Trying to get formatting right
#1
So I am trying to crack a password and here's what I know: 

Password hash: SHA-1 f29xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxedad
Password salt: 506xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe456 (hex bytes, prepended to password)
Password encoding: UTF-16LE

What will be the correct formatting of the "hash" in hashcat?


More info about the hash http://www.jrsoftware.org/ishelp/index.p...encryption
#2
Posting non-example unredacted hashes is against the forum rules. I've redacted your post.

It looks like this mode may match:

Code:
   140 | sha1($salt.utf16le($pass))                       | Raw Hash, Salted and/or Iterated

The expected format would be "[hash]" + ":" + "[salt]", with the --hex-salt parameter.
~
#3
see https://github.com/hashcat/hashcat/issues/85 for innosetup you need to use --hex-salt (according to that old trac ticket conversation).
#4
(01-20-2019, 09:52 PM)philsmd Wrote: see  https://github.com/hashcat/hashcat/issues/85 for innosetup you need to use --hex-salt (according to that old trac ticket conversation).


So the algo is -m 120 instead of -m 140?

Also the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?

One more thing I do not get is how Inno Setup protects the actual encryption key, the way I understand it is that Inno setup hashes the entered key and compares it to the hash it has, then if it gets matched it just decrypts files using a completely different key (which is a sha1 of salt+pass). Am I wrong?

Edit: Actually now that I think about it, decryption key might be getting made (sha1($salt.utf16le($pass))) after the pass has been verified, pretty clever though I am still not sure.
#5
(01-20-2019, 10:45 PM)Randomdude Wrote: the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?

no
#6
(01-20-2019, 11:24 PM)undeath Wrote:
(01-20-2019, 10:45 PM)Randomdude Wrote: the pass is 12 characters long and uses numbers + upper/lower case letters, is it even feasible to crack this?

no

Yeah I guess you are right, but why was magnumripper so optimistic here https://github.com/magnumripper/JohnTheR...ssues/1042 ?
#7
SHA1 is fast, but twelve characters are still too many.