in a list of words
(usually /usr/dicts/words), and check that first.  This list is often
either out of date, or non existant!!

[QINIT] -------------------------===========================================**

QInit is where all the time is spent - ONCE.  QInit generates a hash table
where each entry corresponds to a salt value and contains the first two
bytes of the hash.  Each password becomes about 4K worth of data, so this
file gets large quickly.  A file with 5000 words can be expected to be
20 MB of disk.  This makes it important to have both, a lot of disk space,
and a very select dictionary.  Included, a file called, "cpw" is a list
containing what I consider to be "good" words for the typical account.  I
have had zero hits with this file on some password files, and I have also
had almost a 30% hit rate on others.  

The 4K of data is very closely related to an actual fcrypt call, except only
the first 8 bits of data are used.  This means that for each word, QINIT
really performs all 4096 fcrypts (one for each salt) on each word.  This
can be a time consuming operating.  However, It is trivial to parallelize.
Have several computers simply work on independent dictionaries and output
to different files.  After they have built their files, simply cat the
fiels together and output them to a single one. 

Someone interested in making some money might be able to generate a moderate
dictionary (say, 150000 words or so) and burn a CDROM.  This would allow 
cracking at nearly the speed that data could be read from the CD.  The
I/O speed seems to be the main block in speed.  

So, how do you use it?  Well, it is a filter - which makes increasing the
dictionary easy.  A common use might be to build a very small dictionary
(such as the cpw file included), and execute:
qinit < cpw > cpw.hash

This creates (after some time!) a file called "cpw.hash".  It's best not to
mess with the file once it is created, since you can cause some pretty
severe sync errors if you modify it in a bad way.  If you want to add
words, you could then append to cpw.hash, something like:
qinit < new-words >> cpw.hash

[QEXT] --------------------------===========================================**

Very simple.  This program merely outputs the words from a qinit file. 

[GENERAL] -----------------------===========================================**

Once the dictionary has been built with QInit, the rest of it is up to you.
It never again needs to be built.  Stick it onto your favorite tape.  Or
keep a small one lying around on your hard disk if you have the space 
for it.  After this, you can run qcrack on any password file and get
nearly instant cracking results.  My 486 cracked a conglomeration of
22000 accounts with a 4500 word dictionary in only 10 minutes.  That has
a throughput of nearly 165000 c/s, far more than any convential cracking
software could ever obtain.  

QCrack has a few general options.  It's syntax is:
qcrack [-bns] <passwordfile> <hashfile>

the dash options (-bns) are optional.
-b tells QCrack to beep each time an account is hit.  This makes it a little
more entertaining to watch.

-n tells QCrack *not* to try each login with the a password equivalent to
the account's login id's.  These are tested while loading the password
file, so it will be noticeably slower when parsing the password file.

-s tells QCrack to supress parsing messages.  

Multiple options can be specified with only a single dash; multiple dashes
will confuse the command line parser if separated with spaces.  Basically,
this means to use:
qcrack -ns passwd hash 
and *NOT*
qcrack -n -s passwd hash

Output from QCrack is somewhat weird.  
Parsing messages, beeps (^G), status, and similar such information is
all output to stderr.  Any accounts which are cracked are put to stdout.
Two common uses therefore would be (under tcsh):

qcrack mypasswdfile cpw.hash > mypasswdfile.hit
or
qcrack mypasswdfile cpw.hash >& mypasswdfile.hit

The first will allow the one who exec's qcrack to see things like status,
parsing messages, etc.

The second will throw these messages into the file.  Be careful to check and
see if any accounts were cracked in the parsing messages.  If there was one
cracked, then it will be in the middle of the parsing messages.  The
-s option will supress the parsing messages, and eliminate this problem.

I spent a bit of time optimizing the fcrypt routines for both applications.
They originally got about 700 c/s on my system, and I moved the general
fcrypt up to about 900, and the fcrypt used in qinit gets about 1000. 
If you can make it go faster, I'd love to hear.  If you throw in a new
hash engine, I'd like to hear about that, too, and what kind of results
or improvements you've obtained.  I did not try to write this code in any
fancy way, so it is pretty kludgy.  This project started off just as an
experiment, and I thought that others might find it useful.  If you don't,
then you can go ahead and forget about it; sorry for wasting your time.

[WHERE TO FIND] -----------------===========================================**
The latest version of QCRACK can be ftp'd from: DOSTOEVSKY.UCR.EDU  
If you would like to place QCRACK on an ftp site, please email me below so I
can include you.

Finally, if you need to contact me, I can be reached by:

CyberDreams BBS: (909)/656.0539  - 28.8, Renegade, latest and greatest for
                                   both the novice and advanced security
                                   enthusiast.

INET email: tck@zorro.ucsd.edu

