05-09-2020, 11:32 PM
(05-08-2020, 03:43 AM)womble Wrote: What exactly do you need help with? If it's interpreting the algorithm description, if I'm reading the description correctly, in pseudocode, what they're describing looks something like this:
b1 = SHA1(password)
b2 = SHA1(password + b1)
b3 = SHA1(password + b2)
xor_source = last_four_bytes_of(b3)
key = first_56_bytes_of(b1 + b2 + b3)
first_four_bytes_of(key) = first_four_bytes_of(key) XOR xor_chunk
Since the source is (presumably) up on SourceForge, though, you could skip their textual description and just Use The Source, Luke (possibly with the help of a debugger).
If you're wanting help actually running that algorithm in Hashcat, you'll absolutely 100% need to write a module. There's nothing at the moment that implements the algorithm you've described (unless someone's snuck in a new module in the last few weeks). As a base, 18600 would probably work best, as it's using SHA-1 and Blowfish (though in a different construction), and of course the comparison kernel would presumably need to be somewhat different.
Correct, I am looking for help developing a module to attack this particular implementation. Is this a good place to request or on Github? I am not savvy enough to create the module and thus seeking help from the community. Thanks, <-Romeo3442->