Question regarding brute forcing hex charsets
#1
I came by this blog post (http://blog.bitcrack.net/2013/09/crackin...guage.html) regarding brute forcing passwords from other language character sets, e.g. Arabic as in the blog post. Just wanted to try it out on my computer to see how it went, but having some difficulties reproducing the example, so wondering if someone maybe can point out where the error is?

At first I tried just copying the commands as written in the blog post, but that didn't work (hashcat 4.1.0) , probably due to not specifying it's a hex-charset. Adding --hex-charset to the mix and I get a integer overflow on the mask used in the example. 

Using hex range 80-BF gives you 64 possibilities per char in pw + 4 possible base hex chars per char in pw, thus a total of 68^n possibilities where n is length of pw. 

E.g., n = 6, you should have to go through 68^6 ~= 100 billion (100*1e9) combinations. 

Using a GTX 1080 Ti (~11500 MH/s for SHA1), this shouldn't really take that long - but, it does (reduced number of chars in pw I want to try to 6 chars). Thus, I wonder what more needs to be altered in the example in order for this to work? I'm probably missing something simple, but just can't see what it is.

Command I've tried:

Code:
./hashcat64.bin -m 100 sha1list -a 3 -1 d8d9dadb -2 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf ?1?2?1?2?1?2?1?2?1?2?1?2 --hex-charset -O -o cracked.txt
#2
your calculation is wrong, -1 d8d9dadb -2 808182...etc...bebf in combination with ?1?2..etc does not mean 68^n possibilities because you can't just add ?1 and ?2, you are multiplying. For every char in ?1 you are doing all the chars in ?2.

so your command is actually 256^n possibilities. With 6 chars at ~11500 MH/s you will need about 7 hours.
#3
(05-09-2018, 09:46 AM)DanielG Wrote: your calculation is wrong, -1 d8d9dadb -2 808182...etc...bebf in combination with ?1?2..etc does not mean 68^n possibilities  because you can't just add ?1 and ?2, you are multiplying. For every char in ?1 you are doing all the chars in ?2.

so your command is actually 256^n possibilities. With 6 chars at ~11500 MH/s you will need about 7 hours.

Haha, you're absolutely right. Too early in the morning! Thanks for clearing it up.