Brute forcing a password is tough work. You try over and over and hope for the password, or with Stuffit 5 passwords, a hash collision.
Obviously, speed is the key thing in this process, and what machines you can run the software on. Here are some interesting bits on showing speeds.
The original versions of Kasper were Bash and Perl scripts written to call the StuffIt CLI tools over and over. They benched, being generous, about 40 lines/second. And this was on a mighty 2007 dual quad-core Mac Pro at 3GHz.
An attempt at a StuffIt SDK version of Kasper sped up to more along the lines of 500 lines/second.
By removing the CLI tools and going after the raw algorithm, the Perl script then sped up to a monumental 350,000 lines/second. With this move, Kasper started to use Maskprocessor to generate password.
Development then shifted over to my daily workhorse- a 2010 Core i7 Lenovo X201 laptop at 2.67GHz. This machine outperforms the Mac Pro’s Xeon X5365 at single threaded benchmarks- the Mac Pro can edge out with its 8 threads (4 per processor) versus the X201’s 4 threads (2 cores with 2 threads via hyperthreading). Here’s an interesting look at the two over at CPU Boss.
A Windows command line version of Kasper was compiled using Visual Studio Express 2012 and OpenSSL. This application was able to execute 550,000-650,000 lines/second.
Moving to Visual Studio Express 2013 and removing loops allowed for another jump to 750,000-830,000 lines/second.
Changing the back-end algorithm to the OpenSSL MD5_Init method gave a small boost to 880,000-900,000 lines/second.
Compiling Kasper as a 64-bit executable, linking to 64-bit OpenSSL libraries, pushed Kasper over the magic 1 million mark, running 1,000,000-1,100,000 lines/second.
Another change, removing a function call with the same functionality via bitshifts, doubled performance to an astounding 2,100,000-2,200,000 lines/second.
The time to run through a 4-character alphabet defined as all lowercase, uppercase, digits, and symbols (95 characters total) is my standard benchmark. This benchmark has now dropped from multiple minutes to barely half a minute as the average lines/second has jumped over and over.
It’s funny to me that I spend so much time cracking StuffIt on a Windows PC for a primarily Mac format. So I cracked out my Titanium PowerBook G4 that was the last laptop capable of booting Mac OS 9, and can run up to Mac OS X 10.5.8 (slowly!). I’d like to think it’s well treated, with an SSD and maxed out 1GB of RAM.
Mac versions of Kasper are compiled by Apple xCode 3.1.4 (the last xCode for PowerPC Macs). John the Ripper 126.96.36.199 is used to generate passwords instead of Maskprocessor, which lacks a PowerPC version. Of course a laptop that is over a decade old isn’t going to compete well with a Core i7 laptop, but it does break six figures per second. This was based off the non 64-bit code (as that won’t work on a 32-bit G4/OS), but before the bitshift update. Perhaps it will bench at 300k in the future!
This poor PowerBook should live out its days in Mac OS 9 – and I’m going to try to see if I can’t get the code running there- even if it most likely will lack the password generation of John/MaskProcessor. I’m acquiring more Macs to serve as development platforms though!
On the .sitx front, which I know I have half a dozen people asking me about, the so-called KasperX performance, however, has a much worst performance level. On Windows, the Stuffit Deluxe 2010 software (at version 14), has its console_unstuff.exe command line software spammed by a Perl script.
On Mac OS X, the Stuffit Deluxe 2011 software (at version 15), has its console unstuff software spammed by a Perl script.
On the 2007 Mac Pro, KasperX performs at about 5.5-6 lines per second.
I attempted another SDK version, focused on .sitx – and again am benching around 500 lines/second. Needless to say, KasperX (and .sitx files in general) are out of reach for brute force except in very small attacks.
I hope 2014 will bring progress to Stuffit 4 files – I feel the complexity of Stuffit X files are really pushing the limits, and there may be hope for older Stuffit files. And if you have a Stuffit 5 archive, well, there’s an almost positive chance we can get your data freed.