Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150605130437.GA17233@openwall.com>
Date: Fri, 5 Jun 2015 16:04:37 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

On Fri, Jun 05, 2015 at 03:44:31PM +0300, Solar Designer wrote:
> Maybe the open of john.pot for writing.

Yes, this appears to be the case.  Attached is a version of fuzz.pl that
directs --pot to a /dev/shm file (in fact, to separate files per child
process, to avoid possible lock contention there).  It runs at full
speed for me (almost no idle time on super now) when most stuff is on
disk.  I also added "| shuf |", but somehow the first process terminated
in under a minute anyway.  The remaining processes look slightly better
balanced now, though.

This is surprising:

$ cat /dev/shm/fuzz/pot*
$openssl$0$0$8$3059edc2a0521011$bf11609a01e78ec3f50f0cc483e636f9$1$0:wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong
$openssl$0$0$8$305cedc2a0521911$bf11609a01e78ec3f50f0cc483e636f9$1$0:wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong

What's this?  False positives?  Did I possibly overrun into a "cracked"
variable?  (Dhiru likes those so much.)  Kai, you should run fuzz.pl
against an asan-enabled build - this will probably catch many more issues.

Also got these crashers:

$PF$$BOuLMWPCSO0fpsmJc1eac64eq6$dNljII1cz8m0er8aEs0SnpWIC6ndGHjaGr4Aet//SUK
$PF$K$OuLMWPCSO0fpsmJc1eac64eq6$dNljII1cz8m0er8aEs0SnpWIC6ndGHjaGr4Aet//SUK
$PF$KB$uLMWPCSO0fpsmJc1eac64eq6$dNljII1cz8m0er8aEs0SnpWIC6ndGHjaGr4Aet//SUK
$PF$KBO$LMWPCSO0fpsmJc1eac64eq6$dNljII1cz8m0er8aEs0SnpWIC6ndGHjaGr4Aet//SUK
$PF$KBOu$MWPCSO0fpsmJc1eac64eq6$dNljII1cz8m0er8aEs0SnpWIC6ndGHjaGr4Aet//SUK
$PF$KBOuL$WPCSO0fpsmJc1eac64eq6$dNljII1cz8m0er8aEs0SnpWIC6ndGHjaGr4Aet//SUK
$PF$$BOuLFhriderZgM3u8j69kIE4vW$C8ktW5hn1fJKKzHnLGmjpeCTwcY.PxKsgi6s5Ygwy62
$PF$K$OuLFhriderZgM3u8j69kIE4vW$C8ktW5hn1fJKKzHnLGmjpeCTwcY.PxKsgi6s5Ygwy62
$PF$KB$uLFhriderZgM3u8j69kIE4vW$C8ktW5hn1fJKKzHnLGmjpeCTwcY.PxKsgi6s5Ygwy62
$PF$KBO$LFhriderZgM3u8j69kIE4vW$C8ktW5hn1fJKKzHnLGmjpeCTwcY.PxKsgi6s5Ygwy62
$PF$KBOu$FhriderZgM3u8j69kIE4vW$C8ktW5hn1fJKKzHnLGmjpeCTwcY.PxKsgi6s5Ygwy62
$PF$KBOuL$hriderZgM3u8j69kIE4vW$C8ktW5hn1fJKKzHnLGmjpeCTwcY.PxKsgi6s5Ygwy62

[solar@...er run]$ ./john fuzz-sample-pufferfish-78-5
Using default input encoding: UTF-8
Loaded 1 password hash (pufferfish, Pufferfish [32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Segmentation fault
[solar@...er run]$ ./john fuzz-sample-pufferfish-25-0 
Using default input encoding: UTF-8
Loaded 1 password hash (pufferfish, Pufferfish [32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Segmentation fault

Alexander

View attachment "fuzz.pl" of type "text/plain" (2199 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.