search

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.1k stars 2.08k forks source link

PFX format bug(?): No password hashes loaded #5519

Closed bruhgod69 closed 2 months ago

bruhgod69 commented 2 months ago

I'm trying to find the 4-byte password to a private key in a .pfx file. I have tried every possible fix I could find which leads me to believe it may be some sort of a bug.

Steps:

I used the provided pfx2john to convert the file:

python pfx2john.py FW_priKey.pfx > key.txt

Which results in this file: (I put the ..... to truncate, only hex bytes are omitted, no special chars there)

FW_priKey.pfx:$pfxng$1$20$2000$20$b'a4a4307e3c7726836050d2a7c6e1fc69cd4b26ba'$b'308209d73082060806.....bd0e05d8799f2502f9bf54e'$b'bcb3e15d3dc5de0a95dcafbccc818ae799b773af':::::FW_priKey.pfx

I have tried both LF and CRLF line endings on this file and whether it ends with a newline or not. When I try to supply it to john, it does not seem to recognize the format either way:

./john --mask=?a?a?a?a --format=pfx key.txt -min-len=4

I have tried without --format, or just ./john key.txt, and with pfx-opencl but always same result:

Using default input encoding: UTF-8
No password hashes loaded (see FAQ)
$ ./john --list=build-info
Version: 1.9.0-jumbo-1
Build: cygwin 64-bit x86_64 AVX2 AC OMP
SIMD: AVX2, interleaving: MD4:3 MD5:3 SHA1:1 SHA256:1 SHA512:1
CPU tests: AVX2
CPU fallback binary: john-xop
OMP fallback binary: john-avx2-non-omp
$JOHN is /run/
Format interface version: 14
Max. number of reported tunable costs: 4
Rec file version: REC4
Charset file version: CHR3
CHARSET_MIN: 1 (0x01)
CHARSET_MAX: 255 (0xff)
CHARSET_LENGTH: 24
SALT_HASH_SIZE: 1048576
SINGLE_IDX_MAX: 2147483648
SINGLE_BUF_MAX: 4294967295
Effective limit: Number of salts vs. SingleMaxBufferSize      
Max. Markov mode level: 400
Max. Markov mode password length: 30
gcc version: 7.4.0
OpenCL headers version: 2.2
Crypto library: OpenSSL
OpenSSL library version: 01010102f
OpenSSL 1.1.1b  26 Feb 2019
GMP library version: 6.1.2
File locking: fcntl()
fseek(): fseek
ftell(): ftell
fopen(): fopen
memmem(): System's
solardiz commented 2 months ago

Version: 1.9.0-jumbo-1

Hi. Before we possibly spend more time on this, can you please re-try all of this with the latest code (both script and compiled) from this repo? Our previous release 1.9.0-jumbo-1 is 5 years old now (our/my fault, but nevertheless). A lot has changed since.

solardiz commented 2 months ago

In particular, pfx2john.py in 1.9.0-jumbo-1 is apparently not compatible with Python 3, which I guess is what you're using these days? This has been corrected since. And probably more.

solardiz commented 2 months ago

Alternatively, if you insist on getting this to work with 1.9.0-jumbo-1, you can try python2 pfx2john.py if your distro still has Python 2. This will likely work.

bruhgod69 commented 2 months ago

Oh sorry, I didn't realize the precompiled bins on the website are that old.

In particular, my pfx2john didn't have the decode methods called like the current. I just replaced it and it works now.

sys.stdout.write("%s:$pfxng$%s$%s$%s$%s$%s$%s$%s:::::%s\n" %
                         (os.path.basename(filename), mac_algo_numeric,
                          key_length, iterations, size, binascii.hexlify(salt).decode(),
                          binascii.hexlify(data).decode(),
                          binascii.hexlify(stored_hmac).decode(), filename))

(the password was abcd so I just wasted a whold lot of time)

Thanks for the help and sorry for my misunderstanding