Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Sep 2011 10:04:04 -0500
From: "jfoug" <>
To: <>
Subject: RE: False positives on zip (aes256)

You will have to 'change' the zip format source file to  do this. Change the
cmp_exact to this (NOTE I have not tested, just coding in the email)

static int cmp_exact(char *source, int index)
	static int cnt=0;
	if (++cnt < 13) // we have to 'pass' the self tests.
		return has_been_cracked[index];
	cnt = 20; // to make sure we do not 'wrap' cnt past the end of a
2^31 number to a negative number
	if (has_been_cracked[index]) {
		fprintf(stderr, "\nPossible pass:  %s   Hash=%s\n\n",
saved_key[index], source);
		log_event("++ Possible pass:   [%s]", saved_key[index]);
      return 0;

Then you can see them show up on the screen output, and also in the john.log
file.  These can then be tested after the run.  

NOTE, this method will cause john to NEVER find the password.  It simply
informs you in output that a possible password was seen.  The right one will
be output, along with any false positives. 


>From: estenole lists []
>Hello all,
>im using the latest John the Ripper
>for trying to get the key of a zip encrypted
>with aes256 bit. I allready know that actuallty false positives are
>at this time.
>THe problem is tha when processing the wordlist john stops as soon as a
>is found, but at the moment
>none on them works, what i want to achieve is to force john to try with
>full wordlist while printing
>the keys found so i can try them when finished. Could find any option or
>configuration to do so, do you
>know id theres such a possiblity ?
>Thank you

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.