05-15-2020, 04:13 PM
(05-15-2020, 07:46 AM)womble Wrote: You really helped doing that decode and annotation -- made the whole thing pretty easy. Like you, I got misled by the source, by the use of the word "key" with reference to the MD5 check (in the call to TKeyHashSimple.Create) -- it's not the SHA-1-generated key that gets passed in, it's actually the raw passphrase. So, to check if a password is a valid candidate for decryption, you don't even *need* to do any SHA-1 or key construction -- the MD5 check is sufficient. I nearly hurt myself laughing when I realised how simple (and bad) it is.
I've got the C module code and an -a3 (brute-force) kernel that cracks a test crypted file already written; wordlist and combo kernels are a few lines of copy-paste away. Benchmark on a 3-year-old Intel mobile CPU:
Hashmode: 24300 - BFACS
Speed.#2.........: 176.4 MH/s (47.31ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8
Thank you! When Romeo first contacted me and told me about this and mentioned blowfish, I said "oh hashcat supports that!", after reading the documentation and exploring the source code, I came to find out it was using blowfish to encrypt the data, but they key derivation algorithm was laughable.
Looks like speeds are impressive for the given hardware.