This repo is a SV implementation targeted for the Basys-3 FPGA for brute-forcing bcrypt encrypted passwords.

The nltk corpus is used as a list of potential passwords to guess. To generate the corpus, run retrieveCorpus.py and build_flash_corpus.py in HelperPrograms/ObtainCorpus. The retrieveCorpus script creates a file of every word in the nltk corpus as line-separated ASCII text. The build_flash_corpus script converts these words into binary data, stored according to the bcrypt 6 bit dictionary, and null terminated with 0 (in the bcrypt dictionary, this is a .).

For convenience, and in case the corpus is updated, the corpus.bin generated from this process is already provided.

After generating the corpus, generate the bitstream using the SV source files in Vivado. Then, in Vivado tcl console, run source make_mcs.tcl. This tcl program combines the generated bitstream and corpus.bin into a combined.mcs file, used for flashing the SPI chip on the Basys-3 board. This allows us to use the SPI chip for both the bitstream (which takes 2.2MB), and the bcrypt dictionary, which is 1.3MB, although, the dictionary could be larger, since there is 1.8MB of space for user data. Make sure to update the paths inside the make_mcs.tcl file as needed, so it can find your generated bitstream and corpus.bin.

Once the combined.mcs is obtained, in Vivado connect to the Basys-3 board in the hardware manager. Right click on the box in hardware manager which says something like xc7a35t_0 (2). Then select add configuration memory device, and select the Macronix SPI chip, which is on the Basys-3, namely, "mx25l3273f-spi-x1_x2_x4". Older Basys-3 Boards may have been made with the Spansion SPI chip instead, if so, make sure to choose the appropriate part for that (I think everything else should still work, but no guarantees).

Now, to program the Basys-3, right click the newly added configuration memory device, select program configuration memory device, and select the combined.mcs. Make sure to select Erase, Program, and Verify, if that is not already selected.

Now that the board is programmed, make sure the MODE jumper is between the QSPI pins, and press the red PROG button, then press the middle btnC on the board to reset it. The board is now ready for a salt + cost + target_hash to compute on!

In ./HelperPrograms, now run make and make run to connect to the Basys-3 board. You may need to update which port is used by the cpp program to match your Basys-3. Your Basys-3 is now brute forcing passwords for the users in the shadow.txt file! This cpp program inserts one entry that is super fast to compute, for the word Abagasi, which is at the very front of the dictionary. You should be able to see this computation finish almost instantly to confirm everything is working, and now you may wait for the computations for the users in shadow.txt!