What is Ravan?

Ravan is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. It makes use of HTML5 WebWorkers to start background JavaScript threads in the browsers of the workers, each worker computes a part of the hash cracking activity.

Salted and plain versions of the following hashing algorithms are currently supported:

  • MD5
  • SHA1
  • SHA256
  • SHA512
How to use?

Using Ravan is very simple, just follow these steps:

  1. Go to http://www.andlabs.org/tools/ravan.html
  2. Enter the value of the hash that must be cracked
  3. Enter the value of the salt, if it is not a salted hash then leave it blank
  4. Enter the charset. Only these characters will be use in the brute force attack
  5. Select the hashing algorithm (MD5, SHA1, SHA256, SHA512)
  6. Select the position of the salt. (clear-text+salt or salt+clear-text)
  7. Hit ‘Submit Hash’
  8. If hash is successfully submitted it would return a URL. Send this URL to all the workers and get them to click ‘start’ on that page.
  9. Keep the main page open without reloading till the hash is cracked.

That is it. Once the workers click start they would be doing pieces of the work and submitting results back. The main page would constantly monitor the progress of the cracking process and manage it across all the workers. You would be able to see the stats throughout the process, once the hash is cracked the clear-text value is displayed.

Note: The main page manages the cracking so it must not be closed or the cracking would fail.

How it works?

Ravan has three components:

  • Master:
    The hash, salt, hashing algorithm, position of the salt (before or after salt) and the charset are submitted by the user. These are submitted to the web backend and it returns a ‘hash id’ which is unique to every submitted hash. It also supplies a ‘worker url’ specific to this hash that must be sent to potential workers.
    Once the hash is submitted the master creates arrays of slots (each array contains 5 slots), this is submitted to the web backend. Each slot represents a small part of the keyspace, this is how the entire activity is broken down in to multiple tiny tasks. A single slot represents 1 million combinations.
    The master constantly polls the web backend to check on the progress of the cracking process. As the existing list of slots is completed by the workers the master allots more slots. When a worker cracks the hash and returns the clear-text value the master confirm this and then signals all workers to stop cracking.

  • Web Backend:
    The web backend acts as a proxy between the master and the workers. It does not perform any actual computation but validates the data submitted by both the parties and passes information between them.

  • Worker:
    The worker performs the actual hard work of cracking the hashes. Each hash has a unique worker URL and this page explicitly asks for the user permission before the cracking process is started. Once the user accepts and clicks ‘Start’ the worker polls the web backend for available slots, the web backend returns an array of slots from its database. The worker cracks each slot and sends the result to the web backend. After completing all the slots it polls the web backend for more slots.