Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 31 Mar 2008 10:18:32 +0400
From: Solar Designer <>
Subject: Re: passwords with fixed position characters and numbers

On Fri, Mar 28, 2008 at 12:27:58AM +0100, Ronald Brakeboer wrote:
> I did some searching in old topics and came up with this:

Thank you for searching the archive - I wish everyone did that.

> Two options: 
> Generate a file (with John) with all the combo's of aaaa and ZZZZ. Dump it
> to external. 
> Then add a rule in external (I guess) and add following: 
> $[0-9]$[0-9]$[0-9]$[0-9]
> this will append 4 digits at the end of a word from your wordlist.
> Then run John.

This is almost right, except that the above rule is for wordlist mode -
so you'd put it in "[List.Rules:Wordlist]", replacing the contents of
that section.  External modes don't use this rules syntax; they use a
C-like programming language instead.

> Option 2.
> I found following script for format aaa0000 (which is 3 alpha-4digits)

As you could see, it was too specialized and it handled each character
position separately.

> Only problem Uppper to change that?

That would be easy to fix, but the resulting code would look even worse
than the original did - you'd have to duplicate that code fix for each
character position where you need both lowercase and uppercase letters.

> [List.External:aaa0000]
> void init()
> {
> word[0] = 'a';
> word[1] = 'a';
> word[2] = 'a'; // just copied one line and added +1 to all word[x] entries to get aaaa0000 instead of aaa0000
> word[3] = 'a';
> word[4] = '0';
> word[5] = '0';
> word[6] = '0';

This looks right so far.

> word[7] = '/';               // what's this doing? Is that ok? Shouldn't that be > word[8] = 0; here?

In ASCII, '/' is the character right before '0'.  This is the correct
initialization for the last character in word[] because the code in
generate() would start by incrementing it, thereby setting it to '0'.

A much cleaner way to write it would be:

word[7] = '0' - 1;

> word[8] = 0;

This is correct - we need to NUL-terminate word[].

> // I was thinking of something like this: aaaa0009 then add +1 to 7th
> pos..if aaaa0099 add +1 to 6th post etc etc

Right.  Also, don't forget to reset the 9's back to 0's.

> // I probably need some loop (return or whatever) somewhere to make it go
> back after adding +1 tot the last character do I?

If I understood you correctly, that loop is in JtR itself.  So, yes, you
only need to "return" (or reach the end of function).

> {
> if(++word[8]>'9')  // It counts from 0 till 9 and then starts with following aaaa0010?

This is slightly wrong - word[8] is your NUL-termination.  The last
actual character is word[7].

(Not to mention that this whole approach with nested if's is very dirty.)

> {
> word[7] = '+1';   // As in 10..20..30 etc etc, +1 is probably wrong value (any thoughts?)

This is not even valid syntax - you can't put more than one character in
there.  What you meant is probably:

word[7] = '0';

to reset the character that "overflowed", then you'd fall through to the
previous position and try incrementing the character there:

> {
> if(++word[7]>'9')

It should be word[6] here.  And so on.

> if(++word[4]>'Z')

You can't mix lowercase and uppercase letters like that because they use
separate ASCII code ranges.  You'd have to use more if's here, which
really would not be pretty.

> ............// count tried passwords
> count=$          //$ is result of count tried passwords
> ..........// Print message " finished tried $ passwords "  and stop

You can't do that in an external mode explicitly.  Instead, you merely
set "word = 0;" and JtR itself does what you have described for you.

> // Ow...whe need it to go --stdout...hmmm, how?

Just specify the --stdout command-line option along with your
--external=MODE one.

> Please take a look at it and modify if needed or if it speeds up things.

That code is too dirty to be modified to do what you need.  Just use the
KnownForce mode from my previous response instead.

Good luck!

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.