Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 29 Jan 2013 23:04:07 -0600
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: Speeding up WPAPSK, by leveraging salt shortcomings

Great point(s). I will add ssid to user field.  I am not quite sure where to
put the bssid. Also, is there some field that would show up on a -show or
other way.

I have made changes to wpask_fmt.c (very very simple).  Added an int
(new_keys), and char buffer, last_ssid.  Then there is an if in crypt_all,
which simply avoids calling the pbkdf2 code.
then at the bottom of crypt_all, new_keys is set to 0, and we memcpy into
last_ssid.  Then I added a clear_keys that sets new_keys to 1.

To test, I grabbed 3 distinct hashes from my router, and made 5 extra
copies, changing 1 byte in each of these new 15, so that they can never be
cracked.  I added my password to the input file, and out popped all three
'real' hashes.  I ran it again using password.lst + rules and here are the
timings.  

$ ./john jfoug.in -w=password.lst -rules -ses=xxx
Loaded 18 password hashes with 18 different salts (WPA-PSK PBKDF2-HMAC-SHA-1
[128/128 SSE2 4x])
Remaining 15 password hashes with 15 different salts
Note: minimum length forced to 8
guesses: 0  time: 0:00:01:16 72.34% (ETA: Tue Jan 29 22:45:01 2013)  c/s:
8040  trying: Eclipse. - Excalibur.
guesses: 0  time: 0:00:01:54 DONE (Tue Jan 29 22:45:10 2013)  c/s: 8068
trying: Xanthing - Notuseding

$ head -1 jfoug.in > jfoug1.in

$ ./john jfoug1.in -w=password.lst -rules -ses=xxx
Loaded 1 password hash (WPA-PSK PBKDF2-HMAC-SHA-1 [128/128 SSE2 4x])
Note: minimum length forced to 8
guesses: 0  time: 0:00:00:41 44.43% (ETA: Tue Jan 29 22:47:11 2013)  c/s:
571  trying: AlohaAloha - AmourAmour
guesses: 0  time: 0:00:01:47 DONE (Tue Jan 29 22:47:26 2013)  c/s: 573
trying: Xanthing - Notuseding

So in this test, we processed a single hash in 107s.  We processed 15 hashes
with same SSID in 114s.  So, the extra 14 hashes only cost 7s.  Not bad ;)

Now, with this proof of concept, we need to figure out the easiest/best way
to properly load salts in SSID order for this format.

Also, I wonder if there are other formats that can be greatly reduced in
runtime by changing how the salts are being handled within JtR.

Jim.

From: magnum [mailto:john.magnum@...hmail.com] 
>
>BTW, the *cap2john utility should put the essid in a login field. This way,
with just this one-line patch, you can take advantage of the same-essid
optimization by just attacking one essid at a time, using
>
>./john wpapsk.in -user:netgear
>
>Another really great advantage is that Single mode will permute essids into
candidates. That might prove very rewarding.
>
>Also, the utility should definitely fill in the bssid (mac address) in some
field. How else would you know *which* of the 110 "netgear" you cracked? As
we can't use colons, this must be in dash form (de-ad-ba-be-ca-fe) or
compressed (deadbabecafe) and could be put in the uid field or whatever (but
NOT a fields read by Single!).
>
>magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.