Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 2 Sep 2011 13:34:07 +0200
From: estenole lists <estenole.lists@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: False positives on zip (aes256)

Hello,

ive tried it without suceess, it stops on the first key it finds. Ive been
makeing some tests
and seems like i should modify the function crk_process_gues called from
cracker.c. My C
knowledge is limited, but that function make some changes that affect the
rest of the bufferered
keys os any other value.


 if (crk_methods.cmp_exact(pw->source, index)) {
                                if (crk_process_guess(salt, pw, index))
                                   ->     return 1;
                                else
                                        break;
                        }

                } while ((pw = pw->next));


Ive tried some modifications, but after crk_process_gues the program exits.
I tried to modify some
calls before but i ended on a Segmen segfault errors.

Ill let you know if im able to get it working.

Thank you !



2011/9/1 jfoug <jfoug@....net>

> You will have to 'change' the zip format source file to  do this. Change
> the
> cmp_exact to this (NOTE I have not tested, just coding in the email)
>
> static int cmp_exact(char *source, int index)
> {
>        static int cnt=0;
>        if (++cnt < 13) // we have to 'pass' the self tests.
>                return has_been_cracked[index];
>        cnt = 20; // to make sure we do not 'wrap' cnt past the end of a
> 2^31 number to a negative number
>        if (has_been_cracked[index]) {
>                fprintf(stderr, "\nPossible pass:  %s   Hash=%s\n\n",
> saved_key[index], source);
>                log_event("++ Possible pass:   [%s]", saved_key[index]);
>        }
>      return 0;
> }
>
> Then you can see them show up on the screen output, and also in the
> john.log
> file.  These can then be tested after the run.
>
> NOTE, this method will cause john to NEVER find the password.  It simply
> informs you in output that a possible password was seen.  The right one
> will
> be output, along with any false positives.
>
> Jim.
>
> >From: estenole lists [mailto:estenole.lists@...il.com]
> >
> >Hello all,
> >
> >im using the latest John the Ripper
> >1.7.8-jumbo-5<http://www.openwall.com/john/g/john-1.7.8-jumbo-5.tar.gz>
> >version
> >for trying to get the key of a zip encrypted
> >with aes256 bit. I allready know that actuallty false positives are
> >common
> >at this time.
> >
> >THe problem is tha when processing the wordlist john stops as soon as a
> >key
> >is found, but at the moment
> >none on them works, what i want to achieve is to force john to try with
> >the
> >full wordlist while printing
> >the keys found so i can try them when finished. Could find any option or
> >configuration to do so, do you
> >know id theres such a possiblity ?
> >
> >Thank you
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.