Colliding password protected MS office 97-2003 documents
#7
Thanks Guys!

I've finished the special modes 9710 and 9720 for in BF mode for AMD cards.

Beta-Tester can download latest beta version from beta site. Make sure you download beta17 or higher.

To use the collider mode, you first need to crack the RC4 key as described above.

Cracking the RC4 is done by mode 9710. I'd recommend you to use -o as it will save you some copy paste stuff.

Code:
./oclHashcat64.bin -m 9710 hash -a 3 -w 3 ?b?b?b?b?b -o hash.rc4

Indeed it will be possible later on to not BF the RC4 key but use all attack-modes as you know them.

BF is just cool as it's guaranteed to success in a short time.

However I'd recomment yout to run your dictionaries first, with a small ruleset and if it does not hit, redo it with -a 3.

Once you have the RC4 key, the output-line in hash.rc4 looks like this:

Quote:$oldoffice$1*d6aabb63363188b9b73a88efb9c9152e*afbbb9254764273f8f4fad9a5d82981f*6f09fd2eafc4ade522b5f2bee0eaf66d:f2ab1219ae

The RC4 key (in hex) was just apppend to the line.

This line is exactly the format for the input-line for the collider mode 9720. That's why I recommend to use -o because you can use that file as hashfile for -m 9720 now.

Code:
./oclHashcat64.bin -m 9720 hash.rc4 -a 3 -w 3 ?a?a?a?a?a?a

If it exhausts, just add another ?a, it will collide sooner or later, for sure.

Quote:$oldoffice$1*d6aabb63363188b9b73a88efb9c9152e*afbbb9254764273f8f4fad9a5d82981f*6f09fd2eafc4ade522b5f2bee0eaf66d:f2ab1219ae:zvDtu!

Some other notes:
  • Beta17 only supports AMD cards and only in BF mode, other will follow soon
  • You can already multi-collide (as in multi-hash) this mode
  • The collider will work *only* for $0 and $1 of MS Office 97-2003 using MD5/RC4 as described above.
  • To crack $3 or $4 of MS Office 97-2003 using SHA1/RC4 you need to use -m 9800

--
atom
Reply


Messages In This Thread
RE: Colliding password protected MS office 97-2003 documents - by atom - 09-09-2014, 03:37 PM