Output: candidate + hash
#1
Hello,
i saw that FileVault-2 dont use a salt.

Actual i dont have a cracking job and my CPU is idling, so i want to make me a little Hash-table.
My preference is to precompile FileVault-2 hashes, so i only have to compare the hashes to find the password.

How is it possible to write to an outputfile something like:

candidate,hash

-stdout obly shows me the candidate Undecided
Reply
#2
-m 16700 = FileVault 2 does use a salt


hashcat doesn't really provide/have hashes generated on the host... only the OpenCL device (GPU or CPU) will compute the digest on that hardware accelerator directly... it would be WAY too slow to have those hashes on the host and to have a mechanism to being able to print them etc (disk I/O is just horrendously slow ! it just would make absolutely no sense in general). This is of course also due to the fact that hashcat is NOT a general hash generation tool (even though of course the kernel code is able to compute hashes to compare with).

That said, we have a tool that is able to generate hashes quite quickly (most of the time only disk I/O is the bottleneck, i.e. storing the hashes if you really have to)... and it is used like this
Code:
perl tools/test.pl passthrough 16700 dict.txt

test.pl is available within the hashcat source code (github repository for instance, or source code download from https://hashcat.net/hashcat). You would of course need to install all the needed perl modules (on linux you could just run: ./tools/install_modules.sh).

as you can see from the output of the test.pl run the FileVault "hashes" do have a 32 bytes salt. so your statement of no salt for -m 16700 is wrong (see example hashes here: https://hashcat.net/wiki/example_hashes)... and that is also why it makes no particular sense for -m 16700 to build some kind of rainbow table... which most of the time makes no sense these days
Reply
#3
Thank you.

I searched the internet for information about the salt but can‘t find Informationen about FileVault-2 „salt“ oder „allouwed charset“.

The examplehash from hashcat (-m 16700 —example-hash) also dont show a salt for pw „hashcat“, so i dreamed a little bit of a rainbowtable
Reply
#4
The format definitely uses a salt, just have a glance at the format in the test module: https://github.com/hashcat/hashcat/blob/...00.pm#L131

these are the compontents of the hash, the salt is embedded, as is version number, iteration count etc
Reply