Content from <a class="user-mention notranslate" data-hovercard-type="user" data-hover

Thank you <a class="user-mention notranslate" data-hovercard-type="user" data-hovercar

I think let's try this: <div class="highlight highlight-source-diff notranslate po

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

libreoffice2john.py: UnboundLocalError: cannot access local variable 'start_key_generation_name' about john HOT 12 CLOSED

picklepratfall commented on June 8, 2024

libreoffice2john.py: UnboundLocalError: cannot access local variable 'start_key_generation_name'

from john.

Comments (12)

solardiz commented on June 8, 2024

Thank you @picklepratfall, but this isn't a proper/complete issue report. You were supposed to replace the template text with your actual issue description.

What system/version are you on? What version/build of John the Ripper are you using? What kind of input file did you run libreoffice2john.py on?

from john.

solardiz commented on June 8, 2024

Looking at the code, we conditionally initialize start_key_generation_name based on file contents, but then use it unconditionally. Maybe there exist files that lack this field, and maybe we should assume some kind of default for those. I tentatively labeled this issue as request for "enhancement" to support such files, but we need a sample file like this (not security sensitive), so that we'd know our changes actually help (rather than e.g. hide the problem, resulting in people wasting their and computer time) - or maybe @picklepratfall could test a possible change for us.

from john.

picklepratfall commented on June 8, 2024

My bad, I had closed my browser tab before finishing the issue, so it seems to have published it unfinished. I'm editing it now.
Basically, I'm trying to use libreoffice2john.py on a 2009 openoffice ODT I password protected years ago, but this script can't handle it due to the xml file lacking start_key_generation_name

I just solved it by hardcoding required_checksum_type = 0 and commented out the offending lines locally.

from john.

solardiz commented on June 8, 2024

I just solved it by hardcoding required_checksum_type = 0 and commented out the offending lines locally.

Thanks. Were you able to actually crack the password?

from john.

picklepratfall commented on June 8, 2024

Not yet, I had previously tried like maybe 14 hours and ruled out up to 7 characters, but my hardware isn't powerful enough. I'll be darned if I can remember what dumb password I had put on this thing.

from john.

solardiz commented on June 8, 2024

The primary reason I ask is to determine whether your fix is actually right, and whether it's something we should apply too. With a wrong fix, you could end up with a wrong "hash" that wouldn't match the correct password.

from john.

picklepratfall commented on June 8, 2024

So for reference here's what the manifest looks like (with sensitive info redacted) from this 2009 Openoffice file:

<?xml version="1.0" encoding="UTF-8"?>
<manifest:manifest xmlns:manifest="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0">
 <manifest:file-entry manifest:media-type="application/vnd.oasis.opendocument.text" manifest:version="1.2" manifest:full-path="/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/statusbar/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/accelerator/current.xml" manifest:size="0">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
  </manifest:encryption-data>
 </manifest:file-entry>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/accelerator/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/floater/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/popupmenu/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/progressbar/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/menubar/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/toolbar/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/images/Bitmaps/"/>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/images/"/>
 <manifest:file-entry manifest:media-type="application/vnd.sun.xml.ui.configuration" manifest:full-path="Configurations2/"/>
 <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml" manifest:size="4925">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
  </manifest:encryption-data>
 </manifest:file-entry>
 <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="styles.xml" manifest:size="10725">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
  </manifest:encryption-data>
 </manifest:file-entry>
 <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="meta.xml" manifest:size="935">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
  </manifest:encryption-data>
 </manifest:file-entry>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Thumbnails/thumbnail.png" manifest:size="4252">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
  </manifest:encryption-data>
 </manifest:file-entry>
 <manifest:file-entry manifest:media-type="" manifest:full-path="Thumbnails/"/>
 <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="settings.xml" manifest:size="8087">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
  </manifest:encryption-data>
 </manifest:file-entry>
</manifest:manifest>

from john.

picklepratfall commented on June 8, 2024

Going off the python file, looks like checksum should go for SHA1 which was "0" which was my original "hack" fix. I tried reverting all the way back to the 13 year old version of this file that supposedly used to work with openoffice but it's written in Python 2 syntax so it didn't work at all on modern machines haha

For reference to your earlier questions: I cloned the latest bleeding-jumbo code and compiled it per the install instructions, and I'm running this in Arch Linux.

from john.

solardiz commented on June 8, 2024

I think let's try this:

+++ b/run/libreoffice2john.py
@@ -47,6 +47,7 @@ def process_file(filename):
 
     is_encrypted = False
     key_size = 16
+    start_key_generation_name = "SHA1"
     for i in range(0, len(elements) - 4):
         element = elements[i]
         if element.get("{urn:oasis:names:tc:opendocument:xmlns:manifest:1.0}full-path") == "content.xml":

It's going to insist that if start-key-generation-name is missing, checksum-type must use SHA-1. This may be unnecessarily strict (we'll eventually find out if so), but it's more permissive than what we have now (where we disallow all input files without a start-key-generation-name).

We also need to add more samples to https://github.com/openwall/john-samples

from john.

solardiz commented on June 8, 2024

@picklepratfall Can you please test and confirm that our latest script with the above one-liner patch works on your file (to the same extent than your hacks did)? Thanks!

from john.

picklepratfall commented on June 8, 2024

Worked perfectly the first time, got a hash. Appreciate the help!

from john.

solardiz commented on June 8, 2024

Thank you @picklepratfall for testing. I've just pushed the fix. This issue is now closed, but please add a comment if you find out anything new (e.g., if you successfully crack your file after this fix, or on the contrary determine that something is wrong).

from john.

libreoffice2john.py: UnboundLocalError: cannot access local variable 'start_key_generation_name' about john HOT 12 CLOSED

Comments (12)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent