Trying to use mode 3730

[operator666]

Hey everyone,

I'm working with a hash from a device and I'm hoping you can help me identify the correct hash mode or guide me on creating a custom one. It seems to be a variation of mode -m 3730 but with added prefixes.

I made a Python script that successfully generates the correct hash. This script represents the exact algorithm I need to crack:

Code:

import hashlib

def encrypt_password(password, realm, random_value):
    first = hashlib.md5(f'admin:{realm}:{password}'.encode()).hexdigest()
    second = hashlib.md5(f'admin:{random_value}:{first.upper()}'.encode()).hexdigest().upper()
    return second

I have verified that the script returns the expected outcome with known values (including password):

Password: 123456

Realm: Login to 4Bxxxxxxxxxxx81

Random Value: 0078543864

Resulting Hash: 64D9BD6FB509BDFE8424572B8B342EA3

As you can see, the algorithm appears to be:
md5("admin:" . random_value . ":" . strtoupper(md5("admin:" . realm . ":" . password)))

I tried to format this for mode -m 3730 (md5($salt1.strtoupper(md5($salt2.$pass)))) but it didn't work, which makes sense since the static "admin:" prefixes aren't part of that official algorithm.

My questions are:

1. Is there an existing hashcat mode that supports this specific algorithm with the prefixes? (searched for it but didn't found anything related)
   
2. If not, what would be the best way to approach creating a custom module for it?
   

Any help or guidance would be greatly appreciated!

Thanks.

[buka]

This might be interesting to you:
https://hashcat.net/forum/thread-13346.html