Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 6 Aug 2012 21:25:16 -0400 (EDT)
From: "Brad Tilley" <>
Subject: Re: Aleksey's writeup for Crack Me If You Can 2012


Hey Aleksey, very nice write-up. Thanks for posting it.

> I wrote gpg wrapper too but it did not handle false positives. I did
> not finished gpg wrapper but we solved enough challenges.

I ran into the symmetric PGP file false-positives as well and found that
if you check the return code and that the output file is not zero byte,
then you won't have false-positives. Not ideal, but it works. Here's an


# A script to brute-force symmetric PGP/GPG files
# Gets about 285 words per second on my laptop
# usage: file.gpg


for word in $(wm --low --words /home/rbt/words/common.txt); do

  echo "${word}" && echo -n "${word}" | gpg -d --passphrase-fd=0 --no-tty
$file > $out;

  # if gpg returns 0 and if the output is more than 0 bytes, then stop
  if [ $? -eq 0 ]; then
    if [ -s $out ]; then
      echo "GOT IT: ${word}";
      exit 0;


exit 1;

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.