Discussion:
[john-users] No password hashes loaded in password file generated from DMG using dmg2john.py
Eric Kent
2018-01-22 17:57:48 UTC
Permalink
I have an Apple DMG created over 5 years ago that is encrypted using either
AES-128 or AES-256 for which I have forgotten the password. I have a
limited character list of possible characters included that may be included
in the password (twelve possible letters in lowercase or capital form, 2
numbers, 2 symbols) and the password is complex in that it may include
lowercase letters, capital letters, numbers, or symbols, but it is simple
in length.

I ran dmg2johh.py to generate a password file (dmg2john.c will not compile)
and then executed John on this password file, receiving a "No password
bases loaded" response. I created a new DMG with a known password and
repeated the above process, and John immediately found the password. I also
repeated the above process on a preexisting DMG from several years ago and
it succeeded as well. Only the DMG in question that I need to open gives
the "No password bases loaded" response.

Interestingly, the password files of the new DMG created as a test case and
the subject DMG that I am trying to open are not similar whatsoever in
format or length.

Would this be indicative of an an idiot user, an incompatible encryption
format, a corrupted DMG, or some larger system or John issue?

John the Ripper 1.7.3.1 *Pro* for Mac OS X
Mac OS X version 10.12.6
Solar Designer
2018-01-22 18:45:01 UTC
Permalink
Post by Eric Kent
I have an Apple DMG created over 5 years ago that is encrypted using either
AES-128 or AES-256 for which I have forgotten the password. I have a
limited character list of possible characters included that may be included
in the password (twelve possible letters in lowercase or capital form, 2
numbers, 2 symbols) and the password is complex in that it may include
lowercase letters, capital letters, numbers, or symbols, but it is simple
in length.
I ran dmg2johh.py to generate a password file (dmg2john.c will not compile)
In what way did dmg2john.c not compile? Can you show how you tried to
compile it, and what error messages you received? It's normally
compiled along with the rest of JtR jumbo.

You may also download JtR jumbo pre-built for OS X / macOS:

http://download.openwall.net/pub/projects/john/contrib/macosx/
Post by Eric Kent
and then executed John on this password file, receiving a "No password
bases loaded" response. I created a new DMG with a known password and
repeated the above process, and John immediately found the password. I also
repeated the above process on a preexisting DMG from several years ago and
it succeeded as well. Only the DMG in question that I need to open gives
the "No password bases loaded" response.
Interestingly, the password files of the new DMG created as a test case and
the subject DMG that I am trying to open are not similar whatsoever in
format or length.
That's weird. What does the non-loadable output of dmg2john look like,
roughly? In what way is it dissimilar?
Post by Eric Kent
Would this be indicative of an an idiot user, an incompatible encryption
format, a corrupted DMG, or some larger system or John issue?
I can't tell what the issue is from just the information you provided so
Post by Eric Kent
John the Ripper 1.7.3.1 *Pro* for Mac OS X
Mac OS X version 10.12.6
JtR Pro does not support cracking of DMG file passwords at all. You
must have been using jumbo where things worked for you before, and you
need to continue using jumbo for your "subject DMG". What version of
jumbo was that? Either way, I suggest that you try either latest
bleeding-jumbo off GitHub (you'd need to build it from source) or the
binary builds downloadable from the URL above (they're older, but are
capable enough for your needs).

I hope this helps.

Alexander

Loading...