+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Example hash for DES 14000 does not crack correctly. (/thread-10646.html)
Pages:
1
2
Example hash for DES 14000 does not crack correctly. - OqQCP78Bz - 03-02-2022
Hi all,
I am attempting to crack the DES mode 14000 hash (a28bc61d44bb815c:1172075784504605) from https://hashcat.net/wiki/doku.php?id=example_hashes
As per the wiki, the password is supposed to be hashcat1. However, when attempting to crack it with the following command, I get every collision except for hashcat1:
Code:
PS D:\hashcat-6.2.2> .\hashcat.exe -a 3 -m 14000 a28bc61d44bb815c:1172075784504605 ?1?1?1?1?1?1?1?1 -1 ?l?d --keep-guessing
hashcat (v6.2.2) starting...
CUDA API (CUDA 11.2)
====================
* Device #1: GeForce RTX 3090, 23336/24576 MB, 82MCU
* Device #2: GeForce RTX 3090, 23336/24576 MB, 82MCU
OpenCL API (OpenCL 1.2 CUDA 11.2.109) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #3: GeForce RTX 3090, skipped
* Device #4: GeForce RTX 3090, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
ATTENTION! --keep-guessing mode is enabled.
This tells hashcat to continue attacking all target hashes until exhaustion.
hashcat will NOT check for or remove targets present in the potfile, and
will add ALL plains/collisions found, even duplicates, to the potfile.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 2210 MB
a28bc61d44bb815c:1172075784504605:haribat1
a28bc61d44bb815c:1172075784504605:hashbat1
a28bc61d44bb815c:1172075784504605:haribau1
a28bc61d44bb815c:1172075784504605:hashcau1
a28bc61d44bb815c:1172075784504605:harhcat0
a28bc61d44bb815c:1172075784504605:hashbat0
a28bc61d44bb815c:1172075784504605:harhcau0
a28bc61d44bb815c:1172075784504605:hasibau0
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: DES (PT = $salt, key = $pass)
Hash.Target......: a28bc61d44bb815c:1172075784504605
Time.Started.....: Wed Mar 02 12:35:26 2022 (26 secs)
Time.Estimated...: Wed Mar 02 12:35:52 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1?1?1?1?1?1 [8]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 54101.1 MH/s (11.72ms) @ Accel:128 Loops:1024 Thr:64 Vec:1
Speed.#2.........: 56136.0 MH/s (7.24ms) @ Accel:128 Loops:1024 Thr:64 Vec:1
Speed.#*.........: 110.2 GH/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 2821109907456/2821109907456 (100.00%)
Rejected.........: 0/2821109907456 (0.00%)
Restore.Point....: 59785216/60466176 (98.87%)
Restore.Sub.#1...: Salt:0 Amplifier:46080-46656 Iteration:0-1024
Restore.Sub.#2...: Salt:0 Amplifier:46080-46656 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: sdqw303q -> x8qmjdwv
Candidates.#2....: sdqo1fpq -> x8qqxqgx
Hardware.Mon.#1..: Temp: 51c Fan: 0% Util: 15% Core:1830MHz Mem:10802MHz Bus:16
Hardware.Mon.#2..: Temp: 53c Fan: 0% Util: 85% Core:1800MHz Mem:10802MHz Bus:16
Started: Wed Mar 01 12:35:24 2022
Stopped: Wed Mar 01 12:35:54 2022If anyone has any suggestions as to why this may be and how I can fix it, please let me know. I've tried on a couple of other systems with the same results.
Thanks
RE: Example hash for DES 14000 does not crack correctly. - Chick3nman - 03-02-2022
There does appear to be some funkyness with cracks in 14000. The plaintext does still appear to work, but it doesn't consistently appear when running masks in some orders. I will open an issue on the github for this.
RE: Example hash for DES 14000 does not crack correctly. - nick8606 - 03-02-2022
Algorithm 14000 looks for key, plaintext and ciphertext are known. Size of DES key is 56 bits, LSBs of each byte are NOT used. Therefore there are 256 collisions in 8-bytes key, each collision is complete solution. You can try to encrypt/decrypt data using any key above, result will be the same.
RE: Example hash for DES 14000 does not crack correctly. - OqQCP78Bz - 03-02-2022
@chick3nman thanks for that, please let us know if there's any update.
@nick8606 As far as I understand it, it is expected that you get multiple valid cracks, but I would still expect that 'hashcat1' would still appear. My issue isn't with the keys being invalid, but rather that the _particular expected_ key isn't being identified.
RE: Example hash for DES 14000 does not crack correctly. - v71221 - 03-02-2022
Why are you using v6.2.2
The latest version is v6.2.5
You can also try the beta version from https://hashcat.net/beta
Code:
C:\hashcat-6.2.5>hashcat.exe -a 3 -m 14000 "a28bc61d44bb815c:1172075784504605" "hashcat1"
hashcat (v6.2.5) starting
OpenCL API (OpenCL 2.1 WINDOWS) - Platform #1 [Intel(R) Corporation]
====================================================================
* Device #1: Intel(R) Celeron(R) CPU 1005M @ 1.90GHz, 8103/16270 MB (2033 MB allocatable), 2MCU
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 0 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
a28bc61d44bb815c:1172075784504605:hashcat1
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 14000 (DES (PT = $salt, key = $pass))
Hash.Target......: a28bc61d44bb815c:1172075784504605
Time.Started.....: Wed Mar 02 09:17:43 2022 (0 secs)
Time.Estimated...: Wed Mar 02 09:17:43 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat1 [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 1680 H/s (0.02ms) @ Accel:64 Loops:1024 Thr:1 Vec:4
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat1 -> hashcat1
Started: Wed Mar 02 09:17:39 2022
Stopped: Wed Mar 02 09:17:44 2022RE: Example hash for DES 14000 does not crack correctly. - OqQCP78Bz - 03-02-2022
@v71221 I have re-run the same command with v6.2.5. The results are the same.
Code:
PS D:\hashcat-6.2.5> .\hashcat.exe -a 3 -m 14000 a28bc61d44bb815c:1172075784504605 ?1?1?1?1?1?1?1?1 -1 ?l?d --keep-guessing
hashcat (v6.2.5) starting
CUDA API (CUDA 11.2)
====================
* Device #1: GeForce RTX 3090, 23336/24576 MB, 82MCU
* Device #2: GeForce RTX 3090, 23336/24576 MB, 82MCU
OpenCL API (OpenCL 1.2 CUDA 11.2.109) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #3: GeForce RTX 3090, skipped
* Device #4: GeForce RTX 3090, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
ATTENTION! --keep-guessing mode is enabled.
This tells hashcat to continue attacking all target hashes until exhaustion.
hashcat will NOT check for or remove targets present in the potfile, and
will add ALL plains/collisions found, even duplicates, to the potfile.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 2925 MB
a28bc61d44bb815c:1172075784504605:harhbat1
a28bc61d44bb815c:1172075784504605:hasibat1
a28bc61d44bb815c:1172075784504605:harhbau1
a28bc61d44bb815c:1172075784504605:hashcau1
Cracking performance lower than expected?
* Append -w 3 to the commandline.
This can cause your screen to lag.
* Append -S to the commandline.
This has a drastic speed impact but can be better for specific attacks.
Typical scenarios are a small wordlist but a large ruleset.
* Update your backend API runtime / driver the right way:
https://hashcat.net/faq/wrongdriver
* Create more work items to make use of your parallelization power:
https://hashcat.net/faq/morework
a28bc61d44bb815c:1172075784504605:haricat0
a28bc61d44bb815c:1172075784504605:hashbat0
a28bc61d44bb815c:1172075784504605:haricau0
a28bc61d44bb815c:1172075784504605:hashbau0
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 14000 (DES (PT = $salt, key = $pass))
Hash.Target......: a28bc61d44bb815c:1172075784504605
Time.Started.....: Wed Mar 02 17:00:17 2022 (25 secs)
Time.Estimated...: Wed Mar 02 17:00:42 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1?1?1?1?1?1 [8]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 54870.9 MH/s (0.36ms) @ Accel:256 Loops:1024 Thr:32 Vec:1
Speed.#2.........: 56273.2 MH/s (0.35ms) @ Accel:256 Loops:1024 Thr:32 Vec:1
Speed.#*.........: 111.1 GH/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 2821109907456/2821109907456 (100.00%)
Rejected.........: 0/2821109907456 (0.00%)
Restore.Point....: 60455536/60466176 (99.98%)
Restore.Sub.#1...: Salt:0 Amplifier:46080-46656 Iteration:0-1024
Restore.Sub.#2...: Salt:0 Amplifier:46080-46656 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: sdqwr0q6 -> x8qmf8q6
Candidates.#2....: sdqyyyq6 -> x8qqxqgx
Hardware.Mon.#1..: Temp: 52c Fan: 0% Util: 64% Core:1830MHz Mem:10802MHz Bus:16
Hardware.Mon.#2..: Temp: 50c Fan: 0% Util: 60% Core:1860MHz Mem:10802MHz Bus:16
Started: Wed Mar 02 17:00:10 2022
Stopped: Wed Mar 02 17:00:44 2022Again, while I understand that any of those collisions are functionally valid, the ability to obtain the 'correct' collision (hashcat1) is still important.
RE: Example hash for DES 14000 does not crack correctly. - v71221 - 03-02-2022
my laptop is not too fast, so I tried to narrow keyspace.
hashcat1 is there. You can play with different combinations.
Code:
C:\hashcat-6.2.5-207>hashcat.exe -a 3 -m 14000 "a28bc61d44bb815c:1172075784504605" hashc?1?1?1 -1 ?l?d --keep-guessing
hashcat (v6.2.5-207-gac1997027) starting
OpenCL API (OpenCL 2.1 WINDOWS) - Platform #1 [Intel(R) Corporation]
====================================================================
* Device #1: Intel(R) Celeron(R) CPU 1005M @ 1.90GHz, 8103/16270 MB (2033 MB allocatable), 2MCU
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
ATTENTION! --keep-guessing mode is enabled.
This tells hashcat to continue attacking all target hashes until exhaustion.
hashcat will NOT check for or remove targets present in the potfile, and
will add ALL plains/collisions found, even duplicates, to the potfile.
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 0 MB
a28bc61d44bb815c:1172075784504605:hashcat1
a28bc61d44bb815c:1172075784504605:hashcau1
a28bc61d44bb815c:1172075784504605:hashcat0
a28bc61d44bb815c:1172075784504605:hashcau0
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 14000 (DES (PT = $salt, key = $pass))
Hash.Target......: a28bc61d44bb815c:1172075784504605
Time.Started.....: Wed Mar 02 07:11:18 2022 (1 sec)
Time.Estimated...: Wed Mar 02 07:11:19 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashc?1?1?1 [8]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 144.3 kH/s (0.25ms) @ Accel:64 Loops:1024 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests
Progress.........: 46656/46656 (100.00%)
Rejected.........: 0/46656 (0.00%)
Restore.Point....: 46656/46656 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: hashccwv -> hashcqgx
Started: Wed Mar 02 07:10:59 2022
Stopped: Wed Mar 02 07:11:20 2022RE: Example hash for DES 14000 does not crack correctly. - OqQCP78Bz - 03-02-2022
@v71221 Yeah, that's fine, if I knew part of the key I'm trying to break first, but it doesn't help with a straight brute force?
RE: Example hash for DES 14000 does not crack correctly. - Chick3nman - 03-02-2022
Yeah, i think the issue here is being confused. The correct key does indeed crack the example. The core problem here is that not all valid collisions are produced consistently during the mask attack. Some are skipped and the behavior is even changed with the keyspace ordering.
RE: Example hash for DES 14000 does not crack correctly. - OqQCP78Bz - 03-03-2022
(03-02-2022, 05:30 PM)Chick3nman Wrote: Yeah, i think the issue here is being confused. The correct key does indeed crack the example. The core problem here is that not all valid collisions are produced consistently during the mask attack. Some are skipped and the behavior is even changed with the keyspace ordering.
Correct, thanks for clarifying Chick3nman.