pack2

pack2 is a replacement for iphelix’s PACK, developed for the 'Crack Me If You Can' password cracking competition at Defcon 2010. It helps analyze common ways people create passwords to enable more efficient cracking with other tools. The toolkit does not crack passwords itself but assists by generating optimized attack masks after analysis.

Use cases include preparing for password cracking competitions or real-world scenarios where brute-force is inefficient. After processing wordlists or inputs with its subcommands, it produces statistics and masks that can be fed into tools like oclHashcat for faster cracking. Note that it is a work in progress, with some features differing from the original PACK.

The package also includes deprecated Java tools pack200 and unpack200 for JAR file compression and decompression, but the primary focus is the pack2 password toolkit.

pack2 processes input wordlists or data through subcommands like statsgen to generate statistics on charset boundaries, patterns, and common constructions, outputting masks to files and stats to stderr. These masks represent probabilistic patterns (e.g., common length, character types) derived from statistical analysis, which are then used by cracking tools like oclHashcat to prioritize likely passwords over pure brute-force. Other subcommands like cgrams split lines on charset boundaries, filtermask applies masks to filter wordlists, and unhex decodes $HEX[] formats.