Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
password protected files... I forgot the password
- Thread starter f1davis
- Start date
- Sort by reaction score
ahha that stinks, should have wrote it down and hid it espically becasue there i no way of retreving that information
file type
The file is a .dmg Pretty much everything I am reading says it is just about impossible to retrieve the info without the password. But I thought wouldn't hurt to throw it out here to see if anyone knew of a way.
Let me know if there is any way.
Thanks!!!
simie said:
The file is a .dmg Pretty much everything I am reading says it is just about impossible to retrieve the info without the password. But I thought wouldn't hurt to throw it out here to see if anyone knew of a way.
Let me know if there is any way.
Thanks!!!
If the software you used was worth the time it took to download it, you're probably screwed. Not being able to access that information without the password is kind of the whole idea of password protecting data...
If you are referring to the mac os x built-in .dmg file encryption, there is no way to get your data back without the password.
As noted...
Being able to retrieve your password, pretty much defeats the point of an encrypted/password protected disk image.
Perhaps if you had 149 trillion years, you could crack the 128-bit AES and get your files back.
Being able to retrieve your password, pretty much defeats the point of an encrypted/password protected disk image.
Perhaps if you had 149 trillion years, you could crack the 128-bit AES and get your files back.
SC68Cal said:
I'm not going to get into if it's worth while to try to dictionary attack a .dmg, but it is quite possible, and actually it is far more viable than doing a brute force(which face it, is pointless as stated prior). It's especially more realistic if you say know an average password length that your passwords usually are (say you usually use 6 character passwords, you can use a wordlist of just 6 letter words). Though this method would be nullified if you say mix words and numbers at random, or even just add random numbers behind simple words. Also remember these passwords are case sensitive, so if you always use lowercase passwords, there is another piece to narrow down the list.
So basically if you generally use set length lowercase/uppercase/proper capitalized words only, then a dictionary attack would be a good possibility to try. Though if you normally use passwords that are like 8-16 numbers long with random capitalization and numbers (ie. a32xZED3w), well bruteforce would be your only option, and as stated, isn't actually an option.
Metafilter had a Q&A on the subject a bit back, which showed a simple script could dictionary attack a .dmg file (Note if you do some searching there are a few apps that also automate this process, though this script is quite an easy and simple way to do it). Now yes this can take a while if you have a huge wordlist, but hey, leave it for a week or some, and hey you might just have your password (or hey, maybe less if its a real simple password). Remember the more you can narrow down your wordlist(which you would most likely do based upon your other passwords), the better the chances are at a quick recovery.
The metafilter page isn't coming up for some reason (site seems to be down), but the google cache is.
It is actually pretty basic, finding a good wordlist is up to you though. I did test this script out with a wordlist that I already had and I have to say this script does work, though for practicalness I created a .dmg with a password that wasn't too far down on my wordlist and so it easily opened the .dmg in a minute or so. Doing it to an unknown password will take much longer.
John the Ripper is a fairly good password cracker. I'm just not to well informed on how to use it properly to attack a .DMG file. Hell, I was proud that I compiled it into an executable properly.
EDIT:
Original Poster,
Use a program called MacKrack. That should do the job for you.
EDIT:
Original Poster,
Use a program called MacKrack. That should do the job for you.
SC68Cal said:
Alrighty.. apparently I was wrong, sue me, technically you can dick a .dmg.
But I'm curious, how WEAK a password did you use?
Because it's still thrashing on the password "weak" and it's been 23 minutes. Maybe I'll try a 2 character password.
yellow said:Alrighty.. apparently I was wrong, sue me, technically you can dick a .dmg.
But I'm curious, how WEAK a password did you use?
Because it's still thrashing on the password "weak" and it's been 23 minutes. Maybe I'll try a 2 character password.
I just made a .dmg, created the password hash using "test" on my Macbook Pro and it cracked that thing in about a minute. Granted, it's a pretty terrible "real-world" test. But let's face it. Your average computer user has about enough self-sufficiency to wipe their own butt.
What hardware are you using? That could be the difference between my times and yours
EDIT: Also, sorry for being so snappy. I was in MacroEconomics. That class always brings the worst out in me.
I've had MacKrack chugging away at a .DMG with the password "on" since 12:04PM (EST) and it STILL hasn't broken it. This is one a 2GHz Core Duo MBP with an assload of RAM. I'm not sure if this is taking longer (or failing) because I grabbed a much larger dictionary or what.
The other one (dual 1.25GHz G4 MDD / assload RAM) is STILL working on "weak", though it says '4m' to completion.. we'll see.
I'm going to try some alternate attempts to crack a .DMG here shortly.
Either way, thanks for pointing out that app. I've been using john up until this point.
EDIT: screw it, it's been nearly 70 minutes and it couldn't break "weak".
EDIT2: Well, it took 8 minutes to brute "off" (non-dictionary attack), when I told it specifically that there was only alphabetics and only 3 characters. So at least I see it's possible with this app. Now to continue to see how practical.
The other one (dual 1.25GHz G4 MDD / assload RAM) is STILL working on "weak", though it says '4m' to completion.. we'll see.
I'm going to try some alternate attempts to crack a .DMG here shortly.
Either way, thanks for pointing out that app. I've been using john up until this point.
EDIT: screw it, it's been nearly 70 minutes and it couldn't break "weak".
EDIT2: Well, it took 8 minutes to brute "off" (non-dictionary attack), when I told it specifically that there was only alphabetics and only 3 characters. So at least I see it's possible with this app. Now to continue to see how practical.
Yes, I loaded the dictionary.
Basically the dictionary attacks failed every time I tried it. The only time a brute worked was when I basically told it there were only 729 combinations the password could be, and it still took 8 minutes.
For security purposes, provided a person follows some basic "good" password guidelines, there's little chance a brute force attack of any sort will work on a .DMG.
I'm still not convinced that a dictionary attack will work on a .DMG but I'm continuing to try.
Basically the dictionary attacks failed every time I tried it. The only time a brute worked was when I basically told it there were only 729 combinations the password could be, and it still took 8 minutes.
For security purposes, provided a person follows some basic "good" password guidelines, there's little chance a brute force attack of any sort will work on a .DMG.
I'm still not convinced that a dictionary attack will work on a .DMG but I'm continuing to try.
I joined the experiment just for fun.
MacKrack is working on cracking open my personal .DMG file.
The password is a date in "mm-dd-yy" format w/o quotations.
I'm using the keyspace method, alphanumeric, with "-" in the Other Characters field.
I'll let you guys know if it ever works.
EDIT: I've also given it the exact number of characters in the password, as well as removed all Other Characters besides the dash. Only 14,325 days to go!
MacKrack is working on cracking open my personal .DMG file.
The password is a date in "mm-dd-yy" format w/o quotations.
I'm using the keyspace method, alphanumeric, with "-" in the Other Characters field.
I'll let you guys know if it ever works.
EDIT: I've also given it the exact number of characters in the password, as well as removed all Other Characters besides the dash. Only 14,325 days to go!
SC68Cal said:
There isn't because it's not a plain text dictionary.. however I pulled a plain text dictionary off the web for my testing above.
**EDIT**
I was able to get it... Thank god, and I would of never remembered it either. 20 letter/number/symbol password too!
I was able to get it... Thank god, and I would of never remembered it either. 20 letter/number/symbol password too!