Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Jun 2017 21:03:16 +0200
From: Solar Designer <>
Subject: Re: Any differences between versions and Github: dmg2john?

On Thu, Jun 22, 2017 at 08:01:27AM -0700, B B wrote:
> So it occurs to me after getting my hash using the jumbo version on <>

"the jumbo version on" doesn't mean anything specific to
me.  What jumbo version are you referring to?

> to get my dmg hash that the hash may be invalid with the latest changes to the format in Mac OS X Sierra.

I think not.  I've just checked, and there haven't been significant
changes to dmg2john.c since 2014 (which is when 1.8.0-jumbo-1, which you
might have used, was released).

> My question is: Is the version on the website updated for the Sierra dmg format?

I think it doesn't need to be, or if it does then the latest hasn't been
updated either.

> I extracted the hash  using dmg2john, not (py).

That's good, because a crucial fix was in fact made to not
so long ago:

| commit ab21a7440d072b3bc4b5e3264b2607a781f7bd01
| Author: Dhiru Kholia <>
| Date:   Tue Mar 14 11:36:32 2017 +0530
| handle encrypted_blob_size with value 64 properly

dmg2john.c didn't suffer from this issue.

> In order for me to test for my query I would have to install the Github version to diff the first hash with the Github produced one, but would prefer to ask here as I have moved the operation to another computer.

I simply reviewed the dmg2john.c revision history.  Of course, changes
in the rest of JtR could affect this program's behavior as well, but I
think in this case such review is sufficient.

Regardless, ideally you'd generate a test .dmg file on Sierra and make
sure you're able to crack its known password.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.