Thireus' Bl0g

John the Ripper is a fast and famous password cracker.

John can break many password hashes, but one of the primary missing feature was the CPU multiple core support. But today, John the Ripper 1.7.9 supports OpenMP which brings Multi-Processing. Of course this feature was present on some patched versions of John, but since the 1.7.9 version it is officially integrated.

One of the best platform where you should use John the Ripper is UNIX, I personally prefer using john on Debian x86_64.

Let’s try some simple steps to enable and illustrate the new feature

• First go to http://www.openwall.com/john/, and download the latest version. When I write this article the latest stable release was 1.7.9.

$ wget http://www.openwall.com/john/g/john-1.7.9.tar.gz
$ tar -xvzf john-1.7.9.tar.gz

• Now let’s make some changes into the Makefile to enable the use of OpenMP

$ cd john-1.7.9/src/
john-1.7.9/src$ nano Makefile

• Locate the following lines

# gcc with OpenMP
#OMPFLAGS = -fopenmp
#OMPFLAGS = -fopenmp -msse2

• Uncomment OMPFLAGS

# gcc with OpenMP
OMPFLAGS = -fopenmp
OMPFLAGS = -fopenmp -msse2

• Before compiling john, make sure you have gcc installed! Now, let’s compile john.

john-1.7.9/src$ make

This command will list all the systems where john can be compiled on. As I’m running Debian x86_64, I will choose linux-x86-64.

john-1.7.9/src$ make linux-x86-64

John should be located in the ../run folder.

• Let’s try John

john-1.7.9/src$ cd ../run/
john-1.7.9/run$ ./john --test

Some benches should appear…

Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
Many salts:	7651K c/s real, 3872K c/s virtual
Only one salt:	6876K c/s real, 3487K c/s virtual

And John might use all your CPU cores.

• Now let’s do something fun, if you want John to use a certain amount of cores you can adjust it with the environment variable OMP_NUM_THREADS:

john-1.7.9/run$ OMP_NUM_THREADS=1 ./john --test

Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
Many salts:	3982K c/s real, 3990K c/s virtual
Only one salt:	3770K c/s real, 3770K c/s virtual

As you can see, this bench is twice slower than the previous one. Because I asked OpenMP to use only one core on my dual-core CPU.
Feel free to adjust the number of cores you want to use with OMP_NUM_THREADS

Three other quick tips regarding John the Ripper

• Restore your previous job in background

./john --restore &> /dev/null &

• Get status for the current task

./john --status

• Show cracked passwords

./john --show hash_file

 Let’s see if you can crack some of my UNIX accounts

baby:$6$rc7o1BLw$Qsl9hnQx7W3C3KDagDkWXAXDx0vDWqwM0BOOeQyotXzCvUs6DeijTp3zBsbjCw4ou2OoJXKf6qNC5pEGEsjZF/
mat:$6$Ajsi.AJy$GdZ3iGYzaUk.NoTkGrSpTotskDyg3FIrBMjya7un.WE4r.P/RdhwRb2e6mmdJWZrLHgNuCc1CUEVtj5l4qVec1
milou:$6$UYj2H.Jq$ChyawjKf3XQVftrVpnDEsFFph1P0pElDv3GuBXXTy2ICbB3oVE/6mhyo3poCD532B03fYMSWgR3D7E.qFyXnk/
superman:$6$8HZYSst1$F/8U5nPD9grY/kaC3jWVZcqdawRsa3t9PKKWSI6MZwR9T2vCs8jxWajx7vYcHtSPe0FbIf8LnMDJESTrmaAx7.
toto:$6$Mzwiuppo$4aSvxLcbDD7hhnWj9vr9js7/VZ5hNhrq/b07PVfMc9Y4SeNMNtHci8XYUTAxF7c3qv3uHqByKzdFPAV3KBBog0
master:$6$Jyv/bLLH$wC1eBBFpPclSwNuS5Lkj1ciqZCtO4d/FQ/8RuWrHRejvAZSn4zSmGDaTYwwgOofytlhwTHD8vE3QuqRYmFdKj0

Have fun with my friend John

Incoming search terms:

• john the ripper multicore (91)
• john the ripper multi core (82)
• john the ripper multithreaded (72)
• dd-wrt tcpdump (42)
• john the ripper multithread (33)
• john the ripper multiple cores (27)
• john openmp (26)
• jtr openmp (22)
• john the ripper dual core (21)
• john the ripper openmp (20)