Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X

Reply
 
Thread Tools Search this Thread Display Modes
Old Oct 15, 2006, 06:53 PM   #1
f1davis
macrumors newbie
 
Join Date: Oct 2006
password protected files... I forgot the password

so I set up a password protected file and I cannot remember the password... OOPS!!!! Is there anyway to retrieve the information safely locked away in this file without the password or is it lost forever?

HELP!!!! PLEASE!

Thanks
f1davis is offline   0 Reply With Quote
Old Oct 15, 2006, 07:04 PM   #2
nakedguy
macrumors member
 
Join Date: Sep 2006
Well... I guess you just lost that files.
__________________
MacBook & iPod nano
nakedguy is offline   0 Reply With Quote
Old Oct 15, 2006, 07:07 PM   #3
xUKHCx
Administrator emeritus
 
xUKHCx's Avatar
 
Join Date: Jan 2006
Location: The Kop
when you first created it there "might" have been an option to save the password in the key chain, go and have a poke around in there.
xUKHCx is offline   0 Reply With Quote
Old Oct 15, 2006, 07:11 PM   #4
Rickay726
macrumors 6502
 
Join Date: Dec 2005
Location: New Jersey
Send a message via AIM to Rickay726
ahha that stinks, should have wrote it down and hid it espically becasue there i no way of retreving that information
__________________
Tell it to my Canon.
Rickay726 is offline   0 Reply With Quote
Old Oct 16, 2006, 12:39 AM   #5
simie
macrumors 6502a
 
simie's Avatar
 
Join Date: Aug 2004
Location: Sitting
What type of file is it?
__________________
Paul Rigby
Illustrator and commercial artist ~ visit his website
simie is offline   0 Reply With Quote
Old Oct 16, 2006, 12:40 AM   #6
Nermal
Moderator
 
Nermal's Avatar
 
Join Date: Dec 2002
Location: Whakatane, New Zealand
And furthermore, how did you protect it?
Nermal is offline   0 Reply With Quote
Old Oct 16, 2006, 10:45 AM   #7
f1davis
Thread Starter
macrumors newbie
 
Join Date: Oct 2006
file type

Quote:
Originally Posted by simie
What type of file is it?
The file is a .dmg Pretty much everything I am reading says it is just about impossible to retrieve the info without the password. But I thought wouldn't hurt to throw it out here to see if anyone knew of a way.

Let me know if there is any way.

Thanks!!!
f1davis is offline   0 Reply With Quote
Old Oct 16, 2006, 10:48 AM   #8
someguy
macrumors 68020
 
someguy's Avatar
 
Join Date: Dec 2005
Location: Still here.
If the software you used was worth the time it took to download it, you're probably screwed. Not being able to access that information without the password is kind of the whole idea of password protecting data...
__________________

someguy is offline   0 Reply With Quote
Old Oct 16, 2006, 11:20 AM   #9
Revlimit Punk
macrumors regular
 
Join Date: Jan 2006
Location: Italy
Send a message via ICQ to Revlimit Punk Send a message via AIM to Revlimit Punk Send a message via MSN to Revlimit Punk Send a message via Skype™ to Revlimit Punk
If you are referring to the mac os x built-in .dmg file encryption, there is no way to get your data back without the password.
Revlimit Punk is offline   0 Reply With Quote
Old Oct 16, 2006, 11:22 AM   #10
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
As noted...

Being able to retrieve your password, pretty much defeats the point of an encrypted/password protected disk image.

Perhaps if you had 149 trillion years, you could crack the 128-bit AES and get your files back.
yellow is offline   0 Reply With Quote
Old Oct 17, 2006, 09:43 PM   #11
SC68Cal
macrumors 68000
 
Join Date: Feb 2006
was it an actual word that you used to create the password? or was it a string of letters and numbers.

You can probably use a dictionary attack and crack it open.
SC68Cal is offline   0 Reply With Quote
Old Oct 18, 2006, 09:34 AM   #12
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
Quote:
Originally Posted by SC68Cal
You can probably use a dictionary attack and crack it open.
No, you can't.
yellow is offline   0 Reply With Quote
Old Oct 18, 2006, 02:02 PM   #13
tag
macrumors 6502a
 
tag's Avatar
 
Join Date: Apr 2005
Location: PA, US
Quote:
Originally Posted by SC68Cal
was it an actual word that you used to create the password? or was it a string of letters and numbers.

You can probably use a dictionary attack and crack it open.

I'm not going to get into if it's worth while to try to dictionary attack a .dmg, but it is quite possible, and actually it is far more viable than doing a brute force(which face it, is pointless as stated prior). It's especially more realistic if you say know an average password length that your passwords usually are (say you usually use 6 character passwords, you can use a wordlist of just 6 letter words). Though this method would be nullified if you say mix words and numbers at random, or even just add random numbers behind simple words. Also remember these passwords are case sensitive, so if you always use lowercase passwords, there is another piece to narrow down the list.

So basically if you generally use set length lowercase/uppercase/proper capitalized words only, then a dictionary attack would be a good possibility to try. Though if you normally use passwords that are like 8-16 numbers long with random capitalization and numbers (ie. a32xZED3w), well bruteforce would be your only option, and as stated, isn't actually an option.


Metafilter had a Q&A on the subject a bit back, which showed a simple script could dictionary attack a .dmg file (Note if you do some searching there are a few apps that also automate this process, though this script is quite an easy and simple way to do it). Now yes this can take a while if you have a huge wordlist, but hey, leave it for a week or some, and hey you might just have your password (or hey, maybe less if its a real simple password). Remember the more you can narrow down your wordlist(which you would most likely do based upon your other passwords), the better the chances are at a quick recovery.

The metafilter page isn't coming up for some reason (site seems to be down), but the google cache is.

It is actually pretty basic, finding a good wordlist is up to you though. I did test this script out with a wordlist that I already had and I have to say this script does work, though for practicalness I created a .dmg with a password that wasn't too far down on my wordlist and so it easily opened the .dmg in a minute or so. Doing it to an unknown password will take much longer.
tag is offline   0 Reply With Quote
Old Oct 19, 2006, 09:52 AM   #14
SC68Cal
macrumors 68000
 
Join Date: Feb 2006
John the Ripper is a fairly good password cracker. I'm just not to well informed on how to use it properly to attack a .DMG file. Hell, I was proud that I compiled it into an executable properly.

EDIT:
Original Poster,

Use a program called MacKrack. That should do the job for you.

Last edited by SC68Cal; Oct 19, 2006 at 10:02 AM.
SC68Cal is offline   0 Reply With Quote
Old Oct 19, 2006, 10:03 AM   #15
SC68Cal
macrumors 68000
 
Join Date: Feb 2006
Quote:
Originally Posted by yellow
No, you can't.
I just did it two minutes ago on an AES-128 test image. Weak password to generate the hash, cracked in like less than a minute. You don't know jack.
SC68Cal is offline   0 Reply With Quote
Old Oct 19, 2006, 11:04 AM   #16
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
Quote:
Originally Posted by SC68Cal
I just did it two minutes ago on an AES-128 test image. Weak password to generate the hash, cracked in like less than a minute. You don't know jack.
Alrighty.. apparently I was wrong, sue me, technically you can dick a .dmg.

But I'm curious, how WEAK a password did you use?

Because it's still thrashing on the password "weak" and it's been 23 minutes. Maybe I'll try a 2 character password.
yellow is offline   0 Reply With Quote
Old Oct 19, 2006, 11:16 AM   #17
mdntcallr
macrumors 65816
 
mdntcallr's Avatar
 
Join Date: Aug 2000
Location: Los Angeles, CA
i'd love to see if this gets solved.
__________________
"Bite my Shiny Metal Ass!" Bender (Futurama)
mdntcallr is offline   0 Reply With Quote
Old Oct 19, 2006, 11:44 AM   #18
SC68Cal
macrumors 68000
 
Join Date: Feb 2006
Quote:
Originally Posted by yellow
Alrighty.. apparently I was wrong, sue me, technically you can dick a .dmg.

But I'm curious, how WEAK a password did you use?

Because it's still thrashing on the password "weak" and it's been 23 minutes. Maybe I'll try a 2 character password.
I just made a .dmg, created the password hash using "test" on my Macbook Pro and it cracked that thing in about a minute. Granted, it's a pretty terrible "real-world" test. But let's face it. Your average computer user has about enough self-sufficiency to wipe their own butt.

What hardware are you using? That could be the difference between my times and yours

EDIT: Also, sorry for being so snappy. I was in MacroEconomics. That class always brings the worst out in me.
SC68Cal is offline   0 Reply With Quote
Old Oct 19, 2006, 11:51 AM   #19
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
I've had MacKrack chugging away at a .DMG with the password "on" since 12:04PM (EST) and it STILL hasn't broken it. This is one a 2GHz Core Duo MBP with an assload of RAM. I'm not sure if this is taking longer (or failing) because I grabbed a much larger dictionary or what.

The other one (dual 1.25GHz G4 MDD / assload RAM) is STILL working on "weak", though it says '4m' to completion.. we'll see.

I'm going to try some alternate attempts to crack a .DMG here shortly.

Either way, thanks for pointing out that app. I've been using john up until this point.

EDIT: screw it, it's been nearly 70 minutes and it couldn't break "weak".
EDIT2: Well, it took 8 minutes to brute "off" (non-dictionary attack), when I told it specifically that there was only alphabetics and only 3 characters. So at least I see it's possible with this app. Now to continue to see how practical.

Last edited by yellow; Oct 19, 2006 at 12:19 PM.
yellow is offline   0 Reply With Quote
Old Oct 19, 2006, 03:34 PM   #20
SC68Cal
macrumors 68000
 
Join Date: Feb 2006
Did you load the dictionary? You might be bruteforcing
SC68Cal is offline   0 Reply With Quote
Old Oct 19, 2006, 03:45 PM   #21
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
Yes, I loaded the dictionary.

Basically the dictionary attacks failed every time I tried it. The only time a brute worked was when I basically told it there were only 729 combinations the password could be, and it still took 8 minutes.

For security purposes, provided a person follows some basic "good" password guidelines, there's little chance a brute force attack of any sort will work on a .DMG.

I'm still not convinced that a dictionary attack will work on a .DMG but I'm continuing to try.
yellow is offline   0 Reply With Quote
Old Oct 19, 2006, 04:26 PM   #22
SC68Cal
macrumors 68000
 
Join Date: Feb 2006
I got similar results actually when I made a DMG with the word "weak"

I suspect that the dictionary provided with MacKrack is not the most comprehensive....

Wish there was a way to tie in the dictionary that is part of OS X into MacKrack.
SC68Cal is offline   0 Reply With Quote
Old Oct 19, 2006, 04:30 PM   #23
someguy
macrumors 68020
 
someguy's Avatar
 
Join Date: Dec 2005
Location: Still here.
I joined the experiment just for fun.

MacKrack is working on cracking open my personal .DMG file.

The password is a date in "mm-dd-yy" format w/o quotations.

I'm using the keyspace method, alphanumeric, with "-" in the Other Characters field.

I'll let you guys know if it ever works.


EDIT: I've also given it the exact number of characters in the password, as well as removed all Other Characters besides the dash. Only 14,325 days to go!
__________________

someguy is offline   0 Reply With Quote
Old Oct 20, 2006, 10:00 AM   #24
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
Quote:
Originally Posted by SC68Cal
I suspect that the dictionary provided with MacKrack is not the most comprehensive....

Wish there was a way to tie in the dictionary that is part of OS X into MacKrack.
There isn't because it's not a plain text dictionary.. however I pulled a plain text dictionary off the web for my testing above.
yellow is offline   0 Reply With Quote
Old Sep 10, 2009, 08:49 PM   #25
rhett7660
macrumors 604
 
rhett7660's Avatar
 
Join Date: Jan 2008
Location: Sunny, Southern California
**EDIT**

I was able to get it... Thank god, and I would of never remembered it either. 20 letter/number/symbol password too!
__________________
"It's quite an experience to hold the hand of someone as they move from living to dead."
"Times are looking grim these days, holding on to everything, it's hard to draw the line"

Last edited by rhett7660; Sep 10, 2009 at 08:55 PM.
rhett7660 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Password Protected Disk Image Isn't Requiring Password jason.siegel OS X Mavericks (10.9) 1 Jan 9, 2014 04:18 PM
Password Protected Partition Doesn't Prompt for Password tesla735 MacBook Air 1 Dec 23, 2013 12:16 PM
I forgot my password Noursidani iPhone 3 Sep 8, 2013 11:44 AM
Password protected dmg file-Forgotten password! fedexed OS X 1 Apr 21, 2013 06:21 PM
how to change email password in iPhone when i forgot password that i registered with? 1madapple iPhone 2 Nov 3, 2012 11:08 PM

Forum Jump

All times are GMT -5. The time now is 09:05 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC