Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 11 Sep 2011 00:52:38 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: Rewrite of the pkzip format posted (on the wiki).

On 2011-09-10 23:18, JimF wrote:
> If there is problems you find (or a patch I have left out, as it appears
> may have happened from a post you made a little after this one), then
> post them, if at all possible. I will try to work through any issues as
> soon as I have time.

Wiki is updated. Here is what I had to do, to get that last zipfile cracked.

Both of the tests affected in the enclosed patch clearly gave false 
negatives on 2011-CrackMeIfYouCan_part1.zip. However, there *might* be 
better ways than just commenting them out like I did. In this case, C 
was 80 (decimal) in the first test and v1 was 0x034b while v2 was 0x1404 
(v2^0xffff was 0xebfb). We might be able to put these back with some 
correction for what is valid or not. If not, there are some more code 
that should be commented out 'cause it's currently unnecessary.

OTOH I don't see much of a performance hit. But I do not possess any 
1-byte checksum zipfiles. These checks are the fourth and fifth so lots 
of false positives are already sorted.

Anyways, I believe this must be in until we get something better.

magnum

View attachment "pkzip-fixes-falseneg.diff" of type "text/x-patch" (1033 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.