Friday, April 24, 2009

Apple and Pears

I had a couple of chaps turn up for a meeting yesterday from a certain UK Law Enforcement Agency and due to a crackingly sunny day were able to sit in a pub garden for a late and leisurely lunch. Anyway, thats not the point!

One of the chaps, Simon, pulled a little Netbook PC out of his bag and low and behold it was running OSX. It was really impressive to see such a tiny machine, designed for Linux or Windows to be running, very successfully, OSX in all its 'never crashing' glory. Being very small and light its essentially a MacBook Air but about £1000 cheaper.

I guess because I'd never gone to look, I did not know that since Apples move to Intel chipsets there has been a huge amount of effort in the hacking community (I use the word hacking in its proper sense) to get OSX successfully working on PC architecture. The Netbooks with their Intel Atom processors are, apparently, perfect.

Wired magazine wrote about it late last year ( with similar results, although they noted that some elements such as Wifi and Sound fail to work on some Netbooks including the one they tried.

A very good list of Netbooks with the elements that work or do not can be found at It appears that the Dell Mini 9 is perfect and virtually anything can be made to work.

It is worth noting that although a great fun project, by loading OSX onto a 3rd party piece of hardware you are breaking the Apple licensing agreement, really fancy getting a Dell Mini on order though :)

Friday, April 17, 2009

...and the Supercomputer gets even better!

Since the Supercomputer got fixed I've been doing some tinkering with quite staggering results. Elcomsoft have released a new version of their Wireless Cracking tool and you can now specify multiple dictionaries which is very useful. In addition, ATI now have new drivers that improve the GPU acceleration so I've got those downloaded and installed.

It then occurred to me that processing time would be taken up with the software figuring out all the permutations for each word in the dictionary, so I took a good 3 million word dictionary and ran it through the permutation generator that is part of John the Ripper.

john -w:dictionary.txt -rules -session:johnrestore.dat -stdout:63 > newdict.txt

This turned a 40 meg dictionary file into a 1.6 Gig monster with a staggering array of derivatives for each word. Feeding this into the cracker I have now raised my cracking speed from around 18000 passwords a second to a mind-blowing 45000 per second, or 3.8 billion a day. Not too shabby!

To deal with purely numeric WPA passwords I've got a friend writing a bit to code to generate a dictionary with every permutation up to 10 billion which is a nice long 11 digit password. Although we are looking at the best part of a week to run I believe that it is worth the effort.

Crack on - if you pardon the pun!

Thursday, April 16, 2009

Expoliting the MSN protocol

This is a post where I am not going to say anything :) I'm not going to say what we have found, what we can do and how we do it, but let me explain the problem.

Many Police Agencies have an interest in where a particular Internet user may be located and to achieve this, detecting their IP address and then asking the ISP for user information is a great way to do it. It is no secret that some Agencies monitor chat rooms and ingratiate themselves with known offenders on Instant Messaging (CEOPS invited the BBC in last year to discuss this), however chat using something like Windows Live Messenger proxies and anonymizes at Microsoft meaning a whole load of paperwork is needed to get the actual subjects IP.

Well that's the problem and Microsoft say that there is no way to circumvent this issue. If you are in this position and would like to discuss the 'problem', you know where to find me.

...and it breaks

In addition to my last post, after just a couple of days of password cracking my super-beasty computer packed in. It seems the 4 uber GPU units decided to up and die which is not helpful when everything is GPU accelerated. Engineers turned up and we are firing on all cylinders again.

Interestingly I am now getting the full 20,000 passwords per second cracking speed that I was expecting whereas before I was only getting a fraction of that, I think there was something wrong from the start. As I look to my left a cracking job for a Police Agency is running at 18,000 per second, not too shabby.