Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4E6B33F3.7040104@bredband.net>
Date: Sat, 10 Sep 2011 11:54:59 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: Rewrite of the pkzip format posted (on the wiki).

On 2011-09-09 23:59, jfoug wrote:
> The pkzip_fmt has been re-written, and the patch posted on the wiki (The
> patch 0011-pkzip-format-rewrite-1.diff. and found on
> http://openwall.info/wiki/john/patches) This format is faster.  How much
> faster depends upon the type of zip file, and the size of the smallest file,
> and how many encrypted zip files are in that zip file.

Here's a detail I think was better with the old version:

Loaded 8 password hashes with 8 different salts (pkzip [N/A])
magnum           (excel.zip)
100              (test.zip)
48670667         (blag.zip)

...new version output:
Loaded 9 password hashes with 9 different salts (pkzip [N/A])
magnum           (?)
100              (?)
48670667         (?)

A questionmark is not very useful here. This should be a trivial fix to 
zip2john. One of my test files don't even get the filename AT ALL in the 
infile:

$ zip2john blag.zip 2>/dev/null
$pkzip$3*2*1*0*8*24*ab33*f1c6cc22d492bfff0a2255839659e95dcc92261f5e64c33438adebf2e212bce6158ca5a0*1*0*8*24*a40e*7c8c1835321b1e4d2d898fe1c5bd92df93cdbc63957e6b369faa9214d44a63dc77e43e36*2*0*58*107*b0713b8c*1135a1*48*8*58*88d1*d74723db2f873b7500a49ad34db2f1f52e0bf03143d5057912b23225607cc56cbde281ca5aa0e76dc2964aa89864134884aeaf7f6d26445b12ad2df654fe3e3d6a27a62ab42f737716678643e8c7e9ca95a5912cb9fbe64f*$/pkzip$


Also, there is a line that should go to stderr and not to the infile:
2011-CrackMeIfYouCan_part1.zip->contest_tree/challenge1/ is not encrypted!

For some reason it *fails* to crack 2011-CrackMeIfYouCan_part1.zip even 
though it cracked five other testfiles in the same session that had the 
same password. Can you verify cracking of that very file? I suspect the 
problem is in zip2john and not the format. Here is the line I got from 
zip2john for that file:
$pkzip$3*2*1*3*0*c0*16c3*7176321e9b05105ab727c6546720124cc71383b6a388817cd8b300fbba3a890f1c74fc6c852476380b134ebc565f23ea7ad5f58d7f7a2d3ddae6b415e112702d1dbde0d7428b9c313bc68e4c4ca10cbaad228ff9163c06d44345564fb52cf3c76a0767eab8ddd06aaa873bf219514cf11a51e61879296fcd1afe45c00fbd3a8464efb97458978e45d2c5668e92f3f641a5db0afb6d1f76cf16d25d8cebb096fe3d76e6ae3844d3a956c189409afc2979810d29c7387a40e714baa58dc9101764*1*6*8*c0*16c3*57428bffd664d6469ea47e95809cbeccaebb9925438428189d9a76f8e063ca1e40271edc298b66ed0ecc70bd2f0bdbab31473bfa5b272312a0957e86da33bbb86bdb7eccd2098549277113cd8007b3b88102625b4c4b45aaa0302f9063d63504e2cfbd2f47c5f2f10aa2c2e7069de97d49d385fbbdf9979c9d84599c0c08d417eb051eae0a8bee6aa9499a2fcad4c3e3acdae529f8971f376d6cb726e6ef37b799556f230b65335e2bc19ba37fad73549c41b107d4b9db31a057cf91a33812c2*3*0*4c30*4a911*a3bbd8d2*16299a*5b*8*1e*16c3*2011-CrackMeIfYouCan_part1.zip*$/pkzip$

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.