Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANO7a6w4ZTZrXTC3aTNVn=TZ7ed_hyO0q8Bx0Rc6c6Zdn+q_Bw@mail.gmail.com>
Date: Tue, 1 Jan 2013 01:47:28 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: npdf2john

On Tue, Jan 1, 2013 at 1:20 AM, shane Shane
<shane@...twareontheside.info> wrote:
> I completed a new version of npdf2john in ruby:
>
> https://github.com/ShaneQful/npdf2john_ruby
>
> It's a lot smaller about 165 lines of code and easier to understand than
> original perl. I'll port it to python later in the week

Awesome! We could use both Ruby and Python versions. Solar will still
demand a Perl or C version ;)

I will start testing it. I want to get rid of older pdf format as soon
as possible and rename npdf to pdf.

> but there was one part of the output which I
> didn't understand and was
> wondering if anyone could shed light on it.
>
> "$npdf$4*4*128*-1028*1*16*e03460febe17a04 ....."
>
> That 1 is the same for every pdf I have passed through the original tool &
> the perl code is a bit  beyond me so I anyone knows and could let me know so I can finish it and
> start the port to python.

This "1" part means metadata is encrypted (This part / flag is called
encrypt_metadata in npdf_fmt_plug.c).

encrypt_metadata flag can be 0 or 1.

> Also if there's anything else to do with document cracking that you want me
> to do just let me know :)

We could use some help on analysis of LastPass database format
(probably requires some reverse engineering).

If this doesn't interest you, see
http://openwall.info/wiki/john/wishlist and pick up a task.

-- 
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.