Unable to load a 7z archive hash made with 7z2hashcat
#1
Hi All,

I have a large (2.3ishGB) .7z archive I'm trying to break back into after forgetting the password because it was made years ago. 

I know the passwords rough construction but can't quite remember where I substituted letters for numbers ect. so have been playing round with Hashcat to try and get back into it.

I've used the latest windows release of 7z2hashcat on the archive on my windows 10 64 machine using this command:

Code:
7z2hashcat64-1.3.exe e:\Things.7z > hash2.hash

and piped the output straight in to a file which I didn't mess with or open before trying to use hashcat on it.

I keep getting the error:

Code:
Hashfile 'e:\hash2.hash' on line 1 ($7z$1$...0ccb321b947a3e$199076$5d00000400): Token length exception

No hashes loaded.

The hash I get back is 28KB, Far longer than the example hash on the wiki when read on Notepad++.

I am using a mask file but have tried it with a bunch of ?a on the mask just to see if it fires off and it comes back with the same result. Below is the commands I have tried and got the same results:

Code:
hashcat64.exe -a 3 -m 11600 hash2.hash mask.hcmask

hashcat64.exe -a 3 -m 11600 hash2.hash ?a?a?a?a?a?a?a

I have used the example specified on the wiki and run it with the masks ?a?a?a?a?a?a?a and ?l?l?l?l?l?l?l and they kick off and crack on. 

I know the password I'm using is between about 22-26 characters and can remember what words I used, but cannot remember which letter I substituted for numbers. 

For example in the password Best could be Best, best, b3st or B3st and my mask is Bb,e3,s,t with ?s for where I know there are spaces - please correct me if I am wrong here I'm still learning Hashcat.

I've also used the same 7z2hashcat tool on an archive I made today with an easy 4 letter password and the received hash was 394KB and this returns the same error when I try and start it with the above commands

I am also using notepad++ for any editing of texts.

On a side note I have two machines available one with a GTX980 the other with a GTX660ti the example hash used on the 980 trolleys along at about 4.4K hashes a second but the 660ti says its down at 1 hash a second. Anyone got any idea why? 

I would have thought the 660ti while slow would have been a touch faster than that.

I'm happy to PM hashes and my mask to any suitable mod god who requests them to aid in diagnosis too. As it's not a mission critical file.
#2
with "only" 28KB you shouldn't reach the limits.

yeah, my guess is that hashcat doesn't accept one of the fields/values (there are a lot of them see the 7z2hashcat github page for the details).

You could either play with the value and see which are too large or long .... or PM me (or other mods/admins) the hash and we could/need to debug/troubleshoot it

Without the hash it's difficult to say
#3
(02-14-2019, 11:14 AM)philsmd Wrote: with "only" 28KB you shouldn't reach the limits.

yeah, my guess is that hashcat doesn't accept one of the fields/values (there are a lot of them see the 7z2hashcat github page for the details).

You could either play with the value and see which are too large or long .... or PM me (or other mods/admins) the hash and we could/need to debug/troubleshoot it

Without the hash it's difficult to say

As I'm not 100% sure what I'm looking at\ doing yet with the contents of a 7z hash I have sent you a PM with the hash I'm trying to break and an easy test hash I tried to make sure it wasn't me extracting something wrong.

J
#4
update: we verified that it's a too strict parser problem in seven_zip_parse_hash (), not the whole lengths are currently allowed because of token.len_max[8] and token.len_max[9] only allowing a lenght of 4 digits i.e. up to 9999.
#5
I am having the exact same error with a file I can't remember the password I used at the time. Any variation I try with my hash always returns "Token length exception". Is there anything I should be doing to move past this error? Is it still an issue?
#6
please try the beta from https://hashcat.net/beta

if not working, you need to give more details about the lengths of your fields etc (or send a test hash via PM that doesn't work with latest beta)
#7
(03-11-2019, 04:19 PM)philsmd Wrote: please try the beta from https://hashcat.net/beta

if not working, you need to give more details about the lengths of your fields etc (or send a test hash via PM that doesn't work with latest beta)

Thanks for the quick reply philsmd. 

I am trying to run this beta version but it doesn't have a windows executable and when I try to run on Ubuntu it requires libc6 version 2.28, however, this version is not yet released on Ubuntu and it only let me update to 2.27 ["libc6 is already the newest version (2.27-3ubuntu1)"]. Sorry I am no expert in Linux environments, but is there another way I could run it?
#8
hashcat.exe is within the .7z beta archive. This is the 64-bit executable for windows.

never heard of libc problems together with hashcat, recently. It should work the same way as the release version work on linux (did you try the release version, just for the linux testing ? of course the release version doesn't contain the fix and therefore you can't use it for your 7-Zip hash).


update:I just found out that this might really be a problem with the beta version of hashcat !

Code:
objdump -T hashcat.bin | grep 'GLIBC_[0-9.]*' -o | sort -u
GLIBC_2.14
GLIBC_2.15
GLIBC_2.17
GLIBC_2.2.5
GLIBC_2.28
GLIBC_2.3
GLIBC_2.3.4
GLIBC_2.4
GLIBC_2.8

then investigating what needs glibc 2.28 I found this:
Code:
objdump -T hashcat.bin | grep GLIBC_2.28
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.28  fcntl64

it's the fcntl () function used for the features of brain/selects Sad
we will try to fix that. Thanks for reporting
(but of course this problem is not related to the 7z hash rejection, nor with the seemingly missing windows exe files (it's not missing, the name is just hashcat.exe)... this is a libc-compatibility problem with the latest beta)

update2: a new beta is online at https://hashcat.net/beta which should accept any glibc version >= 2.17
#9
(03-11-2019, 07:48 PM)philsmd Wrote: update2: a new beta is online at https://hashcat.net/beta which should accept any glibc version >= 2.17

Fantastic! Everything works now: Windows and Linux. Great software and amazing response time on this. Thank you so much philsmd.
#10
good. will close this thread just to make sure this isn't going to get a multi-thread about all 7-Zip questions.
(again, if you have currrently problems with 7-Zip hashes you should just try beta or any version > v5.1.0 if available on https://hashcat.net/hashcat - not released yet at the time of this writing)
Thx