Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 3 Mar 2013 14:29:33 +0900
From: Just Me <notsosimpleme@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: dmg2john used and password cracked, hdiutil fails to
 accept it

Tried vfdecrypt  on macos that calls OpenSSL API, fails on
EVP_DecryptFinal_ex compiled with added  ERR_print_errors_fp(stderr);
to show where:

/vfdecrypt -v -i test.dmg -p Passwd6 -o decrypted.dmg
v1 header detected.
EVP Decrypt final: internal error (2) during key unwrap operation!
39213:error:06065064:lib(6):func(101):reason(100):/SourceCache/OpenSSL098/OpenSSL098-47/src/crypto/evp/evp_enc.c:330:
AES Key:
00 00 00 00 a0 81 0b 6a
ff 7f 00 00 a0 81 0b 6a

SHA1 seed:
ff 7f 00 00 d0 81 0b 6a
ff 7f 00 00 18 00 00 00
00 00 00 00

25600 chunks written

This error is the same for any password given, so it seems that
password recovered with JtR is not the right one - which is very
puzzling to me

On Sun, Mar 3, 2013 at 11:45 AM, Just Me <notsosimpleme@...il.com> wrote:
> On Sun, Mar 3, 2013 at 8:41 AM, Rich Rumble <richrumble@...il.com> wrote:
>> Have you also tried the new dmg you created, to see if JtR is getting the
>> correct pass for the new one as well? Or is the pass you have cracked (the
>> forgotten one)what you expected it to be?
>> -rich
>
> Yes, for the new one JtR gets password correctly. Forgotten password
> does look like what I expected it to be. New one I tried on MacOS
> 10.8.2 and the encrypted one is from 10.X G4 cpu (of course it should
> nor matter).
> Which I could debug it further - like what hashes are being matched

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.