Date: Wed, 1 Apr 2020 15:38:40 +0200 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: Some 7Zip hashes can't be cracked? On 2020-03-24 20:20, magnum wrote: > On 2020-03-17 19:13, magnum wrote: >> On 2020-03-17 08:25, Jonathan A wrote: >>> I have a sample of an encrypted 7Zip file (I know the password). When >>> I use >>> 7z2john.pl on it, I get *a long hash (492 kb)*. Then when I try using >>> john >>> with the known password (i.e. through stdin or wordlist) - it finishes >>> unsuccessfully. >> >> So it does accept it? We hate false negatives :-( >> >>> The only difference I could see myself between the two is that 7Zip says >>> the first file is encrypted with *LZMA2:768k BCJ 7zAES*. >> >>> (I can share the first sample, but it has malware in it (I'm a malware >>> researcher), so it can't go in this email). >> >> I guess we don't support BCJ. I should be able to fix that. Please >> mail med the sample! > > This was indeed the case. This is now an issue with upstream 7z2hashcat. > It has to be fixed first, then John (and hashcat) need to be fixed as well. > > https://github.com/magnumripper/JohnTheRipper/issues/4234 This is now completely fixed in bleeding-Jumbo on GitHub. After upgrading, you also need to re-run 7z2john.pl on all files to be sure you're not bitten by the bug. Beware: I opened an issue with hashcat and also sent a PR to upstream 7z2hashcat but until they are fixed, hashcat will still give false negatives with no warning. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.