Date: Mon, 22 Jan 2018 19:45:01 +0100 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: No password hashes loaded in password file generated from DMG using dmg2john.py On Mon, Jan 22, 2018 at 11:57:48AM -0600, Eric Kent wrote: > I have an Apple DMG created over 5 years ago that is encrypted using either > AES-128 or AES-256 for which I have forgotten the password. I have a > limited character list of possible characters included that may be included > in the password (twelve possible letters in lowercase or capital form, 2 > numbers, 2 symbols) and the password is complex in that it may include > lowercase letters, capital letters, numbers, or symbols, but it is simple > in length. > > I ran dmg2johh.py to generate a password file (dmg2john.c will not compile) In what way did dmg2john.c not compile? Can you show how you tried to compile it, and what error messages you received? It's normally compiled along with the rest of JtR jumbo. You may also download JtR jumbo pre-built for OS X / macOS: http://download.openwall.net/pub/projects/john/contrib/macosx/ > and then executed John on this password file, receiving a "No password > bases loaded" response. I created a new DMG with a known password and > repeated the above process, and John immediately found the password. I also > repeated the above process on a preexisting DMG from several years ago and > it succeeded as well. Only the DMG in question that I need to open gives > the "No password bases loaded" response. > > Interestingly, the password files of the new DMG created as a test case and > the subject DMG that I am trying to open are not similar whatsoever in > format or length. That's weird. What does the non-loadable output of dmg2john look like, roughly? In what way is it dissimilar? > Would this be indicative of an an idiot user, an incompatible encryption > format, a corrupted DMG, or some larger system or John issue? I can't tell what the issue is from just the information you provided so far. One obvious issue, however, is: > John the Ripper 188.8.131.52 *Pro* for Mac OS X > Mac OS X version 10.12.6 JtR Pro does not support cracking of DMG file passwords at all. You must have been using jumbo where things worked for you before, and you need to continue using jumbo for your "subject DMG". What version of jumbo was that? Either way, I suggest that you try either latest bleeding-jumbo off GitHub (you'd need to build it from source) or the binary builds downloadable from the URL above (they're older, but are capable enough for your needs). I hope this helps. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.