04-20-2013, 10:34 PM
Hi guys, thx @atom,
and here are the details, it is (partially) too easy to be true and not understandable why nobody else came up with this details b4 ;-):
- smd5 uses md5_crypt basically
- ssha* variants use pbkdf2-hmac-sha-* (there are three of those ssha1, ssha256 and ssha512 connected to the pbkdf2-hmac-sha-* variant)
Furthermore, there is a non-standard (but well-known) base64 table in use:
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
The main difference of smd5 from standard md5_crypt() is that smd5 doesn't use the "$1$" within the md5_crypt digest generation.
But there is an option, they told me, that enables the "standard" version of md5_crypt, i.e. w/ std_hash=true or similar.
There are also very small base64 hacks in ssha* variants but of no big deal, i.e. the length of the outcome hash, what happens w/ padding etc.
If you have some sample hashes (or better password/hash pairs), it is easy to spot this details.
Too much words, here I open a ticket w/ source code attached (be warned: this code is hackish, was quickly written down, w/o looking at performance etc, but should be working too. Don't blame me for the (bad) code, ok?):
https://hashcat.net/trac/ticket/135
and here are the details, it is (partially) too easy to be true and not understandable why nobody else came up with this details b4 ;-):
- smd5 uses md5_crypt basically
- ssha* variants use pbkdf2-hmac-sha-* (there are three of those ssha1, ssha256 and ssha512 connected to the pbkdf2-hmac-sha-* variant)
Furthermore, there is a non-standard (but well-known) base64 table in use:
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
The main difference of smd5 from standard md5_crypt() is that smd5 doesn't use the "$1$" within the md5_crypt digest generation.
But there is an option, they told me, that enables the "standard" version of md5_crypt, i.e. w/ std_hash=true or similar.
There are also very small base64 hacks in ssha* variants but of no big deal, i.e. the length of the outcome hash, what happens w/ padding etc.
If you have some sample hashes (or better password/hash pairs), it is easy to spot this details.
Too much words, here I open a ticket w/ source code attached (be warned: this code is hackish, was quickly written down, w/o looking at performance etc, but should be working too. Don't blame me for the (bad) code, ok?):
https://hashcat.net/trac/ticket/135