Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Sep 2011 12:50:43 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: Rewrite of the pkzip format posted (on the wiki).

The enclosed patch fixes everything I mentioned except the problem with 
not cracking 2011-CrackMeIfYouCan_part1.zip

magnum


On 2011-09-10 11:54, magnum wrote:
> Here's a detail I think was better with the old version:
>
> Loaded 8 password hashes with 8 different salts (pkzip [N/A])
> magnum (excel.zip)
> 100 (test.zip)
> 48670667 (blag.zip)
>
> ...new version output:
> Loaded 9 password hashes with 9 different salts (pkzip [N/A])
> magnum (?)
> 100 (?)
> 48670667 (?)
>
> A questionmark is not very useful here. This should be a trivial fix to
> zip2john. One of my test files don't even get the filename AT ALL in the
> infile:
>
> $ zip2john blag.zip 2>/dev/null
> $pkzip$3*2*1*0*8*24*ab33*f1c6cc22d492bfff0a2255839659e95dcc92261f5e64c33438adebf2e212bce6158ca5a0*1*0*8*24*a40e*7c8c1835321b1e4d2d898fe1c5bd92df93cdbc63957e6b369faa9214d44a63dc77e43e36*2*0*58*107*b0713b8c*1135a1*48*8*58*88d1*d74723db2f873b7500a49ad34db2f1f52e0bf03143d5057912b23225607cc56cbde281ca5aa0e76dc2964aa89864134884aeaf7f6d26445b12ad2df654fe3e3d6a27a62ab42f737716678643e8c7e9ca95a5912cb9fbe64f*$/pkzip$
>
>
>
> Also, there is a line that should go to stderr and not to the infile:
> 2011-CrackMeIfYouCan_part1.zip->contest_tree/challenge1/ is not encrypted!
>
> For some reason it *fails* to crack 2011-CrackMeIfYouCan_part1.zip even
> though it cracked five other testfiles in the same session that had the
> same password. Can you verify cracking of that very file? I suspect the
> problem is in zip2john and not the format. Here is the line I got from
> zip2john for that file:
> $pkzip$3*2*1*3*0*c0*16c3*7176321e9b05105ab727c6546720124cc71383b6a388817cd8b300fbba3a890f1c74fc6c852476380b134ebc565f23ea7ad5f58d7f7a2d3ddae6b415e112702d1dbde0d7428b9c313bc68e4c4ca10cbaad228ff9163c06d44345564fb52cf3c76a0767eab8ddd06aaa873bf219514cf11a51e61879296fcd1afe45c00fbd3a8464efb97458978e45d2c5668e92f3f641a5db0afb6d1f76cf16d25d8cebb096fe3d76e6ae3844d3a956c189409afc2979810d29c7387a40e714baa58dc9101764*1*6*8*c0*16c3*57428bffd664d6469ea47e95809cbeccaebb9925438428189d9a76f8e063ca1e40271edc298b66ed0ecc70bd2f0bdbab31473bfa5b272312a0957e86da33bbb86bdb7eccd2098549277113cd8007b3b88102625b4c4b45aaa0302f9063d63504e2cfbd2f47c5f2f10aa2c2e7069de97d49d385fbbdf9979c9d84599c0c08d417eb051eae0a8bee6aa9499a2fcad4c3e3acdae529f8971f376d6cb726e6ef37b799556f230b65335e2bc19ba37fad73549c41b107d4b9db31a057cf91a33812c2*3*0*4c30*4a911*a3bbd8d2*16299a*5b*8*1e*16c3*2011-CrackMeIfYouCan_part1.zip*$/pkzip$
>
>
> magnum


View attachment "pkzip-fixes.diff" of type "text/x-patch" (1767 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ