hashcat Forum
Software Encrypted Files - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Software Encrypted Files (/thread-7778.html)



Software Encrypted Files - greaseMonkey - 09-02-2018

Attached is a file for a radio update that keeps failing to install for me and i would like to look at the source code. From skimming the file it appears that the passwords are are stored in the file as SHA256 hashes but I am still in part of the learning curve involved in all of this. Could someone verify my understanding of what I have in that file and how I would go about cracking those hashes. I would assume being a software company the passwords aren't going to be simple to crack but I could be wrong with this assumption. I have the newest version of Hashcat installed along with the utilities package. So far I have played around with simple hashes with dictionary attacks and rules such as best64 and rockyou-30000.

NOTE***FILES ARE XML extension changes to txt for upload. Should still open correctly for the purpose to examinint the data 

Any help would be greatly appreciated, 

greaseMonkey


RE: Software Encrypted Files - undeath - 09-02-2018

I don't know how exactly this update is supposed to be installed, but somewhere the encryption key must be supplied, if the file is encrypted at all.

Since it's apparently not you that supplies the encryption key/password there are mainly two possiblities:
1. The device's update mechanism has a hardcoded encryption key which is somewhere in the existing firmware
2. The encryption key is shipped with the encrypted file (and thus only obfuscation), this is quite unlikely
[3. The file is not encrypted at all]


RE: Software Encrypted Files - atom - 09-08-2018

There's a lot of SHA256 checksums (not hashes passwords) in the file. Sometimes they are paired with an IV, which doesn't make sense, since SHA256 does not use an IV. So the speculation would be that there's some unknown cipher involed. In order to crack them you need to need more about the details of how there were produced. IOW, you need to study the sources of the application which created the files.