Morph - Hashcat_utils

[tony]

Hi,

I just test the "Morph.bin" app & like the wiki area mentioned is not yet documented.

Well, i make some tests about & i find this app verry & stongly usefull, so thanks a lot for sharing.

Of what i understand, that generated some rules sets.

I try on some hashes & the rule set generated, well, simply impressive !

Beside & propably my English default missunderstanding, can you you please help me to undertand the options avaible with this app.

*********

new-host:utils xxxxx$ ./morph.bin
usage: ./morph.bin dictionary depth width pos_min pos_max

"Depth" & " Width" : can you explain please...i think i understand the sens but not really sure...even if i have done some positive tests.

Pos_mim & Pos_max, propably the lengh of the pass , isn't it ?

Here the tests i do :

new-host:utils xxxx$ ./morph.bin dic.txt 10 3 1 4 > v.rule

&

new-host:utils xxxx$ ./morph.bin dic2.txt 100 3 1 8 > vv.rule

Any advices will be verry welcome,

Thanks in advance,

Regards,

Tony

[M@LIK]

I wish I can answer this.

[mastercracker]

This is only speculation from what I can figure out by testing. Basically morph generates insertion rules for the most frequent chains of characters from the dictionary that you provide and that, per position.

- Dictionary = Wordlist used for frequency analysis.
- Depth = Determines what "top" chains that you want. For example 10 would give you the top 10 (in fact, it seems to start with value 0 so that 10 would give the top 11).
- Width = Max length of the chain. With 3 for example, you will get up to 3 rules per line for the most frequent 3 letter chains.
- pos_min = Minimum position where the insertion rule will be generated. For example 5 would mean that it will make rule to insert the string only from position 5 and up.
-pos_max = Maximum position where the insertion rule will be generated. For example 10 would mean that it will make rule to insert the string so that it's end finishes at a maximum of position 10.

This is a great tool. I can propose already an improvement. Allow also the "o" rule. I am sure that it will generate lots of hits as well. I know that it can be done manually but it's easier to do it directly from original command line.

[tony]

@MasterCracker

Thank you so much for your detailed reply, really intersting exposed.

Ok, i be wrong o some part's...

I understand better now...it's more clear for me..thanks again :-)

I continue to play with today, well, it's an realy powerfull & top app, propably the best one of the Hashcat_utils set.

Regards,

Tony

@M@LIK

Thank you to focus on ;-)

[atom]

Thats a perfect explanation of the morph Tool.

@Mastercracker:

- Is it ok to add that description to Wiki?

- I can modify the commandline so that is uses a special char you define on the commandline. For example it would look like : "./morph.bin dic.txt 10 3 1 4 i > v.rule" or "./morph.bin dic.txt 10 3 1 4 o > v.rule"

[mastercracker]

Thats a perfect explanation of the morph Tool.

@Mastercracker:

- Is it ok to add that description to Wiki?

- I can modify the commandline so that is uses a special char you define on the commandline. For example it would look like : "./morph.bin dic.txt 10 3 1 4 i > v.rule" or "./morph.bin dic.txt 10 3 1 4 o > v.rule"

Ok. I will try to add it to the wiki. The modification that you propose is perfect for me. If you want to avoid some problems from other users, it might be a good idea to have a quick check that make sure that it's either i or o that is there (I can't think of other rules that can be put there). Any other value would not make sense. You could set also i as a default value if that parameter is not provided by the user.

---

Ok. I have put the description in the wiki.

Atom, I have another request for the morph. Would it be difficult to increase the maximum width from 3 to 5? I am curious to see whether 4 and 5 letters strings would generate also many hits.

[atom]

Well yes an no. With the current code it would require to much memory but i think i can change that somehow. However, its definitly not a simple task.

[atom]

OK, I finished a perl version capable of doing width > 3. It works, but is a lot slower than the C version. Have fun, it works pretty nice

Code:

#!/usr/bin/env perl

use strict;
use warnings;

my @intpos_to_rulepos =
(
  '0', '1', '2', '3', '4',
  '5', '6', '7', '8', '9',
  'A', 'B', 'C', 'D', 'E',
  'F', 'G', 'H', 'I', 'J',
);

my $function = "i";
#my $function = "o";

if (scalar @ARGV != 5)
{
  print "usage: $0 dictionary depth width pos_min pos_max\n";

  exit -1;
}

my ($dictionary, $depth, $width, $pos_min, $pos_max) = @ARGV;

if ($width > 20)
{
  print "width > 20\n";

  exit -1;
}

for (my $pos = $pos_min; $pos <= $pos_max; $pos++)
{
  my $table;

  open (IN, $dictionary) or die "$dictionary: $!\n";

  while (my $line = <IN>)
  {
    chomp $line;

    my $len = length $line;

    next if (($len - $pos) < $width);

    my $word = substr ($line, $pos, $width);

    next unless defined $word;

    $table->{$word}++;
  }

  close (IN);

  my @keys = sort { $table->{$b} <=> $table->{$a} } keys %{$table};

  for (my $i = 0; $i < $depth; $i++)
  {
    my @chars = split "", $keys[$i];

    my @rule;

    for (my $j = 0; $j < $width; $j++)
    {
      my $step = join "", $function, $intpos_to_rulepos[$pos + $j], $chars[$j];

      push @rule, $step;
    }

    print join (" ", @rule), "\n";
  }
}

I will add it to hashcat-utils as morph2.pl

[korsa741]

hi ican use this for hashcat-lite for craking sl3

[mastercracker]

hi ican use this for hashcat-lite for craking sl3

You SL3 guys clearly don't know what you are doing...