Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 17 Sep 2020 09:23:04 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking encrypted zip file

On 2020-09-16 14:53, Jasper Jones wrote:
> Just a brief update on this: I've started it running in Prince mode with a
> reasonable word list, and it looks like I have (up to) about three days to
> wait for an outcome.

Here are some further tuning hints:  Prince mode defaults to generate 
candidates from length 1 to 16 characters, using 1 to 8 elements of the 
wordlist. If you know the correct password is definitely within a 
certain other length span, stating it with eg. "--min-len=8 
--max-len=12" options can be rewarding.

Also, there's --prince-elem-cnt-min and --prince-elem-cnt-max. Let's say 
you know there will be at least 5 elements (components) in the correct 
password but no more than 6, --prince-elem-cnt-min=5 
--prince-elem-cnt-max=6 will stop PRINCE mode from producing long 
candidates from *only* digits and punctuation, for example.

So a candidate list of:
1
2
3
sierra
hotel

...and options "--min-len=8 --max-len=12 --prince-elem-cnt-min=5 
--prince-elem-cnt-max=6", will produce candidates such as:
hotel1233    (length 9, 5 elements)
123sierra32  (length 11, 6 elements)

...but not
sierra2hotel   (too few elements)
sierra123hotel (too long word)

Carefully picking these options can *greatly* reduce the produced 
keyspace - just don't limit it too much, you might miss the correct 
combination!

magnum


> I also did some more reading about how AES-256 is implemented. Please
> ignore my comment above about the reference to SHA-1. As I now understand
> it, this relates to how the AES-256 key is generated from the password (and
> salt) before being used to encrypt the data.
> 
> Thanks again.
> 
> Jasper
> 
> On Wed, 16 Sep 2020 at 06:57, Jasper Jones <jazjones9292@...il.com> wrote:
> 
>>> I'm going to run a test to see if it finds a known password.
>>
>> Okay, so that works, which means I can now work on getting together the
>> right combination of words to have a stab at the real thing. I have a nasty
>> suspicion that I may be back looking for help with mask mode at some point,
>> but thanks so much for your help magnum, I appreciate it.
>>
>> Jasper
>>
>> On Wed, 16 Sep 2020 at 06:47, Jasper Jones <jazjones9292@...il.com> wrote:
>>
>>> I just tried running it on a short list of the most likely words to see
>>> if anything jumps out. Ran for ~5 mins and just got "session completed" at
>>> the end, which I assume means nothing was found.
>>>
>>> I got the following message when I started it:
>>> "Warning: detected hash type "ZIP", but the string is also recognised as
>>> "ZIP-opencl"
>>> Use the "--form=ZIP-opencl" option to force loading these as that type
>>> instead"
>>>
>>> Any issue with that?
>>>
>>> Then:
>>> "Using default input encoding: UTF8
>>> Loaded 1 password hash (ZIP, WinZip, [PKDF2-SHA1 128/128 AVX 4x1)"
>>>
>>> Does that look right? The reference to PKDF2-SHA1 instead of AES concerns
>>> me, but I appreciate that could just be my ignorance showing.
>>>
>>> I'm going to run a test to see if it finds a known password.
>>>
>>> Thanks again
>>> Jasper
>>>
>>> On Wed, 16 Sep 2020 at 06:26, Jasper Jones <jazjones9292@...il.com>
>>> wrote:
>>>
>>>> Thanks very much magnum. I was pretty stressed while doing this last
>>>> night and missed out the '>'before the file name when using zip2john. I now
>>>> have a txt file with what looks like a hash.
>>>>
>>>> That said, I'm still getting an error as well: "ver 5.1
>>>> wallet.zip/wallet.dat is not encrypted, or stored with non-handled
>>>> compression type".
>>>>
>>>>> It sounds like you got a proper hash (you need to redirect that screen
>>>> output to a file) and the warning you got later is probably from some
>>>>> other (not encrypted) file in the archive. Perhaps you accidentally
>>>> added a non-encrypted version to the archive? Try extracting it...
>>>>
>>>> There's definitely only a single file - wallet.dat - in the archive, so
>>>> this is a little puzzling. I'm not sure how adding a password with AES-256
>>>> encryption works - I assume encrypts just the file after compression?
>>>>
>>>>> What does "zipinfo <file>" or similar tool say? Or just "zip -l
>>>> <file>".
>>>>
>>>> I don't have zipinfo (I'm on Windows), but I could download a bootable
>>>> Linux distribution if that would help. 7zip itself gives some info about
>>>> the compressed file:
>>>>
>>>> - attributes: An
>>>> - Encrypted: +
>>>> - Method: AES-256 Deflate
>>>>
>>>> (There's some other stuff about file size, dates, etc, but  assume it's
>>>> the encryption info that's needed?)
>>>>
>>>> Many thanks
>>>> Jasper
>>>>
>>>>
>>>>
>>>> On Tue, 15 Sep 2020 at 23:10, magnum <john.magnum@...hmail.com> wrote:
>>>>
>>>>> On 2020-09-15 19:43, Jasper Jones wrote:
>>>>>> I'm reasonably certain the password contains two or three main
>>>>> components,
>>>>>> selected from a couple of words and a long number, linked with some
>>>>>> combination of punctuation.
>>>>>
>>>>> Try adding all such components, one on each line, to a short wordlist
>>>>> eg. "components.txt". Add punctuation and numbers (either simply digits
>>>>> 0 through 9 on separate lines, or/and longer numbers like 2020 if you
>>>>> know them) as well, on separate lines. Then use PRINCE mode.
>>>>>
>>>>>> The first issue is that I believe I need to use zip2john.exe to get
>>>>> the
>>>>>> hash from the zip file. It spits out a very long string of data,
>>>>> starting
>>>>>> with $zip2$, but ends with a message saying that
>>>>> "wallet.zip/wallet.dat is
>>>>>> not encrypted, or stored with a non-handled compression type".
>>>>>
>>>>> What does "zipinfo <file>" or similar tool say? Or just "zip -l <file>".
>>>>>
>>>>> It sounds like you got a proper hash (you need to redirect that screen
>>>>> output to a file) and the warning you got later is probably from some
>>>>> other (not encrypted) file in the archive. Perhaps you accidentally
>>>>> added a non-encrypted version to the archive? Try extracting it...
>>>>>
>>>>>> I wondered whether I needed to use the 7z2john.pl (a perl script?),
>>>>> given I
>>>>>> used 7-zip to generate the encrypted file?
>>>>>
>>>>> No, if it's zip format, zip2john is needed.
>>>>>
>>>>> zip2john archive.zip > hashfile.txt
>>>>> john hashfile.txt --prince=components.txt
>>>>>
>>>>> magnum
>>>>>
>>>>>
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.