Date: Tue, 10 May 2022 21:25:17 +0300 From: Aleksey Cherepanov <lyosha@...nwall.com> To: john-users@...ts.openwall.com Subject: team john-users write-up for CracktheCon contest at CypherCon 2022 Team john-users participated in CracktheCon 2022 contest competing in the Pro category. The contest was organized by CynoSure Prime and held during CypherCon conference. Challenges were fun to crack. Puns were amusing. Also the contest was a good stress testing for john resulting in a few bug reports. Thank you, CynoSure Prime! We finished as #3. Competition was tough. Results shown by other teams are pretty impressive. Thank you, Hashmob.net users (Pro), LevenshteinAmphetamine and Rsjztz! The contest is over. But you may try the challenges yourself getting them here: https://2022.crackthecon.com/ Matt Weir participated in the Street category and prepared very good write-up explaining how to get great results using a single CPU only. https://reusablesec.blogspot.com/2022/05/password-cracking-tips-crackthecon.html Team Hashmob.net users (Pro) prepared very informative write-up covering both Pro and Street challenges. https://hashmob.net/writeups/HashMob.net%20-%20CrackTheCon%202022%20write-up.pdf With such nice write-ups available, I'll skip overlapping details. Overall we spent too much time on fast hashes and put too little effort into 'he-ran-somewhere' challenge. But in one challenge we caught opportunity other teams missed. We noticed that hashes in 'Gay Melanoma' could not be cracked with john. We had cracks from hashcat. I picked password 'misha3333333' and compared its cracked hash with true sha256 of the password: they were different! The given and the correct hashes of 'misha3333333': 043e3cde905280099cc03b19befd532ecc36560f723ce38e1781376a1da5c270 043e3cde305280099cc03b19befd532ecc36560fc23ce3821781376a1da5c270 ^ ^ ^ differ So I modified cmp_exact() function in raw-sha256 format to let john accept cracks if computed hash differs from given hash in up to 19 bytes of 32 bytes in binary value of sha256. Due to design of the challenge, we were getting cracks that could not be found with hashcat. The advantage it gave us is pretty visible on scoreboard. Actually I had to modify get_hash_*() functions too, but I did not. To experiment I wrote a simple cracker in Python. It gave some additional cracks but not enough to spend more time on the challenge. Similarly for 'number^3' challenge, huge difference in results was achieved by team Hashmob.net users (Pro). The key was iterated variations of algorithms with md5. We treated these hashes as raw-md5 only. But that's a learning point for the following lesson: "It is always a good idea to not assume a single hash algorithm is being used, even if it comes from a single data set." The quote is taken from here: https://blog.cynosureprime.com/2017/06/32hex-is-not-md5-what-are-youku-talking.html We had 4 active team members: Aleksey Cherepanov Ivan U rofl0r trebla Also we got general advice and hardware from 3 other members. Hardware resources used (maximum): - CPUs: ~122 cores / ~244 threads - GPUs: 11 - FPGAs: 8 chips / 2 ZTEX 1.15y boards Some of hardware was available to us only a fraction of time. Remote access to 8 GPUs was provided by the Openwall Project. Some of them are listed here (we did not use Xeon Phi): https://openwall.info/wiki/HPC/Village FPGAs were used for phpass hashes from 'Agent Glitch' challenge only. But it was pointless because we did not XOR the given file with the original mp3 file. All 5 of our cracks were found on CPU before turning on FPGAs. Software used: - John the Ripper bleeding-jumbo ( https://github.com/openwall/john ) - raw-sha256 format was modified during the contest (see above) - hashcat ( https://github.com/hashcat/hashcat ) - simplistic sha256-like cracker written during the contest, used by Aleksey only (see above) - auxiliary software, including custom scripts to handle cracks and submissions Thanks for reading! -- Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.