Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <77db5c17115a885137812bb4b5651025@smtp.hushmail.com>
Date: Mon, 27 Aug 2018 08:40:53 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Filevault2 volume without password

On 2018-08-26 19:43, CRO wrote:
> You can also run dmg2john et. al. directly against the image
>> file or partition. In this case you already have an image file so you 
>> should just run something like:
>>
>> $ cd path/to/john/run
>> $ ./dmg2john /path/to/your/image.file > image_hash
>> $ ./john -format:dmg-opencl image_hash (...)
> 
> I have not a .dmg image. I have a raw image:
> 
> # mmls image.raw
> GUID Partition Table (EFI)
> Offset Sector: 0
> Units are in 512-byte sectors
> 
>        Slot      Start        End          Length       Description
> 000:  Meta      0000000000   0000000000   0000000001   Safety Table
> 001:  -------   0000000000   0000000039   0000000040   Unallocated
> 002:  Meta      0000000001   0000000001   0000000001   GPT Header
> 003:  Meta      0000000002   0000000033   0000000032   Partition Table
> 004:  000       0000000040   0000409639   0000409600   EFI System Partition
> 005:  001       0000409640   0488965175   0488555536   No title
> 006:  002       0488965176   0490234711   0001269536   Recovery HD
> 007:  -------   0490234712   0490234751   0000000040   Unallocated
> 
> dmg2john works with .dmg files


Perhaps we should add an offset option to dmg2john. I would try 
something like:

$ dd if=image.raw of=partition.dd bs=512 skip=409640 count=10
$ dmg2john partition.dd > hash

Admittedly I'm on thin ice here and also I'm not sure how much is needed 
for count. Hopefully Dhiru or someone can fill in the blanks.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.