Bitwarden module 23400: Salt-iteration length exception - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Bitwarden module 23400: Salt-iteration length exception (/thread-11885.html) |
Bitwarden module 23400: Salt-iteration length exception - tom - 04-02-2024 Hi, I'm trying to recover my Bitwardens master password. With tutorials from the internet I was able to get my Bitwarden hash and I still remember some part of the password. From the Bitwarden data.json I have an iteration count of 1.000.000 Whenever I try to crack my password I get Salt-iteration length exception Whenever I try my Bitwarden hash with an iteration count of 100.000 it works, but of course it can't crack the password. The same is for the example hash from https://github.com/hashcat/hashcat/blob/master/src/modules/module_23400.c on line 30 Code: $bitwarden$2*100000*2*bm9yZXBseUBoYXNoY2F0Lm5ldA==*+v5rHxYydSRUDlan+4pSoiYQwAgEhdmivlb+exQX+fg= This hash works fine with an iteration of 100.000 but not with 1.000.000 and I unfortunately salted my Bitwarden with 1.000.000. Is there any suggestion to modify this limitation? I've already checked this https://hashcat.net/forum/thread-10116.html but unfortunately it did not work - could be me because I'm not sure I did it right. I'm able to understand basic C, but Hashcat code is already a little bit to advanced. I was able to compile it myself but not to debug it myself to trace where the exception is being thrown. I'm very grateful for any help. Thanks in advance! Tom RE: Bitwarden module 23400: Salt-iteration length exception - penguinkeeper - 04-02-2024 Hashcat has a safety check for if the iteration count is over 999,999, which is where this is failing. I'll likely just remove this check as I don't really see the value in it, can I ask how you managed to get such a high iteration count? Is this something that is changeable in Bitwarden itself or did you change Bitwarden's code to achieve this? RE: Bitwarden module 23400: Salt-iteration length exception - tom - 04-02-2024 (04-02-2024, 10:21 PM)penguinkeeper Wrote: Hashcat has a safety check for if the iteration count is over 999,999, which is where this is failing. I'll likely just remove this check as I don't really see the value in it, can I ask how you managed to get such a high iteration count? Is this something that is changeable in Bitwarden itself or did you change Bitwarden's code to achieve this? It was several years ago that I did setup Bitwarden. I'm using their cloud so I guess I could choose that once I did that setup long time ago. Atleast I have Code: "kdfIterations": 1000000 Thank you very very much, will that change be released on GitHub or is it a quick fix I can do and compile it myself? Thanks again RE: Bitwarden module 23400: Salt-iteration length exception - penguinkeeper - 04-02-2024 I'll PR it into the github in a little while and reply to the thread but it's unlikely to be pulled in for a while due to some big changes that have been piling up so you will have to compile yourself. Please consult the "BUILD.md" file on github if you have any problems but feel free to ask here if you get stuck RE: Bitwarden module 23400: Salt-iteration length exception - penguinkeeper - 04-02-2024 PR created: https://github.com/hashcat/hashcat/pull/3980 If you want to use it: 1) Go here https://github.com/PenguinKeeper7/hashcat/tree/Raise-Bitwarden-Iteration-Cap 2) Click "Code" then "Download ZIP" 3) Extract it 4) Use the compile instructions in BUILD.md Good luck! RE: Bitwarden module 23400: Salt-iteration length exception - tom - 04-05-2024 (04-02-2024, 11:36 PM)penguinkeeper Wrote: PR created: https://github.com/hashcat/hashcat/pull/3980 Thanks for your help and quick reply. I somehow had those already similarly configured. Unfortunately, I was not able to get it working. I commented out those two lines Code: // lines 170 and 177 in module_23400.c I understand that it is important to check users input. For my purpose I commented it out. I have no deep knowledge about either programming or hashcat but I figure this error somehow happens in the input_tokenizer on line 151. Thank you again. I still need to hack my password, but you helped me to get my hashcat running. Now I'll need to figure out masks and stuff. Hashcat is really nice. T. RE: Bitwarden module 23400: Salt-iteration length exception - CryptonParkour - 04-30-2024 While running this code in windows - hashcat.exe -m 2500 -a 3 wpa2.hccapx ?d?d?d?d?d?d?d?d I encounter below problem can u help hashcat (v6.2.6) starting hiprtcCompileProgram is missing from HIPRTC shared library. * Device #1: WARNING! Kernel exec timeout is not disabled. This may cause "CL_OUT_OF_RESOURCES" or related errors. To disable the timeout, see: https://hashcat.net/q/timeoutpatch * Device #2: WARNING! Kernel exec timeout is not disabled. This may cause "CL_OUT_OF_RESOURCES" or related errors. To disable the timeout, see: https://hashcat.net/q/timeoutpatch ADL2_Overdrive_Caps(): -8 ADL2_Overdrive_Caps(): -8 nvmlDeviceGetFanSpeed(): Not Supported ADL_Overdrive5_FanSpeed_Get(): -100 ADL_Overdrive5_Temperature_Get(): -100 CUDA API (CUDA 12.4) ==================== * Device #1: NVIDIA GeForce GTX 1650, 3298/4095 MB, 14MCU OpenCL API (OpenCL 3.0 CUDA 12.4.131) - Platform #1 [NVIDIA Corporation] ======================================================================== * Device #2: NVIDIA GeForce GTX 1650, skipped OpenCL API (OpenCL 2.1 AMD-APP (3584.0)) - Platform #2 [Advanced Micro Devices, Inc.] ===================================================================================== * Device #3: AMD Radeon(TM) Graphics, 6144/12356 MB (5033 MB allocatable), 7MCU Minimum password length supported by kernel: 8 Maximum password length supported by kernel: 63 The plugin 2500 is deprecated and was replaced with plugin 22000. For more details, please read: https://hashcat.net/forum/thread-10253.html Started: Tue Apr 30 12:39:59 2024 Stopped: Tue Apr 30 12:40:04 2024 |