Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Sep 2011 13:38:29 +0200
From: estenole lists <estenole.lists@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: False positives on zip (aes256)

Hello,

seems like the problem was on ldr_remove_hash(crk_db, salt, pw) inside
crk_process_guess .-)))


static int crk_process_guess(struct db_salt *salt, struct db_password *pw,
        int index)
{
        int dupe;
        char *key;

        dupe = !memcmp(&crk_timestamps[index], &status.crypts,
sizeof(int64));
        crk_timestamps[index] = status.crypts;

        key = crk_methods.get_key(index);

        log_guess(crk_db->options->flags & DB_LOGIN ? pw->login : "?",
                dupe ? NULL : pw->source, key,
crk_db->options->field_sep_char);

        crk_db->guess_count++;
        status.guess_count++;

        if (crk_guesses && !dupe) {
                strnfcpy(crk_guesses->ptr, key,
crk_params.plaintext_length);
                crk_guesses->ptr += crk_params.plaintext_length;
                crk_guesses->count++;
        }

        /*ldr_remove_hash(crk_db, salt, pw);*/

        if (!crk_db->salts)
                return 1;

        crk_init_salt();

        return 0;
}


Thank you


2011/9/2 estenole lists <estenole.lists@...il.com>

>
> Hello,
>
> ive tried it without suceess, it stops on the first key it finds. Ive been
> makeing some tests
> and seems like i should modify the function crk_process_gues called from
> cracker.c. My C
> knowledge is limited, but that function make some changes that affect the
> rest of the bufferered
> keys os any other value.
>
>
>  if (crk_methods.cmp_exact(pw->source, index)) {
>                                 if (crk_process_guess(salt, pw, index))
>                                    ->     return 1;
>                                 else
>                                         break;
>                         }
>
>                 } while ((pw = pw->next));
>
>
> Ive tried some modifications, but after crk_process_gues the program exits.
> I tried to modify some
> calls before but i ended on a Segmen segfault errors.
>
> Ill let you know if im able to get it working.
>
> Thank you !
>
>
>
>
> 2011/9/1 jfoug <jfoug@....net>
>
>> You will have to 'change' the zip format source file to  do this. Change
>> the
>> cmp_exact to this (NOTE I have not tested, just coding in the email)
>>
>> static int cmp_exact(char *source, int index)
>> {
>>        static int cnt=0;
>>        if (++cnt < 13) // we have to 'pass' the self tests.
>>                return has_been_cracked[index];
>>        cnt = 20; // to make sure we do not 'wrap' cnt past the end of a
>> 2^31 number to a negative number
>>        if (has_been_cracked[index]) {
>>                fprintf(stderr, "\nPossible pass:  %s   Hash=%s\n\n",
>> saved_key[index], source);
>>                log_event("++ Possible pass:   [%s]", saved_key[index]);
>>        }
>>      return 0;
>> }
>>
>> Then you can see them show up on the screen output, and also in the
>> john.log
>> file.  These can then be tested after the run.
>>
>> NOTE, this method will cause john to NEVER find the password.  It simply
>> informs you in output that a possible password was seen.  The right one
>> will
>> be output, along with any false positives.
>>
>> Jim.
>>
>> >From: estenole lists [mailto:estenole.lists@...il.com]
>> >
>> >Hello all,
>> >
>> >im using the latest John the Ripper
>> >1.7.8-jumbo-5<http://www.openwall.com/john/g/john-1.7.8-jumbo-5.tar.gz>
>> >version
>> >for trying to get the key of a zip encrypted
>> >with aes256 bit. I allready know that actuallty false positives are
>> >common
>> >at this time.
>> >
>> >THe problem is tha when processing the wordlist john stops as soon as a
>> >key
>> >is found, but at the moment
>> >none on them works, what i want to achieve is to force john to try with
>> >the
>> >full wordlist while printing
>> >the keys found so i can try them when finished. Could find any option or
>> >configuration to do so, do you
>> >know id theres such a possiblity ?
>> >
>> >Thank you
>>
>>
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.