· 6 years ago · Mar 17, 2019, 03:16 PM
1import java.io.FileReader;
2import java.io.Console;
3import java.util.Scanner;
4import java.security.MessageDigest;
5import java.security.SecureRandom;
6import java.security.NoSuchAlgorithmException;
7import java.security.spec.InvalidKeySpecException;
8import javax.crypto.SecretKeyFactory;
9import javax.crypto.spec.PBEKeySpec;
10import javax.crypto.SecretKey;
11import javax.xml.bind.annotation.adapters.HexBinaryAdapter;
12import com.opencsv.CSVReader;
13
14public class LabSecurity {
15 private static final char[] characters = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
16 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
17
18 private static final int HASH_ITERS = 10000;
19 private static final int SALT_LENGTH = 32;
20 private static final int HASH_LENGTH = 512;
21
22 private boolean found;
23 private String match;
24
25 private MessageDigest md5;
26 private byte[] byteRepresentation;
27 private byte[] hash;
28 private String strHexHash;
29 private HexBinaryAdapter hba;
30
31 /**
32 * Constructor for objects of class LabSecurity
33 */
34 public LabSecurity() {
35 try {
36 md5 = MessageDigest.getInstance("MD5");
37 hba = new HexBinaryAdapter();
38 } catch (NoSuchAlgorithmException nsae) {
39 }
40 }
41
42 public void tryMD5() {
43 try {
44 String str;
45 do {
46 System.out.println("Input a string to generate its MD5 hash (press enter to quit)");
47 Scanner terminalInput = new Scanner(System.in);
48 str = terminalInput.nextLine();
49 if (!str.equals("")) {
50 System.out.println(encodeMD5(str));
51 }
52 } while (!str.equals(""));
53 } catch (Exception e) {
54 }
55
56 }
57
58 private String encodeMD5(final String input) throws Exception {
59 byteRepresentation = input.getBytes("UTF-8");
60 hash = md5.digest(byteRepresentation);
61 strHexHash = hba.marshal(hash);
62 return strHexHash;
63 }
64
65 public void bruteForce(final String input) {
66 try {
67 CSVReader reader = new CSVReader(new FileReader(input));
68 String[] nextLine;
69 reader.readNext();
70 System.out.println("Brute force");
71 while ((nextLine = reader.readNext()) != null) {
72 System.out.print(nextLine[0] + " " + nextLine[1] + " ");
73 found = false;
74 String password = "not found";
75 if (found) {
76 password = match;
77 }
78 System.out.println(password);
79 }
80 } catch (Exception e) {
81 }
82 }
83
84 /**
85 * Recursively explore all passwords shorter or equal to parameter <length>,
86 * made up of characters from the <characters> class variable
87 * to find the password which has the same MD5Â hash as parameter <hash>.
88 * The <found> global variable needs to be initialised to false prior to calling the method.
89 * Results are stored in the <found> and <match> global variables.
90 * <p>
91 * bruteForceRecursive(10, 0, "", <hash>) will try passwords
92 * of 10 or fewer characters until it finds one that hashes to <hash> or
93 * all passwords have been tried unsuccessfully.
94 */
95 private void bruteForceRecursive(final int length, final int position, final String baseString, final String hash) throws Exception {
96 for (int i = 0; i < characters.length & !found; i++) {
97 String attempt = baseString + characters[i];
98 found = hash.equals(encodeMD5(attempt));
99 if (found) {
100 match = attempt;
101 } else {
102
103 if (position < length - 1) {
104 bruteForceRecursive(length, position + 1, attempt, hash);
105 }
106 }
107 }
108 }
109
110 public String generateHash(String password) {
111 String result = "";
112 return result;
113 }
114
115 private byte[] hashPassword(final char[] password, final byte[] salt, final int iterations, final int keyLength) {
116
117 try {
118 SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
119 PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, keyLength);
120 SecretKey key = skf.generateSecret(spec);
121 byte[] res = key.getEncoded();
122 return res;
123 } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
124 throw new RuntimeException(e);
125 }
126 }
127
128
129}