Possible Bug When Defining Known Character
#1
Hi atom

Well, I finally joined your forum as requested !

Just to report the following bug previously reported on Hashkiller.

XP Pro SP3 32 bit ATI Radeon HD5500 GPU Card

oclHashcat32.exe V 0.25

Make a file called “fy.txt”.

Place this hash in it.

97653FDB12E8FC93579D1C363FB32CB7

Then use this code….

oclHashcat32.exe -m 1000 fy.txt -1 ?l?u?d ?uy?1?1 ?1?1123! -o resultNT.txt

In theory you should find the password Fyling123!

I find it either crashes or sometimes it just completes without finding the password.

If I use this code.

oclHashcat32.exe -m 1000 fy.txt -1 ?l?u?d ?u?1?1?1 ?1?1123! -o resultNT.txt

Hashcat works properly and finds the password.

This error is purely caused by the addition of the known character “y” after the unknown first capitol “u” letter. To make this clear, this experiment is assuming the user knows that the first character is a capitol letter and the second character of the password is a “y”.

Thank you and I hope you can fix this !
#2
(04-07-2011, 11:36 AM)Hash-IT Wrote: Hi atom

Well, I finally joined your forum as requested !

Just to report the following bug previously reported on Hashkiller.

XP Pro SP3 32 bit ATI Radeon HD5500 GPU Card

oclHashcat32.exe V 0.25

Make a file called “fy.txt”.

Place this hash in it.

97653FDB12E8FC93579D1C363FB32CB7

Then use this code….

oclHashcat32.exe -m 1000 fy.txt -1 ?l?u?d ?uy?1?1 ?1?1123! -o resultNT.txt

In theory you should find the password Fyling123!

I find it either crashes or sometimes it just completes without finding the password.

If I use this code.

oclHashcat32.exe -m 1000 fy.txt -1 ?l?u?d ?u?1?1?1 ?1?1123! -o resultNT.txt

Hashcat works properly and finds the password.

This error is purely caused by the addition of the known character “y” after the unknown first capitol “u” letter. To make this clear, this experiment is assuming the user knows that the first character is a capitol letter and the second character of the password is a “y”.

Thank you and I hope you can fix this !

Strange, I was able to do it using your first method posted.

./cudaHashcat64.bin -n 400 --gpu-loops 1024 test.hash -m 1000 -1 ?l?u?d ?uy?1?1 ?1?1123! -o test.out

Status....: Finished
Mode.Left.: Mask '?uy?1?1' (99944)
Mode.Right: Mask '?1?1123!' (3844)
Speed.GPU*: 135.7M/s
Recovered.: 1/1 Digests, 1/1 Salts
Progress..: 102342656/384184736 (26.64%)
Running...: 0 secs

Started: Sun Apr 10 21:55:29 2011
Stopped: Sun Apr 10 21:55:35 2011
/usr/local/oclHashcat# cat test.out
97653fdb12e8fc93579d1c363fb32cb7:Fyling123!


Maybe something windows specific?
#3
i also can not reproduce it... guys, someone here who can reproduce this?
#4
I tried on WinXP 32bit (SP3) with a 9800gt, i wasn't able to reproduce it.

Code:
D:\hashcat\oclhc>cudaHashcat32.exe -m 1000 fy.txt -1 ?l?u?d ?uy?1?1 ?1?1123! -o resultNT.txt
cudaHashcat v0.25 starting...

Digests: 1 entries, 1 unique
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Platform: NVidia compatible platform found
Device #1: GeForce 9800 GT, 511MB, 1500Mhz, 14MCU
NOTE: gpu-accel auto-adjusted to: 24
Device #1: Kernel ./kernels/4318/m1000.sm_11.32.cubin
[s]tatus [p]ause [r]esume [h]elp [q]uit =>
Status....: Finished
Mode.Left.: Mask '?uy?1?1' (99944)
Mode.Right: Mask '?1?1123!' (3844)
Speed.GPU*:  389.4M/s
Recovered.: 1/1 Digests, 1/1 Salts
Progress..: 44040192/384184736 (11.46%)
Running...: 0 secs

Started: Sun Apr 10 23:04:30 2011
Stopped: Sun Apr 10 23:04:30 2011
#5
Hi

Thank you all for your interest in this.

I had started to think you had forgotten me !

The problem has developed somewhat, which may not be bad news after all as I think I can now provide you with more information.

I have 2 things that happen now rather than HashCat finding the password it either appears to run through and not find anything or now the new issue is that it crashes.

I have attached a screen shot and I have also copied the Dr Watson thingy for you. I hope this helps you work it out.

Just in my totally uneducated opinion I notice there is something in the log about “Module load completed but symbols could not be loaded”. Could this help ??

Thank you very much for your time, I promise to upgrade to Win7 soon !!

[quote]
Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.



Application exception occurred:
App: C:\Documents and Settings\Administrator\Desktop\oclHashcat-0.25\oclHashcat32.exe (pid=1304)
When: 10/04/2011 @ 22:56:30.421
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: ASUS
User Name: Administrator
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 107 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 3
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: x

*----> Task List <----*
0 System Process
4 System
412 smss.exe
460 csrss.exe
500 winlogon.exe
544 services.exe
556 lsass.exe
724 Ati2evxx.exe
744 svchost.exe
816 svchost.exe
856 svchost.exe
912 svchost.exe
1004 spoolsv.exe
1080 svchost.exe
1240 wdfmgr.exe
1408 Ati2evxx.exe
1520 alg.exe
1824 Explorer.EXE
1968 GrooveMonitor.exe
1976 Smax4.exe
1984 smax4pnp.exe
2000 ctfmon.exe
2008 TrueCrypt.exe
2028 MOM.exe
260 ccc.exe
400 svchost.exe
1608 NOTEPAD.EXE
1484 cmd.exe
1304 oclHashcat32.exe
692 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 000000000041d000: C:\Documents and Settings\Administrator\Desktop\oclHashcat-0.25\oclHashcat32.exe
(0000000000580000 - 0000000001189000: C:\WINDOWS\system32\amdocl.dll
(0000000003e70000 - 0000000003ea1000: C:\WINDOWS\system32\atiadlxx.dll
(0000000010000000 - 0000000010010000: C:\WINDOWS\system32\OpenCL.dll
(0000000059a60000 - 0000000059b01000: C:\WINDOWS\system32\dbghelp.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(0000000069000000 - 00000000694a7000: C:\WINDOWS\system32\aticaldd.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a80000 - 0000000077b15000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f59000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
(000000007c800000 - 000000007c8f6000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9af000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007e410000 - 000000007e4a1000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0x224 <----*

eax=0047bff8 ebx=00000004 ecx=00472560 edx=00000004 esi=00472558 edi=00418318
eip=0040c138 esp=0022f610 ebp=0022fee8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Module load completed but symbols could not be loaded for C:\Documents and Settings\Administrator\Desktop\oclHashcat-0.25\oclHashcat32.exe
function: oclHashcat32
0040c114 9d popfd
0040c115 38f8 cmp al,bh
0040c117 ffff ???
0040c119 77d5 ja oclHashcat32+0xc0f0 (0040c0f0)
0040c11b 8bb568f7ffff mov esi,[ebp-0x898]
0040c121 89955cffffff mov [ebp-0xa4],edx
0040c127 898558ffffff mov [ebp-0xa8],eax
0040c12d 893424 mov [esp],esi
0040c130 e86b59ffff call oclHashcat32+0x1aa0 (00401aa0)
0040c135 8b55cc mov edx,[ebp-0x34]
FAULT ->0040c138 c6045000 mov byte ptr [eax+edx*2],0x0 ds:0023:0047c000=??
0040c13c a3b4804100 mov [oclHashcat32+0x180b4 (004180b4)],eax
0040c141 e9b6fdffff jmp oclHashcat32+0xbefc (0040befc)
0040c146 8b8d3cf8ffff mov ecx,[ebp-0x7c4]
0040c14c 31d2 xor edx,edx
0040c14e b801000000 mov eax,0x1
0040c153 85c9 test ecx,ecx
0040c155 743b jz oclHashcat32+0xc192 (0040c192)
0040c157 8b8d74f7ffff mov ecx,[ebp-0x88c]
0040c15d c78540f8ffff00000000 mov dword ptr [ebp-0x7c0],0x0
0040c167 8bb100080000 mov esi,[ecx+0x800]

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0022fee8 0040142b 0000000d 00472430 0022ffc0 oclHashcat32+0xc138
0022ffc0 7c817067 0d858620 01cbf7ca 7ffdf000 oclHashcat32+0x142b
0022fff0 00000000 00401720 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000022f610 58 25 47 00 04 00 00 00 - a0 69 40 00 00 00 00 00 X%G......i@.....
000000000022f620 00 00 00 00 00 00 00 00 - 08 00 15 c0 00 00 00 00 ................
000000000022f630 00 f0 fd 7f 00 e0 fd 7f - 84 fc 22 00 34 f9 22 00 ..........".4.".
000000000022f640 19 52 91 7c 80 f6 22 00 - e4 00 23 00 e8 09 2a 01 .R.|.."...#...*.
000000000022f650 58 25 47 00 68 25 47 00 - 30 be 47 00 48 00 48 00 X%G.h%G.0.G.H.H.
000000000022f660 48 6e 47 00 00 00 00 00 - 00 00 00 00 bc fe 22 00 HnG...........".
000000000022f670 18 30 00 00 10 20 00 00 - 78 45 47 00 60 45 47 00 .0... ..xEG.`EG.
000000000022f680 a0 45 47 00 40 6a 47 00 - 18 56 47 00 c0 45 47 00 .EG.@jG..VG..EG.
000000000022f690 20 00 00 00 10 00 00 00 - 60 e5 de 04 01 00 00 00 .......`.......
000000000022f6a0 2c 00 00 00 00 00 00 00 - 01 00 00 00 01 00 00 00 ,...............
000000000022f6b0 38 66 47 00 30 62 47 00 - 10 52 47 00 08 4e 47 00 8fG.0bG..RG..NG.
000000000022f6c0 34 f7 22 00 04 00 00 00 - 18 3c 47 00 00 e9 de 04 4."......<G.....
000000000022f6d0 28 5e 47 00 00 00 00 00 - 18 e8 de 04 20 5a 47 00 (^G......... ZG.
000000000022f6e0 00 4a 47 00 00 50 00 00 - f8 45 47 00 50 00 00 00 .JG..P...EG.P...
000000000022f6f0 01 00 00 00 e8 bf 47 00 - 80 88 4e 00 78 48 48 00 ......G...N.xHH.
000000000022f700 00 00 00 00 01 00 00 00 - 00 40 06 00 00 00 00 00 .........@......
000000000022f710 01 00 00 00 c0 bf 47 00 - 00 00 00 00 0c 00 00 00 ......G.........
000000000022f720 04 00 00 00 06 00 00 00 - 04 00 00 00 f0 f7 22 00 ..............".
000000000022f730 c9 5c 91 7c 6d 31 30 30 - 30 71 00 00 a0 10 23 00 .\.|m1000q....#.
000000000022f740 b4 f7 22 00 50 f7 22 00 - 14 b2 97 7c 27 5d 91 7c ..".P."....|'].|

*----> State Dump for Thread Id 0x158 <----*

eax=05730000 ebx=00000000 ecx=000000c0 edx=05730000 esi=0000073c edi=00000000
eip=7c90e4f4 esp=044dfe70 ebp=044dfed4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90e4da e829000000 call ntdll!RtlRaiseException (7c90e508)
7c90e4df 8b0424 mov eax,[esp]
7c90e4e2 8be5 mov esp,ebp
7c90e4e4 5d pop ebp
7c90e4e5 c3 ret
7c90e4e6 8da42400000000 lea esp,[esp]
7c90e4ed 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e4f0 8bd4 mov edx,esp
7c90e4f2 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e4f4 c3 ret
7c90e4f5 8da42400000000 lea esp,[esp]
7c90e4fc 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e500 8d542408 lea edx,[esp+0x8]
7c90e504 cd2e int 2e
7c90e506 c3 ret
7c90e507 90 nop
ntdll!RtlRaiseException:
7c90e508 55 push ebp
7c90e509 8bec mov ebp,esp

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** WARNING: Unable to verify checksum for C:\WINDOWS\system32\amdocl.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\amdocl.dll -
ChildEBP RetAddr Args to Child
044dfed4 7c802542 0000073c ffffffff 00000000 ntdll!KiFastSystemCallRet
044dfee8 005cb11f 0000073c ffffffff 00000037 kernel32!WaitForSingleObject+0x12
0129ba80 0000073c 68735f6c 6e697261 6c632067 amdocl+0x4b11f

*----> Raw Stack Dump <----*
00000000044dfe70 3c df 90 7c db 25 80 7c - 3c 07 00 00 00 00 00 00 <..|.%.|<.......
00000000044dfe80 00 00 00 00 30 25 80 7c - 80 ba 29 01 00 00 00 00 ....0%.|..).....
00000000044dfe90 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000044dfea0 10 00 00 00 9b ae 5c 00 - 00 00 00 00 00 f0 fd 7f ......\.........
00000000044dfeb0 00 d0 fd 7f 00 00 00 00 - 0b 00 00 00 84 fe 4d 04 ..............M.
00000000044dfec0 64 f5 22 00 48 ff 4d 04 - c0 9a 83 7c 08 26 80 7c d.".H.M....|.&.|
00000000044dfed0 00 00 00 00 e8 fe 4d 04 - 42 25 80 7c 3c 07 00 00 ......M.B%.|<...
00000000044dfee0 ff ff ff ff 00 00 00 00 - 80 ba 29 01 1f b1 5c 00 ..........)...\.
00000000044dfef0 3c 07 00 00 ff ff ff ff - 37 00 00 00 28 c4 29 01 <.......7...(.).
00000000044dff00 b6 af 5c 00 28 c4 29 01 - 00 00 00 00 b8 c3 29 01 ..\.(.).......).
00000000044dff10 20 c4 29 01 01 00 00 00 - 00 00 00 00 80 ba 29 01 .)...........).
00000000044dff20 92 7d 5c 00 b8 c3 29 01 - 08 50 2e 01 b4 ff 4d 04 .}\...)..P....M.
00000000044dff30 c8 c3 29 01 28 c4 29 01 - b8 c3 29 01 00 00 00 00 ..).(.)...).....
00000000044dff40 80 aa 29 01 28 c4 29 01 - 7c ff 4d 04 e0 ac b8 00 ..).(.).|.M.....
00000000044dff50 01 00 00 00 ab 80 5c 00 - 08 50 2e 01 90 fb 29 01 ......\..P....).
00000000044dff60 c8 c3 29 01 c8 c3 29 01 - 4b a9 5c 00 b8 c3 29 01 ..)...).K.\...).
00000000044dff70 00 00 00 00 48 00 48 00 - 90 fb 29 01 a4 ff 4d 04 ....H.H...)...M.
00000000044dff80 88 93 b8 00 ff ff ff ff - d6 94 5c 00 00 00 00 00 ..........\.....
00000000044dff90 48 00 48 00 c8 c3 29 01 - 00 00 00 00 8c ff 4d 04 H.H...).......M.
00000000044dffa0 00 00 00 00 dc ff 4d 04 - 08 e6 83 00 80 53 0b 01 ......M......S..

*----> State Dump for Thread Id 0x184 <----*

eax=00000001 ebx=00000000 ecx=000004c5 edx=7c90e4f4 esi=0592fe54 edi=00000000
eip=7c90e4f4 esp=0592fe08 ebp=0592fe28 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90e4da e829000000 call ntdll!RtlRaiseException (7c90e508)
7c90e4df 8b0424 mov eax,[esp]
7c90e4e2 8be5 mov esp,ebp
7c90e4e4 5d pop ebp
7c90e4e5 c3 ret
7c90e4e6 8da42400000000 lea esp,[esp]
7c90e4ed 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e4f0 8bd4 mov edx,esp
7c90e4f2 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e4f4 c3 ret
7c90e4f5 8da42400000000 lea esp,[esp]
7c90e4fc 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e500 8d542408 lea edx,[esp+0x8]
7c90e504 cd2e int 2e
7c90e506 c3 ret
7c90e507 90 nop
ntdll!RtlRaiseException:
7c90e508 55 push ebp
7c90e509 8bec mov ebp,esp

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\msvcrt.dll -
ChildEBP RetAddr Args to Child
0592fe28 7c8743e8 0592fe54 00000000 00020201 ntdll!KiFastSystemCallRet
0592ff10 7c87450d 0000000f 0592ff54 00000001 kernel32!InvalidateConsoleDIBits+0x1b3
0592ff30 77c2e8e1 0000000f 0592ff54 00000001 kernel32!ReadConsoleInputA+0x1a
0592ff70 77c2e928 7c8024b7 77c2ead3 00000003 msvcrt!open_osfhandle+0x22f
0592ffb4 7c80b713 00000000 7c910208 ffffffff msvcrt!open_osfhandle+0x276
0592ffec 00000000 004069a0 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000592fe08 cc da 90 7c c8 2d 91 7c - ec 07 00 00 54 fe 92 05 ...|.-.|....T...
000000000592fe18 54 fe 92 05 6c ff 92 05 - f3 44 87 7c 00 00 00 00 T...l....D.|....
000000000592fe28 10 ff 92 05 e8 43 87 7c - 54 fe 92 05 00 00 00 00 .....C.|T.......
000000000592fe38 01 02 02 00 78 00 00 00 - b7 24 80 7c f3 44 87 7c ....x....$.|.D.|
000000000592fe48 10 af 81 7c 54 ff 92 05 - 00 00 00 00 88 00 a4 00 ...|T...........
000000000592fe58 00 00 00 00 18 05 00 00 - 84 01 00 00 82 73 00 00 .............s..
000000000592fe68 00 00 00 00 00 00 00 00 - 01 02 02 00 00 00 00 00 ................
000000000592fe78 10 af 81 7c 01 00 32 00 - 0f 00 00 00 10 00 2a 01 ...|..2.......*.
000000000592fe88 01 00 00 00 f0 92 16 00 - 01 00 00 00 07 00 00 00 ................
000000000592fe98 02 00 00 00 18 05 00 00 - 84 01 00 00 23 73 00 00 ............#s..
000000000592fea8 00 00 00 00 00 00 00 00 - 11 02 02 00 00 00 00 00 ................
000000000592feb8 50 1f 47 00 01 00 32 00 - 0f 00 00 00 00 00 00 00 P.G...2.........
000000000592fec8 20 00 00 00 18 ff 92 05 - f8 cb fd 7f 00 00 00 00 ...............
000000000592fed8 00 ff 92 05 79 eb 90 7c - 00 cc fd 7f 0c 00 00 00 ....y..|........
000000000592fee8 84 fe 92 05 01 00 00 00 - 00 00 00 00 c5 04 00 00 ................
000000000592fef8 40 fe 92 05 00 00 00 00 - dc ff 92 05 c0 9a 83 7c @..............|
000000000592ff08 90 44 87 7c ff ff ff ff - 30 ff 92 05 0d 45 87 7c .D.|....0....E.|
000000000592ff18 0f 00 00 00 54 ff 92 05 - 01 00 00 00 6c ff 92 05 ....T.......l...
000000000592ff28 00 00 00 00 00 00 00 00 - 70 ff 92 05 e1 e8 c2 77 ........p......w
000000000592ff38 0f 00 00 00 54 ff 92 05 - 01 00 00 00 6c ff 92 05 ....T.......l...

[Image: 1nmohe9dw]

Edit....

Sorry I don't know why the image isn't showing up so here is a link.

http://postimage.org/image/1nmohe9dw/