full parallel power of device
#1
Good Morning,
hashcat has been running a script for more than 10 hours on my daughter's MacBook Air
the script is : 
./hashcat -d 2 hash.txt -m 14800 -a 3 rockyou.txt

As I am monitoring the status, I have continuously the following message:
  • The wordlist or mask that you are using is too small.This means that hashcat cannot use the full parallel power of your device(s).Unless you supply more work, your cracking speed will drop.For tips on supplying more work, see: https://hashcat.net/faq/morework
  • Approaching final keyspace - workload adjusted. 


I went to the far/morework to see if I could use the full parallel power of the device but I am not sure what to do. 

Any help, please?
Thanks in advance
Session..........: hashcat
Status...........: Running
Hash.Name........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*0783521847d7acc15efeec094f40b44a...4d70b5
Time.Started.....: Mon Dec 23 06:16:04 2019 (8 mins, 47 secs)
Time.Estimated...: Mon Dec 23 06:24:51 2019 (0 secs)
Guess.Mask.......: 654321 [6]
Guess.Queue......: 17/14336792 (0.00%)
Speed.#2.........:        0 H/s (0.35ms) @ Accel:2 Loops:16 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 0/1 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:2688596-2688600
Candidates.#2....: 654321 -> 654321

 
Reply
#2
-a 3 means mask attack (https://hashcat.net/wiki/doku.php?id=mask_attack)

so what you basically did is run a dictionary (the dictionary attack would be -a 0) with -a 3, i.e. run each word in the mask file for -a 3 as a separate static/constant mask. This makes absoultely no sense.

-a 3 is for masks
-a 0 is for dictionaries

see --help
Reply
#3
1. you're likely not going to get very far with breaking the itunes backup password on a macbook air's internal gpu. it's intensive and slow. note your speed is 0 hashes per second.

a very low-end radeon gpu (radeon pro wx3200) will do 22 H/s. rockyou.txt is 14,344,391 candidates long. at 22 H/s this will take 8 full days to go through the list. at 1 H/s you are looking at 166 days to exhaust the wordlist. my 2019 macbook air does 2 H/s on the integrated gpu.

2. are you trying to run a dictionary attack (straight mode attack) using rockyou.txt? if so i think you mean
Code:
hashcat -a 0 -m 14800 $YOUR_TARGET_HASH rockyou.txt
.

if you have any idea what the password on your daughter's air is, it's probably better to make a mask attack with the parts you're unsure of to limit keyspace on such hardware.
Reply
#4
Thanks a lot for your support
As a matter of fact I running hashcat itunes backup password recovery for an Iphone, I do not have any more (only the backup).
I have stopped the script and rerun a new one with -a 0
now, the "cannot use full power .." message has disappeared.
just 55 days estimated...
Reply
#5
the guesses hashcat is making are assuming that the password used for the backup are ones that exist in rockyou.txt. rockyou.txt contains a lot of very simple passwords, so there is no guarantee that the password is one that exists in rockyou.txt. with slow hash constructs like itunes, you are best off trying to remember some part of the password. knowing even the length of the backup encryption password will tell you whether cracking this is feasible.

i think that is what is important to understand about hashcat. it is not decrypting or recovering anything. it is simply trying to guess the password for you based upon a list of passwords. you can run for 55 days and get nothing.
Reply
#6
Many Thanks!
I know that this Itunes backup password is 4 digits. I then tried a script with -a 3 and a mask: ?d?d?d?d
Now hashcat estimates a 1:31 run time....
Reply
#7
negative results, I give up.
So long...
Reply