Add multi-threading

brendan-rius · brendan-rius · commit e01d7e0bba4f · 2017-01-22T01:52:40.000+01:00
diff --git a/Makefile b/Makefile
@@ -3,8 +3,8 @@ CC	= gcc
 OPENSSL = /usr/include/openssl
 OPENSSL_LIB = -lssl
 
-CFLAGS	+= -I $(OPENSSL) -O3
-LDFLAGS	+= $(OPENSSL_LIB) -lcrypto
+CFLAGS	+= -I $(OPENSSL) -g -std=gnu99 -O3
+LDFLAGS	+= $(OPENSSL_LIB) -lcrypto -lpthread
 
 NAME	= jwtcrack
 SRCS	= main.c base64.c
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # JWT cracker
 
-A JWT brute-force cracker written in C. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens. This is for testing purposes only, do not put yourself in trouble :)
+A multi-threaded JWT brute-force cracker written in C. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens. This is for testing purposes only, do not put yourself in trouble :)
 
 I used the [Apple Base64 implementation](https://opensource.apple.com/source/QuickTimeStreamingServer/QuickTimeStreamingServer-452/CommonUtilitiesLib/base64.c) that I modified slightly.
 
@@ -30,6 +30,5 @@ In the above example, the key is `Sn1f`. It takes approximately 23 seconds to cr
 
 ## Caveats
 
- * Not multi-threaded :((
  * No progress status
  * If you stop the program, you cannot start back where you were
diff --git a/main.c b/main.c
@@ -4,7 +4,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <stdbool.h>
-#include <time.h>
+#include <pthread.h>
 #include "base64.h"
 
 char *g_header_b64 = NULL; // Holds the Base64 header of the original JWT
@@ -26,62 +26,128 @@ size_t g_to_encrypt_len = 0;
 char *g_alphabet = NULL;
 size_t g_alphabet_len = 0;
 
-// Holds the computed signature at each iteration to compare it with the original
-// signature
-unsigned char *g_result = NULL;
-unsigned int g_result_len = 0;
+char *g_found_secret = NULL;
 
-char *g_buffer = NULL;
+struct s_thread_data {
+    EVP_MD *g_evp_md; // The hash function to apply the HMAC to
 
-// The hash function to apply the HMAC to
-EVP_MD *g_evp_md = NULL;
+    // Holds the computed signature at each iteration to compare it with the original
+    // signature
+    unsigned char *g_result;
+    unsigned int g_result_len;
+
+    char *g_buffer; // Holds the secret being constructed
+
+    char starting_letter; // Each thread is assigned a first letter
+    size_t max_len; // And tries combinations up to a certain length
+};
+
+void init_thread_data(struct s_thread_data *data, char starting_letter, size_t max_len) {
+    data->max_len = max_len;
+    data->starting_letter = starting_letter;
+    // The chosen hash function is SHA-256
+	data->g_evp_md = (EVP_MD *) EVP_sha256();
+    // Allocate the buffer used to hold the calculated signature
+	data->g_result = malloc(EVP_MAX_MD_SIZE);
+    // Allocate the buffer used to hold the generated key
+	data->g_buffer = malloc(max_len + 1);
+}
+
+void destroy_thread_data(struct s_thread_data *data) {
+    free(data->g_result);
+    free(data->g_buffer);
+}
 
 /**
  * Check if the signature produced with "secret
  * of size "secrent_len" (without the '\0') matches the original
  * signature.
  * Return true if it matches, false otherwise
  */
-bool check(const char *secret, size_t secret_len) {
+bool check(struct s_thread_data *data, const char *secret, size_t secret_len) {
+    // If the secret was found by another thread, stop this thread
+    if (g_found_secret != NULL) {
+        destroy_thread_data(data);
+        pthread_exit(NULL);
+    }
+
 	// Hash to_encrypt using HMAC into result
 	HMAC(
-		g_evp_md,
+		data->g_evp_md,
 		(const unsigned char *) secret, secret_len,
 		(const unsigned char *) g_to_encrypt, g_to_encrypt_len,
-		g_result, &g_result_len
+		data->g_result, &(data->g_result_len)
 	);
 
 	// Compare the computed hash to the given decoded base64 signature.
 	// If there is a match, we just found the key.
-	return memcmp(g_result, g_signature, g_signature_len) == 0;
+	return memcmp(data->g_result, g_signature, g_signature_len) == 0;
 }
 
-bool bruteImpl(char* str, int index, int maxDepth)
+bool brute_impl(struct s_thread_data *data, char* str, int index, int max_depth)
 {
     for (int i = 0; i < g_alphabet_len; ++i)
     {
+        // The character at "index" in "str" successvely takes the value
+        // of each symbol in the alphabet
         str[index] = g_alphabet[i];
 
-        if (index == maxDepth - 1) {
-					if (check((const char *) str, maxDepth)) return true;
-				}
+        // If just changed the last letter, that means we generated a
+        // permutation, so we check it
+        if (index == max_depth - 1) {
+            // If we found the key, we return, otherwise we continue.
+            // By continuing, the current letter (at index "index")
+            // will be changed to the next symbol in the alphabet
+            if (check(data, (const char *) str, max_depth)) return true;
+        }
+        // If the letter we just changed was not the last letter of
+        // the permutation we are generating, recurse to change the
+        // letter at the next index.
         else {
-					if (bruteImpl(str, index + 1, maxDepth)) return true;
-				}
+            // If this condition is met, that means we found the key.
+            // Otherwise the loop will continue and change the current
+            // character to the next letter in the alphabet.
+			if (brute_impl(data, str, index + 1, max_depth)) return true;
+        }
     }
 
+    // If we are here, we tried all the permutations without finding a match
 	return false;
 }
 
-char *bruteSequential(int start, int maxLen)
+/**
+ * Try all the combinations of secret starting with letter "starting_letter"
+ * and stopping at a maximum length of "max_len"
+ * Returns the key when there is a match, otherwise returns NULL
+ */
+char *brute_sequential(struct s_thread_data *data)
 {
-    for (int i = start; i <= maxLen; ++i)
-    {
-      	if (bruteImpl(g_buffer, 0, i))
-            return strdup(g_buffer);
+    // We set the starting letter
+    data->g_buffer[0] = data->starting_letter;
+    // Special case for len = 1, we check in this function
+    if (check(data, data->g_buffer, 1)) {
+        // If this thread found the solution, set the shared global variable
+        // so other threads stop, and stop the current thread. Congrats little
+        // thread!
+        g_found_secret = strndup(data->g_buffer, 1);
+        return g_found_secret;
+    }
+
+    // We start from length 2 (we handled the special case of length 1
+    // above.
+    for (size_t i = 2; i <= data->max_len; ++i) {
+      	if (brute_impl(data, data->g_buffer, 1, i)) {
+            // If this thread found the solution, set the shared global variable
+            // so other threads stop, and stop the current thread. Congrats little
+            // thread!
+            g_found_secret = strndup(data->g_buffer, i);
+            return g_found_secret;
+        }
     }
 
-		return NULL;
+   success:
+    
+	return NULL;
 }
 
 void usage(const char *cmd) {
@@ -131,29 +197,26 @@ int main(int argc, char **argv) {
 	// is returned by this function
 	g_signature_len = Base64decode((char *) g_signature, (const char *) g_signature_b64);
 
-    // Allocate the buffer used to hold the calculated signature
-	g_result = malloc(EVP_MAX_MD_SIZE);
-	g_buffer = malloc(max_len + 1);
 
-    // The chosen hash function is SHA-256
-	g_evp_md = (EVP_MD *) EVP_sha256();
+    struct s_thread_data *pointers_data[g_alphabet_len];
+    pthread_t *tid = malloc(g_alphabet_len * sizeof(pthread_t));
 
-	clock_t start = clock(), diff;
-	char *secret = bruteSequential(1, max_len);
-	diff = clock() - start;
+    for (size_t i = 0; i < g_alphabet_len; i++) {
+        pointers_data[i] = malloc(sizeof(struct s_thread_data));
+        init_thread_data(pointers_data[i], g_alphabet[i], max_len);
+        pthread_create(&tid[i], NULL, (void *(*)(void *)) brute_sequential, pointers_data[i]);
+    }
 
+    for (size_t i = 0; i < g_alphabet_len; i++)
+        pthread_join(tid[i], NULL);
 
-	if (secret == NULL)
+	if (g_found_secret == NULL)
 		printf("No solution found :-(\n");
 	else
-		printf("Secret is \"%s\"\n", secret);
-
-	free(g_result);
-	free(g_buffer);
-	free(secret);
+		printf("Secret is \"%s\"\n", g_found_secret);
 
-	int msec = diff * 1000 / CLOCKS_PER_SEC;
-	printf("Time taken %d seconds %d milliseconds", msec/1000, msec%1000);
+    free(g_found_secret);
+    free(tid);
 
 	return 0;
 }
