Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 May 2017 13:55:19 +0200
From: Solar Designer <solar@...nwall.com>
To: Greg Burne <gburne@....co.za>
Cc: John <john-users@...ts.openwall.com>
Subject: Re: Mac OS X sparse image

Hi Greg,

I took the liberty to set a more specific message Subject while the
message was in the moderation queue.  I hope you don't mind.

On Mon, May 08, 2017 at 09:36:21AM +0200, Greg Burne wrote:
> I need to attempt to recover a password from a macOS Sierra 10.12.4 sparse image which is mine.
> 
> Before I attempt to do this with John, I would like to know if John is able to crack passwords on a sparse image created on the above OS?

Yes, recent jumbo versions of JtR are supposed to handle sparse bundles.
You need to use the included dmg2john program like you would use it on a
dmg file.  It's important that you use the compiled (written in C)
rather than scripted (written in Python) version of dmg2john, as the
latter lacks sparse bundle support (it only supports dmg files).

> I just don't want to purchase the software if it's not going to be right for my needs.

There's no software for you to purchase.  I guess you're referring to
JtR Pro, but that's a password security auditing tool (to identify weak
passwords in large user/password databases), not an end-user password
recovery tool, so it lacks support for most things like this (including
for dmg files and sparse bundles).

What you could use is the free JtR jumbo, but at this time you'd need to
build it from source, with X Code (which you'd need to install first).
There are some older versions pre-built for Mac OS X, but I think those
are too old (so they don't include sparse bundle support yet).

If you do go for this, you'll want bleeding-jumbo from GitHub:

https://github.com/magnumripper/JohnTheRipper/archive/bleeding-jumbo.tar.gz

> Thank you in advance, any advice is welcome as I'm a completely new to all of this.

Unfortunately, this means that you're most likely out of luck.  Building
from source and then using our software from the command-line turns out
to be too difficult for most people in a situation like yours.  Maybe at
a later time we'll have newer builds of JtR jumbo and of Johnny the GUI
for Mac OS X, which would make these things easier for people not used
to building software from source and using the command line, but we
don't readily have that.  If anyone in this community wants to help make
this happen earlier, please feel free to contribute such builds.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.