Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1317685003.3013034.1472543946672@mail.yahoo.com>
Date: Tue, 30 Aug 2016 07:59:06 +0000 (UTC)
From: Sebastian Heyn <sebastian.heyn@...oo.de>
To:  <john-users@...ts.openwall.com>
Subject: Re: Which is the correct hash?

The file has a weird structure.

backup.zip <- password encrypted
ver 1.0 Pic.zip->Neu Textdatei.txt PKZIP Encr: cmplen=12, decmplen=0, crc=0
ver 1.0 Pic.zip->bilder.zip PKZIP Encr: cmplen=16969698, decmplen=16969686, crc=7F501B9D  <- the file itself is also password encrypted

and zip2john doesn't seem to know the -m option. Do I need to enable anything when configuring it?

 ./zip2john -m ../../Backup.zip >backup.hash
./zip2john: invalid option -- 'm'


--------------------------------------------
magnum <john.magnum@...hmail.com> schrieb am Mo, 29.8.2016:

 Betreff: Re: [john-users] Which is the correct hash?
 An: john-users@...ts.openwall.com
 Datum: Montag, 29. August, 2016 22:37 Uhr
 
 On 2016-08-29 21:00,
 Sebastian Heyn wrote:
 > I'm trying to
 bruteforce an old backup.zip file that i found after over 10
 years and I wanted to have a look at. Now I obviously forgot
 the password.
 > My problem is that with
 john-1.7.9 (gentoo) the zip2john script gives a pkzip hash
 which is a 92 byte file ($PKZIP$). However when I use
 jumbo-john from git, zip2john gives a
 >
 32mb hashfile containing a $PKZIP2 hash.  which is the
 correct one? is there any known bugs in either version?
 >
 > -> the pkzip hash
 brutes at 19k/sec
 > -> the pkzip2 hash
 brutes at 100/sec (--fork=32 gives x32 speed)
 >
 > any idea which is
 correct hash to brute force?
 
 Generic answer: Obviously the newer version.
 The 1.7.9 version is so 
 very old you
 shouldn't use it other than for curious comparisons. I
 
 can't even recall all changes to this
 format but some serious issues 
 have been
 addressed, and quite possibly some performance
 improvements.
 
 A more
 specific answer for your case is that the difference in
 speed you 
 mention MAY be due to the older
 version defaulting to "file magic" 
 whereas the newer does not. Does this zip file
 contains just one (or 
 few) large file and
 no small ones? You can use -m as in "zip2john -m 
 backup.zip > OUTFILE" to enable file
 magic and see where that gets you. 
 Just
 beware that resorting to file magic can be error prone (you
 might 
 end up with false negatives) and that
 is why we don't default to it anymore.
 
 magnum
 
 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.