oclhashcat-plus 0.13 doesn't find password even though it's provided in wordlist
#1
Question 
Hi,

I have a problem with WPA/WPA2 password recovery using oclHashcat-plus64.
I'm using Linux Mint 14 and an AMD HD 6800. I have Catalyst 13.1 installed.
I used aircrack-ng to record the four-way handshake on my network. Then I converted the .cap file as described in the hashcat-wiki (wpaclean and aircrack -J).

For a simple test, I put my WPA password into a txt file and launched oclhashcat-plus64 using this command:
./oclHashcat-plus64.bin -m 2500 capture.hccap mywordlist.txt

This is the output:
Code:
./oclHashcat-plus64.bin -m 2500 capture.hccap mywordlist.txt
oclHashcat-plus v0.13 by atom starting...

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Workload: 16 loops, 8 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Barts, 512MB, 900Mhz, 14MCU
Device #1: Kernel ./kernels/4098/m2500.Barts_1084.4_1084.4.kernel (1789032 bytes)

Generated dictionary stats for mywordlist.txt: 19 bytes, 1 words, 0 keyspace                    

                                            
Session.Name...: oclHashcat-plus
Status.........: Exhausted
Input.Mode.....: File (mywordlist.txt)
Hash.Target....: Luftbruecke (00:03:c9:34:c6:b0 <-> 6c:83:36:b9:5e:d3)
Hash.Type......: WPA/WPA2
Time.Started...: Wed Feb 13 20:38:08 2013 (43 years, 43 days)
Time.Estimated.: 0 secs
Speed.GPU.#1...:        0/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 0/0 (100.00%)
Rejected.......: 0/0 (100.00%)
HWMon.GPU.#1...:  1% Util, 44c Temp, 23% Fan

Started: Wed Feb 13 20:38:08 2013
Stopped: Wed Feb 13 20:38:08 2013

mywordlist.txt contains nothing but the correct password, yet oclhashcat-plus doesn't recognize it. What's going wrong here? Any ideas?
Btw, when I use large wordlists, I notice that the "Rejected" rate is quite high (~35%).
#2
With large wordlists your rejected's are most likely passwords less than 8 char in len. As to why you are unable to recover the one you know, hmmm.... Try using -a 3 with the pass as the mask and see if it cracks.
#3
Code:
mywordlist.txt: 19 bytes, 1 words, 0 keyspace
How long is your password ? It's 18-19 characters long, isn't it ? But the point is, there's keyspace of 0 according to hashcat. Better try with mask.
#4
Hi, thanks for your answers.
I've tried -a 3 with the password as mask and it doesn't do anything, the status doesn't change and it doesn't finish.
Oh, you're right, the password is 18 characters long. I didn't count them before.
So that's not supported?
#5
No. Only passwords of length up to 15 characters are supported.
#6
(02-13-2013, 10:57 PM)Kuci Wrote: No. Only passwords of length up to 15 characters are supported.

Hello, i have same problem, but length of my pass is 13. In the wordlist i have the proper password, but in status is still Exhausted... Can you see any problem?

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 16
Password lengths range: 8 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Tahiti, 2048MB, 1Mhz, 32MCU
Device #2: Tahiti, 2048MB, 1Mhz, 32MCU
Device #1: Allocating 38MB host-memory
Device #1: Kernel ./kernels/4098/m2500.Tahiti.64.kernel (1310400 bytes)
Device #2: Allocating 38MB host-memory
Device #2: Kernel ./kernels/4098/m2500.Tahiti.64.kernel (1310400 bytes)

Scanning dictionary C:\WPA\wordlist.txt: 14 bytes (107.69%), 1 words, 1 keyspace
Scanned dictionary C:\WPA\wordlist.txt: 14 bytes, 1 words, 1 keyspace, starting
attack...


Status.......: Exhausted
Input.Mode...: File (C:\WPA\wordlist.txt)
Hash.Target..: MyWifi
Hash.Type....: WPA/WPA2
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 999.4ms/0.0ms Real/CPU, 0.0% idle
Speed........: 1 c/s Real, 0 c/s GPU
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 1/1 (100.00%)
Rejected.....: 0/1 (0.00%)
HW.Monitor.#1: 64% GPU, 53c Temp
HW.Monitor.#2: 64% GPU, 53c Temp

Started: Sun Jul 31 14:53:36 2011
Stopped: Sun Jul 31 14:53:38 2011
#7
(07-31-2013, 02:59 PM)Hop Wrote:
(02-13-2013, 10:57 PM)Kuci Wrote: No. Only passwords of length up to 15 characters are supported.

Hello, i have same problem, but length of my pass is 13. In the wordlist i have the proper password, but in status is still Exhausted... Can you see any problem? With the aircrack i am able to find the pass from the wordlist, but not in hashcat. I have used aircrack-ng -J to generate hccap file.

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 16
Password lengths range: 8 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Tahiti, 2048MB, 1Mhz, 32MCU
Device #2: Tahiti, 2048MB, 1Mhz, 32MCU
Device #1: Allocating 38MB host-memory
Device #1: Kernel ./kernels/4098/m2500.Tahiti.64.kernel (1310400 bytes)
Device #2: Allocating 38MB host-memory
Device #2: Kernel ./kernels/4098/m2500.Tahiti.64.kernel (1310400 bytes)

Scanning dictionary C:\WPA\wordlist.txt: 14 bytes (107.69%), 1 words, 1 keyspace
Scanned dictionary C:\WPA\wordlist.txt: 14 bytes, 1 words, 1 keyspace, starting
attack...


Status.......: Exhausted
Input.Mode...: File (C:\WPA\wordlist.txt)
Hash.Target..: MyWifi
Hash.Type....: WPA/WPA2
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 999.4ms/0.0ms Real/CPU, 0.0% idle
Speed........: 1 c/s Real, 0 c/s GPU
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 1/1 (100.00%)
Rejected.....: 0/1 (0.00%)
HW.Monitor.#1: 64% GPU, 53c Temp
HW.Monitor.#2: 64% GPU, 53c Temp

Started: Sun Jul 31 14:53:36 2011
Stopped: Sun Jul 31 14:53:38 2011
#8
Did you tried to crack it with, for example, aircrack ? If you'll get same results with aircrack or JtR, you have captured invalid packets.
#9
(07-31-2013, 08:23 PM)Kuci Wrote: Did you tried to crack it with, for example, aircrack ? If you'll get same results with aircrack or JtR, you have captured invalid packets.

Yes and this is the problem with aircrack i am able to find the right password (with the same wordlist)...
Can you provide me some example .hccap and the password to be able to test it?
#10
As always, you should try the example hashes (http://hashcat.net/wiki/doku.php?id=example_hashes ):
http://hashcat.net/misc/example_hashes/hashcat.hccap
Password: 'hashcat!' (w/o quotes)