[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALrQjmWJVv7ARrqC-U-KmUoLvHHRRedWg=GD41B66tbnBdSQ4A@mail.gmail.com>
Date: Fri, 2 Sep 2011 13:38:29 +0200
From: estenole lists <estenole.lists@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: False positives on zip (aes256)
Hello,
seems like the problem was on ldr_remove_hash(crk_db, salt, pw) inside
crk_process_guess .-)))
static int crk_process_guess(struct db_salt *salt, struct db_password *pw,
int index)
{
int dupe;
char *key;
dupe = !memcmp(&crk_timestamps[index], &status.crypts,
sizeof(int64));
crk_timestamps[index] = status.crypts;
key = crk_methods.get_key(index);
log_guess(crk_db->options->flags & DB_LOGIN ? pw->login : "?",
dupe ? NULL : pw->source, key,
crk_db->options->field_sep_char);
crk_db->guess_count++;
status.guess_count++;
if (crk_guesses && !dupe) {
strnfcpy(crk_guesses->ptr, key,
crk_params.plaintext_length);
crk_guesses->ptr += crk_params.plaintext_length;
crk_guesses->count++;
}
/*ldr_remove_hash(crk_db, salt, pw);*/
if (!crk_db->salts)
return 1;
crk_init_salt();
return 0;
}
Thank you
2011/9/2 estenole lists <estenole.lists@...il.com>
>
> Hello,
>
> ive tried it without suceess, it stops on the first key it finds. Ive been
> makeing some tests
> and seems like i should modify the function crk_process_gues called from
> cracker.c. My C
> knowledge is limited, but that function make some changes that affect the
> rest of the bufferered
> keys os any other value.
>
>
> if (crk_methods.cmp_exact(pw->source, index)) {
> if (crk_process_guess(salt, pw, index))
> -> return 1;
> else
> break;
> }
>
> } while ((pw = pw->next));
>
>
> Ive tried some modifications, but after crk_process_gues the program exits.
> I tried to modify some
> calls before but i ended on a Segmen segfault errors.
>
> Ill let you know if im able to get it working.
>
> Thank you !
>
>
>
>
> 2011/9/1 jfoug <jfoug@....net>
>
>> You will have to 'change' the zip format source file to do this. Change
>> the
>> cmp_exact to this (NOTE I have not tested, just coding in the email)
>>
>> static int cmp_exact(char *source, int index)
>> {
>> static int cnt=0;
>> if (++cnt < 13) // we have to 'pass' the self tests.
>> return has_been_cracked[index];
>> cnt = 20; // to make sure we do not 'wrap' cnt past the end of a
>> 2^31 number to a negative number
>> if (has_been_cracked[index]) {
>> fprintf(stderr, "\nPossible pass: %s Hash=%s\n\n",
>> saved_key[index], source);
>> log_event("++ Possible pass: [%s]", saved_key[index]);
>> }
>> return 0;
>> }
>>
>> Then you can see them show up on the screen output, and also in the
>> john.log
>> file. These can then be tested after the run.
>>
>> NOTE, this method will cause john to NEVER find the password. It simply
>> informs you in output that a possible password was seen. The right one
>> will
>> be output, along with any false positives.
>>
>> Jim.
>>
>> >From: estenole lists [mailto:estenole.lists@...il.com]
>> >
>> >Hello all,
>> >
>> >im using the latest John the Ripper
>> >1.7.8-jumbo-5<http://www.openwall.com/john/g/john-1.7.8-jumbo-5.tar.gz>
>> >version
>> >for trying to get the key of a zip encrypted
>> >with aes256 bit. I allready know that actuallty false positives are
>> >common
>> >at this time.
>> >
>> >THe problem is tha when processing the wordlist john stops as soon as a
>> >key
>> >is found, but at the moment
>> >none on them works, what i want to achieve is to force john to try with
>> >the
>> >full wordlist while printing
>> >the keys found so i can try them when finished. Could find any option or
>> >configuration to do so, do you
>> >know id theres such a possiblity ?
>> >
>> >Thank you
>>
>>
>
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
