Formatting a salted SHA 512 hash

[chode]

Hey all. I have a salted SHA512 hash which I have extracted from OSX with davegrohl. The password is "0pen2014".

Can anyone point me in the direction or help me understand how to format this hash for hashcat? I cant seem to get the SHA-512($pass.$salt) format to work. I've dumped the full output data below.

Thanks for any help...

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff} span.s1 {font-variant-ligatures: no-common-ligatures}
  appleLabel = SRP-RFC5054-4096-SHA512-PBKDF2
    Hash = 512 <09e480773bc84732e53712a106edb45aac718e166d8a7662d07ac766be00ebfd91e01ed958bba9c34e6edbf81275b6a4c5b5296f0a9b2ad7ae07534717bfe3050a013830305d6f63fd6499d2e5993d7e0ed28fd1529fdea003824221be9c8e56a0588ddfaec8ef4a5c0451420d70bc6a42c7a744a18e8f64c495aaa1284849cfc2b5cde95415d4b8f53df2161dcf900e0eb134335b92657aa2eea6e7b4058fa5cc14978a4e31ed91a54ece9154991a91967960cc9ae207f7658181f9b0a1100c7048ffc0fb67e5ab04f5fec0852b1ea21f130d31d6c897f23f16ea1daa345fa440b3909821cd0f3a52b814606935269ad6e77863744a1439fea986a229d6b9a3d3c6f91d219087c4254029a2d84b5cb891cb44045b0670393aebaf4af32f614f4384863f8426a6b82070d1491a24218dcdaf36d7cd9d1cbe3673119f0b8ac6ac63be13c5a05a87e23313763259cea6c4afc370c0ef687d1027281de65e3351ba6396259575ea9090824b860a8590d2bd5f463b61d4350e8cdeeffbf9753585f80733b29d46a90dbe0c496bd2db27a7d40933662f9fd09609e7cf0f83fa2887d31a6f936508665aaa3d1c0c6a342a2e3558bfcc19f558bcd1882bf7600f1a7828044d0313b664788981c215488353f3fcb2c13794368b4343834bb9d1901673f61edf0092ba3b31c69307a4b0961d8c9f51f73c71100dbf6fe8a45501bd30428f>
    Salt = 32 <4bf2fa78ef1eacbd66b2e11430d44998b6697fd1f4555e21b67757f31c0093ab>
    Rounds = 52356
    Type = 7
  cryptHash = <>
  cryptSalt = <>
  appleLabel = SALTED-SHA512-PBKDF2
    Hash = 128 <d124478807d58a79a3f52e66fd0f1e260ce8d5c56c6e1f13e858c1316901211611a483b8f2742a0988e86b5a1b30cd2a689d0fe5fe30a4a1d8cb4ddfc4755df2c13fc495955582640c57c4df133dc3164f6b305facf782870ebdc249267d908e4e92ca6f8ff09f3b7653fe1fbd8f76037c1023ff0e33f462bdbcc12dd3ab1f83>
    Salt = 32 <47f4604fcd8bff140bb02aa1d7824e5a392c667e0e796bfaeaf3558ca9111ce3>
    Rounds = 51813
    Type = 0
  cryptHash = <>
  cryptSalt = <>

[philsmd]

it's hash mode -m 7100 | OSX v10.8, OSX v10.9, OSX v10.10 | Operating-Systems

also see https://hashcat.net/wiki/example_hashes for example hashes (search for OS X v10.8 / v10.9)

[chode]

Thanks. My salt and hash is more bytes that the example. I've tried formatting the above data but hashcat still wont recognize the hash. I've formatted the hash as:

$ml$47f4604fcd8bff140bb02aa1d7824e5a392c667e0e796bfaeaf3558ca9111ce3$d124478807d58a79a3f52e66fd0f1e260ce8d5c56c6e1f13e858c1316901211611a483b8f2742a0988e86b5a1b30cd2a689d0fe5fe30a4a1d8cb4ddfc4755df2c13fc495955582640c57c4df133dc3164f6b305facf782870ebdc249267d908e4e92ca6f8ff09f3b7653fe1fbd8f76037c1023ff0e33f462bdbcc12dd3ab1f83

[chode]

I'm assuming I need to decode the dumped string to extract the actual hash for hashcat. I know a SHA512 hash should be 64 bytes long (or 128 ASCI characters), plus the 8 byte (16 character) salt.

I'm just not sure what (or how) I decode the dumped string to format for hashcat.

Thanks

[philsmd]

You can "truncate"/cut the hash itself @ the same length used by the example hash

[chode]

Ah really!? In that case I assume I format as " $ml$ rounds? $ 64 character salt $ 128 character hash "

I'll just delete the last "extra" 64 bytes of the hash. Would that mean this is my hash?:

$ml$51813$

47f4604fcd
8bff140bb0
2aa1d7824e
5a392c667e
0e796bfaea
f3558ca911
1ce3$

d124478807
d58a79a3f5
2e66fd0f1e
260ce8d5c5
6c6e1f13e8
58c1316901
211611a483
b8f2742a09
88e86b5a1b
30cd2a689d
0fe5fe30a4
a1d8cb4ddf
c4755df2

Obviously it would all be put into one plain text line. Thanks