Cracking PDF-file passwords using a BeagleBone boardPosted: March 26, 2012 | |
I am strong proponent of customized embedded systems; a single piece of hardware aimed at solving a single problem. If we have a particular task that is time intensive, repetitive, difficult to configure and somewhat “shady”, it is probably best to execute it in hardware. Lets consider a tool for recovering passwords from PDF-files. There are several downloadable software programs out there that allow you to recover a lost password from an encrypted PDF-file. Is this the best approach? Hardly.
In general I am very wary of installing software in my computer that I do not have access to its source code. Who knows what is happening behind the scenes. Sure, the program may be trying to find the password for my PDF-file, but at the same time it may be sending the same PDF-file to some “shady” folks together with all my computer passwords, credit card numbers and so on. Not good. Even if the password cracking program comes from a “reputable” software house, installing software always leave floating traces behind, which inevitably bloat our hard disks and slow things down.
My idea was simple: pick up a programmable embedded system with USB support and use that as my password cracking platform. This embedded system is to be completely isolated (not connected to any computer or network) and powered up from a 5V adapter. The user just has to attach a usb disk with the encrypted file, press a button and let the platform crack away.
I chose the TI’s BeagleBone; a powerful linux ready 700MHz embedded system retailing for about $85. For more information I recommend checking out the “Getting Started Guide” by Matt Richardson @ Make magazine, in addition to the official BeagleBone webpage.
Here is a video of my PDF-file password cracker in action.
For all intents and purposes, the BeagleBone is just a very portable linux computer. This means I could write all the brute-force and all I/O routines directly in C and BASH. It worked great.
In terms of performance, the BeagleBone is able to test about 7,000 words per second, whereas my macbook pro can to about 25,000. Since, I am just using a brute approach… It takes about 16 minutes to test every single 4 letter word (uppercase+lowercase+symbols), and 900 minutes to test every single 5 letter word. Obviously there is plenty of room for improvement here, such as a dictionary based option and even customized multi-core architectures with many BeagleBone CPUs. This last option is the most interesting one. While the BeagleBone prototype system costs around $85, the CPU itself costs around $5. With some clever engineering, we could potentially have a dedicated 10 core system for less than $300.