How to analyse RBT table?

gotya

Moderator
Messages
7,200
Hmm, I can't tell you...
I just did it the same way as I do other tools...


Gesendet von iPhone mit Tapatalk

I just wanted you to know only

thanks for sharing your idea

The tool is not the fastest ... :rolleyes: In my case it takes 6 min to delete a chain from a 15GB table. It depends strongly on the table size, the cpu, the harddisk. Anyway, since this is not a regular process it is ok for me...

RBTedit.jpg


The original table will be kept and a second table "..._mod.rbt" will be created in the same folder.

it's a good thing to remain your old rbt and create a new one in case some error or something

nice sharing :thum:
 

Motogato

Registered
Messages
326
Hi,if rbt contain chains with bad count like this:
prefix:3712C8h, count:3000000h
prefix:C710A4h, count:3000000h
prefix:3820A4h, count:2000000h
prefix:3820A8h, count:2000000h
prefix:F0EE38h, count:2000000h
prefix:F0EE3Ch, count:2000000h
prefix:3712C4h, count:1000000h
prefix:C710A8h, count:1000000h

is better delete this chains?
 

Motogato

Registered
Messages
326
The tool is not the fastest ... :rolleyes: In my case it takes 6 min to delete a chain from a 15GB table. It depends strongly on the table size, the cpu, the harddisk. Anyway, since this is not a regular process it is ok for me...

RBTedit.jpg

+8+NPPP3Yj5+CQCAQSHnn0flPPvKjf3jq2RdfeOGFtWvXbty4ccuWLQqF4v8DWWCsuB5NIMwAAAAASUVORK5CYII=


The original table will be kept and a second table "..._mod.rbt" will be created in the same folder.


it is possible to remove more than one chain?
Thank you
 

xosef1234

Registered
Messages
107
I added a feature and removed some bugs
_https://mega.nz/#!9g5yACRZ!0NzdlW0vNrY2mskKSLz7w-rBqM7E2DnZJV6jVaO93AY

I just wanted you to know only
ok, thanks; let me know if the updated version also is said to contain malware

is better delete this chains?
I would delete the chains since you do not know if the values are ok or not; but it is up to you

it is possible to remove more than one chain?
you can do it manually, i.e. remove one chain - rename the rbt file- remove the next chain - .....
since this is a tool just for exceptional cases I don't plan to include this option
 

gotya

Moderator
Messages
7,200
ok, thanks; let me know if the updated version also is said to contain malware

OK, after checking again in VIRUSTOTAL the old threat remains and a new one appears

see the picture
zvdvdvd.jpg


follow the link Analysis
Code:
https://www.virustotal.com/en/file/dbfcaeb75697891f74ec951e2bf3568959bc2ddcceaebccaf6f85684e4f9319e/analysis/1451512326/

Note:
this VIRUSTOTAL website is using 55 antivirus with latest updates.

I do appreciate your work

I hope I see your version complete clean from threats

keep doing the nice work

regards
 

Liquor Twát

Registered
Messages
160
xosef1234,

Many thanks for creating this tool, it is very useful, I am using it to delete the bad chains from my table. It seems to be working OK and the RBT file size after deletion of the chain is OK.
 

mario12

Registered
Messages
16
Nice tool.

Maybe when you have time you can add an extra feature :
removing double end values from the RBT.

In version 2 the half good chains are not merged to the RTB.
In version 1 all chains are added resulting in double end values.

We can decrease the CW search time when the RBT size becomes smaller.
 

xosef1234

Registered
Messages
107
The tool was updated
_https://mega.nz/#!tlZj2SzZ!7cMOUg3kOUlj_cCot1Mc5l2k7jjVM4ipJ-mlMzKCfSI

@mario12
I added the removal of doubled end values. The removed end values are stored in the file '..._rem.rbt'. Even if CW search time is less, the success rate is in my opinion also smaller. Anyway, the feature is there. I'd appreciate if you could post a comparison in terms of time and maybe also success rate.

@MaRwAn26
It seems that now virustotal is not showing any malware anymore ;)

Happy New Year!
 

xosef1234

Registered
Messages
107
What is 'double end values'?

end values are the last values of the chains. Have a look at the following links and then you may understand better:

_http://colibri.bplaced.net/DVB_TS_Vollverschluesselung_geknackt.pdf
_http://kestas.kuliukas.com/RainbowTables/
 

Liquor Twát

Registered
Messages
160
Has anyone tried to merge another table with a modified table after deleting chains using the RBTedit tool?

I tried to merge two tables but the merge failed and the rainbow tool crashed and stopped working. One of the tables I was merging had been modified by deleting chains.

Has anyone got a table merge to work where one of the tables in the merge is a table modified by deleting chains with the RBTedit tool?
 

mario12

Registered
Messages
16
I removed all doubled end-values from table 1 & table 2 (B8hxffh - colibri download).
The RBT size decreased from 171 GB to 63 GB for table 1.
The RBT size decreased from 162 GB to 62 GB for table 2.

I was able to merge both modified tables. After merging I checked again for double end-values. The RBT size decreased from 125 GB to 77GB now.

The tool is working well. But, keep in mind that you need enough empty space on your hard disk. If not, the tool will crash.


At this moment I'm checking the success rate.
 

Liquor Twát

Registered
Messages
160
I tried the table merge again using a Colibri 03h table and a table that had been modified by the deletion of chains with bad counts. The merge failed again?

Has anyone been able to do a table merge where one of the tables has been modified by the deletion of chains (not modification by removal of double end values) ?
 
Last edited:

xosef1234

Registered
Messages
107
I merged succesfully tables with and without deleted chains. But I must admit the chains did not have bad counts. Maybe in your case the table has some more defects?
Did you analyse the table after deletion with colibris's CSA Rainbow Table Tool?
 

Liquor Twát

Registered
Messages
160
I merged succesfully tables with and without deleted chains. But I must admit the chains did not have bad counts. Maybe in your case the table has some more defects?
Did you analyse the table after deletion with colibris's CSA Rainbow Table Tool?

I am not sure if I did analyse it after deletion of chains with bad counts. I will check it now and see what the analysis result is.
 

mario12

Registered
Messages
16
Deleting double end-values :

By deleting double end-values the size of the RBT will decrease. As result the success rate will also go down.
But, the total searching time is not going down or very minimal. I used SSD and gtx 440.

Table 1 (167GB - 88% - 243 seconds) becomes 56GB - 72% - 234 seconds
Table 1+2 (326GB - 93% - 240 seconds) becomes 74GB - 82% - 243 seconds
Table 1+2+3 (454GB - 97% - 268 seconds) becomes 79GB - 85% - 246 seconds

There are 3 mains steps :
1) Calculating all 10000h end values for the Crypt8. The time is independent of the RBT size. This is a fixed time (in my configuration ± 78 seconds)
2) Searching possible chains (= harddisk only search time). When having a large size of RBT many possible chains will be found.
When all double end values are removed, the number of possible chains will almost be reduced by a factor 7-8. So the search time will be reduced by 10 to 25 seconds.
3) The analysing step. I observed something strange here. I have no explanation. If you have a very low number of possible chains (506), the analysing time will be short.
But I found that analysing 305988 possible chains is faster than analysing 39279 chains. You expect a much lower time.

Conclusion : Do not remove double end values. It's not faster and the success rate will go down with 10-15%.
Only when you have lack on harddisk space, this option might be useful. When you have a RBT of 600, 700, 800 GB or even more, it can also be useful. You can reduce the RBT under 100GB and your success rate will still be higher than 90%.
 
Top