JBrute / Blog: Recent posts

Hey, now it is available a new relase of JBrute, there are several bug fixes and some new functionalities. You can read the changelog to get a detail of the changes.
Please donwload the binary or checkout the source code and get me your opinion!
I really need volunteers to make a deep test on dictionary decrypt method.

Regards,
Gonzalo

Hey folks, I discovered a bug with a specific scenario: when you use multi-threading in dictionary decryption, you will get an exception if you are processing a rule with memory access commands/constans. This is because the strategy that I choose to manage memory, and that strategy is not thread-safe.

I correct it and it will be available on the next release. Anyway, if you don't use multiple threads, or if you use multiple threads but no memory access commands/constants, you can work without problems with dictionary method.

Hey, now it is available a new relase of JBrute, there are several bug fixes and some new functionalities. You can read the changelog to get a detail of the changes.
This version fix serious bugs related to chained algorithms (because in last version I rewrited the main code for threads, to improve decryption with no salt).
Please donwload the binary or checkout the source code and get me your opinion!
I really need volunteers to make a deep test on dictionary decrypt method.
Regards,
Gonzalo.

Hey, now it is available a new relase of JBrute, there are several bug fixes and some new functionalities. You can read the changelog to get a detail of the changes.
This version has important improves, like multi-threading support for dictionary attacks, really better performance for chained algorithms, and new functionalities for rule pre processor.

Please donwload the binary or checkout the source code and get me your opinion!
I really need volunteers to make a deep test on dictionary decrypt method.
Regards,
Gonzalo.

Introduction

Starting on version 11.70, Informix allows DBSA to create internal users and to manage their authentication locally, and not with the OS. This feature is called USERMAPPING. We will try to understand how Informix does to store the passwords for that users. For some reason, until now, nobody took some time to analyze this.
On the other hand, we will use JBrute as a support tool to help us in the cryptoanalysis, and this is a new different (and interesting) use for it.... read more

From today, JBrute's users can ask questions, exchange opinions, and write about general issues on the JBrute's user list.

To suscribe: https://lists.sourceforge.net/lists/listinfo/jbrute-users

To send an email to the list: jbrute-users@lists.sourceforge.net

Cheers,
Gonzalo.

Hey, now it is available a new relase of JBrute, there are several bug fixes and some new functionalities. You can read the changelog to get a detail of the changes.
Please donwload the binary or checkout the source code and get me your opinion!

I really need volunteers to make a deep test on dictionary decrypt method.

Regards,
Gonzalo.

Discovered today:

$ ./jbrute.sh --test --threads=4

ERROR! unknow parameter

I fixed it for the next version.

It is very difficult for me to test all scenarios after a change, and, until now, I did not receive any comments or reports from JBrute's users, so I must discover this kind of bugs by myself, and it is a really slow process... In this case, a friend of mine reported it!

Regards,
Gonzalo

Yesterday I discovered this error. When I tried to test performance of the ORACLE-10G algorithm on my laptop, I get this error:

$ ./jbrute.sh --test --algorithm=A

Number of cores detected: 8
Number of threads to use: 1

Testing performance for ORACLE-10G() ...
Exception in thread "Thread-0" java.lang.IllegalArgumentException: hexBinary needs to be even-length: SYSTEM/2F4C3799A242887767
at javax.xml.bind.DatatypeConverterImpl.parseHexBinary(Unknown Source)
at javax.xml.bind.DatatypeConverter.parseHexBinary(Unknown Source)
at specialAlgorithm.Oracle10g.toByteArray(Oracle10g.java:237)
at specialAlgorithm.MyMessageDigest.hashToByteArray(MyMessageDigest.java:118)
at entities.MyBruteDecryptThread.testBruteForceSpecial(MyBruteDecryptThread.java:255)
at entities.MyBruteDecryptThread.run(MyBruteDecryptThread.java:128)
You could compute 0 ORACLE-10G() hashes/sec approx.... read more

Today JBrute´s downloads grows over 100, thank you for your support! Please notify me any bug that you find to make JBrute a better app.

Hey, now it is available a new relase of JBrute, there are several improvements on performace for dictionary decryption method. You can read the changelog to get a detail of the changes.

Please donwload the binary or checkout the source code and get me your opinion!
I really need volunteers to make a deep test on dictionary decrypt method.

Regards,
Gonzalo.

I´m working to improve performance for dictionary decrypt method, replacing the use of Strings with StringBuilders, and this work is promising! Please stay alert, a new version of JBrute with this changes is coming soon!!! (I hope this week :)

Hey, now it is available a new relase of JBrute, there are bug fixes principally. You can read the changelog to get a detail fo the changes.

Please donwload the binaries or checkout the source and get me your opinion!

Regards,
Gonzalo.

I discovered an error with the functionality of the "encrypt" main parameter. When you use a chained case grater than 1, and if it has differents characters (ex: LU, RL, RU) the result hash is not the correct one.

If you use just 2 chained algorithms, there is no problem.
If you use N chained algorithms, but chained case is the same (like UUU or RRR or LL) there is no problem.
If you use N chained algorithms, and you use the default chained case, there is no problem too (as explained in the last example).... read more

There's available the first version of JBrute, an Open Source security audit tool written in Java.
Please feel free to download and test it, or to checkout the source code to study it.

I´m waiting for your comments and suggestions!