Separator unmatched for hmac sha512
#1
Consider the following

python script:
Code:
#!/usr/bin/env python
import hashlib
import hmac


def to_hash(raw):
    return hmac.new(raw.encode("utf-8"),
                    digestmod=hashlib.sha512).digest().hex()


if __name__ == "__main__":
    raw_pass = "123456"
    h = to_hash(raw_pass)
    with open("hlist", "w") as lf:
        lf.write(h)


output file:

Code:
$ cat hlist
d3f2f066f0da13b4cd51085457a9c50f4dfc3ddc2b790133d49f6a11bd048ab7bf4292abaae52d5c2841f7eda24f51bce0858ef75dd0ee02283c73783d63c6a4%
password list file:
Code:
$ cat pass_list
qwerty
123456
zxcvbn


command:
Code:
$ hashcat -m 1750 -a 0 hlist pass_list

output
Code:
hashcat (v6.2.5) starting

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 11.5)
====================
* Device #1: NVIDIA GeForce RTX 2060, 5559/5933 MB, 30MCU

OpenCL API (OpenCL 3.0 CUDA 11.5.100) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce RTX 2060, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashfile 'hlist' on line 1 (d3f2f0...e0858ef75dd0ee02283c73783d63c6a4): Separator unmatched
No hashes loaded.

Started: Fri Dec 10 17:15:01 2021
Stopped: Fri Dec 10 17:15:01 2021

without -m option:
Code:
$ hashcat -a 0 hlist pass_list
output is:
Code:
The following 7 hash-modes match the structure of your input hash:

      # | Name                                                | Category
  ======+=====================================================+============================
==========
  1700 | SHA2-512                                            | Raw Hash
  17600 | SHA3-512                                            | Raw Hash
  11800 | GOST R 34.11-2012 (Streebog) 512-bit, big-endian    | Raw Hash
  18000 | Keccak-512                                          | Raw Hash
  6100 | Whirlpool                                          | Raw Hash
  1770 | sha512(utf16le($pass))                              | Raw Hash
  21000 | BitShares v0.x - sha512(sha512_bin(pass))          | Cryptocurrency Wallet

I tried them all, they don't return errors, but simply fail to find password
example:
Code:
$ hashcat -m 1700 -a 0 hlist pass_list
output:
Code:
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 1700 (SHA2-512)
Hash.Target......: d3f2f066f0da13b4cd51085457a9c50f4dfc3ddc2b790133d49...63c6a4
Time.Started.....: Fri Dec 10 17:20:04 2021 (0 secs)
Time.Estimated...: Fri Dec 10 17:20:04 2021 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (pass_list)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    16228 H/s (0.02ms) @ Accel:1024 Loops:1 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 3/3 (100.00%)
Rejected.........: 0/3 (0.00%)
Restore.Point....: 3/3 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: qwerty -> zxcvbn
Hardware.Mon.#1..: Temp: 50c Fan:  0% Util:  8% Core:1365MHz Mem:6801MHz Bus:16


please help: I am out of touch? Or it's the hashcat who is wrong?
Reply
#2
Found online tool which generate hash from pass and salt, and its a PBKDF2. I cannot understand why hashcat module cannot bruteforce hash if hashtype is proper one.

https://neurotechnics.com/tools/pbkdf2-test

iterations 1000
key 32
salt and plaintext passw from my first post generate same hash as i have.
Reply
#3
Hashcat only supports keyed hmac, in this case, you didn't provide your Python code a key, so it has no key. For your hash, run -m 1750 and append a colon to the end and it'll crack it. Example command:
Code:
hashcat -m 1750 -a 3 "d3f2f066f0da13b4cd51085457a9c50f4dfc3ddc2b790133d49f6a11bd048ab7bf4292abaae52d5c2841f7eda24f51bce0858ef75dd0ee02283c73783d63c6a4:" 123456 --potfile-disable
Reply
#4
(12-11-2021, 04:14 AM)penguinkeeper Wrote: Hashcat only supports keyed hmac, in this case, you didn't provide your Python code a key, so it has no key. For your hash, run -m 1750 and append a colon to the end and it'll crack it. Example command:
Code:
hashcat -m 1750 -a 3 "d3f2f066f0da13b4cd51085457a9c50f4dfc3ddc2b790133d49f6a11bd048ab7bf4292abaae52d5c2841f7eda24f51bce0858ef75dd0ee02283c73783d63c6a4:" 123456 --potfile-disable

Thank you penguinkeeper, very cool
Reply