DaveGrohl 3.01 alphaA Distributed Password Cracker for OS XWhat's new?Version 3.0 is a complete rewrite of DaveGrohl. Version 2 was suffering from a severe case of code-stank and it will eventually be euthanized. The goal is to create a completely modern object-oriented codebase and make it extremely easy to use for both the developer and the end user. This code is currently in the very early stages, but will focus on a few central design goals. Design Goals. Ease of Use - At first the UI will mimic V2, but the user experience is the most important design aspect. Users at any level of expertise should easily be able to figure out how to compile, install and run Dave.
![]()
1) Start your Mac computer by pressing the Power button. 2) Press Command + R immediately to boot your Mac computer to recovery drive. Now you will see the recovery utility screen. Select Terminal from Utilities Menu. Then type the command: resetpassword in the Terminal. Press the Enter button, and the Password Recovery Utility will be opened. If the Mac is running Lion or above, type the following commands instead, changing the username and newpassword accordingly: You should now be able to access your Mac without restrictions. Part 3: Protecting your Mac from Mac OS X Password Bypass As you can see, it is really easy to hack into your own Mac.
Platform Independence - It should compile on Mac OS X and the most common flavors of Linux (Ubuntu, Red Hat) with no modification. Compiling on Windows is a plus but by no means a goal. Code Independence - It should require no external libraries outside of the C Standard Library to compile.
If better libraries are available, Dave should auto-detect and link against them with no flags required. User experience should never be a sacrifice. Self Documenting - If anyone can’t figure out how to use Dave, it is at best a bug and at worst a fundamental design flaw.
Dave should realize the user is having trouble offer help. (The current UI is not necessarily the goal UI). Modern Codebase - Dave should be completely object-oriented and using the most modern C11/14 standards. If dropping to raw C or even assembly would present a performance benefit, that code should be carefully implemented and encapsulated. Any Objective-C should be replaced with Swift and ideally phased out completely.Quick How-ToIf you're pulling Dave from Github, make sure XCode is installed then clone the repository. MacBook-Pro: /davegrohl$ sudo./dave -u someuser- Loaded PBKDF2 (Salted SHA512) hash.- Starting attackTIME GUESSES0000:00:08 351 (aaru) (loveme) x 86n bpc 2s5 ojf wkea 52la caha0000:00:14 613 (abaculus) (samantha) 9a 38n t3c an5 yjf k4ea dmla ieha0000:00:20 875 (abandoning) (spongebob) pe n7n x3c 8n5 bvf 25ea odla weha- Found password: 'shorty '- (dictionary attack)Finished in 31.330 seconds / 1,318 guesses.42 guesses per second.In this example, I purposely set my password to one I knew Dave would guess early. When using PBKDF2, OS X throttles the time it takes to hash a password.
This is great for password security, but bad for brute force attacks.Out of the box, Dave will not check every possible password because it is insanely impractical. With no special arguments, Dave will check every password between 0 and 16 digits long using the default character set of 'aeorisn1tl2md0cp3hbuk45g9687yfwjvzxq'. With these settings on my 8-core Macbook Pro, it would take longer than the age of the universe to check every possibility.You can greatly improve your time-to-crack if you have an idea of how long the password is and what characters may be in it.
The following example tells Dave the password is between 5 & 7 digits long and may contain the characters 'sbeio'. 0000:00:27 894 1 Hour 26 Seconds left.0000:00:34 1,152 (abashes) (sayang) oeoss oeosbe siosess siosiis siosobb- Found password: 'boobs '- (incremental attack)Finished in 74.250 seconds / 2,477 guesses.33 guesses per second.The time estimate is how long Dave will take to check every possibility, not how long to find the password. Using Dave with HashcatIf you'd like to use a real password cracker, try.You can use Dave to extract a user's hash formatted for hashcat. MacBook-Pro: /davegrohl$ sudo./dave -hashcat=USERNAME hash.txtMacBook-Pro: /davegrohl$ hashcat -m 7100 hash.txt wordlist.txt HistoryDaveGrohl was initially created in early 2011 as a password hash extractor & companion tool to John the Ripper. It's blossoming into a multithreaded distributed password cracker was a product of sheer curiosity/boredom. Dave has always been aimed at brute-forcing OS X user passwords, although he's been known to get lost staring into a cloud of Linux machines.Sadly, my day job as a ninja spy astronaut and my highly Scandinavian level of ethanol consumption has led to an old stanky code base.
In light of these facts, I've decided to unleash the stank upon the world in hopes that it brings joy and nerdgasms to whomever finds it. Vintage CodeThe old version of Dave is still available. It's currently the most stable and may have some features that have not yet been implemented in V3.
MacBook-Pro: $ git clone Why Distributed?Distributed mode in V2 stopped working an OS or two ago. I sadly haven't had the time to look into it, although it's probably something simple.Also while distributed mode was cool, it was not built to scale massively.
This is partly due to it's being tied to Mac OS X. Who the hell wants to virtualize a thousand instances of OS X anyways?
Real scale means linux. If DaveGrohl is destined to live on, it should be stripped of it's Cocoa and start embracing platform independence.Not Windows of course. Fuck Windows. DisclaimerAlthough Dave is mostly in C11 & Objective-C, I have never coded professionally in those languages. If while reading the code you start to get a nosebleed or an erection lasting more than 4 hours, please accept my sincere apologies for my mockery of good coding practices.
![]() ![]()
Version 7.4.2: New:. 1Password now requires you kind your Grasp Password any time you add or take away fingerprints.Improvements:. The merchandise element part gives higher accessibility for VoiceOver customers. Added an choice to disable Markdown in Safe Notes.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |