hashcat Forum Developer Beta Tester v
DES(Unix): Terrible Bug

Threaded Mode
DES(Unix): Terrible Bug
M@LIK Offline
Senior Member
****
Posts: 414
Threads: 14
Joined: Mar 2012
#1
10-22-2012, 04:10 PM
This is a bug report related to descrypt (-m1500) on CPU's hashcat only.
Whenever the flag\s --remove OR\AND -o is\are set while attacking descrypt list, hashcat messes the original hashfile OR\AND the outfile up... very badly.

It increases the last character value in the hash by two:
Code:
hashfile: // eight valid descrypt hashes, four only have an actual password
mf2O1EWzvQqiw
p0qRHLIZPdm7I
yXN6rr862a5MU
LkxEVth80uebc
.............
2222222222222
6666666666666
AAAAAAAAAAAAA

hc64 -m1500 -a3 --pw-min=2 --remove -o outfile hashfile ?d?d
...
Recovered.: 4/8 hashes, 4/8 salts
...

Now hashfile: // notice the last chars
.............
2222222222224
6666666666668
AAAAAAAAAAAAC

outfile: // notice the last char in the last hash
yXN6rr862a5MU:72
mf2O1EWzvQqiw:30
p0qRHLIZPdm7I:75
LkxEVth80uebe:10
> LkxEVth80uebe

Note that some hashes remain intact, don't ask me why.
But all the other hashes undergo an awful alteration causing them to be invalid and un-crackable.

This bug seems to have complicated results, but I'm not discussing it any further cause I'm pretty sure it's all about one flaw.
Find
Reply
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#2
10-22-2012, 04:13 PM
CPU hashcat does not support DEScrypt
Website Find
Reply
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#3
10-22-2012, 04:16 PM
Moved the thread to beta section
Website Find
Reply
M@LIK Offline
Senior Member
****
Posts: 414
Threads: 14
Joined: Mar 2012
#4
10-22-2012, 04:27 PM (This post was last modified: 10-22-2012, 04:33 PM by M@LIK.)
Haha, this just got worse.
hashcat-cli64.exe from https://hashcat.net/files/hashcat-0.41.7z is happy to crack any des hash using -m1500.

Folks, please welcome the new hidden algos...

NOTE: All my tests were done on hashcat-0.41. hashcat-0.42b1 has the bug too, but with different results.
Find
Reply
blandyuk Offline
Member
***
Posts: 187
Threads: 40
Joined: Sep 2010
#5
10-22-2012, 09:45 PM
I tested it with these 2, obviously minus the passwords:

neCYnaUa.vV4c:dragon
neS7QCdrq4MGM:cookie

Found them both, (obviously), and did not mess the hashes up. Does this only happen with lots of DES hashes?
Find
Reply
M@LIK Offline
Senior Member
****
Posts: 414
Threads: 14
Joined: Mar 2012
#6
10-22-2012, 09:51 PM
As I mentioned:
M@LIK Wrote: Note that some hashes remain intact, don't ask me why.

Mostly the outfile is the victim. And, yes, I also noticed nothing happens with two hashes. Try with, say, 20 hashes, make sure that 10 at least remain uncracked and use --remove and -o.
Find
Reply
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#7
10-23-2012, 10:21 AM
Its correct I did not disable the module so that it stays hidden. Thats why I moved this thread into beta so that the public does not see it since its not working as it should. That why I take no bug reports on it, sorry.
Website Find
Reply
M@LIK Offline
Senior Member
****
Posts: 414
Threads: 14
Joined: Mar 2012
#8
10-23-2012, 01:17 PM
That sounds a bit awkward. It explains a lot though.

Anyways, sorry, I did not mean to spoil this.
Waiting for this getting officially supported.
Find
Reply