Date: Sat, 10 Sep 2011 16:18:15 -0500 From: "JimF" <jfoug@....net> To: <john-dev@...ts.openwall.com> Subject: Re: Rewrite of the pkzip format posted (on the wiki). I have been at the lake this weekend (home for just a few minutes, have a wedding to attend in an hour and a half). I 'may' be home tonight, if we can not get away from the reception party afterwards, until too late. However, if not, I will not be able to look at any of this until Monday. If there is problems you find (or a patch I have left out, as it appears may have happened from a post you made a little after this one), then post them, if at all possible. I will try to work through any issues as soon as I have time. Jim. From: "magnum" <rawsmooth@...dband.net> > The enclosed patch fixes everything I mentioned except the problem with > not cracking 2011-CrackMeIfYouCan_part1.zip > > magnum > > > On 2011-09-10 11:54, magnum wrote: >> Here's a detail I think was better with the old version: >> >> Loaded 8 password hashes with 8 different salts (pkzip [N/A]) >> magnum (excel.zip) >> 100 (test.zip) >> 48670667 (blag.zip) >> >> ...new version output: >> Loaded 9 password hashes with 9 different salts (pkzip [N/A]) >> magnum (?) >> 100 (?) >> 48670667 (?) >> >> A questionmark is not very useful here. This should be a trivial fix to >> zip2john. One of my test files don't even get the filename AT ALL in the >> infile: >> >> $ zip2john blag.zip 2>/dev/null >> $pkzip$3*2*1*0*8*24*ab33*f1c6cc22d492bfff0a2255839659e95dcc92261f5e64c33438adebf2e212bce6158ca5a0*1*0*8*24*a40e*7c8c1835321b1e4d2d898fe1c5bd92df93cdbc63957e6b369faa9214d44a63dc77e43e36*2*0*58*107*b0713b8c*1135a1*48*8*58*88d1*d74723db2f873b7500a49ad34db2f1f52e0bf03143d5057912b23225607cc56cbde281ca5aa0e76dc2964aa89864134884aeaf7f6d26445b12ad2df654fe3e3d6a27a62ab42f737716678643e8c7e9ca95a5912cb9fbe64f*$/pkzip$ >> >> >> >> Also, there is a line that should go to stderr and not to the infile: >> 2011-CrackMeIfYouCan_part1.zip->contest_tree/challenge1/ is not >> encrypted! >> >> For some reason it *fails* to crack 2011-CrackMeIfYouCan_part1.zip even >> though it cracked five other testfiles in the same session that had the >> same password. Can you verify cracking of that very file? I suspect the >> problem is in zip2john and not the format. Here is the line I got from >> zip2john for that file: >> $pkzip$3*2*1*3*0*c0*16c3*7176321e9b05105ab727c6546720124cc71383b6a388817cd8b300fbba3a890f1c74fc6c852476380b134ebc565f23ea7ad5f58d7f7a2d3ddae6b415e112702d1dbde0d7428b9c313bc68e4c4ca10cbaad228ff9163c06d44345564fb52cf3c76a0767eab8ddd06aaa873bf219514cf11a51e61879296fcd1afe45c00fbd3a8464efb97458978e45d2c5668e92f3f641a5db0afb6d1f76cf16d25d8cebb096fe3d76e6ae3844d3a956c189409afc2979810d29c7387a40e714baa58dc9101764*1*6*8*c0*16c3*57428bffd664d6469ea47e95809cbeccaebb9925438428189d9a76f8e063ca1e40271edc298b66ed0ecc70bd2f0bdbab31473bfa5b272312a0957e86da33bbb86bdb7eccd2098549277113cd8007b3b88102625b4c4b45aaa0302f9063d63504e2cfbd2f47c5f2f10aa2c2e7069de97d49d385fbbdf9979c9d84599c0c08d417eb051eae0a8bee6aa9499a2fcad4c3e3acdae529f8971f376d6cb726e6ef37b799556f230b65335e2bc19ba37fad73549c41b107d4b9db31a057cf91a33812c2*3*0*4c30*4a911*a3bbd8d2*16299a*5b*8*1e*16c3*2011-CrackMeIfYouCan_part1.zip*$/pkzip$ >> >> >> magnum > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.