Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 5 Nov 2019 07:27:56 +0000 (UTC)
From: john difool <jdifool2005@...oo.fr>
To: john-users@...ts.openwall.com
Subject: Re: Help needed with with --bilocker: No passwors hash
 loaded Error

 I didn't copy the whole output or maybe you're right. Anyway here is the full output of the binary I compiled:
# ./john-1.9.0-jumbo-1/run/john --list=formats
descrypt, bsdicrypt, md5crypt, md5crypt-long, bcrypt, scrypt, LM, AFS, 
tripcode, AndroidBackup, adxcrypt, agilekeychain, aix-ssha1, aix-ssha256, 
aix-ssha512, andOTP, ansible, argon2, as400-des, as400-ssha1, asa-md5, 
AxCrypt, AzureAD, BestCrypt, bfegg, Bitcoin, BitLocker, bitshares, Bitwarden, 
BKS, Blackberry-ES10, WoWSRP, Blockchain, chap, Clipperz, cloudkeychain, 
dynamic_n, cq, CRC32, sha1crypt, sha256crypt, sha512crypt, Citrix_NS10, 
dahua, diskcryptor, Django, django-scrypt, dmd5, dmg, dominosec, dominosec8, 
DPAPImk, dragonfly3-32, dragonfly3-64, dragonfly4-32, dragonfly4-64, Drupal7, 
eCryptfs, eigrp, EncFS, enpass, EPI, EPiServer, ethereum, fde, Fortigate256, 
Fortigate, FormSpring, FVDE, geli, gost, gpg, HAVAL-128-4, HAVAL-256-3, hdaa, 
hMailServer, hsrp, IKE, ipb2, itunes-backup, iwork, KeePass, keychain, 
keyring, keystore, known_hosts, krb4, krb5, krb5asrep, krb5pa-sha1, krb5tgs, 
krb5-17, krb5-18, krb5-3, kwallet, lp, lpcli, leet, lotus5, lotus85, LUKS, 
MD2, mdc2, MediaWiki, monero, money, MongoDB, scram, Mozilla, mscash, 
mscash2, MSCHAPv2, mschapv2-naive, krb5pa-md5, mssql, mssql05, mssql12, 
multibit, mysqlna, mysql-sha1, mysql, net-ah, nethalflm, netlm, netlmv2, 
net-md5, netntlmv2, netntlm, netntlm-naive, net-sha1, nk, notes, md5ns, 
nsec3, NT, o10glogon, o3logon, o5logon, ODF, Office, oldoffice, 
OpenBSD-SoftRAID, openssl-enc, oracle, oracle11, Oracle12C, osc, ospf, 
Padlock, Palshop, Panama, PBKDF2-HMAC-MD4, PBKDF2-HMAC-MD5, PBKDF2-HMAC-SHA1, 
PBKDF2-HMAC-SHA256, PBKDF2-HMAC-SHA512, PDF, PEM, pfx, pgpdisk, pgpsda, 
pgpwde, phpass, PHPS, PHPS2, pix-md5, po, postgres, PST, PuTTY, pwsafe, qnx, 
RACF, RACF-KDFAES, radius, RAdmin, RAKP, rar, RAR5, Raw-SHA512, Raw-Blake2, 
Raw-Keccak, Raw-Keccak-256, Raw-MD4, Raw-MD5, Raw-MD5u, Raw-SHA1, 
Raw-SHA1-AxCrypt, Raw-SHA1-Linkedin, Raw-SHA224, Raw-SHA256, Raw-SHA3, 
Raw-SHA384, ripemd-128, ripemd-160, rsvp, Siemens-S7, Salted-SHA1, SSHA512, 
sapb, sapg, saph, sappse, securezip, 7z, Signal, SIP, skein-256, skein-512, 
skey, SL3, Snefru-128, Snefru-256, LastPass, SNMP, solarwinds, SSH, sspr, 
Stribog-256, Stribog-512, STRIP, SunMD5, SybaseASE, Sybase-PROP, tacacs-plus, 
tcp-md5, telegram, tezos, Tiger, tc_aes_xts, tc_ripemd160, tc_ripemd160boot, 
tc_sha512, tc_whirlpool, vdi, OpenVMS, vmx, VNC, vtp, wbb3, whirlpool, 
whirlpool0, whirlpool1, wpapsk, wpapsk-pmk, xmpp-scram, xsha, xsha512, ZIP, 
ZipMonster, plaintext, has-160, HMAC-MD5, HMAC-SHA1, HMAC-SHA224, 
HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, sha1crypt-opencl, KeePass-opencl, 
oldoffice-opencl, PBKDF2-HMAC-MD4-opencl, PBKDF2-HMAC-MD5-opencl, 
PBKDF2-HMAC-SHA1-opencl, rar-opencl, RAR5-opencl, TrueCrypt-opencl, 
lotus5-opencl, AndroidBackup-opencl, agilekeychain-opencl, ansible-opencl, 
axcrypt-opencl, axcrypt2-opencl, bcrypt-opencl, BitLocker-opencl, 
bitwarden-opencl, blockchain-opencl, cloudkeychain-opencl, md5crypt-opencl, 
sha256crypt-opencl, sha512crypt-opencl, descrypt-opencl, diskcryptor-opencl, 
diskcryptor-aes-opencl, dmg-opencl, EncFS-opencl, enpass-opencl, 
ethereum-opencl, ethereum-presale-opencl, FVDE-opencl, geli-opencl, 
gpg-opencl, iwork-opencl, keychain-opencl, keyring-opencl, keystore-opencl, 
krb5pa-md5-opencl, krb5pa-sha1-opencl, krb5asrep-aes-opencl, lp-opencl, 
lpcli-opencl, LM-opencl, mscash-opencl, mscash2-opencl, mysql-sha1-opencl, 
notes-opencl, NT-opencl, ntlmv2-opencl, o5logon-opencl, ODF-opencl, 
office-opencl, OpenBSD-SoftRAID-opencl, PBKDF2-HMAC-SHA256-opencl, 
PBKDF2-HMAC-SHA512-opencl, pfx-opencl, pgpdisk-opencl, pgpsda-opencl, 
pgpwde-opencl, PHPass-opencl, pwsafe-opencl, RAKP-opencl, raw-MD4-opencl, 
raw-MD5-opencl, raw-SHA1-opencl, raw-SHA256-opencl, raw-SHA512-free-opencl, 
raw-SHA512-opencl, salted-SHA1-opencl, sappse-opencl, 7z-opencl, SL3-opencl, 
solarwinds-opencl, ssh-opencl, sspr-opencl, strip-opencl, telegram-opencl, 
tezos-opencl, vmx-opencl, wpapsk-opencl, wpapsk-pmk-opencl, 
XSHA512-free-opencl, XSHA512-opencl, ZIP-opencl, dummy, crypt

I see a lot of opencl but is that correct for bitlocker?
Anyway:
./john-1.9.0-jumbo-1/run/john --format=bitlocker --wordlist=dictionnary.txt target_hashUsing default input encoding: UTF-8
No password hashes loaded (see FAQ)
Thx
John

    Le lundi 4 novembre 2019 à 15:50:44 UTC+1, Solar Designer <solar@...nwall.com> a écrit :  
 
 On Mon, Nov 04, 2019 at 09:29:16AM +0000, john difool wrote:
> I'm trying to use JtR to uncrypt a bitlocker-ed image disk on Linux (Debian distribution)
> 
> I've downloaded and compiled last version. Here are some of the output with opencl info

Great.

> in bold characters

You can't really have those on a text only mailing list (no HTML).

> OpenCL support ............................. yes

So yes, you successfully configured for OpenCL, and the build is
supposed to have that or else it wouldn't complete, which I assume it
did (since you quoted a gcc invocation late in the build).

> > john --list=formats

However, you don't have any -opencl formats in the output of this
command.  My guess is you ended up running a "john" binary other than
what you built.  Maybe your system has one installed globally.

To use your local build, you probably need something like:

cd ../run
./john --list=formats

Note the leading "./", which requests running the program from the
current directory.

> I've created a dictionary and generated hashes using John2bitlocker but whatever the hash file I use I get an error "No passwors hash loaded". Why is that?
> 
> > bitlocker2john  -i disk.img
> 
> > cat target_hash
> $bitlocker$3$16$3adb3d7f8dfbe03dc3f4cef931aad1e9$1048576$12$e04a4339a66cd50162000000$60$1e93c2f48241aa8af137dee6e6aa3ad5584febef62857e0462a674cbe8b21268b1dc7633b302fcc5a268cdd52d44adb5b55cb3e1c082c79d724bc903
> 
> > john --format=bitlocker --wordlist=dictionnary.txt target_hash
> 
> Using default input encoding: UTF-8
> No password hashes loaded (see FAQ)

Some of the subtypes of Bitlocker (non-)hashes are only supported by our
OpenCL format (thus, bitlocker-opencl), not the CPU format (bitlocker).

So you actually need an OpenCL-enabled build, and I suggest that you
omit the "--format" option in order to let JtR autodetect whatever
format will accept the hash without you limiting its possible choices.

The command may be like:

./john target_hash

You'll add more options after you get this basic invocation working.

I hope this helps.

Alexander
  

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.