Date: Sun, 24 May 2015 23:09:54 +0300 From: Aleksey Cherepanov <lyosha@...nwall.com> To: john-users@...ts.openwall.com Subject: team john-users write-up for PHDays Hash Runner 2015 contest Team john-users participated in PHDays Hash Runner 2015 contest. We've got the second place quite close to the first. We even led during a short period of time in the middle of the contest. Team Cracked percent of total points hashcat 28.19% john-users 27.69% InsidePro 24.40% CynoSure_Prime 21.22% ktxrunner 1.09% A pretty graph: https://hashrunner.phdays.com/scoreboard_graph/ Software used: John the Ripper bleeding-jumbo (with various patches), custom scripts to handle hashes during the contest, wikigen to scrap Wikipedia pages (used by csec only)  https://github.com/magnumripper/JohnTheRipper/  https://github.com/zombiesam/wikigen Hardware: ~100 CPU cores, ~10 GPUs, 1 Xeon Phi, 2 FPGAs used on average during the 72-hour period. We did not load our hardware most of the time so it is an inaccurate estimation of average usage of hardware. Members: Agnieszka Bielec aka Eternal Aleksey Cherepanov Bill E. Ghote ch3root csec Dhiru Kholia elijah[w&p] Frank hydrajump jvoisin kai Katja Malvoni lei magnum math07 Matt Weir metiger Nugget Sayantan Datta sftp Solar Designer trebla ukasz We had 23 members (including 10 new members). But only some of them were able to dedicate 3 full days to the contest, so 8 most active members brought 95% of our cracks. The contest was a lot of fun (and a lot of coding this time). We tried some recently added code, found some bugs and even published new code during the contest and right after the contest. So the contest improved our main tool - John the Ripper. Below, there is a short write up of our adventures during 3 crazy days of the contest. Before the contest we already had POMELO format implemented by Eternal as part of Google Summer of Code 2015 that Openwall participates in. Also Eternal implemented another PHC Finalist: Parallel. So we had regular and OpenCL versions, but we did not meet Parallel hashes during the contest. I implemented --show=types option before the contest to handle hashes this time. Also it is useful for Johnny the GUI for John the Ripper. I made an awful start: I picked 3.txt and extracted LMs and raw-md5 hashes for the team. I made a lot of mistakes: wrong regexps, not all LMs were extracted, 3.txt contained other types of hashes too... Such poor start forced Solar Designer to take the coordination. We were not able to setup our upload script for quite long. Though at the end, we had automatic uploads, thanks to ch3root! The team worked hard. There were a lot of active members and they helped each other so cracking went well. Passwords with unicode chars and even control chars (like escape char in one LM) were found. Dolphins turned out to be easy and we cracked all of them. We got bonus hashes for 2, 3, 6, 7, 8 and 9 tasks. GOST 2012 and lineage hashes were very fast and had high prices so we attacked them quite much. We used the two FPGAs on bcrypt only, and ended up wasting them since we never figured out what SHA family function or the like and with what encoding and possibly an HMAC key the contest organizers might have been supplying as input to bcrypt. We tested many possibilities with lists of common passwords and with lists of previously cracked passwords (from other hash types in the contest), but with no luck. This distracted two of our team members from other participation in the contest quite a bit. 3 days of the contest allowed us to work on the coding challenges quite comfortably: - pomelo: turned out to hash pointers. Eternal investigated it. We reported that to orgs and did not try to crack them. - pufferfish: turned out to be hashes of empty password. Eternal, Dhiru Kholia and then I checked them and reported to orgs. Orgs fixed that and we cracked 1 hash. - GOST-34.11-2012 (stribog): it was implemented by Dhiru Kholia early in the contest. - lotus8.1 and pbkdf2-hmac-md5 were implemented by Dhiru Kholia during the contest and pushed into bleeding-jumbo branch on github. - dolphin/scrypt: 15 hashes (of 226) were rejected by john, ch3root fixed that patching john. - lineage: it is a plain sha512crypt with salts generated from passwords (using custom la_encrypt()), so they are not really salted and full computation is not needed to reject most of wrong candidates, I implemented a format for john. - wonderful: Dhiru Kholia implemented a format for john for these tricky hashes with a lot of types including md5($p,$s), md5($s,$p), md5(md5($p),$s) and a lot of other combinations involving 4 hashing algorithms. Some types involved custom code in php. The code contained a mistake: hashes of the type with DO_XOR flag and not with HMAC flag accept any password and any salt. Only one conclusion may be made: don't use your own custom hashing algorithm in php, such hashes may be very weak! You may use phpass hashing library. - hashcoin: there are hashes with passwords like p1 for hash1, p1p2 for hash2, p1p2p3 for hash3 (where p1, p2, p3 were chosen randomly from a set of ~1G elements), such chaining mimics block chains in crypto coins. I implemented a "miner" in C and we got 1400+ hashcoins at speed ~3 hashes / minute. While I made the miner quite early (more than 24 hours before the end), I failed to run it long enough because I intended to optimize it to crack all hashcoins. Just running it all the time would be enough for the first place with a decent gap, so I think it is my personal fault that we are only the second. Thanks to organizers for such great contest! Thanks to other teams for the tough competition! Thanks to all john-users members for participation! -- Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.