+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Feature Requests (https://hashcat.net/forum/forum-7.html)
+--- Thread: Oracle 10G & Lower - DES($salt.$pass) (/thread-962.html)
Pages:
1
2
Oracle 10G & Lower - DES($salt.$pass) - aliby - 02-29-2012
Just wanted to see if there was any possibility of getting support for Oracle 10G and lower hashes implemented in oclHashCat/cudaHashCat. Oracle 10g uses the DES($salt.$pass) hash format, where $salt is the account username.
Thanks!
RE: Oracle 10G & Lower - DES($salt.$pass) - aliby - 02-29-2012
Just realized that DES takes a 56-bit input, so my understanding of the Oracle hashing algorithm wasn't 100% correct.
Here are a few good resources that describe the process correctly:
http://jchblue.blogspot.com/2010/04/oracle-password-algorithm.html
http://freeworld.thc.org/papers/thc-orakelsniffert.pdf
http://groups.google.com/group/comp.databases.oracle/msg/83ae557a977fb6ed
http://www.red-database-security.com/whitepaper/oracle_passwords.html
RE: Oracle 10G & Lower - DES($salt.$pass) - atom - 03-01-2012
looks interessting. thanks for the resources. if there is more demand i definitely will add it.
RE: Oracle 10G & Lower - DES($salt.$pass) - aliby - 03-01-2012
Great thanks! :-)
RE: Oracle 10G & Lower - DES($salt.$pass) - point5 - 03-14-2012
I would also really like to have this feature!
RE: Oracle 10G & Lower - DES($salt.$pass) - atom - 03-18-2012
@Hash-IT: Can you please add this to wiki?
RE: Oracle 10G & Lower - DES($salt.$pass) - atom - 03-21-2012
OK, got the first version working!
That damn document from above -> http://freeworld.thc.org/papers/thc-orakelsniffert.pdf
I lost nearly a week till I realized that this block is invalid:
Quote:// first DES CBC
temp = DES_ENCODE(in[0], magic_number)
= DES_ENCODE(0x0053005900530048, 0x0123456789ABCDEF)
= 0x170453E89F8CDA7
See here:
Quote:root@thumbstone:~# xxd data
0000000: 0053 0059 0053 0048 .S.Y.S.H
root@thumbstone:~# openssl enc -e -in data -des -K 0123456789abcdef -iv 0 -nopad | xxd
0000000: 488f 689a b4f1 8f82 H.h.....
However, got it working. Some example output following.
Finds the pass:
Quote:root@sf:~/oclHashcat-lite-0.10# ./oclHashcat-lite64.bin -m 3100 C648972D2BE43FA4:SYS --pw-min 5 --quiet
C648972D2BE43FA4:SYS:H4X0R
root@sf:~/oclHashcat-lite-0.10#
Benchmark on hd7970 (stock clock):
Quote:root@sf:~/oclHashcat-lite-0.10# ./oclHashcat-lite64.bin -m 3100 aaaaaaaaaaaaaaaa:a --pw-min 7 -n 800 --gpu-loops 1024 --runtime 30
oclHashcat-lite v0.10 by atom starting...
** Valid keyfile for beta usage: atom (expires 08.03.2013)
GPU-Loops: 1024
GPU-Accel: 800
Password lengths range: 7 - 55
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Tahiti, 2935MB, 0Mhz, 32MCU
[s]tatus [p]ause [r]esume [q]uit =>
NOTE: Runtime limit reached, aborting...
Status.......: Aborted
Hash.Target..: AAAAAAAAAAAAAAAA:A
Hash.Type....: Oracle 7-10g
Time.Running.: 34 secs
Time.Left....: 3 mins, 14 secs
Plain.Mask...: ?1?2?2?2?2?2?2
Plain.Text...: ***AAAA
Plain.Length.: 7
Progress.....: 11744051200/78364164096 (14.99%)
Speed.GPU.#1.: 342.4M/s
HWMon.GPU.#1.: 99% GPU, 52c Temp
Started: Wed Mar 21 14:42:49 2012
Stopped: Wed Mar 21 14:43:24 2012
RE: Oracle 10G & Lower - DES($salt.$pass) - Kakoose - 03-22-2012
Looking good atom!
RE: Oracle 10G & Lower - DES($salt.$pass) - atom - 03-22-2012
Did another optimization, 400 Mhash/s mark broken :-)
RE: Oracle 10G & Lower - DES($salt.$pass) - point5 - 05-03-2012
Any chance I can help test the 10g cracking?