A high-performance brute-force tool for AES-256-CBC encrypted files using GPU acceleration. Specifically crafted to tackle Theo’s “Impossible Challenge” by guessing the UUID used as the encryption password.
Theo (t3dotgg) proposed a cryptographic challenge with a $1,000 reward:
I ran
crypto.randomUUID()twice on my machine.The first ID was
15041508-fd38-4eda-bc1d-7b74e4738cd9The second? That's your challenge.
I encrypted a text file with the following command:
openssl enc -aes-256-cbc -salt \ -in impossible-challenge.txt \ -out impossible-challenge.txt.enc \ -pass pass:{2nd-uuid-goes-here}If you can crack this UUID (under 24 hours), I'll give you $1,000.
Additional clues provided:
- The decrypted file contains English text
- The first two characters are "Th"
- "You'll know when you have the right one :)"
The cracker employs a multi-pronged strategy:
- Random UUID Generation: Creates RFC 4122 compliant version 4 UUIDs
- Key Derivation: Uses PBKDF2 with HMAC-SHA1 to derive key and IV from the UUID
- Decryption: Attempts AES-256-CBC decryption with PKCS#7 padding
- Validation: Checks if decrypted content begins with "Th" and is valid UTF-8
| Implementation | Speed (UUIDs/second) | Relative Performance |
|---|---|---|
| JavaScript | ~10,000 | 1x |
| Rust (CPU) | ~500,000 | 50x |
| Rust + CUDA | ~55,000,000 | 5,500x |
Despite the impressive performance, the challenge remains mathematically daunting:
- UUIDs have 2^122 possible values
- At 55 million attempts per second, a complete brute force would take approximately 10^24 years
After testing over 20 trillion UUIDs, I still haven't found the solution!
The implementation encounters approximately 5 false positives per second - decryptions that start with "Th" but contain invalid UTF-8 data.
Tested on: Windows 11 24H2 Cargo 1.86.0 RTX 2060 and RTX 3060 OpenSSL 3.5.0 8 Apr 2025
- Cargo 1.86.0
- RTX 2060 and RTX 3060
- OpenSSL 3.5.0 8 Apr 2025
Used on Windows 11 24H2
- Rust and Cargo
- For GPU acceleration: CUDA Toolkit and compatible NVIDIA GPU
- OpenSSL
- The encrypted challenge file (optional)
# Clone the repository
git clone https://github.com/impavloh/uuid-cracker
cd uuid-cracker
# Build for release
cargo build --release# Run the cracker
cargo run --release
# If you have the encrypted file in a different location
cp /path/to/impossible-challenge.txt.enc .
cargo run --releaseFor optimal GPU performance, compile the CUDA kernels for your specific GPU architecture:
# Default
nvcc -ptx -o uuid_cracker.ptx uuid_cracker.cu
# Pascal (GTX 1000 series)
nvcc -ptx -arch=sm_60 -o uuid_cracker.ptx uuid_cracker.cu
# Ampere (RTX 3000 series)
nvcc -ptx -arch=sm_80 -o uuid_cracker.ptx uuid_cracker.cu
# Ada Lovelace (RTX 4000 series)
nvcc -ptx -arch=sm_89 -o uuid_cracker.ptx uuid_cracker.cuWhen running, the program displays:
- GPU initialization status
- Batch sizes and configuration
- Regular performance statistics
- Any potential matches
If a valid UUID is found, the program will:
- Display the UUID and decrypted content
- Save the UUID to
successful_uuid.txt
.
├── src/
│ ├── main.rs # Main Rust implementation
│ ├── uuid_cracker.cu # CUDA kernel implementation
│ └── uuid_cracker.ptx # Compiled PTX
├── Cargo.toml # Rust dependencies
├── impossible-challenge.txt.enc # Encrypted challenge file
├── possible_matches.log # Log of possible but invalid UUIDs
├── test-log.txt # My tests log file
└── README.md # This file :)
This tool is intended for educational and challenge-specific purposes only. It demonstrates:
- The strength of modern cryptographic standards when properly implemented
- The practical limits of brute-force approaches even with massive parallelization
- Techniques for GPU-accelerated cryptographic operations
- The importance of proper key management and entropy sources
Based on community efforts visible in Theo's gist discussion, multiple people have attempted this challenge with various approaches:
- Some developers achieved 1-2 million UUIDs/sec on CPU
- Others reached up to 30 million UUIDs/sec with optimized implementations
- After billions of attempts, no valid solution has been found
- The mathematical probability of success remains infinitesimally small (~10^-37)
I will update this project in the future
This project is licensed under the MIT License :)
- Theo for creating the "impossible" challenge that inspired this project
- Nolen for updating EveryUUID with a UUID-guessing functionality to decrypt Theo's file as you scroll (and adding some checks to reduce the false positive rate)
Disclaimer: Im familiar with JavaScript and Rust but I had no prior experience coding with CUDA. I relied on Claude, Stack Overflow, Reddit (everything works thanks to a 7yo post I cant seem to find again) and the NVIDIA documentation to figure things out. It was a fun experience and I learned a lot! :)