Custom start for bruting?
#1
Say I'm using this command..

oclhashcat64 -m 2500 -a 3 mycapfile.hccap ?d?d?d?d?d?d?d?d?d



Is  there any command where I can specify where to start? say... 531238761, instead of 000000000?
#2
Actually yes there is.

The only thing you need to make sure is that markov is *disabled*, otherwise you can't easily say at which percentage that number is being checked (that also means that if you had to run all values up to 531238761 too, markov had to be disabled for that range/run too).

Calculate the percentage:
531238761 / 10^9 = 531238761 / 1000000000 = 0.531238761
(53.12%)

Important, get the value for the whole "keyspace":
Code:
$ ./oclHashcat64.bin -m 2500 -a 3 --keyspace hashcat.hccap ?d?d?d?d?d?d?d?d?d
100000000

Do some more math to get the -s value:
(total keyspace * percentage = -s value)
100000000 * 0.531238761 = 53123876

Run it:
Code:
./oclHashcat64.bin -m 2500 -a 3 -s 53123876 --markov-disable hashcat.hccap ?d?d?d?d?d?d?d?d?d

Note: you must use --markov-disable (otherwise this -s value is not correct)
Note2: I always recommend that you choose the -s value a little bit lower than the calculated one (just to be very sure that we actually don't skip anything, so maybe choose a -s value around 53000000 or so. if you are concerned enough to miss anything Wink )
#3
Fantastic, thank you. Is there a way to stop it at a certain percentage too?

Just run from 500000000 to 600000000

10^9 is 1000000000

that'll be 50% - 60% to run


Would it be -s 500000000 -l 100000000?

* Distributed:

-s, --skip=NUM Skip number of words
-l, --limit=NUM Limit number of words
--keyspace Show keyspace base:mod values and quit
#4
nope. it doesn't work like that.

You always need to make it relative to the --keyspace value.
also note 100% (the total --keyspace for oclHashcat) is 100000000 (100M) and *not* 1000000000 (1G, or 10^9). That is how it is defined (just do the math, it's easy, I just gave you the formulas above).

But yes, -l can be used to limit the keyspace
#5
I got it, thanks! I don't necessarily need to go by the actual number, I can go by the keyspace number.

Code:
oclhashcat64 -m 2500 -a 3 -s 50000000 -l 10000000 --session 128 --markov-disable 1013_1451021075.hccap ?d?d?d?d?d?d?d?d?
oclHashcat v2.01 starting...

Device #1: Cayman, 1024MB, 870Mhz, 22MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4098/m02500.Cayman_1800.8_1800.8 (VM)_1449318458.kernel (538808 bytes)
Device #1: Kernel ./kernels/4098/markov_le_v2.Cayman_1800.8_1800.8 (VM)_1449318458.kernel (56988 bytes)
Device #1: Kernel ./kernels/4098/amp_a3_v2.Cayman_1800.8_1800.8 (VM)_1449318458.kernel (16156 bytes)

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

Session.Name...: 128
Status.........: Running
Input.Mode.....: Mask (?d?d?d?d?d?d?d?d?d) [9]
Hash.Target....: -
Hash.Type......: WPA/WPA2
Time.Started...: Sun Dec 27 12:34:52 2015 (1 sec)
Time.Estimated.: Sun Dec 27 13:05:10 2015 (30 mins, 16 secs)
Speed.GPU.#1...:    73421 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 500067584/600000000 (83.34%)
Rejected.......: 0/500067584 (0.00%)
Restore.Point..: 0/100000000 (0.00%)
HWMon.GPU.#1...:  0% Util, 26c Temp, 5% Fan

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
#6
Also, thinking about it, it might actually not work exactly like that, since even with --markov-disable oclHashcat changes the left side most frequently e.g.:
531238761
631238761
731238761
831238761
and *not*
531238761
531238762
531238763
531238764

so 531238761 is actually tested much earlier than 53.12% (should be at around 16% already).

But the idea with -s / -l remains the same.

----

That means, to solve your initial problem to start at a certain position, the easiest way is to use a .hcmask file ( https://hashcat.net/wiki/doku.php?id=mas...mask_files ):
e.g. with content:
53?d?d?d?d?d?d?d
456789,5?1?d?d?d?d?d?d?d
6789,?1?d?d?d?d?d?d?d?d
(and with this .hcmask approach you don't even need to use --markov-disable)
Note: one big disadvantage of these reduced keyspaces within the .hcmask file is that full acceleration might not be possible (but might not be that much of a problem at all for a slow algorithm like -m 2500 = WPA/WPA2)