Posts: 3
Threads: 1
Joined: Jan 2019
01-20-2019, 07:48 PM
(This post was last modified: 01-20-2019, 08:54 PM by royce.)
So I am trying to crack a password and here's what I know:
Password hash: SHA-1 f29xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxedad
Password salt: 506xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe456 (hex bytes, prepended to password)
Password encoding: UTF-16LE
What will be the correct formatting of the "hash" in hashcat?
More info about the hash http://www.jrsoftware.org/ishelp/index.p...encryption
Posts: 930
Threads: 4
Joined: Jan 2015
01-20-2019, 08:53 PM
(This post was last modified: 01-20-2019, 09:01 PM by royce.)
Posting non-example unredacted hashes is against
the forum rules. I've redacted your post.
It looks like this mode may match:
Code:
140 | sha1($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
The expected format would be "[hash]" + ":" + "[salt]", with the --hex-salt parameter.
~
Posts: 2,267
Threads: 16
Joined: Feb 2013
see
https://github.com/hashcat/hashcat/issues/85 for innosetup you need to use --hex-salt (according to that old trac ticket conversation).
Posts: 3
Threads: 1
Joined: Jan 2019
01-20-2019, 10:45 PM
(This post was last modified: 01-21-2019, 12:22 AM by Randomdude.)
(01-20-2019, 09:52 PM)philsmd Wrote: see https://github.com/hashcat/hashcat/issues/85 for innosetup you need to use --hex-salt (according to that old trac ticket conversation).
So the algo is -m 120 instead of -m 140?
Also the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?
One more thing I do not get is how Inno Setup protects the actual encryption key, the way I understand it is that Inno setup hashes the entered key and compares it to the hash it has, then if it gets matched it just decrypts files using a completely different key (which is a sha1 of salt+pass). Am I wrong?
Edit: Actually now that I think about it, decryption key might be getting made (sha1($salt.utf16le($pass))) after the pass has been verified, pretty clever though I am still not sure.
Posts: 2,301
Threads: 11
Joined: Jul 2010
(01-20-2019, 10:45 PM)Randomdude Wrote: the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?
no
Posts: 3
Threads: 1
Joined: Jan 2019
(01-20-2019, 11:24 PM)undeath Wrote: (01-20-2019, 10:45 PM)Randomdude Wrote: the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?
no
Yeah I guess you are right, but why was magnumripper so optimistic here
https://github.com/magnumripper/JohnTheR...ssues/1042 ?
Posts: 2,301
Threads: 11
Joined: Jul 2010
SHA1 is fast, but twelve characters are still too many.
