Durvasav BfPC

Durvasav BfPC (Durvasav Bruteforce Password Cracker) is a simple bruteforce password hash cracker program written in C language. It is a console program released under GNU GPL version 3 and runs on Windows. It uses the OpenSSL library for generating hashes. You can use this tool to to extract plain text from any standard hashes. You can compare a single hash or thousands of hashes to a hash table at a time. Durvasav supports MD4, MD5, SHA0, SHA1, SHA224, SHA256, SHA384 and SHA512 standard hashing algorithms. You can also produce hash tables of all these hashes for different character sets or generate wordlists for reverse hash lookup. See the features below.

• Supports MD4, MD5, SHA0, SHA1, SHA224, SHA256, SHA384 and SHA512.
• Uses fast OpenSSL library.
• Includes wide variety of character sets and a custom character set.
• Performs 'pseudo' operation.
• Hash table generation.
• Generates bruteforce password table.
• Import and compare hash tables containing thousands of hashes.
• Maximum password length of 12 characters (will increase it).
• Wordlist generation for all characters.
• Compatible with Windows 32bit and 64bit.

Durvasav BfPC is simple to use because it's a console program or uses TUI - Textual User Interface, more accurately. Double click the Durvasav BfPC.exe file to start the program. It will show a welcome screen showing the slogan,

Enter any key to continue from there. Now you will see the following screen.

Select your hash type by entering the number of it and then hit the Enter key once. Now you will be directed to the following screen.

Here you have to select what character set you want. You can either choose from predefined character sets or a custom character set of your own.

1. [0...9] - Numeric from 0-9
2. [a...z] - Small letters from a-z
3. [A...Z] - Capital letters from A-Z
4. [0...z] - 0-9 numeric and a-z alphabets
5. [0...Z] - 0-9 numeric and A-Z alphabets
6. [a...Z] - All small and capital letters
7. [0..a..Z] - All numbers, small letters and capital letters
8. [All] - All numbers, small letters, capital letters and all special characters
9. [Custom] - Select this if you want use a custom character set

If you select the option 9, you will have to add characters to a file called CUSTOM.CST which is located in the same folder that contains the executable file and if there no such file, create one. Open this file with a notepad or similar software and add your characters to it followed by a newline character at the end (press Enter for adding one). The maximum no.of characters you can add is 256.

This adds a special feature that you can use a space character as a custom character. Because it's not available in the default character sets. So if you want to use space character (ASCII Dec 32) in your passwords, use this method. Continue from here by hitting Y key once if you choose to use a custom character set. Then you'll have to enter the minimum and maximum lengths of the password you expect to be in your hash. The minimum length is 2 and maximum length is 12. The operation will be canceled if you try to override the limits. Then you'll see the following screen.

You can select four different output methods by typing its number. The Perform option just performs the hash generation but does nothing useful. The second option Compare lets you to compare a single hash or a huge hash table with thousands of generated hashes.

If you have only one hash to compare, select the first method and enter the hash as a complete string and hit Enter. You'll have to wait for the process to complete. Durvasav BfPC will compare your hash with all generated hashes.

If you choose to import a hash table, select the second method and you'll see the above screen. You can also see the hash type and the character set you selected there. Copy your hash file to the folder where the executable is stored and enter the full name with its extension and hit Enter. The program will compare the generated hashes with all the hashes in your hash table. After each successful hash lookup, it will be printed to the screen. Finally when the whole operation completes, Durvasav will generate a text file with all the lookup results.

There are two other output methods. The Print option will let you to print all the generated hashes to the screen one by one. This is a very slow operation. The Wordlist option can be selected to generate a plain text password table or hash table for the character set you've selected. This will generate a file called WORDLIST.TXT on the root folder. Be aware that the Durvasav can empty your hard disks if you let him to output a huge hash table or word list in a matter of time. The program will show you the time taken to complete an operation always. So you can also use Durvasav to benchmark the performance of your system.

On the welcome screen, pressing the key 9 on your keyboard will show you the program version details. Pressing 0 will exit the program. Pressing 0 any other place other than home will return you to the home by canceling the operation.

Durvasa or Durvasas was a sage (or Rishi) according to the Indian mythology. "Durvasav" is the Malayalam (my native language) pronunciation of Durvasa. He is known for his short temper and curse. The program is just like him. It curses the hashes to be revealed in a bruteforce attack! Even though bruteforce is the most foolish thing to do with passwords, the outcome is certain. Bruteforce is tried when all other methods are tried and failed, just like we lose our imagination; we let the machine do it!

I really started this project to sharpen my knowledge in C programming by doing it. I began with simple code and expanded it to support the whole range of hashes. You can download the source files as an archive or from GitHub. I used Orwell DevC++ as my IDE. I had trouble to add the plain MD5 and other hashing algorithms to my program and finally OpenSSL came to help me. The OpenSSL library can be downloaded as a DevC++ package from their repository.

The program can be divided into different sections; the user interface, the nested loops and hashing algorithms. The user interface is of ASCII console type. The nested loops generate plain text strings based on the character set selected and give those strings to the hashing algorithms to convert. I've thoroughly commented my code. So I hope you can understand the code easily. In case of any doubt, please mail me.

I'm thinking of porting the code to C++ and add some advanced features like,

• Heavy threaded cracking mechanism for utilizing multiple cores of CPUs.
• Increased password lengths.
• Support for some more hashes.
• Support of other type of cracking methods.
• Support for direct bruteforce of files like ZIP, RAR, PDF etc.
• Distributed cracking with multiple instances over LAN or Internet.

DURVASAV BfPC is an administrator/experimental tool to find lost passwords and other information. You will, and the author not be held responsible for any situation that arises from using this program. You should use it at your own risk. Using the software for illegal activity could be considered a crime as per you local law or regulations. Please refer to it for more details. Additional terms.