[Skylark] converted a pair of defective HDTV processing boards into his very own FPGA SHA-1 hash cracker. After two months of evening work, he ended up with 15 Virtex-II Pro FPGAs and 5 Spartan-II FPGAs to do his bidding. (FPGA’s aren’t cheap, so this rocks) Eventually he’s going to give it a web interface to allow cracking submissions on request. Great find on the boards and fantastic work [Skylark].
23 thoughts on “NSA@home (DIY Shared FPGA Cracker)”
YES! I’ve been wishing for a service like this since saw the Toorcon 07 videos.
cool, and very well documented.
But what can you actually do with it? Guess I’m just a moron.
Hi, newbie here. Anychance you guys could give a little more context to some of these advanced hacks? I have no idea what this thing really is or what it can do… Can you help a guy out interested in hacking?
i also don’t know what this thing is and what it can do … please help us out!
FPGA – field programmable gate arrays are sort of like reconfigurable circuitry – they can be programmed to perform complex computations in one giant “step”, rather than as a sequence of instructions (how a general purpose cpu like the pentium operates).
This makes them fairly pointless for general computing, but when you need to crunch a bunch of numbers in the same way over and over, they can REALLY outperform a general cpu. Usually these are used to manipulate audio / video data streams in real time (the original purpose for the FPGAs used in this project) – but recently people have started using them to brute-force try to crack an encryption scheme. Where a general purpose cpu might take upwards of 40 clock cycles to check one possible answer, each of the FPGAs in this system can check at least one answer PER clock cycle.
This guy pulled a bunch of FPGA systems out of some (defective?) HDTV video processing systems – reverse engineered exactly how everything was wired together, reprogrammed the FPGAs to do SHA-1 hash cracking rather than HDTV video processing, and added some usb control circuitry so the system could take commands from / return results to a pc.
One could use this same board setup to do any sort of massively parallel data processing, but right now the system isn’t wired up to really feed large amounts of data into / out of the system in real time. He can get away with that as hash cracking results are fairly small and infrequent, so the limited means he has for getting “answers” out of the system isn’t too much of a problem.
Man, I wish I had some of these FPGA boards. Is there a surplus reseller which has them on offer at the moment?
those of you who are new and wanna be “hackers” it’s always best to read up as much as possible before asking someone else to do the research for you. There’s some info given on this site, followed with more info in the link. Finally, take everything you don’t understand and wiki it. If that doesn’t work, try googling it. etc. The pursuit of knowledge is a major key to everything because that’s how you learn about most of this stuff.
holy cow batman!
I made some lazy calculations for SHA1 just for fun:
The FPGA bruteforcer is capable of 3.257.812.230 c/s.
My Athlon64 3400+ is is capable of 1.915.000 c/s.
It can generate tables fÃ¶r SHA-1 and MD5/ crack them in real time. I guess? Not sure about the tables. But since it has usb, maby.
He also noted he will set up a Web interface for people to send in their own hashes for decryption.
His tool to figure out device pinouts is extremly useful. I think it is time to look for equipment on ebay with lots of FPGA’s. Lots of older high end router and switching equipment contain Virtex or Virtex-E FPGA’s.
Combined with these tools it would be very useful to repurpose them this way…
Beats also the somewhat expensive prices for FPGA development boards. Altough he used defective boards but with recent FPGA’s, one big advantage of using older equipment is that you knew it was in working order when it was decomissioned.
Too bad shipping from US locations to europe is so expensive…
The Church of Wifi used a fpga chipped cluster to create their 40Gb wpa-psk hash table. Took it 3 days to create with a 1 million dictionary file and the top 1000 ssid’s on Wigle.
Well, the summary admittedly sucks pretty bad. Saying something like “do it yourself board to crack password hashes using FPGA chips” would have been pretty intuitive even if I didn’t know what a hash was or what FPGA stood for.
“a pair of defective hdtv processing boards into his very own fpga sha-1 hash cracker” is pure suck. WTF is a ‘fpga sha-1 hash’? In this case, I have to *already know* what everything is to make sense of the sentence. And why the h*** does the summary talk about “15 virtex-ii pro fpgs and 5 spartan-ii fpgas”? I expect to find that out on the project page. In the “summary” it just further confuses people who don’t know what an FPGA is.
Generally, I get by pretty fine… I’m a physics major who does EE as a hobby. But man, sometimes even I can’t get through the introductions… not everyone who hacks has a master’s in EE.
The summary should communicate (1) what it is (2) what it accomplishes (3) what I could use it for. Once I know that, I’ll be more than glad to spend X hours deciphering the project page (if it seems useful to me). But it’s ridiculous to say people should have to pull out the wikis and google just to figure out what the summary is talking about. That completely defeats the purpose of a summary.
If you don’t know anything close to what it is, what use will you get from it? No one should be able to do everything posted on this website. If you do want to be able to do everything, it’s gonna be a lot more work then just a hobby.
I’m not a physics major. But, I thought the summary was quite clear. Nice job Skylark!
Jesus Christ sackofcatfood go read a book and stop pissing in the cereal. For a physics major you sure do whine like a little girl when someone talks about something you don’t understand. BTW, the appropriate response of a tool is, “zOMG, where are the LEDs???”
@19 I have no delusion that that Joe Schmoe should be able to *do* everything that is ever posted. I wouldn’t expect Joe Schmoe to be able to do a tenth of what’s posted… Joe Schmoe has never held a soldering iron.
But I see no reason to purposely exclude him (and even more experienced persons) from understanding what a project is about if it can be avoided.
I think I’ll jump out of the fray now that the trolls have shown up. But, contrary to what the previous troll suggested, I had no problem with the summary (I have worked with fpgas before) but that does not preven me from identifying the problem which I think was more than proved by posts 3,4, and 6. If it wasn’t an issue, those posts would not have happened.
for those of you unfamiliar with this, you need to take a step back and simply install linux. i know this sounds stupid, but one of simple things anyone worth their salt does it pull an md5 or sha1 of the iso and compares it with the info available from the ‘manufacturer’.
if you’re unfamiliar with this i guess you’re up shit’s creek. trust me though, i feel for you. don’t worry, one day there’s going to be a huge network of computers. and when that day comes, it will be almost like there is a web of information available, world wide! it’ll be crazy!
For those new to fpga’s, check out:
V2P parts are pricey, and in the old days ISE wasn’t free, but it’s a changing world.
In time FPGA’s will become a standard part on every PC motherboard (and since at least virtex2pro parts contain 405 ppc cores, they can run linux, etc). But for now the problem is the cost. Blame that one on Xilinx, Altera, Lattice, etc.
Remember that ridiculously expensive GNU USRP? It’s a low end Altera Cyclone glued together with some really fast ADCs, that’s about it. This thing’s far more useful, powerful, and cost effective. Cool project and great find!
Granted this would be a bit different, but I wonder what it would take to implement something along the same lines as this project using GPUs. nVidia appears to be doing something similar with it’s Tesla line(see http://www.nvidia.com/object/tesla_computing_solutions.html) I can see a lot of challenges with trying to do something like that, but it would make a helluva number cruncher, and you could take out your furnace to make room and heat your house with it.
I’m not a physics major, nor am I even good at math beyond algebra. But you say “FPGA SHA-1 hash cracker” and I say “[skylark] for prez!”.
Seriously people, this is a website. It is on the internet. The internet contains a lot of websites. Some sites explain things. USE THEM. >_
Cool and very well documented.
BTW greate place to find more boards is FPGA Central http://www.fpgacentral.com and look for product central.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)