sorib / truecrack

Automatically exported from code.google.com/p/truecrack
GNU General Public License v3.0
0 stars 0 forks source link

Segfault when using wordfile mode #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Compile truecrack in cpu only mode (GPU=false)
2. Run truecrack in wordfile mode 

What is the expected output? What do you see instead?
Expect to see list of words that the program has tried, instead see 
"Segmentation Fault"

What version of the product are you using? On what operating system?
Oct 13 version. Arch linux x86_64

Please provide any additional information below.
Using gdb, it appears the segfault is happening in the "file_readWordsBlock" 
function. Truecrack works fine in charset mode.

Original issue reported on code.google.com by anda...@gmail.com on 5 Feb 2012 at 8:04

GoogleCodeExporter commented 9 years ago
What type of dictionary are you using? Try the default dictionary wordlist file 
in the directory of the project.
./truecrack -t TRUECRYPT_VOLUME -w dictionary_10k.txt -b 1024 -v

Original comment by luck87 on 7 Feb 2012 at 1:09

GoogleCodeExporter commented 9 years ago
I am using a dictionary file I generated with python. It is a simple list of 
words with a password on each line.

You are right, I tested it with the included dictionary and it worked as 
expected.

I am unsure why my dictionary file would not work, could it be that there are 
symbols in the password? Such as !@#$%^&*(... etc. ? I ruled out filesize being 
a cause by testing a smaller version of the list.

Original comment by anda...@gmail.com on 8 Feb 2012 at 10:39

GoogleCodeExporter commented 9 years ago
The bug is a buffer overflow:

Common/CpuCore.h contains a 
#define PASSWORD_MAXSIZE 32

Main/Core.c allocates memory
blockPwd=malloc(CORE_blocksize*PASSWORD_MAXSIZE*sizeof(char));

Main/Utils.c reads up to block_size number of words with a max size of 64 bytes 
in file_readWordBlock.

So if the average wordlength is more than 32, data will be written outside the 
buffer and can cause seg fault.

I have not tested the gpu version, but Cuda/CudaCore.cuh seems to have a 
similar define which is to low (32).

A good testcase for this would be a wordlist/phraselist with at least 1k 
"words", each being 64chars long to see that the app behaves as it should.

Cheers

Original comment by mattias....@gmail.com on 19 Nov 2012 at 9:19

GoogleCodeExporter commented 9 years ago
Thanks to mattias, I had the same problem and change before compile in each 
file you wrote from 32 to 64 and it works with longer passes.

Original comment by black.ch...@gmail.com on 23 Jan 2013 at 4:54

GoogleCodeExporter commented 9 years ago
thanks.. i fix the bug ;-)

Original comment by luck87 on 23 Jan 2013 at 6:43

GoogleCodeExporter commented 9 years ago

Original comment by luck87 on 23 Jan 2013 at 7:22

GoogleCodeExporter commented 9 years ago
Can you double check svn/src/Cuda/CudaCore.cuh also? 
There is a PASSWORD_MAXSIZE 32 there as well and it's being used in cuda_Init 
in svn/src/Cuda/CudaCore.cu when doing a cudaMalloc and this could be dangerous 
in the same was as previously in the cpu version.

Original comment by mattias....@gmail.com on 25 Jan 2013 at 11:55

GoogleCodeExporter commented 9 years ago
I've increased the #define PASSWORD_MAXSIZE in Common/CpuCore.h to 64, 128 and 
even 256. I can't seem to get it to process passwords over 50 characters long. 
Most of my dictionary file is passwords that are over 60 characters and some go 
up to 65. 

Any ideas on what I would need to do to get this to work?

Original comment by eugen...@gmail.com on 6 Nov 2013 at 12:11