Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Apr 2018 14:03:46 +0200
From: Solar Designer <>
Subject: Re: loading OS X hashes from Davegrohl

On Mon, Apr 23, 2018 at 04:09:34AM -0700, Eric Oyen wrote:
> also, the SSE2 version of john in the site you provided failed with an illegal instruction 4. so, I will try the V3 version.

If the "SSE2" version fails like that, then it's not actually SSE2 -
it's probably more like SSE4.  Your Core 2 Duo supports up through SSSE3
inclusive, but not SSE4.  These are recent user-contributed builds, so
it's likely that the contributor didn't consider recent macOS'
assumption that SSE4 has to be available for that OS anyway.

"V3" certainly won't work on your computer - it needs even newer (AVX).

I went ahead and renamed the files as follows:


based on user reports so far.  Maybe this will help reduce further
confusion, although few users appear to know what AVX and SSE4 are.

> If that fails, then I will go into the historical folder and find a version consistent with my current OS.


Please try to post fewer messages - try multiple things at a time, then
post.  We're bothering a lot of people with this discussion right now.
That's what this list is for, so the "bothering" is OK, but grouping the
information in fewer messages is preferable.

On Mon, Apr 23, 2018 at 04:53:11AM -0700, Eric Oyen wrote:
> according to the website (that incidentally references open wall as well) the dscl command as issued should dump the salt and hash in a file in that order. it also seems to get a lot of other stuff (like hint, etc).

Yes, it did dump a lot of stuff, but not what we needed.

> btw, I do know that the salt  is SHA512.

You mean the hash.  Yes, it should be, but we haven't seen it yet, nor
its corresponding salt.

> so, I am not sure what is going on. everything I try here seems to work,

None of this has dumped the hash yet, as far as I can tell.

> but the results don't conform to what john expects.

They were not supposed to be directly usable with John, except for
xpwdump's output, but that one failed for unknown reasons.  Possibly
something is corrupted on the system.

Do you have anything under /private/var/db/shadow/hash at all?  For
example, try this command:

ls -R /private/var/db/shadow/hash

On Mon, Apr 23, 2018 at 04:53:58AM -0700, Eric Oyen wrote:
> btw, did I mention that being totally blind and trying this really sucks ass!

You didn't mention how you felt about that.  Sorry to hear it's this way.

Back to one of my previous questions: why are you doing this?  Aren't
you able to access the system anyway?  What's your ultimate goal?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.