Tuesday, April 19, 2022

How to use M1 Max / M1 Ultra machine to crack password using brute force

M1 Max and M1 Ultra has lots of GPU power for cracking password. For brute force attach we can use hashcat and John the Ripper.

(1) Installation

(1.1) Install XCode and Command Line Utilities from Apple
(1.2) Install Homebrew
(1.3) Install John the Ripper and add path by using Terminal command
brew install john-jumbo
export PATH=/opt/homebrew/Cellar/john-jumbo/1.9.0/share/john/:$PATH

(1.4) Install rar and. unrar for testing (as the HomeBrew version might not working.
cd $(HOME)/Downloads
wget https://www.rarlab.com/rar/rarmacos-arm-611.tar.gz
sudo cp rar/rar /usr/local/bin
sudo cp rar/unrar /usr/local/bin

(1.5)Install hashcat from git
cd $(HOME)/Downloads
git clone https://github.com/hashcat/hashcat.git
cd hashcat

(2) Testing
# create a test.rar file with password of 1234 for testing
cd $(HOME)/Downloads
mkdir -p testhashcat
cd testhascat
echo 'I am testing' > test.txt
rar a -P1234 test.rar test.txt
Use John the Ripper to generate hash
% rar2john test.rar

And copy the hash value in blue color and it will be used again in hashcat

Use hashcat to brute force attack
../hashcat/hashcat -m 13000 -w 3 -a 3 \
'$rar5$16$852481e911dc38c66cec2fbe8e9a825b$15$e1c319e802eec30efab80c6bd7470468$8$f9c3bfde638768a5' \
--increment --increment-min 2 --increment-max 8 '?d?d?d?d?d?d?d?d' --potfile-path=rarfile.pot  -o testrar.out.txt
Explanation of the parameters used in hashcat
-m 13000 means --hash-type RAR5 see here https://hashcat.net/wiki/doku.php?id=example_hashes
-a 3 means attack-mode Brute-force
-w 3 Workload Profiles High
--increment --increment-min 2 --increment-max 8
means increment the guess password with minimum of 2 and maximum of 8

?d means digit as below
Built-in charsets are
?l = abcdefghijklmnopqrstuvwxyz
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s

If finished, the password will be in testrar.out.txt $rar5$16$852481e911dc38c66cec2fbe8e9a825b$15$e1c319e802eec30efab80c6bd7470468$8$f9c3bfde638768a5:1234

Testing of zip file with password
zip -e test.zip test.txt
zip2john test.zip

% zip2john test.zip
ver 1.0 efh 5455 efh 7875 test.zip/test.txt PKZIP Encr: 2b chk, TS_chk, cmplen=25, decmplen=13, crc=A491CD37

../hashcat/hashcat -m 17210 -w 3 -a 3 \
'$pkzip2$1*2*2*0*19*d*a491cd37*0*42*0*19*a491*796a*55a56112ff0d2913127e2502764b2f8044e7975a5a23014084*$/pkzip2$' \
--increment --increment-min 2 --increment-max 8 '?d?d?d?d?d?d?d?d' --potfile-path=zipfile.pot -o testzip.out.txt

% cat testzip.out.txt                       

Testing of pdf file with password
% perl pdf2john.pl testpdf.pdf

../hashcat/hashcat -m 10500 -w 3 -a 3 \
'$pdf$4*4*128*-4*1*16*9d60ea4e1b8444818557a392476b3ab3*32*13f7b5e82e85872782a2795121fc850d00000000000000000000000000000000*32*7f8b9892322afb0dccd7a4259da14c65e9d5009abb26bae6d1708fed9dc60edc' \
--increment --increment-min 2 --increment-max 8 '?d?d?d?d?d?d?d?d' --potfile-path=pdffile.pot -o testpdf.out.txt

note: hash-type for pdf
10400	PDF 1.1 - 1.3 (Acrobat 2 - 4)
10410	PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1
10420	PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2
10500	PDF 1.4 - 1.6 (Acrobat 5 - 8)	
10600	PDF 1.7 Level 3 (Acrobat 9)
10700	PDF 1.7 Level 8 (Acrobat 10 - 11)

Testing of office file with password
% python office2john.py test.docx

../hashcat/hashcat -m 9600 -w 3 -a 3 \
'$office$*2013*100000*256*16*561f4dcaaac333e7c06d150f9ea5aea2*ef4e7b026217124561ecb865b324eac4*e9ef4a859f2c81581db0e27d9ce48e6451b82cd1641941e8adc10dc5600969cb' \
--increment --increment-min 2 --increment-max 8 '?h?h?h?h?h?h?h?h' --potfile-path=officefile.pot -o testdocx.out.txt

note: hash-type for office doc
9400	MS Office 2007
9500	MS Office 2010
9600	MS Office 2013

If you don't have the machine for cracking purpose, you can do this using cloud GPU for a fee.

Sunday, April 17, 2022

How to install Ubuntu on Intel Macbook Air/Pro with T2 Security Chip

Currently you cannot easily install Linux onto an Apple computer which uses the T2 security chip because the Linux Kernel with the T2 support is not included in any of the currently released distributions as a default kernel. And cannot use the built-in keyboard, trackpad, bluetooth and neither WiFi nor ethernet.

(1) There is a patched Ubuntu ISO for Macbook Air/Pro (2018-2020) with T2 Security Chip hardware here. https://github.com/marcosfad/mbp-ubuntu/releases

(2) This ISO image requires you to install on the internal SSD and if you are on the lastest macOS Monterey, the internal SSD would be encrypted. It is not recommended to dual booting Macbook with both macOS and Linux unless you have good backups and are prepared to perform a clean install or restore from backup since you will at some point most likely do something which will prevent either OS from booting and possibly risk losing access to all the data in one or both operating systems.

(3) So it is probably better to use USB to boot up for testing out Linux on Macbook first.
You can download this installed ISO images here (2.64GB) and burn it to an USB stick with 128GB using balenaEtcher for Mac. You don't need to unzip the downloaded zip file as balenaEtcher can read zip file and write to the USB stick directly. The image has an extra 10GB exFAT partition, so that data can be exchanged offline with PC or Mac.

(4) The Macbook should be Disable Secure Boot and Set allowed boot media based on the instructions here https://support.apple.com/HT208330

(5) Then plug in the USB and restart the Macbook and press option key while bootup, then select EFI boot to startup Ubuntu. The installed version of this Ubuntu image, username and password are all ubuntu

(6) This patched Ubuntu ISO should worked for the butterfly keyboard, function keys, touch pad, bluetooth, display and audio. But the microphone might not be working. If the wifi is not working initially, the fix is here using the Terminal (control-option-T) commands

Fix wifi issue of ubuntu-mbp image
sudo dpkg -i /usr/src/iso-firmware.deb
#edit /etc/NetworkManager/NetworkManager.conf as below
sudo editor /etc/NetworkManager/NetworkManager.conf

NetworkManager.conf    Select all
[main] plugins=ifupdown,keyfile [ifupdown] managed=false [device] wifi.scan-rand-mac-address=no
#edit /etc/NetworkManager/conf.d/wifi_backend.conf and add # sign to stop iwd as below
sudo editor /etc/NetworkManager/conf.d/wifi_backend.conf

wifi_backend.conf    Select all
#[device] #wifi.backend=iwd

# restart NetworkManager
sudo systemctl restart NetworkManager
sudo modprobe brcmfmac
Then reboot Ubuntu...

Ubuntu Short Cut Key on Mac
Move window to left or right
command + arrow (e.g. left or right)

Switch desktop
control + option + arrow (e.g. up or down)

Move current window to desktop command + shift + page up / page down
command + shift + fn + arrow (e.g. up or down)

Show all desktops

Change window
command + tab

Further Installation of Waydroid and sideload of Android apk on Ubuntu

shell script    Select all
sudo apt update sudo apt install python3-pip lxc curl wget -y sudo pip install pyclip export DISTRO="focal" && sudo curl https://repo.waydro.id/waydroid.gpg --output /usr/share/keyrings/waydroid.gpg && echo "deb [signed-by=/usr/share/keyrings/waydroid.gpg] https://repo.waydro.id/ $DISTRO main" > ~/waydroid.list && sudo mv ~/waydroid.list /etc/apt/sources.list.d/waydroid.list sudo apt update sudo apt install dkms -y # if old Linux Kernel get this https://github.com/anbox/anbox-modules # With Linux Kernel 5.17 (that is >=5.7), download and build Linux modules from here https://github.com/choff/anbox-modules wget https://github.com/choff/anbox-modules/archive/refs/heads/master.zip unzip master.zip cd anbox-modules-master/ sudo ./INSTALL.sh # check Linux kernel modules installed anbox-ashmem & anbox-binder dkms status # install waydroid sudo apt install waydroid -y
#sudo editor /etc/resolv.conf as
#sudo editor /etc/gbinder.d/anbox.conf as
/dev/binder = aidl2
/dev/vndbinder = aidl2
/dev/hwbinder = hidl

/dev/binder = aidl2
/dev/vndbinder = aidl2
/dev/hwbinder = hidl

Logout Ubuntu (PC keyboard: control-alt-delete / Mac keyboard: control-option-fn-delete)
And login again with "Ubuntu on Wayland" (setting at the bottom right hand corner)

# Download waydroid image (752.66 MB) then init
sudo waydroid init
sudo systemctl start waydroid-container
waydroid session start

# sideload apk (x86_64 apk only)
waydroid app install myapplication.apk

Color correction of WayDroid
Go to Settings App -> Accessibility -> Color inversion (on)

If you want to install Ubuntu Mate Desktop, the terminal command is
sudo apt-get update
sudo apt-get install ubuntu-mate-desktop

Saturday, April 9, 2022

How to erase Mac SSD for downgrade macOS to older version

It used to be using created bootable USB stick in order to downgrade macOS to older version, as in here.

But with the new macOS Monterey and with the T2 Security Chip of modem Mac, your Macintosh SSD will be encrypted and for Intel Mac, the bootcamp partition will also encrypted.

As a result, you cannot install macOS from USB stick to the encrptyed SSD, even if you have enabled boot from media in the Startup Security Utility.

The downgrade path will now require you to erase all content and settings first.
If you haven't do so, you have to do Erase Mac as below before installing any macOS version.
In addition, if you want to downgrade macOS, you have to do

Step (1) Backup all your important data and be sure you have a good Internet connection for the remaining steps

Step (2) Erase Mac, reboot Mac and select Erase Mac from the menu. This will wipe and remove all the whole Macintosh SSD, including the encrypted Macintosh partition and bootcamp partition if any, you might need to authenticate by entering the admin password of your existing MacOS to do this. You can use Internet Recovery to the original macOS version (Option-Shift-Command-R), or else it will default to the latest macOS Monterey (Option-Command-R).

Step (3) Activate Mac, reboot Mac and enter Recovery by pressing Command-R and activate the Mac.

Step (4) Internet Recovery, reboot Mac and enter Recovery by pressing Command-R and use Internet Recovery to choose install original version of macOS.

Step (5) Enable boot from media, After successful installation of the old macOS version, create bootable USB stick of your required macOS version based on this guide from Apple. Reboot Mac and enable boot from media from in the Startup Security Utility.

Step (5) Install macOS from USB stick, reboot again and press Option to choose the USB stick to install from macOS.