hashcat Forum Support hashcat v
HMAC-SHA1 with binary Key

Thread Closed 
Threaded Mode
HMAC-SHA1 with binary Key
vinicius.vbf Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Oct 2017
#1
Question  10-16-2017, 02:32 AM
I have a HMAC-SHA1 hash that was generated by the following PowerShell script:

Code:
$hmac = New-Object System.Security.Cryptography.HMACSHA1;
$hmac.Key = [Convert]::FromBase64String("VIr7sf/y6Y4kgyCc+JFUbbW+Je8Eho0t18jGc9bFgm4=");
$hash = $hmac.ComputeHash([System.Text.Encoding]::Unicode.GetBytes("hashcat"));
[Convert]::ToBase64String($hash); # Result: MCY+Q1+M4bL825xVmUF4PjN9IWg=

# Hex values:
[BitConverter]::ToString($hmac.Key); # Result: 54-8A-FB-B1-FF-F2-E9-8E-24-83-20-9C-F8-91-54-6D-B5-BE-25-EF-04-86-8D-2D-D7-C8-C6-73-D6-C5-82-6E
[BitConverter]::ToString($hash); # Result: 30-26-3E-43-5F-8C-E1-B2-FC-DB-9C-55-99-41-78-3E-33-7D-21-68

As you can see, my key size is 32 bytes (which is supported) but has no valid representation as an ASCII string. How can I create a hash file to crack this password (as you can see above, the password is "hashcat")? I've tried using an hexadecimal editor to edit the key byte by byte in the file, but it didn't work.

Just for clarification, my current hash file look like this:

Code:
30263e435f8ce1b2fcdb9c559941783e337d2168:TŠû±ÿòéŽ$ƒ œø‘Tmµ¾%-×ÈÆsÖÅ‚n

So I think the question is: does hashcat support an arbitrary byte array as the algorithm key? How?

Thanks!
Find
Chick3nman Offline
The Man, The Myth, The Chicken
******
Posts: 404
Threads: 2
Joined: Dec 2015
#2
10-16-2017, 06:03 AM (This post was last modified: 10-16-2017, 06:04 AM by Chick3nman.)
There are 2 things that need to be done to make this work.

#1: Just use the hex of the key and then use the --hex-salt flag to read it into hashcat. It will make you life so much easier.

#2: Unicode.GetBytes("hashcat")); is NOT going to give you back just the literal string "hashcat". It is going to give you Unicode bytes, which would mean "hashcat" becomes "h[NULL]a[NULL]s[NULL]h[NULL]c[NULL]a[NULL]t[NULL]" or in hex, "68617368636174" would become "6800610073006800630061007400".

Your hash with it's given key written in hex and used with --hex-flag, will crack just fine if given the correct unicode plaintext:
30263e435f8ce1b2fcdb9c559941783e337d2168:548afbb1fff2e98e2483209cf891546db5be25ef04868d2dd7c8c673d6c5826e:$HEX[6800610073006800630061007400]

Or even given the raw key:
30263e435f8ce1b2fcdb9c559941783e337d2168:Tèv¦ =TÄ$â £°æTm¦+%n?åì-++¦s++én:$HEX[6800610073006800630061007400]
Find
philsmd Offline
I'm phil
******
Posts: 2,267
Threads: 16
Joined: Feb 2013
#3
10-16-2017, 07:33 AM
pro tip with hashcat 3.6+ or newer you could just use the --encoding-to command line option (if the word list is not already using the correct encoding):

Code:
$ cat hash.txt
30263e435f8ce1b2fcdb9c559941783e337d2168:548afbb1fff2e98e2483209cf891546db5be25ef04868d2dd7c8c673d6c5826e
$ cat dict.txt
hashcat
$ xxd -p dict.txt
686173686361740a
$ hashcat -m 160 --hex-salt --encoding-to=utf-16le hash.txt dict.txt
30263e435f8ce1b2fcdb9c559941783e337d2168:548afbb1fff2e98e2483209cf891546db5be25ef04868d2dd7c8c673d6c5826e:$HEX[6800610073006800630061007400]
Find
vinicius.vbf Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Oct 2017
#4
Thumbs Up  10-17-2017, 03:12 AM (This post was last modified: 10-17-2017, 03:15 AM by vinicius.vbf. Edit Reason: typo )
Hey guys, thank you so much! Worked like a charm Wink
Find
Thread Closed