unusually short crc from 7z2hashcat
#1
Hi all,

I'm trying to recover some old files that I put into password protected .7z files back in 8th grade (nothing interesting in them, just really for fun.) One file generates a really long hash that hashcat will take and process:

hash modified by philsmd (see forum rules):
$7z$1$19$0$$8$iv$crc$len1$len2$data$len3$coder attributes

but the second file only has a short hash:
hash modified by philsmd (see forum rules):
$7z$128$19$0$$16$iv$crc$len1$len2$data

But when I enter that into hashcat it gives me the following error:
Code:
Hashfile 'F:\*****\hashes5.txt' on line 1 ($): Signature unmatched

Hashfile 'F:\*****\hashes5.txt' on line 2 (): Line-length exception

I tried making a 7z file with a known password, and I also got a similar short hash that wouldn't work. Any suggestion on what I might be doing wrong? I really did look for an answer before coming here, but I wasn't able to find anything.
#2
You are not allowed to post hashes within this forum (except if moderators or the administrator ask you to help them troubleshoot some problem with a specific hash).

Which version of hashcat and 7z2hashcat are you using ? Are you sure you use the newest ones of both?

The 128 within the start of the hash $7z$128 means that the hash was truncated. Newer version of 7z2hashcat do not use the AES padding attack anymore (since a user reported that there is the possibility of false negatives). Therefore, newer version of 7z2hashcat.pl report a warning/error when truncation is needed.

My guess is that you are using older versions of the tools.
#3
(07-18-2017, 08:49 AM)philsmd Wrote: You are not allowed to post hashes within this forum (except if moderators or the administrator ask you to help them troubleshoot some problem with a specific hash).

Which version of hashcat and 7z2hashcat are you using ? Are you sure you use the newest ones of both?

The 128 within the start of the hash $7z$128 means that the hash was truncated. Newer version of 7z2hashcat do not use the AES padding attack anymore (since a user reported that there is the possibility of false negatives). Therefore, newer version of 7z2hashcat.pl report a warning/error when truncation is needed.

My guess is that you are using older versions of the tools.

My apologies for not reading the rules. I did edit the contents of the crc section of the hashes (but not the lengths) for my own safety.

I am using 7z2hashcat-1.0.exe, because I was having trouble getting windows to recognize my strawberry perl install.
#4
Use the latest release which is now also up-to-date with the source code:
7z2hashcat64-1.1.exe (for 32 bit windows use 7z2hashcat32-1.1.exe instead)