Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Sep 2011 13:34:07 +0200
From: estenole lists <>
Subject: Re: False positives on zip (aes256)


ive tried it without suceess, it stops on the first key it finds. Ive been
makeing some tests
and seems like i should modify the function crk_process_gues called from
cracker.c. My C
knowledge is limited, but that function make some changes that affect the
rest of the bufferered
keys os any other value.

 if (crk_methods.cmp_exact(pw->source, index)) {
                                if (crk_process_guess(salt, pw, index))
                                   ->     return 1;

                } while ((pw = pw->next));

Ive tried some modifications, but after crk_process_gues the program exits.
I tried to modify some
calls before but i ended on a Segmen segfault errors.

Ill let you know if im able to get it working.

Thank you !

2011/9/1 jfoug <>

> You will have to 'change' the zip format source file to  do this. Change
> the
> cmp_exact to this (NOTE I have not tested, just coding in the email)
> static int cmp_exact(char *source, int index)
> {
>        static int cnt=0;
>        if (++cnt < 13) // we have to 'pass' the self tests.
>                return has_been_cracked[index];
>        cnt = 20; // to make sure we do not 'wrap' cnt past the end of a
> 2^31 number to a negative number
>        if (has_been_cracked[index]) {
>                fprintf(stderr, "\nPossible pass:  %s   Hash=%s\n\n",
> saved_key[index], source);
>                log_event("++ Possible pass:   [%s]", saved_key[index]);
>        }
>      return 0;
> }
> Then you can see them show up on the screen output, and also in the
> john.log
> file.  These can then be tested after the run.
> NOTE, this method will cause john to NEVER find the password.  It simply
> informs you in output that a possible password was seen.  The right one
> will
> be output, along with any false positives.
> Jim.
> >From: estenole lists []
> >
> >Hello all,
> >
> >im using the latest John the Ripper
> >1.7.8-jumbo-5<>
> >version
> >for trying to get the key of a zip encrypted
> >with aes256 bit. I allready know that actuallty false positives are
> >common
> >at this time.
> >
> >THe problem is tha when processing the wordlist john stops as soon as a
> >key
> >is found, but at the moment
> >none on them works, what i want to achieve is to force john to try with
> >the
> >full wordlist while printing
> >the keys found so i can try them when finished. Could find any option or
> >configuration to do so, do you
> >know id theres such a possiblity ?
> >
> >Thank you

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.