Date: Tue, 27 Feb 2018 21:48:36 +0100 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: dmg file with lost password Hi Ian, Thank you for bringing this to the list. On Mon, Feb 26, 2018 at 09:21:14AM -0500, Ian Boyd wrote: > 1. I have been using Terminal, Xcode, and Bbedit and been trying to follow the posted instructions on Openwall, the JtR community, and from here http://easymactips.blogspot.ca/2012/09/john-ripper-tutorial-examples-and.html These instructions are about building JtR from source, and they're out of date. > but the john-188.8.131.52-jumbo-macosx_v3 doesn't have the src file as it does in the instructions. This is a binary (already built) download contributed by a user (so you don't need to build it, hence the lack of src in there). This build should be readily usable, without needing Xcode. > Then I found Johnny!!! http://openwall.info/wiki/john/johnny (super awesome and makes it easier for someone like myself) So WHO EVER made Johnny??? THANK YOU! AWESOME JOB! Aleksey, Shinnok, and Mathieu made it. They'd be happy to hear you found it useful, and we should probably merge Johnny into the main jumbo tree so that more people find it and so that we keep it consistent with the rest of jumbo. > 2. Using Johnny, and trying to figure out how to crack one password for my .dmg file. This program makes it easier to work with, but are there any helpful tips on who to use to crack one file? > When I think I scan the file properly i get a "Warning: invalid UTF-8 seen reading??? and the computer stalls at 57% It's hard to help you with this without knowing exactly how you used Johnny and what else it outputs besides that warning and the 57%. As Claudio correctly pointed out, you should have started by using dmg2john. You can probably do this from Johnny itself, using the dialog shown on this screenshot: http://openwall.info/wiki/_media/john/johnny/johnnyscreen-6.png I guess you need to choose dmg in the "Choose file format" drop-down. Please confirm that you did this (or if not, do it) and please also show us the full output from JtR (copy-paste from a Johnny window). In our off-list discussion, I wrote that "In our experience with forgotten passwords to .dmg files, failure is more likely than success" and you asked "Why are dmg files usually unsuccessful to crack?" I'll answer here: Apple has made the "key derivation" step (deriving an internal encryption key from a user-entered password/passphrase) purposefully computationally expensive (slow). This is an industry standard thing to do, and Apple did it right (although in more recent years even more expensive key derivation methods have been designed). Without specialized hardware (ASICs, which some three-letter agencies probably have, but we don't), JtR is only able to test a few thousand to maybe 10 thousand candidate passwords per second per GPU, against a dmg file generated/protected on a recent version of OS X. (For ancient versions, speeds may be 100 times higher.) This means that a user might realistically test, say, a billion of candidate passwords before giving up (this might be a day on the latest high-end GPU, or a few months on a laptop/desktop CPU - but exact times may vary greatly). And that's just not enough to crack a semi-strong password/passphrase unless quite some information about what it can vs. cannot be like is known (can be recalled and input to the program). Of course, the weakest passwords (such as those within the top few million of common passwords) can be cracked anyway, but when people ask for help it's unusual for their forgotten password/phrase to be a common one (although this happens). I hope this helps. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.