implementing brute force attacks on hash values in Javascript

Question

Before I get to the actual question I would like to clarify some things because I know how ridiculous "brute forcing with javascript" can sound when taken out of context :).

I'm working for my bachelor thesis at the end of which I aim to implement a proof-of-concept Javascript-based hash cracker. The idea is to work like this: Users can submit a hash value along with information about the used algorithm. (Other) users can also click on a button on the website in order to participate in the cracking process. The server's task is to accept and split the submitted 'orders' into ranges, depending on the number of available workers. The ranges are then sent to the clients who clicked said button.

I am currently stuck with the two big questions of how to actually implement this brute force function. So my main problem now is that, frankly, I'm not really that settled in Javascript yet. For starters, I would just use a hardcoded character set: alpha-numeric, lower and upper case, no special characters. Problem is I honestly have absolutely NO clue of how to actually implement the function that would try out al the character combinations, on how to program that. I can imagine using a normal array containing the charset, then two strings. One string would contain the range, the other will contain the tried combinations. So I would somehow have to iterate through the charset array and the strings maybe with cascaded for-loops or something, but I'm really stuck with the question of 'how' exactly :). I don't expect any of you to actually provide me with the full source code for such a function (unless you want to of course), but I'd really appreciate some hints or explanations on how to implement such a brute force function. I'd also not bother about performance or optimized coding at this point, but rather about comprehensive coding, or whatever you might want to call it :)

Sorry if I got fuzzy on some details in my question. If so, tell me and I will of course try to clarify further.

Answer 1

Brute force style function over an alphabet. There are probably easier ways to do this.

function brute(alphabet, match, int_start, int_stop){
    var a = alphabet, al = 0,                     // for alphabet
        m = match.toString(), ml = m.length,      // for our compare
        i = int_start || 0, j = int_stop || 0,    // range of numbers to test
        k = 0, l = 0, add = 0, sub = 0, diff = 0, // for building test string
        test = '', found = false;                 // test string and result

    if(i < 0) throw 'int_start must be at least 0';

    if(a.constructor !== undefined){           // We need a string or array as
        if( a.constructor.name !== 'String' && // our alphabet so we check for
            a.constructor.name !== 'Array' )   // correct input and modify if
                a = a.toString();              // necessary, or if we can't, 
    }
    else throw 'Bad alphabet type';            // we throw an error

    al = a.length;    // shorthand length

    add = al;                             // when i=0, we start prefix here
    while(add <= i - sub) sub += add,     // then work out what we have to
                          add = add * al; // prefix our number with

    diff = add - sub; // shorthand to save calculations

    while( i < j ){   // actual brute force loop starts here
        test = '';       // empty any previous string
        k = diff + i;    // convert our number from "x" to "1x"

        while(k > 0){           // build it as a string
            l = k % al;         // get index of digit
            test = a[l] + test; // add digit to string
            k = ( k - l ) / al; // move digits along
        }

        test = test.substring(1); // cut off the initial "1" we added

        if(test.length === ml && test === m){ // compare test to what you want
            found = true;
            break;
        }

        i++;                  // prepare for our next loop
        if(i - sub === add)   // and if we need another digit
            sub += add,       // then recalculate our prefix
            add = add * al,   // and then
            diff = add - sub; // update the shorthand 
    }

    // brute force ended, let's see what we've got

    if(found === false) i = -1; // if not found, return -1 as index

    return [i, test, m]; // index found, string found with, what we were looking for
}

Then use via e.g.

brute('0123abcd', '0c', 0, 20); // [14, "0c", "0c"]