Checkpass

tekijä: Elina Kaarina Leskinen Viimeisin muutos keskiviikko 05. elokuuta 2015, 13.16

C++ source code icon checkPass.cpp — C++ source code, 12 KB (13018 bytes)

Tiedoston sisältö

#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <string>
#include <iostream>
#include <fstream>
#include <deque>
#include <list>
#include <time.h>

using namespace std;

typedef struct dataStruct {
	string password;
	int count;
	bool found;
	list<int> mylist;
} dataType;
typedef struct passwordwtag {
	string password;
	int tagnumber;
};

time_t start_time, end_time, total_time;
int numberoffiles=1;
ofstream resultsFile[20];
ofstream resultsFile1;
ofstream resultsFile2;
ofstream resultsFile3;
int totalCracked[20];
void help();
int binarySearchPassword(deque<dataType>* hashList, string key);
void 	print_result ( int filen, unsigned long long numGuesses, string guess);
int cmp(struct passwordwtag p1, struct passwordwtag p2);
double calculateEntropy(string input);
bool containsDigits(string guess);
int evaluateRules(deque<dataStruct> *findQueue);

int main(int argc, char *argv[]) {
	
	ifstream passwordFile[20];
		
	ofstream notFoundFile;
	
    list<passwordwtag> slist1;
		
	deque<dataStruct> findQueue1;
	deque<dataStruct> findQueue2;
	
	bool isMinSize=false;
	bool digitsRequired=false;
	int minSize=0;
		
	bool findEntropy=false; //if it should print out the entropy to the found/notfound files
	bool limitGuesses=false; //if there are a limited number of guesses it should make
	bool checkRule=false; //used to debug rules to get them in the proper cracking order
	unsigned long long maxGuesses=0;  //The maximum number of guesses to make;
	
	unsigned long long numGuesses=0;

	for (int i=0; i<numberoffiles; i++)
		totalCracked[i]=0;
	
	//--Process the command line---------//
	
	if (argc<2) {
		cout << "\nYou need to specify an input file\n";
		help();
		return 0;
	}
	if (strcmp(argv[1], "-c")==0){
		sscanf(argv[2], "%d", &numberoffiles);
	}
	else numberoffiles=1;
	//cout << numberoffiles<<endl;
	for (int i=3; i<argc; i++) {
		//   if (i==argc-1) {  //find the name of the passwordfile to check against
		//   passwordFile.open(argv[i]);
		//}
		if (strcmp(argv[i],"-e")==0) { //print entropy data
			findEntropy=true;
		}
		else if (strcmp(argv[i],"-f")==0){
		
			for (int j=0; j< numberoffiles; j++)
			{
				i++;
				passwordFile[j].open(argv[i]);
			}
		}
		else if (strcmp(argv[i],"-l")==0) { //limit the number of guesses
			limitGuesses=true;
			i++;
			if ((i==argc)||(!isdigit(argv[i][0]))) { //--Yah, I'm lazy here as someone could input 1a
				cout << "\nNo max value specified\n";
				help();
				return 0;
			}
			else {
				sscanf (argv[i], "%llu", &maxGuesses);
				//maxGuesses= atoi(argv[i]);
			}
		}
		else if (strcmp(argv[i],"-m")==0) { //impose a minimum size for each password guess
			isMinSize=true;
			i++;
			if ((i==argc)||(!isdigit(argv[i][0]))) {
				cout << "\nNo min length specified\n";
				help();
				return 0;
			}
			else {
				minSize = atoi(argv[i]);
			}
		}
		else if (strcmp(argv[i],"-digits")==0) { //require digits in each password guess
			digitsRequired=true;
		}
		else if (strcmp(argv[i],"-checkRule")==0) { //debug the rules
			checkRule=true;
		}
		else {
			cout << "\nInvalid option\n";
			//help();
			return 0;
		}
	}

	//---Now Process the input file-------------------------//
	for (int i=0; i< numberoffiles; i++){
	if (!passwordFile[i].is_open()) {
		cout << "\nCould not open the " << i+1 << "th password file to check against\n";
		help();
		return 0;
	}
	}
	string filename;
	char numb[5];
	for (int i=1; i <= numberoffiles; i++)
	{
		//sprintf(filename,"result%d.txt", i); 
	//	itoa(i, numb, 10);
		filename="result";
		sprintf(numb, "%d", i);
		filename += numb;
		filename += ".txt";
		
	  resultsFile[i].open(filename.c_str());
	}

	notFoundFile.open("notfoundfile.txt");

	string inputLine;
	
	size_t carrigeReturnStripper;
	size_t marker;
	int filenumber;
	for (int i=0; i<numberoffiles; i++){
		getline(passwordFile[i],inputLine);
		while (!passwordFile[i].eof()) {
			carrigeReturnStripper=inputLine.find('\r');  //get rid of any carrige returns in the input file
			if (carrigeReturnStripper!=string::npos) {
			      inputLine.resize(inputLine.size()-1);;
			}
			if (inputLine.size()>1) {
				passwordwtag temppass;
			//	sscanf(inputLine, "%s", &temppass.password);
				temppass.password=inputLine;
				temppass.tagnumber=i+1;
	//			cout << temppass.password << "\t" << temppass.tagnumber << endl;
				slist1.push_back(temppass);
			}
			getline(passwordFile[i],inputLine);
		}
		if (inputLine.find('\r')!=string::npos) {
			passwordwtag temppass;
			temppass.password=inputLine;
			temppass.tagnumber=i+1;
	//		cout << temppass.password << "\t" << temppass.tagnumber << endl;
			slist1.push_back(temppass);
				
		}
		
		slist1.sort(cmp);
	}
//	list<passwordwtag>::iterator it;
//		for (it=slist1.begin();it!=slist1.end();it++) {
//		cout << (*it).password << "\t"<< (*it).tagnumber << endl;
//		}
//		cout << "----------\n";

	
	//-----------now set up the datastructure for quick searches-----------------//
	list<passwordwtag>::iterator listIt;
	list<int> resultfile;
//	list<int>::iterator listIt2;
	string prevPass="";
	int curNumber=0;
	dataStruct inputValue;
//	listIt2=slist2.begin();
	for (listIt=slist1.begin();listIt!=slist1.end();++listIt) {
		if (prevPass.compare((*listIt).password)==0) {

			resultfile.push_back((*listIt).tagnumber);	

		}
		else {
			if (curNumber != 0) 
			{
				list<int>::iterator lit;
				for (lit=resultfile.begin(); lit!=resultfile.end(); ++lit){
		//			cout << "we got something: "<< (*lit) <<endl;
					inputValue.mylist.push_back((*lit));
				}				
				findQueue1.push_back(inputValue);
				inputValue.mylist.clear();
				resultfile.clear();
				curNumber=0;				
			}
			inputValue.password=(*listIt).password;
			//(*listIt).password;
//			cout << inputValue.password << "\t" << curNumber <<endl;
			inputValue.found=false;
			curNumber++;
//			if (curNumber ==1) 
//			cout << "password: " << (*listIt).password <<endl;
//			cout << "tag :" << (*listIt).tagnumber << endl;
			resultfile.push_back((*listIt).tagnumber);
			prevPass=(*listIt).password;
		}
	}
	if (curNumber != 0) 
	{
		list<int>::iterator lit;
		for (lit=resultfile.begin(); lit!=resultfile.end(); ++lit){
			inputValue.mylist.push_back((*lit));
		}				
		findQueue1.push_back(inputValue);
		resultfile.clear();
		curNumber=0;				
	}
	if (findQueue1.empty()) {
		cout << "No passwords to parse in q 1\n";
		help();
		return 0;
	}
	
	
	cout << "Size of unique hashes: "<<findQueue1.size() <<endl ;
	//---------now process the input from the password cracker-------------------//
	 if (checkRule) {
	 evaluateRules(&findQueue1);
	}
	printf("0\t0\n");
	cout << "Max number of guesses: " << maxGuesses <<"\n";
    cout << "Guessing is started\n";
    start_time = time(NULL);
	string guess;
	cin >> guess;
	int pos;
    
    
	while (!cin.fail()) {
		if (((!isMinSize)||(guess.size()>=minSize))&&((!digitsRequired)||(containsDigits(guess)))) {
			numGuesses++;
			if (numGuesses%1000000==0)
				cout << numGuesses  << endl;
			if ((limitGuesses)&&(maxGuesses<numGuesses)) { //reached the max number of guesses
				cout << "Reached the max number of guesses\n";
				cout << "numGuesses:" << '\t' << numGuesses << endl;
				break;
			}
			pos=binarySearchPassword(&findQueue1,guess);
			if ((pos!=-1)&&(!findQueue1[pos].found)) {  //if the guess cracked a password
				findQueue1[pos].found=true;
				list<int>:: iterator tempit;
				for (tempit=findQueue1[pos].mylist.begin(); tempit!=findQueue1[pos].mylist.end(); ++tempit){
					print_result ( (*tempit), numGuesses, guess);
				}
				findQueue1.erase(findQueue1.begin()+pos);
			}
		}
		cin >> guess;
	}
    end_time=time(NULL);
    cout << "Total number of guesses: " << numGuesses <<  endl;
	  for (int i=0;i!=findQueue1.size();i++) {
//	 for (int j=0;j<findQueue[i].count;j++) {
//	 if (!findEntropy) {
	 notFoundFile << findQueue1[i].password << endl; //prints a plaintext list of the not-cracked passwords
//	 }_re
//	 else {
//	 notFoundFile << calculateEntropy(findQueue[i].password) << endl; 
//	 }
	 }
    total_time= difftime(end_time,start_time);
    cout << "Total time: " << total_time << "seconds\n";
    

	
	
	return 0;
}

void help() {
	cout << "CheckPass - Tool used to check how a password cracker would do, without having to hash the passwords\n";
	cout << "Written by Matt Weir - Florida State University- later changed by Shiva Houshmand to work for multiple files with related tags\n";
	cout << "The related results will be stored in files result1.txt, ... \n";
	cout << "Contact Info: sudhir@cs.fsu.edu\n";
	cout << "\n";
	cout << "Usage Info\n";
	cout << "----------------------------------------------------------------\n";
	cout << "checkPass <password file>\n";
	cout << "Options:\n";
	cout << "-c\t\t<number> number of input files\n";
	cout << "-f\t\tThe file names example: -f file1 file2 file3\n";
	cout << "-e\t\tPrint entropy data instead of plain guesses to found/notfound files\n";
	cout << "-l <max num of guesses>\tLimit the number of guesses made\n";
	cout << "example:\n";
	cout << "./john -incremental=alpha -stdout | ./checkPass mypasswordfile.txt\n";
	cout << "-m <Min Len of a Password Guess>\tWhen I'm too lazy to modify my rules to take into account a password creation policy\n"; 
	cout << "-digits\t\tPassword guesses must contain digits to be counted. Once again, implimenting it here since I'm lazy\n";
	cout << "-checkRule\t\tCheck how many passwords are cracked per rule. Rules are seperated by a 'THISISABENCHMARK!!'.\n";
	cout << "\n\n";
}

void 	print_result ( int filen, unsigned long long numGuesses, string guess)
{
	totalCracked[filen]+= 1;
	resultsFile[filen] << guess<< endl;
	resultsFile[filen] << numGuesses << '\t' << totalCracked[filen] << endl;
		
}
int cmp (struct passwordwtag p1, struct passwordwtag p2)
{
	if (p1.password.compare(p2.password) <=0)
		return true; 
		else if (p1.password.compare(p2.password)>0)
			return false;
//	return p1.password.compare(p2.password);
//	strcmp(p1->password, p2->password);
}

int binarySearchPassword(deque<dataType>* hashList, string key) {
	int left;
	int right;
	int midpt;
	int size;
	int compareResult;
	
	size = (int)(*hashList).size();
	left = 0;
	right = size - 1;
	
	while (left <= right) {
		midpt = (int) ((left + right) / 2);
		compareResult=key.compare((*hashList)[midpt].password);
		if (compareResult== 0) {
			return midpt;
		}
		else if (compareResult > 0) {
			left = midpt + 1;
		}
		else {
			right = midpt - 1;
		}
	}
	return -1;
}

double calculateEntropy(string input) {
	double entropy = 0;
	int curSize = input.size();
	if (curSize==0) {
		return entropy;
	}
	//take care of the first char
	curSize--;
	entropy = 4;  //4 bits of entropy for the first char
	if (curSize<=8) {
		entropy = entropy + (curSize*2); //2 bits of entropy for the next 8 characters
	}
	else {
		curSize=curSize-8;
		entropy = entropy + 16;  //2 bits of entropy for each of the next 8 characters
		if (curSize <= 12) {
			entropy = entropy + (curSize*1.5); //1.5 bits of entropy for characters 9-20
		}
		else {
			curSize=curSize-12;
			entropy = entropy + (12*1.5);  //1.5 bits of entropy for characters 9-20;
			entropy = entropy + (curSize);  //1 bit of entorpy for each character more than 20
		}
	}
	//--now figure out if it has an uppercase character + non-alpha character
	bool hasNonAlpha = false;
	bool hasUpper = false;
	bool hasLower = false;
	for (int i=0;i<input.size();i++) {
		if (isalpha(input[i])) {
			if (islower(input[i])) {
				hasLower=true;
			}
			else {
				hasUpper=true;
			}
		}
		else {
			hasNonAlpha = true;
		}
	}
	if (hasNonAlpha&&hasUpper&&hasLower) {
		entropy = entropy + 6; //6 entropy for having upper/lower+nonAlpha
	}
	return entropy;
}

bool containsDigits(string guess) {
	for (int i=0;i<guess.size();i++) {
		if (isdigit(guess[i])) {
			return true;
		}
	}
	return false;
}

int evaluateRules(deque<dataStruct> *findQueue) {
	string guess;
	long long numGuesses=0;
	long long numGuessesPerRule=0;
	int curRule=1;
	long long numCrackedPerRule=0;
	bool ruleDone=false;
	double crackedPerGuess=0.0;
	
	cin >> guess;
	while (!cin.fail()) {
		numGuesses++;
		if (guess.compare("THISISABENCHMARK!!")==0) { //done with the current rule
			if (!ruleDone) {
				crackedPerGuess=numCrackedPerRule/(numGuesses*1.0);
				cout << "Rule:\t" << curRule << "\t" << crackedPerGuess << "\t" << numGuessesPerRule << "\t" << numCrackedPerRule << endl;
				curRule++;
				numGuessesPerRule=0;
				numCrackedPerRule=0;
				ruleDone=true;
				//        for (int i=0; i< (*findQueue).size();i++) { // clean it up for the next rule, aka any cracked passwords are no longer cracked
				//          (*findQueue)[i].found=false;
				//        }
			}
		}
		else {
			ruleDone=false;
			numGuessesPerRule++;
			int pos=binarySearchPassword(findQueue,guess);
			if ((pos!=-1)&&(!(*findQueue)[pos].found)) {  //if the guess cracked a password
				(*findQueue)[pos].found=true;
				numCrackedPerRule=numCrackedPerRule+(*findQueue)[pos].count; 
			}
		}
		cin >> guess;
	}
	return 0;
}