restore file format in 1.36 - Printable Version

restore file format in 1.36 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: restore file format in 1.36 (/thread-4424.html)

restore file format in 1.36 - Aleksey - 06-09-2015

Can somebody describe restore file format for version 1.36?
I found some info here - https://hashcat.net/wiki/doku.php?id=oclhashcat#parsing_the_restore-file ... but its not fully correct ...

also i found this - https://github.com/philsmd/analyze_hc_restore and found that after pw_cur we must skip 9 bytes ... but in my output I must skip 12 bytes

Thanks in advance, Aleksey

RE: restore file format in 1.36 - atom - 06-10-2015

maybe 32 / 64 bit problematic ?

RE: restore file format in 1.36 - Aleksey - 06-10-2015

Whell may be...but you use structue with uint32 and uint64
typedef struct
{
uint32_t version_bin;
char cwd[256];
uint32_t pid;
uint32_t dictpos;
uint32_t maskpos;
uint64_t pw_cur;
uint32_t argc;
char **argv;
} restore_data_t;

i take it here - https://hashcat.net/wiki/doku.php?id=oclhashcat#parsing_the_restore-file

I dont know how to add my restore file...but i also try to use cudahashcat 1.33 on linux_x64... with the same result...

Its look like after argc in this struct presents 2 extra field
uint32_t ? - always zero for me
uint64_t ? - big number.... i dont know exactly (may be total keyspace? or number of password checked)

RE: restore file format in 1.36 - atom - 06-12-2015

but char * on a 64 bit system, wouldn' it produce an 8-byte address while on a 32 bit system it produces a 4-byte address. you can ignore them (big number).

The total keyspace depends on the attack-mode, but do not confuse it with the progress number. You can retrieve the keyspace with --keyspace

RE: restore file format in 1.36 - Aleksey - 06-12-2015

ok thanks... So in file we have

typedef struct
{
uint32_t version_bin;
char cwd[256];
uint32_t pid;
uint32_t dictpos;
uint32_t maskpos;
uint64_t pw_cur;
uint32_t argc;
char **argv;
} restore_data_t;
and after this struct we have string (argv)....

on x64 between argc & argv we have 4 bytes for alignement...