hashcat Forum
Oracle 10G & Lower - DES($salt.$pass) - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Feature Requests (https://hashcat.net/forum/forum-7.html)
+--- Thread: Oracle 10G & Lower - DES($salt.$pass) (/thread-962.html)

Pages: 1 2


Oracle 10G & Lower - DES($salt.$pass) - aliby - 02-29-2012

Just wanted to see if there was any possibility of getting support for Oracle 10G and lower hashes implemented in oclHashCat/cudaHashCat. Oracle 10g uses the DES($salt.$pass) hash format, where $salt is the account username.

Thanks!


RE: Oracle 10G & Lower - DES($salt.$pass) - aliby - 02-29-2012

Just realized that DES takes a 56-bit input, so my understanding of the Oracle hashing algorithm wasn't 100% correct.

Here are a few good resources that describe the process correctly:

http://jchblue.blogspot.com/2010/04/oracle-password-algorithm.html
http://freeworld.thc.org/papers/thc-orakelsniffert.pdf
http://groups.google.com/group/comp.databases.oracle/msg/83ae557a977fb6ed
http://www.red-database-security.com/whitepaper/oracle_passwords.html


RE: Oracle 10G & Lower - DES($salt.$pass) - atom - 03-01-2012

looks interessting. thanks for the resources. if there is more demand i definitely will add it.


RE: Oracle 10G & Lower - DES($salt.$pass) - aliby - 03-01-2012

Great thanks! :-)


RE: Oracle 10G & Lower - DES($salt.$pass) - point5 - 03-14-2012

I would also really like to have this feature!


RE: Oracle 10G & Lower - DES($salt.$pass) - atom - 03-18-2012

@Hash-IT: Can you please add this to wiki?


RE: Oracle 10G & Lower - DES($salt.$pass) - atom - 03-21-2012

OK, got the first version working!

That damn document from above -> http://freeworld.thc.org/papers/thc-orakelsniffert.pdf

I lost nearly a week till I realized that this block is invalid:

Quote:// first DES CBC
temp = DES_ENCODE(in[0], magic_number)
= DES_ENCODE(0x0053005900530048, 0x0123456789ABCDEF)
= 0x170453E89F8CDA7

See here:

Quote:root@thumbstone:~# xxd data
0000000: 0053 0059 0053 0048 .S.Y.S.H
root@thumbstone:~# openssl enc -e -in data -des -K 0123456789abcdef -iv 0 -nopad | xxd
0000000: 488f 689a b4f1 8f82 H.h.....

However, got it working. Some example output following.

Finds the pass:

Quote:root@sf:~/oclHashcat-lite-0.10# ./oclHashcat-lite64.bin -m 3100 C648972D2BE43FA4:SYS --pw-min 5 --quiet
C648972D2BE43FA4:SYS:H4X0R
root@sf:~/oclHashcat-lite-0.10#

Benchmark on hd7970 (stock clock):

Quote:root@sf:~/oclHashcat-lite-0.10# ./oclHashcat-lite64.bin -m 3100 aaaaaaaaaaaaaaaa:a --pw-min 7 -n 800 --gpu-loops 1024 --runtime 30
oclHashcat-lite v0.10 by atom starting...

** Valid keyfile for beta usage: atom (expires 08.03.2013)

GPU-Loops: 1024
GPU-Accel: 800
Password lengths range: 7 - 55
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Tahiti, 2935MB, 0Mhz, 32MCU
[s]tatus [p]ause [r]esume [q]uit =>
NOTE: Runtime limit reached, aborting...


Status.......: Aborted
Hash.Target..: AAAAAAAAAAAAAAAA:A
Hash.Type....: Oracle 7-10g
Time.Running.: 34 secs
Time.Left....: 3 mins, 14 secs
Plain.Mask...: ?1?2?2?2?2?2?2
Plain.Text...: ***AAAA
Plain.Length.: 7
Progress.....: 11744051200/78364164096 (14.99%)
Speed.GPU.#1.: 342.4M/s
HWMon.GPU.#1.: 99% GPU, 52c Temp

Started: Wed Mar 21 14:42:49 2012
Stopped: Wed Mar 21 14:43:24 2012




RE: Oracle 10G & Lower - DES($salt.$pass) - Kakoose - 03-22-2012

Looking good atom!


RE: Oracle 10G & Lower - DES($salt.$pass) - atom - 03-22-2012

Did another optimization, 400 Mhash/s mark broken :-)


RE: Oracle 10G & Lower - DES($salt.$pass) - point5 - 05-03-2012

Any chance I can help test the 10g cracking?