Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Sep 2011 16:18:15 -0500
From: "JimF" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: Re: Rewrite of the pkzip format posted (on the wiki).

I have been at the lake this weekend (home for just a few minutes, have a 
wedding to attend in an hour and a half).  I 'may' be home tonight, if we 
can not get away from the reception party afterwards, until too late. 
However, if not, I will not be able to look at any of this until Monday.

If there is problems you find (or a patch I have left out, as it appears may 
have happened from a post you made a little after this one), then  post 
them, if at all possible.  I will try to work through any issues as soon as 
I have time.

Jim.

From: "magnum" <rawsmooth@...dband.net>


> The enclosed patch fixes everything I mentioned except the problem with
> not cracking 2011-CrackMeIfYouCan_part1.zip
>
> magnum
>
>
> On 2011-09-10 11:54, magnum wrote:
>> Here's a detail I think was better with the old version:
>>
>> Loaded 8 password hashes with 8 different salts (pkzip [N/A])
>> magnum (excel.zip)
>> 100 (test.zip)
>> 48670667 (blag.zip)
>>
>> ...new version output:
>> Loaded 9 password hashes with 9 different salts (pkzip [N/A])
>> magnum (?)
>> 100 (?)
>> 48670667 (?)
>>
>> A questionmark is not very useful here. This should be a trivial fix to
>> zip2john. One of my test files don't even get the filename AT ALL in the
>> infile:
>>
>> $ zip2john blag.zip 2>/dev/null
>> $pkzip$3*2*1*0*8*24*ab33*f1c6cc22d492bfff0a2255839659e95dcc92261f5e64c33438adebf2e212bce6158ca5a0*1*0*8*24*a40e*7c8c1835321b1e4d2d898fe1c5bd92df93cdbc63957e6b369faa9214d44a63dc77e43e36*2*0*58*107*b0713b8c*1135a1*48*8*58*88d1*d74723db2f873b7500a49ad34db2f1f52e0bf03143d5057912b23225607cc56cbde281ca5aa0e76dc2964aa89864134884aeaf7f6d26445b12ad2df654fe3e3d6a27a62ab42f737716678643e8c7e9ca95a5912cb9fbe64f*$/pkzip$
>>
>>
>>
>> Also, there is a line that should go to stderr and not to the infile:
>> 2011-CrackMeIfYouCan_part1.zip->contest_tree/challenge1/ is not 
>> encrypted!
>>
>> For some reason it *fails* to crack 2011-CrackMeIfYouCan_part1.zip even
>> though it cracked five other testfiles in the same session that had the
>> same password. Can you verify cracking of that very file? I suspect the
>> problem is in zip2john and not the format. Here is the line I got from
>> zip2john for that file:
>> $pkzip$3*2*1*3*0*c0*16c3*7176321e9b05105ab727c6546720124cc71383b6a388817cd8b300fbba3a890f1c74fc6c852476380b134ebc565f23ea7ad5f58d7f7a2d3ddae6b415e112702d1dbde0d7428b9c313bc68e4c4ca10cbaad228ff9163c06d44345564fb52cf3c76a0767eab8ddd06aaa873bf219514cf11a51e61879296fcd1afe45c00fbd3a8464efb97458978e45d2c5668e92f3f641a5db0afb6d1f76cf16d25d8cebb096fe3d76e6ae3844d3a956c189409afc2979810d29c7387a40e714baa58dc9101764*1*6*8*c0*16c3*57428bffd664d6469ea47e95809cbeccaebb9925438428189d9a76f8e063ca1e40271edc298b66ed0ecc70bd2f0bdbab31473bfa5b272312a0957e86da33bbb86bdb7eccd2098549277113cd8007b3b88102625b4c4b45aaa0302f9063d63504e2cfbd2f47c5f2f10aa2c2e7069de97d49d385fbbdf9979c9d84599c0c08d417eb051eae0a8bee6aa9499a2fcad4c3e3acdae529f8971f376d6cb726e6ef37b799556f230b65335e2bc19ba37fad73549c41b107d4b9db31a057cf91a33812c2*3*0*4c30*4a911*a3bbd8d2*16299a*5b*8*1e*16c3*2011-CrackMeIfYouCan_part1.zip*$/pkzip$
>>
>>
>> magnum
>
> 

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ