How To Install John The Ripper on a Mac

How To Install JTR on a Mac.

John The Ripper is a cracking password program, also known as JTR or john.
John The Ripper is not for the beginner, and does NOT crack WPA (alone) (by itself) (solely)***
You must be able to use Terminal, there is no GUI.  Read the Terminal notes at the end
This is a pre-compiled install. If you wish to install from scratch, you'll need Xcode.

This Pre-compiled install is not the best ~per se~, by default John The Ripper is "Single Core"on this version, and does not always includes the latest patches.
See the benchmark at the end for other build:  32bit Vs 64bit.

How to install John The Ripper on a Mac,  Pre-compiled version

Update #1 
As everybody, I don't read the whole page.... bummer,  buried in the last lines, there is a direct link ...
So you can download JTR the easy way ....
http://download.openwall.net/pub/projects/john/contrib/macosx/
please bear in mind that I still highly suggest to read the (this) page, just skip the manual download part...





Old fashion manual download

Open Terminal

In Terminal, Type

ftp ftp.openwall.com

 

 

The result should be:  
Connected to ftp.openwall.com. 220 ftp.openwall.com - hosted by DataForce ISP - http://www.openwall.com/DF/ Name (ftp.openwall.com:"User Name"):

Type "anonymous" for login

anonymous

RE-Type "anonymous" for password

anonymous

Once logged in, Type the following

cd pub

cd projects

cd john

cd contrib

cd macosx

Or because you are smart, just copy and paste

cd pub/projects/john/contrib/macosx

Then make a dir for the listing

dir

You should see a listing with a line named something like:
Dec 12  2010 john-1.7.6-jumbo-9-macosx-universal-1.zip

Use the get command along with the name of the file. hint: copy-paste again.

Get john-1.7.6-jumbo-9-macosx-universal-1.zip

The download will start shortly

Opening BINARY mode data connection for john-1.7.6-jumbo-9-macosx-universal-1.zip (2120620 bytes).
100% |**|  2070 KiB  507.22 KiB/s    00:00 ETA
226 Transfer complete.
2120620 bytes received in 00:04 (487.87 KiB/s)


Exit the FTP by typing:

exit

 
The file is now located in the root folder of your Mac , i.e Macintosh HD
Go there and unzip the file.
For the Sake of clarity, rename the folder to john, JTR, or whatever fits you:
Typing "cd /john-1.7.6-jumbo-9-macosx-universal-1/run" is longer than "cd /jtr/run"

Type cd "with your path"

cd /john/run

Or
If you really like to complicate your life:  Use a long name, in a distant folder with spaces, preferably.  Piping directly into Aircrack-ng is also possible.***

Cd /Volumes/Mr\ Blue/Cracking\ Soft/john-1.7.6\ jumbo\ 9\ macosx\ universal\ 1/run | ./john --test

Test john The Ripper with the benchmark

./john --test

For the manual, how to use it, etc  

./john

***
You can pipe an output of JTR into Aircrack,   See --stdout and/or --incremental on the JTR wiki 

Benchmark
This Benchmark was done using the same 2.5 GHz Dual Core, using 3 different build of John The Ripper, each time Single/Dual Core mode , the test was 5 sec for a Raw SHA1 hash . 

./john --test=5      5 sec for each benchmark instead of the 1 sec default value

JTR OSX Build Single Core
Benchmarking: dynamic_26: sha1($p) raw-sha1 [4x2]... DONE
Raw:    8226K c/s real, 8411K c/s virtual

JTR 32 bit SSE2  Single Core
Benchmarking: dynamic_26: sha1($p) raw-sha1 [4x1]... DONE
Raw:    8285K c/s real, 8285K c/s virtual

JTR 64 bit  Single Core
Benchmarking: dynamic_26: sha1($p) raw-sha1 [4x1]... DONE
Raw:    7500K c/s real, 7500K c/s virtual

JTR 32 bit SSE2  Dual Core
Benchmarking: dynamic_26: sha1($p) raw-sha1 [4x1]... (2xMPI) DONE
Raw:    16312K c/s real, 16510K c/s virtual

JTR 64 bit  Dual Core
Benchmarking: dynamic_26: sha1($p) raw-sha1 [4x1]... (2xMPI) DONE
Raw:    14468K c/s real, 14916K c/s virtual

The 32 bit version is faster on that case, on Raw Sha-1 because of the SSE2, this is not the case with all Hashes.  

Notes  

Cracking Speed
The Cracking speed will highly depend on the quality of your Wordlist, the default file password.lst located in  ./John/run is not the best. By far...   You might want to try one of those Wordlists
Check also the --rules option
Of course, having a multi-core build (x2, x4, etc) will greatly help

Terminal Notes
The FTP has a short timeout:  Don't go away for too long or you'll be kicked out and will have to restart from scratch.   If you are kicked out too many times, you'll end up blacklisted for few hours.
You must be logged as "anonymous"
If your path is a bit long, rename the directory.   You can always drag the files into Terminal, that will save some typing.  

 John The Ripper Best Practices
- As you type the path and names, avoid long and complex names for files and directories
- Place your files either in ~/Run or on the Desktop
-  You can always drag and drop the files into Terminal, that will save some typing.  (it's a repeat, just in case you've missed it)

- Create a Session, if you need to stop the cracking, you can always re-start where you left, and not from scratch... 

 1)  Create a Session and give it a NAME, example "Likedin" and indicate the file containing the Hashes to be cracked.  -With- Path if necessary.  "crackme.txt" being the file containing the hashes to be cracked

./john --session=Likedin crackme.txt

- If you press a key while JtR is working, you'll see the progress, as: 

guesses: 0  time: 0:00:00:01 2.59% (ETA: Wed Jun 13 16:40:27 2012)  c/s: 197606K  trying: B62608 - BABARO6
ETA is the ESTIMATED time of arrival 
c/s: "The values displayed by John mean combinations (of username and password) per second, not crypts per second. This is the effective cracking speed that you get on a particular set of password hashes"   www.openwall.com
here: 197,606,000

John The Ripper Tutorial and Quick Tips



John The Ripper Known Bugs

Crash Recovery File is Locked

When quitting John or interrupting a session, use CTRL-C and NOT CTRL-Z
Using CTRL-Z will leave a process running.  If you have multiple process running you'll get this error.  You can kill / check those processes in Activity Monitor. 
 

***
You can pipe an output of JTR into Aircrack,   See --stdout and/or --incremental on the JTR wiki   



Manual
John the Ripper password cracker, version 1.7.6-omp-des-jumbo-9
Copyright (c) 1996-2010 by Solar Designer and others
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--config=FILE              use FILE instead of john.conf or john.ini
--single[=SECTION]         "single crack" mode
--wordlist=FILE --stdin    wordlist mode, read words from FILE or stdin
--rules[=SECTION]          enable word mangling rules for wordlist mode
--incremental[=MODE]       "incremental" mode [using section MODE]
--markov[=LEVEL[:START:END[:MAXLEN]]] "Markov" mode (see documentation)
--external=MODE            external mode or word filter
--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
--restore[=NAME]           restore an interrupted session [called NAME]
--session=NAME             give a new session the NAME
--status[=NAME]            print status of a session [called NAME]
--make-charset=FILE        make a charset, FILE will be overwritten
--show[=LEFT]              show cracked passwords [if =LEFT, then uncracked]
--test[=TIME]              run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
--salt-list=SALT[,SALT,..] load just the specified salt(s)
--salts=[-]COUNT[:MAX]     load salts with[out] at least COUNT passwords only
                           (or in range of COUNT to MAX)
--pot=NAME                 pot file to use
--format=NAME              force hash type NAME:
                           DES/BSDI/MD5/BF/AFS/LM/NT/XSHA/PO/raw-MD5/MD5-gen/
                           IPB2/raw-sha1/md5a/hmac-md5/phpass-md5/KRB5/bfegg/
                           nsldap/ssha/openssha/oracle/oracle11/MYSQL/
                           mysql-sha1/mscash/lotus5/DOMINOSEC/
                           NETLM/NETNTLM/NETLMv2/NETNTLMv2/NETHALFLM/MSCHAPv2/
                           mssql/mssql05/epi/phps/mysql-fast/pix-md5/sapG/
                           sapB/md5ns/HDAA/raw-md4/md4-gen/sha1-gen
--subformat=NAME           Some formats such as MD5-gen have subformats
                           (like md5_gen(0), md5_gen(7), etc).
                           This allows them to be specified.
                           If the name is LIST, then john will show all
                           subformats (help mode), and exit
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3
--mem-file-size=SIZE       max size a wordlist file will preload into memory
                           (default 5,000,000 bytes)
--field-separator-char=c   Use 'c' instead of the ':' for processing fields
                           (input file, pot file, etc)
--fix-state-delay=N        only determine the wordlist offset every N times
                           It is a performance gain to delay a while
                           (say 100 loops for a fast algorithm).
                           For slow algorithms it should not be used   



.