|
Message-ID: <38da7e25ad18a566598bcf2a9b3b13f4@smtp.hushmail.com> Date: Tue, 30 Aug 2016 20:40:25 +0200 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: Which is the correct hash? On 2016-08-30 09:59, Sebastian Heyn wrote: > The file has a weird structure. > > backup.zip <- password encrypted > ver 1.0 Pic.zip->Neu Textdatei.txt PKZIP Encr: cmplen=12, decmplen=0, crc=0 > ver 1.0 Pic.zip->bilder.zip PKZIP Encr: cmplen=16969698, decmplen=16969686, crc=7F501B9D <- the file itself is also password encrypted We can't know that. The fact it has a CRC doesn't mean it's encrypted. > and zip2john doesn't seem to know the -m option. Do I need to enable anything when configuring it? > > ./zip2john -m ../../Backup.zip >backup.hash > ./zip2john: invalid option -- 'm' Ouch. I see now we have a tiny little (literally, one bit!) bug there. Will commit a fix within minutes. magnum > -------------------------------------------- > magnum <john.magnum@...hmail.com> schrieb am Mo, 29.8.2016: > > Betreff: Re: [john-users] Which is the correct hash? > An: john-users@...ts.openwall.com > Datum: Montag, 29. August, 2016 22:37 Uhr > > On 2016-08-29 21:00, > Sebastian Heyn wrote: > > I'm trying to > bruteforce an old backup.zip file that i found after over 10 > years and I wanted to have a look at. Now I obviously forgot > the password. > > My problem is that with > john-1.7.9 (gentoo) the zip2john script gives a pkzip hash > which is a 92 byte file ($PKZIP$). However when I use > jumbo-john from git, zip2john gives a > > > 32mb hashfile containing a $PKZIP2 hash. which is the > correct one? is there any known bugs in either version? > > > > -> the pkzip hash > brutes at 19k/sec > > -> the pkzip2 hash > brutes at 100/sec (--fork=32 gives x32 speed) > > > > any idea which is > correct hash to brute force? > > Generic answer: Obviously the newer version. > The 1.7.9 version is so > very old you > shouldn't use it other than for curious comparisons. I > > can't even recall all changes to this > format but some serious issues > have been > addressed, and quite possibly some performance > improvements. > > A more > specific answer for your case is that the difference in > speed you > mention MAY be due to the older > version defaulting to "file magic" > whereas the newer does not. Does this zip file > contains just one (or > few) large file and > no small ones? You can use -m as in "zip2john -m > backup.zip > OUTFILE" to enable file > magic and see where that gets you. > Just > beware that resorting to file magic can be error prone (you > might > end up with false negatives) and that > is why we don't default to it anymore. > > magnum > > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.