German Umlauts
#1
Lightbulb 
Dear fellow hashcats!
I need your help in a tricky case: I am trying to play around with a password that contains German Umlauts, i.e. ä, ö, ü or ß (or Ä, Ö, Ü). However, I am this far:

hashcat -m <TYPE NR> -a 3 --username -o cracked_pass.txt  hash.txt -w 4 --increment-min 1 --increment  --increment-max 30 --hex-charset -1 ?l?u?d?sf6fcdfe4c4d6dc9f96a4b6bc9c84 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

I suppose that the password is entered in utf-8 when cracking, e.g., a Microsoft Office file. As you can see, in char group -1, I have included some standard char_sets and some codes for the German umlauts. After ?s, it gets a bit messy.
I looked the codes up here and on Wikipedia. This page helped me as well. I read all posts in this forum that seemed to be relevant, but I was not able to find a proper char_set that not also represants all standard Latin letters, digits and special signs (!,#...), but also those Umlauts. I am not confident enough to use those predefined charsets or to convert them to utf-8 (from hashcat/charsets...German...).

Can you tell me how I can use German umlauts and such letters? Is my command (partly) right in that regard?
Reply
#2
well you can use a file for your input like -2 file (see below for content) and then combine it with -3 ?1?2

next is my list of german umlauts and its hex pendants

de-umlaute.charset
ä:c3a4
ö:c3b6
ü:c3bc
Ä:c384
Ö:c396
Ü:c39c
ß:c39f
€:e282ac

# de-umlaute-spezial.charset

¤:c2a4
º:c2ba
²:c2b2
³:c2b3

so my basic file for german umlauts looks like this

c2c38284969c9fa4acbab2b3b6bce2

found an extended version with following line, but im not quite sure what i was testing there (maybe some mix of german, russian, i dont know)

c2c38284969c9fa4acbab2b3b6bce2177f090a0d818d8f909d

so just put on of these lines into a file, feed it as -2 file, and combine -1 ?l?u?d?s with -3 ?1?2

you will have some overhead but i didnt came up with a better idea yet, maybe some of the mods/devs
Reply
#3
Many Thanks, I am a bit confused by the way we have to add those letters. It seems like using -3 ?1?2 would cause the program to only match alternating those two groups, e.g. aäaü and so on?
How did you come up with the first basic file starting with c2c382, because c3 is usually the beginning of those hex letters, but it appears only once in your string?
Reply
#4
yeah -3 ?1?2 can be a little bit confusing, just try it for yourself

hashcat -a 3 -1 12 -2 34 -3 ?1?2 --stdout --increment ?3?3
will result in
1
2
3
4
12
22
32
42
11
21
31
41
14
24
34
44
13
23
33
43

so -3 is just -1 and -2 combined but not in the "human" manner as on char/group but on content

for the file, when using --hex-charset, and due to the fact, that hashcat works byte by byte, the given file is splitted by bytes, so it results in c2, c3, ... and so on, so every needed byte-sequenz needs just to presented once

c3a4c3b6 (äö) is just the same like
c3a4b6 (it is just a manual cleanup of the doubled c3, i think hashcat will do the same on the fly)

EDIT:
another misunderstanding, when trying to crack for example the german ä (c3a4) with the given charfile above, the minimum mask has to be ?3?3 because ä is two bytes long, so a single ?3 wont crack this (this applies to all other language with utf8-chars), see the hex for €, there the mask has to be minimum ?3?3?3
Reply
#5
That is a learning, the comibnation is different from what I expected. I guess in my question I cut out the c3 entirely, so I may never encounter a result. The Euro-symbol is a good guess as well, I think.
My new command is this:
hashcat -m 9600 -a 3 --username -o cracked_pass.txt hash.txt -w 4 --increment-min 1 --increment --increment-max 10 --hex-charset -1 ?l?u?d?s -2 c384969c9fa4b6bce282ac -3 ?1?2 ?3?3?3?3?3?3?3?3?3?3?3?3
I am a bit worried because I saw hashcat using c3 alone in its combinations, e.g.: Candidates.#1....: $HEX[c3] -> $HEX[c3]
Is that an issue?

EDIT:
I read your edit, this makes sense. I am now using a long mask, i.e. a mask that has 10* ?3 and equals my --increment-max 10 in its length.
Reply