[LM] Append a '0' with rules file ?!
#1
Hi,

The LM hash 438f69d673cb07cd gives FOXCONN with bruteforce or dictionnary. But when I add a rule file, it give FOXCONN0 (8 chars)

Command line with dic but without rules (or bruteforce) it works :
Quote:oclHashcat-plus64.exe -m 3000 438f69d673cb07cd438f69d673cb07cd total.dic

438f69d673cb07cd:FOXCONN
Status.......: Cracked
Hash.Target..: 438f69d673cb07cd
Hash.Type....: LM

Command line with dic + the rule file (notice the added '0') :
Quote:oclHashcat-plus64.exe -m 3000 438f69d673cb07cd438f69d673cb07cd total.dic -r 100.rule

438f69d673cb07cd:FOXCONN0
Status.......: Cracked
Hash.Target..: 438f69d673cb07cd
Hash.Type....: LM

total.dic contains "FOXCONN".
Rules file : http://pastebin.com/yspXKz4D (sorry I don't know which rule is the bad one)

A bug ?

Thank you.
#2
Damn LM, the fact that this is the only known two-in-one hash generates lots of problems. This actually looks like a bug, but i am pretty busy with markov stuff right now. I will take a look at this later. Please bump this thread from time to time so that I dont lost sight on it.
#3
(06-21-2012, 10:11 AM)atom Wrote: Damn LM, the fact that this is the only known two-in-one hash generates lots of problems. This actually looks like a bug, but i am pretty busy with markov stuff right now. I will take a look at this later. Please bump this thread from time to time so that I dont lost sight on it.
Just switch the format to support only halves of the LM hash and you will remove lots of headaches for nothing. To prevent the people to complain, You can add 2 small little programs in the Hashcat-utils: 1) One that takes a full LM hash list and split it into unique halves that are stored in a file for the oclhashcat program to process. 2) The second program take a full LM uncracked list and a cracked halves list as input to finally output the full LM cracked format.

By copying the 2 utils in the oclhashcat folder, they can easily automate the process with a .bat file:

Code:
SplitLM.exe lmhash.txt > halfLM.txt
oclhashcat-plus64.exe -m 3000 -o crackedhalf.txt halfLM.txt
CrackLM.exe -c crackedhalf.txt -o found.txt lmhash.txt
I obviously removed some switches to illustrate the essential and a create the -c to represent the crackedhalf file for input but the idea is very simple.
#4
Sounds very good to me.
#5
Sounds good yeah, I think I will do that. Thanks.
#6
(06-21-2012, 10:11 AM)atom Wrote: Please bump this thread from time to time so that I dont lost sight on it.

Up !
#7
Hi,

I noticed in the new version (0.09) that LM now takes only 16-chars hash.
Is there an easy way to split 32-chars into 16 et un-split them back ? (the mastercracker idea)
Is the bug corrected ?

Thanks
#8
Lots of LM bugs were fixed, but few are still (I can only remember one).

I thinking of perl script for splitting\joining.
#9
You could call it a missing feature, since 32-char LMs actually are 2 hashes not 1 hash. But calling it a bug would be wrong. Plus you have the possibility to manually workaround.
#10
Mem5 Wrote:Is the bug corrected ?
I was asking about the '0' appended at the end of some plain text, the first question of this thread.