Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <D8C1A5B1-4ED9-47FC-BC9D-8FADBADC1F3F@whitehatsec.com>
Date: Fri, 8 Feb 2013 16:48:34 +0000
From: Jeremiah Grossman <jeremiah@...tehatsec.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Password Cracking a DMG...


On Feb 4, 2013, at 10:52 AM, Jeremiah Grossman <jeremiah@...tehatsec.com> wrote:

> 
> On Feb 1, 2013, at 3:12 PM, magnum <john.magnum@...hmail.com> wrote:
> 
>> On 29 Jan, 2013, at 22:10 , magnum <john.magnum@...hmail.com> wrote:
>>> On 29 Jan, 2013, at 21:01 , Jeremiah Grossman <jeremiah@...tehatsec.com> wrote:
>>>> On Jan 29, 2013, at 11:18 AM, magnum <john.magnum@...hmail.com> wrote:
>>>> 
>>>>> On 29 Jan, 2013, at 19:09 , Jeremiah Grossman <jeremiah@...tehatsec.com> wrote:
>>>>>> from run/
>>>>>> 
>>>>>>> $ dmg2john aes_256.dmg 
>>>>>> Segmentation fault: 11
>>>>>> 
>>>>>> Same issue as yesterday. "aes_256.dmg" is a newly created 15GB DMG encrypted with AES-256 (OS X 10.8.2). No data contained within. 
>>>>> 
>>>>> That should be "./dmg2john". Maybe you just didn't copy it verbatim? Otherwise, maybe you actually did not run the newly built ./dmg2john but an old bad one from somewhere in your path.
>>>>> 
>>>>> magnum
>>>> 
>>>> Positive I got it right. I was just snipping the command line for brevity sake. The dmg2john I ran was in the run/ directory automatically built during compile of JtR.
>>> 
>>> I figured so, just checking. I will try to reproduce the problem and debug it.
>> 
>> 
>> For people not subsribed to john-dev: This is resolved in latest git. The dmg2john bug was fixed, and then we realized both dmg2john and the format blatantly ignored the iterations count - which is bumped a lot in later OSX versions (it was hard-coded to 1000 while newer Macs produce files with over 200,000 iterations, and seemingly depending on available CPU power at creation time). Finally, some known-plain stuff was tweaked.
>> 
>> So the good news is everything hopefully works now if you check out a Git Jumbo. The bad news is with this high iteration count, you get about 5-10 c/s per core on CPU. Using OpenCL and GPU we can get a little more but this is the toughest format I know of right now.
>> 
>> magnum
> 
> 
> Downloaded the new version. Ran dmg2john across several different sized AES-256 DMGs (100MB, 200MB, 15GB) [no data]. Successfully cracked the password on all of them. Hooray! 
> 
> Now, onto the the "real" one. ;)
> 
> 
> Regards,
> 
> Jeremiah-


My story has a happy ending...

Password Cracking AES-256 DMGs and Epic Self-Pwnage
http://blog.whitehatsec.com/cracking-aes-256-dmgs-and-epic-self-pwnage/

If the missing characters of my partial password had been 7 characters, not sure it would have been. Thanks everyone!

Regards,

Jeremiah-

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.