What are the minimum hardware requirements?
We believe the minimum requirements are a PalmPilot with PalmOS 2. We wrote the software using the GCC SDK for Win32 with GCC, the GNU Emacs editor version 19.34.1 for Win32 and the CoPilot version 1.0b9for emulation.  We tested the program using the following hardware configurations:
  •  3Com PalmPilot Professional with PalmOS 2.0.5 Pro and 1MB
  •  IBM WorkPad (PalmIIIx) with PalmOS 3.1 and 4MB
It was also tested using the PalmOS Emulator (POSE) v2.1d29 with the following configurations:
  •  3Com PalmPilot Professional with PalmOS 2.0.5 Pro and 1MB
  •  3Com PalmIII with PalmOS 3 and 2MB
  •  3Com PalmIIIx with PalmOS 3.1 and 4MB
  •  3Com PalmV with PalmOS 3.1 and 4MB
Note: This program has not been tested on PalmOS 3.3 or higher.  There have been reports of the copy function/button not working on PalmOS 3.3.

What are the memory requirements?
The program itself takes approximately 31KB (version1.1).

As an example, a dictionary with 4000 words yields a PDB fileof 63KB, which loaded into the Pilot as a size of 101KB.

What is the performance?
The current performance* for UNIX dictionary wordlist comparisons is 25/sec.^  The current performance* for NT dictionary wordlist comparisons is 60/sec.  The performance for Cisco decryption is not considered since it doesn't perform Crack-style password breaking.

* Note, this is based on unmodified clock speed of a PalmPilot Professional.  Using the ClockMaster hack or other clock speed modifying programs will change these performance results.

^ Note, Alec Muffett says that in 1992 when working on Crack, replacing crypt() with fcrypt() yielded 25/sec on a Sun 3/60.  This makes sense because the Sun 3/60 was based on a Motorola processor!

How can I get an encrypted password string into the program?
You can get the encrypted password strings into the program via three methods:

  1. Use graffiti to manually enter the encrypted password entry.
  2. Enter the entry(s) into a Memo on the PC (using cut and paste from a UNIX window) and Hotsync the Memo to the Pilot.  Then use the Edit menu options for cutting and pasting an entry into the password field of the application.
  3. Use the Online program from Mark/Space Softworks to connect to a serial port and have VT100 access to the target UNIX box.  Once you reach this point, you can have your sessions logged to the Memo pad, so just cat/etc/password (or /etc/shadow) and you'll have your password entry in a Memo.  Follow step two above.
What types of passwords are supported?
This program currently works on standard UNIX passwords based on the crypt() function (not FreeBSD-type) and on NT LANMAN password hashes (not the NT challenge response MD4 hashes).  See http://www.l0pht.com/l0phtcrack/ for more information on NT passwords.

Cisco Type 7 (not Type 5 MD5 hashes) password decryption support is now available.  See http://www.cisco.com/warp/public/701/64.html for more information.

How do I get an NT encrypted password?
On an NT box, run pwdump (or pwdump2 if SYSKEY is enabled) from a DOS window in order to dump the password file entry.  The pwdump command can be found in the L0phtcrack distribution found at http://www.l0pht.com/l0phtcrack/.

How does brute force checking work?
The brute force crack is very compute intensive, mainly because of the number of iterations required.  As a result, the brute force check is disabled by default.  Check the menus tour for information on enabling brute force checking.
Number of Iterations
Category Base
UNIX (x=8) NT (x=14) NT Case Insensitive
Lower case 26^x 2 x 10^11 6 x 10^19
Lower case w/nums 36^x 3 x 10^12 6 x 10^21
Mixed case 52^x 5 x 10^13 6 x 10^19
Mixed case w/nums 62^x 2 x 10^14  6 x 10^21
All symbols 92^x 5 x 10^15 3 x 10^25

As you can see, the number of iterations is pretty huge and not really feasible for a tiny, single CPU Dragonball Pilot. As an estimate, for passwords up to 4 characters in length, it takes approximately 5 hours just to check the entire space for UNIX for only lower case characters!

   26+26^2+26^3+26^4 iterations / 25iterations/sec / 3600 secs/hr = 5.25 hours

How can I create my own custom dictionary?
A pc.pdb file can be made with a perl program called pcmwdb (PalmCrack Make Wordlist DataBase).  The only platform that pcmwdb has been tested on is Sun SPARC running Solaris 7 using Perl 5.005.  Contact Noncon for more information about developing custom wordlist dictionaries.

How do I contact Noncon, Inc?
You can contact us using the following email addresses:

Contact  E-mail Address
General Information [email protected]
 Product Support Issues [email protected]
 PalmCrack Related [email protected]