DES(Unix): Terrible Bug
#1
This is a bug report related to descrypt (-m1500) on CPU's hashcat only.
Whenever the flag\s --remove OR\AND -o is\are set while attacking descrypt list, hashcat messes the original hashfile OR\AND the outfile up... very badly.

It increases the last character value in the hash by two:
Code:
hashfile: // eight valid descrypt hashes, four only have an actual password
mf2O1EWzvQqiw
p0qRHLIZPdm7I
yXN6rr862a5MU
LkxEVth80uebc
.............
2222222222222
6666666666666
AAAAAAAAAAAAA

hc64 -m1500 -a3 --pw-min=2 --remove -o outfile hashfile ?d?d
...
Recovered.: 4/8 hashes, 4/8 salts
...

Now hashfile: // notice the last chars
.............
2222222222224
6666666666668
AAAAAAAAAAAAC

outfile: // notice the last char in the last hash
yXN6rr862a5MU:72
mf2O1EWzvQqiw:30
p0qRHLIZPdm7I:75
LkxEVth80uebe:10
> LkxEVth80uebe

Note that some hashes remain intact, don't ask me why.
But all the other hashes undergo an awful alteration causing them to be invalid and un-crackable.

This bug seems to have complicated results, but I'm not discussing it any further cause I'm pretty sure it's all about one flaw.
Reply
#2
CPU hashcat does not support DEScrypt
Reply
#3
Moved the thread to beta section
Reply
#4
Haha, this just got worse.
hashcat-cli64.exe from https://hashcat.net/files/hashcat-0.41.7z is happy to crack any des hash using -m1500.

Folks, please welcome the new hidden algos...

NOTE: All my tests were done on hashcat-0.41. hashcat-0.42b1 has the bug too, but with different results.
Reply
#5
I tested it with these 2, obviously minus the passwords:

neCYnaUa.vV4c:dragon
neS7QCdrq4MGM:cookie

Found them both, (obviously), and did not mess the hashes up. Does this only happen with lots of DES hashes?
Reply
#6
As I mentioned:
M@LIK Wrote: Note that some hashes remain intact, don't ask me why.

Mostly the outfile is the victim. And, yes, I also noticed nothing happens with two hashes. Try with, say, 20 hashes, make sure that 10 at least remain uncracked and use --remove and -o.
Reply
#7
Its correct I did not disable the module so that it stays hidden. Thats why I moved this thread into beta so that the public does not see it since its not working as it should. That why I take no bug reports on it, sorry.
Reply
#8
That sounds a bit awkward. It explains a lot though.

Anyways, sorry, I did not mean to spoil this.
Waiting for this getting officially supported.
Reply