It looks like something's wrong with m4510 and m4710
#1
Hello!

I noticed that optimized kernels for modes: 4510 and 4710 don't support salt length they are supposed to support (51 max length in both cases). Seems like there is an error with sha1 transform because whenever data block size is bigger than 55 bytes hash won't be cracked even if correct hash, salt and plain is given. This sadly leaves us with max salt length 15 (m4510) and 23 (m4710). This has been tested on hashcat 6.2.4 but it looks like kernels haven't been modified for 13 months so I assume hashcat version isn't the issue here.

Cheers!
Reply
#2
this is the expected way it works, right ?

That's (at least very large part of) what makes the "optimized" kernel special... that there is this possibility of optimization (but also the disadvantages if you need larger lengths, because it's restricted to certain lengths) with smaller combined length (among other optimizations).

The optimization only works if only 1 transformation needs to be done... if multiple transformations need to be done, it becomes slower... pure kernels (without -O can do that).

It's also highlighted in the test units (min/max pass length, min/max salt length, min/max combined length.... for optimized and pure kernels):

https://github.com/hashcat/hashcat/blob/...510.pm#L13
https://github.com/hashcat/hashcat/blob/...710.pm#L14
Reply
#3
By looking at the code of both of these kernels I assumed that they were supposed to support longer salts. It seems like another transform was used, but perhaps I misunderstood something

https://github.com/hashcat/hashcat/blob/...d.cl#L1673
https://github.com/hashcat/hashcat/blob/...ed.cl#L483
Reply
#4
actually, looking at this problem more carefully, I see that you are right and that there could actually be a little problem here.

I was actually thinking about a completely different algorithm,,, but the correct ones are:
Code:
-m 4510 = sha1(sha1($pass).$salt)
-m 4710 = sha1(md5($pass).$salt)

I was thinking about a combination of salt and password concatenated like this:
Code:
$salt . $pass

or

$pass . $salt

but this is not the case for -m 4510, nor for -m 4710 (no total length of salt + length of pass)


The max length within the tests seem also to be wrong
tools/test_modules/m04510.pm
and
tools/test_modules/m04710.pm
should have completely different limits, because for one the internal hashing algorithm is md5, but for the other it's sha1 (so the [0, 15] for the "module_constraints" in the 4710 test unit makes absolutely no sense, it should be 55 - 32, where 32 is the output length of a hexadecimal MD5 hash).... but even this limit is odd/wrong if (as you also say correctly) we have the branch that supports longer salts (for both modes, 4510/4710, the salt is appended to the inner hash output).

Could you please report this on github (https://github.com/hashcat/hashcat/issues) ? we actually have 2 problems here, one is that the test units are wrong and test all lengths correctly and the other problem seems that the branch that would allow longer lengths doesn't work (this needs to be verified/debugged, please also add an example hash/pass to the github issue)
Thank you
Reply
#5
I just opened an issue on github and frankly it's my first time posting any issue on github so I hope it's at least good enough. As I wasn't entirely sure how to describe the test modules issue I decided to link your post.
Reply
#6
very good, thank you... I will write a comment there soon. thx

btw: the github issue is: https://github.com/hashcat/hashcat/issues/3029
Reply