[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5c59bb8ba79bf77b1d09aff3824a0e3e@smtp.hushmail.com>
Date: Sun, 26 Aug 2018 18:18:14 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Filevault2 volume without password
On 2018-08-26 10:54, George Still wrote:
> I'm trying to mount a disk image encrypted volume in my forensic case.
> I don't know the password, so I can't extract hash from the raw image.
You typically extract some data from the (unmounted) partition or file
that holds the encrypted image and then run dmg2john on that, producing
a "hash". You can also run dmg2john et. al. directly against the image
file or partition. In this case you already have an image file so you
should just run something like:
$ cd path/to/john/run
$ ./dmg2john /path/to/your/image.file > image_hash
$ ./john -format:dmg-opencl image_hash (...)
Please note that for best results you should use a jumbo version no
older than, let's say, this year - and preferably a really fresh one
from GitHub sources.
magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
