Brute force a password protected PDF using the BeagleBone

The biggest benefit to using the BeagleBone is it’s 700 MHz ARM processor. If you’re just messing around with basic I/O that power is going unused, but [Nuno Alves] is taking advantage of its power. He built a PDF password cracker based on the $85 development board.

We recently saw how easy it is to perform basic I/O using the BeagleBone. Those techniques are in play here, used to drive a character LCD and sample a button input from the breadboard circuit. [Nuno] even published separate posts for each of these peripheral features.

The password protected PDF file is passed to the device on a thumb drive. Since the BeagleBone is running embedded Linux you don’t need to mess around with figuring out how to read from the device. A click of the button starts the process. Currently the code just uses a brute force attack which can test more than 6000 four-character passwords per second. Β This is quite slow for any password more than four or five characters long, but [Nuno] does mention the possibility of running several ARM processors in parallel, or using a dictionary (or rainbow table) to speed things up. Either way it’s an interesting project to try on the hardware. You can see his video demo of the device after the break.

[youtube=http://www.youtube.com/watch?v=1uXesJL-hok&w=470]

Comments

  1. Bertho says:

    Might be more fun to add a series of cpld/fpga side-boards to offload the computation than to use parallel beagles. May also be faster. Definitely more hackerish.

  2. tlalexander says:

    “The biggest benefit to using the BeagleBone is it’s 700 MHz ARM processor.”

    Ouch.

  3. AC says:

    I have an old apple][ that would make a KILLER brute force password breaker. I think the next hack after that would be using a pocket calculator and enter all the calculations manually. That would be really cool.

    • ewertz says:

      The presented platform is probably a 3-4 orders-of-magnitude better one than your (or here, “you’re”) 6502.

  4. theotherguys says:

    Because when I look for a computer to perform password cracking, the features I look for:

    -portable
    -power efficient
    -underpowered processor
    -budget price

    Why not use a raspberry pi for bit coin farming while you’re at it?

  5. Reggie says:

    I originally thought it was a reasonable idea to do this, as an exercise ‘just because’ or even as a teaching tool starting with something relatively simple. Then I read the premise behind why this was done on a beaglebone and it really doesn’t make sense. If you really want to avoid the issues, then run it in a VM and disable the network connection. You can take a snapshot of the vm before the software is installed. And of course there has been linux based password cracking software for years.

    I still think it’s a good exercise to showcase doing stuff on low-power arm devices though πŸ˜€

    • nunoalves says:

      I agree with you reggie… It doesn’t make much sense doing this on the BeagleBone. When I did this, I was trying to see how fast beaglebone really was when compared against my macpro. I also wanted to see how easy it was to create a “single serving” embedded system on the BeagleBone. I was happy with the process, not with the outcome. Its now time to move on to more interesting projects πŸ™‚

  6. ms3fgx says:

    Interesting project, but probably the least effective password cracking setup I’ve ever seen.

  7. Kyle Hotchkiss says:

    I am liking that enclosure I see… Any links?

  8. fartface says:

    His reasoning is wierd, which makes me believe that he just tried to come up with a “reason” after the fact.

    Not that impressive as it runs linux. a brute force cracker is really easy to write in any language, you can write a rs232 terminal cracker on a duino.

    as an example that the beagle board can do anything a desktop computer can, yes it is a good example.

    But honestly, the beagle board is not best suited for this. and brute forcing is not the fastest way to crack a PDF password. there are other attack vectors that work a lot faster.

    • nunoalves says:

      Honestly I was trying to see if I could come up with a portable pdf-file cracker that is low power, user friendly and efficient. The beaglebone is definitely low power and user friendly. Unfortunately the CPU is not as powerful as I was expecting.

  9. willaim says:

    All i can say is before you knock this guys work lets see the one you made work better!

    • kevin mcguigan says:

      Yea! Let us see what YOU have done in any field. To be critical of someone and their endeavors without any substantial comparison to what you have done is unwarranted.

  10. Reggie says:

    Willaim, who needs to? A bit of googling will turn up a myriad of other ways to achieve what he’s doing. As a pdf cracking solution, it’s not that great πŸ™‚ As an exercise in showing that you can do real world stuff with a beaglebone, it’s fine πŸ™‚

  11. DJCalarco says:

    Read the article last night at home. Now Im in the office, scrolling past the image I noticed the password. Yea, the boss asked me what I was laughing at.

Speak Your Mind

*

Related Hacks in security hacks

  • Morse Code interpreter
  • One wire reads the keypad from the APRS radio mic
  • Level conversion with plenty of options
  • Music visualization generator with a Propeller
  • Metal detection using an inductor instead of a clock crystal.