Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 7 Jul 2015 15:31:55 -0300
From: <alexandre_drake@...oo.com.br>
To: <john-users@...ts.openwall.com>
Subject: RES: RES: Break a virtual drive

Marek,

Yes my first impulse was to contact Samsung`s tech support but I found a kind of site where consumers complained about various products and there was a reclamation of one very alike. They answered that this kind of support is given by Seagate and the consumer opened a reclamation to Seagate who answered that there was "no recover pass service". 
Well, the second way is also very difficult as the pass was made by a software called Keeppass which is include in a Mozilla Suite which is inaccessible since my pen drive was broken in its USB cradle.
As you see my only hope is some kind of "brute force" software to do the job but even with this solution I need to know first how long does it take and the "robot" must be also clever enough to save the trials log in order to continue since the last tentative done (just in case I have to shut down the note or other electric matter.

-----Mensagem original-----
De: Marek Wrzosek [mailto:marek.wrzosek@...il.com] 
Enviada em: terça-feira, 7 de julho de 2015 14:20
Para: john-users@...ts.openwall.com
Assunto: Re: RES: [john-users] Break a virtual drive

Hi Alexandre,

I also don't know if I've understood completely Jon's response, but I think it was about some BIOS locked HDD. Samsung SecretZone seems similar to truecrypt but truecrypt was well documented and SecretZone is Samsung's own solution. To crack password you would need the hash and algorithm that was used to create it. Here is a problem - only Samsung knows where this hash is stored/how to extract it and I don't know if they will be willing to disclose this information to the public. Of course you can try to contact Samsung's tech support for this information. The speed of cracking would depend on what algorithm was used to create the hash, if it was HMAC with thousands of iterations (like in case of truecrypt), then cracking will be extremely time consuming, other way they won't even tell you how to extract that hash.
It seems that the only way to recover passwords for disc encryption is trying to recall what the password was/how did you created it. :(

Best Regards

W dniu 07.07.2015 o 17:22, alexandre_drake@...oo.com.br pisze:
> Thank you Jon for your response but I am afraid I didn`t have it completely understood. I have this Hiren`s Boot CD but I`m not sure how to unlock the HDD. The Hirens have many programs inside it. Which one do you use to do the job first ?
> 
> -----Mensagem original-----
> De: Jon Jaffe [mailto:joncjaffe@...il.com] Enviada em: terça-feira, 7 
> de julho de 2015 12:02
> Para: john-users@...ts.openwall.com
> Assunto: Re: [john-users] Break a virtual drive
> 
> It's a *hirens bootCD*, free to download lol google it.  I am using 
> *Hiren's Boot CD* to unlock it. I am able to go to Unlock and it says 
> "done" with a
> 0000 code for both user *password* or master *password*. .... BIOS in which I got a hash which I *used to reset* an *HDD* just two weeks ago.
> 
> 
> https://www.youtube.com/watch?v=R1hfKeEvsn4
> 
> On Tue, Jul 7, 2015 at 8:46 AM, Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> 
>> On Tue, Jul 7, 2015 at 12:33 PM,  <alexandre_drake@...oo.com.br> wrote:
>>>
>>> I lost the password of the Secret Zone in my external Samsung HD.
>>
>> Samsung SecretZone is not supported by JtR, currently.
>>
>>> Well, I know my password has no more than 7 or 8 digits but I am not
>> familiar with the technics of breaking passwords. I thought to use a 
>> "brute force" software but have read that would need a dump archive 
>> and have no idea how to extract it from the HD software.
>>
>> SecretZone seems like GUI program, so maybe a small AutoIt script (to 
>> do the brute-forcing against the SecretZone GUI program) would do the 
>> job?
>>
>> Dhiru
>>
> 

--
Marek Wrzosek
marek.wrzosek@...il.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.