Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <1316435626.60243.YahooMailNeo@web120711.mail.ne1.yahoo.com>
Date: Mon, 19 Sep 2011 05:33:46 -0700 (PDT)
From: firstname lastname <psykosonik_frequenz@...oo.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Steganography Passphrase Cracking

Yes, it does give a Failure Keyword when we enter the wrong passphrase. Below is the output when I enter the wrong password:

**************************************************************************************

Steganography\MP3Stego>Decode.exe -X sample.mp3
MP3StegoEncoder 1.1.17
See README file for copyright info
Input file = 'sample.mp3'  output file = 'sample.mp3.pcm'
Will attempt to extract hidden information. Output: sample.mp3.txt
Enter a passphrase:
Confirm your passphrase:
the bit stream file sample.mp3 is a BINARY file
HDR: s=FFF, id=1, l=3, ep=on, br=9, sf=0, pd=0, pr=1, m=1, js=2, c=1, o=1, e=0
alg.=MPEG-1, layer=III, tot bitrate=128, sfrq=44.1
mode=j-stereo, sblim=32, jsbd=8, ch=2
[Frame 3832]using bit allocation table alloc_2
[Frame 3833]js_bound bad layer/modext (4/2)
**************************************************************************************

js_bound bad layer/modext is the keyword which tells us that we entered a wrong passphrase. However, it does generate an output file, "sample.mp3.pcm" even though we enter a wrong password.

Regards,
NeonFlash




----- Original Message -----
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Cc: 
Sent: Monday, September 19, 2011 1:28 PM
Subject: Re: [john-users] Steganography Passphrase Cracking

On 2011-09-19 09:01, firstname lastname wrote:
...
> For instance, MP3Stego tool by Fabien Petitcolas can be used to hide
> text files inside an MP3 file. You can protect your hidden data using
> a passphrase.
>
> While decoding, we need to supply the passphrase to extract the
> hidden data from the mp3:
>
> decode.exe -X -P<pass>  sample.mp3
>
> I did some research on how to extract the hash from this mp3 file and
> didn't make much progress. It uses 3DES to encrypt the hidden data
> and SHA-1 to generate pseudo random bits.

What happens if you supply the wrong password to decode.exe? Does it 
recognise it was wrong, or does it extract garbage data? If it's the 
latter, we may have no way to detect a correct guess unless there's 
known plaintext (eg. file magic) in the hidden data.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.