Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 26 Aug 2018 19:43:08 +0200
From: CRO <enigmista1980@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Filevault2 volume without password

Thanks magnum.

> On 2018-08-26 10:54, George Still wrote:
>> I'm trying to mount a disk image encrypted volume in my forensic case.
>> I don't know the password, so I can't extract hash from the raw image.
> 
> You typically extract some data from the (unmounted) partition or file 
> that holds the encrypted image and then run dmg2john on that, producing 
> a "hash". 

How? I extracted EncryptedRoot.plist.wipekey following the Wiki 
https://github.com/libyal/libfvde/wiki/Mounting

You can also run dmg2john et. al. directly against the image
> file or partition. In this case you already have an image file so you 
> should just run something like:
> 
> $ cd path/to/john/run
> $ ./dmg2john /path/to/your/image.file > image_hash
> $ ./john -format:dmg-opencl image_hash (...)

I have not a .dmg image. I have a raw image:

# mmls image.raw
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 512-byte sectors

       Slot      Start        End          Length       Description
000:  Meta      0000000000   0000000000   0000000001   Safety Table
001:  -------   0000000000   0000000039   0000000040   Unallocated
002:  Meta      0000000001   0000000001   0000000001   GPT Header
003:  Meta      0000000002   0000000033   0000000032   Partition Table
004:  000       0000000040   0000409639   0000409600   EFI System Partition
005:  001       0000409640   0488965175   0488555536   No title
006:  002       0488965176   0490234711   0001269536   Recovery HD
007:  -------   0490234712   0490234751   0000000040   Unallocated

dmg2john works with .dmg files

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.