RAR hash cracking problems
#1
Hey
I tried to use Cudahashcat to crack rar file in stdin input mode.
but all the candidate passwords are rejected.
i don't know why?
any one can help me?
this is my command:
Code:
maskprocessor\mp64.exe -i 18:26 -1 ?l?s password?1?1?1?1?1?1?1?1|C:\cuda37\cudaHashcat-1.37\cudaHashcat64.exe -a 0 -m 12500 -d 1,2,3,4,5,6,8 --gpu-temp-abort=75 -p : --outfile-format=3 -o c:\cracked\rarhash.txt c:\hashes\11122.txt

this is cudahashcat status:
all

Code:
Session.Name...: cudaHashcat
Status.........: Aborted
Input.Mode.....: Pipe
Hash.Target....: [hash-filtered]
Hash.Type......: RAR3-hp
Time.Started...: Thu Oct 15 03:10:14 2015 (1 day, 20 hours)
Speed.GPU.#1...:        0 H/s
Speed.GPU.#2...:        0 H/s
Speed.GPU.#3...:        0 H/s
Speed.GPU.#4...:        0 H/s
Speed.GPU.#5...:        0 H/s
Speed.GPU.#6...:        0 H/s
Speed.GPU.#7...:        0 H/s
Speed.GPU.#*...:        0 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 577314814262
Rejected.......: 577314814262

Started: Thu Oct 15 03:10:14 2015
Stopped: Fri Oct 16 23:52:42 2015
#2
-m 12500 supports a max of 20 chars in -a 0, so your candidates shouldn't be rejected. And indeed I cannot reproduce this with 1.37 using the command you provided:

Code:
sagitta@inceptus:~/cudaHashcat-1.37$ maskprocessor/src/mp64.bin -i 18:26 -1 ?l?s password?1?1?1?1?1?1?1?1 | ./cudaHashcat64.bin --quiet --status -m 12500 rar.test
^C
Session.Name...: cudaHashcat
Status.........: Aborted
Input.Mode.....: Pipe
Hash.Target....: ...
Hash.Type......: RAR3-hp
Time.Started...: Sat Oct 17 00:34:23 2015 (12 secs)
Speed.GPU.#1...:     9429 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 79872
Rejected.......: 0
HWMon.GPU.#1...: 91% Util, 59c Temp, 26% Fan

But let's talk about that command, because it doesn't make any sense.

First, you're telling maskprocessor to increment from length 18-26, but your mask is only 16 chars long. And that's on top of the fact that there's absolutely no reason to use maskprocessor here at all. You also don't need to specify -p or --outfile-format, and your --gpu-temp-abort value is insanely low. And what happened to device 7?

Fixing your command for you:

Code:
cudaHashcat64 -a 3 -m 12500 -o C:\cracked\rarhash.txt -w 3 -1 ?l?s C:\hashes\11122.txt password?1?1?1?1?1?1?1?1

And this leads us to your final and biggest problem: that keyspace is way too big. You're trying to brute force 59^8 on a very slow algorithm. Even if you had 8x Titan X this would take 35 years (or, you would need 280x Titan X to exhaust this keyspace in one year.)
#3
at first i have to say thank you epixoip
device #7 is destroyed
the word "password" is just an substitute for the real password.
the word before mask has about 18 char length
i have 8 Tesla M2090
i used a command like you but after 20 character length hashcat finished the progress and did not continue to 21..26 char length
#4
Ah ok, that makes more sense then. But yeah, there's a 20-char limit for this algorithm.
#5
any solution or alternative like pipe input?
#6
No, there's no way to get around it.