Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Dec 2012 09:20:09 +0530
From: Dhiru Kholia <>
Subject: Re: pwsafe2john - How to use this program, preferably
 in Windows or in Linux if Windows is a no-go?

On Saturday 29 December 2012 06:31 AM, John Hall wrote:
> 1. I tried the following under Ubuntu (running in a VM on Win 7):
> git clone git://

You should be using
> gcc pwsafe2john.c -o pwsafe2john  # from src/ folder
> That complained that there was an undefined reference to 'main'
> So I changed the pwsafe2john name in the pwsafe2john.c file to main
> Then recompiled with no errors (not sure this was the right 'fix')
Just building john itself is enough to build "pwsafe2john" program which 
gets put in "run" sub-folder.

> Then ran
>     ./pwsafe2john pwsafe.psafe3 > pwsafedump
> That complained "Couldn't find PWS3 magic string. Is this a Password Safe file?"
> Well it is a Password Safe file, but from a Windows environment, not sure if that matters.
> Using UltraEdit on the pwsafe.psafe3 file, it shows the first 4 characters as PWS3. So I think the file is the correct one.

This one is a puzzling. I just tested pwsafe2john with samples 
downloaded from and it 
works fine. The samples were mostly generated on M$ Windows.

Can you try running pwsafe2john on files inside 

> So I am a bit of a fish out of water on this program.
> Any suggestions on how to successfully extract the hash from the pwsafe.psafe3 file so I can feed it to JTR to try to crack?

No worries. After some debugging and patching it will work :-)

- Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.