hashrate dependence on mask order
#1
As some of you might be aware I've been playing around with the 5268AC trying to determine the default keygen algorithm. In my latest set of experiments I've generated a long list of hashes that would, after taking the modulus and with the appropriate charset, turn into the password.

Based on clues left in the firmware, it seemed possible that the original engineer added a string to the serialnumber before computing the MD5 hash, and using that generate the password. SN+string hence the appropriate mask would e.g. look like 32161N114993?u?u?u?u?u?u?u or the complete command line:
hashcat -m 5100 -w 4 -O sorted_half_hashes.hash -a 3 32161N114993?u?u?u?u?u?u?u

As I've run out of usable options based on my hardware capabilities, I figured instead of appending a suffix, I'd prepend a prefix. e.g. 
?u?u?u?u?u?u?u32161N114993 and work through whatever this drunk can find under that streetlight.

... and now the reason for starting this new thread:
The hashrate of the suffix string is 74.7Mh/s while the hashrate of the prefix is 18150MH/s! That's 243 times the hashrate

I thought may be this was a peculiarity of -m 5100 so I did the same for MD5 and SHA1 and about the same result.
The hashrate is orders of magnitude faster when the unknown mask is first followed by a fixed string than vice versa.

Is this a feature or a bug? Is there any way to speed up the 32161N114993?u?u?u?u?u?u?u mask?

(Using hashcat 6.2.5 and windows 10)
Reply
#2
This is a common misunderstanding about how hashcat works under the hood and how work is created/separated. Certain orientations of work lead to difficult or poor division of work, meaning that its very hard to take advantage of the parallel processing capabilities of the GPU. This is explained a little more indepth here:
https://hashcat.net/wiki/doku.php?id=fre...full_speed
Reply
#3
Thanks Chick3nman! It's still not quite clear from that faq.
Is what you are saying, in the case of 
312161N114993?u?u?u?u?u?u?u (slow) 312161N114993 is the word that runs in the base loop, while the ?u runs in the mod loop, 
while in case of:
?u?u?u?u?u?u?u312161N114993 (fast) there is no base loop and everything runs in the mod loop?

edit:
I did try this on mode 22000 and see no real difference in hashrate there.
Reply