Axcrypt support - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Axcrypt support (/thread-7614.html) |
Axcrypt support - Nubbin - 06-27-2018 Hello, I'm trying to attack a list of axcrypt hashes, but I've run into a problem. I used axcrypt2john to dump the hashes, but from what I can tell, hashcat only supports axcrypt hashes from files encrypted only with a password. It does not appear to support files encrypted with a password and a keyfile. Axcrypt2john does dump the correct hash, with the appropriate hex value of the keyfile appended to the hash, but I get a salt-length error with hashcat. I have used JtR successfully with keyfile hashes, but as far as I know there is no GPU support for axcrypt hashes with JtR. I'm also running into OpenCL errors, but that'll be a problem with my setup/unfamiliarity with JtR, I'm sure... Am I missing something, or am I out of luck and have to use JtR? Thanks! RE: Axcrypt support - undeath - 06-27-2018 if the example hash does not have keyfile data it's quite likely that this feature is not supported by hashcat. RE: Axcrypt support - Nubbin - 06-28-2018 That was my thinking too, thanks... I'm not familiar at all with the requirements for adding that support - given that it is already supported by JtR, and partially by hashcat, how realistic would it be to add in keyfile support to hashcat? I'm going to look into the feasibility of a custom word list, but it'd be a huge help to be able to make use of my GPUs. RE: Axcrypt support - atom - 06-28-2018 Fist0urs (the guy who added Axcrypt support to hashcat) said he'll add Axcrypt keyfile support to hashcat after he saw this post. Depends on his free time I guess. RE: Axcrypt support - Nubbin - 06-28-2018 That would be fantastic, I'd really appreciate that! RE: Axcrypt support - laulaf - 07-21-2018 Hello I'm french, I encrypt photos that I really like with Axcrypt 1.7, I lost the password AND I KNOW VERY LITTLE OF THING IN COMPUTING !!! I have been looking for a long time on internet to find out how to find this password, but when you are a beginner it is very difficult and I ended up falling on your discussion. I understand that there are programs like Hashcat, John the ripper, Python, axcryptjohn.py, hash, brute force, command lines etc, but HOW TO DO. Someone would have time and courage to explain myself, I really need it. Thank you, thank you in advance RE: Axcrypt support - laulaf - 07-21-2018 Hello I continued my research ... I downloaded Axcrypt2john here: https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/axcrypt2john.py The program looks like this: #! / usr / bin / python # Analyseur de fichiers cryptés AxCrypt 1.x pour JtR # 2016 par Fist0urs <eddy.maaalou at gmail.com>. # Ce logiciel est Copyright (c) 2016, Fist0urs <eddy.maaalou at gmail.com>, # et il est par la présente mis à la disposition du public en vertu des termes suivants: # Redistribution et utilisation sous forme source et binaire, avec ou sans modification, # sont autorisés. import sys, struct Le fichier # commence par un en-tête constant de 16 octets GUID = '\ xc0 \ xb9 \ x07 \ x2e \ x4f \ x93 \ xf1 \ x46 \ xa0 \ x15 \ x79 \ x2c \ xa1 \ xd9 \ xe8 \ x21' OFFSET_TYPE = 4 SIZE_KEYDATA = 24 # taille de la constante dans keywrap (0xA6 * 8) + taille de DEK (16) SIZE_SALT = 16 SIZE_ITERATION = 4 StructKeys = [] def usage (): print >> sys.stderr, 'utilisation:% s <axxfile> [fichier-clé] \ n'% sys.argv [0] print >> sys.stderr, 'Script pour extraire le hachage du fichier crypté AxCrypt ou du binaire auto-décryptant \ n' print >> sys.stderr, 'arguments optionnels: \ n chemin KEY-FILE vers le fichier clé facultatif fourni' sys.exit (1) def DWORD_to_int (string_dword): string_dword_reversed = string_dword [:: - 1] return int ('0x' + str (string_dword_reversed.encode ('hex')), 16) def parse_PE (axxdata): i = 0 while (axxdata [i: i + 16]! = GUID): i + = 1 retour axxdata [i:] def parse_axxfile (axxfile): stream = ouvert (axxfile, 'rb') axxdata = stream.read () stream.close () # si l'en-tête est 'MZ' si axxdata [: 2] == '\ x4D \ x5a': offset_PE_magic = struct.unpack ('<L', axxdata [60:64]) [0] # si "PE" suppose que PE si axxdata [offset_PE_magic: offset_PE_magic + 2] == '\ x50 \ x45': axxdata = parse_PE (axxdata) sizeof_file = len (axxdata) if (axxdata [: 16]! = GUID): print "Attention, GUID est différent de celui d'axcrypt ..." header_datalen_offset = 16 headertype = '\ x02' # premier type rencontré # headertype de la section dataencrypted est 0x3f while (type d'en-tête! = 63): header_datalen = ord (axxdata [header_datalen_offset]) headertype = ord (axxdata [header_datalen_offset + OFFSET_TYPE]) # probablement une clé StructKey if (header_datalen == 49 et headertype == 04): offset_to_keydata = header_datalen_offset + OFFSET_TYPE + 1 offset_to_salt = offset_to_keydata + SIZE_KEYDATA offset_to_iteration = offset_to_salt + SIZE_SALT dword_str = axxdata [offset_to_iteration: offset_to_iteration + SIZE_ITERATION] StructKeys.append ({'KeyData': axxdata [offset_to_keydata: offset_to_salt] , 'Salt': axxdata [offset_to_salt: offset_to_iteration] , 'Itération': DWORD_to_int (dword_str)}) header_datalen_offset + = header_datalen if (header_datalen_offset> = sizeof_file): print "Impossible d'analyser le fichier, de quitter" sys.exit (0) return StructKeys [0] ['KeyData'], StructKeys [0] ['Salt'], StructKeys [0] ['Iteration'] si __name __ == "__ main__": if (len (sys.argv)! = 2 et len (sys.argv)! = 3): usage() # A_DEK == wrappedKey wrappedKey, Salt, nb_iteration = parse_axxfile (sys.argv [1]) version = 1 keyfile_content = '' key_file_name = '' # Bande muette sur le chemin relatif axxfile = sys.argv [1] [sys.argv [1] .rfind ("/") + 1:] if (len (sys.argv) == 3): keyfile = ouvert (sys.argv [2], 'r') keyfile_content = '*' + keyfile.read (). encoder ("hex") key_file_name = '*' + sys.argv [2] [sys.argv [2] .rfind ("/") + 1:] keyfile.close () print axxfile + nom_fichier_clé + ": $ axcrypt $" + "*" + str (version) + "*" + str (nb_iteration) + "*" + Salt.encode ("hex") + "*" + wrappedKey.encode ("hex") + keyfile_content I downloaded Python 2.7 In the command line, I typed this: C: \ Python27> python axcrypt2john.py R485hgtd-jpg.axx (>it's my encrypted photo name) But I get an error that is: File "axcrypt2john.py", line 13 The # file starts with a constant header of 16 bytes I don't know what to do, does anyone have an idea? Thank you RE: Axcrypt support - undeath - 07-22-2018 You can't run program code through an online translator… RE: Axcrypt support - laulaf - 07-24-2018 Ok, ok, fine, so, if axcrypt2john.py has no error and if we do not use python what should we use? RE: Axcrypt support - undeath - 07-24-2018 use python but download the python script straight from github |