Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20180122184500.GA26889@openwall.com>
Date: Mon, 22 Jan 2018 19:45:01 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: No password hashes loaded in password file generated from DMG using dmg2john.py

On Mon, Jan 22, 2018 at 11:57:48AM -0600, Eric Kent wrote:
> I have an Apple DMG created over 5 years ago that is encrypted using either
> AES-128 or AES-256 for which I have forgotten the password.  I have a
> limited character list of possible characters included that may be included
> in the password (twelve possible letters in lowercase or capital form, 2
> numbers, 2 symbols) and the password is complex in that it may include
> lowercase letters, capital letters, numbers, or symbols, but it is simple
> in length.
> 
> I ran dmg2johh.py to generate a password file (dmg2john.c will not compile)

In what way did dmg2john.c not compile?  Can you show how you tried to
compile it, and what error messages you received?  It's normally
compiled along with the rest of JtR jumbo.

You may also download JtR jumbo pre-built for OS X / macOS:

http://download.openwall.net/pub/projects/john/contrib/macosx/

> and then executed John on this password file, receiving a "No password
> bases loaded" response.  I created a new DMG with a known password and
> repeated the above process, and John immediately found the password. I also
> repeated the above process on a preexisting DMG from several years ago and
> it succeeded as well.  Only the DMG in question that I need to open gives
> the "No password bases loaded" response.
> 
> Interestingly, the password files of the new DMG created as a test case and
> the subject DMG that I am trying to open are not similar whatsoever in
> format or length.

That's weird.  What does the non-loadable output of dmg2john look like,
roughly?  In what way is it dissimilar?

> Would this be indicative of an an idiot user, an incompatible encryption
> format, a corrupted DMG, or some larger system or John issue?

I can't tell what the issue is from just the information you provided so
far.  One obvious issue, however, is:

> John the Ripper 1.7.3.1 *Pro* for Mac OS X
> Mac OS X version 10.12.6

JtR Pro does not support cracking of DMG file passwords at all.  You
must have been using jumbo where things worked for you before, and you
need to continue using jumbo for your "subject DMG".  What version of
jumbo was that?  Either way, I suggest that you try either latest
bleeding-jumbo off GitHub (you'd need to build it from source) or the
binary builds downloadable from the URL above (they're older, but are
capable enough for your needs).

I hope this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.