Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 10 May 2022 21:25:17 +0300
From: Aleksey Cherepanov <>
Subject: team john-users write-up for CracktheCon contest at CypherCon 2022

Team john-users participated in CracktheCon 2022 contest competing in
the Pro category. The contest was organized by CynoSure Prime and held
during CypherCon conference.

Challenges were fun to crack. Puns were amusing. Also the contest was
a good stress testing for john resulting in a few bug reports. Thank
you, CynoSure Prime!

We finished as #3. Competition was tough. Results shown by other teams
are pretty impressive. Thank you, users (Pro),
LevenshteinAmphetamine and Rsjztz!

The contest is over. But you may try the challenges yourself getting
them here:

Matt Weir participated in the Street category and prepared very good
write-up explaining how to get great results using a single CPU only.

Team users (Pro) prepared very informative write-up
covering both Pro and Street challenges.

With such nice write-ups available, I'll skip overlapping details.
Overall we spent too much time on fast hashes and put too little
effort into 'he-ran-somewhere' challenge. But in one challenge we
caught opportunity other teams missed.

We noticed that hashes in 'Gay Melanoma' could not be cracked with
john. We had cracks from hashcat. I picked password 'misha3333333' and
compared its cracked hash with true sha256 of the password: they were

The given and the correct hashes of 'misha3333333':
        ^                               ^      ^ differ

So I modified cmp_exact() function in raw-sha256 format to let john
accept cracks if computed hash differs from given hash in up to 19
bytes of 32 bytes in binary value of sha256. Due to design of the
challenge, we were getting cracks that could not be found with
hashcat. The advantage it gave us is pretty visible on scoreboard.

Actually I had to modify get_hash_*() functions too, but I did not. To
experiment I wrote a simple cracker in Python. It gave some additional
cracks but not enough to spend more time on the challenge.

Similarly for 'number^3' challenge, huge difference in results was
achieved by team users (Pro). The key was iterated
variations of algorithms with md5. We treated these hashes as raw-md5
only. But that's a learning point for the following lesson: "It is
always a good idea to not assume a single hash algorithm is being
used, even if it comes from a single data set." The quote is taken
from here:

We had 4 active team members:

Aleksey Cherepanov
Ivan U

Also we got general advice and hardware from 3 other members.

Hardware resources used (maximum):

- CPUs: ~122 cores / ~244 threads
- GPUs: 11
- FPGAs: 8 chips / 2 ZTEX 1.15y boards

Some of hardware was available to us only a fraction of time.

Remote access to 8 GPUs was provided by the Openwall Project. Some of
them are listed here (we did not use Xeon Phi):

FPGAs were used for phpass hashes from 'Agent Glitch' challenge only.
But it was pointless because we did not XOR the given file with the
original mp3 file. All 5 of our cracks were found on CPU before
turning on FPGAs.

Software used:
- John the Ripper bleeding-jumbo ( )
  - raw-sha256 format was modified during the contest (see above)
- hashcat ( )
- simplistic sha256-like cracker written during the contest, used by
  Aleksey only (see above)
- auxiliary software, including custom scripts to handle cracks and

Thanks for reading!

Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.