802.11MERCENARY.NET /ps3-wepcrack

jc-aircrack
jc-wepcrack
jc-duration-printer
pico-wepcrack
ps3-wepcrack
pcap-wepcrypt
prism-strip
simple-replay
pcap2air
libairware
lorcon
downloads
news

PS3-wepcrack*

jc-wepcrack now includes a hardware accelerated client that can run on Cell processors. The client was written by HD Moore (thanks HD) and is included in jc-wepcrack/clients/cbe-client. It's not pretty like pico-wepcrack (hence no screen-shot), but damn it sure is fast.

If you dont know what a Cell processor is, basically its a 64-bit PowerPC CPU with a lot of generic vector processing units on board. Sony calls these things synergistic processing units (SPUs) but I refuse to let marketese infect my technical jargon like that, so I'm going to call them what they are; vector processing units.

Anyway, the Cell processor inside a PS3 comes with 7 of these things, but for reasons I won't get into only 6 of them are available to application level code. (Actually, there were supposed to be 8 on board, buy yields were too low, and they had to tune it down to the lowest common denominator, but I i digress.) The way the cbe-client works is that it checks out 6 key-space chunks, and then runs them all in parallel on the VPUs. A single VPU (or SPU in stupid-marketing-sony-talk) can do a little more than 240,000 keys/sec. Multiply by 6 and you get 1.44m keys/sec without actually tying up the PowerPC core.
(2^40 keys / 1,440,000 keys/sec) = 763549 secs = 12725 mins = 212 hours =
8 days to brute force a 40-bit keyspace using only the VPUs available on a single PS3.
Throwing in the silicon actually available on the PowerPC core would decrease this number by about half.

The numbers below show how the cbe-client stacks up relative to a un-optimized software implementation (the stock jc-wepcrack client) and the FPGA accelerated client that runs on pico-computing boards. These numbers were last updated on 02-16-2007.

vanilla client (un-accelerated)	PS3-accelerated (cbe-client)	FPGA-accelerated (pico-wepcrack)
1.25 GHz G4 ~ 150,000/sec base speed	PS3-CBE ~ 1,440,000/sec 9.6 x speedup	LX25 ~9,000,000/sec 60 x speedup

If you wan't to try it out for yourself, youll need a PS3 as well as a linux install on it it. You'll also need the spu-elf cross-compiling tools and the SDK (at least, libspe, libspe2) from IBM. once you have that done you can compile and run the cbe-client just like any other jc-wepcrack client.

Development was done on the gentoo port, but the code probably isn't tied very much to gentoo. Currently the cbe-client will only talk to a server running on the same platform. I haven't had time to track down what exactly is causing this yet, but hope it will be fixed soon.

*

Actually, Cell Broadband Engine (CBE) wepcrack would be more precise, but since the only place to get one of these is inside a PS3 right now, i'm calling it PS3-wepcrack