Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 22 Jan 2018 19:45:01 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: No password hashes loaded in password file generated from DMG using dmg2john.py

On Mon, Jan 22, 2018 at 11:57:48AM -0600, Eric Kent wrote:
> I have an Apple DMG created over 5 years ago that is encrypted using either
> AES-128 or AES-256 for which I have forgotten the password.  I have a
> limited character list of possible characters included that may be included
> in the password (twelve possible letters in lowercase or capital form, 2
> numbers, 2 symbols) and the password is complex in that it may include
> lowercase letters, capital letters, numbers, or symbols, but it is simple
> in length.
> 
> I ran dmg2johh.py to generate a password file (dmg2john.c will not compile)

In what way did dmg2john.c not compile?  Can you show how you tried to
compile it, and what error messages you received?  It's normally
compiled along with the rest of JtR jumbo.

You may also download JtR jumbo pre-built for OS X / macOS:

http://download.openwall.net/pub/projects/john/contrib/macosx/

> and then executed John on this password file, receiving a "No password
> bases loaded" response.  I created a new DMG with a known password and
> repeated the above process, and John immediately found the password. I also
> repeated the above process on a preexisting DMG from several years ago and
> it succeeded as well.  Only the DMG in question that I need to open gives
> the "No password bases loaded" response.
> 
> Interestingly, the password files of the new DMG created as a test case and
> the subject DMG that I am trying to open are not similar whatsoever in
> format or length.

That's weird.  What does the non-loadable output of dmg2john look like,
roughly?  In what way is it dissimilar?

> Would this be indicative of an an idiot user, an incompatible encryption
> format, a corrupted DMG, or some larger system or John issue?

I can't tell what the issue is from just the information you provided so
far.  One obvious issue, however, is:

> John the Ripper 1.7.3.1 *Pro* for Mac OS X
> Mac OS X version 10.12.6

JtR Pro does not support cracking of DMG file passwords at all.  You
must have been using jumbo where things worked for you before, and you
need to continue using jumbo for your "subject DMG".  What version of
jumbo was that?  Either way, I suggest that you try either latest
bleeding-jumbo off GitHub (you'd need to build it from source) or the
binary builds downloadable from the URL above (they're older, but are
capable enough for your needs).

I hope this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.