Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Sep 2011 08:38:30 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: False positives on zip (aes256)

You will have to hand edit the john.pot file (or remove it), if you restart.
Any of the lines containing this '/zip/hackme.zip' hash, will cause john to
not search for that hash, the next time it starts.

I have added this as a 'wish list' item.  So if we do have formats which end
up outputting false ++ (and we cannot 'fix' them), then an option like this
will do just what you are seeing be performed with your hard coded change.

Jim.

>-----Original Message-----
>From: estenole lists [mailto:estenole.lists@...il.com]
>Sent: Friday, September 02, 2011 6:54 AM
>To: john-users@...ts.openwall.com
>Subject: Re: [john-users] False positives on zip (aes256)
>
>Hello all,
>
>fully functional, at least for my specific needs .-)
>(1fh8   was added serveral time to the wordlist for testing)
>
># usr/src/john-1.7.8-jumbo-5/src# ../run/./john
>--wordlist=/zip/listado-john.txt /zip/hachme-hash.txt
>Loaded 1 password hash (zip [32/64])
>1fh8             (/zip/hackme.zip)
>1fh8             (/zip/hackme.zip)
>1fh8             (/zip/hackme.zip)
>guesses: 3  time: 0:00:02:03 0.75% (ETA: Fri Sep  2 18:18:11 2011)  c/s:
>239  trying: 10rM - 10sZ
>1fh8             (/zip/hackme.zip)
>guesses: 4  time: 0:00:04:06 1.51% (ETA: Fri Sep  2 18:16:23 2011)  c/s:
>240  trying: 1jm0 - 1jnl
>1pf)             (/zip/hackme.zip)
>guesses: 5  time: 0:00:06:08 2.24% (ETA: Fri Sep  2 18:18:39 2011)  c/s:
>238  trying: 1u3M - 1u4Z
>
>
>Thank you !
>
>2011/9/2 estenole lists <estenole.lists@...il.com>
>
>>
>> Hello,
>>
>> seems like the problem was on ldr_remove_hash(crk_db, salt, pw) inside
>> crk_process_guess .-)))
>>
>>
>> static int crk_process_guess(struct db_salt *salt, struct db_password
>*pw,
>>         int index)
>> {
>>         int dupe;
>>         char *key;
>>
>>         dupe = !memcmp(&crk_timestamps[index], &status.crypts,
>> sizeof(int64));
>>         crk_timestamps[index] = status.crypts;
>>
>>         key = crk_methods.get_key(index);
>>
>>         log_guess(crk_db->options->flags & DB_LOGIN ? pw->login : "?",
>>                 dupe ? NULL : pw->source, key,
>> crk_db->options->field_sep_char);
>>
>>         crk_db->guess_count++;
>>         status.guess_count++;
>>
>>         if (crk_guesses && !dupe) {
>>                 strnfcpy(crk_guesses->ptr, key,
>> crk_params.plaintext_length);
>>                 crk_guesses->ptr += crk_params.plaintext_length;
>>                 crk_guesses->count++;
>>         }
>>
>>         /*ldr_remove_hash(crk_db, salt, pw);*/
>>
>>         if (!crk_db->salts)
>>                 return 1;
>>
>>         crk_init_salt();
>>
>>         return 0;
>> }
>>
>>
>> Thank you
>>
>>
>>
>> 2011/9/2 estenole lists <estenole.lists@...il.com>
>>
>>>
>>> Hello,
>>>
>>> ive tried it without suceess, it stops on the first key it finds. Ive
>been
>>> makeing some tests
>>> and seems like i should modify the function crk_process_gues called
>from
>>> cracker.c. My C
>>> knowledge is limited, but that function make some changes that affect
>the
>>> rest of the bufferered
>>> keys os any other value.
>>>
>>>
>>>  if (crk_methods.cmp_exact(pw->source, index)) {
>>>                                 if (crk_process_guess(salt, pw,
>index))
>>>                                    ->     return 1;
>>>                                 else
>>>                                         break;
>>>                         }
>>>
>>>                 } while ((pw = pw->next));
>>>
>>>
>>> Ive tried some modifications, but after crk_process_gues the program
>>> exits. I tried to modify some
>>> calls before but i ended on a Segmen segfault errors.
>>>
>>> Ill let you know if im able to get it working.
>>>
>>> Thank you !
>>>
>>>
>>>
>>>
>>> 2011/9/1 jfoug <jfoug@....net>
>>>
>>>> You will have to 'change' the zip format source file to  do this.
>Change
>>>> the
>>>> cmp_exact to this (NOTE I have not tested, just coding in the email)
>>>>
>>>> static int cmp_exact(char *source, int index)
>>>> {
>>>>        static int cnt=0;
>>>>        if (++cnt < 13) // we have to 'pass' the self tests.
>>>>                return has_been_cracked[index];
>>>>        cnt = 20; // to make sure we do not 'wrap' cnt past the end
>of a
>>>> 2^31 number to a negative number
>>>>        if (has_been_cracked[index]) {
>>>>                fprintf(stderr, "\nPossible pass:  %s   Hash=%s\n\n",
>>>> saved_key[index], source);
>>>>                log_event("++ Possible pass:   [%s]",
>saved_key[index]);
>>>>        }
>>>>      return 0;
>>>> }
>>>>
>>>> Then you can see them show up on the screen output, and also in the
>>>> john.log
>>>> file.  These can then be tested after the run.
>>>>
>>>> NOTE, this method will cause john to NEVER find the password.  It
>simply
>>>> informs you in output that a possible password was seen.  The right
>one
>>>> will
>>>> be output, along with any false positives.
>>>>
>>>> Jim.
>>>>
>>>> >From: estenole lists [mailto:estenole.lists@...il.com]
>>>> >
>>>> >Hello all,
>>>> >
>>>> >im using the latest John the Ripper
>>>> >1.7.8-jumbo-5<http://www.openwall.com/john/g/john-1.7.8-jumbo-
>5.tar.gz>
>>>> >version
>>>> >for trying to get the key of a zip encrypted
>>>> >with aes256 bit. I allready know that actuallty false positives are
>>>> >common
>>>> >at this time.
>>>> >
>>>> >THe problem is tha when processing the wordlist john stops as soon
>as a
>>>> >key
>>>> >is found, but at the moment
>>>> >none on them works, what i want to achieve is to force john to try
>with
>>>> >the
>>>> >full wordlist while printing
>>>> >the keys found so i can try them when finished. Could find any
>option or
>>>> >configuration to do so, do you
>>>> >know id theres such a possiblity ?
>>>> >
>>>> >Thank you
>>>>
>>>>
>>>
>>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.