samedi 30 mai 2020

Bruteforcing a 32-bit seed in PHP

I am trying to crack this code to see if i can predict the next random password that is generates:

function generateRandomPassword($sequence)
{
   // $sequence is abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 
   $string = "";
   do
   {
     $string .= substr(str_shuffle($sequence),0,1);
   }while(strlen($string) < 8);

   return $string;
}

I am trying to bruteforce the seed, here is my PHP script:

<?php

$time_start = microtime(true); 

for($i = 0;$i < 4294967296;++$i)
{
    mt_srand($i);
    $string = "";
    do {

        $string .= substr(str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"), 0, 1);

    } while (\strlen($string) < 8);

    if($string == 'AXtPvOsX')
    {
        echo '<b>Seed Found: </b>' . $i;
        break;
    }
}

$time_end = microtime(true);

$execution_time = ($time_end - $time_start);
echo '<br><b>Total Execution Time:</b> '. number_format($execution_time,2). ' seconds';

Now, the thing is, i know PHP is not efficient when it comes to bruteforcing but it has been running now for 3 days and it's still going. I tried to replicate the str_shuffle() in C++ to make bruteforcing faster but I couldn't port the code to C++.

Can anybody tell me why does it take so long to go through all 2^32 possible values?




Aucun commentaire:

Enregistrer un commentaire