Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 Jan 2019 17:52:24 +0100
From: Jirka Vejrazka <>
To: Morgan Woodward <>
Subject: Re: DMG file password cracking

The data in the resulting file.txt would be just a tiny chunk of information related to the original password and some metadata - there is no way to get any relevant information about contents of your documents etc. stored in the encrypted container.



  Original Message  
From: Morgan Woodward
Sent: Tuesday, 29 January 2019 17:46
Reply To:
Subject: Re: [john-users] DMG file password cracking

Sorry that was really unclear on my part. I was asking if by converting the
file to .txt and receiving help meant that anyone in the community would
have access to the file, or would it stay on my computer to be cracked.
Data contained in the file is legally sensitive information, and I don't
want anyone to have access to the actual content. So you answered my

On Tue, Jan 29, 2019 at 9:53 AM Solar Designer <> wrote:

> On Mon, Jan 28, 2019 at 05:53:35PM -0600, Morgan Woodward wrote:
> > Does this give you access to the actual files?
> Who do you refer to by "you"?
> I did not suggest that you'd share any files with anyone. I merely
> suggested that you try and get things working in this basic way, and
> then return to this community with more information on what your
> password may or may not be, to receive further guidance.
> That said, you could also choose to share your "file.txt" with the
> community, which might reveal your filesystem properties but not actual
> contents of your encrypted files.
> If you were referring to yourself, then the way you get access to the
> actual files is through having cracked the password first. You'd use
> this password in the usual way to access the files on your Mac. JtR
> won't directly let you access the files - it will merely give you the
> password (if the attack is successful).
> > On Wed, Jan 9, 2019 at 3:36 PM Solar Designer <>
> wrote:
> > > You can try one of the community-contributed builds of JtR for macOS:
> > >
> > >
> > >
> > > On newer hardware, use the "avx2" version. If it tells you "Sorry,
> AVX2
> > > is required for this build", then use the "sse4" version found nearby.
> > >
> > > You'll need to first use the dmg2john program on your .dmg file,
> > > redirecting this program's output to a text file, like this in a
> > > Terminal after cd'ing to the "run" directory:
> > >
> > > ./dmg2john /path/to/file.dmg > file.txt
> > >
> > > Then use JtR itself on the resulting file, like this:
> > >
> > > ./john file.txt
> > >
> > > Once you confirm you got this working, the community in here will help
> > > you focus the attack based on whatever you recall about the password.
> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.