Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 May 2015 23:09:54 +0300
From: Aleksey Cherepanov <>
Subject: team john-users write-up for PHDays Hash Runner 2015 contest

Team john-users participated in PHDays Hash Runner 2015 contest. We've
got the second place quite close to the first. We even led during a
short period of time in the middle of the contest.

Team        Cracked percent of total points
hashcat        28.19%
john-users     27.69%
InsidePro      24.40%
CynoSure_Prime 21.22%
ktxrunner       1.09%

A pretty graph:

Software used: John the Ripper bleeding-jumbo[1] (with various
patches), custom scripts to handle hashes during the contest,
wikigen[2] to scrap Wikipedia pages (used by csec only)


Hardware: ~100 CPU cores, ~10 GPUs, 1 Xeon Phi, 2 FPGAs used on average
during the 72-hour period.

We did not load our hardware most of the time so it is an inaccurate
estimation of average usage of hardware.

Agnieszka Bielec aka Eternal
Aleksey Cherepanov
Bill E. Ghote
Dhiru Kholia
Katja Malvoni
Matt Weir
Sayantan Datta
Solar Designer

We had 23 members (including 10 new members). But only some of them
were able to dedicate 3 full days to the contest, so 8 most active
members brought 95% of our cracks.

The contest was a lot of fun (and a lot of coding this time). We tried
some recently added code, found some bugs and even published new code
during the contest and right after the contest. So the contest
improved our main tool - John the Ripper.

Below, there is a short write up of our adventures during 3 crazy days
of the contest.

Before the contest we already had POMELO format implemented by Eternal
as part of Google Summer of Code 2015 that Openwall participates in.
Also Eternal implemented another PHC Finalist: Parallel. So we had
regular and OpenCL versions, but we did not meet Parallel hashes
during the contest. I implemented --show=types option before the
contest to handle hashes this time. Also it is useful for Johnny the
GUI for John the Ripper.

I made an awful start: I picked 3.txt and extracted LMs and raw-md5
hashes for the team. I made a lot of mistakes: wrong regexps, not all
LMs were extracted, 3.txt contained other types of hashes too... Such
poor start forced Solar Designer to take the coordination.

We were not able to setup our upload script for quite long. Though at
the end, we had automatic uploads, thanks to ch3root!

The team worked hard. There were a lot of active members and they
helped each other so cracking went well. Passwords with unicode chars
and even control chars (like escape char in one LM) were found.
Dolphins turned out to be easy and we cracked all of them. We got
bonus hashes for 2, 3, 6, 7, 8 and 9 tasks. GOST 2012 and lineage
hashes were very fast and had high prices so we attacked them quite

We used the two FPGAs on bcrypt only, and ended up wasting them since
we never figured out what SHA family function or the like and with
what encoding and possibly an HMAC key the contest organizers might
have been supplying as input to bcrypt. We tested many possibilities
with lists of common passwords and with lists of previously cracked
passwords (from other hash types in the contest), but with no luck.
This distracted two of our team members from other participation in
the contest quite a bit.

3 days of the contest allowed us to work on the coding challenges
quite comfortably:

- pomelo: turned out to hash pointers. Eternal investigated it. We
  reported that to orgs and did not try to crack them.

- pufferfish: turned out to be hashes of empty password. Eternal,
  Dhiru Kholia and then I checked them and reported to orgs. Orgs
  fixed that and we cracked 1 hash.

- GOST-34.11-2012 (stribog): it was implemented by Dhiru Kholia early
  in the contest.

- lotus8.1 and pbkdf2-hmac-md5 were implemented by Dhiru Kholia during
  the contest and pushed into bleeding-jumbo branch on github.

- dolphin/scrypt: 15 hashes (of 226) were rejected by john, ch3root
  fixed that patching john.

- lineage: it is a plain sha512crypt with salts generated from
  passwords (using custom la_encrypt()), so they are not really salted
  and full computation is not needed to reject most of wrong
  candidates, I implemented a format for john.

- wonderful: Dhiru Kholia implemented a format for john for these
  tricky hashes with a lot of types including md5($p,$s), md5($s,$p),
  md5(md5($p),$s) and a lot of other combinations involving 4 hashing
  algorithms. Some types involved custom code in php. The code
  contained a mistake: hashes of the type with DO_XOR flag and not
  with HMAC flag accept any password and any salt. Only one conclusion
  may be made: don't use your own custom hashing algorithm in php,
  such hashes may be very weak! You may use phpass hashing library.

- hashcoin: there are hashes with passwords like p1 for hash1, p1p2
  for hash2, p1p2p3 for hash3 (where p1, p2, p3 were chosen randomly
  from a set of ~1G elements), such chaining mimics block chains in
  crypto coins. I implemented a "miner" in C and we got 1400+
  hashcoins at speed ~3 hashes / minute. While I made the miner quite
  early (more than 24 hours before the end), I failed to run it long
  enough because I intended to optimize it to crack all hashcoins.
  Just running it all the time would be enough for the first place
  with a decent gap, so I think it is my personal fault that we are
  only the second.

Thanks to organizers for such great contest!

Thanks to other teams for the tough competition!

Thanks to all john-users members for participation!

Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ