Index of /pub/projects/john/contrib/vms/2011-jonesd
Name Last modified Size
Parent Directory 13-Jan-2012 16:00 -
jtr_vms_2-4.zip 26-Sep-2011 16:00 101k
README.txt 13-Jan-2012 15:23 9k
Status: tested on few platforms (macosx-x86-64, linux-x86-mmx).
Support to allow John to crack OpenVMS password hashes, including the later
mixed case ones. Also allows JtR executables to be built on OpenVMS Alpha 8.3
systems with the DECC compiler.
Installs in a sub-directory, src/vms in the standard source tree and produces a
dynamic library file (vms_fmt) to be used in conjunction with plugin option
added in 1.7.8-jumbo-7.
Author: David Jones
aaareadme.txt from the .zip archive follows:
This is a new patch for John the Ripper (1.7.8) to support OpenVMS password
hashes. The major difference between this patch and the 2002 patch by
Jean-loup Gailly is that this version supports mixed-case passwords (UAI flag
UAI$M_PWDMIX). It is also multi-threaded, increasing performance up to 50-65%
on a dual-processor system (splitting your password file into multiple jobs is
probably more effective). The only builds done so far are on OpenVMS Alpha
8.3 and OS X x86 1.6 (Mac Mini).
This kit has 3 parts: a patch to JtR version 1.7.8 to add the
--plugin=dll_file option; the openvms format module; and a
OpemVMS utility program to convert SYSUAF.DAT files to passwd files.
Start with the source tree from the standard John the Ripper (JtR)
distribution version 1.7.8, unzip the distribution file with the
src directory as the default, which will create ./vms directory with
several files in it. Then apply the patch with the one of the commands:
patch -p1 <vms/john_1^.7^.8^.plugin.diff
@[.vms]patch_src [.vms]john_1.7.8.plugin.diff [.vms]
A descrip.mms and build.com file are provided for building on OpenVMS, a
replacement Makefile is provided for building the vms_fmt shareble on
Unix/Linux. If you start with s 'jumbo patch' version of John the Ripper,
invoke mms with /macro=jumbo=7 or use the build_jumbo.com procedure.
On Unix, the make produces a new ../run/vms_fmt shared library, a build on
OpenVMS produces 3 or 4 image files in the [-.run] directory: john.exe,
uaf_to_passwd.exe, vms_fmt.exe (shareable image), and (optionally)
openssl_shim.exe. The shim file is needed because John requires
case sensitive external names and HPs OpenSSL library provides only
case insensitive (upcased) symbol definitions.
John the Ripper executable:
A new command line and config file option was added to john to support
dynamically loading modules to handle new password hash formats.
The VMS password hash function was then added via this mechnism (the
vms_fmt.exe shareable image). You can either specify this module
on the command line as --plugin=dll_file or by adding the line
"plugin = dll_file" to john.conf. Note that on VMS the dll_file
filename must be a full file specification since dlopen() looks
in sys$share by default.
vms_fmt shareable image/dll:
When loaded, the vms_fmt module registers a format name of "openvms".
On startup, this module uses an environment variable, JOHN_OPENVMS_THREADS,
to configure the multi-threading parameters. The variable value is a
string of the form "number threshold limit", where:
number Is a decimal integer indicating the number of auxillary
worker threads to create (default 1). The worker threads
are given batches of candidate passwords to hash against
a salt, the results of which will be searched for a match
with the password file entry. Zero is a legal value,
which forces all work to be done by the main thread.
threshold Number of candidate passwords (keys) that must be
accumulated before a work request may be initiated
asychronously to a worker thread (default 36).
limit Maximum number of candidate passwords passed to a worker
thread in a single request (default 120, max 1680). The
degree of concurrency achieved depends upon threshold,
limit, and john the ripper's operating mode. Best results
are when john is operating in wordlist mode.
This program reads a UAF data file and generates a passwd file that JtR uses
as input. Note that the 'ciphertext' hash string inserted in the password
field is encoded very differently than what the J. Gailly patch uses.
The username component is condensed to 5.32 bits/character (RAD-50, 3 chars/
16 bits) and the string is a fixed length.
On OpenVMS, the SYS$GETUAI service (with inherent privilege checks) is
used to extract the information from SYSUAF. A non-privilege user can
extract his own account's password hash from the system SYSUAF, but no one
OpenVMS Command line:
uaf2john [sysuaf-listing|$|~username] [output-file]
Unix Command line:
uaf2john rawuaf-file [output-file]
rawuaf-file Binary file containing contents of SYSUAF.DAT
converted to a flat file with fixed length
(1412 byte) records. The uaf2fixed.com command
procedure invokes the OpenVMS convert utility
to procduce this file.
sysuaf-listing Must be a file of the format produced by the
authorize list/brief command. The usernames
to lookup are extracted from this file.
$ Spawn the appropriate authorize command and use the
SYSUAF.LIS file produced. It is not deleted
~username Produce a temporary input file with a single line
containing the specified user and enough elememts
to be parsed by uaf_to_passwd.
output-file A unix-style passwd file (7 colon-delimited fields)
suitable for input to John the Ripper. If omitted,
output goes to stdout (sys$output).
Files in kit that apply to Unix and OpenVMS:
vms_fmt.c Defines class record for registering vms_std-mp.c
as a plugin (dynamically loaded) format for OpenVMS
vms_std-mp.c, .h Provide decoding/hashing functions to JtR for
processing openvms format ($V$) hash strings. This
module is where multi-threading takes place.
uaf_raw.h Defines record layout for SYSUAF.DAT file (after
conversion by uaf2fixed.com).
uaf_encode.c, .h Support routines for encoding/decoding ciphertext
strings from SYSUAF information.
uaf_hash.c Logically part of uaf_encode.c, provides the password
hash function for testing candidate passwords.
uaf2john.c Conversion utility, see preceding section.
vms_tst.uaf Test input file for uaf2john on Unix systems. File
passwords were taken from bf_tst.in in 1.03 test
john_1.7.8.plugin.diff Used to patch JtR source files to allow loading
of DLL-based format via the --plugin=dll. Updates
files: john.c, Makefile, formats.h, options.c,
and options.h. Adds new files plugin.c and plugin.h.
makefile Make file for vms_fmt DLL and uaf2john executable.
Files in kit that apply to OpenVMS only:
descrip.mms Used for OpenVMS build. MMS description file.
build.com build_jumbo Command procedures to build executables.
prejohn.c Wrapper main() for setting up C RTL environment
for john.c's main().
tty-vms.c Used for OpenVMS build to provide non-blocking
reads of terminal keystrokes. JTR polls keyboard
once a second and outputs status line if any activity.
signals-mp.c Used for OpenVMS build.
alpha-vms.h Used for OpenVMS build, platform-specific architecture
information (seed for arch.h).
stdbool.h,stdint.h Substitute system headers not shipped with DECC.
john_build_rule.h Supplies pseudo-make 'rule' for build: "OpenVMS-MMS".
uaf2fixed.com OpenVMS command procedure to convert SYSUAF.DAT to
format for processing on Unix.
john.opt john-j7.opt Used for OpenVMS build, linker options file.
vms_fmt.opt Linker options file for vms_fmt DLL.
openssl_shim.opt (Jumbo build on OpenVMS)
Copyright (c) 2011 by David L. Jones <jonesd/at/columbus.rr.com>, and
is hereby released to the general public under the following terms:
Redistribution and use in source and binary forms, with or without
modifications, are permitted.