Oracle 11g Format
#1
I am having trouble loading Oracle 11g hashes (type 112) in to oclhashcat-plus.

They are stored in the SYS.USER$.spare4 column and are of the form of 'S:' followed by 40 characters of hex SHA1 hash followed by 20 characters of hex salt.

I've tried the string as is, removing the 'S:', separating the hash and salt, and other permutations, but I am consistently getting line length exceptions.

Does anyone know what the proper format is for Oracle 11g hashes?
#2
The format is hash:username
#3
Hmm. Let's say we have a user named foo with a hash "S:123456789A123456789B123456789C123456789D123456789E123456789F".

The proper format would be oclHashcat-plus -m 112 123456789A123456789B123456789C123456789D123456789E123456789F:foo wordlist.txt?

I'm still getting line length exceptions with and without the 'S:' or username. The old DES format was salted with the username but the new one has a random salt.

When you are referring to Oracle 11g hashes, I'm assuming that you are referring to the SHA format and not the old DES format with case sensitivity.

Thanks,
flipit
#4
I see. In this case you have to export the random salt. The random salt must be an hex encoded string which replaces the username. It is exactly of length 10. Example:

4b4787ac26bcf94f2aec734af8326ad2efa7e42a:8588127014

Password for this is 874
#5
Awesome, that explains why I was getting the line length exceptions.

However, there seems to be one small problem. Oracle uses 10 bytes of hex salt, yet oclHashcat seems hard-coded to accept up to 5 bytes.

Thanks for the explanation.
#6
i guess you have to use the --hex-salt option
#7
Undeath, that wouldn't work, as --hex-salt is already implied by the hash type (-m 112).

Atom, is it possible to expand the max length for the salt or is it a remnant from optimizing for a different hash type?

Thanks,
flipit
#8
Why do you need it expanded. Your 5 byte binary data encoded in hex is exactly 10.
#9
Brick 
Atom, the Oracle 11g format is 160 bits / 40 hex characters of SHA1 and 80 bits / 20 hex characters of salt. 40 bits / 10 hex characters of salt is insufficient.

Please see http://www.petefinnigan.com/weblog/archi...001097.htm or http://packages.python.org/passlib/lib/p...cle11.html for details.

Thanks,
flipit
#10
You were right. I fixed it. If you need access to a beta version send me a PM.

Quote:root@sf:~/oclHashcat-lite-0.10# ./oclHashcat-lite64.bin -m 112 61CE616647A4F7980AFD7C7245261AF25E0AFE9C:9763FCF0D54DA667D4E6
oclHashcat-lite v0.10 by atom starting...

** Valid keyfile for beta usage: atom (expires 26.03.2013)

GPU-Loops: 128
GPU-Accel: 160
Password lengths range: 1 - 55
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Tahiti, 2931MB, 0Mhz, 32MCU

61ce616647a4f7980afd7c7245261af25e0afe9c:9763fcf0d54da667d4e6:11g

Status.......: Cracked
Hash.Target..: 61ce616647a4f7980afd7c7245261af25e0afe9c:9763fcf0d54da667d4e6
Hash.Type....: Oracle 11g
Time.Running.: 0 secs
Time.Left....: 0 secs
Plain.Mask...: ?1?2?2
Plain.Text...: ***
Plain.Length.: 3
Progress.....: 60416/80352 (75.19%)
Speed.GPU.#1.: 66926/s
HWMon.GPU.#1.: 0% GPU, 43c Temp

Started: Mon Apr 9 18:48:25 2012
Stopped: Mon Apr 9 18:48:26 2012