05-15-2020, 07:05 AM
Hello all!
My name is Jorge. I am the one who helped Romeo with parsing out the header of the file generated by the encryption software.
Womble, you are correct about the algorithm, this is a key derivation algorithm. From what I gather from looking at the source code, the password goes through 3 rounds of SHA1 to generate a 60 byte string. Obviously, since we need 56 bytes for the key, the last 4 byte get XORed with the first 4 bytes. After that, the salt is added and the result is md5 hashed. The digest is then folded to fit the last 4 bytes of the header.
We know that a simple script could automate the task, however I advised Romeo to reach out to the forum since implementing this could be helpful for other in the future and also it takes advantage of hashcat efficiency.
My name is Jorge. I am the one who helped Romeo with parsing out the header of the file generated by the encryption software.
Womble, you are correct about the algorithm, this is a key derivation algorithm. From what I gather from looking at the source code, the password goes through 3 rounds of SHA1 to generate a 60 byte string. Obviously, since we need 56 bytes for the key, the last 4 byte get XORed with the first 4 bytes. After that, the salt is added and the result is md5 hashed. The digest is then folded to fit the last 4 bytes of the header.
We know that a simple script could automate the task, however I advised Romeo to reach out to the forum since implementing this could be helpful for other in the future and also it takes advantage of hashcat efficiency.