Mask Attack with a "blank" value?
#21
Hi all, we've got some experiments to run from the fine folks at Ethereum.org from this thread, and they've suggested to try the following:

Have you tried adding control characters to the dictionary, on the password boundaries? Examples include:

Carriage return (CR) \015
Line feed (LF) \012
UTF-8 Byte order mark (UTF-8 BOM) U+FEFF at the beginning

So how would I run this on my password mask?

U+FEFF04578!@$\015\012,?1?1?1?1?1?1Password

Like this?
#22
In general you do this mangling (like appending/prepending characters etc) with rule based attacks (with -a 0 and -r my.rule for instance), i.e. you run a wordlist and add those special characters and do other manipulations for instance also by using multi-rule feature (https://hashcat.net/wiki/doku.php?id=rul...ulti-rules).

Of course you could also add constant/fixed characters with -a 3 directly (but if you have a lot of constant pieces within your mask, especially at the beginning, the speed might suffer a lot, especially for fast hash types).

There is only one problem that is a little bit tricky here, but was also discussed a lot on this forum... i.e. what to do if you want to add new lines (let's talk about both line feeds and carriage returns) to your rule file or dictionary file.
Of course the new line also is used as a separator by hashcat to separate lines (e.g. to separate passwords in dictionary files and to separate rules in rule files, respectively)...

The solution is just to use --hex-charset for the charset definitions (e.g. for --custom-charset1 or -1, or also the charsets defined within the hcmask file, https://hashcat.net/wiki/doku.php?id=mas...mask_files) on the one hand... and a combination of prepend+ascii increase+rotate rules (the rotate is only needed if you want to append it) for rule based attacks.

These ideas were already discussed a lot on this forum, so here are just some hints:
Code:
U+FEFF04578!@$\015\012,?1?1?1?1?1?1Password
The first part (up to the comma) would be interpreted by hashcat as a --custom-charset of U+FE04578!@$12 (note that all duplicated characters are used only once, i.e. they are kind of de-duplicated internally).
Therefore, no this is not the correct approach... each character will be interpreted literally.

You could use the --hex-charset feature to add special characters that you can't type (or are special, like the newline).

Let's assume that efbbbf is the hex-representation of the BOM-mark and that we want to prepend this to the password and append the line feed (\n) or both carriage return and line feed (\r\n).
Your mask file would look something like this:
Code:
3034353738214024,efbbbf?1?1?1?1?1?150617373776f72640a
3034353738214024,efbbbf?1?1?1?1?1?150617373776f72640d0a
note that 50617373776f7264 is the hexadecimal equivalent of "Password" (without quotes) and 30, 34, 35, 37, 38, 21, 40, 24 are just the hexadecimal equivalent characters for 0, 4, 5, 7, 8, !, @ and $, respectively.

Therefore the only tricky part is to convert everything to hex (yeah, if you use --hex-charset you must use everything except the built-in and custom defined character variables, e.g. ?a, ?b, ?d, ?1, ?3 etc, to hex) and understand where you want to add what and how many custom charsets you need to define.
In theory there exist several variants of the above that could lead to the same result, e.g. you could store the 0d and 0a into new custom charset etc... but it is kind of useless if they are fixed anyways.


.... so now let's look at how to do the append/prepend thing with rules. The rule file "my.rule" should look something like this (you need to adjust it to your needs).
ATTENTION: within this section I just show how the characters would look like, you still need to insert the actual character into the file by replacing the <xy> with the actual characters:

^<bf> ^<bb> ^<ef> ^<09> +0 {

(Note: this just prepends the 3 BOM bytes, in reverse order !!!, and appends the line feed... This is just an example of a more "complicated" rule)

Again (just to make it very clear) you need to replace the characters with the actual chars.
Within the pseudo-rules above <ef> is the character with hex code ef... you need to replace it.... <09> for instance is just the horizontal line. If we increase 09 by 1 we obtain 0a which is the line feed that we want.

In linux you would create the above rule file with something like this:
Code:
echo 5ebf205ebb205eef205e09202b30207b | xxd -p -r > my.rule

Let me explain this a little bit:
We can split this up like this:
5ebf: prepend (^) the hex char bf
20 (optional space between rules)
5ebb: prepend (^) the hex char bb
20 (optional space between rules)
5eef: prepend (^) the hex char ef
20 (optional space between rules)
5e09: prepend (^) the hex char 09 (horizontal tab)
20 (optional space between rules)
2b30: ascii increment (+) at position 0 (decimal 0), i.e. rule +0
20 (optional space between rules)
7b: rotate left ({) to make sure that the line feed is at the end and not at the start

of course if you use a good text editor (or hex editor) you do not need to worry too much about the hexadecimal numbers etc.... it's just an (admittetly more tricky/advanced) example to deal with special characters etc.

Of course you can test all of your examples with the amazing --stdout feature of hashcat. E.g.

Code:
hashcat -a 3 --stdout my.hcmask
or for rules:
Code:
hashcat -a 0 --stdout -r my.rule dict.txt
#23
Again, thank you so much for your shared wisdom.

3034353738214024,efbbbf?1?1?1?1?1?150617373776f72640a

This was exactly what I was looking for, and simply added

--hex-charset

To my startup script. It's running now, and the output is as I expected. Very cool. Thank you so much.
#24
I thought I'd share my Mask here, might help someone. @Philsmd -- Does this look correct? What are your thoughts to running this more efficiently?

EFBBBF,0A1213,3031323334353637383921402324255e262a,?150617373776f7264
EFBBBF,0A1213,3031323334353637383921402324255e262a,?150617373776f7264?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?150617373776f7264?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?150617373776f7264?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?150617373776f7264?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?150617373776f7264?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?150617373776f7264?3?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?150617373776f7264?3?3?3?3?3?3?2

EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?350617373776f7264
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?350617373776f7264?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?350617373776f7264?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?350617373776f7264?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?350617373776f7264?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?350617373776f7264?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?350617373776f7264?3?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?350617373776f7264?3?3?3?3?3?3?2

EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?350617373776f7264
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?350617373776f7264?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?350617373776f7264?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?350617373776f7264?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?350617373776f7264?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?350617373776f7264?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?350617373776f7264?3?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?350617373776f7264?3?3?3?3?3?3?2

EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?350617373776f7264
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?350617373776f7264?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?350617373776f7264?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?350617373776f7264?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?350617373776f7264?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?350617373776f7264?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?350617373776f7264?3?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?350617373776f7264?3?3?3?3?3?3?2

EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?350617373776f7264
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?350617373776f7264?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?350617373776f7264?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?350617373776f7264?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?350617373776f7264?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?350617373776f7264?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?350617373776f7264?3?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?350617373776f7264?3?3?3?3?3?3?2

EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?350617373776f7264
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?350617373776f7264?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?350617373776f7264?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?350617373776f7264?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?350617373776f7264?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?350617373776f7264?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?350617373776f7264?3?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?350617373776f7264?3?3?3?3?3?3?2

EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?3?350617373776f7264
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?3?350617373776f7264?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?3?350617373776f7264?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?3?350617373776f7264?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?3?350617373776f7264?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?3?350617373776f7264?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?3?350617373776f7264?3?3?3?3?3?2
EFBBBF,0A1213,3031323334353637383921402324255e262a,?1?3?3?3?3?3?350617373776f7264?3?3?3?3?3?3?2
#25
It doesn't look too bad.
but there are at least 2 things that I don't understand:
1. why do you define --custom-charset1 with EFBBBF and only use it at 1 position (this means that hashcat will test ef, after that failed it will test bb, after that failed it will test bf). This is probably not what you want to do... you need to use all 3 bytes one after the other (in the correct order), as a fixed/constant string (like my example did).

2. I have no clue why you define --custom-charset2 with 0A1213 ... hex 12 (decimal 18) and hex 13 (decimal 19) make no really sense to me, they are some very special characters that are very, very seldom used... not sure if this is just a mistake converting them from decimal to hex etc. But I would at least double-check that ASCII character 18 and 19 are really the one that you want to test
#26
Thanks for your guidance, lots to learn here. I'll re-asses what I'm doing and fix it up.

I'll paste my entire rule book here, I'm using this Mask because need to prepend and append, ran in to some snags doing this with rules.

It's basic but it's working. I'll post again later tonight.
#27
Hrmm I'm still a bit confused. Is the BOM-mark actually all three together?

BOM-mark = 

Googling... looks to be the case. Okay cool. I now understand that the configuration looks like this in reality:

MySuperSecretPassword123123123s

https://en.wikipedia.org/wiki/Byte_order_mark for reference, you can see here in their table that this is correct
#28
I think I understand what you're saying now. 

How does this script look now?

Code:
#####################################################################
# Custom Attack Mask for (presale) Ethereum Wallets
# -------------------
# By AndrewNormore@Gmail.com and philsmd @ Hashcat.net
# -------------------
# ?1 = 101213 = Carriage Return, Line Feed, etc
# ?2 = 203031323334353637383921402324255e262a = 0123456789!@#$%^&* and a space!
# EFBBBF = This really weird combo of hex characters called UTF-8 Byte order mark (UTF-8 BOM) 
# 457468657265756d = the word "Ethereum" in Hex -- replace this with your password in hex
# ------
# Cool Tools:
# Text to Hex converter (for your password): https://www.browserling.com/tools/text-to-hex
# Hex to text converter (to verify your hex output is making sense!) https://codebeautify.org/hex-string-converter
#####################################################################

#####################################################################
# NO PREPEND
#####################################################################

# One Line Returns
101213,203031323334353637383921402324255e262a,457468657265756d
101213,203031323334353637383921402324255e262a,457468657265756d?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?2?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?2?2?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?2?2?2?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?2?2?2?2?1

# Two Line Returns
101213,203031323334353637383921402324255e262a,457468657265756d?1
101213,203031323334353637383921402324255e262a,457468657265756d?1?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?1?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?1?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?2?1?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,457468657265756d?2?2?2?2?2?2?1?1

# One Line Returns + BOM
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?2?2?2?2?1

# Two Line Returns + BOM
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?1?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?2?2?2?2?2?2?1?1

#####################################################################
# 1 PREPEND
#####################################################################

101213,203031323334353637383921402324255e262a,?2457468657265756d
101213,203031323334353637383921402324255e262a,?2457468657265756d?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?2?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?2?2?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?2?2?2?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?2?2?2?2?1

101213,203031323334353637383921402324255e262a,?2457468657265756d?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?1?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?1?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?1?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?2?1?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?2?2?2?2?2?2?1?1

101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?2?2?2?2?1

101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?2?2?2?2?2?2?1?1

#####################################################################
# 2 PREPEND
#####################################################################

101213,203031323334353637383921402324255e262a,?2?2457468657265756d
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?2?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?2?2?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?2?2?2?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?2?2?2?2?1

101213,203031323334353637383921402324255e262a,?2?2457468657265756d?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?1?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?1?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?1?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?2?1?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?2?2?2?2?2?2?1?1

101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?2?2?2?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?2?2?2?2?1

101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?2?2?2?1?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?2?2?2?2?2?2?1?1
#29
It doesn't look correct to me.
As I already wrote above, the hex 12 (which is decimal 18) and hex 13 (which is decimal 19) do not look correct.
You even write:
Code:
?1 = 101213 = Carriage Return, Line Feed, etc
this is not true.

As I already wrote, carriage return would be 0d (decimal 13 ! , but not hex 0x13 !) and line feed would be 0a (decimal 10, but not hex 0x10 or something like this). Hexadecimals must be hexadecimal, you can't use decimal numbers instead.


btw. there are also a *couple* of other problems, like all these duplicates:
search for
101213,203031323334353637383921402324255e262a,457468657265756d?1
which is present multiple times within your hcmask file. The same is true for these lines:
Code:
101213,203031323334353637383921402324255e262a,?2?2457468657265756d?1
101213,203031323334353637383921402324255e262a,?2457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF?2?2457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF?2457468657265756d?1
101213,203031323334353637383921402324255e262a,EFBBBF457468657265756d?1

all of these lines are present multiple times within the hashcat mask file. This makes absolutely no sense to me (you would redo the same mask/attack multiple times)
#30
Ahh okay, I will take another look at it again. Thanks for your help this is a lot to learn Smile

And the reason I'm putting those masks in are to try so solve:

_password
__password
password_
password__
_password_
_password__
__password
__password_
__password__

This is just with the regular characters. But now I have to try the line carriages, and that BOM character stuff. To cast a wide net I'm trying it all.

But of course now I understand I'm not using the return characters right. I'll repost this afternoon. What a journey Smile