Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Sep 2011 08:16:39 -0700
From: "Link, Peter R." <>
To: "" <>
Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512)

One thing I forgot to mention. The original plist file was created under 10.7.2 11C57 while the one with the new password was created under 10.7.2 11C62.

It tool 17min 50 sec to crack the new password on a 2.4GHz MacBook Pro (circa 2007). I created the password file by hand.

I used your Perl script this morning on my original test user plist and it worked fine. I then changed the password of the user to something simple to make sure john could fine it. When running the script again, it came up with the error message, "Could not find a Mac OS X 10.7 Lion salted SHA-512 hash." I only changed the password to <tomorrow> from <Ydo!Ucar3>. I ran this on two different computers and it does the same thing. I'm attaching both plists for your review.

robert1new.plist is the one that doesn't work.

On Sep 22, 2011, at 8:33 PM, Solar Designer wrote:

Rich, Jean-Michel, all -

Here's a trivial Perl script I just hacked together to process Lion's
plist files (such as /var/db/dslocal/nodes/Default/users/username.plist)
and print the hashes in a format directly usable by John 1.7.8-jumbo-7.


./ < username.plist > username.hash

or for many files:

for f in *.plist; do ./ < $f; done > hashes


read(STDIN, $_, 1000000) || die;

($hash) = /bplist00\xd1\x01\x02\x5dSALTED-SHA512\x4f\x10\x44(.{68})/;
if (!$hash) {
print "Could not find a Mac OS X 10.7 Lion salted SHA-512 hash\n";
exit 1;

print unpack('H*', $hash), "\n";

Please test this on more plist files and report back.



Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550<>

The contents of this message are mine personally and do not reflect the views or position of the U.S. Department of Energy, Federal Government, National Nuclear Security Administration, Lawrence Livermore National Security, or Lawrence Livermore National Laboratory.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.