This can be described as an attack type suitable for mobile phone hash cracking. The attack name is 'borrowed' from the Nokia mobile phone security type. Method is to use hash cracking tools to extract code from Nokia phone hash developed by security researcher Chris on gsm scene known as bphreaks.
If you want to fully understand how it works you need to read and fully understand the following articles:
oclHashcat-lite64 -m 1900 -n 80 -1 00010203040506070809 --outfile=out.txt 21B1E417AF2DE6496772BCC2FE33D2593A9BB7A0:003515230478373400 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
NOTE: The linux command is exactly the same.
I will now explain the parameters so you know what you are doing:
SL3 always uses the same algorithm and data. Because of that it's always a known max time till exhaust. For example for 2xHD6990 clocked to 880Mhz max time to finish all of the 100% available key-space will be ~1 day 11 hours. Because we have fixed hash data and fixed salt all calculation speeds depend only on our hardware, no brains involved :)
To attack a few hashes one after another we create bash (on Linux) or batch (on Windows) files. These files are intended to run commands line by line.
export DISPLAY=:0 export LD_LIBRARY_PATH=$HOME/AMD-APP-SDK-v2.4-lnx64/lib/x86_64 ./oclHashcat-lite64.bin -m 1900 -n 800 -1 00010203040506070809 --outfile=351514044968571.txt --session=35151404496857_1 514D1FCDE9231B61DAD191F7BC7675B87D8628B5:003515140449685700 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 ./oclHashcat-lite64.bin -m 1900 -n 800 -1 00010203040506070809 --outfile=355933045509554.txt --session=35593304550955_1 B928680D8D7B1242BEBC8B7AC24FF2B90198E213:003559330455095500 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
Commands explained: tbd,
Very important parameter here is --session as it creates different restore files for each session, we have no risk of losing earlier restore files because of problems like overheating.
tbd, explain simple batch files and why they can cause problems.
There is a big and important difference in the word “salt” regarding how SL3 describes it and how the hash-cracking community defines it.
Since hashcat is a product of the hash-cracking scene we are using our wording.
The hashcracking scene defines a salt as some data (usually a random string or the username) which is mixed together with the plaintext password while calculating the hash. How this mixing is done in detail differs on the algorithm implementation.
The salt value is stored together with the hash value. Each hash value hash its own salt value. This makes salts a very efficient solution to avoid multihash cracking and precomputing hash tables.
From the hashcat view on SL3 cracking, the “salt” is only the 14 digit IMEI number (plus the static prepending and appending zero values).
The SL3 scene defines a salt as the last four (hex) digits of the plaintext password (the mastercode). The IMEI is just the IMEI.
A graphical view on this detail:
tbd, explain --restore and --session and what can go wrong in combination with queue's
tbd, explain the true random mastercode generator
If you want an easy-to-use-one-click solution: buy one.
The following commercial SL3 unlocking solutions/products that integrate oclHashcat-lite as cracking engine:
GUI Interfaces / Distributed setup software: