08-27-2018, 10:50 PM
Hi,
You could try to chop the first 327528 bytes off as it is described in the 7z2hashcat.pl.
Then use the script on the new *file*
You could try to chop the first 327528 bytes off as it is described in the 7z2hashcat.pl.
Then use the script on the new *file*
Code:
# This field is the first field after the hash signature (i.e. after "$7z$).
# Whenever the data was longer than the value of PASSWORD_RECOVERY_TOOL_DATA_LIMIT and the data could be truncated due to the padding attack,
# the value of this field will be set to 128.
#
# If no truncation is used:
# - the value will be 0 if the data doesn't need to be decompressed to check the CRC32 checksum
# - all values different from 128, but greater than 0, indicate that the data must be decompressed as follows:
# - 1 means that the data must be decompressed using the LZMA1 decompressor
# - 2 means that the data must be decompressed using the LZMA2 decompressor
# - 3 means that the data must be decompressed using the PPMD decompressor
# - 4 means that the data must be decompressed using the BCJ decompressor
# - 5 means that the data must be decompressed using the BCJ2 decompressor
# - 6 means that the data must be decompressed using the BZIP2 decompressor
# - 7 means that the data must be decompressed using the DEFLATE decompressor
# Truncated data can only be verified using the padding attack and therefore combinations between truncation + a compressor are not allowed.
# Therefore, whenever the value is 128 or 0, neither coder attributes nor the length of the data for the CRC32 check is within the output.
# On the other hand, for all values above or equal 1 and smaller than 128, both coder attributes and the length for CRC32 check is in the output.