C++: What am I doing wrong?

[Stavros]

Okay, so I've hit a bit of a snag here. I don't really understand the error. On lines 25 and 29 through 41 the error is "Error: the expression must have class type." It's in the for loop in generateTripcode() function and all the cases in the switch statement.

More specifically it gives me the error for "salt" in "salt[index].replace()"

Here's the code:

Code: Select all

#include <string>
#include <cctype>
#include <openssl\des.h>
using std::string;

void sanitizePassword( string& input ) {

	if( input[0] == '#' && input[1] == '#' ) {
		string converted = input.erase(0,2);
		generateSalt( converted );
	}
	else if ( input[0] == '#' && input[1] != '#' ) {
		string converted = input.erase(0,1);
		generateSalt( converted );
	}
}


void generateSalt( string& salt ) {
		
	salt += "H..";

	for( int index = 0; index < salt.length(); index++ ) {
		if( (int)salt[index] < 46 && (int)salt[index] > 122 ) {
			salt[index].replace( index, index+1, '.' );
		}
		else {
			switch( salt[index]* ) {
				case ':': salt[index].replace(index,index+1,'A');
				case ';': salt[index].replace(index,index+1,'B');
				case '<': salt[index].replace(index,index+1,'C');
				case '=': salt[index].replace(index,index+1,'D');
				case '>': salt[index].replace(index,index+1,'E');
				case '?': salt[index].replace(index,index+1,'F');
				case '@': salt[index].replace(index,index+1,'G');
				case '[': salt[index].replace(index,index+1,'a');
				case '\\': salt[index].replace(index,index+1,'b');
				case ']': salt[index].replace(index,index+1,'c');
				case '^': salt[index].replace(index,index+1,'d');
				case '_': salt[index].replace(index,index+1,'e');
				case '`': salt[index].replace(index,index+1,'f');
				default:;
			}
				
		}
	}

	//DES_fcrypt();
}

So what am I doing wrong?

[Gogeta70]

Try using double quotes instead of single quotes.

For example, on line 25. Instead of:
salt[index].replace( index, index+1, '.' );

Try
salt[index].replace( index, index+1, "." );

Do it for all the case statements too, i think it should work then.

Edit: Oh, and you need to put a 'break;' after each case statement. Otherwise all cases after the matching case will be executed.

[Lundis]

That won't work, salt[index] is a character, so the case statements are fine. "" is a string literal, '' is a character literal.

The error arises because you're trying to call a member function of a character, which isn't a class.

Code: Select all

salt[index].replace( index, index+1, '.' );

<=>

char c = salt[index];
c.replace( index, index+1, '.' ); // this line makes no sense now that it's typed out like this, does it? :D

[Gogeta70]

Lol. Yeah, you're right lundis. Looking at the code again, it's obvious now. I guess this is what i get for looking at code first thing in the morning

When i was first learning C++ i liked the string library because it was easier to use. Now i prefer the char datatype because it's more flexible. I guess you could say i like to keep my code as low-level as i can for the language.

[Stavros]

Yeah, that makes sense. Okay now I need to clear something else up and explain what I'm doing. So what I plan on making is a tripcode brute forcer where it generates a tripcode (for those not sure what a tripcode is) and checks the tripcode for a user specified pattern. What I plan on doing to set mine apart from ones that already exist is I'm going to write one for Nvidia cards using CUDA. So my first step is to get a correct, working tripcode generator. Anyway here's the algorithm:

1. Convert the input to Shift JIS.

2. Generate the salt as follows:
a. Take the second and third characters of the string obtained by appending H.. to the end of the input.
b. Replace any characters not between . and z with ..
c. Replace any of the characters in :;<=>?@[\]^_` with the corresponding character from ABCDEFGabcdef.

3. Call the crypt() function with the input and salt.

4. Return the last 10 characters. (compressional data harvest)

So the first step is an encoding conversion. I'm not real sure that it's needed since there's only one character difference between ASCII range in JIS and UTF-8 (I say UTF-8 because it has the same ASCII range as ASCII encoding). That and not every board uses that particular encoding. To clear that up letters with character encoding number 44 through 122 are used in both UTF-8 and Shift-JIS with character number 92 being different.

Anyway, step two generating the salt. I know I've got steps B and C correct (at least mostly), but step A has me confused. Ams I supposed to add "H.." to the end of the string or take the second and third characters, put them in a new string and then add "H.." to the end?

Step three I've got covered. And step 4, well I'll get there when I get there.

Also updated code:

Code: Select all

#include <string>
#include <openssl\des.h>
using std::string;

void generateSalt( string& salt ) {
		
	salt += "H..";

	for( int index = 0; index < salt.length(); index++ ) {
		if( (int)salt[index] < 46 && (int)salt[index] > 122 ) {
			salt.replace( index, index+1, '.', 1 );
		}
		else {
			switch( salt[index] ) {
				case ':': salt.replace(index, index+1, 'A', 1);break;
				case ';': salt.replace(index, index+1, 'B', 1);break;
				case '<': salt.replace(index,index+1,'C', 1); break;
				case '=': salt.replace(index,index+1,'D', 1); break;
				case '>': salt.replace(index,index+1,'E', 1); break;
				case '?': salt.replace(index,index+1,'F', 1); break;
				case '@': salt.replace(index,index+1,'G', 1); break;
				case '[': salt.replace(index,index+1,'a', 1); break;
				case '\\': salt.replace(index,index+1,'b', 1); break;
				case ']': salt.replace(index,index+1,'c', 1); break;
				case '^': salt.replace(index,index+1,'d', 1); break;
				case '_': salt.replace(index,index+1,'e', 1); break;
				case '`': salt.replace(index,index+1,'f',1 ); break;
				default: break;
			}
				
		}
	}

	//DES_fcrypt();
}

I left the other function out since it's not critical. So here would single or double quotes matter?

Edit: I guess I should mention that I've been told to use Openssl's DES_fcrypt() and I've also been told to use a bit slice implementation of DES. I'm not really sure which to use, but I've been told that GPU versons of what I"m trying to make are much faster because of the bit slice implementation.

[Gogeta70]

I misinterpreted your code earlier. From what you said, i guess you're replacing single characters in a string, so you would want to stick with single quotes as they define a character literal. Alternatively, you could just put a numerical value in the place of the letter that corresponds to that letter's ASCII code. For example, A = 65 (0x41).

Anyway, best of luck to you ^_^

[Lundis]

Using 'A' instead of numerical constants makes your code a lot more readable.

I don't think encoding matters at all in practise. As long as the user enters the pw with the same encoding every time there shouldn't be any problems.

"( (int)salt[index] < 46 && (int)salt[index] > 122 )" is never true since it can't be smaller than 46 and larger than 122 at the same time ^^

[Gogeta70]

Using 'A' instead of numerical constants makes your code a lot more readable.
...
"( (int)salt[index] < 46 && (int)salt[index] > 122 )" is never true since it can't be smaller than 46 and larger than 122 at the same time ^^

Yeah, i was just saying that using 'A' and 65 would be exactly the same in this case. While using "A" and 65 would not.

'A' is a single byte, while "A" is two bytes: 'A' and '\0' to terminate the string.

I'm guessing he meant || instead of && for that if statement, considering 46 = '.' and 122 = 'z'

[Stavros]

Lundis, you were correct. I had thought about it too much and got confused.

I've now hit a snag. I had originally planned to write this with OpenSSL's fcrypt() function, but I've been told that that implementation is very slow. In fact there was another person doing this and I managed to get a hold on the source code and look at his notes and code. He noted that his version was no faster than existing CPU tripcode bruteforcers. I've been told that I would have to use bitslice implementation of DES. I've also been told that John The Ripper, which has a DES bitslice implementation, also has a quasi-API. The problem is that there's a missing in include not the JTR source code I downloaded. I have no idea if this is Unix system header file or what. What I'm missing is an "arch.h" header file. From what I can determine this determines the architecture of the machine for what purpose I'm not sure. So does anyone have an idea on what arch.h is?

This part is just to illustrate how much faster GPU is over CPU.
If I were to use just my CPU ( i7 950) I would get about 12 Million/sec with Tripcode Explorer. However with CUDA SHA1 I got an average of 491.457 Million/sec over a period of 72.435 seconds on an i7 950 and the GTX 580 (both on stock clocks). SHA1 uses both CPU and GPU.

[Stavros]

Okay so I think I figured out missing include. This "arch.h" file is apparently supposed to be generated is a way to determine what sort of machine with support of some specific instructions (SSE2), sizes of bits, size of bits in a string, little/big endian, etc. This is obviously going to be a long term project. Right now I'm looking over porting code from Linux to Windows. I think that means a deliberate move away from Visual Studios. More specifically I'm interested in making the end product work on Linux and Windows. I think the linux part is already done in JtR.

Bad_Brain I think I want a blog so I can discuss at least my goals and overall progress.

[bad_brain]

I think I want a blog so I can discuss at least my goals and overall progress.

ok, added. usage should be self-explanatory...

[Stavros]

OKay so I'm fucking pissed. I've been trying for the better part of today to get a cross compiler. I've been fucking around with MinGW trying to get a cross compiler to target Linux. I've got MinGW installed, but I can't build binutils for whatever reason (using this guide). The main reason I'm doing this is so I can compile at all. Right now I can't compile anything because John the Ripper DES uses make to generate the architecture information.

This means I either need to start developing in Linux, use a Virtual Machine, set up a server that will handle compilation or port it to Windows. Apparently there's a lot of information on cross compiling to target Windows, but not the other way around.

What should I do? Make a Windows version and then port it to Linux? I know that could be a bigger headache than trying to compile a windows and linux version at the same time, but I'm not coming up with many options.

[Lundis]

I suggest developing in linux, cross-compiling isn't worth the pain imo.

But as long as you don't use any windows-specific code it should compile fine on linux as well, and if you don't use linux there's not much point in you compiling it for linux, since linux users can just compile the source themselves instead.

[Stavros]

With the exception of CUDA, I didn't plan on using any proprietary code. I was reading Write Portable Code and one of the first things they said was develop in a heterogeneous environment and use multiple compilers. I don't think I was thinking straight at all last night having been so aggrivated. I think I'll just write for one platform and then port, which the book warned could be a bigger hassle than concurrently developing on both platforms. I guess I'll cross that bridge when I get to it.

[Stavros]

Oh boy. Time to revisit an old topic. So I'm still working on this and have a lot of shit to do. However I though I'd take the time to make sure my salt and password function are working. It's working. Sort of. As long as the second and third letters are either alphabetical [A,B,C,D...Z or a,b,c,d...z] or numeric (0-9) then it will produce output. However if the second and third characters are special characters (not Aa-Zz or 0-9) then the program hangs and this is output after a minute or two:

Code: Select all

terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc
Aborted (core dumped)

I have no idea what this means. I've ran GDB, but even then it seems like it's having trouble storing into the string variable. Really weird. Anyone got any ideas?

Source code is slightly different. Got rid of sanitizePassword and am passing the string to generateTripcode. Also changed the logical and to logical or in the if nested in the for loop.