Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Nov 2020 18:15:57 +0100
From: Albert Veli <>
Subject: Re: Rules characters unicode support.

After the Crack Me If You Can 2015 contest the UTF-8 support was
improved in john. But there could still be bugs. In mask mode you can
catch UTF-8 / Unicode characters with ?b?b (0x01-0xff). There is also
the ?L and ?U masks. Don't know exactly what characters they catch.
The documentation says lower-case non-ASCII letters and upper-case
non-ASCII letters. See the doc/MASK file in the source code.

On Tue, Nov 3, 2020 at 3:49 PM François <> wrote:
> Hi,
> I'm currently working on a tool that generates possible -single mode rules
> out of a cracked result.
> While running my tool on a very large (and old) leak, I realized that some
> character substitutions from ASCII to Unicode were hitting some results (a
> few hits on a large leak) for example:
> seé
> suü
> scç
> soö
> saã
> soø
> snñ
> saå
> They're making sense, because some old RFC or specs prevent non ASCII
> characters to be used in email address or login information but passwords
> fields actually take them now. For example, we could imagine that a
> password associated to my email address could be
> close to the way my French first name is actually written, thus "françois"
> (possibly generated by a single rule substituting c to ç such as:  scç ).
> However, it seems that currently, john(-jumbo) does not support Unicode
> characters for all rules commands (except for the content of command A"..."
> ). Is anyone working on supporting that use case, should I just try to use
> the A"..." command for my niche finding ? What are your thoughts?
> Thanks!
> Francois Pesce

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.