hashcat
advanced password recovery

slo.sleuth · (This post was last modified: 12-27-2013, 08:48 PM by slo.sleuth.)

Using a mask with mode 5800 fails unless the mask is identical in length as the password. I've experimented with custom masks and have the same result. Oddly, if I use the -i increment option with a mask of a different length than the password, oclhashcat again hits.

This may be the case in other modes, but I've not yet tested. Is this a bug, or am I failing to understand something?

--------------------------------------------------------

Matching example, 4-digit mask for a 4-digit pin:

[font=Courier]$ ./cudaHashcat64.bin -a3 -m5800 XXXXXXXXXXD952CF75FCFE8690FBCDXXXXXXXXXX:fb46e794ee6e8ffa ?d?d?d?d
cudaHashcat v1.00 starting...

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce 9500 GT, 1023MB, 1375Mhz, 4MCU
Device #1: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702
Device #1: Kernel ./kernels/4318/m5800.sm_11.64.ptx
Device #1: Kernel ./kernels/4318/markov_le_v1.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx

XXXXXXXXXXd952cf75fcfe8690fbcdXXXXXXXXXXX:fb46e794ee6e8ffa:3896

Session.Name...: cudaHashcat
Status.........: Cracked
Input.Mode.....: Mask (?d?d?d?d) [4]
Hash.Target....: XXXXXXXXXXd952cf75fcfe8690fbcdXXXXXXXXXX:fb46e794ee6e8ffa
Hash.Type......: Samsung Android Password/PIN
Time.Started...: Fri Dec 27 10:03:45 2013 (1 sec)
Speed.GPU.#1...: 22501 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 9216/10000 (92.16%)
Rejected.......: 0/9216 (0.00%)
HWMon.GPU.#1...: -1% Util, 44c Temp, 100% Fan

Started: Fri Dec 27 10:03:45 2013
Stopped: Fri Dec 27 10:03:46 2013

--------------------------------------------------------

Missing example, 5-digit mask for a 4-digit pin:

$ ./cudaHashcat64.bin -a3 -m5800 XXXXXXXXXXD952CF75FCFE8690FBCDXXXXXXXXXX:fb46e794ee6e8ffa:fb46e794ee6e8ffa ?d?d?d?d?d
cudaHashcat v1.00 starting...

...

Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: Mask (?d?d?d?d?d) [5]
Hash.Target....: XXXXXXXXXXd952cf75fcfe8690fbcdXXXXXXXXXXX:fb46e794ee6e8ffa:fb46e794ee6e8ffa
Hash.Type......: Samsung Android Password/PIN
Time.Started...: Fri Dec 27 10:07:41 2013 (5 secs)
Time.Estimated.: 0 secs
Speed.GPU.#1...: 24305 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 100000/100000 (100.00%)
Rejected.......: 0/100000 (0.00%)
HWMon.GPU.#1...: -1% Util, 44c Temp, 100% Fan

Started: Fri Dec 27 10:07:41 2013
Stopped: Fri Dec 27 10:07:46 2013

--------------------------------------------------------

Matching example with the -i increment option, 5-digit mask for a 4-digit pin:

$ ./cudaHashcat64.bin -a3 -m5800 -i XXXXXXXXXXD952CF75FCFE8690FBCDXXXXXXXXXX:fb46e794ee6e8ffa ?d?d?d?d?d
cudaHashcat v1.00 starting...

...

XXXXXXXXXXd952cf75fcfe8690fbcdXXXXXXXXXXX:fb46e794ee6e8ffa:fb46e794ee6e8ffa:3896

Session.Name...: cudaHashcat
Status.........: Cracked
Input.Mode.....: Mask (?d?d?d?d) [4]
Hash.Target....: XXXXXXXXXXd952cf75fcfe8690fbcdXXXXXXXXXXX:fb46e794ee6e8ffa:fb46e794ee6e8ffa
Hash.Type......: Samsung Android Password/PIN
Time.Started...: Fri Dec 27 10:10:33 2013 (1 sec)
Speed.GPU.#1...: 22487 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 9216/10000 (92.16%)
Rejected.......: 0/9216 (0.00%)
HWMon.GPU.#1...: -1% Util, 43c Temp, 100% Fan

Started: Fri Dec 27 10:10:33 2013
Stopped: Fri Dec 27 10:10:35 2013

--------------------------------------------------------

Thanks in advance for any assistance.

The Mechanic · 12-28-2013, 05:48 AM

Its working as designed and described in full detail in the wiki.

Of course it will not find a 4 length password when searching for length 5, as you noted using the -i increment switch the pass was then found because it then searched all ranges in the specified mask, 1 to 5 as in the posted case.

slo.sleuth · (This post was last modified: 12-31-2013, 07:58 PM by slo.sleuth.)

(12-28-2013, 05:48 AM)The Mechanic Wrote: Its working as designed and described in full detail in the wiki.

Of course it will not find a 4 length password when searching for length 5, as you noted using the -i increment switch the pass was then found because it then searched all ranges in the specified mask, 1 to 5 as in the posted case.

OK, thanks. You're wikifu is greater than mine. I went to the wiki page at http://hashcat.net/wiki/doku.php?id=oclhashcat and did not see any such explanation. I'm familiar with the old --pw-min / --pw-max options for narrowing the attack to specific lengths, and from your comments, I now understand that -i and its variant replace this functionality.

I see the explanation now at: http://hashcat.net/wiki/doku.php?id=mask_attack

Thanks again for the reply.

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery