Comments (12)
Thank you @picklepratfall, but this isn't a proper/complete issue report. You were supposed to replace the template text with your actual issue description.
What system/version are you on? What version/build of John the Ripper are you using? What kind of input file did you run libreoffice2john.py
on?
from john.
Looking at the code, we conditionally initialize start_key_generation_name
based on file contents, but then use it unconditionally. Maybe there exist files that lack this field, and maybe we should assume some kind of default for those. I tentatively labeled this issue as request for "enhancement" to support such files, but we need a sample file like this (not security sensitive), so that we'd know our changes actually help (rather than e.g. hide the problem, resulting in people wasting their and computer time) - or maybe @picklepratfall could test a possible change for us.
from john.
My bad, I had closed my browser tab before finishing the issue, so it seems to have published it unfinished. I'm editing it now.
Basically, I'm trying to use libreoffice2john.py on a 2009 openoffice ODT I password protected years ago, but this script can't handle it due to the xml file lacking start_key_generation_name
I just solved it by hardcoding required_checksum_type = 0
and commented out the offending lines locally.
from john.
I just solved it by hardcoding
required_checksum_type = 0
and commented out the offending lines locally.
Thanks. Were you able to actually crack the password?
from john.
Not yet, I had previously tried like maybe 14 hours and ruled out up to 7 characters, but my hardware isn't powerful enough. I'll be darned if I can remember what dumb password I had put on this thing.
from john.
The primary reason I ask is to determine whether your fix is actually right, and whether it's something we should apply too. With a wrong fix, you could end up with a wrong "hash" that wouldn't match the correct password.
from john.
So for reference here's what the manifest looks like (with sensitive info redacted) from this 2009 Openoffice file:
<?xml version="1.0" encoding="UTF-8"?>
<manifest:manifest xmlns:manifest="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0">
<manifest:file-entry manifest:media-type="application/vnd.oasis.opendocument.text" manifest:version="1.2" manifest:full-path="/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/statusbar/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/accelerator/current.xml" manifest:size="0">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/accelerator/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/floater/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/popupmenu/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/progressbar/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/menubar/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/toolbar/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/images/Bitmaps/"/>
<manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/images/"/>
<manifest:file-entry manifest:media-type="application/vnd.sun.xml.ui.configuration" manifest:full-path="Configurations2/"/>
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml" manifest:size="4925">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="styles.xml" manifest:size="10725">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="meta.xml" manifest:size="935">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="" manifest:full-path="Thumbnails/thumbnail.png" manifest:size="4252">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
<manifest:file-entry manifest:media-type="" manifest:full-path="Thumbnails/"/>
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="settings.xml" manifest:size="8087">
<manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="------------------">
<manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="------------------"/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="------------------"/>
</manifest:encryption-data>
</manifest:file-entry>
</manifest:manifest>
from john.
Going off the python file, looks like checksum should go for SHA1 which was "0" which was my original "hack" fix. I tried reverting all the way back to the 13 year old version of this file that supposedly used to work with openoffice but it's written in Python 2 syntax so it didn't work at all on modern machines haha
For reference to your earlier questions: I cloned the latest bleeding-jumbo code and compiled it per the install instructions, and I'm running this in Arch Linux.
from john.
I think let's try this:
+++ b/run/libreoffice2john.py
@@ -47,6 +47,7 @@ def process_file(filename):
is_encrypted = False
key_size = 16
+ start_key_generation_name = "SHA1"
for i in range(0, len(elements) - 4):
element = elements[i]
if element.get("{urn:oasis:names:tc:opendocument:xmlns:manifest:1.0}full-path") == "content.xml":
It's going to insist that if start-key-generation-name
is missing, checksum-type
must use SHA-1. This may be unnecessarily strict (we'll eventually find out if so), but it's more permissive than what we have now (where we disallow all input files without a start-key-generation-name
).
We also need to add more samples to https://github.com/openwall/john-samples
from john.
@picklepratfall Can you please test and confirm that our latest script with the above one-liner patch works on your file (to the same extent than your hacks did)? Thanks!
from john.
Worked perfectly the first time, got a hash. Appreciate the help!
from john.
Thank you @picklepratfall for testing. I've just pushed the fix. This issue is now closed, but please add a comment if you find out anything new (e.g., if you successfully crack your file after this fix, or on the contrary determine that something is wrong).
from john.
Related Issues (20)
- Possible to get the Core Generator project for the ZTEX source project? HOT 9
- Not ISSUE: GPG SYMMETRIC ENCRYPTION HOT 3
- NVIDIA driver 551.86 new "Warning: Function [...] is a kernel, so overriding noinline attribute" HOT 12
- Złamanie hasła HOT 1
- Broken lower-case mssql hash validation HOT 1
- PBKDF2 With salt Support HOT 4
- On recent NVIDIA drivers, OpenCL formats in 1.9.0-jumbo-1 fail with: error: passing '__generic uchar *' (aka '__generic unsigned char *') to parameter of type 'const uchar *' (aka 'const unsigned char *') changes address space of pointer HOT 2
- Dynamic memory leak when using a constant HOT 5
- GCC is again complaining about `use after [..]alloc` HOT 2
- Wrong usage of pcapngepb and pcapngpb in wpapcap2john.c HOT 5
- Omit the number 4 from the make -sj4 recommendation HOT 5
- Add Python `requirements.txt` file with pinned version numbers HOT 10
- Undefined Behavior Sanitizer "errors" HOT 6
- Support Keplr v2 wallets HOT 10
- 'make check' oddities HOT 10
- limit number of threads HOT 2
- mssql05 misses some cracks in AVX512BW builds HOT 15
- Test suite failures HOT 1
- crypt format occasionally fails a `--test-full=0 --format=cpu` run on Ubuntu 22 powerpc64le HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from john.