+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Trying to get formatting right (/thread-8083.html)
Trying to get formatting right - Randomdude - 01-20-2019
So I am trying to crack a password and here's what I know:
Password hash: SHA-1 f29xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxedad
Password salt: 506xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe456 (hex bytes, prepended to password)
Password encoding: UTF-16LE
What will be the correct formatting of the "hash" in hashcat?
More info about the hash http://www.jrsoftware.org/ishelp/index.php?topic=setup_encryption
RE: Trying to get formatting right - royce - 01-20-2019
Posting non-example unredacted hashes is against the forum rules. I've redacted your post.
It looks like this mode may match:
Code:
140 | sha1($salt.utf16le($pass)) | Raw Hash, Salted and/or IteratedThe expected format would be "[hash]" + ":" + "[salt]", with the --hex-salt parameter.
RE: Trying to get formatting right - philsmd - 01-20-2019
see https://github.com/hashcat/hashcat/issues/85 for innosetup you need to use --hex-salt (according to that old trac ticket conversation).
RE: Trying to get formatting right - Randomdude - 01-20-2019
(01-20-2019, 09:52 PM)philsmd Wrote: see https://github.com/hashcat/hashcat/issues/85 for innosetup you need to use --hex-salt (according to that old trac ticket conversation).
So the algo is -m 120 instead of -m 140?
Also the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?
One more thing I do not get is how Inno Setup protects the actual encryption key, the way I understand it is that Inno setup hashes the entered key and compares it to the hash it has, then if it gets matched it just decrypts files using a completely different key (which is a sha1 of salt+pass). Am I wrong?
Edit: Actually now that I think about it, decryption key might be getting made (sha1($salt.utf16le($pass))) after the pass has been verified, pretty clever though I am still not sure.
RE: Trying to get formatting right - undeath - 01-20-2019
(01-20-2019, 10:45 PM)Randomdude Wrote: the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?
no
RE: Trying to get formatting right - Randomdude - 01-20-2019
(01-20-2019, 11:24 PM)undeath Wrote:(01-20-2019, 10:45 PM)Randomdude Wrote: the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?
no
Yeah I guess you are right, but why was magnumripper so optimistic here https://github.com/magnumripper/JohnTheRipper/issues/1042 ?
RE: Trying to get formatting right - undeath - 01-20-2019
SHA1 is fast, but twelve characters are still too many.