johnny
johnny copied to clipboard
Non-printable or control chars in the Password field
We need to indicate non-printable or control chars too in the Password field. Maybe encoding to something like UTF would work for passwords containing such chars.
I don't really understand this issue. Use case :
- We get a control char from John --show. 1) Which encoding is john --show, is it ascii or utf-8,utf-16 ? 2) Are we talking about the ASCII control characters only 0-31 (http://www.ascii-code.com/) ?
- We have lines :
QByteArray output = m_johnShow.readAllStandardOutput(); QTextStream outputStream(output); We can set codec to the QTextStream there.
Also, please explain me your theory on why using UTF could show unprintable characters in the table view ?
Also, please explain me your theory on why using UTF could show unprintable characters in the table view ?
My current john.pot contains non-ascii character such as Д from the CMIYC contest and when I call outputStream.codec()->name() , without changing anything in current/master johnny code, I get "UTF-8" and this character is printed out correctly in the table view. So, maybe the Qtextstream already always choose utf or auto-detect it based on john --show output.
Non-printable is different than non-ascii chars. Ascii includes non-printable chars like carriage return or backspace. UTF char space is not a problem given that we use Qt.
http://www.juniper.net/documentation/en_US/idp5.1/topics/reference/general/intrusion-detection-prevention-custom-attack-object-extended-ascii.html
UTF support in JtR is only a recent thing and jumbo only afaik. I guess we have to work with what John outputs. The first thing to try is to see how JtR prints ascii control chars or ask on the list. I think Frank asked for this in a thread, track it down if you can and reply there.
Here is magnum answer : On 2015-08-18 14:23, Mathieu Laprise wrote: Shinnok want to indicate non-printable or control chars in Johnny's Password field for core and jumbo. We're not really experimented with encoding. How does JtR prints ascii control chars in john --show ?
It just prints them. A tab is printed as a tab, an \x07 might ring a bell. It's normally not an issue since no-one has them in real passwords.
Based on Frank's and Magnum's feedback I'm moving this task to a later milestone.
The way this should be handled, is to provide means for showing all passwords in hex encoding, via a checkbox or right click context menu.