/run/john.conf

Large files files are truncated, but you can click here to view the full file

#
# This file is part of John the Ripper password cracker,
# Copyright (c) 1996-2006,2008-2013 by Solar Designer
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted.
#
# There's ABSOLUTELY NO WARRANTY, express or implied.
#
# Please note that although this configuration file is under the cut-down BSD
# license above, many source files in John the Ripper are under GPLv2.
# For licensing terms for John the Ripper as a whole, see doc/LICENSE.
#
# ...with changes in the jumbo patch, by various authors
#

# The [Options] section is for general options only.
# Note that MPI specific options have been moved
# to [Options.MPI]
# There is also a new section [Options.OpenCL]
# for OpenCL specific options
# Default settings for Markov mode have been moved
# to [Markov.Default], but you can define other
# Markov modes as well, see ../doc/MARKOV
[Options]
# Default wordlist file name (including in batch mode)
Wordlist = $JOHN/password.lst
# Use idle cycles only
Idle = Y
# Crash recovery file saving delay in seconds
Save = 60
# Beep when a password is found (who needs this anyway?)
Beep = N
# if set to Y then dynamic format will always work with bare hashes. Normally
# dynamic only uses bare hashes if a single dynamic type is selected with
# the -format=  (so -format=dynamic_0 would use valid bare hashes).
DynamicAlwaysUseBareHashes = N

# Default Single mode rules
SingleRules = Single

# Default batch mode Wordlist rules
BatchModeWordlistRules = Wordlist

# Default wordlist mode rules when not in batch mode (if any)
# If this is set and you want to run once without rules, use --rules:none
#WordlistRules = Wordlist

# Default loopback mode rules (if any)
# If this is set and you want to run once without rules, use --rules:none
LoopbackRules = Loopback

# Default/batch mode Incremental mode
# Warning: changing these might currently break resume on existing sessions
DefaultIncremental = ASCII
#DefaultIncrementalUTF8 = UTF8
DefaultIncrementalLM = LM_ASCII

# Time formatting string used in status ETA.
#
# TimeFormat24 is used when ETA is within 24h, so it is possible to omit
# the date then if you like, and show seconds instead.
#
# %c  means 'local' specific canonical form, such as:
# 05/06/11 18:10:34
#
# Other examples
# %d/%m/%y %H:%M   (day/mon/year hour:min)
# %m/%d/%y %H:%M   (mon/day/year hour:min)
# %Y-%m-%d %H:%M   (ISO 8601 style, 2011-05-06 18:10)
TimeFormat = %Y-%m-%d %H:%M
TimeFormat24 = %H:%M:%S

# For single mode, load the full GECOS field (before splitting) as one
# additional candidate. Normal behavior is to only load individual words
# from that field. Enabling this can help when this field contains email
# addresses or other strings that are better used unsplit, but it increases
# the number of words tried so it may also slow things down. If enabling this
# you might want to bump SingleWordsPairMax too, below, to 10 or more.
PristineGecos = N

# Over-ride SINGLE_WORDS_PAIR_MAX in params.h. This may slow down Single mode
# but it may also help cracking a few more candidates. Default in core John
# is 4 while the Jumbo default is 6.
SingleWordsPairMax = 6

# Emit a status line whenever a password is cracked (this is the same as
# passing the --crack-status option flag to john). NOTE: if this is set
# to true here, --crack-status will toggle it back to false.
CrackStatus = N

# When printing status, show number of candidates tried (eg. 123456p). Note
# that the number *is* now equal to "words tried" and nothing else.
# This is added to the "+ Cracked" line in the log as well.
StatusShowCandidates = N

# Write cracked passwords to the log file (default is just the user name)
LogCrackedPasswords = N

# Disable the dupe checking when loading hashes. For testing purposes only!
NoLoaderDupeCheck = N

# Default --encoding for input files (ie. login/GECOS fields) and wordlists
# etc.  If this is not set here (you need to uncomment it) and --encoding is
# not used either, the default is ISO-8859-1 for Unicode conversions and 7-bit
# ASCII encoding is assumed for rules - so eg. uppercasing of letters other
# than a-z will not work at all!
#DefaultEncoding = UTF-8

# Default --target-encoding for Microsoft hashes (LM, NETLM et al) when input
# encoding is UTF-8. CP850 would be a universal choice for covering most
# "latin" countries.
#DefaultMSCodepage = CP850

# Default --intermediate-encoding to be used within the rules engine when both
# input and "target" encodings are Unicode (eg. UTF-8 wordlist and NT hashes).
# This may hit performance but lets us do things like case conversions for
# UTF-8. You can pick any supported codepage that has as much support for the
# input data as possible - eg. for "latin" language passwords you can use
# CP850, ISO-8859-1 or CP1252 and it will probably not make a difference.
#DefaultIntermediateEncoding = CP1252

# Warn if seeing UTF-8 when expecting some other encoding, or vice versa.
#WarnEncoding = Y

# Always report (to screen and log) cracked passwords as UTF-8, regardless of
# input encoding. This is recommended if you have your terminal set for UTF-8.
#AlwaysReportUTF8 = Y

# Always store Unicode (UTF-16) passwords as UTF-8 in john.pot, regardless
# of input encoding. This prevents john.pot from being filled with mixed
# and eventually unknown encodings. This is recommended if you have your
# terminal set for UTF-8 and/or you want to run --loopback for LM->NT
# including non-ASCII.
#UnicodeStoreUTF8 = Y

# Always report/store non-Unicode formats as UTF-8, regardless of input
# encoding. Note: The actual codepage that was used is not stored anywhere
# except in the log file. This is needed eg. for --loopback to crack LM->NT
# including non-ASCII.
#CPstoreUTF8 = Y

# Default verbosity is 3, valid figures are 1-5 right now.
# 4-5 enables some extra output
# 2 mutes rules & incremental output in logs (LOTS of lines)
# 1 even mutes printing (to screen) of cracked passwords
Verbosity = 3

# If set to Y, do not output, log  or store cracked passwords verbatim.
# This implies a different default .pot database file "secure.pot" instead
# of "john.pot" but it can still be overridden using --pot=FILE.
# This also overrides other options, eg. LogCrackedPasswords.
SecureMode = N

# If set to Y, a session using --fork or MPI will signal to other nodes when
# it has written cracks to the pot file (note that this writing is delayed
# by buffers and the "Save" timer above), so they will re-sync.
ReloadAtCrack = Y

# If set to Y, resync pot file when saving session.
ReloadAtSave = Y

# If this file exists, john will abort cleanly
AbortFile = /var/run/john/abort

# While this file exists, john will pause
PauseFile = /var/run/john/pause

[Options:MPI]
# Automagically disable OMP if MPI is used (set to N if
# you want to run one MPI process per multi-core host)
MPIOMPmutex = Y

# Print a notice if disabling OMP (when MPIOMPmutex = Y)
# or when running OMP and MPI at the same time
MPIOMPverbose = Y


[Options:OpenCL]
# Set default OpenCL platform and/or device. Command line options will
# override these. If neither is set, we will search for a GPU or fall-back
# to platform 0, device 0.
#Platform = 0
#Device = 0

# Some formats vectorize their kernels in case the device says it's a good
# idea. Some devices give "improper" hints which means we vectorize but get
# a performance drop. If you have such a device, uncommenting the below
# will disable vectorizing globally.
# With this set to N (or commented out) you can force it per session with
# the --force-scalar command-line option instead.
#ForceScalar = Y

# Format-specific settings for Local Work Size and Global Work Size call.
# An LWS or GWS of zero will initiate auto enumeration. The environment
# variables LWS and/or GWS will override these figures.
#ssha_LWS = 512
#ssha_GWS = 8192

# For RAR format.
#rar_LWS = 128
#rar_GWS = 8192

# For SHA-2.
#sha512crypt_LWS = 64
#sha512crypt_GWS = 8192
#sha256crypt_LWS = xxx
#sha256crypt_GWS = xxx
#rawsha256_LWS = xxx
#rawsha256_GWS = xxx
#rawsha512_LWS = xxx
#rawsha512_GWS = xxx
#xsha512_LWS = xxx
#xsha512_GWS = xxx

# For office formats.
#office2007_LWS = 64
#office2007_GWS = 8192
#office2010_LWS = 64
#office2010_GWS = 8192
#office2013_LWS = 64
#office2013_GWS = 8192

# For NTLMv2 format
#ntlmv2_LWS = 1024
#ntlmv2_GWS = 32768

# WPA-PSK
#wpapsk_LWS = xxx
#wpapsk_GWS = xxx

# For raw
#rawmd4_LWS = xxx
#rawmd4_GWS = xxx

# Markov modes, see ../doc/MARKOV for more information
[Markov:Default]
# Default Markov mode settings
#
# Statsfile cannot be specified on the command line, so
# specifying it here is mandatory
Statsfile = $JOHN/stats
# MkvLvl and MkvMaxLen should also be specified here, as a fallback for
# --markov usage without specifying LEVEL and/or LENGTH on the command line
MkvLvl = 200
MkvMaxLen = 12
# MkvMinLvl and MkvMinLen should not be specified at all in [Markov:Default],
# or they should be equal to 0 (which is the default if not specified.
# MkvMinLvl and MkvMinLen can be used in other Markov mode sections
# except [Markov:Default]
; MkvMinLvl = 0
; MkvMinLen = 0

# A user defined character class is named with a single digit, ie. 0..9. After
# the equal-sign, just list all characters that this class should match. You
# can specify ranges within brackets, much like pre-processor ranges in rules.
# BEWARE of encoding if using non-ASCII characters. If you put UTF-8 characters
# here, it will *not* work! You must use a singlebyte encoding and it should
# be the same here as you intend to use for your dictionary.
# You can however put characters here in \xA3 format (for codepoint 0xA3 - in
# many iso-8859 codepages that would mean a pound sign). This works in ranges
# too. Using \x00 is not supported though - it will not be parsed as null.
#
# This is a couple of example classes:
# ?0 matches (one version of) base64 characters
# ?1 matches hex digits
# ?2 matches the TAB character (never try to use \x00!)
[UserClasses]
0 = [a-zA-Z0-9/.]
1 = [0-9a-fA-F]
2 = \x09

# these are user defined character sets.  There purpose is to allow custom salt
# values to be used within the salt_regen logic.  These will be the characters
# to use for this character within the salt.  So if we had a salt that was 4
# characters, and 0-9a-m, we can easily do this by 0 = [0-9a-m]  If this is used,
# the regen salt value would be ?0?0?0?0 and salts such as a47m 2kd5 would be valid.
[Regen_Salts_UserClasses]
1 = [1-9]

# A "no rules" rule for super fast Single mode (use with --single=none)
[List.Rules:None]
:

# A "drop all" rule for even faster Single mode (debugging :)
[List.Rules:Drop]
<1'0

# "Single crack" mode rules
[List.Rules:Single]
# Simple rules come first...
:
-s x**
-c (?a c Q
-c l Q
-s-c x** /?u l
# These were not included in crackers I've seen, but are pretty efficient,
# so I include them near the beginning
>6 '6
>7 '7 l
-c >6 '6 /?u l
>5 '5
# Weird order, eh? Can't do anything about it, the order is based on the
# number of successful cracks...
<* d
r c
-c <* (?a d c
-c >5 '5 /?u l
-c u Q
-c )?a r l
-[:c] <* !?A \p1[lc] p
-c <* c Q d
-c >7 '7 /?u
>4 '4 l
-c <+ (?l c r
-c <+ )?l l Tm
>3 '3
-c >4 '4 /?u
-c >3 '3 /?u l
-c u Q r
<* d M 'l f Q
-c <* l Q d M 'l f Q
# About 50% of single-mode-crackable passwords get cracked by now...
# >2 x12 ... >8 x18
>[2-8] x1\1
>9 \[
# >3 x22 ... >9 x28
>[3-9] x2\p[2-8]
# >4 x32 ... >9 x37
>[4-9] x3\p[2-7]
# >2 x12 /?u l ... >8 x18 /?u l
-c >[2-8] x1\1 /?u l
-c >9 \[ /?u l
# >3 x22 /?u l ... >9 x28 /?u l
-c >[3-9] x2\p[2-8] /?u l
# >4 x32 /?u l ... >9 x37 /?u l
-c >[4-9] x3\p[2-7] /?u l
# Now to the suffix stuff...
<* l $[1-9!0a-rt-z"-/:-@\[-`{-~]
-c <* (?a c $[1-9!0a-rt-z"-/:-@\[-`{-~]
-[:c] <* !?A (?\p1[za] \p1[lc] $s M 'l p Q X0z0 'l $s
-[:c] <* /?A (?\p1[za] \p1[lc] $s
<* l r $[1-9!]
-c <* /?a u $[1-9!]
-[:c] <- (?\p1[za] \p1[lc] Az"'s"
-[:c] <- (?\p1[za] \p1[lc] Az"!!"
-[:c] (?\p1[za] \p1[lc] $! <- Az"!!"
# Removing vowels...
-[:c] /?v @?v >2 (?\p1[za] \p1[lc]
/?v @?v >2 <* d
# crack -> cracked, crack -> cracking
<* l [PI]
-c <* l [PI] (?a c
# mary -> marie
-[:c] <* (?\p1[za] \p1[lc] )y omi $e
# marie -> mary
-[:c] <* (?\p1[za] \p1[lc] )e \] )i val1 oay
# The following are some 3l33t rules
-[:c] l /[aelos] s\0\p[4310$] (?\p1[za] \p1[:c]
-[:c] l /a /[elos] sa4 s\0\p[310$] (?\p1[za] \p1[:c]
-[:c] l /e /[los] se3 s\0\p[10$] (?\p1[za] \p1[:c]
-[:c] l /l /[os] sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /o /s so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /[los] sa4 se3 s\0\p[10$] (?\p1[za] \p1[:c]
-[:c] l /a /l /[os] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /o /s sa4 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /l /[os] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /[el] /o /s s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /[el] /o /s sa4 s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /l /o /s sa4 se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
# Now to the prefix stuff...
l ^[1a-z2-90]
-c l Q ^[A-Z]
^[A-Z]
l ^["-/:-@\[-`{-~]
-[:c] <9 (?a \p1[lc] A0"[tT]he"
-[:c] <9 (?a \p1[lc] A0"[aA]my"
-[:c] <9 (?a \p1[lc] A0"[mdMD]r"
-[:c] <9 (?a \p1[lc] A0"[mdMD]r."
-[:c] <9 (?a \p1[lc] A0"__"
<- !?A l p ^[240-9]
# Some word pair rules...
# johnsmith -> JohnSmith, johnSmith
-p-c (?a 2 (?a c 1 [cl]
# JohnSmith -> john smith, john_smith, john-smith
-p 1 <- $[ _\-] + l
# JohnSmith -> John smith, John_smith, John-smith
-p-c 1 <- (?a c $[ _\-] 2 l
# JohnSmith -> john Smith, john_Smith, john-Smith
-p-c 1 <- l $[ _\-] 2 (?a c
# johnsmith -> John Smith, John_Smith, John-Smith
-p-c 1 <- (?a c $[ _\-] 2 (?a c
# Applying different simple rules to each of the two words
-p-[c:] 1 \p1[ur] 2 l
-p-c 2 (?a c 1 [ur]
-p-[c:] 1 l 2 \p1[ur]
-p-c 1 (?a c 2 [ur]
# jsmith -> smithj, etc...
-[:c] (?a \p1[lc] [{}]
-[:c] (?a \p1[lc] [{}] \0
# Toggle case...
-c <+ )?u l Tm
-c T0 Q M c Q l Q u Q C Q X0z0 'l
-c T[1-9A-E] Q M l Tm Q C Q u Q l Q c Q X0z0 'l
-c l Q T[1-9A-E] Q M T\0 Q l Tm Q C Q u Q X0z0 'l
-c >2 <G %2?a [lu] T0 M T2 T4 T6 T8 TA TC TE Q M l Tm Q X0z0 'l
-c >2 /?l /?u t Q M c Q C Q l Tm Q X0z0 'l
# Deleting chars...
>[2-8] D\p[1-7]
>[8-9A-E] D\1
-c /?u >[2-8] D\p[1-7] l
-c /?u >[8-9A-E] D\1 l
=1?a \[ M c Q
-c (?a >[1-9A-E] D\1 c
# Inserting a dot...
-[:c] >3 (?a \p1[lc] i[12].
# More suffix stuff...
<- l Az"[190][0-9]"
-c <- (?a c Az"[190][0-9]"
<- l Az"[782][0-9]"
-c <- (?a c Az"[782][0-9]"
<* l $[A-Z]
-c <* (?a c $[A-Z]
# cracking -> CRACKiNG
-c u /I sIi
# Crack96 -> cRACK96
%2?a C Q
# Crack96 -> cRACK(^
/?A S Q
# Crack96 -> CRaCK96
-c /?v V Q
# Really weird charset conversions, like "england" -> "rmh;smf"
:[RL] Q
l Q [RL]
-c (?a c Q [RL]
:[RL] \0 Q
# Both prefixing and suffixing...
<- l ^[1!@#$%^&*\-=_+.?|:'"] $\1
<- l ^[({[<] $\p[)}\]>]
# The rest of two-digit suffix stuff, less common numbers...
<- l Az"[63-5][0-9]"
-c <- (?a c Az"[63-5][0-9]"
# Some multi-digit numbers...
-[:c] (?a \p1[lc] Az"007" <+
-[:c] (?a \p1[lc] Az"123" <+
-[:c] (?a \p1[lc] Az"[0-9]\0\0" <+
-[:c] (?a \p1[lc] Az"1234" <+
-[:c] (?a \p1[lc] Az"[0-9]\0\0\0" <+
-[:c] (?a \p1[lc] Az"12345" <+
-[:c] (?a \p1[lc] Az"[0-9]\0\0\0\0" <+
-[:c] (?a \p1[lc] Az"123456" <+
-[:c] (?a \p1[lc] Az"[0-9]\0\0\0\0\0" <+
# Some [birth] years...
l Az"19[7-96-0]" <+ >-
l Az"20[01]" <+ >-
l Az"19[7-9][0-9]" <+
l Az"20[01][0-9]" <+
l Az"19[6-0][9-0]" <+

[List.Rules:Extra]
# Insert/overstrike some characters...
!?A >[1-6] l i\0[a-z]
!?A l o0[a-z]
!?A >[1-7] l o\0[a-z]
# Toggle case everywhere (up to length 8), assuming that certain case
# combinations were already tried.
-c T1 Q M T0 Q
-c T2 Q M T[z0] T[z1] Q
-c T3 Q M T[z0] T[z1] T[z2] Q
-c T4 Q M T[z0] T[z1] T[z2] T[z3] Q
-c T5 Q M T[z0] T[z1] T[z2] T[z3] T[z4] Q
-c T6 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] Q
-c T7 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] T[z6] Q
# Very slow stuff...
l Az"[1-90][0-9][0-9]" <+
-c (?a c Az"[1-90][0-9][0-9]" <+
<[\-9] l A\p[z0]"[a-z][a-z]"
<- l ^[a-z] $[a-z]

# Wordlist mode rules
[List.Rules:Wordlist]
# Try words as they are
:
# Lowercase every pure alphanumeric word
-c >3 !?X l Q
# Capitalize every pure alphanumeric word
-c (?a >2 !?X c Q
# Lowercase and pluralize pure alphabetic words
<* >2 !?A l p
# Lowercase pure alphabetic words and append '1'
<* >2 !?A l $1
# Capitalize pure alphabetic words and append '1'
-c <* >2 !?A c $1
# Duplicate reasonably short pure alphabetic words (fred -> fredfred)
<7 >1 !?A l d
# Lowercase and reverse pure alphabetic words
>3 !?A l M r Q
# Prefix pure alphabetic words with '1'
>2 !?A l ^1
# Uppercase pure alphanumeric words
-c >2 !?X u Q M c Q u
# Lowercase pure alphabetic words and append a digit or simple punctuation
<* >2 !?A l $[2!37954860.?]
# Words containing punctuation, which is then squeezed out, lowercase
/?p @?p >3 l
# Words with vowels removed, lowercase
/?v @?v >3 l
# Words containing whitespace, which is then squeezed out, lowercase
/?w @?w >3 l
# Capitalize and duplicate short pure alphabetic words (fred -> FredFred)
-c <7 >1 !?A c d
# Capitalize and reverse pure alphabetic words (fred -> derF)
-c <+ >2 !?A c r
# Reverse and capitalize pure alphabetic words (fred -> Derf)
-c >2 !?A l M r Q c
# Lowercase and reflect pure alphabetic words (fred -> fredderf)
<7 >1 !?A l d M 'l f Q
# Uppercase the last letter of pure alphabetic words (fred -> freD)
-c <+ >2 !?A l M r Q c r
# Prefix pure alphabetic words with '2' or '4'
>2 !?A l ^[24]
# Capitalize pure alphabetic words and append a digit or simple punctuation
-c <* >2 !?A c $[2!3957468.?0]
# Prefix pure alphabetic words with digits
>2 !?A l ^[379568]
# Capitalize and pluralize pure alphabetic words of reasonable length
-c <* >2 !?A c p
# Lowercase/capitalize pure alphabetic words of reasonable length and convert:
# crack -> cracked, crack -> cracking
-[:c] <* >2 !?A \p1[lc] M [PI] Q
# Try the second half of split passwords
-s x**
-s-c x** M l Q

# Case toggler for cracking MD4-based NTLM hashes (with the contributed patch)
# given already cracked DES-based LM hashes.
# Use --rules=NT to use this
[List.Rules:NT]
:
-c T0Q
-c T1QT[z0]
-c T2QT[z0]T[z1]
-c T3QT[z0]T[z1]T[z2]
-c T4QT[z0]T[z1]T[z2]T[z3]
-c T5QT[z0]T[z1]T[z2]T[z3]T[z4]
-c T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]
-c T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]
-c T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]
-c T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]
-c TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]
-c TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]
-c TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]
-c TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]

# Some Office <=2003 files have passwords truncated at 15
[List.Rules:OldOffice]
:
->F>F'F

# Rules from Hash Runner 2014
[List.Rules:o1]
o[0-9A-Z][ -~]

[List.Rules:o2]
o[0-9A-E][ -~] Q M o[0-9A-E][ -~] Q

[List.Rules:o3]
o[0-9][ -~] Q M o[0-9][ -~] Q M o[0-9][ -~] Q

[List.Rules:o]
o[0-9A-Z][ -~]
o[0-9A-E][ -~] Q M o[0-9A-E][ -~] Q

[List.Rules:i1]
i[0-9A-Z][ -~]

[List.Rules:i2]
i[0-9A-E][ -~] i[0-9A-E][ -~]

[List.Rules:i3]
i[0-9][ -~] i[0-9][ -~] i[0-9][ -~]

[List.Rules:i]
i[0-9A-Z][ -~]
i[0-9A-E][ -~] i[0-9A-E][ -~]

[List.Rules:oi]
o[0-9A-Z][ -~]
i[0-9A-Z][ -~]
o[0-9A-E][ -~] Q M o[0-9A-E][ -~] Q
i[0-9A-E][ -~] i[0-9A-E][ -~]

# Default Loopback mode rules.
[List.Rules:Loopback]
.include [List.Rules:NT]
.include [List.Rules:Wordlist]

# For Single Mode against fast hashes
[List.Rules:Single-Extra]
.include [List.Rules:Single]
.include [List.Rules:Extra]
.include [List.Rules:OldOffice]

# For Wordlist mode and very fast hashes
[List.Rules:Jumbo]
.include [List.Rules:Wordlist]
.include [List.Rules:OldOffice]
.include [List.Rules:Single]
.include [List.Rules:Extra]
.include [List.Rules:NT]

# KoreLogic rules
.include "$JOHN/korelogic.conf"

# Everything, including all KoreLogic rules. Only for very fast hashes
# and/or Single mode.
[List.Rules:All]
.include [List.Rules:Jumbo]
.include [List.Rules:KoreLogic]

# Incremental modes

# This is for one-off uses (make your own custom.chr)
[Incremental:Custom]
File = $JOHN/custom.chr
MinLen = 0

# The theoretical CharCount is 211, we've got 196.
[Incremental:UTF8]
File = $JOHN/utf8.chr
MinLen = 0
CharCount = 196

# This is CP1252, a super-set of ISO-8859-1.
# The theoretical CharCount is 219, we've got 203.
[Incremental:Latin1]
File = $JOHN/latin1.chr
MinLen = 0
CharCount = 203

[Incremental:ASCII]
File = $JOHN/ascii.chr
MinLen = 0
MaxLen = 13
CharCount = 95

[Incremental:LM_ASCII]
File = $JOHN/lm_ascii.chr
MinLen = 0
MaxLen = 7
CharCount = 69

# This is CP858 (CP850 + Euro sign, superset of CP437).
# The theoretical CharCount is 209 minus lowercase, we've got 132.
[Incremental:LanMan]
File = $JOHN/lanman.chr
MinLen = 0
MaxLen = 7
CharCount = 132

# This is alnum (upper & lower case) as well as space.
[Incremental:Alnumspace]
File = $JOHN/alnumspace.chr
MinLen = 1
MaxLen = 13
CharCount = 63

[Incremental:Alnum]
File = $JOHN/alnum.chr
MinLen = 1
MaxLen = 13
CharCount = 62

[Incremental:Alpha]
File = $JOHN/alpha.chr
MinLen = 1
MaxLen = 13
CharCount = 52

[Incremental:LowerNum]
File = $JOHN/lowernum.chr
MinLen = 1
MaxLen = 13
CharCount = 36

[Incremental:UpperNum]
File = $JOHN/uppernum.chr
MinLen = 1
MaxLen = 13
CharCount = 36

[Incremental:LowerSpace]
File = $JOHN/lowerspace.chr
MinLen = 1
MaxLen = 13
CharCount = 27

[Incremental:Lower]
File = $JOHN/lower.chr
MinLen = 1
MaxLen = 13
CharCount = 26

[Incremental:Upper]
File = $JOHN/upper.chr
MinLen = 1
MaxLen = 13
CharCount = 26

[Incremental:Digits]
File = $JOHN/digits.chr
MinLen = 1
MaxLen = 20
CharCount = 10

# Some pre-defined word filters as used to generate the supplied .chr files
[List.External:Filter_ASCII]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (c < 0x20 || c > 0x7e || i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_LanMan]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i]) {
		if (i >= 14) {			// of up to 14 characters long
			word = 0; return;
		}
		if (c >= 'a' && c <= 'z')	// Convert to uppercase
			word[i] &= 0xDF;
		i++;
	}

	word[7] = 0;				// Truncate at 7 characters
}

[List.External:Filter_LM_ASCII]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i]) {
		if (c < 0x20 || c > 0x7e ||	// Require ASCII-only
		    i >= 14) {			// of up to 14 characters long
			word = 0; return;
		}
		if (c >= 'a' && c <= 'z')	// Convert to uppercase
			word[i] &= 0xDF;
		i++;
	}

	word[7] = 0;				// Truncate at 7 characters
}

[List.External:Filter_Alnumspace]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (c != ' ' && (((c < '0' || c > '9') &&
	((c &= 0xDF) < 'A' || c > 'Z'))) || i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_Alnum]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (((c < '0' || c > '9') && ((c &= 0xDF) < 'A' || c > 'Z')) ||
	    i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_Alpha]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if ((c &= 0xDF) < 'A' || c > 'Z' || i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_LowerNum]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (((c < 'a' || c > 'z') && (c < '0' || c > '9')) || i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_UpperNum]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (((c < 'A' || c > 'Z') && (c < '0' || c > '9')) || i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_LowerSpace]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (((c < 'a' || c > 'z') && c != ' ') || i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_Lower]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (c < 'a' || c > 'z' || i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_Upper]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (c < 'A' || c > 'Z' || i > 13) {
		word = 0; return;
	}
}

[List.External:Filter_Digits]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (c < '0' || c > '9' || i > 20) {
		word = 0; return;
	}
}

[List.External:Filter_No_Cap_or_Symbols]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
		return;
	}
	word = 0; return;
}


# Reject words that are illegal UTF-8
# We obviously let pure ASCII through too
[List.External:Filter_UTF8]
void filter()
{
	int s, a, p;

	p = 0;
	while (s = word[p++] & 0xff) {
		if (s > 0x7f) {
			if (s < 0xc2 || s > 0xf7) { // illegal single-byte
				word = 0; return;
			}
			// two-byte c2..df
			a = word[p++] & 0xff;
			if (a < 0x80 || a > 0xbf) {
				word = 0; return;
			}
			if (s > 0xdf) { // three-byte e0..ef
				if (s == 0xe0 && a < 0xa0) {
					word = 0; return;
				}
				if (s == 0xed && a > 0x9f) {
					word = 0; return;
				}
				if (s == 0xf0 && a < 0x90) {
					word = 0; return;
				}
				if (s == 0xf4 && a > 0x8f) {
					word = 0; return;
				}
				a = word[p++] & 0xff;
				if (a < 0x80 || a > 0xbf) {
					word = 0; return;
				}
				if (s > 0xef) { // four-byte f0..f7
					a = word[p++] & 0xff;
					if (a < 0x80 || a > 0xbf) {
						word = 0; return;
					}
				}
			}
		}
	}
}

# Reject words that are LEGAL UTF-8 (also rejects pure ASCII)
[List.External:Filter_non-UTF8]
void filter()
{
	int s, a, p;

	p = 0;
	while (s = word[p++] & 0xff) {
		if (s > 0x7f) {
			if (s < 0xc2 || s > 0xf7) { // illegal single-byte
				return;
			}
			// two-byte c2..df
			a = word[p++] & 0xff;
			if (a < 0x80 || a > 0xbf) {
				return;
			}
			if (s > 0xdf) { // three-byte e0..ef
				if (s == 0xe0 && a < 0xa0) {
					return;
				}
				if (s == 0xed && a > 0x9f) {
					return;
				}
				if (s == 0xf0 && a < 0x90) {
					return;
				}
				if (s == 0xf4 && a > 0x8f) {
					return;
				}
				a = word[p++] & 0xff;
				if (a < 0x80 || a > 0xbf) {
					return;
				}
				if (s > 0xef) { // four-byte f0..f7
					a = word[p++] & 0xff;
					if (a < 0x80 || a > 0xbf) {
						return;
					}
				}
			}
		}
	}
	word = 0;
}

# A simple cracker for LM hashes
[List.External:LanMan]
int length;				// Current length
int maxlength;

void init()
{
	if (req_minlen)
		length = req_minlen;
	else
		length = 1;
	if (req_maxlen)
		maxlength = req_maxlen;
	else					// the format's limit
		maxlength = cipher_limit;
	word[0] = 'A' - 1;		// Start with "A"
	word[length] = 0;
}

void generate()
{
	int i;

	i = length - 1;			// Start from the last character
	while (++word[i] > 'Z')		// Try to increase it
	if (i)				// Overflow here, any more positions?
		word[i--] = 'A';	// Yes, move to the left, and repeat
	else				// No

	if (length < maxlength) {
		word[i = ++length] = 0;	// Switch to the next length
		while (i--)
			word[i] = 'A';
		return;
	} else {
		word = 0; return;	// We're done
	}
}

void restore()
{
	length = 0;			// Calculate the length
	while (word[length]) length++;
}

# Simple and well-commented, yet useful external mode example
# NOTE, this has now been 'split' up into a base extern, 'base', and then
# multiple External:double functions.  It still has same code as original
# double, but now can be easily expanded.
[List.External_base:Double]
/*
 * This cracking mode tries all the possible duplicated lowercase alphabetic
 * "words" of up to 8 characters long.  Since word halves are the same, it
 * only has to try about 500,000 words.
 */

/* Global variables: current length and word */
/* make this 'long' enough for other externs that include this one */
/* (up to 125 bytes long) */

int length, current[126], max;

/* this new 'type' variable, is used to tell double what character set to
 * use. It can use the original (alpha).  If type is 0 (i.e. unset), then
 * a-z (alpha) character set is used.  If type is '0' (a zero ascii byte)
 * then alnum charset is used, a-z0-9.  If type is a space char, then all
 * charset is used  [space - tilde]  or [ -~].  This required setting the
 * type var in the init() of alnum or all doubles (it can be left unset
 * in the alpha versions).  It also requires some if logic in generate.
 * other than that, it works the same, with almost no performance hit */
int type;

/* Generates a new word */
void generate()
{
	int i;

/* Export last generated word, duplicating it at the same time; here "word"
 * is a pre-defined external variable. */
	word[(i = length) << 1] = 0;
	while (i--) word[length + i] = word[i] = current[i];

/* Generate a new word */
	i = length - 1;			// Start from the last character
	if (type == 0) {
		/* alpha */
		while (++current[i] > 'z')	// Try to increase it
		if (i)				// Overflow here, any more positions?
			current[i--] = 'a';	// Yes, move to the left, and repeat
		else {				// No
			current = 0;		// Request a length switch
			break;			// Break out of the loop
		}
	} else if (type == '0') {
		/* alnum */
		if (current[i] == 'z') current[i] = '0'-1;
		while (++current[i] == '9')	{ // Try to increase it
			if (i)				// Overflow here, any more positions?
				current[i--] = 'a';	// Yes, move to the left, and repeat
			else {				// No
				current = 0;		// Request a length switch
				break;			// Break out of the loop
			}
			if (current[i] == 'z') current[i] = '0'-1;
		}
	} else if (type == ' ') {
		/* all */
		while (++current[i] > '~')	{ // Try to increase it
			if (i)				// Overflow here, any more positions?
				current[i--] = ' ';	// Yes, move to the left, and repeat
			else {				// No
				current = 0;		// Request a length switch
				break;			// Break out of the loop
			}
		}
	}
	/* else ????? wtf?? */

/* Switch to the next length, unless we were generating 8 character long
 * words already. */
	if (!current && length < max) {
		i = ++length;
		if (type == 0 || type == '0')
			while (i--) current[i] = 'a';
		else if (type == ' ')
			while (i--) current[i] = ' ';
	}
}

/* Called when restoring an interrupted session */
void restore()
{
	int i;

/* Import the word back */
	i = 0;
	while (current[i] = word[i]) i++;

/* ...and calculate the half-word length */
	length = i >> 1;
}

[List.External:Double]
.include [List.External_base:Double]

/* Called at startup to initialize the global variables */
void init()
{
	int i;

	if (req_minlen)
		i = length = (req_minlen + 1) / 2;
	else
		i = length = 2;		// Start with 4 character long words
	while (i--) current[i] = 'a';	// Set our half-word to "aa"
	if (req_maxlen)
		max = (req_maxlen + 1) / 2;
	else if (length > 4)
		max = length;
	else
		max = 4;
}

[List.External:Double_alnum]
.include [List.External_base:Double]

/* Called at startup to initialize the global variables */
void init()
{
	int i;

	if (req_minlen)
		i = length = (req_minlen + 1) / 2;
	else
		i = length = 2;		// Start with 4 character long words
	while (i--) current[i] = 'a';	// Set our half-word to "aa"
	if (req_maxlen)
		max = (req_maxlen + 1) / 2;
	else if (length > 4)
		max = length;
	else
		max = 4;

	type = '0';
}

[List.External:Double_all]
.include [List.External_base:Double]
void init()
{
	int i;

	if (req_minlen)
		i = length = (req_minlen + 1) / 2;
	else
		i = length = 2;		// Start with 4 character long words
	while (i--) current[i] = ' ';	// Set our half-word to "  "
	if (req_maxlen)
		max = (req_maxlen + 1) / 2;
	else if (length > 4)
		max = length;
	else
		max = 4;

	type = ' ';
}


# Strip 0.5 ("Secure Tool for Recalling Important Passwords") cracker,
# based on analysis done by Thomas Roessler and Ian Goldberg.  This will
# crack passwords you may have generated with Strip; other uses of Strip
# are unaffected.
[List.External:Strip]
int minlength, maxlength, mintype, maxtype;
int crack_seed, length, type;
int count, charset[128];

void init()
{
	int c;

/* Password lengths to try; Strip can generate passwords of 4 to 16
 * characters, but traditional crypt(3) hashes are limited to 8. */
	minlength = req_minlen;
	if (minlength < 4)
		minlength = 4;
	if (req_maxlen)
		maxlength = req_maxlen;
	else					// the format's limit
		maxlength = cipher_limit;
	if (maxlength >16) maxlength = 16;

/* Password types to try (Numeric, Alpha-Num, Alpha-Num w/ Meta). */
	mintype = 0;	// 0
	maxtype = 2;	// 2

	crack_seed = 0x10000;
	length = minlength - 1;
	type = mintype;

	count = 0;
	c = '0'; while (c <= '9') charset[count++] = c++;
}

void generate()
{
	int seed, random;
	int i, c;

	if (crack_seed > 0xffff) {
		crack_seed = 0;

		if (++length > maxlength) {
			length = minlength;

			if (++type > maxtype) {
				word[0] = 0;
				return;
			}
		}

		count = 10;
		if (type >= 1) {
			c = 'a'; while (c <= 'f') charset[count++] = c++;
			c = 'h'; while (c <= 'z') charset[count++] = c++;
			c = 'A'; while (c <= 'Z') charset[count++] = c++;
		}
		if (type == 2) {
			charset[count++] = '!';
			c = '#'; while (c <= '&') charset[count++] = c++;
			c = '('; while (c <= '/') charset[count++] = c++;
			c = '<'; while (c <= '>') charset[count++] = c++;
			charset[count++] = '?'; charset[count++] = '@';
			charset[count++] = '['; charset[count++] = ']';
			charset[count++] = '^'; charset[count++] = '_';
			c = '{'; while (c <= '~') charset[count++] = c++;
		}
	}

	seed = (crack_seed++ << 16 >> 16) * 22695477 + 1;

	i = 0;
	while (i < length) {
		random = ((seed = seed * 22695477 + 1) >> 16) & 0x7fff;
		word[i++] = charset[random % count];
	}

	word[i] = 0;
}

# A variation of KnownForce configured to try all the 385641000 possible
# auto-generated passwords of DokuWiki versions up to at least 2013-05-10.
[List.External:DokuWiki]
int last;		// Last character position, zero-based
int lastofs;		// Last character position offset into charset[]
int lastid;		// Current character index in the last position
int id[0x7f];		// Current character indices for other positions
int charset[0x7f00];	// Character sets, 0x100 elements for each position

void init()
{
	int A[26], C[26], V[26];
	int length;
	int pos, ofs, i, c;

	i = 0; while (i < 26) { A[i] = C[i] = 1; V[i++] = 0; }
	i = 'a' - 'a'; C[i] = 0; V[i] = 1;
	i = 'e' - 'a'; C[i] = 0; V[i] = 1;
	i = 'i' - 'a'; C[i] = 0; V[i] = 1;
	i = 'o' - 'a'; C[i] = 0; V[i] = 1;
	i = 'u' - 'a'; C[i] = 0; V[i] = 1;
	i = 'q' - 'a'; A[i] = C[i] = 0;
	i = 'x' - 'a'; A[i] = C[i] = 0;
	i = 'y' - 'a'; A[i] = C[i] = 0;

	length = 8;

/* This defines the character sets for different character positions */
	pos = 0;
	while (pos < 6) {
		ofs = pos++ << 8;
		i = 0;
		c = 'a' - 1;
		while (++c <= 'z')
			if (C[c - 'a'])
				charset[ofs + i++] = c;
		charset[ofs + i] = 0;
		ofs = pos++ << 8;
		i = 0;
		c = 'a' - 1;
		while (++c <= 'z')
			if (V[c - 'a'])
				charset[ofs + i++] = c;
		charset[ofs + i] = 0;
		ofs = pos++ << 8;
		i = 0;
		c = 'a' - 1;
		while (++c <= 'z')
			if (A[c - 'a'])
				charset[ofs + i++] = c;
		charset[ofs + i] = 0;
	}
	c = '1';
	while (pos < length) {
		ofs = pos++ << 8;
		i = 0;
		while (c <= '9')
			charset[ofs + i++] = c++;
		charset[ofs + i] = 0;
		c = '0';
	}

	last = length - 1;
	pos = -1;
	while (++pos <= last)
		word[pos] = charset[id[pos] = pos << 8];
	lastid = (lastofs = last << 8) - 1;
	word[pos] = 0;
}

void generate()
{
	int pos;

/* Handle the typical case specially */
	if (word[last] = charset[++lastid]) return;

	word[pos = last] = charset[lastid = lastofs];
	while (pos--) {			// Have a preceding position?
		if (word[pos] = charset[++id[pos]]) return;
		word[pos] = charset[id[pos] = pos << 8];
	}

	word = 0;			// We're done
}

void restore()
{
	int i, c;

/* Calculate the current length and infer the character indices */
	last = 0;
	while (c = word[last]) {
		i = lastofs = last << 8;
		while (charset[i] != c && charset[i]) i++;
		if (!charset[i]) i = lastofs; // Not found
		id[last++] = i;
	}
	lastid = id[--last];
}

/*
 * This takes advantage of CVE-2013-2120 to find seeds that KDE Paste applet
 * uses to generate passwords.
 *
 * This software is Copyright (c) Michael Samuel <mik@miknet.net>,
 * and it is hereby released to the general public under the following terms:
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted.
 */
[List.External:KDEPaste]
int charset[95];
int charset_length, password_length, endTime, startTime, msec;

void init()
{
	password_length = 8;	/* Change this to match config */
	endTime = session_start_time;
	startTime = 1343743200;	/* Aug 1 2012  - Change this as necessary */

	msec = 1;		/* msec is never 0 - it would crash the applet */

	charset_length = 0;
	int c;

	/* Comment out classes that you don't need, but keep the order the same */
	/* Lowers */
	c = 'a'; while (c <= 'z') charset[charset_length++] = c++;

	/* Uppers */
	c = 'A'; while (c <= 'Z') charset[charset_length++] = c++;

	/* Numbers */
	c = '0'; while (c <= '9') charset[charset_length++] = c++;
	charset[charset_length++] = '0';	/* Yep, it's there twice */

	/* Symbols */
	c = '!'; while (c <= '/') charset[charset_length++] = c++;
	c = ':'; while (c <= '@') charset[charset_length++] = c++;
	c = '['; while (c <= '`') charset[charset_length++] = c++;
	c = '{'; while (c <= '~') charset[charset_length++] = c++;
}

void generate()
{
	int i, rand_seed, rand_result;

	/* Terminate once we've generated for all *
	 * of the time range (Plus a bit more...) */
	if (endTime + 1000 < startTime) {
		word = 0;
		return;
	}

	/* Skip msecs that would generate dupes */
	while (endTime % msec != 0) {
		if (++msec > 999) {
			endTime--;
			msec = 1;
		}
	}

	rand_seed = endTime / msec;

	i = 0;
	while (i < password_length) {
		/* this works like rand_r() from eglibc */
		rand_seed = rand_seed * 1103515245 + 12345;
		rand_result = (rand_seed >> 16) & 2047;

		rand_seed = rand_seed * 1103515245 + 12345;
		rand_result <<= 10;
		rand_result ^= (rand_seed >> 16) & 1023;

		rand_seed = rand_seed * 1103515245 + 12345;
		rand_result <<= 10;
		rand_result ^= (rand_seed >> 16) & 1023;

		word[i++] = charset[rand_result % charset_length];
	}
	word[i] = 0;

	if (++msec > 999) {
		endTime--;
		msec = 1;
	}
}

void restore()
{
	int i, rand_seed, rand_result;

	i = 0;

	/* Very crude restore, just dry-run until we hit last word */
	while (i != password_length) {

		while (endTime % msec != 0) {
			if (++msec > 999) {
				endTime--;
				msec = 1;
			}
		}

		rand_seed = endTime / msec;

		i = 0;
		while (i < password_length) {
			/* this works like rand_r() from eglibc */
			rand_seed = rand_seed * 1103515245 + 12345;
			rand_result = (rand_seed >> 16) & 2047;

			rand_seed = rand_seed * 1103515245 + 12345;
			rand_result <<= 10;
			rand_result ^= (rand_seed >> 16) & 1023;

			rand_seed = rand_seed * 1103515245 + 12345;
			rand_result <<= 10;
			rand_result ^= (rand_seed >> 16) & 1023;

			if (charset[rand_result % charset_length] != word[i++])
				break;
		}

		if (++msec > 999) {
			endTime--;
			msec = 1;
		}
	}
}

/* Awesome Password Generator RNG replay
 * Written by Michael Samuel <mik@miknet.net>
 * Public Domain.
 *
 * This takes advantage of a subtle bug, where a crypto RNG is used to
 * seed the C# System.Random() class, which takes a 32-bit input, but
 * converts negative numbers into non-negative numbers, resulting in
 * only 31 bits of security.
 *
 * This only implements "easy to type" being *unticked*, and numbers,
 * lowers, uppers and symbols being ticked, in random password mode.
 * Changing the password length is easy, anything else is left as an
 * exercise to the reader.
 *
 * Running Awesome Password Generator (1.3.2 or lower) in Mono is still
 * vulnerable, but uses a different RNG, so this mode isn't compatible.
 */

/* Awesome Password Generator 1.3.2 does a two-pass run, selecting which
 * charset each position will have, then picking the character.  This
 * leads to heavy bias, and is fixed in 1.4.0 (along with many other
 * fixes).  If you have been using Awesome Password Generator, you should
 * upgrade immediately and change your passwords.
 */
[List.External:AwesomePasswordGenerator]
int numbers[10];
int lowers[26];
int uppers[26];
int symbols[32];

/* Since we don't have a double datatype, I simply pre-calculated the
 * transition numbers calculating the scale formula:
 * (double)randNum * 4.656612873077393e-10 * {4/10/26/32}
 */
int boundaries_charclass[4];
int boundaries_numbers[10];
int boundaries_letters[26];
int boundaries_symbols[32];

/* This is the bug we're exploiting - the seed for the RNG is 32 bits
 * from the crypto rng.  The non-crypto RNG converts negative numbers
 * into non-negative numbers, so there's only 2^31 possible seeds.
 */
int seed;

int password_length;

void init()
{
	password_length = 16; /* Change this to match config */

	int c, i;

	c = '0'; i = 0; while (c <= '9') numbers[i++] = c++;
	c = 'a'; i = 0; while (c <= 'z') lowers[i++] = c++;
	c = 'A'; i = 0; while (c <= 'Z') uppers[i++] = c++;

	/* Symbols */
	i = 0;
	symbols[i++] = '!'; symbols[i++] = '@'; symbols[i++] = '#'; symbols[i++] = '$';
	symbols[i++] = '%'; symbols[i++] = '^'; symbols[i++] = '&'; symbols[i++] = '*';
	symbols[i++] = '('; symbols[i++] = ')'; symbols[i++] = '~'; symbols[i++] = '-';
	symbols[i++] = '_'; symbols[i++] = '='; symbols[i++] = '+'; symbols[i++] = '\\';
	symbols[i++] = '|'; symbols[i++] = '/'; symbols[i++] = '['; symbols[i++] = ']';
	symbols[i++] = '{'; symbols[i++] = '}'; symbols[i++] = ';'; symbols[i++] = ':';
	symbols[i++] = '`'; symbols[i++] = '\''; symbols[i++] = '"'; symbols[i++] = ',';
	symbols[i++] = '.'; symbols[i++] = '<'; symbols[i++] = '>'; symbols[i++] = '?';

	i = 0;
	boundaries_charclass[i++] = 536870912; boundaries_charclass[i++] = 1073741824;
	boundaries_charclass[i++] = 1610612736; boundaries_charclass[i++] = 2147483647;

	i = 0;
	boundaries_numbers[i++] = 214748365; boundaries_numbers[i++] = 429496730;
	boundaries_numbers[i++] = 644245095; boundaries_numbers[i++] = 858993460;
	boundaries_numbers[i++] = 1073741824; boundaries_numbers[i++] = 1288490189;
	boundaries_numbers[i++] = 1503238554; boundaries_numbers[i++] = 1717986919;
	boundaries_numbers[i++] = 1932735284; boundaries_numbers[i++] = 2147483647;

	i = 0;
	boundaries_letters[i++] = 82595525; boundaries_letters[i++] = 165191050;
	boundaries_letters[i++] = 247786575; boundaries_letters[i++] = 330382100;
	boundaries_letters[i++] = 412977625; boundaries_letters[i++] = 495573150;
	boundaries_letters[i++] = 578168675; boundaries_letters[i++] = 660764200;
	boundaries_letters[i++] = 743359725; boundaries_letters[i++] = 825955250;
	boundaries_letters[i++] = 908550775; boundaries_letters[i++] = 991146300;
	boundaries_letters[i++] = 1073741824; boundaries_letters[i++] = 1156337349;
	boundaries_letters[i++] = 1238932874; boundaries_letters[i++] = 1321528399;
	boundaries_letters[i++] = 1404123924; boundaries_letters[i++] = 1486719449;
	boundaries_letters[i++] = 1569314974; boundaries_letters[i++] = 1651910499;
	boundaries_letters[i++] = 1734506024; boundaries_letters[i++] = 1817101549;
	boundaries_letters[i++] = 1899697074; boundaries_letters[i++] = 1982292599;
	boundaries_letters[i++] = 2064888124; boundaries_letters[i++] = 2147483647;

	i = 0;
	boundaries_symbols[i++] = 67108864; boundaries_symbols[i++] = 134217728;
	boundaries_symbols[i++] = 201326592; boundaries_symbols[i++] = 268435456;
	boundaries_symbols[i++] = 335544320; boundaries_symbols[i++] = 402653184;
	boundaries_symbols[i++] = 469762048; boundaries_symbols[i++] = 536870912;
	boundaries_symbols[i++] = 603979776; boundaries_symbols[i++] = 671088640;
	boundaries_symbols[i++] = 738197504; boundaries_symbols[i++] = 805306368;
	boundaries_symbols[i++] = 872415232; boundaries_symbols[i++] = 939524096;
	boundaries_symbols[i++] = 1006632960; boundaries_symbols[i++] = 1073741824;
	boundaries_symbols[i++] = 1140850688; boundaries_symbols[i++] = 1207959552;
	boundaries_symbols[i++] = 1275068416; boundaries_symbols[i++] = 1342177280;
	boundaries_symbols[i++] = 1409286144; boundaries_symbols[i++] = 1476395008;
	boundaries_symbols[i++] = 1543503872; boundaries_symbols[i++] = 1610612736;
	boundaries_symbols[i++] = 1677721600; boundaries_symbols[i++] = 1744830464;
	boundaries_symbols[i++] = 1811939328; boundaries_symbols[i++] = 1879048192;
	boundaries_symbols[i++] = 1946157056; boundaries_symbols[i++] = 2013265920;
	boundaries_symbols[i++] = 2080374784; boundaries_symbols[i++] = 2147483647;

	seed = 0;
}

void generate()
{
	int i, j, s, next, nextp, val, bucket, randnum, used_charsets;
	int seedarray[56];

	/* BEGIN System.Random(seed) */
	if(seed < 0) {
		/* Only bother with non-negative integers */
		word = 0;
		return;
	}

	s = 161803398 - seed++;
	seedarray[55] = s;
	i = val = 1;

	while(i < 55) {
		bucket = 21 * i % 55;
		seedarray[bucket] = val;
		val = s - val;
		if(val < 0) val += 2147483647;
		s = seedarray[bucket];
		i++;
	}

	i = 1;
	while(i < 5) {
		j = 1;
		while(j < 56) {
			seedarray[j] -= seedarray[1 + (j + 30) % 55];
			if(seedarray[j] < 0) seedarray[j] += 2147483647;
			j++;
		}
		i++;
	}
	next = 0;
	nextp = 21;
	/* END System.Random(seed) */

	used_charsets = 0;
	while(used_charsets != 15) {
		i = 0;
		while(i < password_length) {
			/* BEGIN Random.Sample() */
			if (++next >= 56) next = 1;
			if (++nextp >= 56) nextp = 1;
			randnum = seedarray[next] - seedarray[nextp];
			if (randnum == 2147483647) randnum--;
			if (randnum < 0) randnum += 2147483647;
			seedarray[next] = randnum;
			/* END Random.Sample() */

			j = 0;
			while(boundaries_charclass[j] < randnum) j++;

			word[i] = j; /* Temporarily store in word[] */
			used_charsets |= (1 << j);
			i++;
		}
	}

	i = 0;
	while(i < password_length) {
		/* BEGIN Random.Sample() */
		if (++next >= 56) next = 1;
		if (++nextp >= 56) nextp = 1;
		randnum = seedarray[next] - seedarray[nextp];
		if (randnum == 2147483647) randnum--;
		if (randnum < 0) randnum += 2147483647;
		seedarray[next] = randnum;
		/* END Random.Sample() */
		j = 0;

		if(word[i] == 0) {
			while(boundaries_letters[j] < randnum) j++;
			word[i++] = lowers[j];
		} else if (word[i] == 1) {
			while(boundaries_letters[j] < randnum) j++;
			word[i++] = uppers[j];
		} else if (word[i] == 2) {
			while(boundaries_numbers[j] < randnum) j++;
			word[i++] = numbers[j];
		} else { /* if (word[i] == 3) */
			while(boundaries_symbols[j] < randnum) j++;
			word[i++] = symbols[j];
		}
	}
	word[i] = 0;
}


void restore()
{
	int i, j, s, next, nextp, val, bucket, randnum, used_charsets;
	int seedarray[56];
	int candidate[32]; /* This needs to be at-least as big as password-length */

	seed = 0;

	while(seed > 0) {
		/* BEGIN System.Random(seed) */
		s = 161803398 - seed++;
		seedarray[55] = s;
		i = val = 1;

		while(i < 55) {
			bucket = 21 * i % 55;
			seedarray[bucket] = val;
			val = s - val;
			if(val < 0) val += 2147483647;
			s = seedarray[bucket];
			i++;
		}

		i = 1;
		while(i < 5) {
			j = 1;
			while(j < 56) {
				seedarray[j] -= seedarray[1 + (j + 30) % 55];
				if(seedarray[j] < 0) seedarray[j] += 2147483647;
				j++;
			}
			i++;
		}
		next = 0;
		nextp = 21;
		/* END System.Random(seed) */

		used_charsets = 0;
		while(used_charsets != 15) {
			i = 0;
			while(i < password_length) {
				/* BEGIN Random.Sample() */
				if (++next >= 56) next = 1;
				if (++nextp >= 56) nextp = 1;
				randnum = seedarray[next] - seedarray[nextp];
				if (randnum == 2147483647) randnum--;
				if (randnum < 0) randnum += 2147483647;
				seedarray[next] = randnum;
				/* END Random.Sample() */

				j = 0;
				while(boundaries_charclass[j] < randnum) j++;

				candidate[i] = j;
				used_charsets |= (1 << j);
				i++;
			}
		}

		i = 0;
		while(i < password_length) {
			/* BEGIN Random.Sample() */
			if (++next >= 56) next = 1;
			if (++nextp >= 56) nextp = 1;
			randnum = seedarray[next] - seedarray[nextp];
			if (randnum == 2147483647) randnum--;
			if (randnum < 0) randnum += 2147483647;
			seedarray[next] = randnum;
			/* END Random.Sample() */
			j = 0;

			if(candidate[i] == 0) {
				while(boundaries_letters[j] < randnum) j++;
				if(lowers[j] != word[i++]) break;
			} else if (candidate[i] == 1) {
				while(boundaries_letters[j] < randnum) j++;
				if(uppers[j] != word[i++]) break;
			} else if (candidate[i] == 2) {
				while(boundaries_numbers[j] < randnum) j++;
				if(numbers[j] != word[i++]) break;
			} else { /* if (word[i] == 3) */
				while(boundaries_symbols[j] < randnum) j++;
				if(symbols[j] != word[i++]) break;
			}
		}
		if(i == password_length) return;
	}
}

# Try sequences of adjacent keys on a keyboard as candidate passwords
[List.External:Keyboard]
int maxlength, length;	// Maximum password length to try, current length
int fuzz;		// The desired "fuzz factor", either 0 or 1
int id[15];		// Current character indices for each position
int m[0x800];		// The keys matrix
int mc[0x100];		// Counts of adjacent keys
int f[0x40], fc;	// Characters for the first position, their count

void init()
{
	int minlength;
	int i, j, c, p;
	int k[0x40];

	// Initial password length to try
	if (req_minlen)
		minlength = req_minlen;
	else
		minlength = 1;
	if (req_maxlen)
		maxlength = req_maxlen;
	else
		maxlength = cipher_limit;	// the format's limit
	fuzz = 1;			// "Fuzz factor", set to 0 for much quicker runs

/*
 * This defines the keyboard layout, by default for a QWERTY keyboard.
 */
	i = 0; while (i < 0x40) k[i++] = 0;
	k[0] = '`';
	i = 0; while (++i <= 9) k[i] = '0' + i;
	k[10] = '0'; k[11] = '-'; k[12] = '=';
	k[0x11] = 'q'; k[0x12] = 'w'; k[0x13] = 'e'; k[0x14] = 'r';
	k[0x15] = 't'; k[0x16] = 'y'; k[0x17] = 'u'; k[0x18] = 'i';
	k[0x19] = 'o'; k[0x1a] = 'p'; k[0x1b] = '['; k[0x1c] = ']';
	k[0x1d] = '\\';
	k[0x21] = 'a'; k[0x22] = 's'; k[0x23] = 'd'; k[0x24] = 'f';
	k[0x25] = 'g'; k[0x26] = 'h'; k[0x27] = 'j'; k[0x28] = 'k';
	k[0x29] = 'l'; k[0x2a] = ';'; k[0x2b] = '\'';
	k[0x31] = 'z'; k[0x32] = 'x'; k[0x33] = 'c'; k[0x34] = 'v';
	k[0x35] = 'b'; k[0x36] = 'n'; k[0x37] = 'm'; k[0x38] = ',';
	k[0x39] = '.'; k[0x3a] = '/';

	i = 0; while (i < 0x100) mc[i++] = 0;
	fc = 0;

	/* rows */
	c = 0;
	i = 0;
	while (i < 0x40) {
		p = c;
		c = k[i++] & 0xff;
		if (!c) continue;
		f[fc++] = c;
		if (!p) continue;
		m[(c << 3) + mc[c]++] = p;
		m[(p << 3) + mc[p]++] = c;
	}
	f[fc] = 0;

	/* columns */
	i = 0;
	while (i < 0x30) {
		p = k[i++] & 0xff;
		if (!p) continue;
		j = 1 - fuzz;
		while (j <= 1 + fuzz) {
			c = k[i + 0x10 - j++] & 0xff;
			if (!c) continue;
			m[(c << 3) + mc[c]++] =…