Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <559C0A48.7040204@gmail.com>
Date: Tue, 07 Jul 2015 19:20:08 +0200
From: Marek Wrzosek <marek.wrzosek@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: RES: Break a virtual drive

Hi Alexandre,

I also don't know if I've understood completely Jon's response, but I
think it was about some BIOS locked HDD. Samsung SecretZone seems
similar to truecrypt but truecrypt was well documented and SecretZone is
Samsung's own solution. To crack password you would need the hash and
algorithm that was used to create it. Here is a problem - only Samsung
knows where this hash is stored/how to extract it and I don't know if
they will be willing to disclose this information to the public. Of
course you can try to contact Samsung's tech support for this
information. The speed of cracking would depend on what algorithm was
used to create the hash, if it was HMAC with thousands of iterations
(like in case of truecrypt), then cracking will be extremely time
consuming, other way they won't even tell you how to extract that hash.
It seems that the only way to recover passwords for disc encryption is
trying to recall what the password was/how did you created it. :(

Best Regards

W dniu 07.07.2015 o 17:22, alexandre_drake@...oo.com.br pisze:
> Thank you Jon for your response but I am afraid I didn`t have it completely understood. I have this Hiren`s Boot CD but I`m not sure how to unlock the HDD. The Hirens have many programs inside it. Which one do you use to do the job first ?
> 
> -----Mensagem original-----
> De: Jon Jaffe [mailto:joncjaffe@...il.com] 
> Enviada em: terça-feira, 7 de julho de 2015 12:02
> Para: john-users@...ts.openwall.com
> Assunto: Re: [john-users] Break a virtual drive
> 
> It's a *hirens bootCD*, free to download lol google it.  I am using *Hiren's Boot CD* to unlock it. I am able to go to Unlock and it says "done" with a
> 0000 code for both user *password* or master *password*. .... BIOS in which I got a hash which I *used to reset* an *HDD* just two weeks ago.
> 
> 
> https://www.youtube.com/watch?v=R1hfKeEvsn4
> 
> On Tue, Jul 7, 2015 at 8:46 AM, Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> 
>> On Tue, Jul 7, 2015 at 12:33 PM,  <alexandre_drake@...oo.com.br> wrote:
>>>
>>> I lost the password of the Secret Zone in my external Samsung HD.
>>
>> Samsung SecretZone is not supported by JtR, currently.
>>
>>> Well, I know my password has no more than 7 or 8 digits but I am not
>> familiar with the technics of breaking passwords. I thought to use a 
>> "brute force" software but have read that would need a dump archive 
>> and have no idea how to extract it from the HD software.
>>
>> SecretZone seems like GUI program, so maybe a small AutoIt script (to 
>> do the brute-forcing against the SecretZone GUI program) would do the 
>> job?
>>
>> Dhiru
>>
> 

-- 
Marek Wrzosek
marek.wrzosek@...il.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.