s109 drops 500 in report

[torabi12]

Describe the bug I did a short scan and "Cracking identified password hashes" menu dropped 500 in the browser. The s109_jtr_local_pw_cracking.html exists in the file system and contains the good password. Only the page is not displayed.

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation (default mode)
2. Start EMBArk: sudo ./run-server.sh
3. Use the firmware available here: kkeps.bin
4. Open Cracking identified password hashes menu in detailed view.
5. See error

Expected behavior Display page for s109.

Screenshots

Desktop (please complete the following information):

• OS: Ubuntu Server 22.04.3

Additional context s109_jtr_local_pw_cracking.txt

[BenediktMKuehne]

I would guess it's a non utf8 conform byte that causes the issue.

Can you:

1. Supply me with the actual html-report folder (alternatively, just the html file that's not working)
2. Check for log errors for a Unicodedecode error

[torabi12]

html-report.zip emba_run.log

There are more log files, I don't know which one should I check. :(

Lines in emba_run.log with (Bad file descriptor) are very strange because of the huge repetitions. But it is not connecting to http 500 I believe.

[BenediktMKuehne]

Sorry, /var/www/embark/embark.log

[torabi12]

embark.log

Yes, UnicodeDecodeError exists more times in the file:(

[BenediktMKuehne]

Will try to solve this in EMBA directly

[BenediktMKuehne]

@torabi12 could you provide me with the firmware for testing?

[torabi12]

Please download it from here:

https://drive.google.com/file/d/1jXqPpg_z8ghZG0XPxtx-qtl2Mx_N2FL1/view?usp=sharing

I used Top109Million-probable-v2.txt as jtr_wordlist.txt from here:

https://github.com/berzerk0/Probable-Wordlists/tree/master/Real-Passwords

and I added manually the good password at the end of the file.

This is the password file:

https://drive.google.com/file/d/11q3ARlr9fL4Fh_hqrUFXTfG-xbOw_6oD/view?usp=sharing

You should add the "p9z34c" value at the end and emba will find it, if you would like to reproduce the whole test from my side.

[torabi12]

It can happen that I used a not supported password file and that caused this issue. I am going to try the same test with a basic password list and let you know the outcome soon.

[torabi12]

Hmm, I used rockyou.txt with adding the good password to the last line and the s109 cracked it and the page is available:

Looks like I used a not supported password list. :( I just wanted to have a huge dictionary for better coverage. My last question would be if you could suggest any good and large list it would be great but I will also look for an acceptable one.

[torabi12]

I tried today and the page is available:

Thank you!

[m-1-k-3]

@BenediktMKuehne good work

[BenediktMKuehne]

The changes affect only s109 and s99 (jtr and grepit modules)