aes128 brute-force w/mask using half sha256
#1
Hello all,

I wish to try a brute-force/mask attack to recover a 128 bit aes key.

I have the following:
-*Only* the first half of the target key's sha256.
-A good portion of the target key itself:
CCCC CCCC xxxx xxCC
C=known
x=unknown

I suspect using a half-sha256 might be the biggest issue. But even if the option is not available, it seems like a only minor source code adjustment would be needed to do a half-comparison for sha256. I've looked for the applicable code but can't seem to find it.

Also, here is the command that I'm using (testing with full sha256) just in case there's something can be improved with that too.
hashcat32.exe --force --hex-charset -a 3 -m 1400 hash.txt "3CB8230A0000000000000000?H?H?H?H?H?H?H?H?H?H?H?H7C31" -O
(not getting much GPU acceleration for some reason) - about 6700 kH/s
I suspect I need to use binary chars for the hex input but "0x34 0x86 ..." etc. doesn't work correctly.
#2
Long constant strings within the mask (especially at the beginning of the mask) are always bad for the performance.

You could try to use different attack modes, like -a 6:
Code:
hashcat -m 1400 -a 6 -w 3 -O --hex-charset hash.txt dict.txt "?b?b?b?b?b?b7c31"

where dict.txt contains this (the prefix):
$HEX[3cb8230a00000000]
#3
If you only have half a SHA256 hash I think you would need to edit the m01400* files (SHA256) to do something similar as the m05100* files (Half MD5) on https://github.com/hashcat/hashcat/tree/master/OpenCL.
#4
(01-09-2018, 02:42 PM)philsmd Wrote: Long constant strings within the mask (especially at the beginning of the mask) are always bad for the performance.

You could try to use different attack modes, like -a 6:
Code:
hashcat -m 1400 -a 6 -w 3 -O --hex-charset hash.txt dict.txt "?b?b?b?b?b?b7c31"

where dict.txt contains this (the prefix):
$HEX[3cb8230a00000000]
That method actually reduced speed to about 2 Kh/s. I'm getting about 35 Mh/s with my best PC with the command I posted above, which I can live with.

It was worth a try, thanks.
(01-09-2018, 03:22 PM)DanielG Wrote: If you only have half a SHA256 hash I think you would need to edit the m01400* files (SHA256) to do something similar as the m05100* files (Half MD5) on https://github.com/hashcat/hashcat/tree/master/OpenCL.
I looked in that area and couldn't see anything resembling a hash/sha256digest comparison.
Guess I'll have to keep looking. I have a feeling the comparison might not even be in the OpenCL code.