10-09-2019, 05:49 PM
(This post was last modified: 10-09-2019, 07:16 PM by adamb70.
Edit Reason: typo
)
I have an MD5 hash I'm trying to crack, the password is 256 bytes long with 1-7 bytes in the range 0x00-0xFF, followed by a known salt, and the remainder of the 256 bytes is filled with null (0x00) bytes.
I have been trying to create a mask for this, but since I have to work with null bytes I'm force to use --hex-charset. This means that my mask will require 2 characters for each byte, which puts the length of my masks at 512 characters each, and it seems Hashcat won't process any mask over 256 characters long.
Since the salt isn't a concern right now, I'll ignore it for now and use `da8e187436ef310167021504d28c9b68` as an example hash. That's 0x41 (ASCII letter a) followed by 255 0x00 bytes and hashed.
My plan was to write a mask with the following structure (?2 refers to my custom charset, which is just 0x00)
For the salted version I would just put the salt bytes after the ?b's.
This would work fine and shouldn't take long to run, but unfortunately since two characters are needed for each byte I'm hitting the 256 mask character limit when I still have 256 more padding characters ("?2"*128) to add.
Is there any other way to apply null padding in order to fill out the full 256 byte array, or maybe another way of writing this altogether?
I have been trying to create a mask for this, but since I have to work with null bytes I'm force to use --hex-charset. This means that my mask will require 2 characters for each byte, which puts the length of my masks at 512 characters each, and it seems Hashcat won't process any mask over 256 characters long.
Since the salt isn't a concern right now, I'll ignore it for now and use `da8e187436ef310167021504d28c9b68` as an example hash. That's 0x41 (ASCII letter a) followed by 255 0x00 bytes and hashed.
Code:
md5(b'A\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
My plan was to write a mask with the following structure (?2 refers to my custom charset, which is just 0x00)
Code:
?b?2?2?2?2?2?2?2...... (and so on for the full 256 bytes)
?b?b?2?2?2?2?2?2......
?b?b?b?2?2?2?2?2......
?b?b?b?b?2?2?2?2......
?b?b?b?b?b?2?2?2......
?b?b?b?b?b?b?b?2......
For the salted version I would just put the salt bytes after the ?b's.
This would work fine and shouldn't take long to run, but unfortunately since two characters are needed for each byte I'm hitting the 256 mask character limit when I still have 256 more padding characters ("?2"*128) to add.
Is there any other way to apply null padding in order to fill out the full 256 byte array, or maybe another way of writing this altogether?