Example hash for DES 14000 does not crack correctly.
#1
Hi all, 

I am attempting to crack the DES mode 14000 hash (a28bc61d44bb815c:1172075784504605) from https://hashcat.net/wiki/doku.php?id=example_hashes

As per the wiki, the password is supposed to be hashcat1. However, when attempting to crack it with the following command, I get every collision except for hashcat1:

Code:
PS D:\hashcat-6.2.2> .\hashcat.exe -a 3 -m 14000 a28bc61d44bb815c:1172075784504605 ?1?1?1?1?1?1?1?1 -1 ?l?d --keep-guessing
hashcat (v6.2.2) starting...

CUDA API (CUDA 11.2)
====================
* Device #1: GeForce RTX 3090, 23336/24576 MB, 82MCU
* Device #2: GeForce RTX 3090, 23336/24576 MB, 82MCU

OpenCL API (OpenCL 1.2 CUDA 11.2.109) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #3: GeForce RTX 3090, skipped
* Device #4: GeForce RTX 3090, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force

ATTENTION! --keep-guessing mode is enabled.
This tells hashcat to continue attacking all target hashes until exhaustion.
hashcat will NOT check for or remove targets present in the potfile, and
will add ALL plains/collisions found, even duplicates, to the potfile.

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 2210 MB

a28bc61d44bb815c:1172075784504605:haribat1
a28bc61d44bb815c:1172075784504605:hashbat1
a28bc61d44bb815c:1172075784504605:haribau1
a28bc61d44bb815c:1172075784504605:hashcau1
a28bc61d44bb815c:1172075784504605:harhcat0
a28bc61d44bb815c:1172075784504605:hashbat0
a28bc61d44bb815c:1172075784504605:harhcau0
a28bc61d44bb815c:1172075784504605:hasibau0
Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: DES (PT = $salt, key = $pass)
Hash.Target......: a28bc61d44bb815c:1172075784504605
Time.Started.....: Wed Mar 02 12:35:26 2022 (26 secs)
Time.Estimated...: Wed Mar 02 12:35:52 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1?1?1?1?1?1 [8]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 54101.1 MH/s (11.72ms) @ Accel:128 Loops:1024 Thr:64 Vec:1
Speed.#2.........: 56136.0 MH/s (7.24ms) @ Accel:128 Loops:1024 Thr:64 Vec:1
Speed.#*.........:  110.2 GH/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 2821109907456/2821109907456 (100.00%)
Rejected.........: 0/2821109907456 (0.00%)
Restore.Point....: 59785216/60466176 (98.87%)
Restore.Sub.#1...: Salt:0 Amplifier:46080-46656 Iteration:0-1024
Restore.Sub.#2...: Salt:0 Amplifier:46080-46656 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: sdqw303q -> x8qmjdwv
Candidates.#2....: sdqo1fpq -> x8qqxqgx
Hardware.Mon.#1..: Temp: 51c Fan:  0% Util: 15% Core:1830MHz Mem:10802MHz Bus:16
Hardware.Mon.#2..: Temp: 53c Fan:  0% Util: 85% Core:1800MHz Mem:10802MHz Bus:16

Started: Wed Mar 01 12:35:24 2022
Stopped: Wed Mar 01 12:35:54 2022

If anyone has any suggestions as to why this may be and how I can fix it, please let me know. I've tried on a couple of other systems with the same results. 

Thanks
Reply
#2
There does appear to be some funkyness with cracks in 14000. The plaintext does still appear to work, but it doesn't consistently appear when running masks in some orders. I will open an issue on the github for this.
Reply
#3
Algorithm 14000 looks for key, plaintext and ciphertext are known. Size of DES key is 56 bits, LSBs of each byte are NOT used. Therefore there are 256 collisions in 8-bytes key, each collision is complete solution. You can try to encrypt/decrypt data using any key above, result will be the same.
Reply
#4
@chick3nman thanks for that, please let us know if there's any update.

@nick8606 As far as I understand it, it is expected that you get multiple valid cracks, but I would still expect that 'hashcat1' would still appear. My issue isn't with the keys being invalid, but rather that the _particular expected_ key isn't being identified.
Reply
#5
Why are you using v6.2.2
The latest version is v6.2.5
You can also try the beta version from https://hashcat.net/beta


Code:
C:\hashcat-6.2.5>hashcat.exe  -a 3  -m 14000  "a28bc61d44bb815c:1172075784504605"  "hashcat1"

hashcat (v6.2.5) starting

OpenCL API (OpenCL 2.1 WINDOWS) - Platform #1 [Intel(R) Corporation]
====================================================================
* Device #1: Intel(R) Celeron(R) CPU 1005M @ 1.90GHz, 8103/16270 MB (2033 MB allocatable), 2MCU

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 0 MB

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

a28bc61d44bb815c:1172075784504605:hashcat1

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 14000 (DES (PT = $salt, key = $pass))
Hash.Target......: a28bc61d44bb815c:1172075784504605
Time.Started.....: Wed Mar 02 09:17:43 2022 (0 secs)
Time.Estimated...: Wed Mar 02 09:17:43 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat1 [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    1680 H/s (0.02ms) @ Accel:64 Loops:1024 Thr:1 Vec:4
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat1 -> hashcat1

Started: Wed Mar 02 09:17:39 2022
Stopped: Wed Mar 02 09:17:44 2022
Reply
#6
@v71221 I have re-run the same command with v6.2.5. The results are the same. 

Code:
PS D:\hashcat-6.2.5> .\hashcat.exe -a 3 -m 14000 a28bc61d44bb815c:1172075784504605 ?1?1?1?1?1?1?1?1 -1 ?l?d --keep-guessing
hashcat (v6.2.5) starting

CUDA API (CUDA 11.2)
====================
* Device #1: GeForce RTX 3090, 23336/24576 MB, 82MCU
* Device #2: GeForce RTX 3090, 23336/24576 MB, 82MCU

OpenCL API (OpenCL 1.2 CUDA 11.2.109) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #3: GeForce RTX 3090, skipped
* Device #4: GeForce RTX 3090, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force

ATTENTION! --keep-guessing mode is enabled.
This tells hashcat to continue attacking all target hashes until exhaustion.
hashcat will NOT check for or remove targets present in the potfile, and
will add ALL plains/collisions found, even duplicates, to the potfile.

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 2925 MB

a28bc61d44bb815c:1172075784504605:harhbat1
a28bc61d44bb815c:1172075784504605:hasibat1
a28bc61d44bb815c:1172075784504605:harhbau1
a28bc61d44bb815c:1172075784504605:hashcau1
Cracking performance lower than expected?

* Append -w 3 to the commandline.
  This can cause your screen to lag.

* Append -S to the commandline.
  This has a drastic speed impact but can be better for specific attacks.
  Typical scenarios are a small wordlist but a large ruleset.

* Update your backend API runtime / driver the right way:
  https://hashcat.net/faq/wrongdriver

* Create more work items to make use of your parallelization power:
  https://hashcat.net/faq/morework

a28bc61d44bb815c:1172075784504605:haricat0
a28bc61d44bb815c:1172075784504605:hashbat0
a28bc61d44bb815c:1172075784504605:haricau0
a28bc61d44bb815c:1172075784504605:hashbau0
Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 14000 (DES (PT = $salt, key = $pass))
Hash.Target......: a28bc61d44bb815c:1172075784504605
Time.Started.....: Wed Mar 02 17:00:17 2022 (25 secs)
Time.Estimated...: Wed Mar 02 17:00:42 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1?1?1?1?1?1 [8]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 54870.9 MH/s (0.36ms) @ Accel:256 Loops:1024 Thr:32 Vec:1
Speed.#2.........: 56273.2 MH/s (0.35ms) @ Accel:256 Loops:1024 Thr:32 Vec:1
Speed.#*.........:  111.1 GH/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 2821109907456/2821109907456 (100.00%)
Rejected.........: 0/2821109907456 (0.00%)
Restore.Point....: 60455536/60466176 (99.98%)
Restore.Sub.#1...: Salt:0 Amplifier:46080-46656 Iteration:0-1024
Restore.Sub.#2...: Salt:0 Amplifier:46080-46656 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: sdqwr0q6 -> x8qmf8q6
Candidates.#2....: sdqyyyq6 -> x8qqxqgx
Hardware.Mon.#1..: Temp: 52c Fan:  0% Util: 64% Core:1830MHz Mem:10802MHz Bus:16
Hardware.Mon.#2..: Temp: 50c Fan:  0% Util: 60% Core:1860MHz Mem:10802MHz Bus:16

Started: Wed Mar 02 17:00:10 2022
Stopped: Wed Mar 02 17:00:44 2022

Again, while I understand that any of those collisions are functionally valid, the ability to obtain the 'correct' collision (hashcat1) is still important.
Reply
#7
my laptop is not too fast, so I tried to narrow keyspace.
hashcat1 is there. You can play with different combinations.


Code:
C:\hashcat-6.2.5-207>hashcat.exe  -a 3  -m 14000  "a28bc61d44bb815c:1172075784504605"  hashc?1?1?1  -1 ?l?d  --keep-guessing

hashcat (v6.2.5-207-gac1997027) starting

OpenCL API (OpenCL 2.1 WINDOWS) - Platform #1 [Intel(R) Corporation]
====================================================================
* Device #1: Intel(R) Celeron(R) CPU 1005M @ 1.90GHz, 8103/16270 MB (2033 MB allocatable), 2MCU

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force

ATTENTION! --keep-guessing mode is enabled.
This tells hashcat to continue attacking all target hashes until exhaustion.
hashcat will NOT check for or remove targets present in the potfile, and
will add ALL plains/collisions found, even duplicates, to the potfile.

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 0 MB

a28bc61d44bb815c:1172075784504605:hashcat1
a28bc61d44bb815c:1172075784504605:hashcau1
a28bc61d44bb815c:1172075784504605:hashcat0
a28bc61d44bb815c:1172075784504605:hashcau0
Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 14000 (DES (PT = $salt, key = $pass))
Hash.Target......: a28bc61d44bb815c:1172075784504605
Time.Started.....: Wed Mar 02 07:11:18 2022 (1 sec)
Time.Estimated...: Wed Mar 02 07:11:19 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashc?1?1?1 [8]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  144.3 kH/s (0.25ms) @ Accel:64 Loops:1024 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests
Progress.........: 46656/46656 (100.00%)
Rejected.........: 0/46656 (0.00%)
Restore.Point....: 46656/46656 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: hashccwv -> hashcqgx

Started: Wed Mar 02 07:10:59 2022
Stopped: Wed Mar 02 07:11:20 2022
Reply
#8
@v71221 Yeah, that's fine, if I knew part of the key I'm trying to break first, but it doesn't help with a straight brute force?
Reply
#9
Yeah, i think the issue here is being confused. The correct key does indeed crack the example. The core problem here is that not all valid collisions are produced consistently during the mask attack. Some are skipped and the behavior is even changed with the keyspace ordering.
Reply
#10
Thumbs Up 
(03-02-2022, 05:30 PM)Chick3nman Wrote: Yeah, i think the issue here is being confused. The correct key does indeed crack the example. The core problem here is that not all valid collisions are produced consistently during the mask attack. Some are skipped and the behavior is even changed with the keyspace ordering.

Correct, thanks for clarifying Chick3nman.
Reply