Date: Fri, 10 Sep 2010 08:20:07 +0200 From: "Magnum, P.I." <rawsmooth@...dband.net> To: john-users@...ts.openwall.com Subject: Re: Attacking Windows-ALT chars in LM Hashes On 09/09/2010 10:02 PM, Solar Designer wrote: >> 2) I could certainly modify dumbforce/or knownforce mode to target a >> limited range of the most commonly used ALT + normal characters. I >> guess my biggest question then is what numerical values do the ALT >> characters correspond to? aka is ALT-0142 represented as a character >> with value 142 in Windows, or is it encoded some other way? > > Apparently, these 8-bit character codes are passed into LM hashes as-is > (assuming that those hashes are produced at all). Well, they are first converted from [in this case] cp1252 to utf-16le. JtR however, cheats when doing this conversion: it just puts a 0x00 between each char. This works for most of the charset when converting from iso-8859-1 to utf-16le, but will fail on anything else. Thus, without rewriting JtR you will never ever crack a LM password containing a character whose utf-16le msb is not 0x00. There is no workaround. In this case of ALT-0xxx keyboard codes, I guess this all means that if the character is the same position in iso-8859-1 as in cp1252, it will work, otherwise it will not. This is a complex matter. I think I got it right, anyway this is the gist of it. cheers magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.