HMAC-SHA1 with an MD5 key - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: HMAC-SHA1 with an MD5 key (/thread-6911.html) |
HMAC-SHA1 with an MD5 key - johnbrizard51 - 10-01-2017 Hi all, I would like to recover the key used to sign a message with HMAC-SHA1. I know the key was generated using MD5: PHP Code: $hash = hash_hmac('sha1', $message, hash('md5', $key, false)) // Sample php code that generated the hash Lets say the original key is 5 characters long alpha only. That would be 26^5 combinations instead of 2^128. Is it possible to use hashcat in that way ? Thanks for your time. RE: HMAC-SHA1 with an MD5 key - atom - 10-01-2017 Well I'd just create the 26^5 combinations using maskprocessor like mp64.bin -1 0123456789abcdef ?1?1?1?1?1 -o out.txt Then you can use hmac sha1 mode to crack it (mode 50) in -a 0 mode with out.txt as wordlist. Once you've cracked it you know the md5 which was used as key. Take it as hash for another invoation of hashcat in -a 3 mode with -m 0 and with the same mask -1 0123456789abcdef ?1?1?1?1?1 then you should be able to find it. RE: HMAC-SHA1 with an MD5 key - johnbrizard51 - 10-01-2017 Thanks for your answer. Unfortunately I think the key is more complex than what I expected. If it's 10 characters long (upper case, lower case, digit) that would be 62^10. I might be able to reduce that with some rules but still too much to use maskprocessor I think. Maybe I can write a custom kernel for that. Any tips on how to get started with custom kernel ? BTW, could someone tell me the difference between these 2 hash modes ? Code: 150 | HMAC-SHA1 (key = $pass) -m 150 seems 3 times slower than -m 160 in benchmark on my machine RE: HMAC-SHA1 with an MD5 key - atom - 10-01-2017 Unfortunately there's no documentation about how to add new kernels, but it's all pretty straight forwarded C, so should be easy to find out. 150 is using the password as key and salt as message, 160 is using salt as key and password as message. RE: HMAC-SHA1 with an MD5 key - johnbrizard51 - 10-03-2017 I created my custom kernel (only with -a 3, single hash mode) and added it to hashcat (interface.c, interface.h, ...). So now I can call it with -m 151. I started with kernel 150 as a base and wanted to add the MD5 STEP the same way kernel 4700 (sha1(md5($pass))) did it. Compilation is OK but I can't crack a simple hash with 'test' as key. It seems after hard time debugging that the MD5 is not generated correctly. He re is the code: https://pastebin.com/M8Kbiz61 (all my debugging code is commented) I took a look at kernel 0 code but it's using a different algorithm to generate MD5 (MD5_STEP_REV ?). Can you help me with the MD5 generation on my kernel please ? Thank you for your time |