Posts: 5
Threads: 1
Joined: Oct 2022
10-11-2022, 09:52 AM
(This post was last modified: 10-11-2022, 09:54 AM by saulys.)
Hi,
I was playing around with old office secret key cracking based on:
https://hashcat.net/forum/thread-7643.html description. I was using the same good file.hash: $oldoffice$1*d6aabb63363188b9b73a88efb9c9152e*afbbb9254764273f8f4fad9a5d82981f*6f09fd2eafc4ade522b5f2bee0eaf66d with known RC4 key: f2ab1219ae
It is strange that hashcat succeeded in finding RC4 key if I ran it as: hashcat file.hash -m 9710 -a 3 --hex-charset f2ab1219ae
but hashcat failed in finding RC4 key with statement that it exhausted all variants from $HEX[f2ab121900] to $HEX[f2ab1219ff] if I ran it as:
hashcat file.hash -m 9710 -a 3 --hex-charset f2ab1219?b
Isn't 0xae part of 0x00-0xff range?
How does hashcat get to this result?
Posts: 5
Threads: 1
Joined: Oct 2022
Can someone replicate this behavior, please?
Posts: 5
Threads: 1
Joined: Oct 2022
It looks as reappearance of 8 year old bug in hashcat:
https://hashcat.net/forum/thread-3665-page-2.html
Environment info:
hashcat (v6.2.6) starting in backend information mode
OpenCL Info:
============
OpenCL Platform ID #1
Vendor..: Intel(R) Corporation
Name....: Intel(R) OpenCL HD Graphics
Version.: OpenCL 3.0
Backend Device ID #1
Type...........: GPU
Vendor.ID......: 8
Vendor.........: Intel(R) Corporation
Name...........: Intel(R) UHD Graphics
Version........: OpenCL 3.0 NEO
Processor(s)...: 24
Clock..........: 1100
Memory.Total...: 6462 MB (limited to 1615 MB allocatable in one block)
Memory.Free....: 3168 MB
Local.Memory...: 64 KB
OpenCL.Version.: OpenCL C 1.2
Driver.Version.: 30.0.101.1404
Posts: 374
Threads: 0
Joined: Nov 2017
Are you sure hashcat is not just "Skipping" your hash because it has previously been found in the potfile?
Show us the code of your attack running, or being exhausted.
Posts: 5
Threads: 1
Joined: Oct 2022
10-12-2022, 07:49 AM
(This post was last modified: 10-12-2022, 07:52 AM by saulys.)
(10-12-2022, 12:33 AM)slyexe Wrote: Are you sure hashcat is not just "Skipping" your hash because it has previously been found in the potfile?
Show us the code of your attack running, or being exhausted.
Nope, it's not in potfile. Please check run results with full key and masked key below.
Successful attack with full key:
Quote:hashcat test.hash -m 9710 -a 3 --hex-charset f2ab1219ae --potfile-disable
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) UHD Graphics, 3168/6462 MB (1615 MB allocatable), 24MCU
./OpenCL/m09710_a3-optimized.cl: Pure kernel not found, falling back to optimized kernel
Minimum password length supported by kernel: 5
Maximum password length supported by kernel: 5
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 52 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
$oldoffice$1*d6aabb63363188b9b73a88efb9c9152e*afbbb9254764273f8f4fad9a5d82981f*6f09fd2eafc4ade522b5f2bee0eaf66d:f2ab1219ae
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 9710 (MS Office <= 2003 $0/$1, MD5 + RC4, collider #1)
Hash.Target......: $oldoffice$1*d6aabb63363188b9b73a88efb9c9152e*afbbb...eaf66d
Time.Started.....: Wed Oct 12 08:46:07 2022 (1 sec)
Time.Estimated...: Wed Oct 12 08:46:08 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: f2ab1219ae [5]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 73 H/s (0.19ms) @ Accel:512 Loops:1 Thr:8 Vec:4
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[f2ab1219ae] -> $HEX[f2ab1219ae]
Started: Wed Oct 12 08:46:05 2022
Stopped: Wed Oct 12 08:46:09 2022
Exhausted attack with masked key:
Quote:hashcat test.hash -m 9710 -a 3 --hex-charset f2ab1219?b --potfile-disable
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) UHD Graphics, 3168/6462 MB (1615 MB allocatable), 24MCU
./OpenCL/m09710_a3-optimized.cl: Pure kernel not found, falling back to optimized kernel
Minimum password length supported by kernel: 5
Maximum password length supported by kernel: 5
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 52 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 9710 (MS Office <= 2003 $0/$1, MD5 + RC4, collider #1)
Hash.Target......: $oldoffice$1*d6aabb63363188b9b73a88efb9c9152e*afbbb...eaf66d
Time.Started.....: Wed Oct 12 08:48:45 2022 (0 secs)
Time.Estimated...: Wed Oct 12 08:48:45 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: f2ab1219?b [5]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 29979 H/s (0.16ms) @ Accel:512 Loops:1 Thr:8 Vec:4
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 256/256 (100.00%)
Rejected.........: 0/256 (0.00%)
Restore.Point....: 256/256 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[f2ab121900] -> $HEX[f2ab1219ff]
Started: Wed Oct 12 08:48:43 2022
Stopped: Wed Oct 12 08:48:46 2022
Posts: 888
Threads: 15
Joined: Sep 2017
10-12-2022, 02:29 PM
(This post was last modified: 10-12-2022, 02:30 PM by Snoopy.)
working as expected
y:\hashcat>hashcat -D1 -d1 -m9710 -a3 --hex-charset hash.txt f2ab1219?b
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 9710 (MS Office <= 2003 $0/$1, MD5 + RC4, collider #1)
Hash.Target......: $oldoffice$1*d6aabb63363188b9b73a88efb9c9152e*afbbb...eaf66d
Time.Started.....: Wed Oct 12 14:16:51 2022 (0 secs)
Time.Estimated...: Wed Oct 12 14:16:51 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: f2ab1219?b [5]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 479.9 kH/s (0.09ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 256/256 (100.00%)
Rejected.........: 0/256 (0.00%)
Restore.Point....: 0/256 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[f2ab121900] -> $HEX[f2ab1219ff]
i believe the problem is still the broken intel opencl GPU driver (this problem is as old as the intel integrated cpu/gpu devices) you have to stick to CPU opencl drivers (in my case i can force hashcat with options -D -d1 to use CPU)
your device
Device #1: Intel(R) UHD Graphics
try using intel opencl drivers for CPU only (you will need to deinstall the UHD graphics driver beforehand, if you just have a laptop without a separate gpu this approach will not work for you)
Posts: 5
Threads: 1
Joined: Oct 2022
(10-12-2022, 02:29 PM)Snoopy Wrote: i believe the problem is still the broken intel opencl GPU driver (this problem is as old as the intel integrated cpu/gpu devices) you have to stick to CPU opencl drivers (in my case i can force hashcat with options -D -d1 to use CPU)
your device
Device #1: Intel(R) UHD Graphics
try using intel opencl drivers for CPU only (you will need to deinstall the UHD graphics driver beforehand, if you just have a laptop without a separate gpu this approach will not work for you)
Yes, falling back to Intel OpenCL CPU only runtimes helped.
It would be worth implementing some OpenCL bug check while starting hashcat masked attack, otherwise people may run it for days not knowing that attack will never succeed...
Posts: 888
Threads: 15
Joined: Sep 2017
well i think there was such a check in hashcat 62.5, i will open a github issue to check this
