Cant Output Cracked Password with Null Character
#1
If an application UTF-8 encodes passwords before hashing them, it hashes them in the format SHA(0x41 0x00 0x42 0x00 0x43 0x00 0x44 0x00) with a null byte every other character.

If you successfully crack this password in hashcat, it will only output the first character, then terminate the file, even if the output is hex encoded.

Additionally, you can't crack passwords longer than 8 characters because of the 16 char length limit of masking rules, since each character takes up two bytes. Please let me know if there's a better way for this.

Very similar to this bug, although I think that it's an output bug, not a rule processing bug. I wasn't sure if i should bump that thread or create new.
http://hashcat.net/forum/thread-292.html

The C# App
Code:
UnicodeEncoding encoder = new UnicodeEncoding();
Byte[] s= encoder.GetBytes(password);

My Test Hash (python)
Code:
import hashlib
import binascii

#unicode ABCD
password = "\x41\x00\x42\x00\x43\x00\x44\x00"

print "Passwordplushhash: " + password
print "Passwordplushhashhex: " + password.encode("hex")

pwhash = hashlib.sha512(password).digest()

try:
    f = open("~/asdfunicode", "w")
    f.write(binascii.hexlify(pwhash))
finally:
    f.close()

The Hash
Code:
cat ~/asdfunicode
b85bb505961426e951808b138ca0b93bb040e982de5c221431891aae026bfe2d1d2e83767d99c505f883db47ca62ef6e2c68be219e5238a495b960b7aa542391

The Command
Code:
./oclHashcat-plus64.bin -m 1700 -o ~/asdfunicode.output --outfile-format=4 --force --hex-charset -a 3 -1 ?l?d?s?u -2 00 ~/asdfunicode ?1?2?1?2?1?2?1?2

The Output File
Code:
cat ~/asdfunicode.output
41

Version: oclhashcat plus .12 I know it's a bit old, but I was asked not to upgrade anything on this GPU box right now. Let me know if you'd like me to upgrade.

OS: Ubuntu

Driver: Let me know if you need this. I dont know it off hand, but I think it's irrelevant to this.


Messages In This Thread
Cant Output Cracked Password with Null Character - by cyphear - 02-08-2013, 09:06 PM