+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Cannot load module ./modules/module_17030.dll (/thread-11872.html)
Cannot load module ./modules/module_17030.dll - mogley766 - 03-24-2024
I am using Windows 11, I know, I know.
I have a gpg file that is encrypted using:
Code:
gpg -c --force-mdc --cipher-algo AES256I have used John to get a hash:
Code:
.\gpg2john.exe S:\scratch\foobar.txt.gpg > S:\scratch\john-foobar-gpg-hash.txtI have read that this hash is probably not in the correct format for hashcat to use, but I cannot figure out how to build the correct hash string for hashcat.
If I do try to run .\hashcat.exe -a3 -m17010 S:\scratch\foobar-gpg-hash.txt ?a?a?a?a?a?a, get:
Code:
hashcat (v6.2.6) starting
S:\scratch\hashcat-foobar-gpg-hash.txt: Byte Order Mark (BOM) was detected
CUDA API (CUDA 12.4)
====================
* Device #1: NVIDIA GeForce RTX 4080, 15048/16375 MB, 76MCU
OpenCL API (OpenCL 3.0 CUDA 12.4.99) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce RTX 4080, skipped
OpenCL API (OpenCL 3.0 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #3: Intel(R) UHD Graphics 770, 6432/12967 MB (2047 MB allocatable), 32MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashfile 'S:\scratch\hashcat-foobar-gpg-hash.txt' on line 1 ($): Separator unmatched
No hashes loaded.
Started: Sun Mar 24 11:44:07 2024
Stopped: Sun Mar 24 11:44:09 2024Using hashcat --help, I only see this listed for gpg:
Code:
17010 | GPG (AES-128/AES-256 (SHA-1($pass))) | Raw HashHowever from here https://hashcat.net/wiki/doku.php?id=example_hashes, I see:
Code:
17010 GPG (AES-128/AES-256 (SHA-1($pass))) * | $gpg$*1*348*1024*8833fa3812b5500aa9eb7e46febfa31a0584b7e4a5b13c198f5c9b0814243895cce45ac3714e79692fb5a130a1c943b9130315ce303cb7e6831be68ce427892858f313fc29f533434dbe0ef26573f2071bbcc1499dc49bda90648221ef3823757e2fba6099a18c0c83386b21d8c9b522ec935ecd540210dbf0f21c859429fd4d35fa056415d8087f27b3e66b16081ea18c544d8b2ea414484f17097bc83b773d92743f76eb2ccb4df8ba5f5ff84a5474a5e8a8e5179a5b0908503c55e428de04b40628325739874e1b4aa004c4cbdf09b0b620990a8479f1c9b4187e33e63fe48a565bc1264bbf4062559631bef9e346a7217f1cabe101a38ac4be9fa94f6dafe6b0301e67792ed51bca04140cddd5cb6e80ac6e95e9a09378c9651588fe360954b622c258a3897f11246c944a588822cc6daf1cb81ccc95098c3bea8432f1ee0c663b193a7c7f1cdfeb91eee0195296bf4783025655cbebd7c70236*3*254*2*7*16*a47ef38987beab0a0b9bfe74b72822e8*65536*1f5c90d9820997db
17020 GPG (AES-128/AES-256 (SHA-512($pass))) * | $gpg$*1*668*2048*57e1f19c69a86038e23d7e5af5d810f4f86d32e9aaaf04b54281cda2194dcca99ee1f23f4aa3a011d5d2dc9e47689c449f398d315f91a03f4765742d20a7046e986a9696f0e07380a73fdd61e7ab2caa463a049a5869e008e16bb30d22f93f9aa8b0fdd41d2b19e669d58ca462498905e79944bff578c24139a88ef44582aef93f94fe22406a3ae32dcc0f0602e2f4345db2bd9d775eaeb14a8d7aff963e1ca8c29bab2fc3d459941587f4242af6e100e2e668a6c9247c19969ba294f6f2ab60ef84d42aab2e3512153a283d321442840189733dc6024dab0ea5d10d2e07fee914fc2e7177b310e8835bf8a5ffe1bde5ce0a74d3dd570c1b2652672873d3c520364acc0af35f5f7d0e0e95df8c2db3855936e0a4a24cc463bf277b0c5ea37d4ac1ddae6ef9da18852620de15ab648306f3d7acbb918e79f3ab7a3eaf4f59416560c4d31d8a0220c3301c95db4b8fe6b69348657aed52d5e15aefb17fedd15a50630a4edbad362ba9b79a048b4966a70643d8fa31fb397a531db85e8ad5bb169f5188449dbcc1bbaf42440d1794a34296c2407092c76e59544133959309ce42a05899162c55a865018085a4c57068294a5389cf6fbf1c93b5ab7732625fb6a465bd7ec51a128c2f9b0cf3fd0367f92667098b3a8af40f9f434a2a727b09bddbad1762127cc785eda419ac3ff24c8724e04ea2d330b0b441f34623955efd383f20578cdc527f3076ee068b727cd399ce17ff9d5233409b2d16d55c5c80cb8ca01019cd068c6e803217d6f2b7124e354b89de0eb0dfd241384026a1cdca529b6fed37aa0ececb0d6c26de06407d75a6e3108b0d25621db418206291a67216306e1a18c992736e45ef7f87373c0a3f28ddc1b4543604cd154f6b79265a6d8c13550078c3bcf55063263e5bc5cae6b925c1dbb67f972e234006867849e653*3*254*10*9*16*d1547688c9cc944482d16dff17df0858*20971520*1fef4e57e302d34e
17030 GPG (AES-128/AES-256 (SHA-256($pass))) * | $gpg$*1*668*2048*e75985b4e7d0bce9e38925a5cf69494ae9a2ccfe2973f077d9423642fffec8bee0e327178a4a3431875ca1f377b9f89269e7c42b94150859d9e5bf5c4504d63076b270118183dda75d253492be8b680c0061e7f130010a00a09a0456710051f2483052ad209fcb9f194f78ecd04fd04953fa1cd6f7ce9babca8b2ee6432730de069648460b2822fe355ed19e0055c69251097681901d7183626019d938727399df47f5249f25b1c73e8654bf935014533845f278e6dd94b8c2964ad6a87c718967686f39a88b21a0e5a93321d4733c81d9310955db6990d8cd02bcf73159b1f48f5615def601aa3e12bf30384da41b558b1eef1111cfc85c8772c123a7b977e2ba399f65679c35b9a2abfde0230a5706fe99f5460c700b1498b1661353ec30eab25defb9af2e7e744fd050d2e7c87542d8bc49e728a7734accf2801dc5972192670858f2004308f3afdd94acd44e1161c44dd372296ca7fe40cbb541c21d640a10df34460c4f5c7cd1bf3b3282668d7edb53be4d843aef4b6f0357526d9c4432aa2a45e113a73e75bfec98cb4cc020ab6cca35336fd188140fd16183dbe288707421e698b6e4801508ae903de3e5d600bd613ea612af92780e53be37722897edb8a588193e7d28819c2f0cbb4e97c3e830113ce14ab05ddb82552fc5e82c386ec2fe9b2d86fc7ade39e341e3dd828502cc3dd038cb21cb0512e79dca9f5a9eae78b2e91aa0732ac77fbc3bc5575c210f519c178669ea99bef62eb6761dfa76407d0d501b07a696a0214dafde7b0bfb48e8ba445b6b42a859a63cb91c9d991ed030ef9e6c63f53b395e14821d7039e4455e0e3712f77f64b7abaa04467bd5b9be26c5e098430187676d0aa7206e2e4fa2e5b7bd486d18b0f3859e94319ccac587574a7bae6ccb3e9414cc769761cf6a0fa1b33cccd1a4b0b04c0d52cd*3*254*8*9*16*343d26cf2c10a8f8a161874fbb218c12*65536*666ae8d1c98404b0Based on the gpg command used to encrypt the file, I was thinking I really need the 17030 mode.
When running .\hashcat.exe -m17010 --example-hashes --mach, it successfully returns the example.
When running .\hashcat.exe -m17030 --example-hashes --mach, I get:
Code:
hashcat (v6.2.6) starting in hash-info mode
Either the specified hash mode does not exist in the official repository,
or the file(s) could not be found. Please check that the hash mode number is
correct and that the files are in the correct place.
Cannot load module ./modules/module_17030.dllSo, assuming I am actually using the right mode, how do I get the correct module?
Thanks.
RE: Cannot load module ./modules/module_17030.dll - penguinkeeper - 03-24-2024
Firstly, encode as UTF8 without symbols or Hashcat will be confused:
Code:
S:\scratch\hashcat-foobar-gpg-hash.txt: Byte Order Mark (BOM) was detectedSecondly, the asterisks in the examples table mean that they're not in release Hashcat and you will have to use the beta to have access to them. https://www.hashcat.net/beta
RE: Cannot load module ./modules/module_17030.dll - mogley766 - 03-25-2024
Thanks for pointing the BOM.
I was able to get around that with:
Code:
bash
file /mnt/s/scratch/hashcat-foobar-gpg-hash.txt
iconv -f UTF-16 -t UTF-8 /mnt/s/scratch/hashcat-foobar-gpg-hash.txt -o /mnt/s/scratch/hashcat-foobar-gpg-hash.txtAlso, thanks for pointing out that asterisk. I feel pretty silly not catching that and then scrolling down to the legend where is calls out that it's in beta or not yet released.
I will go pull down a beta release and see if I have better luck.
RE: Cannot load module ./modules/module_17030.dll - mogley766 - 03-26-2024
Alright stupid question, where do you find the beta releases?
RE: Cannot load module ./modules/module_17030.dll - mogley766 - 03-26-2024
Seems like there isn't a newer beta version?
Index of /beta/ (hashcat.net)
Code:
hashcat-6.2.6+813.7z 26-Oct-2023 12:28 21736133
kwprocessor-1.00+6.7z 09-Sep-2016 15:33 87474Oh, maybe that is newer:
https://hashcat.net/hashcat/
Code:
hashcat binaries v6.2.6 2022.09.02RE: Cannot load module ./modules/module_17030.dll - mogley766 - 03-29-2024
Alright, the beta works, but I now get:
Code:
Hashfile 'S:\scratch\hashcat-foobar-gpg-hash.txt' on line 1 ($gpg$*...18*8*9*65011712*4b9b39f440ed3ec5): Token length exception
* Token length exception: 1/1 hashes
This error happens if the wrong hash type is specified, if the hashes are
malformed, or if input is otherwise not as expected (for example, if the
--username option is used but no username is present)I would assume the problem stems from how gpg2john.exe is creating the hash.
If I take the example hash, that is generated from, .\hashcat.exe -m17030 --example-hashes --mach, and break it out like this:
Code:
$gpg$
1
668
2048
e75985b4e7d0bce9e38925a5cf69494ae9a2ccfe2973f077d9423642fffec8bee0e327178a4a3431875ca1f377b9f89269e7c42b94150859d9e5bf5c4504d63076b270118183dda75d253492be8b680c0061e7f130010a00a09a0456710051f2483052ad209fcb9f194f78ecd04fd04953fa1cd6f7ce9babca8b2ee6432730de069648460b2822fe355ed19e0055c69251097681901d7183626019d938727399df47f5249f25b1c73e8654bf935014533845f278e6dd94b8c2964ad6a87c718967686f39a88b21a0e5a93321d4733c81d9310955db6990d8cd02bcf73159b1f48f5615def601aa3e12bf30384da41b558b1eef1111cfc85c8772c123a7b977e2ba399f65679c35b9a2abfde0230a5706fe99f5460c700b1498b1661353ec30eab25defb9af2e7e744fd050d2e7c87542d8bc49e728a7734accf2801dc5972192670858f2004308f3afdd94acd44e1161c44dd372296ca7fe40cbb541c21d640a10df34460c4f5c7cd1bf3b3282668d7edb53be4d843aef4b6f0357526d9c4432aa2a45e113a73e75bfec98cb4cc020ab6cca35336fd188140fd16183dbe288707421e698b6e4801508ae903de3e5d600bd613ea612af92780e53be37722897edb8a588193e7d28819c2f0cbb4e97c3e830113ce14ab05ddb82552fc5e82c386ec2fe9b2d86fc7ade39e341e3dd828502cc3dd038cb21cb0512e79dca9f5a9eae78b2e91aa0732ac77fbc3bc5575c210f519c178669ea99bef62eb6761dfa76407d0d501b07a696a0214dafde7b0bfb48e8ba445b6b42a859a63cb91c9d991ed030ef9e6c63f53b395e14821d7039e4455e0e3712f77f64b7abaa04467bd5b9be26c5e098430187676d0aa7206e2e4fa2e5b7bd486d18b0f3859e94319ccac587574a7bae6ccb3e9414cc769761cf6a0fa1b33cccd1a4b0b04c0d52cd
3
254
8
9
16
343d26cf2c10a8f8a161874fbb218c12
65536
666ae8d1c98404b0I can see that my hash that was created from gpg2john.exe is 3 lines shorter.
From the example, it looks like I am missing the values for:
Code:
2048
16
65536I have also noticed that very long string value is much shorter for my hash, which might also be a problem?
Is there any documentation on what each section of the hash file is, that is each section separated by the asterisk?