hashcat Forum Deprecated; Previous versions Old hashcat Support v
Mac OS X 10.8-9 Issue

Threaded Mode
Mac OS X 10.8-9 Issue
moxilo Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Feb 2014
#1
02-09-2014, 05:15 PM (This post was last modified: 02-09-2014, 05:50 PM by philsmd.)
Dear hashcat developers,

I have an issue trying to crack a password stored in PBKDF2 (Salted SHA-512). The code number for this algorithm is "7100".

The information is extracted from the binary property list of the user where the attribute SALTED-SHA512-PBKDF2 is another binary property list. The information extracted for a password "abcd" is this:

- The iterations are 37313.
- Shalt is fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554.
- Entropy is
a731XXXXeXXXXXXXXXXXXXXXXXXXXceafc083c6bcxxxxxxxxxxxxxxxxxxxxe4625ef113b66f3xxxxxxxxxxxxxxxxxxxxxxdb3f7f14917XXXXXXXXXXXXX0aba2064XXXXX345d98c0c9a411bfd1144dd4b3c4XXXXXXX8b66d5b9abXXXXXXXXX2e103928ef21db6e25b536a60ff1XXXXXXX5be3aa7ba3a4c16b3XXXXXXXX66XXX78.

Then the result is:
$ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731XXXXeXXXXXXXXXXXXXXXXXXXXceafc083c6bcxxxxxxxxxxxxxxxxxxxxe4625ef113b66f3xxxxxxxxxxxxxxxxxxxxxxdb3f7f14917XXXXXXXXXXXXX0aba2064XXXXX345d98c0c9a411bfd1144dd4b3c4XXXXXXX8b66d5b9abXXXXXXXXX2e103928ef21db6e25b536a60ff1XXXXXXX5be3aa7ba3a4c16b3XXXXXXXX66XXX78

First of all, the Mac OS X 10.8/0.9 hash provided as an example https://hashcat.net/wiki/doku.php?id=example_hashes has an invalid entropy. It is 256 hexadecimal characters and not 128, as you can also see here: https://hashcat.net/forum/thread-1687-po...l#pid10926.

Secondly the tool doesn't get a valid password, maybe I am doing something wrong, but using dave tool I get the valid password (so slow, 14 password/second):

root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat hash
$ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731XXXXeXXXXXXXXXXXXXXXXXXXXceafc083c6bcxxxxxxxxxxxxxxxxxxxxe4625ef113b66f3xxxxxxxxxxxxxxxxxxxxxxdb3f7f14917XXXXXXXXXXXXX0aba2064XXXXX345d98c0c9a411bfd1144dd4b3c4XXXXXXX8b66d5b9abXXXXXXXXX2e103928ef21db6e25b536a60ff1XXXXXXX5be3aa7ba3a4c16b3XXXXXXXX66XXX78
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat wordlist
a
ab
abc
abcd
abcde
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# hashcat -m 7100 hash wordlist
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file hash: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen


Input.Mode: Dict (wordlist)
Index.....: 1/1 (segment), 5 (words), 20 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 5/5 (100.00%)
Running...: 00:00:00:01
Estimated.: --:--:--:--

Started: Sun Feb 9 14:59:34 2014
Stopped: Sun Feb 9 14:59:35 2014
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root#

However the password "abcd" is in the wordlist.

Thank you.

[hashes masked by philsmd]
Find
philsmd Offline
I'm phil
******
Posts: 2,267
Threads: 16
Joined: Feb 2013
#2
02-09-2014, 05:27 PM (This post was last modified: 02-09-2014, 05:31 PM by philsmd.)
First see here: https://hashcat.net/forum/announcement-2.html

You shouldn't post hashes if you were not asked by a moderator or dev.

The answer is simple, just truncate the length to the one indicated in the example hash wiki section: http://hashcat.net/wiki/doku.php?id=example_hashes

See the example here:
Code:
$ cat abcd.txt
abcd
$ cat m7100.txt
$ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731XXXXeXXXXXXXXXXXXXXXXXXXXceafc083c6bcxxxxxxxxxxxxxxxxxxxxe4625ef113b66f3xxxxxxxxxxxxxxxxxxxxxxdb3f7f14917XXXXXXXXXXXXX0aba20
$ ./hashcat-cliXOP.bin -m 7100 m7100.txt abcd.txt
Initializing hashcat v0.48 by atom with 8 threads and 32mb segment-size...

Added hashes from file m7100.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen

$ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731XXXXeXXXXXXXXXXXXXXXXXXXXceafc083c6bcxxxxxxxxxxxxxxxxxxxxe4625ef113b66f3xxxxxxxxxxxxxxxxxxxxxxdb3f7f14917XXXXXXXXXXXXX0aba20:abcd

All hashes have been recovered

Input.Mode: Dict (abcd.txt)
Index.....: 1/1 (segment), 1 (words), 5 (bytes)
Recovered.: 1/1 hashes, 1/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--

Started: Sun Feb  9 16:20:59 2014
Stopped: Sun Feb  9 16:20:59 2014

Hope this helps.
Just truncate the hash (because the additional bytes are not needed Wink )

Note: in theory I should ban you, because you broke the rules...
But since it wasn't explained very well (and hashcat-cli could also ignore the additional bytes) you helped somehow to improve the wiki / hashcat-cli parsing....

Anyway, don't post hashes again if not asked
Find
moxilo Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Feb 2014
#3
02-10-2014, 02:21 AM (This post was last modified: 02-10-2014, 02:34 AM by moxilo.)
Hello philsmd,

Please apologize for that, I didn't know that I wasn't able to paste this hash. I had to read the rules before, sorry. Moreover thank you for your help.

I've deleted the last 128 characters from the hash, but it still not working. I have also deleted the new line characters and checked with both options:

root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# xxd m7100.txt | tail -1
00000c0: 3139 6131 6230 6162 6132 30 19a1b0aba20
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# xxd m7100_n.txt | tail -1
00000c0: 3139 6131 6230 6162 6132 300a 19a1b0aba20.
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat m7100.txt | wc -c
203
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat m7100.txt
$ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaba20root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat m7100_n.txt
$ml$37313$fa6cac1869263baa85cffc5e77a3d4ee164b75536cae26ce8547108f60e3f554$a731xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaba20


root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# hashcat -m 7100 -a 3 --pw-min 4 m7100.txt abcd
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file m7100.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen


Input.Mode: Mask (abcd) [4]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: 00:00:00:01
Estimated.: --:--:--:--

Started: Mon Feb 10 00:00:53 2014
Stopped: Mon Feb 10 00:00:54 2014


root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# hashcat -m 7100 -a 3 --pw-min 4 m7100_n.txt abcd
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file m7100_n.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen


Input.Mode: Mask (abcd) [4]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: 00:00:00:01
Estimated.: --:--:--:--

Started: Mon Feb 10 00:01:00 2014
Stopped: Mon Feb 10 00:01:01 2014
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root#


root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# cat wordlist.txt
abcd
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_root# hashcat -m 7100 m7100_n.txt wordlist.txt
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file m7100_n.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen


Input.Mode: Dict (wordlist.txt)
Index.....: 1/1 (segment), 1 (words), 5 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--

Started: Mon Feb 10 00:04:58 2014
Stopped: Mon Feb 10 00:04:58 2014


I had also tried downloading the hashcat from the web page, but without luck (it is i686 virtual machine):

root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/mac_rooted# ./hashcat-0.47/hashcat-cli32.bin -m 7100 -a 3 --pw-min 4 m7100_n.txt abcd
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file m7100_n.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen


Input.Mode: Mask (abcd) [4]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: 00:00:00:01
Estimated.: --:--:--:--

Started: Mon Feb 10 00:18:54 2014
Stopped: Mon Feb 10 00:18:55 2014

Thank you.

Note: I have probed in a x86_64 architecture (windows and linux) and it works perfectly. I believe that it is a i386 issue.
Find
philsmd Offline
I'm phil
******
Posts: 2,267
Threads: 16
Joined: Feb 2013
#4
02-11-2014, 04:19 PM (This post was last modified: 02-11-2014, 04:20 PM by philsmd.)
Thx for these details and your testing...

We did make the same test w/ a 32bit system (and w/ 32bit binary on 64bit system) and discovered a problem for this hash type, other affected hash types are 1750, 1760 and 6500.

This helped a lot to find these bugs...

But keep in mind, next time report issues on trac (https://hashcat.net/trac/ ) and don't post hashes on forum.

Next release version will include those fixes.

Thanx again
Find