Ok, time to dip from the proverbial knowledge pool. Im trying to focus on learning bluetooth cracking (yeah im a dee-de-dee but i think i want to try to develop something along the lines of kismet for bluetooth sniffers). However, in an effort to be at least semi-cutting edge from 2006, i'm trying to get into FPGAs. I would hop on the whole Pico E12 or E16 bandwagon, but i think i left my $1000 bucks (899 for the e12) in my other pants.

I've been looking at Spartan E3 starter kit (retails at the low low price of $149.99) www .xilinx.com/products/silicon_solutions/fpgas/spartan_series/spartan3e_fpgas/index.htm

But due to lack of true knowledge of the hardware out there i'm left with a few questions:

All the fpga tools on bt3 (winzipcrack, wepcrack, cowpatty,etc) that harness fpgas, do they need just the e12, or e16? OR can a guy get any FPGA and go to work?

If all fpgas are not created equal, is there a term that will help me in my searches for the proper (read CHEAP) fpga? I'm not even 100% sure the E3 is in the same realm as the e12 and e16s from PICO.

If anyone has any experience with the E3 let me know as im frothing at the mouth to order it. If an E12 gets 9,000,000/s key attempts and a p4 gets 150,000 if i could even get 3 or 4,000,000/s from the cheapo E3 i'd be happy.

Thanks in advance. God i love this forum.

Oh and also, good starting point if this is your first run in with FPGAs (i know i learn from other peoples questions too) start with this quick Black Hat presentation slide deck:
www .blackhat.com/presentations/bh-usa-06/BH-US-06-Moniz-Hulton.pdf

In my little knowledge I gained when i was thinking about buying a pico chip I understood a few things.
#1 a kernel patch is needed so the kernel must be rebuilt with the proper patch
#2 the actual software must be patched to provide fpga support

The way I understood it was the open cipher project was doing the support. The guy in charge of it works at pico and did the def con presentation.


BT3 has 6 softwares that I can find with fpga support however I do not know if that means any fpga or only the pico. If I were to guess I would say only the pico. Contrary to popular belief it is not a super easy way to jack up the speed on your processor. I will take a look at the tool you found though and see what its all about.

does anyone own FPGA card or a pico card ?
and if someone does have they tried generating wpa tables ?

h1kari is the only person I know who had done this, but he is not a member here.

I'm not sure how into the FPGA world you want to get, but you might check out a company called Altera. I believe that their VHDL and Verilog tools are free for the taking.

Back when I was in school I used one of their chips and an old monitor to create a game of Video Blackjack for my Senior Project.

Ok, so to turn this thread into an all you can eat FPGA source of information, heres what i've learned since my first post on the subject.

So lets start from the beginning for all the tv viewers at home just tuning in.
First, FPGA what is it?

field-programmable gate array - A field-programmable gate array (FPGA) is an integrated circuit (IC) that can be programmed in the field after manufacture. FPGAs are similar in principle to, but have vastly wider potential application than, programmable read-only memory (PROM) chips. FPGAs are used by engineers in the design of specialized ICs that can later be produced hard-wired in large quantities for distribution to computer manufacturers and end users. Ultimately, FPGAs might allow computer users to tailor microprocessors to meet their own individual needs.

In our needs [ie you and I fellow remote-exploiters] it can be used to quickly generate rainbow tables. This can be used to crack encryption [such as AES in the case of WPA and Winzip encryped zips].


Required FPGA Reading:

Design Recipes for FPGAs [by peter wilson] - and by required reading i mean reading i'm forcing myself through as the subject matter is a little dry. Maybe ill write a easy to read [ill throw a fart joke in from time to time] hacker/cracker fpga book and make my first million.


THe hardware:
The best two are the pico e12 and pico e16
http://www.picocomputing.com/products/cards.php

Others to look into is:
http://www.altera.com/products/devices/cyclone3/cy3-index.jsp
http://www.embeddedarm.com/products/board-detail.php?product=TS-7300


That being said, my overall understanding of the subject novice at best, but i'm delving into it more and more. Hopefully i'll get some nice test results with one of these devices [or ill win the lottery and just buy a damn pico].

If anyone else is interested in digging into the subject matter any updates to this thread are appreciated.

I would honestly go with the Altera Cyclone, also Altera has a third party company who created a $50 dollar + $30 shipping fpga board, it is USB and about the size of a credit card. Altera's Window's Development tool is free but Linux is $2,000.00. Altera has overall easier to use software and better help files. I've used Altera and Xilinx for many projects.

You are right that fpga's are not created equal. Altera created a few that have larger NAND memory, touch screens and video outputs. I have seen linux run on that design. It's about 500.00 but it is loaded with nice features.

Althought I am new to Backtrack and this forum, I am an Electronics Engineer who Specializing in Computer/Network Architecutre. For example Routers design, switch design and Computer Design.

ok so would you be kind to suggest a product for abouts £100 and would you know if it can be applied in rainbow table generation ?

latest hak5 ep with the guy on gsm cracking - was mindblowing and having a small fpga device that can cut generation time in half if amazing.

i would also like to find out if that would be applicable with brute forcing and worldlist pounding stuff.

Anabolic, it wouldn't really do much for brute forcing and wordlist pounding as FPGAs do hash and encryption generation really fast because it is hardware setup in a way that it mimicks the logic behind the actual encryption/decrytion/hash generation algorithms but in hardware so rather than a processor having to do the multiple instructions to crunch the numbers the logic gates on the fpga are already oriented in teh way you set them up so they can crunch faster [feel free to ignore everything i just said for the quick and summary....no they dont do wordlist and bruteforcing]

Anabolic are you hoping to do wordlist attacks with your fpga? or hash work im 99% there is no fpga capable of running external wordlist attacks the logic blocks arent built for it any way you should look at the xlinkx virtex pro

heres a quick interesting read from wikipedia

Applications of FPGAs include digital signal processing, software-defined radio, aerospace and defense systems, ASIC prototyping, medical imaging, computer vision, speech recognition, cryptography, bioinformatics, computer hardware emulation and a growing range of other areas. FPGAs originally began as competitors to CPLDs and competed in a similar space, that of glue logic for PCBs. As their size, capabilities, and speed increased, they began to take over larger and larger functions to the state where some are now marketed as full systems on chips (SOC).

FPGAs especially find applications in any area or algorithm that can make use of the massive parallelism offered by their architecture. One such area is code breaking, in particular brute-force attack, of cryptographic algorithms.

FPGAs are increasingly used in conventional High Performance Computing applications where computational kernels such as FFT or Convolution are performed on the FPGA instead of a microprocessor. The use of FPGAs for computing tasks is known as reconfigurable computing.

The adoption of FPGAs in high performance computing is currently limited by the complexity of FPGA design compared to conventional software and the extremely long turn-around times of current design tools, where 4-8 hours wait is necessary after even minor changes to the source code.
-ninja

you can find all the algorithms you need to crack bluetooth at openciphers project and use the FPGA recommended, the pico e-12 from h1kari's website picocomputing.com.

openciphers.sourceforge.net/oc/btpincrack.php

Look into Nick Breese's Crackstation and the work recently done on cracking using a Playstation Three the benchmarks are impressive to say the least. The question remains, what can effectively be ported to run under SPU and speed those implementations will offer. However it is an exciting avenue opening up before us.

h*t*t*p://opencores.org/cvsweb.shtml/sha_core/

here is the SHA1 core for a FPGA, written in VHDL... the only thing to do, is to interface the computer with the FPGA board...

i don't have the money to do this xP

there are a few cheaper alternatives... like a CPLD... a FPGA is oversized, only to compute a few SHA1 hashes!

I am already working on! the problem is to get a working interface to the PC...


psi xP

Hi guys,
I am really happy, that i found this topic. I'm also thinking about buying a cheap altera or xilinx FPGA, 'cause it will be amazing to make faster the WPA attacks.

But i have few questions about it:
First of all, you said, that with an FPGA you can compute rainbow/hash tables very fast. But I have already seen a presentation, that said: you only have to provide your hash, you wanna crack, and a word (randoomly generated or provided by a wordlist) for your FPGA, and it will do the rest of the work: it will make the hash, compare it to you own hash, and say, if it matches or not.
I think, xilinx packs also a windows driver with its FPGAs, so if you buy a Starter Kit, and use the driver to communicate with the device, run the code (mentioned above) on the device, than you only have to write an algorithm, that generates words (or reads them from a wl) and send it out to your device. Abput the comparison: if it is not too complicted to code it, the FPGA should do it, if it is, than your computer should do this.

So the task is not so easy, but managable.
Is there any people, who wants to try to work on it? :rolleyes:

DOMy