04-27-2022, 08:23 PM
I have a JWS text file formatted as: Header.Payload.Signature
hashcat --backend-ignore-cuda -d 1 -D 1 -m 16500 file.txt -a 3 -w 4
with:
--backend-ignore-cuda because I don't have GPU that supports CUDA
-d 1 and -D 1 to force backend and OpenCl to use my CPU
-m 16500 uses hash node for JWT (JSON Web Token)
file.txt is my JWS text file described above
-a 3 forces a Brute-force attack
-w 4 why not as it only needs another second :-)
I purposely let the mask default to ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d so I didn't bias the result
The result is:
hashcat (v6.2.5) starting
clCreateContext(): CL_DEVICE_NOT_AVAILABLE
OpenCL API (OpenCL 2.1 WINDOWS) - Platform #1 [Intel(R) Corporation]
====================================================================
* Device #1: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Started: Wed Apr 27 11:42:47 2022
Stopped: Wed Apr 27 11:42:49 2022
And I get a hashcat.txt file that has many blocks of info each starting with the following text:
TOP.626962ea.000553d4 START
TOP.62696383.000a585e START
TOP.62696395.0003ef2a START
TOP.626963cc.000a8561 START
TOP.62696401.0003e99e START
TOP.6269647c.00067419 START
TOP.626964be.000200e9 START
TOP.626964ee.000c82e1 START
TOP.62696cc8.000a0384 START
TOP.62697439.000d5514 START
TOP.62698098.0002b700 START
The file also reports:
TOP.########.######## user_options->custom_charset_1 ?l?d?u
TOP.########.######## user_options->custom_charset_2 ?l?d
TOP.########.######## user_options->custom_charset_3 ?l?d*!$@_
TOP.########.######## user_options->encoding_from utf-8
TOP.########.######## user_options->encoding_to utf-8
Now my questions:
- the Header and Payload are Base64URL encoded separately and then joined with a "." as separator
- the Signature is appended afterwards and also separated by a period
- as far as I understand the Signature is a function of Header.Payload using ECDSA with P-256 curve and a SHA-256 hash algorithm
hashcat --backend-ignore-cuda -d 1 -D 1 -m 16500 file.txt -a 3 -w 4
with:
--backend-ignore-cuda because I don't have GPU that supports CUDA
-d 1 and -D 1 to force backend and OpenCl to use my CPU
-m 16500 uses hash node for JWT (JSON Web Token)
file.txt is my JWS text file described above
-a 3 forces a Brute-force attack
-w 4 why not as it only needs another second :-)
I purposely let the mask default to ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d so I didn't bias the result
The result is:
hashcat (v6.2.5) starting
clCreateContext(): CL_DEVICE_NOT_AVAILABLE
OpenCL API (OpenCL 2.1 WINDOWS) - Platform #1 [Intel(R) Corporation]
====================================================================
* Device #1: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Started: Wed Apr 27 11:42:47 2022
Stopped: Wed Apr 27 11:42:49 2022
And I get a hashcat.txt file that has many blocks of info each starting with the following text:
TOP.626962ea.000553d4 START
TOP.62696383.000a585e START
TOP.62696395.0003ef2a START
TOP.626963cc.000a8561 START
TOP.62696401.0003e99e START
TOP.6269647c.00067419 START
TOP.626964be.000200e9 START
TOP.626964ee.000c82e1 START
TOP.62696cc8.000a0384 START
TOP.62697439.000d5514 START
TOP.62698098.0002b700 START
The file also reports:
TOP.########.######## user_options->custom_charset_1 ?l?d?u
TOP.########.######## user_options->custom_charset_2 ?l?d
TOP.########.######## user_options->custom_charset_3 ?l?d*!$@_
TOP.########.######## user_options->encoding_from utf-8
TOP.########.######## user_options->encoding_to utf-8
Now my questions:
- what does Hashes: 1 digests; 1 unique digests, 1 unique salts tell me?
- what does Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates tell me?
- am I correct in defaulting the mask or should I use something else?
- what does the hashcat.txt file tell me?
- what do the descriptions between TOP. and START mean in the txt file?
- what do the results for custom_charset and encoding tell me?
- have I used hashcat correctly?
- any recommendations on how to unravel the signature in my JWS file?
