Korelogic Logo
"Crack Me If You Can" - DEFCON 2012
  Team Hashcat has won the contest!  
Back to [Teams] [Top]

Team john-users

Link to original writeup (external)


Active Members 21
Names / Nicks Aleksey Cherepanov, Alexander Cherepanov, bartavelle, Dhiru Kholia, elijah, Francois Pesce, Frank Dittrich, guth, JimF, Kevin Young, Matt Weir, Me Agap1, myrice, Rich Rumble, rofl0r, Rory Michele, samu, Sergey, smooge, Solar Designer, ukasz
Software John the Ripper (with various patches), custom scripts, Cryptohaze Multiforcer, 7-zip, Passware Kit
Hardware ~250 CPU cores and 9 GPUs - see individual member writeups


The contest was fun and challenging, it helped us test some experimental John the Ripper code and identify areas for further improvement.

Since last year we got a lot of cool stuff related to challenges: truecrypt (thanks, Alain Espinosa), rar (thanks, magnum), zip (thanks, JimF), odt, pdf, ssh, encfs (thanks, Dhiru Kholia) and many more. Also we got OpenCL versions of sha512crypt (thanks, Claudio Andre), bcrypt, mscash2 (thanks, Sayantan Datta) and others. We'd like to list all john's contributors but this list would be too long for this writeup. Thanks to all!

We'd like to thank KoreLogic for organizing the event. We would also like to thank all other teams who participated and made it tough for us to compete. ;-)


In addition to the active members listed above, we had a few members who merely listen. We hope they learned a lot and next time they'll show better results.

Also many members asked friends for hardware. The same way some organizations contributed their servers to us. Thanks to all!

Software: John the Ripper (with various patches), custom scripts, Cryptohaze Multiforcer (used by samu only), 7-zip to crack 7z, also elijah used trial Passware Kit to crack dmg.

We're an Open Source only team. This needs to be clarified:

We only use Open Source password cracking tools, meaning that we may use e.g. John the Ripper and Cryptohaze Multiforcer, but not e.g. hashcat (since it is closed-source).

However, we may use e.g. closed-source GPU device drivers for lack of an alternative and because they're not directly a password cracking tool.

This year, as an exception to our normal policy, a team member happened to use a trial version of Passware Kit to crack a .dmg challenge. After some debate, we decided to go ahead and submit this crack anyway, but confess in the writeup - which we do. That one crack did not affect our contest score at all since we were beyond the cap of 6 challenges anyway. With this one, we cracked a total of 11 challenges; without it, we would be at 10.


We started by cracking the challenges. The hashes were postponed. As soon as we cracked the first challenge, we tried to submit it (and shortly another one as well), but we failed: we did not try to send any e-mail from our contest server since the previous CMIYC, and as it turned out we got a problem with the caching & recursive nameserver configured on this server. We detected the problem and fixed it half an hour later, so cracked passwords for these two challenges were finally submitted. We would be happy if KoreLogic would provide a way to test scripts for cracks submission before the contest next time.

In first 3 hours Dhiru Kholia added support for sxc in JtR. Aleksey Cherepanov wrote a wrapper around 7z in shell. We cracked many challenges waiting for approval for our cracks #3, #4, #5, #6. It was a big relief to know we could stop cracking challenges, but some of us chose to proceed cracking some further challenges in the background anyway.

sunmd5 became a problem for us. JtR supported it through generic crypt() function of operating system so we needed (Open)Solaris systems for cracking but we did not have such. So bartavelle implemented sunmd5 in JtR directly. Then JimF polished it and we attacked all hash types.

We searched for patterns. But they were not just about word mangling like before. Together with challenges it filled contest with very different tasks. It was very interesting.

elijah found "pride and prejudice" pattern about 6 hours before the end. We got a perl one-liner to rip phrases and started cracking in 20 minutes. This book was a game changer.

We tried some other books but without such results. We got our books from Project Gutenberg where they were in public domain. So we did not have problems with copyright. Though we missed Lord of the Rings.

Member Writeups

You could read more details in members' writeups: Final Words

This year we worked as a real team. Everyone supported and helped each other. Team spirit was very strong. It was amazing experience.

The contest made us better in many ways: we improved relationships, we got experience, we found bugs, we wrote new code. This contest was very smooth and interesting. Great thanks for all that!


Please contact us if you would like more information about our services, tools, or careers with us.
Privacy Policy : Copyright 2012. KoreLogic Security. All rights reserved