Date: Mon, 09 Mar 2015 20:42:57 +0300 From: Alexander Cherepanov <ch3root@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Crack 7z format On 2015-03-09 18:40, Kai Zhao wrote: > 7z_fmt_plug.c: > https://github.com/loverszhaokai/JohnTheRipper/blob/bleeding-jumbo/src/7z_fmt_plug.c > > I want to test 7z format, here are what I think. > > 1. Use 7-zip to encrypt a file > 2. How can I get the password file (like /ect/password and /etc/shadow) In case of encrypted files (and in some other cases), you have to use 2john tools bundled with john. For 7-Zip, it's 7z2john.py. > 3. Is the password file like the format described as 7z_fmt_plug.c ? > "$7z$0$19$0$1122$8$d1f50227759415890000000000000000$1412385885$112$112 > $5e5b8b734adf52a64c541a5a5369023d7cccb78bd910c0092535dfb013a5df84ac69 > 2c5311d2e7bbdc580f5b867f7b5dd43830f7b4f37e41c7277e228fb92a6dd854a3164 > 6ad117654182253706dae0c069d3f4ce46121d52b6f20741a0bb39fc61113ce14d22f > 9184adafd6b5333fb1" This a "hash" which embeds everything necessary for cracking. You can put it into a file and feed this file to john. > 4. When I fuzzed a 7z-hash, how could I know the fuzzed hash is valid or > not ? I don't think there is a general simple way to do it, you have to look into the C code for the format. There are some hints though. It's quite common to separate parts of the "hash" with $, and the main part of this hash looks like hex. > By the valid() function ? valid() function should ideally accept a hash if and only if it's valid. Large part of the task is to improve valid() functions. > If a fuzzed 7z-hash passes valid() and takes a lot of time > to crack, how should I > judge the fuzzed 7z-hash whether is a wrong format ? It doesn't matter for now how much time it takes to be cracked, if it is cracked at all or if it is cracked incorrectly. That's all important questions but they are somewhat separate. Fuzzing (and the corresponding GSoC task) are aimed at ensuring that the hash is handled robustly in the process -- that all parts of the hash don't overflow any arrays, that all necessary variables are initialized etc. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.