I got Hashcat to recognize the hash and it started but returned "Exhausted" so I'm lost again.
I was going through the cloudkeychain hash format and with the help of some other posts I understood that the format was:
[HASH]:[SALT]:[ITERATIONS]:[DATA]
I was confused by the first hash part because I couldn't identify it, but after going through this thread I think I see that the [HASH] is the last 32 bytes of the original data and the [DATA] part has those removed?
https://hashcat.net/forum/thread-6268-po...l#pid38322
This is the output with the hash I pieced together and a dictionary with the correct password on the last line:
I was going through the cloudkeychain hash format and with the help of some other posts I understood that the format was:
[HASH]:[SALT]:[ITERATIONS]:[DATA]
I was confused by the first hash part because I couldn't identify it, but after going through this thread I think I see that the [HASH] is the last 32 bytes of the original data and the [DATA] part has those removed?
https://hashcat.net/forum/thread-6268-po...l#pid38322
Code:
SELECT lower (hex (substr (master_key_data, length (master_key_data) - 32 + 1, 32))) || ":" || lower (hex (salt)) || ":" || iterations || ":" || lower (hex (substr (master_key_data, 1, length (master_key_data) - 32))) FROM profiles;This is the output with the hash I pieced together and a dictionary with the correct password on the last line:
Code:
hashcat -m 8200 ..\cloudkeychain-hash ..\dictionary.txt
hashcat (v6.2.6) starting
ADL2_Overdrive_Caps(): -5
ADL2_Overdrive_Caps(): -5
ADL2_Overdrive_Caps(): -5
ADL2_Overdrive_Caps(): -5
ADL2_Overdrive_Caps(): -5
ADL2_Overdrive_Caps(): -5
ADL2_Overdrive_Caps(): -5
ADL_Overdrive5_CurrentActivity_Get(): -1
ADL_Overdrive5_CurrentActivity_Get(): -1
ADL_Overdrive5_FanSpeed_Get(): -1
ADL_Overdrive5_CurrentActivity_Get(): -1
ADL_Overdrive5_Temperature_Get(): -1
ADL_Overdrive5_CurrentActivity_Get(): -1
HIP API (HIP 4.4)
=================
* Device #1: AMD Radeon RX 6700 XT, 12269/12272 MB, 20MCU
OpenCL API (OpenCL 2.1 AMD-APP (3380.6)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #2: AMD Radeon RX 6700 XT, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
* Uses-64-Bit
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 175 MB
Dictionary cache built:
* Filename..: ..\dictionary.txt
* Passwords.: 1105
* Bytes.....: 19344
* Keyspace..: 1105
* Runtime...: 0 secs
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 8200 (1Password, cloudkeychain)
Hash.Target......: [hash]
Time.Started.....: Mon Mar 20 12:25:33 2023 (6 secs)
Time.Estimated...: Mon Mar 20 12:25:39 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (..\dictionary.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 196 H/s (0.55ms) @ Accel:128 Loops:64 Thr:32 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 1105/1105 (100.00%)
Rejected.........: 0/1105 (0.00%)
Restore.Point....: 1105/1105 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:649984-649999
Candidate.Engine.: Device Generator
Candidates.#1....: asdfa2300janlsdk. -> [password]
Hardware.Mon.#1..: N/A