Comments (12)
Thank you @picklepratfall, but this isn't a proper/complete issue report. You were supposed to replace the template text with your actual issue description.
What system/version are you on? What version/build of John the Ripper are you using? What kind of input file did you run libreoffice2john.py
on?
from john.
Looking at the code, we conditionally initialize start_key_generation_name
based on file contents, but then use it unconditionally. Maybe there exist files that lack this field, and maybe we should assume some kind of default for those. I tentatively labeled this issue as request for "enhancement" to support such files, but we need a sample file like this (not security sensitive), so that we'd know our changes actually help (rather than e.g. hide the problem, resulting in people wasting their and computer time) - or maybe @picklepratfall could test a possible change for us.
from john.
My bad, I had closed my browser tab before finishing the issue, so it seems to have published it unfinished. I'm editing it now.
Basically, I'm trying to use libreoffice2john.py on a 2009 openoffice ODT I password protected years ago, but this script can't handle it due to the xml file lacking start_key_generation_name
I just solved it by hardcoding required_checksum_type = 0
and commented out the offending lines locally.
from john.
I just solved it by hardcoding
required_checksum_type = 0
and commented out the offending lines locally.
Thanks. Were you able to actually crack the password?
from john.
Not yet, I had previously tried like maybe 14 hours and ruled out up to 7 characters, but my hardware isn't powerful enough. I'll be darned if I can remember what dumb password I had put on this thing.
from john.
The primary reason I ask is to determine whether your fix is actually right, and whether it's something we should apply too. With a wrong fix, you could end up with a wrong "hash" that wouldn't match the correct password.
from john.
So for reference here's what the manifest looks like (with sensitive info redacted) from this 2009 Openoffice file:
<?xml version="1.0" encoding="UTF-8"?>
<manifest:manifest xmlns:manifest="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0">
<manifest:file-entry manifest:media-type="application/vnd.oasis.opendocument.text" manifest:version="1.2" manifest:full-path="/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/statusbar/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/accelerator/current.xml" manifest:size="0">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/accelerator/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/floater/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/popupmenu/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/progressbar/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/menubar/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/toolbar/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/images/Bitmaps/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/images/"/>
<manifest:file-entry manifest:media-type="application/vnd.sun.xml.ui.configuration" manifest:full-path="Configurations2/"/>
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml" manifest:size="4925">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="styles.xml" manifest:size="10725">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="meta.xml" manifest:size="935">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="" manifest:full-path="Thumbnails/thumbnail.png" manifest:size="4252">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="" manifest:full-path="Thumbnails/"/>
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="settings.xml" manifest:size="8087">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
</manifest:manifest>
from john.
Going off the python file, looks like checksum should go for SHA1 which was "0" which was my original "hack" fix. I tried reverting all the way back to the 13 year old version of this file that supposedly used to work with openoffice but it's written in Python 2 syntax so it didn't work at all on modern machines haha
For reference to your earlier questions: I cloned the latest bleeding-jumbo code and compiled it per the install instructions, and I'm running this in Arch Linux.
from john.
I think let's try this:
+++ b/run/libreoffice2john.py
@@ -47,6 +47,7 @@ def process_file(filename):
is_encrypted = False
key_size = 16
+ start_key_generation_name = "SHA1"
for i in range(0, len(elements) - 4):
element = elements[i]
if element.get("{urn:oasis:names:tc:opendocument:xmlns:manifest:1.0}full-path") == "content.xml":
It's going to insist that if start-key-generation-name
is missing, checksum-type
must use SHA-1. This may be unnecessarily strict (we'll eventually find out if so), but it's more permissive than what we have now (where we disallow all input files without a start-key-generation-name
).
We also need to add more samples to https://github.com/openwall/john-samples
from john.
@picklepratfall Can you please test and confirm that our latest script with the above one-liner patch works on your file (to the same extent than your hacks did)? Thanks!
from john.
Worked perfectly the first time, got a hash. Appreciate the help!
from john.
Thank you @picklepratfall for testing. I've just pushed the fix. This issue is now closed, but please add a comment if you find out anything new (e.g., if you successfully crack your file after this fix, or on the contrary determine that something is wrong).
from john.
Related Issues (20)
- HDDA not supporting uri containing a colon HOT 8
- 7z2john.exe missing HOT 1
- The hybrid version of john-the-ripper! HOT 3
- instlling bsddb3 HOT 1
- "--format=bitlocker" doesn't load a "hash" produced by bitlocker2john, but "--format=bitlocker-opencl" does HOT 13
- PFX format bug(?): No password hashes loaded HOT 4
- Optimize usage of SINGLE_HASH_MIN
- Support Apache Shiro Argon2 hash encoding
- [Feature Request] Update INSTALL.md for AMD ROCm for Linux builds HOT 12
- argon2-opencl should support longer passwords HOT 4
- Allow --dupe-suppression in batch mode HOT 7
- Allow --no-loader-dupe-check along with --show=left HOT 1
- Loading a pdf2john hash into hashcat HOT 6
- misleading description of source() method and undefined behaviour due to invalid pointers HOT 3
- with --fork= and not enough memory, main process can exit before forks leaving them running in background HOT 2
- I made Hydra-John and it's done! HOT 1
- idea how to merge nt and nt-long, and implement other multi-limb hashes based on Merkle–Damgård construction HOT 9
- Astra Linux variants (streebog) fail on BE HOT 4
- make's target ../run/dynacomptest is broken; also add it to CI? HOT 2
- Upgrade to new Unicode spec 16.0.0+
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from john.