Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 31 Jan 2013 00:47:09 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: DMG (was: dmg2john)

On 30 Jan, 2013, at 18:54 , Milen Rangelov <gat3way@...il.com> wrote:
> On Wed, Jan 30, 2013 at 7:48 PM, magnum <john.magnum@...hmail.com> wrote:
> On 30 Jan, 2013, at 3:12 , magnum <john.magnum@...hmail.com> wrote:
> > I think the remaining problem is in the formats - I just found out that smaller files does not crack either, neither with this version or the original (this version outputs the same for small files). Not even a 100 MB file works. So we still have issues and I'm still not sure this dmg2john is right for large files (but it seems to be). I actually can't find any version of dmg in the git history that works at all for even a small file.
> 
> 
> Here's a thought: I bet there is an iteration count parameter stored somewhere that we fail to read. Our format is fixed at 1000. That would explain why I can't produce *any* crackable DMG file on this computer.
> 
> magnum
> 
> Hello,
> 
> In the header structure, there is a member,  uint32_t kdf_iteration_count which holds the iteration count. I've never seen a dmg file having iteration count different than 1000, but you could check that if the image has different parameters. I am very interested in the results as well since I have also fixed 1000 iterations.

Ah, thanks. How did you ever get the idea to hardcode that!?

Bad news: The iterations count in my test files varies a little and it's not even numbers, but it's over 200,000 (how many SHA-1's is that per candidate, for a key length of 32? About 800,000 I think?). That's a good bump from 1000. At first this did not seem correct (still did not crack) but when I dumped the resulting plaintext I could see lots of consecutive zeros when the right key is used, so this is actually right. Over 200 times slower than older versions.

So I added a known-plain test of "8 consecutive nulls" and voila, my test files can be cracked. But you will need a lot of luck to crack any file with this speed (CPU format can do about 9 c/s per core, OpenCL format just hits hits the watchdog timer on my laptop - we have to use a split kernel here).

When I incorporated the same to the OpenCL format I noticed that it did not support v1 hashes at all although its valid() did not reject them. I really hope we don't have more such bad things in unstable. I made it up to par with CPU code.

Anyway, please test. Try old files, new files, different kinds of formats, encryption types, partition tables and so on. I bet we need even more known plains to test for in order to get every kind of them. This format needs its own README stating its limitations.

If you find a file that doesn't crack, uncomment the #define DMG_DEBUG in the CPU format and see what the plaintext looks like.

Speeds on Bull when attacking one of my test files: GTX 570 637 c/s, Tahiti 1559 c/s. This was with tweaked but not likely optimal work sizes.

Jeremiah, you need to use the latest code, and re-generate all input files with a fresh dmg2john. Please do not hold your breath while cracking.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.