The highest form of ignorance is when you reject something you don't know anything about.

Wayne Dyer (b 1940)

How to Crack a .DMG (Encrypted DMG file)

John The Ripper :  Cracking a .DMG











Let's cut to the chase right now: 
Cracking encrypted disk image, AKA DMG is feasible, but, and there are many buts, is extremely, extremely time consuming. 
If you do not remember at all the password, or if you attempt to crack in "blind mode", you will probably need to teach your kids how to do it: By the time you'll have a fighting chance, you'll be long dead. 

Step 1:   Write down everything you can remember about the forgotten password, i.e what you could have used, and what you are sure not to have used, i.e. never used a space or a "@" sign. 

Step 1a:   If you remember enough of your password, or if you are just missing trailing numbers  i.e  Mypassword???? >> MyPassword1234  and do not remember if it's 1234 or 4321, or 9999,  Just use CrowbarDMG and a Wordlist. 

For good Wordlists, go here!  

If you need to create a specific wordlist (because you remember what you may have used and, most importantly, what you may have not used, go here and look for Wordlists On Demand)  

Warning!: CrowbarDMG is slow!
CrowbarDMG is basically a GUI for the hdiutil command
 
ETA for trying 9999 passwords:  About 3 hrs 
                      99,999 passwords:  About 30 hrs
                      999,999 passwords:  About 300 hrs   Or 12 days ....
 
Step 2: Do you know how to compile and use John The Ripper?  I mean "use it!  including editing Rules, etc? 

 -->  No?    Proceed here.  Read carefully. Pause. Repeat.

 -->  Yes!   Ok, Sure?  

1)  Download JTR, version Bleeding Jumbo by Magnum
As of Aug 2013, it's here otherwise here

2)  Compile.  Don't forget to edit the Makefile and John.conf. Check for CUDA and OMP/MPI RUN.  Creating a new Charset?  that could be wise...

3)  Run dmg2John.py to extract the hash
  python [path to file ]dmg2john.py  [path to file] myfile.dmg > dmg.txt

4)  Edit/Create your rules as needed 

5)   ./ John etc         (Run Baby, run ....) 

6)   There is always Hashcat (Win/Lin)

7)  Because most you have seen, in movies, Hackers cracking an AES within minutes, you'll try without thinking too much about it. 
It's going to leave you with a lot of time to read .... 
Enjoy ... 

8)  Without going into too much details, the use of GPU assisted is highly recommended.  If you have one of those ones, you'll most likely increase your speed by a factor of 1000, sometimes 10,000 times faster.   

☞  How big is 2^{128}? 

☞  Password Cracking AES-256 DMGs and Epic Self-Pwnage
     (The Keyword here is: 25 GPU)

☞  "If you have thought about a new cracking method, It's probably already in JtR"
(Matt Weir) (Quoted liberally)

☞  "I don't care if the NSA teams up with the KGB, a full random 15Ch long  AES is practically unbreakable in a lifetime. 
(Matt Weir, Quoted Very Liberally, From circa 2009)

EPAG:   Empirical Poke-Around Graph
Markov Probabilities