Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20201203113847.GA844@openwall.com>
Date: Thu, 3 Dec 2020 12:38:47 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: dm2john "No password hashes loaded (see FAQ)"

On Thu, Dec 03, 2020 at 11:36:29AM +0100, r.wiesbach@....de wrote:
> I used dmg2john (exe version) on a .sparsebundle and try to get the
> output to john. Both is john-1.9.0-jumbo-1-win64.
> 
> Obviously, something about the format is wrong, but I could not find
> example hashes for dmg on the website. I noticed that the full path is
> part of the hash - this is just an identifier, right? or do I need to
> provide the entire sparsebundle to john on the cracking system?
> 
> As it might help to identify the version, the hashformat is:
> 
> FULLPATH/bands/0:$dmg2*20*HEX*32*HEX*48*HEX*....

Here's what I suspect the problem is:

Since you're on Windows, the FULLPATH above probably includes the drive
letter followed by a colon.  We also use colon as field separator
character, so the one following the drive letter is misinterpreted as
starting a new field.  Earlier this year, we've made code changes to
strip any colons from that field.  However, the john-1.9.0-jumbo-1
release is from 2019, and thus does not include that change yet.

You can avoid this problem in one of three ways:

1. Invoke dmg2john on a relative rather than absolute path - e.g., "cd"
to the directory containing the sparsebundle and invoke dmg2john on just
the sparsebundle's name, omitting the path.

2. Edit the "hash" string you've already obtained to remove the colon
from the FULLPATH (e.g., replace it with a space).

3. Use our latest code from the GitHub repo.  There's a recent Windows
build of it available via the "Download Windows Build" badge at the top
of README.md as displayed here:

https://github.com/openwall/john

With option 3, you'll probably want to use the newer versions of both
dmg2john and john.

I hope this helps, and please let us all know which option(s) you ended
up trying and whether it worked or not.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.