Axcrypt support

[Nubbin]

Hello,

I'm trying to attack a list of axcrypt hashes, but I've run into a problem. I used axcrypt2john to dump the hashes, but from what I can tell, hashcat only supports axcrypt hashes from files encrypted only with a password. It does not appear to support files encrypted with a password and a keyfile. Axcrypt2john does dump the correct hash, with the appropriate hex value of the keyfile appended to the hash, but I get a salt-length error with hashcat.

I have used JtR successfully with keyfile hashes, but as far as I know there is no GPU support for axcrypt hashes with JtR. I'm also running into OpenCL errors, but that'll be a problem with my setup/unfamiliarity with JtR, I'm sure...

Am I missing something, or am I out of luck and have to use JtR?

Thanks!

[undeath]

if the example hash does not have keyfile data it's quite likely that this feature is not supported by hashcat.

[Nubbin]

That was my thinking too, thanks...

I'm not familiar at all with the requirements for adding that support - given that it is already supported by JtR, and partially by hashcat, how realistic would it be to add in keyfile support to hashcat?

I'm going to look into the feasibility of a custom word list, but it'd be a huge help to be able to make use of my GPUs.

[atom]

Fist0urs (the guy who added Axcrypt support to hashcat) said he'll add Axcrypt keyfile support to hashcat after he saw this post. Depends on his free time I guess.

[Nubbin]

That would be fantastic, I'd really appreciate that!

[laulaf]

Hello
    I'm french, I encrypt photos that I really like with Axcrypt 1.7, I lost the password AND I KNOW VERY LITTLE OF THING IN COMPUTING !!!
    I have been looking for a long time on internet to find out how to find this password, but when you are a beginner it is very difficult and I ended up falling on your discussion.
    I understand that there are programs like Hashcat, John the ripper, Python, axcryptjohn.py, hash, brute force, command lines etc, but HOW TO DO.

    Someone would have time and courage to explain myself, I really need it.

Thank you, thank you in advance

[laulaf]

Hello

I continued my research ...

I downloaded Axcrypt2john here: https://github.com/magnumripper/JohnTheR...pt2john.py

The program looks like this:

#! / usr / bin / python

# Analyseur de fichiers cryptés AxCrypt 1.x pour JtR
# 2016 par Fist0urs <eddy.maaalou at gmail.com>.

# Ce logiciel est Copyright (c) 2016, Fist0urs <eddy.maaalou at gmail.com>,
# et il est par la présente mis à la disposition du public en vertu des termes suivants:
# Redistribution et utilisation sous forme source et binaire, avec ou sans modification,
# sont autorisés.

import sys, struct

Le fichier # commence par un en-tête constant de 16 octets
GUID = '\ xc0 \ xb9 \ x07 \ x2e \ x4f \ x93 \ xf1 \ x46 \ xa0 \ x15 \ x79 \ x2c \ xa1 \ xd9 \ xe8 \ x21'
OFFSET_TYPE = 4
SIZE_KEYDATA = 24 # taille de la constante dans keywrap (0xA6 * 8) + taille de DEK (16)
SIZE_SALT = 16
SIZE_ITERATION = 4

StructKeys = []

def usage ():
print >> sys.stderr, 'utilisation:% s <axxfile> [fichier-clé] \ n'% sys.argv [0]
print >> sys.stderr, 'Script pour extraire le hachage du fichier crypté AxCrypt ou du binaire auto-décryptant \ n'
print >> sys.stderr, 'arguments optionnels: \ n chemin KEY-FILE vers le fichier clé facultatif fourni'
sys.exit (1)

def DWORD_to_int (string_dword):
string_dword_reversed = string_dword [:: - 1]
return int ('0x' + str (string_dword_reversed.encode ('hex')), 16)

def parse_PE (axxdata):
i = 0
while (axxdata [i: i + 16]! = GUID):
i + = 1
retour axxdata [i:]

def parse_axxfile (axxfile):
stream = ouvert (axxfile, 'rb')
axxdata = stream.read ()
stream.close ()

# si l'en-tête est 'MZ'
si axxdata [: 2] == '\ x4D \ x5a':
offset_PE_magic = struct.unpack ('<L', axxdata [60:64]) [0]
# si "PE" suppose que PE
si axxdata [offset_PE_magic: offset_PE_magic + 2] == '\ x50 \ x45':
axxdata = parse_PE (axxdata)

sizeof_file = len (axxdata)

if (axxdata [: 16]! = GUID):
print "Attention, GUID est différent de celui d'axcrypt ..."

header_datalen_offset = 16
headertype = '\ x02' # premier type rencontré

# headertype de la section dataencrypted est 0x3f
while (type d'en-tête! = 63):
header_datalen = ord (axxdata [header_datalen_offset])
headertype = ord (axxdata [header_datalen_offset + OFFSET_TYPE])

# probablement une clé StructKey
if (header_datalen == 49 et headertype == 04):
offset_to_keydata = header_datalen_offset + OFFSET_TYPE + 1
offset_to_salt = offset_to_keydata + SIZE_KEYDATA
offset_to_iteration = offset_to_salt + SIZE_SALT

dword_str = axxdata [offset_to_iteration: offset_to_iteration + SIZE_ITERATION]

StructKeys.append ({'KeyData': axxdata [offset_to_keydata: offset_to_salt]
, 'Salt': axxdata [offset_to_salt: offset_to_iteration]
, 'Itération': DWORD_to_int (dword_str)})

header_datalen_offset + = header_datalen

if (header_datalen_offset> = sizeof_file):
print "Impossible d'analyser le fichier, de quitter"
sys.exit (0)
return StructKeys [0] ['KeyData'], StructKeys [0] ['Salt'], StructKeys [0] ['Iteration']

si __name __ == "__ main__":
if (len (sys.argv)! = 2 et len (sys.argv)! = 3):
usage()

# A_DEK == wrappedKey
wrappedKey, Salt, nb_iteration = parse_axxfile (sys.argv [1])

version = 1

keyfile_content = ''
key_file_name = ''
# Bande muette sur le chemin relatif
axxfile = sys.argv [1] [sys.argv [1] .rfind ("/") + 1:]

if (len (sys.argv) == 3):
keyfile = ouvert (sys.argv [2], 'r')
keyfile_content = '*' + keyfile.read (). encoder ("hex")
key_file_name = '*' + sys.argv [2] [sys.argv [2] .rfind ("/") + 1:]
keyfile.close ()

print axxfile + nom_fichier_clé + ": $ axcrypt $" + "*" + str (version) + "*" + str (nb_iteration) + "*" + Salt.encode ("hex") + "*" + wrappedKey.encode ("hex") + keyfile_content




I downloaded Python 2.7

In the command line, I typed this:

C: \ Python27> python axcrypt2john.py R485hgtd-jpg.axx        (>it's my encrypted photo name)

But I get an error that is:
File "axcrypt2john.py", line 13
     The # file starts with a constant header of 16 bytes

I don't know what to do, does anyone have an idea?

Thank you

[undeath]

You can't run program code through an online translator…

[laulaf]

Ok, ok, fine, so, if axcrypt2john.py has no error and if we do not use python what should we use?

[undeath]

use python but download the python script straight from github