gpg2john failing when file is big

[TheA1ch3m1st]

gpg2john fails when the file size is big, seems like an anti-bof measure?

[claudioandre-br]

You can make the buffer bigger and test (gpg2john.c at line 141).

You should also run it using -d or -S in order to check if everything is ok (seems to be ok, at least). Reading the comments in source code, 106M is not a valid value.

[TheA1ch3m1st]

Thanks!

[solardiz]

I think this is a case of user confusion, and no source code editing will help. As I understand, a file.zip.gpg is something encrypted with GnuPG to a certain public key, and the corresponding private key would be needed to decrypt the file. There's nothing John the Ripper could possibly do here - it is a password/passphrase cracker, not a public key cryptosystem cracker. It could be used on a passphrase-protected private key, which is what gpg2john is for, but not on a file encrypted to a public key - no password/passphrase was involved in that step, so it's not relevant to John the Ripper. So if @TheA1ch3m1st doesn't have the private key, not even an encrypted one, there's nothing for John the RIpper to do here.

[TheA1ch3m1st]

it is symmetric encryption using AES-256. GPG2JOHN extracts the hash, the same way ssh2john extracts the hash from a private key. This is just a more efficient way of bruteforcing the private key, instead of entering it via a gui or attempting to decrypt the file every time. again, this is symmetric encryption, and NOT asymmetric, hence there is no correspondence of keys.

[solardiz]

@TheA1ch3m1st Ah, OK. So did you manage to get this working by increasing the buffer size? All the way to 106M+?

[TheA1ch3m1st]

@TheA1ch3m1st Ah, OK. So did you manage to get this working by increasing the buffer size? All the way to 106M+?

I didn't need to, the wordlist I was testing anyway was no more than 12 words, so I decided to do it manually. I will test later though just to find out.

[solardiz]

I will test later though just to find out.

Please do. We'll also need to try and reproduce this issue. Re-opening.

[solardiz]

https://github.com/openwall/john-samples/tree/main/GPG only contains secret keys, not arbitrary symmetrically encrypted data. I think we need to create such samples, test with them, and add them to that repo. We do appear to have some symmetric encryption support in the code.

[TheA1ch3m1st]

well, i was able to crack multiple symmetrically encrypted files with gpg2john. I would do gpg --cipher-algo AES-128 --symmetric file.txt then run gpg2john file.txt.gpg > hash.txt and that would return a hash. then I'd do john hash.txt --format=gpg --wordlist=arbitrary/wordlist. for reference, im using parrotOS, and didn't install anything. the gpg2john binary was already there, in path, found here: /usr/sbin/gpg2john.

[TheA1ch3m1st]

oh and, I don't code in C and don't really get how to compile. I edited the code but it needed an arch.h library? i just downloaded the gpg2john.c file and attempted to compile with gcc after changing the code. i can provide the large file that gpg2john fails with.

[solardiz]

well, i was able to crack multiple symmetrically encrypted files with gpg2john.

How large were those?

for reference, im using parrotOS, and didn't install anything. the gpg2john binary was already there, in path, found here: /usr/sbin/gpg2john.

For further occasions, please mention such detail in your very first comment when opening an issue. By default, we assume that any issue is against our latest code from this repo, not against some distro package likely of an older version. (In this case, though, I think we haven't made relevant fixes to gpg2john lately, so the issue probably still applies to the latest.)

I edited the code but it needed an arch.h library? i just downloaded the gpg2john.c file and attempted to compile with gcc after changing the code.

You cannot easily compile just this one source file - you'd need to compile the entire project, using something like:

git clone https://github.com/openwall/john
cd john/src
./configure
make -sj4

i can provide the large file that gpg2john fails with.

Thank you. Let's see if we're able to reproduce this by creating a large file on our own first.

[TheA1ch3m1st]

How large were those? A few kilobytes at most. You cannot easily compile just this one source file - you'd need to compile the entire project, using something like: I'll try that. Thank you. Let's see if we're able to reproduce this by creating a large file on our own first. https://mega.nz/file/bpIBAaZY#JeVgOD02Q56MpO5U3-NxaiXISb_SiJrX2fSB4YAr2Fs here's the big file.

oop, no makefile found.

[solardiz]

Please don't edit your comments to say something very different from what they used to say.

no makefile found.

This indicates the ./configure step failed - it must have reported an error. Most likely, you don't have some prerequisite packages installed.

[TheA1ch3m1st]

I'll try again in a bit, although I still think it's better if you do that considering my very little knowledge in C.