[Encryption and Decryption] Passware Kit Forensic Violent Aesthetics-Detailed parameter settings for custom decryption of known partial passwords
It is said that "homemade weapons are not necessarily the strongest, but the strongest weapons must be homemade." The same is true for forensic tools. Although the default configuration is strong enough, if we can customize the parameter configuration according to real-time scenarios, then it can often Get twice the result with half the effort—【Su Xiaomu】
Article directory
-
- [Encryption and Decryption] Passware Kit Forensic Violent Aesthetics-Detailed parameter settings for custom decryption of known partial passwords
- (1) Specify the regular password format
- (2) Custom decryption settings for known partial passwords
- (3) Brute force cracking error demonstration
- *Other cracking methods
- Summarize
1. Experimental environment
| system | Version |
|---|---|
| Windows 11 Pro for Workstations | 22H2(22621.1702); |
| Passware Kit Forensic | 2019.4.1; |
2.RAR encrypted compressed package
The password rules of the known RAR compressed package are: wlzhg@xxxx@xn, where the xxxx part is the part that needs to be cracked.
(1) Specify the regular password format
1. Select the encrypted document
The routine is to select the document that needs to be decrypted and click.
2. Three cracking modes
The initial wizard screen is shown below. Passware Kit provides three cracking modes.
| parameter | illustrate |
|---|---|
| Use predefined settings | The predefined settings have no information at all about passwords and use default attacks to recover passwords. |
| run wizard | If you know any details about your password, follow the simple steps to set up password recovery, which works with cracking methods that know partial information about your password. |
| Advanced: Custom settings | Manually set up attacks to recover your passwords, custom password cracking parameters. |
According to the file format, prioritize the type of cracked password, password length, password structure (combination type), etc., click Save, and start cracking the password.
(2) Custom decryption settings for known partial passwords
Brute force cracking settings: the password starts with wlzhg@, the password ends with @xn, there are 4 digits missing in the middle, and the length of all passwords is 13.
According to the known conditions, it can be directly set to: wlzhg@ *@xn。【星号*and 问号?there are some differences, you can try it yourself, 建议使用星号*]
Just choose one of the two, and the second method is more recommended . The first dictionary cracking method is more suitable for understanding the rules of password composition and then generating a dictionary by yourself.
1. Method 1: Dictionary cracking
Dictionary parameter settings: The maximum password length is 13. (Because it is a competition, 13to13 is more accurate)
2. Method 2: Customized brute force cracking [Recommended]
Advanced settings: Custom characters and patterns.
Select the second pattern (Pattern)! ! ! It only takes a thousand attempts, and it can be cracked basically in seconds.
(3) Brute force cracking error demonstration
It’s not necessarily wrong, but it’s used differently in different scenarios; a warning to reduce unnecessary trouble.
1. Parameter setting error 1: password length
Because it is a competition, the number of password digits and the missing digits have been clearly given. Just set the password length according to the given digits. Don't add unnecessary information and waste time.
Of course, if you are not sure about the password length, you can try more, but it will take more time.
2. The known password part is not fully set.
Because the password is missing the middle part, the first parameter set is dictionary cracking (local unlinked dictionary). Secondly, in the known part, the second half of the password dictionary is missed, resulting in a geometric increase in the number of cracks and a waste of time and computing power.
3. Check Custom characters (Custom characters)
In this test, although PasswareKit was also used, the number of attempts after checking reached 137561 times, which is more than ten times more than the single-check mode (Pattern); for some unknown passwords, it takes more time, which is generally clear It is not recommended to check this option for some passwords.
Because there are only 4 digits, it can be cracked quickly.
*Other cracking methods
Summarize
If you have time, you may be able to get the answer by trying one more step.
The writing is one-sided and is purely for record keeping. Any errors or omissions are welcome to be corrected.
[ The ownership of the work belongs to the author [Su Xiaomu], please indicate the source of the article when reprinting ]
References
| name | time |
|---|---|
| Start editing date | September 2, 2021 |
| Last edited date | May 11, 2023 |