Bcrypt Blowfish Unix Hash
#1
I am tying to decrypt a Hash which is bcrypt blowfish (Unix). The hash is like this  $2a$04$xxxxxxxxxx.
I already know the hash is a 6 digit numerical code.
As I know its going to be a 6-digit numerical code so I used a brute force with mask and it tried all the possible combinations in aorund 10 minutes and the hash could not be cracked. 
Here is the command line I am using: 
./hashcat -m 3200 -a 3 -1 ?d hash ?1?1?1?1?1?1

Note: I am using it on Mac OS and I tried another md5 hash which was also a 6-digit numerical code and was cracked with the same attack in less than a second

Now the question is why I am unable to crack the bcrypt hash with brute force mask attack? Am I missing something? Or I need to use some other way?
Reply
#2
This all looks like you're doing it right (may want to post commandline just in case, with hash masked if you're using it on the command line).
~
Reply
#3
Thanks royce, I think everything working good but wondering why its impossible to crack a 6-digit numerical code? Here what I get:
I used this command:
./hashcat -m 3200 -a 3 -1 ?d /Users/gumshoe/Documents/Hash.lst ?1?1?1?1?1?1

I got this:

hashcat (v4.1.0) starting...

OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i5-5350U CPU @ 1.80GHz, skipped.
* Device #2: Intel(R) Iris(TM) Graphics 6100, 384/1536 MB allocatable, 48MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 72

Watchdog: Temperature abort trigger disabled.

* Device #2: Skipping unstable hash-mode 3200 for this device.
You can use --force to override, but do not report related errors.
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: bcrypt $2*$, Blowfish (Unix)
Hash.Target......: $2a$04$37xD.RGtAtsQBEuvE.8gv.XQwqH4Of1gNkNg/BWuoysn...oLpu6C
Time.Started.....: Tue Feb 27 10:53:05 2018 (0 secs)
Time.Estimated...: Tue Feb 27 10:53:05 2018 (0 secs)
Guess.Mask.......: ?1?1?1?1?1?1 [6]
Guess.Charset....: -1 ?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/1000000 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/100000 (0.00%)

Started: Tue Feb 27 10:53:04 2018
Stopped: Tue Feb 27 10:53:06 2018


Then I used --force command for device 2

./hashcat -m 3200 --force -a 3 -1 ?d /Users/gumshoe/Documents/Hash.lst ?1?1?1?1?1?1

It worked and got this:

hashcat (v4.1.0) starting...

OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i5-5350U CPU @ 1.80GHz, skipped.
* Device #2: Intel(R) Iris(TM) Graphics 6100, 384/1536 MB allocatable, 48MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 72

Watchdog: Temperature abort trigger disabled.

[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => s

Session..........: hashcat
Status...........: Running
Hash.Type........: bcrypt $2*$, Blowfish (Unix)
Hash.Target......: $2a$04$37xD.RGtAtsQBEuvE.8gv.XQwqH4Of1gNkNg/BWuoysn...oLpu6C
Time.Started.....: Tue Feb 27 10:55:20 2018 (23 secs)
Time.Estimated...: Tue Feb 27 11:04:43 2018 (9 mins, 0 secs)
Guess.Mask.......: ?1?1?1?1?1?1 [6]
Guess.Charset....: -1 ?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#2.....: 1772 H/s (12.39ms) @ Accel:1 Loops:1 Thr:8 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 42240/1000000 (4.22%)
Rejected.........: 0/42240 (0.00%)
Restore.Point....: 4224/100000 (4.22%)
Candidates.#2....: 102090 -> 130488


Finally it completed the attack in 10 minutes but nothing recovered. How strange?
Reply
#4
is anything unclear about this warning?
Code:
* Device #2: Skipping unstable hash-mode 3200 for this device.
You can use --force to override, but do not report related errors.
Reply
#5
I think you did not see the complete message, In the 2nd one I used force and attack worked, But my question is still unable to decrypt.
Reply
#6
ok, I'll translate the message for you:
Quote:hash mode 3200 is known to be broken on this device. I'm refusing to run it. If you still want to run this hash mode on your broken device you can do so by using --force but do not expect this to work at all or do what you think or want it does and do not whine about it.
Reply