Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Sep 2011 08:21:40 -0400
From: David Jones <jonesd@...umbus.rr.com>
To: john-dev@...ts.openwall.com
Cc: David Jones <jonesd@...umbus.rr.com>
Subject: Re: Patch for dynamically loaded formats

I updated the patches wiki with version 2.4 of the OpenVMS kit.  The major change is I  renamed uaf_to_password.c to uaf2john.c and updated it to run on non-VMS systems.  The kit includes a vms_tst.uaf file, synthesized from the bf_tst.in passwords, that can be used to test uaf2john and subsequently vms_fmt with 1500 test hashes.


                                                                  24-SEP-2011

This is a new patch for John the Ripper (1.7.8) to support OpenVMS password 
hashes.  The major difference between this patch and the 2002 patch by 
Jean-loup Gailly is that this version supports mixed-case passwords (UAI flag 
UAI$M_PWDMIX).  It is also multi-threaded, increasing performance up to 50-65%
on a dual-processor system (splitting your password file into multiple jobs is
probably more effective).  The only builds done so far are on OpenVMS Alpha 
8.3 and OS X x86 1.6 (Mac Mini).

Building:
   This kit has 3 parts: a patch to JtR version 1.7.8 to add the
   --plugin=dll_file option; the openvms format module; and a
   OpemVMS utility program to convert SYSUAF.DAT files to passwd files.
   
   Start with the source tree from the standard John the Ripper (JtR) 
   distribution version 1.7.8, unzip the distribution file with the
   src directory as the default, which will create  ./vms directory with 
   several files in it.  Then apply the patch with the one of the commands:

      patch -p1 <vms/john_1^.7^.8^.plugin.diff

      @[.vms]patch_src [.vms]john_1.7.8.plugin.diff [.vms]

   A descrip.mms and build.com file are provided for building on OpenVMS, a 
   replacement Makefile is provided for building the vms_fmt shareble on
   Unix/Linux.  If you start with s 'jumbo patch' version of John the Ripper,
   invoke mms with /macro=jumbo=7 or use the build_jumbo.com procedure.

   On Unix, the make produces a new ../run/vms_fmt shared library, a build on 
   OpenVMS produces 3 or 4 image files in the [-.run] directory: john.exe, 
   uaf_to_passwd.exe, vms_fmt.exe (shareable image), and (optionally)
   openssl_shim.exe.  The shim file is needed because John requires
   case sensitive external names and HPs OpenSSL library provides only
   case insensitive (upcased) symbol definitions.

John the Ripper executable:
   A new command line and config file option was added to john to support 
   dynamically loading modules to handle new password hash formats.
   The VMS password hash function was then added via this mechnism (the
   vms_fmt.exe shareable image).  You can either specify this module
   on the command line as --plugin=dll_file or by adding the line 
   "plugin = dll_file" to john.conf.  Note that on VMS the dll_file
   filename must be a full file specification since dlopen() looks
   in sys$share by default.

vms_fmt shareable image/dll:
   When loaded, the vms_fmt module registers a format name of "openvms".
   On startup, this module uses an environment variable, JOHN_OPENVMS_THREADS, 
   to configure the multi-threading parameters.  The variable value is a 
   string of the form "number threshold limit", where:

      number       Is a decimal integer indicating the number of auxillary 
                   worker threads to create (default 1).  The worker threads
                   are given batches of candidate passwords to hash against
                   a salt, the results of which will be searched for a match
                   with the password file entry.  Zero is a legal value,
                   which forces all work to be done by the main thread.

      threshold    Number of candidate passwords (keys) that must be
                   accumulated before a work request may be initiated 
                   asychronously to a worker thread (default 36).

      limit        Maximum number of candidate passwords passed to a worker
                   thread in a single request (default 120, max 1680).  The
                   degree of concurrency achieved depends upon threshold,
                   limit, and john the ripper's operating mode.  Best results
                   are when john is operating in wordlist mode.

Uaf2john executable:
   This program reads a UAF data file and generates a passwd file that JtR uses
   as input.  Note that the 'ciphertext' hash string inserted in the password
   field is encoded very differently than what the J. Gailly patch uses.
   The username component is condensed to 5.32 bits/character (RAD-50, 3 chars/
   16 bits) and the string is a fixed length.

   On OpenVMS, the SYS$GETUAI service (with inherent privilege checks) is 
   used to extract the information from SYSUAF.  A non-privilege user can 
   extract his own account's password hash from the system SYSUAF, but no one
   else's.

   OpenVMS Command line:

        uaf2john [sysuaf-listing|$|~username] [output-file]

   Unix Command line:

        uaf2john rawuaf-file [output-file]

   Arguments:

	rawuaf-file	  Binary file containing contents of SYSUAF.DAT
			  converted to a flat file with fixed length
			  (1412 byte) records.  The uaf2fixed.com command 
			  procedure invokes the OpenVMS convert utility
		          to procduce this file.

        sysuaf-listing    Must be a file of the format produced by the
                          authorize list/brief command.  The usernames
                          to lookup are extracted from this file.

        $                 Spawn the appropriate authorize command and use the
                          SYSUAF.LIS file produced.  It is not deleted 
                          afterwards.

        ~username         Produce a temporary input file with a single line
                          containing the specified user and enough elememts
                          to be parsed by uaf_to_passwd.

        output-file       A unix-style passwd file (7 colon-delimited fields)
                          suitable for input to John the Ripper.  If omitted,
                          output goes to stdout (sys$output).

Files in kit that apply to Unix and OpenVMS:
   vms_fmt.c              Defines class record for registering vms_std-mp.c
                          as a plugin (dynamically loaded) format for OpenVMS
                          hash strings.

   vms_std-mp.c, .h       Provide decoding/hashing functions to JtR for
                          processing openvms format ($V$) hash strings.  This
                          module is where multi-threading takes place.

   uaf_raw.h		  Defines record layout for SYSUAF.DAT file (after
			  conversion by uaf2fixed.com).

   uaf_encode.c, .h       Support routines for encoding/decoding ciphertext
                          strings from SYSUAF information.

   uaf_hash.c             Logically part of uaf_encode.c, provides the password
                          hash function for testing candidate passwords.

   uaf2john.c             Conversion utility, see preceding section.

   vms_tst.uaf            Test input file for uaf2john on Unix systems.  File
			  passwords were taken from bf_tst.in in 1.03 test 
			  suite.

   john_1.7.8.plugin.diff Used to patch JtR source files to allow loading
                          of DLL-based format via the --plugin=dll.  Updates
                          files: john.c, Makefile, formats.h, options.c,
                          and options.h. Adds new files plugin.c and plugin.h.

   makefile		  Make file for vms_fmt DLL and uaf2john executable.

Files in kit that apply to OpenVMS only:
   patch_src.com	  

   descrip.mms            Used for OpenVMS build.  MMS description file.

   build.com build_jumbo  Command procedures to build executables.

   prejohn.c		  Wrapper main() for setting up C RTL environment
			  for john.c's main().

   tty-vms.c              Used for OpenVMS build to provide non-blocking
                          reads of terminal keystrokes.  JTR polls keyboard 
			  once a second and outputs status line if any activity.

   signals-mp.c           Used for OpenVMS build.

   alpha-vms.h            Used for OpenVMS build, platform-specific architecture
                          information (seed for arch.h).

   stdbool.h,stdint.h     Substitute system headers not shipped with DECC.

   john_build_rule.h      Supplies pseudo-make 'rule' for build: "OpenVMS-MMS".

   uaf2fixed.com          OpenVMS command procedure to convert SYSUAF.DAT to
			  format for processing on Unix.

   john.opt john-j7.opt   Used for OpenVMS build, linker options file.

   vms_fmt.opt		  Linker options file for vms_fmt DLL.

   openssl_shim.opt       (Jumbo build on OpenVMS)

Copyright (c) 2011 by David L. Jones <jonesd/at/columbus.rr.com>, and
is hereby released to the general public under the following terms:
   Redistribution and use in source and binary forms, with or without
   modifications, are permitted.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ