Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
#1
I have a salted SHA1 hash that contains the the solution to a geocaching puzzle and the puzzle author intended that a brute-force method be used in solving it. :
8882caa3b88a5a16fad6287e26d8a8f9454ad643

I know that the salt is "PEPPER" and that the plain-text will have the form "N51 03.### W114 07.###", where # = 0...9

My computer is a 3.4 GHz Intel Core i& iMac with 16 GB or 1333MHz DDR3 memory. I have Windows XP installed under Parallels, so I am able to run hashcat as a Windows program.

I'm absolutely new to hashcat, so I could really use some step-by-step help to set it up to solve for the "#"s in the noted plain-text.
#2
Hey Geocacher,

much thanks for asking us for support in this challange Smile

There are many ways to solve this problem, but the one I prefer when it comes to single hashes and partially known plaintext is using oclHashcat-lite:

Quote:oclHashcat-lite64 -m 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"

You do not have access to a GPGPU enabled card in your iMac, but you can use CPU based hashcat:

1. open notepad, place the hash 8882caa3b88a5a16fad6287e26d8a8f9454ad643 on the first line and save it as "hash.txt"

2. open cmd windows and type:

Quote:mp64 "PEPPERN51 03.?d?d?d W114 07.?d?d?d" -o wordlist.txt
hashcat-cli64 -m 100 hash.txt wordlist.txt

The tool "mp64.bin" is the maskprocessor, one of the tools of the hashcat suite. See here for download link: http://hashcat.net/wiki/maskprocessor

I have it cracked. I just dont want to post it here and destroy the challange this way. If you need the result PM me.
#3
OclHashCat is a study for itsself.

Intrigueing by this challenge, I follow you both to see how it works. I use oclHashcat-plus-0.06 there is no oclHashcat-lite64.bin in there so I think I can use oclHashcat-plus64.bin with the right hash type. That should work.

I could not resolve with the command line
oclHashcat-plus64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d". My system keeps saying Exhaulted!

So oclHashcat-lite64.bin is very different from oclHashcat-plus64.bin

It must work somehow, so I test GUI, with the information provided, it works if in the mask I don't use the " ", but in this case the generated command would be displayed as
oclHashcat-lite64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 PEPPERN51 03.?d?d?d W114 07.?d?d?d

Go to terminal test that command then it solves the problem only when using
oclHashcat-lite64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"

I think I understand the logic, why there are differences. But in OCHL to be on the side of Exhaulted or Cracked it really requires a bit to study\experiment.

But is does work. Yes, and very quick.
#4
if you read the documentation/wiki/help you had realized -plus does not support masks (and only passwords up to 15 chars).

The need of double quotes around the string if spaces are used is not hashcat-specific but is the way the windows cmd (and unix shells as well) work.
#5
Thanks for such a quick reply.
I have to go out this morning, but will give it a try this afternoon.
Once I've got it or run into a brick wall, I'll post a note in the forum.

hashcat sounds like the perfect program for this type of puzzle.
I'm surprised that nobody has ever mentioned in in geocaching circles.
I can see the potential for my own puzzles using some of its other features.

(11-20-2011, 11:15 AM)atom Wrote: Hey Geocacher,

much thanks for asking us for support in this challange Smile

There are many ways to solve this problem, but the one I prefer when it comes to single hashes and partially known plaintext is using oclHashcat-lite:

Quote:oclHashcat-lite64 -m 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"

You do not have access to a GPGPU enabled card in your iMac, but you can use CPU based hashcat:

1. open notepad, place the hash 8882caa3b88a5a16fad6287e26d8a8f9454ad643 on the first line and save it as "hash.txt"

2. open cmd windows and type:

Quote:mp64 "PEPPERN51 03.?d?d?d W114 07.?d?d?d" -o wordlist.txt
hashcat-cli64 -m 100 hash.txt wordlist.txt

The tool "mp64.bin" is the maskprocessor, one of the tools of the hashcat suite. See here for download link: http://hashcat.net/wiki/maskprocessor

I have it cracked. I just dont want to post it here and destroy the challange this way. If you need the result PM me.

#6
this is interesting. i was able to crack it using atom's command syntax but wasn't able to with this command:

oclHashcat-lite64 -m 101 8882caa3b88a5a16fad6287e26d8a8f9454ad643TongueEPPER "51 03.?d?d?d W114 07.?d?d?d"

What's the difference between the two?
#7
you missed an "N" Wink
#8
Hey atom,

All I can say is, WOW!!!

I used the current revisions of the components from the site and followed your instructions to the letter.

Apparently; my iMac was very much up to the challenge.
It quite literally blinked and spit out a single solution.
I didn't even see the status screen before it was done. It was that quick.
(Hashcat 0.37 apparently initialized with 8 threads and a 32mb segment size.)

I've sent the solution off to the puzzle author for verification. It's too cold out today to trek out to the cache site, unless it's a valid solution (But I really think it is, since it plots out nicely on google maps).

Here is a link to the related geocache page for those who are interested in seeing why I was trying to crack the hash:
http://www.geocaching.com/seek/cache_det...2b54ff85ee

I'd like to express my sincere appreciation for your help and that of those on the forum.

This is a great example of using Hashcat to have some real fun and to let it "strut its' stuff". First rate program and a great "get your feet wet" tutorial.

This got me interested. I'm thinking of developing a puzzle of my own that uses one-way hashes.

Regards;
Geocacher