Unable to load a 7z archive hash made with 7z2hashcat
#1
Hi All,

I have a large (2.3ishGB) .7z archive I'm trying to break back into after forgetting the password because it was made years ago. 

I know the passwords rough construction but can't quite remember where I substituted letters for numbers ect. so have been playing round with Hashcat to try and get back into it.

I've used the latest windows release of 7z2hashcat on the archive on my windows 10 64 machine using this command:

Code:
7z2hashcat64-1.3.exe e:\Things.7z > hash2.hash

and piped the output straight in to a file which I didn't mess with or open before trying to use hashcat on it.

I keep getting the error:

Code:
Hashfile 'e:\hash2.hash' on line 1 ($7z$1$...0ccb321b947a3e$199076$5d00000400): Token length exception

No hashes loaded.

The hash I get back is 28KB, Far longer than the example hash on the wiki when read on Notepad++.

I am using a mask file but have tried it with a bunch of ?a on the mask just to see if it fires off and it comes back with the same result. Below is the commands I have tried and got the same results:

Code:
hashcat64.exe -a 3 -m 11600 hash2.hash mask.hcmask

hashcat64.exe -a 3 -m 11600 hash2.hash ?a?a?a?a?a?a?a

I have used the example specified on the wiki and run it with the masks ?a?a?a?a?a?a?a and ?l?l?l?l?l?l?l and they kick off and crack on. 

I know the password I'm using is between about 22-26 characters and can remember what words I used, but cannot remember which letter I substituted for numbers. 

For example in the password Best could be Best, best, b3st or B3st and my mask is Bb,e3,s,t with ?s for where I know there are spaces - please correct me if I am wrong here I'm still learning Hashcat.

I've also used the same 7z2hashcat tool on an archive I made today with an easy 4 letter password and the received hash was 394KB and this returns the same error when I try and start it with the above commands

I am also using notepad++ for any editing of texts.

On a side note I have two machines available one with a GTX980 the other with a GTX660ti the example hash used on the 980 trolleys along at about 4.4K hashes a second but the 660ti says its down at 1 hash a second. Anyone got any idea why? 

I would have thought the 660ti while slow would have been a touch faster than that.

I'm happy to PM hashes and my mask to any suitable mod god who requests them to aid in diagnosis too. As it's not a mission critical file.
Reply
#2
with "only" 28KB you shouldn't reach the limits.

yeah, my guess is that hashcat doesn't accept one of the fields/values (there are a lot of them see the 7z2hashcat github page for the details).

You could either play with the value and see which are too large or long .... or PM me (or other mods/admins) the hash and we could/need to debug/troubleshoot it

Without the hash it's difficult to say
Reply
#3
(02-14-2019, 11:14 AM)philsmd Wrote: with "only" 28KB you shouldn't reach the limits.

yeah, my guess is that hashcat doesn't accept one of the fields/values (there are a lot of them see the 7z2hashcat github page for the details).

You could either play with the value and see which are too large or long .... or PM me (or other mods/admins) the hash and we could/need to debug/troubleshoot it

Without the hash it's difficult to say

As I'm not 100% sure what I'm looking at\ doing yet with the contents of a 7z hash I have sent you a PM with the hash I'm trying to break and an easy test hash I tried to make sure it wasn't me extracting something wrong.

J
Reply
#4
update: we verified that it's a too strict parser problem in seven_zip_parse_hash (), not the whole lengths are currently allowed because of token.len_max[8] and token.len_max[9] only allowing a lenght of 4 digits i.e. up to 9999.
Reply