Immy, let me ask one question: WHY? if we tell you that you are *not* allowed to post hashes (http://hashcat.net/forum/announcement-2.html , you are breaking the most important rule in this forum), why are you still continuing to do so?
Do you really expect people to help you if you don't follow the rules? Please remove every hash in the posts above, edit the posts and mask/remove the hashes.
hmmm...
I will answer your question anyway...
./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt --hex-charset -1 faf3fce1e9ed ?1?1?1?1?1?1
As you can see, it all depends on the encoding... you cannot try to crack w/ utf8 encoding if the hash was generated w/ nativ encoding... that is exactly the reason why I told you to use the correct encoding... but you *didn't* follow my advice!
The output is (MASKED as we always should do here, remember?):
0x0100xxx07632b6b1xxxx128668xxxxx852cbdxxxx2xxdxxf038:úóüáéÃ
The same works w/o --hex-charset and w/ hcchr files (mask.txt is a missleading name BTW, you should call it chars.hcchr but it doesn't really matter) instead:
./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt -1 mask.txt ?1?1?1?1?1?1
where the mask.txt file must have the following properties:
xxd -p1 mask.txt
faf3fce1e9ed0a
file mask.txt
mask.txt: ISO-8859 text
So everything works, you are just *not* following my advices nor searching how to do these things e.g. in the documentation/wiki, for instance here: http://hashcat.net/wiki/doku.php?id=mask_attack
oh, forgot 1 thing... if you for instance wanted to crack űő you need to have following cmd line:
./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt --hex-charset -1 017151 ?1?1?1?1
note: we need to have a mask of length 4 for these 2 "chars" ( 2 x 2 ) since they are defined (e.g. see here http://en.wikipedia.org/wiki/ISO/IEC_8859-2 ) as to have 2 codepoints each, i.e.
see link:
ű "\x01\x71"
Å‘ "\x01\x51"
as you can see, we need two "positions" for those chars, therefore if you want to crack a hash that include those you must expand your charset to also include \x01 (and possibly also \x02 as you can see in the IEC_8859-2 documentation)... you can use --increment to accomplish this in a bruteforce attack...
the main problem is that in theory each "char" of the original password could use 2 code-points, therefore you need to have --increment-min is the real length of the password string (or the length you think the password is), but --increment-max should be the double of that (e.g. --increment-min 4 --increment-max 8) since each "char" can be of form "\x.." "\x01\x.." or even "\x02\x.."
Do you really expect people to help you if you don't follow the rules? Please remove every hash in the posts above, edit the posts and mask/remove the hashes.
hmmm...
I will answer your question anyway...
./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt --hex-charset -1 faf3fce1e9ed ?1?1?1?1?1?1
As you can see, it all depends on the encoding... you cannot try to crack w/ utf8 encoding if the hash was generated w/ nativ encoding... that is exactly the reason why I told you to use the correct encoding... but you *didn't* follow my advice!
The output is (MASKED as we always should do here, remember?):
0x0100xxx07632b6b1xxxx128668xxxxx852cbdxxxx2xxdxxf038:úóüáéÃ
The same works w/o --hex-charset and w/ hcchr files (mask.txt is a missleading name BTW, you should call it chars.hcchr but it doesn't really matter) instead:
./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt -1 mask.txt ?1?1?1?1?1?1
where the mask.txt file must have the following properties:
xxd -p1 mask.txt
faf3fce1e9ed0a
file mask.txt
mask.txt: ISO-8859 text
So everything works, you are just *not* following my advices nor searching how to do these things e.g. in the documentation/wiki, for instance here: http://hashcat.net/wiki/doku.php?id=mask_attack
oh, forgot 1 thing... if you for instance wanted to crack űő you need to have following cmd line:
./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt --hex-charset -1 017151 ?1?1?1?1
note: we need to have a mask of length 4 for these 2 "chars" ( 2 x 2 ) since they are defined (e.g. see here http://en.wikipedia.org/wiki/ISO/IEC_8859-2 ) as to have 2 codepoints each, i.e.
see link:
ű "\x01\x71"
Å‘ "\x01\x51"
as you can see, we need two "positions" for those chars, therefore if you want to crack a hash that include those you must expand your charset to also include \x01 (and possibly also \x02 as you can see in the IEC_8859-2 documentation)... you can use --increment to accomplish this in a bruteforce attack...
the main problem is that in theory each "char" of the original password could use 2 code-points, therefore you need to have --increment-min is the real length of the password string (or the length you think the password is), but --increment-max should be the double of that (e.g. --increment-min 4 --increment-max 8) since each "char" can be of form "\x.." "\x01\x.." or even "\x02\x.."