john
john copied to clipboard
openwall
wpapcap2john illegal instruction (AVX)
While at #4243 , I found that wpapcap2john is not working properly; it has the AVX `vmovdqa.
Be aware that it is a package with a fallback chain of JtR binaries.
- When I run
wpapcap2john -vit works. - But it gives me an illegal instruction when I run it using a valid file.
As an example, after disassembling:
5e4d: 48 89 05 54 6d 20 00 mov %rax,0x206d54(%rip) # 20cba8 <new_p>
5e54: 0f 84 ac 1b 00 00 je 7a06 <process_packet+0x2086>
5e5a: 4c 89 3d 3f 6d 20 00 mov %r15,0x206d3f(%rip) # 20cba0 <new_p_sz>
5e61: c5 f9 6f 05 b7 61 20 vmovdqa 0x2061b7(%rip),%xmm0 # 20c020 <fake802_11>
5e68: 00
5e69: 49 8d 7d 20 lea 0x20(%r13),%rdi
5e6d: 48 8d 73 0c lea 0xc(%rbx),%rsi
5e71: c4 c1 78 11 45 00 vmovups %xmm0,0x0(%r13)
5e77: c5 f9 6f 0d b1 61 20 vmovdqa 0x2061b1(%rip),%xmm1 # 20c030 <fake802_11+0x10>
zip2john works fine
Good find. It was always a time bomb due to calling some functions that are not 100% guaranteed built without SIMD. #2679 https://github.com/magnumripper/JohnTheRipper/issues/2679#issuecomment-323809836
@claudioandre-br can you show a backtrace when this happens? I'd like to see what function we're in when this happens.
$ git grep -l new_p_sz
wpapcap2john.c
Never mind, we're in wpapcap2john itself. That's strange - IIRC we do fall back before reaching the symlinked main().
Ah... wpapcap2john isn't a "symlinked" binary. It should be built with same flags as john.o
On Sun, Apr 05, 2020 at 05:55:54PM -0700, magnum wrote:
Ah... wpapcap2john isn't a "symlinked" binary. It should be built with same flags as
john.o
Alternatively, maybe that's a reason to make wpapcap2john and all others symlinked, so that the existing fallbacks mechanism works for them without requiring any per-program magic.
The string functions from misc.o are useful for many of these programs, but always building that file without architecture-specific optimizations might have a performance impact for the main john program.
BTW, the same applies to putty2john
146a: c5 f9 6f 05 2e 1a 00 vmovdqa 0x1a2e(%rip),%xmm0 # 2ea0 <_IO_stdin_used+0x2c0>
1490: c5 f9 6f 0d 18 1a 00 vmovdqa 0x1a18(%rip),%xmm1 # 2eb0 <_IO_stdin_used+0x2d0>
14a3: c5 f9 6f 15 15 1a 00 vmovdqa 0x1a15(%rip),%xmm2 # 2ec0 <_IO_stdin_used+0x2e0>
21e1: c5 f9 6f 1d e7 0c 00 vmovdqa 0xce7(%rip),%xmm3 # 2ed0 <_IO_stdin_used+0x2f0>
whenever i run "zip2john" or "john" it gives me Illegal instruction (core dumped)
@sleepy124 Thank you for reporting this. Please describe how you built/installed John, what version, and what system you're on (including OS and CPU).