Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-1 Cracking On A Budget

Posted by ryuzaki0 on from the putting-the-pieces-together dept.

cloude-pottier writes "An enterprising individual went on eBay and found boards with more than half a dozen Virtex II Pro FPGAs, nursed them back to life and build a SHA-1 cracker with two of the boards. This is an excellent example of recycling, as these were originally a part of a Thompson Grass Valley HDTV broadcast system. As a part of the project, the creator wrote tools designed to graph the relationships between components. He also used JTAG to make reverse engineering the organization of the FPGAs on the board more apparent. More details can be seen on the actual project page."

9 of 92 comments (clear)

  1. Maybe I'm Not As Big A Nerd As I Thought... by kaos07 · · Score: 2, Interesting

    But I have no idea what that summary or TFA are about.

  2. Re:For the uninitiated... by Anonymous Coward · · Score: 1, Interesting

    Yeah, except that for "general computing" they are not at all "fairly pointless". Also, the explanation seem to want to indicate that an FPGA can more or less only be programmed to perform number crunching, which is as off-track from the truth as can possibly be.

    A more proper description of an FPGA would be "electronics simulator", as you can with an FPGA "program" resistors, caps, transistors, logic gates etc. with these, thus "program" an IC of your choice, or, for example, a Z80 or M68K core with accompanying graphics chips, sound, USB facilities, networking and more, and create an entire computer-on-a-chip. Just an example out of many.

  3. Princeton Engine by SuseLover · · Score: 2, Interesting

    For the record the company is Thomson and that is a peice of equipment known as the Princeton Engine used by the IC developers to quickly verify their software/algorythms. It was lying around in our computer room (known as the Princeton Engine room) for years. Its replacement is from Cadence and is called Palladium and has the power of several hundred of those old fpga boards.

  4. Re:SHA-cracker? by Anonymous Coward · · Score: 1, Interesting

    Not really, guys have been reprogramming FPGA for cracking and Crypto work for a long time now. I remember back in the day when they cracked the system first used for DirectTV it was done with a system close to this, Now you can get FTA recievers that recieve all of DirecTV programming for free and you have to update your firmware once every 2-3 months when they change the hash key. The guys releasing the firmwares crack the new key in a matter of 1 hour by using such a setup.

    Works great, and that is what FPGA's were designed for number crunching. Unlike what the summary says, video and audio processing were an afterthought.

  5. Re:Benchmarks? by eli+pabst · · Score: 3, Interesting

    If you can read /etc/shadow you're root.. which means you aren't gaining anything by it. There are still arbitrary file disclosure vulnerabilities which *only* allow you to view files, not gain access to the server itself. If you pull the password hashes, you can then bruteforce the passwords and gain full root access to the system. Plus it would give you access to any *other* machines on the network which the admin used the same root password. Just rooting a single box wouldn't give you access to any other machines (assuming that didn't share the same initial vuln).
  6. FPGA question... by Endymion · · Score: 2, Interesting

    hmm... you seem to know a lot about FPGAs, so I'll ask you something I've been wondering for a while...

    Coming from a traditional software end of things, I'm used to seeing "accelerating co-processors" available to do useful tasks much faster than the main CPU. I'm thinking not only the FPU (when it was a separate chip), but things like a modern GPU and such. Many of these have been slowly integrated back into the CPU as time has gone on, the FPU being the best example, so now it's something you can just call on with a special instruction.

    From my understanding, FPGAs are mainly all generic logic blocks, arranged in fancy ways, and therefor are rather "generic" like the general CPU - you have to implement any fancy processing yourself.

    My question is has anybody thought about putting fancy co-processing hardware local to the FPGA? I'm thinking some built-in FFT units and such that you could just include anywhere in your pipeline would be really useful, and might help that "timing critical" areas by having some common "higher level" functions computed in full hardware (ASIC?) speed.

    Like, as a programmer, it sounds like it'd be cool to be able to buy an FPGA with built-in FFT, CRC/MD5/etc, maybe part of some encryption routines, etc to work with as common things that need to be accelerated.

    Is this sane? Does it already exist and I just don't know about it? Is it totally incompatible with how FPGAs work?

    --
    Ce n'est pas une signature automatique.
    1. Re:FPGA question... by Radicode · · Score: 3, Interesting

      There are many libraries you can put on your FPGA. Some are open source, some costs A LOT. It's similar to a dll or a jar: you have an interface you bind to and you program your stuff around it. You can get modules to process FFTs, encryption, ethernet, VGA, sound, video, pretty much anything you can imagine. You can even use a CPU library to have a gereal cpu like your x86 and execute assembler instructions. You can even turn an FPGA into an old defunct cpu to repair an old electronic hardware. Amazing stuff!

      Radicode

    2. Re:FPGA question... by Space+cowboy · · Score: 3, Interesting

      Well, common FPGA's are basically look-up tables surrounded by a sea of interconnect logic. The designer specifies the function of each LUT, and the connections between them using a language such as Verilog or VHDL. They're not "generic logic", they're defineable logic. Example: On a CPU, you have the 'add x,y' instruction - that's a chunk of logic on-chip. On an FPGA, that chunk of logic doesn't exist until you write a design that needs it.

      You can buy (though I think they're very expensive) "IP cores", which are pre-packaged modules ready to plug-in-and-go. There are some free ones available as well. You may have to do more work to get the free ones to work [grin].

      There are also built-in hard cores on modern FPGA's. You never used to be able to synthesize the statement "a = b * c;" in a verilog design, for example. Now that FPGA's have hardware multiplier blocks in them, it synthesises to a bunch of wires connecting up the LUTs to the built-in hardware. For the more-complex examples you suggest, it's best to implement them in logic, because an FFT (of a particular radix, input format (complex or real), and output requirements) is a very specific piece of hardware, and not generally useful to most customers.

      You get multipliers, blocks of fast dual-port RAM, even entire processors (PPC) embedded into the FPGA fabric these days. Of course, you pay more for things like embedded CPUs... Funnily enough, a CPU is one of the easier things to write for an FPGA IMHO. You'll never get the speed of the FPGA fabric to match the hard-CPU core though...

      To do what you're talking about though, you'd need a way to interface the FPGA to the PC - there's a freely available PCI core, so you'd then just need a card which had a PCI interface (there's one from Enterpoint for ~$150... Then you just need to link the PCI core to your own cores (FFT, whatever) and write software to offload any FFT's to your co-processor. Xilinx offer the "Embedded Development Kit" to make this easier (you have to pay for this, the other tools are free to download). I don't know if anyone has made the freely-available PCI core into an EDK module though...

      Simon.

      Simon

      --
      Physicists get Hadrons!
  7. Re:SHA-cracker? by cancerward · · Score: 2, Interesting

    No-one has cracked Ken Thompson's UNIX password yet, and he is a co-inventor of the algorithm...