Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Sep 2011 12:50:43 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: Rewrite of the pkzip format posted (on the wiki).

The enclosed patch fixes everything I mentioned except the problem with 
not cracking 2011-CrackMeIfYouCan_part1.zip

magnum


On 2011-09-10 11:54, magnum wrote:
> Here's a detail I think was better with the old version:
>
> Loaded 8 password hashes with 8 different salts (pkzip [N/A])
> magnum (excel.zip)
> 100 (test.zip)
> 48670667 (blag.zip)
>
> ...new version output:
> Loaded 9 password hashes with 9 different salts (pkzip [N/A])
> magnum (?)
> 100 (?)
> 48670667 (?)
>
> A questionmark is not very useful here. This should be a trivial fix to
> zip2john. One of my test files don't even get the filename AT ALL in the
> infile:
>
> $ zip2john blag.zip 2>/dev/null
> $pkzip$3*2*1*0*8*24*ab33*f1c6cc22d492bfff0a2255839659e95dcc92261f5e64c33438adebf2e212bce6158ca5a0*1*0*8*24*a40e*7c8c1835321b1e4d2d898fe1c5bd92df93cdbc63957e6b369faa9214d44a63dc77e43e36*2*0*58*107*b0713b8c*1135a1*48*8*58*88d1*d74723db2f873b7500a49ad34db2f1f52e0bf03143d5057912b23225607cc56cbde281ca5aa0e76dc2964aa89864134884aeaf7f6d26445b12ad2df654fe3e3d6a27a62ab42f737716678643e8c7e9ca95a5912cb9fbe64f*$/pkzip$
>
>
>
> Also, there is a line that should go to stderr and not to the infile:
> 2011-CrackMeIfYouCan_part1.zip->contest_tree/challenge1/ is not encrypted!
>
> For some reason it *fails* to crack 2011-CrackMeIfYouCan_part1.zip even
> though it cracked five other testfiles in the same session that had the
> same password. Can you verify cracking of that very file? I suspect the
> problem is in zip2john and not the format. Here is the line I got from
> zip2john for that file:
> $pkzip$3*2*1*3*0*c0*16c3*7176321e9b05105ab727c6546720124cc71383b6a388817cd8b300fbba3a890f1c74fc6c852476380b134ebc565f23ea7ad5f58d7f7a2d3ddae6b415e112702d1dbde0d7428b9c313bc68e4c4ca10cbaad228ff9163c06d44345564fb52cf3c76a0767eab8ddd06aaa873bf219514cf11a51e61879296fcd1afe45c00fbd3a8464efb97458978e45d2c5668e92f3f641a5db0afb6d1f76cf16d25d8cebb096fe3d76e6ae3844d3a956c189409afc2979810d29c7387a40e714baa58dc9101764*1*6*8*c0*16c3*57428bffd664d6469ea47e95809cbeccaebb9925438428189d9a76f8e063ca1e40271edc298b66ed0ecc70bd2f0bdbab31473bfa5b272312a0957e86da33bbb86bdb7eccd2098549277113cd8007b3b88102625b4c4b45aaa0302f9063d63504e2cfbd2f47c5f2f10aa2c2e7069de97d49d385fbbdf9979c9d84599c0c08d417eb051eae0a8bee6aa9499a2fcad4c3e3acdae529f8971f376d6cb726e6ef37b799556f230b65335e2bc19ba37fad73549c41b107d4b9db31a057cf91a33812c2*3*0*4c30*4a911*a3bbd8d2*16299a*5b*8*1e*16c3*2011-CrackMeIfYouCan_part1.zip*$/pkzip$
>
>
> magnum


diff --git a/src/pkzip_fmt_plug.c b/src/pkzip_fmt_plug.c
index 915a537..6ee66d9 100644
--- a/src/pkzip_fmt_plug.c
+++ b/src/pkzip_fmt_plug.c
@@ -1085,7 +1085,7 @@ __inline__
 /* return a failure.  We have 24 bytes of inflate data, and this almost always is more than enough   */
 /* to turn up an error.  If we find we need more, we will do more than 24                            */
 static int check_inflate_CODE1(u8 *next, int left) {
-	u32 whave, op, bits, hold,len;
+	u32 whave = 0, op, bits, hold,len;
 	code here;
 
 #if (ARCH_LITTLE_ENDIAN==1) && (ARCH_ALLOWS_UNALIGNED==1)
diff --git a/src/zip2john.c b/src/zip2john.c
index 9ba1140..fe454ab 100644
--- a/src/zip2john.c
+++ b/src/zip2john.c
@@ -209,7 +209,7 @@ static void process_file(const char *fname)
 				process_old_zip(fname);
 				return;
 			} else {
-				printf("%s->%s is not encrypted!\n", fname,
+				fprintf(stderr, "%s->%s is not encrypted!\n", fname,
 				    filename);
 				fseek(fp, extrafield_length, SEEK_CUR);
 				fseek(fp, compressed_size, SEEK_CUR);
@@ -457,7 +457,7 @@ static void process_old_zip(const char *fname)
 print_and_cleanup:;
 	if (count_of_hashes) {
 		int i=1;
-		printf ("$pkzip$%x*%x*", count_of_hashes, zfp.two_byte_check?2:1);
+		printf ("%s:$pkzip$%x*%x*", fname, count_of_hashes, zfp.two_byte_check?2:1);
 		if (checksum_only)
 			i = 0;
 		for (; i < count_of_hashes; ++i) {
@@ -476,7 +476,7 @@ print_and_cleanup:;
 			if (hashes[0].cmp_len<1500)
 				printf("%x*%s*%s*", hashes[0].cmp_len, hashes[0].chksum, toHex((unsigned char*)hashes[0].hash_data, hashes[0].cmp_len));
 			else
-				printf("%x*%s*%s*", strlen(fname), hashes[0].chksum, fname);
+				printf("%x*%s*%s*", (unsigned int)strlen(fname), hashes[0].chksum, fname);
 		}
 		printf("$/pkzip$\n");
 	}

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ