Mac OS X 10.8-9 Issue - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html) +--- Thread: Mac OS X 10.8-9 Issue (/thread-3129.html) |
Mac OS X 10.8-9 Issue - moxilo - 02-09-2014 Dear hashcat developers, I have an issue trying to crack a password stored in PBKDF2 (Salted SHA-512). The code number for this algorithm is "7100". The information is extracted from the binary property list of the user where the attribute SALTED-SHA512-PBKDF2 is another binary property list. The information extracted for a password "abcd" is this: - The iterations are 37313. - Shalt is fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554. - Entropy is a731XXXXeXXXXXXXXXXXXXXXXXXXXceafc083c6bcxxxxxxxxxxxxxxxxxxxxe4625ef113b66f3xxxxxxxxxxxxxxxxxxxxxxdb3f7f14917XXXXXXXXXXXXX0aba2064XXXXX345d98c0c9a411bfd1144dd4b3c4XXXXXXX8b66d5b9abXXXXXXXXX2e103928ef21db6e25b536a60ff1XXXXXXX5be3aa7ba3a4c16b3XXXXXXXX66XXX78. Then the result is: $ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731XXXXeXXXXXXXXXXXXXXXXXXXXceafc083c6bcxxxxxxxxxxxxxxxxxxxxe4625ef113b66f3xxxxxxxxxxxxxxxxxxxxxxdb3f7f14917XXXXXXXXXXXXX0aba2064XXXXX345d98c0c9a411bfd1144dd4b3c4XXXXXXX8b66d5b9abXXXXXXXXX2e103928ef21db6e25b536a60ff1XXXXXXX5be3aa7ba3a4c16b3XXXXXXXX66XXX78 First of all, the Mac OS X 10.8/0.9 hash provided as an example https://hashcat.net/wiki/doku.php?id=example_hashes has an invalid entropy. It is 256 hexadecimal characters and not 128, as you can also see here: https://hashcat.net/forum/thread-1687-post-10926.html#pid10926. Secondly the tool doesn't get a valid password, maybe I am doing something wrong, but using dave tool I get the valid password (so slow, 14 password/second): root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat hash $ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731XXXXeXXXXXXXXXXXXXXXXXXXXceafc083c6bcxxxxxxxxxxxxxxxxxxxxe4625ef113b66f3xxxxxxxxxxxxxxxxxxxxxxdb3f7f14917XXXXXXXXXXXXX0aba2064XXXXX345d98c0c9a411bfd1144dd4b3c4XXXXXXX8b66d5b9abXXXXXXXXX2e103928ef21db6e25b536a60ff1XXXXXXX5be3aa7ba3a4c16b3XXXXXXXX66XXX78 root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat wordlist a ab abc abcd abcde root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# hashcat -m 7100 hash wordlist Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size... Added hashes from file hash: 1 (1 salts) Activating quick-digest mode for single-hash with salt NOTE: press enter for status-screen Input.Mode: Dict (wordlist) Index.....: 1/1 (segment), 5 (words), 20 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Progress..: 5/5 (100.00%) Running...: 00:00:00:01 Estimated.: --:--:--:-- Started: Sun Feb 9 14:59:34 2014 Stopped: Sun Feb 9 14:59:35 2014 root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# However the password "abcd" is in the wordlist. Thank you. [hashes masked by philsmd] RE: Mac OS X 10.8-9 Issue - philsmd - 02-09-2014 First see here: https://hashcat.net/forum/announcement-2.html You shouldn't post hashes if you were not asked by a moderator or dev. The answer is simple, just truncate the length to the one indicated in the example hash wiki section: http://hashcat.net/wiki/doku.php?id=example_hashes See the example here: Code: $ cat abcd.txt Hope this helps. Just truncate the hash (because the additional bytes are not needed ) Note: in theory I should ban you, because you broke the rules... But since it wasn't explained very well (and hashcat-cli could also ignore the additional bytes) you helped somehow to improve the wiki / hashcat-cli parsing.... Anyway, don't post hashes again if not asked RE: Mac OS X 10.8-9 Issue - moxilo - 02-10-2014 Hello philsmd, Please apologize for that, I didn't know that I wasn't able to paste this hash. I had to read the rules before, sorry. Moreover thank you for your help. I've deleted the last 128 characters from the hash, but it still not working. I have also deleted the new line characters and checked with both options: root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# xxd m7100.txt | tail -1 00000c0: 3139 6131 6230 6162 6132 30 19a1b0aba20 root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# xxd m7100_n.txt | tail -1 00000c0: 3139 6131 6230 6162 6132 300a 19a1b0aba20. root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat m7100.txt | wc -c 203 root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat m7100.txt $ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaba20root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat m7100_n.txt $ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaba20 root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# hashcat -m 7100 -a 3 --pw-min 4 m7100.txt abcd Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size... Added hashes from file m7100.txt: 1 (1 salts) Activating quick-digest mode for single-hash with salt NOTE: press enter for status-screen Input.Mode: Mask (abcd) [4] Index.....: 0/1 (segment), 1 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Progress..: 1/1 (100.00%) Running...: 00:00:00:01 Estimated.: --:--:--:-- Started: Mon Feb 10 00:00:53 2014 Stopped: Mon Feb 10 00:00:54 2014 root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# hashcat -m 7100 -a 3 --pw-min 4 m7100_n.txt abcd Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size... Added hashes from file m7100_n.txt: 1 (1 salts) Activating quick-digest mode for single-hash with salt NOTE: press enter for status-screen Input.Mode: Mask (abcd) [4] Index.....: 0/1 (segment), 1 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Progress..: 1/1 (100.00%) Running...: 00:00:00:01 Estimated.: --:--:--:-- Started: Mon Feb 10 00:01:00 2014 Stopped: Mon Feb 10 00:01:01 2014 root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat wordlist.txt abcd root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# hashcat -m 7100 m7100_n.txt wordlist.txt Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size... Added hashes from file m7100_n.txt: 1 (1 salts) Activating quick-digest mode for single-hash with salt NOTE: press enter for status-screen Input.Mode: Dict (wordlist.txt) Index.....: 1/1 (segment), 1 (words), 5 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Progress..: 1/1 (100.00%) Running...: --:--:--:-- Estimated.: --:--:--:-- Started: Mon Feb 10 00:04:58 2014 Stopped: Mon Feb 10 00:04:58 2014 I had also tried downloading the hashcat from the web page, but without luck (it is i686 virtual machine): root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_rooted# ./hashcat-0.47/hashcat-cli32.bin -m 7100 -a 3 --pw-min 4 m7100_n.txt abcd Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size... Added hashes from file m7100_n.txt: 1 (1 salts) Activating quick-digest mode for single-hash with salt NOTE: press enter for status-screen Input.Mode: Mask (abcd) [4] Index.....: 0/1 (segment), 1 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Progress..: 1/1 (100.00%) Running...: 00:00:00:01 Estimated.: --:--:--:-- Started: Mon Feb 10 00:18:54 2014 Stopped: Mon Feb 10 00:18:55 2014 Thank you. Note: I have probed in a x86_64 architecture (windows and linux) and it works perfectly. I believe that it is a i386 issue. RE: Mac OS X 10.8-9 Issue - philsmd - 02-11-2014 Thx for these details and your testing... We did make the same test w/ a 32bit system (and w/ 32bit binary on 64bit system) and discovered a problem for this hash type, other affected hash types are 1750, 1760 and 6500. This helped a lot to find these bugs... But keep in mind, next time report issues on trac (https://hashcat.net/trac/ ) and don't post hashes on forum. Next release version will include those fixes. Thanx again |