Projects > Software Projects >

Durvasav BfPC


Durvasav BfPC Welcome


Durvasav BfPC (Durvasav Bruteforce Password Cracker) is a simple bruteforce password hash cracker program written in C language. It is a console program released under GNU GPL version 3 and runs on Windows. It uses the OpenSSL library for generating hashes. You can use this tool to to extract plain text from any standard hashes. You can compare a single hash or thousands of hashes to a hash table at a time. Durvasav supports MD4, MD5, SHA0, SHA1, SHA224, SHA256, SHA384 and SHA512 standard hashing algorithms. You can also produce hash tables of all these hashes for different character sets or generate wordlists for reverse hash lookup. See the features below.

Features

  • Supports MD4, MD5, SHA0, SHA1, SHA224, SHA256, SHA384 and SHA512.
  • Uses fast OpenSSL library.
  • Includes wide variety of character sets and a custom character set.
  • Performs 'pseudo' operation.
  • Hash table generation.
  • Generates bruteforce password table.
  • Import and compare hash tables containing thousands of hashes.
  • Maximum password length of 12 characters (will increase it).
  • Wordlist generation for all characters.
  • Compatible with Windows 32bit and 64bit.

How to use ?

Durvasav BfPC is simple to use because it's a console program or uses TUI - Textual User Interface, more accurately. Double click the 'Durvasav BfPC.exe' file to start the program. It will show a welcome screen showing the slogan,

"When Imagination Fails !"


Enter any key to continue from there. Now you will see the following screen.


Durvasav BfPC Home


Select your hash type by entering the number of it and then hit the 'Enter' key once. Now you will be directed to the following screen.


Durvasav BfPC Charset


Here you have to select what character set you want. You can either choose from predefined character sets or a custom character set of your own.

  • 1. [0...9] - Numeric from 0-9
  • 2. [a...z] - Small letters from a-z
  • 3. [A...Z] - Capital letters from A-Z
  • 4. [0...z] - 0-9 numeric and a-z alphabets
  • 5. [0...Z] - 0-9 numeric and A-Z alphabets
  • 6. [a...Z] - All small and capital letters
  • 7. [0..a..Z] - All numbers, small letters and capital letters
  • 8. [All] - All numbers, small letters, capital letters and all special characters
  • 9. [Custom] - Select this if you want use a custom character set

If you select the option 9, you will have to add characters to a file called 'CUSTOM.CST' which is located in the same folder that contains the executable file and if there no such file, create one. Open this file with a notepad or similar software and add your characters to it followed by a newline character at the end (press Enter for adding one). The maximum no.of characters you can add is 256.


Durvasav BfPC Custom


This adds a special feature that you can use a 'space character' as a custom character. Because it's not available in the default character sets. So if you want to use space character (ASCII Dec 32) in your passwords, use this method. Continue from here by hitting 'y' key once if you choose to use a custom character set. Then you'll have to enter the minimum and maximum lengths of the password you expect to be in your hash. The minimum length is 2 and maximum length is 12. The operation will be cancelled if you try to override the limits. Then you'll see the following screen.


Durvasav BfPC Output


You can select four different output methods by typing its number. The 'Perform' option just performs the hash generation but does nothing useful. The second option 'Compare' lets you to compare a single hash or a huge hash table with thousands of generated hashes.


Durvasav BfPC Compare


If you have only one hash to compare, select the first method and enter the hash as a complete string and hit 'Enter'. You'll have to wait for the process to complete. Durvasav BfPC will compare your hash with all generated hashes.


Durvasav BfPC Enter Hash


Durvasav BfPC Input File


If you choose to import a hash table, select the second method and you'll see the above screen. You can also see the hash type and the character set you selected there. Copy your hash file to the folder where the executable is stored and enter the full name with its extension and hit 'Enter'. The program will compare the generated hashes with all the hashes in your hash table. After each successful hash lookup, it will be printed to the screen. Finally when the whole operation completes, Durvasav will generate a text file with all the lookup results.

There are two other output methods. The 'Print' option will let you to print all the generated hashes to the screen one by one. This is a very slow operation. The 'Wordlist' option can be selected to generate a plain text password table or hash table for the character set you've selected. This will generate a file called 'WORDLIST.TXT' on the root folder. Be aware that the Durvasav can empty your hard disks if you let him to output a huge hash table or word list in a matter of time. The program will show you the time taken to complete an operation always. So you can also use Durvasav to benchmark the performance of your system.


Durvasav BfPC MD5


On the welcome screen, pressing the key '9' on your keyboard will show you the program version details. Pressing '0' will exit the program. Pressing '0' any other place other than home will return you to the home by cancelling the operation.


Durvasav BfPC About

Behind The Name

Durvasa or Durvasas was a sage (or Rishi) according to the Indian mythology. "Durvasav" is the Malayalam (my native language) pronunciation of Durvasa. He is known for his short temper and curse. The program is just like him. It curses the hashes to be revealed in a bruteforce attack ! Even though bruteforce is the most foolish thing to do with passwords, the outcome is certain.  Bruteforce is tried when all other methods are tried and failed, just like 'we lose our imagination'; we let the machine do it !

Code Explanation

 I really started this project to sharpen my knowledge in C programming by doing it. I began with simple code and expanded it to support the whole range of hashes. You can download the source files as an archive. I used Orwell DevC++ as my IDE. I had trouble to add the plain MD5 and other hashing algorithms to my program and finally OpenSSL came to help me. The OpenSSL library can be downloaded as a DevC++ package from their repository. 

The program can be divided into different sections; the user interface, the nested loops and hashing algorithms. The user interface is of ASCII console type. The nested loops generate plain text strings based on the character set selected and give those strings to the hashing algorithms to convert. I've thoroughly commented my code. So I hope you can understand the code easily. In case of any doubt, please mail me. 

Future

I'm thinking of porting the code to C++ and add some advanced features like,
  • Heavy threaded cracking mechanism for utilizing multiple cores of CPUs.
  • Increased password lengths.
  • Support for some more hashes.
  • Support of other type of cracking methods.
  • Support for direct bruteforce of files like ZIP, RAR, PDF etc.
  • Distributed cracking with multiple instances over LAN or Internet.
I've been successful in multithreading the program using 'Pthreads'. The results are amazing so far. That topic will be explained in an another post.

Disclaimer

DURVASAV BfPC is an administrator/experimental tool to find lost passwords and other information. You will, and the author not be held responsible for any situation that arises from using this program. You should use it at your own risk. Using the software for illegal activity could be considered a crime as per you local law or regulations. Please refer to it for more details. Additional terms.


DO NOT USE THIS TOOL FOR ANY ILLEGAL ACTIVITY.

Github

Links

  1. Open SSL : https://www.openssl.org/
  2. POSIX Threads : https://computing.llnl.gov/tutorials/pthreads/
  3. Orwell DevC++ : http://orwelldevcpp.blogspot.in/
  4. Dev C++ Packages : http://devpaks.org/
  5. Durvasa (the sage) - Wikipedia : http://en.wikipedia.org/wiki/Durvasa

Downloads

The executable, setup file, screenshots, source files, and license are inside the archive 'Durvasav-BfPC-All.rar'.