Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 8 Jan 2014 05:19:10 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: 7z2john.py removal of some broken code

magnum, Dhiru -

As discussed with Dhiru off-list, 7z2john.py fails with:

  File "./JohnTheRipper/run/7z2john.py", line 810, in __init__
    if not self.checkcrc(folder.crc, data[0:size]):
UnboundLocalError: local variable 'size' referenced before assignment

at least on archives that start with some unencrypted files followed by
encrypted files with no header encryption.  We don't support encrypted
archives with no header encryption yet, but we should at least fail
gracefully - and we do with the attached patch.

I've also verified that the output from 7z2john.py stays the same (after
applying the patch) for an archive with header encryption (which we do
support).

Please apply.

There's still a lot more of broken/unused code in this script, and we do
need to add support for archives with no header encryption, as well as
for archives with simultaneous use of different encryption types
(headers encrypted vs. not) and/or with different passwords for
different files.  This gets tricky.  Someone else (not me) should work
on it.  BTW, I think 7-Zip calls these differently processed things
"blocks".  Extra blocks may be created by appending to a previously
created archive, so I think this is where (in terms of user interface)
such weird archives come from in the wild.

Alexander

View attachment "7z2john.diff" of type "text/plain" (1820 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.