Can't crack salted hash generated by ruby AuthlogicSha512 library
#1
Hello.

The code to generate it is quite simple:
Code:
[23] pry(main)> Devise::Encryptable::Encryptors::AuthlogicSha512.digest("12345", 20, "y9KxS8uhhfRZErYBb2mA", nil)

=> "2671d2e63de53eX3X2cc38X06fe8d664717Xe7d1afbcf0ebfbd3dbced3541ced7e00c98X0ad78f3fXeff6df26f2bbb1X3e4cae08fb98fc13b72e3Xd7d2c0Xd29"
Hash was obfuscated with "X", as demanded by rules.
This is a SHA512 algorithm, so I tried hashcat like this:
Code:
[code]hashcat -m 1710 "2671d2e63de53eX3X2cc38X06fe8d664717Xe7d1afbcf0ebfbd3dbced3541ced7e00c98X0ad78f3fXeff6df26f2bbb1X3e4cae08fb98fc13b72e3Xd7d2c0Xd29:y9KxS8uhhfRZErYBb2mA"
12345[/code]

But the cracking status is "Exhausted" and 
Code:
hashcat -m 1710 --show "2671d2e63de53eX3X2cc38X06fe8d664717Xe7d1afbcf0ebfbd3dbced3541ced7e00c98X0ad78f3fXeff6df26f2bbb1X3e4cae08fb98fc13b72e3Xd7d2c0Xd29:y9KxS8uhhfRZErYBb2mA"
just show me nothing.
I guess something wrong with salt format, but I couldn't get what was wrong.
Reply
#2
i think the problem is (given your example)

the hash algo is (pw, rounds/iterations?, salt and ???)

plain mode 1710 is pw: salt so the problem starts with iterations, iterations take the first output as input and hash it again, this is done (iterations) 20 times? so you have the result of
take this sha512: salt 20 times

repeat 20 times sha512( pw: salt)

so with mode 1710 you will not get the pw

next thing is what about nil? is it appended, prepended to your pass? so your pass ist nil12345 or 12345nil? or what is nil?
Reply
#3
(03-22-2022, 02:10 PM)Snoopy Wrote: the hash algo is (pw, rounds/iterations?, salt and ???)
The hash algo takes (password, stretches (rounds/iterations), salt, pepper)

(03-22-2022, 02:10 PM)Snoopy Wrote: next thing is what about nil? is it appended, prepended to your pass? so your pass ist nil12345 or 12345nil? or what is nil?

nil is a pepper. I just didn't use it for hashing, that's why it's nil.
Reply
#4
okay so you have iterations, salt and pepper

mode 1710 allows/accepts salt only

there is actual no mode (i think) in hashcat supporting this style of hash

EDIT: btw i think you mean nul or null not nil right?
Reply
#5
(03-22-2022, 03:00 PM)Snoopy Wrote: there is actual no mode (i think) in hashcat supporting this style of hash

Actually, I found some examples here.
This one for instance.

Code:
7400 sha256crypt $5$, SHA256 (Unix) 2 $5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD

And I tried it like this:
Code:
$6$rounds=20$salt$hash
But I had an error "Token length exception"
I already cloned the source code and I'll try to figure it out or maybe add a new method that let me crack such hashes.

(03-22-2022, 03:00 PM)Snoopy Wrote: EDIT: btw i think you mean nul or null not nil right?

No, I mean exactly nil. This is Ruby. Smile

Code:
[2] pry(main)> 1 == nil
=> false
[3] pry(main)> nil.nil?
=> true
[4] pry(main)> nil.present?
=> false
Reply
#6
(03-23-2022, 02:27 PM)Dzam Wrote:
(03-22-2022, 03:00 PM)Snoopy Wrote: there is actual no mode (i think) in hashcat supporting this style of hash

Actually, I found some examples here.
This one for instance.

Code:
7400 sha256crypt $5$, SHA256 (Unix) 2 $5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD

And I tried it like this:
Code:
$6$rounds=20$salt$hash
But I had an error "Token length exception"
I already cloned the source code and I'll try to figure it out or maybe add a new method that let me crack such hashes.

yeah but there are still some problems, which will be the reasons you will need a new module

your provided output is salt.length=20 and hash.length=128

the module 1800 (the unix-style sha512scrypt) is build with this linux/unix style hash in mind which has the following defaults and restrictions

salt.length is 8-16, this leads to the first problem, your salt is 20 and therefore to long (token length exceptiopn)

rounds defaults to 5000, but has to be minimum 1000 (although i didnt see this anywhere in the module, so 20 should be fine)

BUT output.hash of mode 1800 sha512crypt is exact 86 chars long (this is fixed by this hashing standard) your output ist 128 -> plain sha512 lenght also resulting in an token length exception

your hash is plain sha512, generated by pw with salt, so the nearest module is still 1700 or 1710 but these modules lacks the abiltiy of adding rounds

when looking for a workaround i stumbled around with mkpasswd and openssl from linux but anyone of these have limitations such as round>=1000 or they cannot be fed with rounds

so jfyi

i did some quickndirty python script, its more or less the ruby code just for python (tested it with your input and was able to repoduce your hash)

i used timeit to test how long this script will run when feeding with plain numbers from 1-100.000, this took
Code:
[5.271704000000001, 5.239788600000001, 5.2361591999999995, 5.285123599999999, 5.324203600000001]

so the "hashingrate" of script would be around 18.800 H/s, this is plain, i didnt used anything to parallize the work like python multiprocessing, mutlithreading
Reply
#7
(03-23-2022, 07:13 PM)Snoopy Wrote: i did some quickndirty python script, its more or less the ruby code just for python (tested it with your input and was able to repoduce your hash)



Wow, cool! Thanks ,you are encouraged me and I also wrote some python code to reproduce it:
Code:
import hashlib

# Test word and salt
word = '12345'
salt = 'y9KxS8uhhfRZErYBb2mA'

# Make message from word and salt
message = word + salt

# Method to create hash (1 round) for a word
# Get word as a plain text
def gen_hash(word):
    return hashlib.sha512(word.encode('utf-8')).hexdigest()

hex_hash = gen_hash(message)
# print(1, hex_hash)

rounds = 20
# Go through all rounds
for i in range(1, rounds):
    hex_hash = gen_hash(hex_hash)
    # print(i+1, hex_hash)

print(hex_hash)
I'll try to figure out how to add a new module for hashcat
Reply
#8
(03-25-2022, 08:42 AM)Dzam Wrote: I'll try to figure out how to add a new module for hashcat

New module is necessary, because your hashes have trash symbols "X", and these symbols should not be included in comparison.

P. S. I didn't find existing module for your algorithm, even for full hashes. Some modules (for example 1800) have similar algorithms and can be used as samples.
Reply
#9
(03-25-2022, 10:38 AM)nick8606 Wrote:
(03-25-2022, 08:42 AM)Dzam Wrote: I'll try to figure out how to add a new module for hashcat

New module is necessary, because your hashes have trash symbols "X", and these symbols should not be included in comparison.

P. S. I didn't find existing module for your algorithm, even for full hashes. Some modules (for example 1800) have similar algorithms and can be used as samples.

the X was made by dzam because of forum rules not to post valid hashes as long not asked Wink
Reply
#10
(03-25-2022, 03:14 PM)Snoopy Wrote:
(03-25-2022, 10:38 AM)nick8606 Wrote:
(03-25-2022, 08:42 AM)Dzam Wrote: I'll try to figure out how to add a new module for hashcat

New module is necessary, because your hashes have trash symbols "X", and these symbols should not be included in comparison.

P. S. I didn't find existing module for your algorithm, even for full hashes. Some modules (for example 1800) have similar algorithms and can be used as samples.

the X was made by dzam because of forum rules not to post valid hashes as long not asked Wink

Exactly, thanks. Smile
Reply