Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110923033339.GA22848@openwall.com>
Date: Fri, 23 Sep 2011 07:33:39 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512)

Rich, Jean-Michel, all -

Here's a trivial Perl script I just hacked together to process Lion's
plist files (such as /var/db/dslocal/nodes/Default/users/username.plist)
and print the hashes in a format directly usable by John 1.7.8-jumbo-7.

Usage:

./lion2john.pl < username.plist > username.hash

or for many files:

for f in *.plist; do ./lion2john.pl < $f; done > hashes

---
#!/usr/bin/perl

read(STDIN, $_, 1000000) || die;

($hash) = /bplist00\xd1\x01\x02\x5dSALTED-SHA512\x4f\x10\x44(.{68})/;
if (!$hash) {
	print "Could not find a Mac OS X 10.7 Lion salted SHA-512 hash\n";
	exit 1;
}

print unpack('H*', $hash), "\n";
---

Please test this on more plist files and report back.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.