JSON newbie help
#1
I have a JWS text file formatted as:  Header.Payload.Signature
  • the Header and Payload are Base64URL encoded separately and then joined with a "." as separator
  • the Signature is appended afterwards and also separated by a period
  • as far as I understand the Signature is a function of Header.Payload using ECDSA with P-256 curve and a SHA-256 hash algorithm
My goal is to extract the "secret" part of the signature key, so I tried:
   hashcat --backend-ignore-cuda -d 1 -D 1 -m 16500 file.txt -a 3 -w 4
with:
   --backend-ignore-cuda because I don't have GPU that supports CUDA
   -d 1 and -D 1 to force backend and OpenCl to use my CPU
   -m 16500 uses hash node for JWT (JSON Web Token)
   file.txt is my JWS text file described above
   -a 3 forces a Brute-force attack
   -w 4 why not as it only needs another second :-)
   I purposely let the mask default to ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d so I didn't bias the result

The result is:
   hashcat (v6.2.5) starting
   clCreateContext(): CL_DEVICE_NOT_AVAILABLE

   OpenCL API (OpenCL 2.1 WINDOWS) - Platform #1 [Intel(R) Corporation]
   ====================================================================
   * Device #1: Intel(R) Xeon(R) CPU          E5410  @ 2.33GHz, skipped
  
   Minimum password length supported by kernel: 0
   Maximum password length supported by kernel: 256

   Hashes: 1 digests; 1 unique digests, 1 unique salts
   Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

   Optimizers applied:
   * Zero-Byte
   * Not-Iterated
   * Single-Hash
   * Single-Salt
   * Brute-Force

   Watchdog: Hardware monitoring interface not found on your system.
   Watchdog: Temperature abort trigger disabled.
   Started: Wed Apr 27 11:42:47 2022
   Stopped: Wed Apr 27 11:42:49 2022

And I get a hashcat.txt file that has many blocks of info each starting with the following text:
        TOP.626962ea.000553d4 START
        TOP.62696383.000a585e START
        TOP.62696395.0003ef2a START
        TOP.626963cc.000a8561 START
        TOP.62696401.0003e99e START
        TOP.6269647c.00067419 START
        TOP.626964be.000200e9 START
        TOP.626964ee.000c82e1 START
        TOP.62696cc8.000a0384 START
        TOP.62697439.000d5514 START
        TOP.62698098.0002b700 START

The file also reports:
        TOP.########.######## user_options->custom_charset_1 ?l?d?u
        TOP.########.######## user_options->custom_charset_2 ?l?d
        TOP.########.######## user_options->custom_charset_3 ?l?d*!$@_
        TOP.########.######## user_options->encoding_from utf-8
        TOP.########.######## user_options->encoding_to utf-8

Now my questions:
  1. what does Hashes: 1 digests; 1 unique digests, 1 unique salts tell me?
  2. what does Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates tell me?
  3. am I correct in defaulting the mask or should I use something else?
  4. what does the hashcat.txt file tell me?
  5. what do the descriptions between TOP. and START mean in the txt file?
  6. what do the results for custom_charset and encoding tell me?
  7. have I used hashcat correctly?
  8. any recommendations on how to unravel the signature in my JWS file?
Thank you for your help.
Reply
#2
https://hashcat.net/wiki/
Reply
#3
Thanks but I went through the wiki page and could not find answers to my questions. But obviously you can...
Reply