hashcat-3.00 - potfile behavior / ignored ?
#1
Looks like previous to 3.00 the potfile was written in the current working dir.  In 3.00 I'm finding it written in the 3.00 directory (i.e. where hashcat64.bin is).  However - hashcat-3.00 doesn't seem to read this and skip already cracked hashes.  I can use --show - and I get the expected result (i.e. it IS writing out to the potfile).  Taking --show off - 3.00 wants to crack the hash again.  2.01 would give:

Code:
INFO: removed 1 hash found in pot file

I cannot seem to get 3.00 to read the potfile and skip the run if it's already cracked.

I did read the announcement and searched a bit before I posted this - nevertheless apologies if there's something I missed that explains this new behavior.  Thanks.
#2
If you run the same command twice and unless you use --potfile-disable or something that disables the use of the potfile, the second command will not crack the same hashes again. That didn't change.

I'm not sure if I understood your question correctly, are you asking how you can copy the 2.01 potfile over to your 3.00 so that you can use it over there?
#3
Yes, after I re-read my post it seemed a bit unclear.

Here is a run on a previously cracked hash (WPA).  I am in a different directory from where the hashcat binaries (and potfile) are.

Code:
vom@ocl:~/cracking$ cat ../hashcat/hashcat.pot
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA

vom@ocl:~/cracking$ ../hashcat/hashcat64.bin -a 3 -m 2500 XXXX_yyyyyyyyyyyy.cap.hccap 19?d?d?d?d?d?d
hashcat (v3.00-1-g67a8d97) starting...

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
- Device #1: Capeverde, 361/659 MB allocatable, 10MCU
- Device #2: Capeverde, 570/992 MB allocatable, 10MCU
- Device #3: AMD FX(tm)-4100 Quad-Core Processor, skipped

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA

Session.Name...: hashcat
Status.........: Cracked
Input.Mode.....: Mask (19?d?d?d?d?d?d) [8]
Hash.Target....: XXXX (yy:yy:yy:yy:yy:yy <-> zz:zz:zz:zz:zz:zz)
Hash.Type......: WPA/WPA2
Time.Started...: Tue Jul  5 08:55:32 2016 (7 secs)
Speed.Dev.#1...:    43394 H/s (11.80ms)
Speed.Dev.#2...:    45059 H/s (11.81ms)
Speed.Dev.#*...:    88453 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 601600/1000000 (60.16%)
Rejected.......: 0/601600 (0.00%)
Restore.Point..: 430080/1000000 (43.01%)

Started: Tue Jul  5 08:55:32 2016
Stopped: Tue Jul  5 08:55:42 2016

vom@ocl:~/cracking$ cat ../hashcat/hashcat.pot
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA

So it didn't exit out even though the recovered hash was already in the pot.  Furthermore - it wrote the output again (it's now in the pot twice).  In a nutshell - 3.00 doesn't seem to read the potfile, yet it writes to it.
#4
Indeed looks like a bug in potfile handling. WPA has a special subsection for it. Need to look into that. Please post a GitHub issue for it.
#5
Well, guess it is already too late to create an issue. But good news, it seems we already fixed the problem: see https://github.com/hashcat/hashcat/pull/419

Thanks for reporting (and please test to make sure that the fix also worked for you)

Note: if you do not want to compile it from source yourself, just use newest beta from https://hashcat.net/beta/ (beta 30 or above)
#6
(07-06-2016, 10:11 AM)philsmd Wrote: Well, guess it is already too late to create an issue. But good news, it seems we already fixed the problem: see https://github.com/hashcat/hashcat/pull/419

Thanks for reporting (and please test to make sure that the fix also worked for you)

Note: if you do not want to compile it from source yourself, just use newest beta from https://hashcat.net/beta/ (beta 30 or above)

Looks good.  I pulled down v3.00-30-g450b779 and it skips previously cracked WPA as expected.  Thanks much everyone.
#7
(07-06-2016, 09:08 PM)vom Wrote: Looks good.  I pulled down v3.00-30-g450b779 and it skips previously cracked WPA as expected.  Thanks much everyone.

Well shoot - I think I spoke too soon.  Behavior is a bit erratic.  Sometimes it skips cracking and detects it in the pot file  - other times it writes what appears to be the same line / result multiple times.

It seems like it works as expected when the potfile is a single line.  I.e. delete potfile, crack a WPA, crack again (skipped).

When I have multiple entries in the potfile - it reverts to the behavior of re-cracking, and writing the line again.
#8
I'm not able to reproduce this new problem, regardless of what I try (potfile full of hashes, crap etc).

Seems that we now really need a github issue with full steps and examples that guide us to reproduce this behaviour. Please go here: https://github.com/hashcat/hashcat/issues and post all the info that are needed to reproduce this.

Thanks
#9
Just opened new issue.  File attached shows actual command sequence being ran as well (sanitized).

https://github.com/hashcat/hashcat/issues/424