Brute Force Algo In C And Asm

[Guest K.PAZ]

Recently I was working on a crackme and I needed to bruteforce it.

Since I could not find a decent algorithm for creating strings from a character set, I came up with this 2 algo's in C and Assembler.

The algos are probably not optimized (the assembler one , for sure not), so if you have suggestions please go ahead and mail me.

Since I am still a beginner in this I will appreaciate every comment.

Algo in C

-------------------------------------------------------------------------------------------------------------

void BruteForce();char *CharSet = "abcdefghijklmnopqrstuvwxyz1234567890 ";
char a[32];//---------------------------------------------------------------------------
void BruteForce()
{
char finalDigits = 3;  // number of digits minus 1 (here 4 "aaaa .... 0000")
char lenCharSet;
long End;
div_t x;
long l;    lenCharSet = strlen(CharSet);
    End = pow(lenCharSet,finalDigits+1);
    for (long k=0; k<End; k++)
    {
      l = k;
      for (int i=finalDigits; i>=0 ; i--)
      {
          x = div(l, pow(lenCharSet,i));//
          a[i] = CharSet[x.quot];
          l = x.rem;
      }
         // String is in a available
    }
}

-------------------------------------------------------------------------------------------------------------

Algo in Assembler

-------------------------------------------------------------------------------------------------------------

SetLen equ 37
Digits equ 3 ; number of digits minus 1 (here 4 "aaaa .... 0000")
szSet db "abcdefghijklmnopqrstuvwxyz1234567890 ", 0  ; 37 zeichen
a db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0BruteForce proc  
LOCAL wEnd:WORD;	mov ecx,Digits				; length of  Output
	mov eax,SetLen				; length of characterset
Loop1: 
		imul eax, SetLen; 			;AX = SetLen^Digits
	loop Loop1
	mov edi,eax							
Loop_K:						; for (k=0; k<End; k++) k in EDX
	mov ebx,Digits
	mov edx,edi
	dec edx
		Loop_i:				;for (int i=Digits; i>=0 ; i--) i in EBX
		                mov esi,1						
			mov ecx,ebx		; check if ebx =0
			test ecx,ecx
			jz AfterPower		; if ebx = 0 ESI = 1 (SetLEn^0=1) 
			Loop2: 
				imul esi, SetLen; 	;ESI=SetLen^i (ebx)
			loop Loop2
			;---------------------	
	AfterPower:
			test edx, edx		; if edx = 0  avoid div by zero Error
			jnz NotNull
			mov eax,0
			jmp AfterNull
		NotNull:
			mov eax,edx
			cdq
			idiv esi			; div edi / SetLen^ebx
		AfterNull:
			mov al, BYTE ptr [szSet+eax]	;a[i] = szSet[eax]
			mov BYTE ptr [a+ebx],al
			test  ebx,ebx				
			jz  EndLoop_i	
			dec ebx			;i--
		jmp Loop_i
		EndLoop_i:	; Here the string is available in BYTE a	dec edi					;k++
	test edi,edi
	jnz Loop_K
	Ret
BruteForce EndP

-------------------------------------------------------------------------------------------------------------

Saludos

K-PAZ