2013 was a good year for the Kasper project. Of the multiple types of StuffIt archives that exist, I’m able to confidently say that in 2013 StuffIt 5 archives are now able to always have at least a compatible password located, if not the original password used.
The Kasper perl scripts were converted to a Windows compiled console application. This sped up the process considerably – where an exhaustive search of every 4-character password would take 15 minutes before, it now takes a little over 2 minutes.
In addition, the scripts required hardcoding the hash values you wished to locate in the source code of the script. With the console application, this can now be sent to the software on the command line.
At this speed, along with being able to run on as many cores as you can provide, password or password collisions for any archive (or hash) sent to me was successfully broken in 2013. Please continue to email me your archives, or for privacy’s sake the hash, if you have a StuffIt 5-era file.
Now, of course, this does not assist in StuffIt 4 or StuffIt X files. I don’t think 2014 will bring any easy way to get into these files. However, I am redoubling my efforts in StuffIt X.
The only way to attack StuffIt 4 or StuffIt X files are brute force attempts via the console applications provided by the StuffIt software. I’ve been informed that the latest version Stuffit 15 for the Mac no longer includes the command line unstuff application. You will need to source at the highest version 15.0.2 of the software to acquire these tools. StuffIt for Windows apparently is stuck at version 14, but still contains the console unstuff software.
Research into StuffIt 4 archives confirmed that StuffIt 4 archives apparently not supported by the Windows version of StuffIt- this makes sense given the use of the Resource and Data fork concepts from the Macintosh. This means that the console app cannot be used to be brute forced for StuffIt 4.
StuffIt 4 archives therefore are most vulnerable on the Mac. However, the application I use to generate passwords- maskprocessor – does not have a PowerPC version of their app, only Intel. My test Mac is a Titanium PowerBook G4 that dual boots Mac OS 9.2.2 and Mac OS X 10.5.8 – meaning I cannot test the scripts as much as I would like.
Therefore I will be focusing on StuffIt X files via the Windows command line application. So where do we stand on that front then? Considerably slower than the compiled version of Kasper, but more elegant than the initial release of the script version of Kasper years ago.
I’ve decided to see how to go about getting the StuffIt SDK working. I imagine it will carry a price, probably large enough to kill the chances of me using it.
Here’s hoping. Let’s hope for a good 2014! Keep emailing me and we’ll keep working on this challenge!