Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Sep 2011 07:33:39 +0400
From: Solar Designer <>
Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512)

Rich, Jean-Michel, all -

Here's a trivial Perl script I just hacked together to process Lion's
plist files (such as /var/db/dslocal/nodes/Default/users/username.plist)
and print the hashes in a format directly usable by John 1.7.8-jumbo-7.


./ < username.plist > username.hash

or for many files:

for f in *.plist; do ./ < $f; done > hashes


read(STDIN, $_, 1000000) || die;

($hash) = /bplist00\xd1\x01\x02\x5dSALTED-SHA512\x4f\x10\x44(.{68})/;
if (!$hash) {
	print "Could not find a Mac OS X 10.7 Lion salted SHA-512 hash\n";
	exit 1;

print unpack('H*', $hash), "\n";

Please test this on more plist files and report back.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.