Old Office and KDF

I am trying to crack an old-office hash following the steps given at https://hashcat.net/forum/thread-3665-post-20935.html#pid20935 :

Thanks to mode 9710 I found : 'deebd8f416' as output.

Quote:Append 4 byte zeros to result
-> deebd8f41600000000
Quote:MD5 the 9 bytes
md5("deebd8f41600000000") = CF205B696DC9CB05FB008C2B90BFD2AC

Then I'm lost :
Quote:Use 16 byte result as 128 bit RC4 Key
Decrypt encryptedVerifier with RC4 to decryptedVerifier
Decrypt encryptedVerifierHash with RC4 to decryptedVerifierHash
MD5 the decrypted encryptedVerifier
Compare 16 byte result with decrypted encryptedVerifierHash

Could you please provide deeper explanation ?
what exact information are you looking for/what is unclear?
I don't know what to do with the last MD5 I've computed.
Are you unclear about how to do RC4 decryption, don't you know what encryptedVerifier is, don't you know what encryptedVerifierHash is, or something else?
All. I don't see where hashcat can help me to do these steps, so I guess I need to code in python or C++ to deal with RC4 decryption and encryptedVerifier?
If yes, are you aware of an existing code that does it?
You need to use 9720 if you collided with 9710 to get the password. Or you just use 9700. Using collider makes sense only if you want to find as many collisions as possible.
Hum, I'm confused as philsmd wrote:

(09-12-2017, 05:00 PM)philsmd Wrote: If you read this carefully https://hashcat.net/forum/thread-3665.html, you will see that you only need -m 9710 to access the data.
Have a look at the list of steps under the "KDF" section https://hashcat.net/forum/thread-3665-po...l#pid20935.
9710 is used to get the 5 bytes which are the main source of the overall encryption key of the document. Just look at step 6-9. You only have to append 4 bytes zero, MD5 the result and use the 16 bytes as the 128 bit encryption key to decrypt the document.

atom already explained in the post that you do not need to use -m 9720 (and therefore steps 1-5) just to decrypt the data

So.. Do I need 9720 or not ? I just want to access the data, I don't matter having the original password.

Just use -m 9700 then and crack as normal
(01-24-2018, 11:02 AM)atom Wrote: Just use -m 9700 then and crack as normal

Do you mean bruteforce or wordlist attack ? But if the password is more than 30 characters I won't be able to recover it.
Just use ?a?a?a?a?a?a?a?a?a it will crack one pretty soon. This might not be the correct one, but it will be good enough to open the document.