cpasswordsundefined-behaviorbrute-forcecracking

Limitation in the implementation of Brute Force

I have written a code which is supposed to crack a three digit numeric password. This code seems to work if the password is 888 or less than that. If the password is greater than 888, the code shows the following output:

Unable to crack password..

I'd like to know the reason behind this limitation and the solution to this problem. Thanks in advance.

#include <stdio.h>
#include <string.h>

int main()
{
    char pswd[5];
    char brute[4];
    char crack[4];


    printf("Program to crack a 3 digit numeric password\n ");
    printf("Enter password: ");
    scanf("%s", pswd);
    
    
    int i, j, k;
    int flag = 1;

    for(i = 48; i < 57; ++i)
    {
        for(j = 48; j < 57; ++j)
        {
            for(k = 48; k < 57; ++k)
            {
                crack[0] = i;
                crack[1] = j;
                crack[2] = k;
                crack[3] = 0;


                if(strcmp(crack, pswd) == 0)
                {
                    flag = 0;
                    break;
                }
            }
            
            if(flag == 0) break;
        }
        
        if(flag == 0) break;
    }
    
    
    

    flag == 0 ? printf("Password cracked successfully.\
Your password is %s", crack) : printf("Unable to crack password..");

    return 0;

}
Solution

  • The problem is that in your for-loops, the number 57 represents the character '9' but you added a strictly less than meaning you will not take the character '9', a simple fix would be to just add <='9' or <=57, so your code would look like:

    #include <stdio.h>
#include <string.h>

int main()
{
    char pswd[5];
    char brute[4];
    char crack[4];

    printf("Program to crack a 3 digit numeric password\n ");
    printf("Enter password: ");
    scanf("%s", pswd);
    int i, j, k;
    int flag = 1;

    for(i = '0'; i <= '9'; ++i)
    {
        for(j = '0'; j <= '9'; ++j)
        {
            for(k = '0'; k <= '9'; ++k)
            {
                crack[0] = i;
                crack[1] = j;
                crack[2] = k;
                crack[3] = 0;
                if(strcmp(crack, pswd) == 0)
                {
                    flag = 0;
                    break;
                }
            }
            if(flag == 0) break;
        }
        if(flag == 0) break;
    }
    flag == 0 ? printf("Password cracked successfully.\
Your password is %s", crack) : printf("Unable to crack password..");

    return 0;

}

    You could also change it to work for more than 3 digit numbers, my approach without arrays:

    #include <stdio.h>

int main()
{
    int pswd,brute = 0;

    printf("Program to crack a positive password\n ");
    do
    {
        printf("Enter password: ");
        scanf("%d", &pswd);
    } while(pswd<0);

    while(brute != pswd)
        brute++;
    printf("The password is %d",brute);
    getchar();
    return 0;
}