Cluster Password forgotten


I’ve changed some of my personnal GH definitions for password locked user objects in order to exchange these with my collegues then deleted my old definitions.
I can’t recall what password i’ve used. Is there any way to retreive it?
I can provide the locked user objects and some older unlocked ones but i would really like to get back the changes and work i’ve done.

Thanks for the help.


I just shared link in private message. Follow that and crack it. @raphael.thelot

Guys just be careful here. I wouldn’t send out the method. You don’t know if they want to really open their own clusters or are trying to crack others. (I mean no accusations). You def don’t want to piss of anyone that gets their clusters cracked. If you want to help you can have them send you the cluster in question and if it is infact theirs then just crack it for them.

Indeed I agree with you.

And yet you just gave away the secret to cracking GH clusters to someone you don’t know? :man_facepalming:

The security is an illusion anyway but still…


I think the real usecase for password protected clusters is to prevent definition modification by accident (within a team) and not to protect (pseudo) knowledge in first place. I indeed believe the most common usecase of cracking them is indeed when someone forgot his own password. There is only a very tiny percentage of clusters out there containing valuable information.


I disagree. I have seen very specific problems being solved by some of these and months of work behind them. The protection is trivial anyways. But the argument you make here is simply not true.

1 Like

One man’s trash is another man’s treasure
and security is not a door, it’s a resistance.


I still believe this is rather a rare case. First there are not many definitions around with many months of work, and if so how come they leave your office? If someone takes this data out of your company then this is the real problem. I know there are situations where this is simply not feasable.

But maybe pushing it to a private repository with a license helps people from claiming ownership in case it gets stolen. Anyway its a fight against windmills.

Giving data only to trusted people is the only helpful countermeasure against plagiarism.

It is beyond me how @TomTom can know “at least 3 methods to open” a protected cluster,
and he doesn’t even seem to work at McNeel (?). Even more bizarre is that he’s offering to open clusters by judging himself if it’s okay or not. Also by sending him your files, to take a look at, you have no control over what he really does on his end with the “sensible” data you wanted to protect in the first place.

Let’s be real, the whole “protective mechanism” is flawed! Thus the information how to crack the protection should be publicly available, not reserved for some people and others are locked out, and the system should be abolished. Also note that is isn’t even available in Rhino for Mac, which probably means that it’s on its way out anyways!

Its simple knowledge of coding. Let me write it app independent:

5 Common attack vectors are:

  • replacing the encrypted password with a known encrypted password
  • decrypting the password, because most passwords are weak (even with more then 6 chars)
  • bypass the verification check by replacing the verification method or its flags
  • bypass the verification check by disassembling and patching (“cracking”)
  • load the protected data directly, if its not encrypted

If it was such bad protection, people wouldn’t ask how to hack it. The only problem is that this feature does not live up to its name, but not the feature itself, which is better than nothing and one of the few ways we have to protect our intellectual property from customers who are not willing to pay the real value of the code. What does it matter that it can be hacked? If it mattered, the software industry wouldn’t exist. Even if it is not included in GH2, someone will surely develop a way to protect it, even if it is unsafe.

this is very true. But even if this seems not logical this also points to the uselessness of this feature. You don’t get payed for copying things together. Usually someone gets paid to solve a very specific problem. And if people are not capable of this, then I guarantee that those people won’t have success anyway. So if someone steals interlectual property, it doesn’t bring him/her any benefits at all. You cannot sell others software if you don’t understand much coding. People who actually can use your knowledge are on the otherhand capable in cracking or reversing your functionality. So you need better countermeasures.

1 Like

Copying and pasting doesn’t get you anywhere, but learning in 50 minutes what the author took to develop in 5 hours can give you a relevant advantage, time. That’s why people who don’t generate content don’t want protection. Besides, when the solution to a commercial problem is not a result but a process, if you don’t lock the process in a black box, you are giving the tools to solve similar problems or optimize the solution without your help. And yes, people who are able to hack are usually the same as people who don’t need to hack to copy someone. But I don’t care about that 1% copying me, I want to stop anyone from copying me fast.


Hi! I have just faced with the same problem. I made a cluster but I forgot my password and I can not open it right now. I want to make some changes but I cant. Can you help me pleaaaaseee? How can I open it?

Hi! I have just faced with the same problem. I made a cluster but I forgot my password and I can not open it right now. I want to make some changes but I cant. Can you send me the link too?

Just stating the obvious (but someone has to!) for creators:

If you want to password protect something take a backup / copy of it first and stash that somewhere private as insurance against the day when your memory has gone. Then no hacks needed.


Yeah you’re right. But what can I do now???

Hello, i have the same problem, would you mind sharing it with me as well?

Hello, i have the same problem, would you mind sharing it with me as well?