Posts: 6
Threads: 1
Joined: Jul 2020
Hello,
I am trying to crack a 7z archive so I generated a hash file from 7zhashcat64 and got it to processing using the latest hashcat v6.1.1
My first problem is that apparently that hash refuses to run. I used this simple command first to confirm that it works first of all:
hashcat -m 11600 -a 0 --force hash.txt -r rules/best64.rule
Stops after one second. Runing hashcat -11600 -b shows this, basically starts then stops immediately, md5 and other hashes are working:
Code: hashcat -m 11600 -b
hashcat (v6.1.1) starting in benchmark mode...
Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.
OpenCL API (OpenCL 2.1 AMD-APP (3110.7)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: Ellesmere, 4032/4096 MB (3264 MB allocatable), 32MCU
Benchmark relevant options:
===========================
* --optimized-kernel-enable
Hashmode: 11600 - 7-Zip (Iterations: 16384)
Speed.#1.........: 221.2 kH/s (69.94ms) @ Accel:32 Loops:4096 Thr:64 Vec:1
Started: Fri Jul 31 17:07:06 2020
Stopped: Fri Jul 31 17:07:11 2020
This is the result of hashcat -i. I already clean installed the drivers for the AMD video card (RX 570).
Code: hashcat (v6.1.1) starting...
OpenCL Info:
============
OpenCL Platform ID #1
Vendor..: Advanced Micro Devices, Inc.
Name....: AMD Accelerated Parallel Processing
Version.: OpenCL 2.1 AMD-APP (3110.7)
Backend Device ID #1
Type...........: GPU
Vendor.ID......: 1
Vendor.........: Advanced Micro Devices, Inc.
Name...........: Ellesmere
Version........: OpenCL 2.0 AMD-APP (3110.7)
Processor(s)...: 32
Clock..........: 1430
Memory.Total...: 4096 MB (limited to 3264 MB allocatable in one block)
Memory.Free....: 4032 MB
OpenCL.Version.: OpenCL C 2.0
Driver.Version.: 3110.7
Maybe the GPU can't support it and I need to run it CPU only?
My second problem is that I know part of that password, specifically the beginning, I have tried to follow the instructions here but the commands throw various errors. https://hashcat.net/forum/thread-9362-po...l#pid49458
I simply need to brute force a bunch of numbers after the beginning word. Is there a simpler command to do it?
Posts: 2,267
Threads: 16
Joined: Feb 2013
07-31-2020, 04:42 PM
(This post was last modified: 07-31-2020, 04:49 PM by philsmd.)
Why do you use --force in your command line ? That's probably the biggest problem here.
I didn't really understand what error you get. It's normal that a benchmark runs very quickly, it just tests the speed.
Did you use 7z2hashcat to extract the hash ? Did you try to run the example hash from https://hashcat.net/wiki/example_hashes (search for -m 11600)
Just noticed, that your -a 0 command also doesn't specify any word list file. You can't do a dictionary attack without a dictionary. You need to specify a file as a word list:
Code: hashcat -m 11600 -a 0 -w 3 -r rules/best64.rule hash.txt dict.txt
Posts: 6
Threads: 1
Joined: Jul 2020
07-31-2020, 05:23 PM
(This post was last modified: 07-31-2020, 05:27 PM by hitman47.)
(07-31-2020, 04:42 PM)philsmd Wrote: Just noticed, that your -a 0 command also doesn't specify any word list file. You can't do a dictionary attack without a dictionary. You need to specify a file as a word list: The --force argument here didn't change anything if added or not, I also tried -o, but it's not in hardware?
I think I'm doing it a little wrong. What does the dictionary file need to have, does it need to be generated? I was trying to specify a dictionary list with -a 1 to try to combine brute force with the part of the password I already know, but I put into that file, just that very word and numbers from 0 to 9.
Tried the demo hash from 11600 section with the simplest command without specifying a rule or dictionary file, but it still closes right away and doesn't solve it.
I know the beginning of that password. Can I somehow specify the beginning string and then brute force from there? Without a dictionary?
I have close to zero experience with this program so please excuse me in advance 
No matter what I run it says this: "hashcat -m 11600 hash2.txt" runs for a second and ends.
Code: hashcat -m 11600 hash2.txt
hashcat (v6.1.1) starting...
OpenCL API (OpenCL 2.1 AMD-APP (3110.7)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: Ellesmere, 4032/4096 MB (3264 MB allocatable), 32MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
ATTENTION! Pure (unoptimized) backend kernels selected.
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.
If you want to switch to optimized backend kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Temperature abort trigger set to 90c
Initializing backend runtime for device #1...
C:\Users\hitman\Downloads\hashcat-6.1.1>
Posts: 2,267
Threads: 16
Joined: Feb 2013
07-31-2020, 06:28 PM
(This post was last modified: 07-31-2020, 06:30 PM by philsmd.)
there are two problems here, but the main problem is the driver setup problem.
We saw this problem a couple of times in the past where it seems that hashcat crashes on the "Initializing" line, but it was always the driver that had some problem.
I would highly suggest to use this: https://hashcat.net/faq/wrongdriver to cleanly re-install the AMD driver.
In theory, you could later (after cleanly re-installing the driver) test with independent tools like clinfo.exe (just google.it).
The output of clinfo (and error messages or crashes of it) would also proof that it's not really hashcat crashing, but the driver forces the whole process to segfault (without any chance to recover from this "problem" by the hashcat process).
The second problem, is your syntax problem... you can't really use -a 0 (which is the default attack type, so even without specifying -a 0, it defaults to -a 0) without specifying a dictionary file, because: a dictionary attack always works with dictionaries (you could just use example.dict as a dictionary as a test, specify the dictionary after the hash file)
Posts: 6
Threads: 1
Joined: Jul 2020
07-31-2020, 09:29 PM
(This post was last modified: 07-31-2020, 09:31 PM by hitman47.)
(07-31-2020, 06:28 PM)philsmd Wrote: We saw this problem a couple of times in the past where it seems that hashcat crashes on the "Initializing" line, but it was always the driver that had some problem.
I would highly suggest to use this: https://hashcat.net/faq/wrongdriver to cleanly re-install the AMD driver.
In theory, you could later (after cleanly re-installing the driver) test with independent tools like clinfo.exe (just google.it).
The output of clinfo (and error messages or crashes of it) would also proof that it's not really hashcat crashing, but the driver forces the whole process to segfault (without any chance to recover from this "problem" by the hashcat process).
I know, and heard about an earlier report of a similar error in an older version which has been apparently fixed in 6.1.0.
I reinstalled the drivers using DDU. Nothing changed using that particular 11600 hash. The test commands example0.cmd etc all work however, and load the GPU. Many other benchmarks load the GPU just fine, and take about a minute to finish, but the 11600 one takes one second.
The output from clinfo looks like this Code: Number of platforms 1
Platform Name AMD Accelerated Parallel Processing
Platform Vendor Advanced Micro Devices, Inc.
Platform Version OpenCL 2.1 AMD-APP (3110.7)
Platform Profile FULL_PROFILE
Platform Extensions cl_khr_icd cl_khr_d3d10_sharing cl_khr_d3d11_sharing cl_khr_dx9_media_sharing cl_amd_event_callback cl_amd_offline_devices
Platform Host timer resolution 100ns
Platform Extensions function suffix AMD
Platform Name AMD Accelerated Parallel Processing
Number of devices 1
Device Name Ellesmere
Device Vendor Advanced Micro Devices, Inc.
Device Vendor ID 0x1002
Device Version OpenCL 2.0 AMD-APP (3110.7)
Driver Version 3110.7
Device OpenCL C Version OpenCL C 2.0
Device Type GPU
Device Board Name (AMD) Radeon RX 570 Series
Device PCI-e ID (AMD) 0x67df
Device Topology (AMD) PCI-E, 07:00.0
Device Profile FULL_PROFILE
Device Available Yes
Compiler Available Yes
Linker Available Yes
Max compute units 32
SIMD per compute unit (AMD) 4
SIMD width (AMD) 16
SIMD instruction width (AMD) 1
Max clock frequency 1430MHz
Graphics IP (AMD) 8.0
Device Partition (core)
Max number of sub-devices 32
Supported partition types None
Supported affinity domains (n/a)
Max work item dimensions 3
Max work item sizes 1024x1024x1024
Max work group size 256
Preferred work group size (AMD) 256
Max work group size (AMD) 1024
Preferred work group size multiple 64
Wavefront width (AMD) 64
Preferred / native vector sizes
char 4 / 4
short 2 / 2
int 1 / 1
long 1 / 1
half 1 / 1 (cl_khr_fp16)
float 1 / 1
double 1 / 1 (cl_khr_fp64)
Half-precision Floating-point support (cl_khr_fp16)
Denormals No
Infinity and NANs No
Round to nearest No
Round to zero No
Round to infinity No
IEEE754-2008 fused multiply-add No
Support is emulated in software No
Single-precision Floating-point support (core)
Denormals No
Infinity and NANs Yes
Round to nearest Yes
Round to zero Yes
Round to infinity Yes
IEEE754-2008 fused multiply-add Yes
Support is emulated in software No
Correctly-rounded divide and sqrt operations Yes
Double-precision Floating-point support (cl_khr_fp64)
Denormals Yes
Infinity and NANs Yes
Round to nearest Yes
Round to zero Yes
Round to infinity Yes
IEEE754-2008 fused multiply-add Yes
Support is emulated in software No
Address bits 64, Little-Endian
Global memory size 4294967296 (4GiB)
Global free memory (AMD) 4143273 (3.951GiB) 3913128 (3.732GiB)
Global memory channels (AMD) 8
Global memory banks per channel (AMD) 16
Global memory bank width (AMD) 256 bytes
Error Correction support No
Max memory allocation 3422552064 (3.188GiB)
Unified memory for Host and Device No
Shared Virtual Memory (SVM) capabilities (core)
Coarse-grained buffer sharing Yes
Fine-grained buffer sharing Yes
Fine-grained system sharing No
Atomics No
Minimum alignment for any data type 128 bytes
Alignment of base address 2048 bits (256 bytes)
Preferred alignment for atomics
SVM 0 bytes
Global 0 bytes
Local 0 bytes
Max size for global variable 3080296704 (2.869GiB)
Preferred total size of global vars 4294967296 (4GiB)
Global Memory cache type Read/Write
Global Memory cache size 16384 (16KiB)
Global Memory cache line size 64 bytes
Image support Yes
Max number of samplers per kernel 16
Max size for 1D images from buffer 134217728 pixels
Max 1D or 2D image array size 2048 images
Base address alignment for 2D image buffers 256 bytes
Pitch alignment for 2D image buffers 256 pixels
Max 2D image size 16384x16384 pixels
Max 3D image size 2048x2048x2048 pixels
Max number of read image args 128
Max number of write image args 64
Max number of read/write image args 64
Max number of pipe args 16
Max active pipe reservations 16
Max pipe packet size 3422552064 (3.188GiB)
Local memory type Local
Local memory size 32768 (32KiB)
Local memory syze per CU (AMD) 65536 (64KiB)
Local memory banks (AMD) 32
Max number of constant args 8
Max constant buffer size 3422552064 (3.188GiB)
Preferred constant buffer size (AMD) 16384 (16KiB)
Max size of kernel argument 1024
Queue properties (on host)
Out-of-order execution No
Profiling Yes
Queue properties (on device)
Out-of-order execution Yes
Profiling Yes
Preferred size 262144 (256KiB)
Max size 8388608 (8MiB)
Max queues on device 1
Max events on device 1024
Prefer user sync for interop Yes
Profiling timer resolution 1ns
Profiling timer offset since Epoch (AMD) 1596215322214292400ns (Fri Jul 31 20:08:42 2020)
Execution capabilities
Run OpenCL kernels Yes
Run native kernels No
Thread trace supported (AMD) Yes
Number of async queues (AMD) 2
Max real-time compute queues (AMD) 2
Max real-time compute units (AMD) 8
SPIR versions 1.2
printf() buffer size 4194304 (4MiB)
Built-in kernels (n/a)
Device Extensions cl_khr_fp64 cl_amd_fp64 cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_int64_base_atomics cl_khr_int64_extended_atomics cl_khr_3d_image_writes cl_khr_byte_addressable_store cl_khr_fp16 cl_khr_gl_sharing cl_khr_gl_depth_images cl_amd_device_attribute_query cl_amd_vec3 cl_amd_printf cl_amd_media_ops cl_amd_media_ops2 cl_amd_popcnt cl_khr_d3d10_sharing cl_khr_d3d11_sharing cl_khr_dx9_media_sharing cl_khr_image2d_from_buffer cl_khr_spir cl_khr_subgroups cl_khr_gl_event cl_khr_depth_images cl_khr_mipmap_image cl_khr_mipmap_image_writes cl_amd_liquid_flash cl_amd_planar_yuv
NULL platform behavior
clGetPlatformInfo(NULL, CL_PLATFORM_NAME, ...) No platform
clGetDeviceIDs(NULL, CL_DEVICE_TYPE_ALL, ...) No platform
clCreateContext(NULL, ...) [default] No platform
clCreateContext(NULL, ...) [other] Success [AMD]
clCreateContextFromType(NULL, CL_DEVICE_TYPE_DEFAULT) Success (1)
Platform Name AMD Accelerated Parallel Processing
Device Name Ellesmere
clCreateContextFromType(NULL, CL_DEVICE_TYPE_CPU) No devices found in platform
clCreateContextFromType(NULL, CL_DEVICE_TYPE_GPU) Success (1)
Platform Name AMD Accelerated Parallel Processing
Device Name Ellesmere
clCreateContextFromType(NULL, CL_DEVICE_TYPE_ACCELERATOR) No devices found in platform
clCreateContextFromType(NULL, CL_DEVICE_TYPE_CUSTOM) No devices found in platform
clCreateContextFromType(NULL, CL_DEVICE_TYPE_ALL) Success (1)
Platform Name AMD Accelerated Parallel Processing
Device Name Ellesmere
It could work however, but I need help formulating a correct command
(07-31-2020, 06:28 PM)philsmd Wrote: The second problem, is your syntax problem... you can't really use -a 0 (which is the default attack type, so even without specifying -a 0, it defaults to -a 0) without specifying a dictionary file, because: a dictionary attack always works with dictionaries (you could just use example.dict as a dictionary as a test, specify the dictionary after the hash file)
I am now trying to use this command: hashcat -a 6 -m 11600 hash.txt dict.txt ?d?d?d?d?d?d?d?d?d
Taken from here but with a mask of numbers instead of letters https://hashcat.net/forum/thread-6501-po...l#pid34633
The character mask is the maximum number of letters/numbers/symbols? Or it's the exact number?
Because the password I'm trying to crack has a known beginning (I know that it begins with "m******s") but i do not know how many numbers come after that
Can you help me formulate a proper command? As I might just try to run a Linux distro from an external drive to try it.
Posts: 2,267
Threads: 16
Joined: Feb 2013
either use:
Code: hashcat -m 11600 -a 3 -w 3 --increment --increment-min 8 hash.txt myword?d?d?d?d?d?d
or
Code: hashcat -m 11600 -a 6 -w 3 --increment --increment-min 2 hash.txt dict.txt ?d?d?d?d?d?d
where dict.txt contains the word(s), one per line.
Use the one method that is faster, either -a 3 or -a 6. There might be other ways to attack it (e.g. to use --slow-candidates or pipes or pre-computed dicts), but I think -a 3 and -a 6 are the most likely one that work fastest for this specific situation (a slow hash with a fixed prefix).
Posts: 6
Threads: 1
Joined: Jul 2020
(07-31-2020, 09:50 PM)philsmd Wrote: either use:
Code: hashcat -m 11600 -a 3 -w 3 --increment --increment-min 8 hash.txt myword?d?d?d?d?d?d
or
Code: hashcat -m 11600 -a 6 -w 3 --increment --increment-min 2 hash.txt dict.txt ?d?d?d?d?d?d
where dict.txt contains the word(s), one per line.
Use the one method that is faster, either -a 3 or -a 6. There might be other ways to attack it (e.g. to use --slow-candidates or pipes or pre-computed dicts), but I think -a 3 and -a 6 are the most likely one that work fastest for this specific situation (a slow hash with a fixed prefix).
Perfect, the first one with a higher minimum increment and beginning of pattern is exactly what I need. Thank you.
It started to work after adding the -O argument to the command. This is probably why it was crashing before, in the information file it talks about the -O being an optimized driver for these specific platforms.
I'll let it run for the time it will take.
If it will take more than 24 hours, I know that "the very first digit after the letter strings" is "Not 0,1,2 or 3". So from 4 to 9.
Can we add this into the command to further optimize it? As my video card is pretty mediocre. Again, thank you very much, this was very helpful.
Posts: 2,267
Threads: 16
Joined: Feb 2013
07-31-2020, 11:56 PM
(This post was last modified: 07-31-2020, 11:56 PM by philsmd.)
Code: -O -a 3 -w 3 --increment --increment-min 10 --custom-charset2 456789 hash.txt myword?2?d?d?d?d?d
Posts: 6
Threads: 1
Joined: Jul 2020
(07-31-2020, 11:56 PM)philsmd Wrote: Code: -O -a 3 -w 3 --increment --increment-min 10 --custom-charset2 456789 hash.txt myword?2?d?d?d?d?d
This one gives me a "Token length exception No hashes loaded."
The previous command still runs. I paused the process after an hour with a checkpoint to test this.
Posts: 2,267
Threads: 16
Joined: Feb 2013
you of course need to specify the hash type too (I was only focusing on custom charset and increments):
Code: hashcat -m 11600 -a 3 -O -w 3 --increment --increment-min 10 --custom-charset2 456789 hash.txt myword?2?d?d?d?d?d
|
