Cracking PDF-file passwords using a BeagleBone board
Posted: March 26, 2012 Filed under: Embedded Systems | Tags: Beagle Bone 9 Comments »I am strong proponent of customized embedded systems; a single piece of hardware aimed at solving a single problem. If we have a particular task that is time intensive, repetitive, difficult to configure and somewhat “shady”, it is probably best to execute it in hardware. Lets consider a tool for recovering passwords from PDF-files. There are several downloadable software programs out there that allow you to recover a lost password from an encrypted PDF-file. Is this the best approach? Hardly.
Cracking a pdf password using a BeagleBone board... yes, the password is rock.
In general I am very wary of installing software in my computer that I do not have access to its source code. Who knows what is happening behind the scenes. Sure, the program may be trying to find the password for my PDF-file, but at the same time it may be sending the same PDF-file to some “shady” folks together with all my computer passwords, credit card numbers and so on. Not good. Even if the password cracking program comes from a “reputable” software house, installing software always leave floating traces behind, which inevitably bloat our hard disks and slow things down.
My idea was simple: pick up a programmable embedded system with USB support and use that as my password cracking platform. This embedded system is to be completely isolated (not connected to any computer or network) and powered up from a 5V adapter. The user just has to attach a usb disk with the encrypted file, press a button and let the platform crack away.
I chose the TI’s BeagleBone; a powerful linux ready 700MHz embedded system retailing for about $85. For more information I recommend checking out the “Getting Started Guide” by Matt Richardson @ Make magazine, in addition to the official BeagleBone webpage.
Here is a video of my PDF-file password cracker in action.
For all intents and purposes, the BeagleBone is just a very portable linux computer. This means I could write all the brute-force and all I/O routines directly in C and BASH. It worked great.
In terms of performance, the BeagleBone is able to test about 7,000 words per second, whereas my macbook pro can to about 25,000. Since, I am just using a brute approach… It takes about 16 minutes to test every single 4 letter word (uppercase+lowercase+symbols), and 900 minutes to test every single 5 letter word. Obviously there is plenty of room for improvement here, such as a dictionary based option and even customized multi-core architectures with many BeagleBone CPUs. This last option is the most interesting one. While the BeagleBone prototype system costs around $85, the CPU itself costs around $5. With some clever engineering, we could potentially have a dedicated 10 core system for less than $300.
Regarding the technical details of this project look here for the LCD component and here for the digital I/O button implementation.
I don’t suppose you could put out your source code for poking around?
Bravo!
Excellent article! Could you please also post your source code? In particular I am interested in how you verified the password.
I am working on a more efficient package… i will post it on github once it is ready.
i have a pdf file which have user password and i cant open it,can you help me becouse it very important file for me ,i can pay for your work
I apologize but I do not feel comfortable doing that. Liability issues.
Very Nice!!! Well presented and executed. When your package for source code is finished please share.
Pingback: Hardware Circuit to Crack Your Passwords | HACKOLOG - Amazing Hacks and Mods
Awesome! Hopefully you did this mostly for the challenge of the hack though.
If you didn’t want to run ‘shady’ code on your computer b/c you don’t trust it. But you are interested enough to write the code yourself for a micro. You could just write the code yourself for your computer AND trust it b/c you wrote it. I would assume your computer has more power than the BB!
There’s nothing wrong with doing it just because you want to make something with a BB, though!