search

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.29k stars 2.1k forks source link

Make Apple Keychain format more robust #3408

Open kholia opened 6 years ago

kholia commented 6 years ago

Ideas,

We can decrypt more data to reduce false positives.

kholia commented 5 days ago

Here is a new version of keychain2john program. It (will) extract more decryptable information from Keychain files. By decrypting more (independent) data, we can easily reduce the amount of false positives.

keychain2john.py.txt

Current output:

$ python3 keychain2john.py -a ~/login.keychain-db
[DEBUG] <__main__._SSGP object at 0x7c600f7fa610> 40 b'\x8e"\x13L\xe2|{\xe5'
[DEBUG] <__main__._SSGP object at 0x7c600f7fa6d0> 8016 b'\xf4\x12\xf3\xfb\xf9\\_\xa8'
[DEBUG] <__main__._SSGP object at 0x7c600f57e910> 24 b'\x03iT\xb5+\x1bb\x06'
[DEBUG] <__main__._SSGP object at 0x7c600f57ee50> 7352 b'E\xce\xef\x1du\xa0\x9c\xbb'
[DEBUG] <__main__._SSGP object at 0x7c600f57ee90> 40 b'\x15R.\x9d`\xe1\xec\x06'
[DEBUG] <__main__._SSGP object at 0x7c600f57ebd0> 40 b'\x02?\xbd\xb8\x04kw1'
[DEBUG] <__main__._SSGP object at 0x7c600f57ffd0> 40 b'\x1a\xc4O]W@F\xf3'
[DEBUG] <__main__._SSGP object at 0x7c600f580b90> 7352 b'\xfc\xfbKN\xd0\x0c\xb9%'
[DEBUG] <__main__._SSGP object at 0x7c600f5804d0> 216 b'uDVw\x85\xa9\x87}'
[DEBUG] <__main__._SSGP object at 0x7c600f57f4d0> 7352 b'Qcf\xca\x071\xdc\xc7'
[DEBUG] <__main__._SSGP object at 0x7c600f580f50> 7352 b'"\x15\xd4M{\x08\x86^'
[DEBUG] <__main__._SSGP object at 0x7c600f581010> 40 b'\xe4\xc2\xdf2\xe1\xb4cu'
[DEBUG] <__main__._SSGP object at 0x7c600f580e50> 40 b'\x1b\xf1\x0f\x9ec{\x08-'
[DEBUG] <__main__._SSGP object at 0x7c600f581110> 40 b'.\xb3\xd3k18xp'
[DEBUG] <__main__._SSGP object at 0x7c600f581190> 320 b'!\x1ax\x1cE\xac<\x0c'
$keychainv2$*6844a5d8f0fe9fa11c6754c7b91e7d8e63ff0acb*e9e985e1a5c770a8*d18474ca2ae744ea9b500388aa6acd7313d96a1bbb171c3c008a93f9c0bdb710f2212f629c75442ea84d44bc46a72520
solardiz commented 4 days ago

It's great to see you contribute to our project again, @kholia!

You appear to be replacing this entire script with one based on a different upstream. The new script is a lot larger. I wonder if we also want to keep the old one, perhaps renamed? The old script's license is weird - it's on one hand extremely permissive, but on the other doesn't explicitly allow redistribution. The new script's license is GNU GPLv2+.

extract more decryptable information from Keychain files. By decrypting more (independent) data, we can easily reduce the amount of false positives.

Yes, but also the extracts become more security-sensitive and less suitable for sharing with a password recovery service provider, etc. I wonder if the new script strikes the best balance, or if it possibly extracts too much now?

magnumripper commented 4 days ago

Are the formats already written so that they use this extended data if available? Or is that a to-do?

kholia commented 4 days ago

@magnumripper The format (which does the extra decryption work) is yet to be written.

@solardiz Ack on the best balance part. Instead of extracting all the extra 'non-hashes', we could just extract one or two of them to reduce the number of false positives.

The new script can also generate older hashes, so keeping the older script around might not make much sense.

I was never satisfied with this work before, so here is another shot at it.