7Zip Hash, missing SALT? (Salt-value exception)
#1
I've used 7z2hashcat to create a hash of my 7z file, however, it seems to me that the [salt] seems to come out blank.

Hash:
Code:
$7z$1$19$0$$8$9a82378...
*Note, my hash is like 200kb in size.


When I try to load my hash with hashcat 4.1.0, I get the following error:

Code:
hashcat (v4.1.0) starting...

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: Hawaii, 3264/4096 MB allocatable, 44MCU
* Device #2: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, skipped.

Hashfile 'C:\Users\User\Desktop\hashcat\out.txt' on line 1 ($7z$1$...1b774699f4125$1059026$5d00001000): Salt-value exception
No hashes loaded.

Started: Sun Mar 18 21:25:18 2018
Stopped: Sun Mar 18 21:25:18 2018

I'm not sure what I've been doing wrong here, I've used the latest's windows build of 7z2hashcat, as well as a git cloned copy for Ubuntu. Both hash outputs seems to be exactly the same.

Appreciate anyone who can help me out.

---------------
[edit] Tested with hashcat 4.1.1 beta, and the same error:

Code:
hashcat (v4.1.0-2-g8079abff) starting...

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: Hawaii, 3264/4096 MB allocatable, 44MCU
* Device #2: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, skipped.

Hashfile 'C:\Users\User\Desktop\hashcat\out.txt' on line 1 ($7z$1$...1b774699f4125$1059026$5d00001000): Salt-value exception
No hashes loaded.

Started: Sun Mar 18 21:55:15 2018
Stopped: Sun Mar 18 21:55:16 2018
#2
What is the command you run ?
Are you able to crack the example hash from https://hashcat.net/wiki/example_hashes ?
#3
Here is my command:

Code:
hashcat64.exe -a 0 -m 11600 -o "C:\Users\User\Desktop\hashcat\hashcat-4.1.0\cracked.txt" "C:\Users\User\Desktop\hashcat\out.txt"

Which gives me:

Code:
hashcat (v4.1.0-2-g8079abff) starting...

* Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
            You can use --force to override, but do not report related errors.
OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: Hawaii, 3264/4096 MB allocatable, 44MCU
* Device #2: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, skipped.

Hashfile 'C:\Users\User\Desktop\hashcat\out.txt' on line 1 ($7z$1$...1b774699f4125$1059026$5d00001000): Salt-value exception
No hashes loaded.

Started: Mon Mar 19 12:18:07 2018
Stopped: Mon Mar 19 12:18:07 2018


I've tested this with the sample hash, and it appears to work correctly ...

Code:
hashcat64.exe -a 0 -m 11600 -o "C:\Users\User\Desktop\hashcat\hashcat-4.1.0\cracked.txt" "C:\Users\User\Desktop\hashcat\hash3.txt"


Results:

Code:
hashcat (v4.1.0-2-g8079abff) starting...

* Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
            You can use --force to override, but do not report related errors.
OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: Hawaii, 3264/4096 MB allocatable, 44MCU
* Device #2: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, skipped.

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Watchdog: Temperature abort trigger set to 90c

Starting attack in stdin mode...

Session..........: hashcat
Status...........: Running
Hash.Type........: 7-Zip
Hash.Target......: $7z$0$19$0$salt$8$f6196259a7326e3f0000000000000000$...703f96
Time.Started.....: Mon Mar 19 12:19:46 2018 (10 secs)
Time.Estimated...: Mon Mar 19 12:19:56 2018 (0 secs)
Guess.Base.......: Pipe
Speed.Dev.#1.....:        0 H/s (0.00ms) @ Accel:64 Loops:32 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Candidates.#1....: [Copying]
HWMon.Dev.#1.....: Util:  0% Core: 302MHz Mem:1250MHz Bus:16
#4
If you use the straight word list attack mode (-a 0) you also need to specify a dictionary file.

hashcat -a 0 -m 11600 hash_file.txt dict_file.txt

you could also add rules like this:
hashcat -a 0 -m 11600 -r rules\best64.rule hash_file.txt dict_file.txt
#5
(03-19-2018, 06:34 PM)philsmd Wrote: If you use the straight word list attack mode (-a 0) you also need to specify a dictionary file.

That's beside the point if the hash isn't loaded at all though.
#6
When I simplify my command, as demonstrated by @philsmd, I get the same error with my hash:

Command:
Code:
>hashcat64.exe -a 0 -m 11600 "C:\Users\User\Desktop\hashcat\out.txt" "C:\Users\User\Desktop\hashcat\rockyou.txt"

As stated by @undeath, I haven't even gotten to any of the customization of my attack, because I cannot even load the hash in the first place.
#7
Well, it's difficult for us/me to guess what is wrong with your hash.

You probably have 3 options:
1. try to modify your hash in a way that it looks like the example hash and see where the problem could be by obverving the behaviour of hashcat (when does it fail, when does it work?)
2. try to generate further 7zip files and test when they work and when exactly they fail loading
3. ask somebody that you trust via PM if s/he can help you to figure out what the problem could be with that hash (you are not allowed to post hashes on the forum as you might already know)
#8
(03-19-2018, 07:49 PM)philsmd Wrote: Well, it's difficult for us/me to guess what is wrong with your hash.

You probably have 3 options:
1. try to modify your hash in a way that it looks like the example hash and see where the problem could be by obverving the behaviour of hashcat (when does it fail, when does it work?)
2. try to generate further 7zip files and test when they work and when exactly they fail loading
3. ask somebody that you trust via PM if s/he can help you to figure out what the problem could be with that hash (you are not allowed to post hashes on the forum as you might already know)

I've compared my hash vs the sample hash, and another users hash, which I stumbled upon online. They all seem similar as far as structure goes, the only main difference is that my hash is massive in comparison. Where the Sample hash is 1kb, mine is over 200kb.

They both consist of 13 segments of $[data], where as my 11th segment contains an immense amount of data. Which from my understanding is:
Code:
$[encrypted data] the encrypted data itself (this field in some cases could be truncated, see below)

For the record, my 7z file is approx 250mb, not sure if that make's a difference to the size of the hash file.

I have no issues in sending my hash file to anyone who's willing to take a look at it for errors. But, as stated, I won't post it publicly

[Update]

Ok, so playing with my hash file, it seems that I can get it to work by changing a single character.

At the beginning of my hash file is:

Code:
$7z$1$19$0$$8$9a82...
-----^

If I simply change the $1 to a $0, then hashcat works:

Code:
$7z$0$19$0$$8$9a82...
-----^

My only concern is, what impact would this have on my hash file? Apparently this digit is:

Code:
$[data type indicator] -  number ranging from 0 to 255 to indicate truncation and compression (see below)
#9
hmm, that doesn't seem to be the solution (but it is still interesting).

What happens if you change both the data length and the encrypted data to a shorter strings (the encrypted data is in hex and therefore it is twice as long as the data length indicates, if you change one you also need to change the other).
#10
(03-19-2018, 10:33 PM)philsmd Wrote: hmm, that doesn't seem to be the solution (but it is still interesting).

What happens if you change both the data length and the encrypted data to a shorter strings (the encrypted data is in hex and therefore it is twice as long as the data length indicates, if you change one you also need to change the other).

Which length would I be changing?

7z2hashcat lists 2 lenghts, at the 9th and 10th place. 11th place is obviously the encrypted data itself, because it's 99% of the file contents.

Code:
09 $[length of encrypted data] - the length of the encrypted data (see [encrypted data]
10 $[length of decrypted data] - the length of the output of the AES decryption of [encrypted data]
11 $[encrypted data] - the encrypted data itself (this field in some cases could be truncated, see below)

Wouldn't modifying this encrypted data and length have an effect on what the outcome of the hashed password is?

Also, I assume I'd be modifying this with the second position reset back to 1, it's original state?