Announcement

Collapse
No announcement yet.

Decryption and Password Decryption using a GPU

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • bkberghuis
    replied
    Click image for larger version  Name:	2020-10-12_23-35-42.png Views:	0 Size:	23.3 KB ID:	48732
    From the screenshot, you can see it is working.

    As you previously stated, some security software may be the issue. It was just that in my situation (Emsisoft). I had to manually create a rule excluding "run_server.exe" which is located in the hidden directory C:\ProgramData\PassMark\OSForensics\PasswordRecove ry.

    Thanks for the help.
    Last edited by bkberghuis; 10-13-2020, 06:50 AM.

    Leave a comment:


  • Richard (PassMark)
    replied
    We tested V7.1.1012 on RTX 2060 and it went okay. It was a new install so we had to go into the firewall settings and enable both network types for run_server.exe. It seems the windows firewall was blocking it (despite the initial popup).

    Looking at your screenshot, attempt 1, shows that it failed to start the server at all, while attempt 2, the server is started, but OSForensics timed out while waiting for it to respond it started. It might be something on your machine blocking the program? Some anti-virus program? The password decryption uses distributed method. There is a server that acts as the scheduler and then clients (CPU and GPU) connect to it to get jobs.

    If you would like to continue to debug it, let us know, you can send us email. We'll likely have to add extra debug logging logging to the program or if we can have access to the machine remotely, we can see if we can spot anything.

    Leave a comment:


  • Richard (PassMark)
    replied
    I'll check with other members to see if we have an RTX 20XX to see if they run into the same issue. My testing of V7.1.1012 has been with a GTX 1050 Ti on my local machine and has been working.

    Leave a comment:


  • bkberghuis
    replied
    Richard,

    I ran OSF v7.1.1012 (Licensed) after a fresh restart in debug mode. I selected one dictionary (Random Passwords), selected the training Word-docx file for decryption, and received the error server can't be initialized. I verified through Windows Task Manager there were no zombie run_server processes running. I checked Window's firewall settings and it showed run_server.exe allowed (Private Network). However, I did discover when looking at my NICs that my network status was set to Public. I subsequently change the status to a Private Network. I then decided to make a second attempt in debugging mode. Unfortunately, it failed again. I did see some differences in Task Manager.

    I then decided to reboot and make a third attempt at the decryption. Unfortunately, I had the same results.

    ***Note*** The uploaded zip file contains numerous screenshots, 1st, and 2nd attempts debug files, and a systemInfo.txt.....

    Disregard... unable to upload screenshots due to forum upload limits.

    I hope this helps, please advise.

    --Brad
    .
    Attached Files

    Leave a comment:


  • Richard (PassMark)
    replied
    The GPU is only used when the decrypting using the Random Passwords dictionary. From your first screenshot, it looks to be working through the Common Name dictionary set. Can you disabled all other dictionaries and test just using the Random Password selected to see if the GPU is used.

    Regarding the second screenshot, the server failed to start, error could be caused by an existing instance of "run_server.exe" is already running. You can verify by bringing up the Task Manager and looking for zombie run_server.exe instance. Either restart the machine or you can kill process and see if the decrypting will start afterwards. Also note, that in the Trial/Free edition, you are also limited to 1 decrypting thread.

    Leave a comment:


  • bkberghuis
    replied
    I apologize, I should have included the requested information. I was running OSF version 7.1.1012. Furthermore, I did successfully decrypt the file using the CPU. I am running Windows version 2004 (OS Build 19041.50.

    After reading your post and requested information I renamed the version 7 installed directory to OSForenscis_v7 and installed OSF v8 Beta-9. I subsequently ran the passwords module --> Decryption & Password Recovery selected the installed dictionaries and added the My Secrets.docx (online training encrypted file) and a selected GPU.

    I now received an error message which I didn't get yesterday. The error message, "Password recovery server can't be initialized!

    I then uninstalled both versions 7 & 8. I reinstalled v7.1.1012 and ran it in debug mode. I then tried it again and received the same error.

    I did check my system firewall settings which appear to be correct. See screenshots and logs for more details.

    Click image for larger version

Name:	FW.run_server.exe.config.png
Views:	52
Size:	188.9 KB
ID:	48674Click image for larger version

Name:	Server.Initialization-Error.PNG
Views:	41
Size:	8.6 KB
ID:	48675

    Debug files: OSF-DebugFiles.zip .

    Leave a comment:


  • David (PassMark)
    replied
    bkberghuis, Are you using OSF V7, or V8 Beta?
    If V7, then which patch level?

    Can you EMail us or post the log files.


    Leave a comment:


  • bkberghuis
    replied
    I am having a similar issue. I am going through your online training program and brute-forcing the encrypted Word-Docx file in the Sample Files directory provided in your online training program.

    I selected four dictionaries and GPU for processing the encrypted file. I have an i9-9900K CPU and 64 GB of system RAM with an ASUS Strix GeForce RTX 2080 Ti (11GB RAM) video card using the latest graphics drivers (456.55) from Nvidia and it appears (see screenshot) the GPU was not utilized in the brute force attack.

    Click image for larger version

Name:	Screenshot 2020-10-01 152312.png
Views:	53
Size:	1.4 KB
ID:	48664

    Click image for larger version

Name:	Screenshot 2020-10-01 153455.png
Views:	46
Size:	33.2 KB
ID:	48665

    Leave a comment:


  • LukeDJ28
    replied
    Brilliant, thank you.

    Leave a comment:


  • Richard (PassMark)
    replied
    We believe we have located the issue. Some supporting files were not updated and/or missing that were utilized by the GPU decryption when we switched to VS2017. A fix has been submitted internally and should be included in the next build update released.

    Leave a comment:


  • Richard (PassMark)
    replied
    Thanks for the logs. According to the log, the GPU client was started, but there was an issue with OpenCL.
    Maybe the wrong video card drivers are installed for the video card?

    We don't have GTX 1080TI available, but we'll see if we can replicate the issue.

    Sun Feb 9 18:11:58 2020
    GPU client connected, session id=23477

    ...

    Sun Feb 9 18:12:07 2020
    Client Error (3): OpenCL GPU not found or not compatible

    Leave a comment:


  • LukeDJ28
    replied
    Sorry about the delay, I have been busy. Here are the logs you requested.

    Attached Files

    Leave a comment:


  • Richard (PassMark)
    replied
    Can you restart OSForensics in Debug Mode? And then send in client/server logs in C:\ProgramData\PassMark\OSForensics\PasswordRecove ry

    Leave a comment:


  • LukeDJ28
    replied
    It's a nVidia GTX 1080ti.

    No error message, it just stuck on this screen...
    Click image for larger version

Name:	Annotation 2020-02-04 210955.jpg
Views:	147
Size:	25.2 KB
ID:	46482

    OSForensics v7.1 Build 1005 and Windows 10 Home

    I haven't been given an assignment which can only be done by students with high end GPUs, like I said I'm just trying to gain some experience with a wide range of forensic software and the features each software package offers.

    Thanks

    Leave a comment:


  • David (PassMark)
    replied
    What type of GPU?
    Was there any error message?
    What version of OSF and Windows?

    I kind of doubt you would be given an assignment that could only be completed by students with a high end GPU.

    Leave a comment:

Working...
X