John the Ripper and Hardware Acceleration (GPU)

Introduction

In this lab, you will explore the powerful combination of John the Ripper (JtR) and Graphics Processing Units (GPUs) for accelerated password cracking. Traditional CPU-based cracking can be slow, especially for complex passwords. GPUs, with their massive parallel processing capabilities, can dramatically reduce the time required to crack passwords.

You will start by understanding the fundamental principles behind GPU cracking, then proceed with the practical steps of setting up your environment. This includes installing necessary GPU drivers and frameworks like CUDA or OpenCL. Next, you will configure John the Ripper to utilize your GPU, benchmark its performance, and learn common troubleshooting techniques. By the end of this lab, you will have a solid understanding of how to effectively use GPU acceleration with John the Ripper.

Understand GPU Cracking Principles

In this step, you will learn the fundamental principles that allow GPUs to accelerate password cracking.

GPUs are designed for parallel processing, meaning they can perform many calculations simultaneously. This architecture is ideal for tasks like password cracking, where the same operation (e.g., hashing a password candidate) needs to be performed millions or billions of times.

Key Concepts:

• Parallelism: Unlike CPUs, which excel at sequential tasks, GPUs have thousands of smaller cores that can work on independent parts of a problem concurrently. In password cracking, each core can test a different password candidate.
• Hashing Algorithms: Password cracking involves repeatedly hashing candidate passwords and comparing the result to a known hash. Many hashing algorithms (like MD5, SHA-1, bcrypt, scrypt) are computationally intensive, making them good candidates for GPU acceleration.
• CUDA/OpenCL: These are parallel computing platforms and programming models that allow software developers to use a GPU for general-purpose processing.
  • CUDA (Compute Unified Device Architecture): Developed by NVIDIA, it's a proprietary platform for NVIDIA GPUs.
  • OpenCL (Open Computing Language): An open standard for parallel programming across heterogeneous platforms (CPUs, GPUs, FPGAs, etc.) from different vendors. John the Ripper supports both.

How it works:

1. Load Hashes: John the Ripper loads the target password hashes into the GPU's memory.
2. Generate Candidates: The GPU generates a large number of password candidates (e.g., from a wordlist or by brute-forcing).
3. Hash and Compare: Each GPU core simultaneously hashes its assigned candidates and compares the resulting hash with the target hashes.
4. Report Cracks: If a match is found, the cracked password is reported.

This parallel execution significantly reduces the time required to find a matching password.

Install GPU Drivers and CUDA/OpenCL

In this step, you will prepare your LabEx environment for GPU acceleration by installing necessary drivers and the OpenCL framework. Since LabEx environments are virtualized and may not have direct access to physical GPUs, we will simulate the setup by installing the OpenCL development libraries, which are essential for John the Ripper's GPU modules.

First, update the package list to ensure you get the latest versions of software.

sudo apt update

Next, install the ocl-icd-opencl-dev package. This package provides the OpenCL Installable Client Driver (ICD) loader and development files, which are crucial for applications like John the Ripper to interact with OpenCL-compatible devices.

sudo apt install -y ocl-icd-opencl-dev

After the installation, you can verify that the OpenCL libraries are present. While you won't have a physical GPU to query with clinfo, the presence of the development files indicates that the system is set up to compile and run OpenCL applications.

ls -l /usr/lib/x86_64-linux-gnu/libOpenCL.so

You should see output similar to this, confirming the library exists:

lrwxrwxrwx 1 root root 19 Mar 28  2023 /usr/lib/x86_64-linux-gnu/libOpenCL.so -> libOpenCL.so.1.0.0

This step ensures that the foundational OpenCL components are available for John the Ripper to detect and utilize.

Configure John the Ripper for GPU Usage

In this step, you will install John the Ripper and verify its ability to detect OpenCL. While the LabEx environment might not have a physical GPU, John the Ripper's OpenCL modules will still be present and can be configured.

First, install John the Ripper.

sudo apt install -y john

After installation, you can check John the Ripper's capabilities, specifically looking for OpenCL support. John the Ripper's john --list=opencl-devices command is used to list detected OpenCL devices. In a virtualized environment without a physical GPU, it might not list any actual devices, but the command itself confirms that the OpenCL modules are compiled into John the Ripper.

john --list=opencl-devices

You might see output indicating "No OpenCL devices found" or similar, which is expected in this virtual environment. The important part is that the command runs without error, confirming JtR's OpenCL capabilities are present.

No OpenCL devices found.

Next, let's create a dummy hash file to prepare for cracking. We'll use a simple MD5 hash for demonstration.

echo "testuser:5d41402abc4b2a76b9719d911017c592" > ~/project/hashes.txt

This creates a file hashes.txt in your ~/project directory with a hash for the password "hello".

Now, attempt to crack the hash using John the Ripper. Even without a physical GPU, John the Ripper will attempt to use its OpenCL-enabled modules if available, falling back to CPU if no devices are found.

john --format=raw-md5 ~/project/hashes.txt --wordlist=/usr/share/john/password.lst

You should see output indicating John the Ripper is processing the hash. If the password "hello" is in the default wordlist, it will be cracked.

Using default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5])
Cost 1 (iteration count) is 1 for all loaded hashes
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
hello            (testuser)
1g 0:00:00:00 DONE (2024-01-01 12:00) 100.0% 1000000g/s 1000000p/s 1000000c/s 1000000C/s testuser
Session completed.

This step confirms that John the Ripper is installed, its OpenCL components are recognized, and it can process hashes.

Benchmark GPU Cracking Performance

In this step, you will learn how to benchmark John the Ripper's performance. While we are in a virtualized environment without a physical GPU, understanding the benchmarking process is crucial for real-world scenarios. John the Ripper has a built-in benchmarking tool that can test various hash types.

To benchmark John the Ripper, use the --test option. This command will run a series of tests against different hash algorithms, showing the cracking speed (guesses per second) for each.

john --test

The output will be extensive, showing performance for various hash types. Look for lines that include "OpenCL" in their description, if any OpenCL devices were detected. Even if no physical GPU is present, John the Ripper might still report theoretical OpenCL performance based on its compiled modules.

Example output (truncated for brevity):

Benchmarking: Raw-MD5 [MD5]... DONE
Many salts:     1000000 c/s real, 1000000 c/s virtual
Only one salt:  1000000 c/s real, 1000000 c/s virtual

Benchmarking: bcrypt ($2*$, $2a$, $2x$, $2y$, $2b$) [Blowfish OpenCL]... DONE
Many salts:     1000000 c/s real, 1000000 c/s virtual
Only one salt:  1000000 c/s real, 1000000 c/s virtual

The c/s (candidates per second) or p/s (passwords per second) values indicate the cracking speed. In a real environment with a powerful GPU, these numbers would be significantly higher for GPU-accelerated algorithms compared to CPU-only benchmarks.

You can also benchmark a specific hash type, for example, raw-md5, to get more focused results:

john --test=0 --format=raw-md5

This command specifically benchmarks the raw-md5 format. The --test=0 option runs the benchmark for a short duration, which is useful for quick checks.

Understanding these benchmark results is key to evaluating the effectiveness of your GPU setup and comparing different hardware configurations.

Troubleshoot GPU Cracking Issues

In this step, you will learn common troubleshooting techniques for John the Ripper and GPU acceleration. While the LabEx environment doesn't have a physical GPU, understanding these steps is crucial for real-world applications.

Common Issues and Solutions:

1. "No OpenCL devices found" or "CUDA error":

   • Cause: Incorrect or missing GPU drivers, or OpenCL/CUDA SDK not properly installed.
   • Solution: Ensure your GPU drivers are up-to-date and correctly installed. For NVIDIA GPUs, install CUDA Toolkit. For AMD/Intel GPUs, ensure OpenCL drivers are installed. In a virtual environment, this message is expected if no virtual GPU is exposed.
   • Check: Run john --list=opencl-devices or nvidia-smi (for NVIDIA) to verify device detection.

2. Poor Performance:

   • Cause: Outdated drivers, insufficient GPU memory, or using a CPU-optimized hash type on GPU.
   • Solution: Update drivers. Ensure your GPU has enough memory for the chosen hash type and wordlist. Some hash types (e.g., bcrypt, scrypt) are intentionally designed to be slow and memory-intensive, making them less efficient on GPUs compared to simpler hashes like MD5.
   • Check: Use john --test to benchmark performance and compare it with expected values for your GPU.

3. Crashing or Freezing:

   • Cause: Overheating, unstable overclocking, or driver conflicts.
   • Solution: Monitor GPU temperature. Reduce overclocking if applied. Reinstall drivers cleanly.
   • Check: Use watch -n 1 nvidia-smi (for NVIDIA) to monitor GPU usage and temperature.

4. John the Ripper not using GPU:

   • Cause: JtR not compiled with GPU support, or specific hash format not supported by GPU module.
   • Solution: Ensure you installed the correct JtR version (e.g., john-opencl or john-cuda if available, or a build from source with GPU flags). Verify the hash format you are cracking has an OpenCL/CUDA implementation in JtR.
   • Check: Run john --list=formats and look for formats with OpenCL or CUDA in their description.

Simulating a troubleshooting step:

Let's imagine you encountered an issue and needed to check the John the Ripper version to ensure it supports OpenCL.

john --version

This command will output the version of John the Ripper installed, which can help in identifying if you have a build that includes GPU support.

John the Ripper 1.9.0-jumbo-1 (linux-gnu)
Copyright (c) 1996-2023 by Solar Designer and others
...

Understanding these common issues and their solutions will help you effectively troubleshoot problems when using John the Ripper with GPU acceleration in real-world scenarios.

Summary

In this lab, you have gained a comprehensive understanding of how to leverage John the Ripper with GPU hardware acceleration for faster password cracking. You started by exploring the fundamental principles of GPU parallelism and the role of frameworks like OpenCL.

You then proceeded with the practical steps of setting up your environment, including installing the necessary OpenCL development libraries. You learned how to install John the Ripper, verify its OpenCL capabilities, and perform basic hash cracking. Furthermore, you explored John the Ripper's built-in benchmarking tools to evaluate performance and discussed common troubleshooting techniques for GPU cracking issues.

By completing this lab, you are now equipped with the knowledge to effectively utilize GPU acceleration with John the Ripper, significantly enhancing your password cracking capabilities in real-world scenarios.