05-10-2022, 08:13 PM
As some of you might be aware I've been playing around with the 5268AC trying to determine the default keygen algorithm. In my latest set of experiments I've generated a long list of hashes that would, after taking the modulus and with the appropriate charset, turn into the password.
Based on clues left in the firmware, it seemed possible that the original engineer added a string to the serialnumber before computing the MD5 hash, and using that generate the password. SN+string hence the appropriate mask would e.g. look like 32161N114993?u?u?u?u?u?u?u or the complete command line:
hashcat -m 5100 -w 4 -O sorted_half_hashes.hash -a 3 32161N114993?u?u?u?u?u?u?u
As I've run out of usable options based on my hardware capabilities, I figured instead of appending a suffix, I'd prepend a prefix. e.g.
?u?u?u?u?u?u?u32161N114993 and work through whatever this drunk can find under that streetlight.
... and now the reason for starting this new thread:
The hashrate of the suffix string is 74.7Mh/s while the hashrate of the prefix is 18150MH/s! That's 243 times the hashrate
I thought may be this was a peculiarity of -m 5100 so I did the same for MD5 and SHA1 and about the same result.
The hashrate is orders of magnitude faster when the unknown mask is first followed by a fixed string than vice versa.
Is this a feature or a bug? Is there any way to speed up the 32161N114993?u?u?u?u?u?u?u mask?
(Using hashcat 6.2.5 and windows 10)
Based on clues left in the firmware, it seemed possible that the original engineer added a string to the serialnumber before computing the MD5 hash, and using that generate the password. SN+string hence the appropriate mask would e.g. look like 32161N114993?u?u?u?u?u?u?u or the complete command line:
hashcat -m 5100 -w 4 -O sorted_half_hashes.hash -a 3 32161N114993?u?u?u?u?u?u?u
As I've run out of usable options based on my hardware capabilities, I figured instead of appending a suffix, I'd prepend a prefix. e.g.
?u?u?u?u?u?u?u32161N114993 and work through whatever this drunk can find under that streetlight.
... and now the reason for starting this new thread:
The hashrate of the suffix string is 74.7Mh/s while the hashrate of the prefix is 18150MH/s! That's 243 times the hashrate
I thought may be this was a peculiarity of -m 5100 so I did the same for MD5 and SHA1 and about the same result.
The hashrate is orders of magnitude faster when the unknown mask is first followed by a fixed string than vice versa.
Is this a feature or a bug? Is there any way to speed up the 32161N114993?u?u?u?u?u?u?u mask?
(Using hashcat 6.2.5 and windows 10)