PFX P12 will not crack password if exported from mozilla

[kabutor]

been doing some tests after updating pfx2john.py to python3 (minor changes here https://github.com/kabutor/python/blob/master/pfx2john.py) I'll found out that if you use a generated PFX/P12 PKCS12 file with a password of 12345 import into windows and export it, that works fine, but if you import into mozilla, export the certificate and dump the hash, it will not crack

The only difference I see is that the number of iterations in windows is 2000 and the iterations in the mozilla pkcs12 are 600000

this is the dumped hash (it has 12345 as password)

---

mozilla_test.p12:$pfxng$1$20$600000$16$86dc68f40ead1a20460cb545407d4f29$04820a2b3080308006092a864886f70d010701a0802480048205723082056e3082056a060b2a864886f70d010c0a0102a08204f7308204f33025060a2a864886f70d010c0103301704107dbeabbe45f86263e005120a59cecea002030927c0048204c82fef44a733b038e6fa89f970c1588055f19929a7731c3bd69a055c341bab8787352441a3fc72806125d6f750db2cd9e2aeab60171d8fc8a53fba6c4faec0fb0f20cff2337734132caf1b2e18595f0cce38d3f7691aa60fe9ae51d238bc77ae3abb0ac3c4eaded781d11025639d3f2c1e4845d7ba6ae1030d0f69dccd40aa58480afc823ccabd8e333b18aea5d1add3a434266b08291754083254c978595168a45c93d1fef0e10e6698623d29352829ba542ce973af1364b8a3047d6bf31b3aa0e297bb6a1fecf96eb02973aab90335eb29a5a2b42af27a08f658059e58ccd265f7de568a0383334acb256296d6a2f8e6a776d2d5b9a12dfb5432fca03c9a831d7fa35505bef76f4b73b01245a313f21310702599a93c8bace6599a2bb18b8717b8d32d539fa15dc43dfdb08f0e3764200bfb8c48e330554cc5b73317cd6b8cf2847a1dab826f1f89729ea921ea76e6a000dafe01923d47ff6ade036f7aa21d6169edca7860d8481b25b9f55de7ac707e6d3eecea7c7e0603aca6e1d83acc9b1b4c5bc70136814aa3a9b606c15422f1734114360ad0a51c49d3022fb3d18471afab2f19977731cd61d2ec9f01e1a3a2af92ca37de845479aaf40526a254d429ac329c0b44848464b4bd636441d385840dba47c229ca140cf9f6eecba7f43a412e939fc660a88230983df78c2f6aa6ef52e8da0089a483b243788141b5fb9021786da242be76fa9dfe288ea4fcfbccc7921d03f730d4fab58019b9c72304c426a209cf7c79b82014a330ee5b87f00d21e1a7399a06db21ca035e8e1b218cb2d9fdffa4e1d56b029064d9524f3a33d3c69ea415b2377a963d6d98e7e49e27a3ec2ba079ddb20b78515be9351b42d5d972d2bf74e02753a0c1a47f8cd5caa1a6c7db0b7767c40dd380c5e208c420211fe8b09a0e396159b9f4d3cf854bf9b7d93702b131c734255919fdcccfd2d6e760004a8c61818b10166dc1807df38d06c12b3c92891205a2801063daa47764da1708c4b965fb9d876d28d08c10975b637edfea219e2706be475d0ecc0ca3fe5b0aaf15a164e63db55df1882bfc45389350cd4cd45b54d90a9d23d415058ee90a01b8308507f39523c9c46067fb85c6fdae6de5f9d8e5659150618568824d2f75c941a217f372978f7772a0520dfecc75c6a446a394de47c6334f8758da9104bf89e5521942d3e1954d83d6cc4a7fa8cb8017a153568f67e123459a0c2c8cfbdce511e43546544a6978e3c20e43bb620e267c7cd904dab21c612b1df91c717c722e192d563402afaf686c5a486a2a14977ae3fd900bd7fe1dd0dd3073b0a3740dd2d2f7aee3c7f2f16542ba6cf751bf707e6442b556f6f9d68c2dde3182cc8db98375502877bd718bd3342fb7e0f9722c0ad20547257a5c30b0a9bd7aef4e85f23fff35e148a1a8fcda42822f04ec721a6fda38bb1ccdf94fe55177fbfc52a434672fbfad7538ff7c6d1139f4209e914280c45ffa703cb7e3fb8ae290fccf5688f9f151fcc04b93207892dcdc817ed3cd9a6800d1a3a01e84c68c78463709ea753ba3f4a6e6166eadb8e0195fe54580a005435d19694ba7137dd6285b3d118f42410f983dfd9414e9fc1150fbfd53101d3e33eb4c5cc164f138b495cf63b5dfab68cd41ba72ccd6eb82e27e2a1676737793d3a041e11fdefc2b8c6625a9b36fecf4ca9b7144c7098dd1ab0e41e45a3ea15b70f8596b288d43533f313160303906092a864886f70d010914312c1e2a0043006500720074006900660069006300610064006f00200069006d0070006f0072007400610064006f302306092a864886f70d01091531160414f193754b3a501384dd71b6b1d6f1adcd62965216000000000000308006092a864886f70d010706a0803080020100308006092a864886f70d0107013025060a2a864886f70d010c0106301704109f30ab3d17be78a7b9510d0b3a3cac2e02030927c0a0800482043826c33d6b615bbff6d3f5a153daac337ddc02beb148f74dc0d399d7cdc0d93f3bbe97ea650f6d95d6448c1200be33da14c385f962fbff2404389b259a273d4b18d3a904deee1d8ffdcac96a490d06ea799deb824d00c88ac22d4af403967cc93a5836742a6feb701294d4ce6ed5acc2f4bbc3b592620dbe976e9bd4650a52cff03bbd11eb802566f83eccbc6e3f5b14148024bc1d3bdc4e11d0daa8f6024a09be8d667f423d68ce479e0034283563a90a7dc7e8e663e4cb3a2c7588b34a0fddc8a8f83d6f3afb1f547f2e4675b23fee8bf3834ab1d42a61fb379f98d63686047b14002176b93eafe4dc196fbf283569d97af92940a600121625604157080e458148674b4310692bf589af85b822034624e57dfed0cbde29a7a68bd836142ba8bcb613a09a4cdfefd40a9892eb1724359848f32f0457ce6a370589faaf25f0c1add407bac3ef6b23d7c7ea312d7890d0e4e2bc70de558de0099b28cd91d8411d924550eadd003bf61df7fcb37e1c71821535d2af303c13ed1161859dc686919e4a661663bc30de3afdf7100dc9d30bb17e099696927d8beb5b111de49721b84361f4095c7db50aa50fc2ae9be97969d759485c24b1ef559db4c8719ba704514b3d9ebd7b7fece0f5727d38719bfc80c7c1dc977398f8bd857790613f049edba5619e0cc405d7be08e9814fe14af4ce0ab2dd710830485b8b30d4cf28662cdffdb2b17f52a97cbb51fcd686a02d9aac062ec2bbb1da26ebe3326ffbe9e37ff8e3b2f18dc400b5ed433dc0823c95b5014a1955b8b6a45d76ba328461689b04c8b4389bc7a5dda17b3e1581ceb3961e34ca9e48f5487f29fb0e16b8f4070016f5493baf7e08bc18fe401f3e2e84e2dd757499b9edb295466eafd5ed2ef7bc3ec95c8fb736be9e58ffcf6457faf2fe6bab4f71079f7638fc0ef5929bd782f0b34fcdddabd609932794260f0481061b0d68092b7ce9111701d0dea79301648aad29a44042f8dd095fc4bbe92098ee84ed73bc2190e806b3434a89c35445b3db166b6739d89a3eb1e18c1fc0ac52769822a120c1a106fd411f6b226f6b85efba4e76b467df2ae50b5594d39cbddea97c82b978e13587c73a1587d0440fb9b16d9b3159196d96c3fb840a950966f431dc650dd619b06556355301eb2fdae4872fa4bfb0102798a900afaee1782c435cbc7ab12236df2b9b9098fcd73db7f9c340e2f05ac83ff14bd958c48c9d087da4cb167afcc575327f1256fa6f6033f85f4d3fb5484605ffdb734f587dd18339f89e688c37a0c53967ebd09e897540565666b62dc6f11b04d061c41520b14db408c12deef1884ab058c8cca141f09edb55e71805bd304d2aabc9f8e8abab468b9c28d502b2e581ef06db85a1ada56b824a9f5d836f8d5e90b17861ba5a5cfb5d031cf923494ac753279ac016b499a3a08d0237f8533e984dbe876aa81ad56b47315ff33bbbdfd3540c5362497225b5bc811119680c47526355e4ce4b442df34b1c8fac40ea77f4f892523dd5c6a7040878f6eeb3b021c17e000000000000000000000000$4abd33759fd68d5092fcbd46a42459ca3676827c:::::mozilla_test.p12

---

Version: 1.9.0-jumbo-1 Build: linux-gnu 64-bit x86_64 AVX2 AC OMP SIMD: AVX2, interleaving: MD4:3 MD5:3 SHA1:1 SHA256:1 SHA512:1 System-wide exec: /usr/lib/john System-wide home: /usr/share/john Private home: ~/.john CPU tests: AVX2 CPU fallback binary: john-xop-omp OMP fallback binary: john-avx2-non-omp $JOHN is /usr/share/john/ Format interface version: 14 Max. number of reported tunable costs: 4 Rec file version: REC4 Charset file version: CHR3 CHARSET_MIN: 1 (0x01) CHARSET_MAX: 255 (0xff) CHARSET_LENGTH: 24 SALT_HASH_SIZE: 1048576 SINGLE_IDX_MAX: 32768 SINGLE_BUF_MAX: 4294967295 Effective limit: Max. KPC 32768 Max. Markov mode level: 400 Max. Markov mode password length: 30 gcc version: 9.2.1 GNU libc version: 2.28 (loaded: 2.31) Crypto library: OpenSSL OpenSSL library version: 01010103f (loaded: 0101010bf) OpenSSL 1.1.1c 28 May 2019 (loaded: OpenSSL 1.1.1k 25 Mar 2021) GMP library version: 6.1.2 (loaded: 6.2.1) File locking: fcntl() fseek(): fseek ftell(): ftell fopen(): fopen memmem(): System's

[magnumripper]

Confirmed using latest bleeding jumbo

[solardiz]

updating pfx2john.py to python3 (minor changes here https://github.com/kabutor/python/blob/master/pfx2john.py)

FWIW, we already have the same changes in here, introduced in 708ea345e0ed46ffdc80d6fbdade859cce793281.

[kabutor]

updating pfx2john.py to python3 (minor changes here https://github.com/kabutor/python/blob/master/pfx2john.py)

FWIW, we already have the same changes in here, introduced in 708ea34.

The truth is that google point me to another repository searching for pfx2john.py, and I modify to make it work in python3 wich is standard almost everywhere these days.

I see there has not been a new john version since some time ago, I wasn't aware of that fix, thanks for pointing it :)

[solardiz]

The only difference I see is that the number of iterations in windows is 2000 and the iterations in the mozilla pkcs12 are 600000

Also salt length 16 is unusual. In the test vector that we have with 2000 iterations, the salt length is 20. I wonder if the problem maybe occurs on the export from Mozilla - dropping 4 bytes of salt?