JohnTheRipper formats

[psypanda]

As requested on the hashcat forum hashID should also support the corresponding JohnTheRipper format/mode.

I already added some JTR formats to hashinfo.xlsx but I'm still missing a lot more.

[magnumripper]

This will give you a rough list of example hashes for JtR

$ ../run/john --list=format-details | cut -f1,15

Caveats:

1. It's -f1,14 in 1.8.0-jumbo-1 and in git until 2014 Jan 7, now it's -f1,15
2. The hashes will be output truncated to 256 chars (24 formats affected) and the examples may or may not include a "format tag" as it's frequently optional.

To investigate a single format, use eg.

$ ../run/john --list=format-tests --format:raw-md4 | cut -f1,3

This will list all self-test-vectors for the format (actually you can list them for all formats at once if you drop the --format option) and they will not be truncated. If the format has an optional "tag" at all, it should always be included in at least one of the lines.

[psypanda]

Thank you. I've created two files from the commands and started working in the branch jtr-formats format-details: $ ../run/john --list=format-details | cut -f1,14 | column -t format-tests: $ ../run/john --list=format-tests | cut -f1,3

[magnumripper]

I see now the 'column -t' was a bad idea, you might want to regenerate it without that.

[psypanda]

Yeah I didn't mind that some hashes got messed up a little, but anyway here is the new generated file format-details without column -t

[magnumripper]

Wow, found a bug here. Some formats (eg. NETLM) lacked ciphertexts in your output. The bug is fixed in bleeding-jumbo, please pull and re-generate that first file once again if needed.

[psypanda]

Got the first quick and dirty working version out (9e4e3ff85cfae2bf47f7cc92ba1b8c32b6ecfd86). Still some JtR formats need to be added and changed from the new list generated from the latest pull from bleeding-jumbo - but its a start.

[magnumripper]

BTW I forgot to stress this: Please note that JtR very often has two (or more) valid input formats for any given hash type. One is what's written in the .pot file, that one nearly always has a "tag". But often other formats are accepted as input, typically the untagged format (like a raw hex string). For example, we accept NT hashes as untagged raw hex input (any hex string of length 32), or as pwdump format, or with the tag ($NT$deadcafebabeblablabla). For untagged input you typically need to specify --format while tagged input will be auto-detected.

Just so you have this straight, maybe you already knew all this.