HMAC-SHA1 with binary Key
#1
Question 
I have a HMAC-SHA1 hash that was generated by the following PowerShell script:

Code:
$hmac = New-Object System.Security.Cryptography.HMACSHA1;
$hmac.Key = [Convert]::FromBase64String("VIr7sf/y6Y4kgyCc+JFUbbW+Je8Eho0t18jGc9bFgm4=");
$hash = $hmac.ComputeHash([System.Text.Encoding]::Unicode.GetBytes("hashcat"));
[Convert]::ToBase64String($hash); # Result: MCY+Q1+M4bL825xVmUF4PjN9IWg=

# Hex values:
[BitConverter]::ToString($hmac.Key); # Result: 54-8A-FB-B1-FF-F2-E9-8E-24-83-20-9C-F8-91-54-6D-B5-BE-25-EF-04-86-8D-2D-D7-C8-C6-73-D6-C5-82-6E
[BitConverter]::ToString($hash); # Result: 30-26-3E-43-5F-8C-E1-B2-FC-DB-9C-55-99-41-78-3E-33-7D-21-68

As you can see, my key size is 32 bytes (which is supported) but has no valid representation as an ASCII string. How can I create a hash file to crack this password (as you can see above, the password is "hashcat")? I've tried using an hexadecimal editor to edit the key byte by byte in the file, but it didn't work.

Just for clarification, my current hash file look like this:

Code:
30263e435f8ce1b2fcdb9c559941783e337d2168:TŠû±ÿòéŽ$ƒ œø‘Tmµ¾%-×ÈÆsÖÅ‚n

So I think the question is: does hashcat support an arbitrary byte array as the algorithm key? How?

Thanks!
#2
There are 2 things that need to be done to make this work.

#1: Just use the hex of the key and then use the --hex-salt flag to read it into hashcat. It will make you life so much easier.

#2: Unicode.GetBytes("hashcat")); is NOT going to give you back just the literal string "hashcat". It is going to give you Unicode bytes, which would mean "hashcat" becomes "h[NULL]a[NULL]s[NULL]h[NULL]c[NULL]a[NULL]t[NULL]" or in hex, "68617368636174" would become "6800610073006800630061007400".

Your hash with it's given key written in hex and used with --hex-flag, will crack just fine if given the correct unicode plaintext:
30263e435f8ce1b2fcdb9c559941783e337d2168:548afbb1fff2e98e2483209cf891546db5be25ef04868d2dd7c8c673d6c5826e:$HEX[6800610073006800630061007400]

Or even given the raw key:
30263e435f8ce1b2fcdb9c559941783e337d2168:Tèv¦ =TÄ$â £°æTm¦+%n?åì-++¦s++én:$HEX[6800610073006800630061007400]
#3
pro tip with hashcat 3.6+ or newer you could just use the --encoding-to command line option (if the word list is not already using the correct encoding):

Code:
$ cat hash.txt
30263e435f8ce1b2fcdb9c559941783e337d2168:548afbb1fff2e98e2483209cf891546db5be25ef04868d2dd7c8c673d6c5826e
$ cat dict.txt
hashcat
$ xxd -p dict.txt
686173686361740a
$ hashcat -m 160 --hex-salt --encoding-to=utf-16le hash.txt dict.txt
30263e435f8ce1b2fcdb9c559941783e337d2168:548afbb1fff2e98e2483209cf891546db5be25ef04868d2dd7c8c673d6c5826e:$HEX[6800610073006800630061007400]
#4
Thumbs Up 
Hey guys, thank you so much! Worked like a charm Wink