-
All replies
-
Helpful answers
-
Jul 25, 2015 1:24 PM in response to UserFromCupertinoby Kappy,You can't recover it. If you forgot it, then whatever is on the encrypted image is lost.
-
Jul 25, 2015 2:17 PM in response to Kappyby UserFromCupertino,The internets tell me if you get the password hash out of some file, you should be able to run a password hacker on it. Where would I find this password hash?
Thanks
-
Jul 25, 2015 2:22 PM in response to UserFromCupertinoby Kappy,I have no idea. Try a Google search.
-
Jul 26, 2015 10:52 AM in response to UserFromCupertinoby MrHoffman,UserFromCupertino wrote:
The internets tell me if you get the password hash out of some file, you should be able to run a password hacker on it. Where would I find this password hash?
Thanks
There's no "hash out of some file" here. That's fodder for TV shows and fiction and poorly-written crypto, but — short of a completely revolutionary cryptographic attack — that's just not something found with peer-reviewed and secure modern cryptography.
If the password has been forgotten, then somebody will have to brute-force the encrypted disk, and — with a good password having been chosen — that might take a few decades. Not kidding about that time horizon, either. Might take quite a lot longer than decades, too.
With AES — which is what is used with most OS X disk images — there are no known viable attacks. There is only brute-forcing. And that effort might require — and I'm not making this up — billions of years for a good password, with present-day technology.
If things were otherwise, the encryption would not be considered very secure.
-
by rccharles,Jul 27, 2015 1:47 PM in response to UserFromCupertino
rccharles
Jul 27, 2015 1:47 PM
in response to UserFromCupertino
Level 6 (8,486 points)
Classic Mac OSIf you kind of remember your style of making up passwords, you might be able to speed up the password attack. There are professional recovery firms you could employ ...
-
Jul 27, 2015 2:37 PM in response to rccharlesby UserFromCupertino,I use a few word combinations and uppercase/lowercase to create my passwords. I want to be able to feed a password cracker this info and have it try all combinations. Is there such a tool available?
-
Jul 27, 2015 5:18 PM in response to UserFromCupertinoby Tony T1,There are tools that will do a dictionary crack, but you'll only have luck if you used a weak password.
LMGTFY: http://bfy.tw/11Io
-
Jul 28, 2015 2:07 AM in response to UserFromCupertinoby Roote,Make sure you protect your data before running any commands on the command line by having a recent backup, preferably Time Machine. Any commands you run you do so entirely at your own risk. Information provided is intended for the password recovery of your own property.
The best chance to recover the password is if a simple/weak password was used or you recall most of the characters. For instance, you recall all the alphabetic characters and their position, but you don't recall the numerical digits you appended. As a simple example, you recall using "hogwild", but not the three digits that follow: "hogwild%%%", where %%% could be any sequence of three numerals 0-9. That means there are 10^3 = 1,000 possible passwords. If you don't remember any of the characters, it will become impossible quickly. Consider that an unknown all lowercase five character simple password has 26^5 = 11,881,376 possibilities. If all ninety-five ASCII printable characters were selected from - letters, digits, punctuation marks, and miscellaneous symbols, there are 95^5 = 7,737,809,375 possibilities.
If you have a reasonable idea what the password is, you can use a dictionary or hybrid dictionary attack to try to recover it. The strategy is to perform efficient rather than exhaustive attempts to reduce time expense. For a dictionary attack, you need to craft a custom word list which prunes the number of possible candidates. For the word list, you can use a command line word list generator such as crunch. Download from http://sourceforge.net/projects/crunch-wordlist/. Using the scenario above, an example of basic syntax:
crunch 10 10 -t hogwild%%% -o /path/to/wordlist.lst
Where crunch is the command, the first 10 is the minimum length of the string, the second 10 is the maximum length of the string, -o specifies an output file, and the -t option specifies that only the % symbol will change so that numbers will be inserted in place of the % symbol, in this case 000-999. Use the command "man crunch" in Terminal for more info. A good resource that explains the options in detail is available at http://adaywithtape.blogspot.com.au/2011/05/creating-wordlists-with-crunch-v30.h tml.
Once you have a word list, use can use it with a command line password recovery/cracking tool such as John the Ripper.
1. Download the John the Ripper bleeding-jumbo zip from https://github.com/magnumripper/JohnTheRipper. This version has the necessary dmg2john.py file for DMGs. Drag to the Desktop. Unzip if not already unzipped.
2. Read the README and INSTALL files located in the doc subfolder. Add a .txt extension if needed to read as a text file. Follow the directions to build. You'll need Xcode installed. It can be downloaded from the Mac App Store.
3. Read FAQ, MODES, RULES, EXAMPLES, and README.Apple_DMG for usage.
4. If you haven't already, in Terminal create your word list with crunch or use the options available in JtR. For John the Ripper, the list requires a .lst extension. You may want to use base passwords in your word list and let JtR provide mangling rules with the --rules option while using wordlist mode. There are many subtleties involved in wordlist rules and well worth looking at in detail. Read EXAMPLES and RULES for more info.
5. In Terminal, run dmg2john.py on your password-locked DMG. An example of basic syntax:
/path/to/dmg2john.py /path/to/your/DMG.dmg > /path/to/DMG.txt
6. Run the John the Ripper executable (john), located in the run subfolder, on the hash file created by dmg2john.py (i.e. DMG.txt). An example of basic syntax:
/path/to/john --wordlist=/path/to/your/wordlist.lst /path/to/DMG.text
You might consider splitting the workload across multiple CPU cores with the --fork=N option, where N is the number of cores. Read more in the OPTIONS file.
If you prefer a GUI to the command line to run JtR, you can download a binary of Johnny from http://openwall.info/wiki/john/johnny.
Article about a Web Security professional who forgot his password:
https://blog.whitehatsec.com/cracking-aes-256-dmgs-and-epic-self-pwnage/
-
-
Jul 28, 2015 4:39 PM in response to Rooteby Roote,After looking at the various JtR versions, it looks like both John the Ripper 1.8.0-jumbo-1 versions now contain dmg2john.py. So download any of the three. JtR 1.8.0-jumbo-1 versions can be found at http://www.openwall.com/john/.
-
Jul 28, 2015 8:01 PM in response to Rooteby Roote,Although the Python script dmg2john.py works fine on Apple disk images (.dmg) and sparse images (.sparseimage), it hasn't been updated for sparse bundles (.sparsebundle). dmg2john is built into the john executable. Call the dmg2john symlink instead:
/path/to/dmg2john /path/to/your/DMG.dmg > /path/to/DMG.txt
Therefore, just use the symlink (/path/to/dmg2john) for all three types.







