Finding all the collisions for a given hash - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Finding all the collisions for a given hash (/thread-5861.html) |
Finding all the collisions for a given hash - jj - 09-11-2016 I'm brute forcing crc32 check sums and they have many collisions. For e.g. following strings have the same crc32. [.ERM*] [B6In] [^y#Hz] [cho "] So, is there a way that I can get all the collisions for a given checksum? Currently hashcat gives only the first one in the results I'm executing this - Code: hashcat64.exe -a 3 -m 11500 hashes.txt ?a?a?a?a?a RE: Finding all the collisions for a given hash - royce - 09-11-2016 I don't know of a way to do this with hashcat today. But the "jumbo" edition of John the Ripper has a "hidden" option (--keep-guessing) that will do this. For CRC32, the source file has to be assembled in a particular way, as documented here: http://openwall.info/wiki/john/hash-formats Here is a working example. $ cat crc32.hash user_x:$crc32$00000000.bb0e6e9b:::dummy $ ./john --fork=4 --format=crc32 --keep-guessing crc32.hash Using default input encoding: UTF-8 Loaded 1 password hash (CRC32 [CRC32 32/64 CRC-32C SSE4.2]) Node numbers 1-4 of 4 (fork) Note: Will keep guessing even after finding a possible candidate. Press 'q' or Ctrl-C to abort, almost any other key for status dhtchm (user_x) ikiotid (user_x) B6In (user_x) ... etc. Adjust the "fork" value for your number of CPUs/cores, of course. RE: Finding all the collisions for a given hash - jj - 09-11-2016 (09-11-2016, 06:43 AM)royce Wrote: I don't know of a way to do this with hashcat today. Is there a way by which we can resume the hashcat from where it stopped when it cracked the hash? I'm getting this error when trying to use restore :/ ERROR: Restore file '<directory>/hashcat.restore': No such file or directory RE: Finding all the collisions for a given hash - jj - 09-11-2016 I made a python script to do the work. Code: import re RE: Finding all the collisions for a given hash - royce - 09-11-2016 When using masks, hashcat uses the same sequence of passwords every time. I haven't read your script thoroughly, but how does the script teach hashcat that it shouldn't just stop at the first one it finds every time? Just disabling the potfile would not be sufficient, I think. Are you successfully getting collisions with this wrapper? RE: Finding all the collisions for a given hash - royce - 09-11-2016 Ah, you're using the offset - nice! RE: Finding all the collisions for a given hash - jj - 09-11-2016 (09-11-2016, 04:39 PM)royce Wrote: Ah, you're using the offset - nice! Yep, the script worked. I was able to get all the collisions. It uses the -s option. I'm calculating the offset by multiplying progress % to keyspace. This is done until the keyspace is exhausted. RE: Finding all the collisions for a given hash - atom - 09-12-2016 You can do what --keep-guessing is doing by adding OPTS_TYPE_PT_NEVERCRACK to the hashconfig->opts_type for mode 11500 in src/interface.c RE: Finding all the collisions for a given hash - jj - 09-12-2016 (09-12-2016, 12:22 AM)atom Wrote: You can do what --keep-guessing is doing by adding OPTS_TYPE_PT_NEVERCRACK to the hashconfig->opts_type for mode 11500 in src/interface.c Adding an option would be nice for future? RE: Finding all the collisions for a given hash - atom - 09-12-2016 If you want it added as option please open an issue on github |