Simple Dictionary Test
#1
Hi,

I'm trying out a simple dictionary attack test. I have an Ethereum wallet I just created with Mist. I used that John the ripper python script to get the hash and put it in hash3.txt. I have the password followed by a newline in guesses.txt.  I run this command:

Code:
hashcat -m 15700 hash3.txt guesses.txt

And it appears to load the dictionary but doesn't seem to succeed. Does anyone have any suggestions?

Code:
hashcat (v5.1.0) starting...

OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i9-9980HK CPU @ 2.40GHz, skipped.
* Device #2: Intel(R) UHD Graphics 630, 384/1536 MB allocatable, 24MCU
* Device #3: AMD Radeon Pro 5500M Compute Engine, 1020/4080 MB allocatable, 24MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

* Device #2: Skipping unstable hash-mode 15700 for this device.
            You can use --force to override, but do not report related errors.
* Device #3: Skipping unstable hash-mode 15700 for this device.
            You can use --force to override, but do not report related errors.
Dictionary cache hit:
* Filename..: guesses.txt
* Passwords.: 1
* Bytes.....: 11
* Keyspace..: 1

Session..........: hashcat                     
Status...........: Exhausted
Hash.Type........: Ethereum Wallet, SCRYPT
Hash.Target......: $ethereum$s*262144*8*1*68d970bdfa9f074c516862b7eaa9...cffa62
Time.Started.....: Tue May 19 22:09:10 2020 (0 secs)
Time.Estimated...: Tue May 19 22:09:10 2020 (0 secs)
Guess.Base.......: File (guesses.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#*.........:        0 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/1 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)

Started: Tue May 19 22:09:10 2020
Stopped: Tue May 19 22:09:11 2020

[color=#333333][size=small][font=Tahoma, Verdana, Arial, sans-serif]
[/font][/size][/color]
Reply
#2
It's in your output:
Code:
Skipping unstable hash-mode 15700 for this device.

It's literally saying that there is a driver problem with your specific device (Apple driver for AMD GPU and Apple driver for Intel GPU)... You could try to test with your CPU with --opencl-device-types 1

or maybe even better, try to test with a more performant (and not that broken, in terms of OpenCL driver support) GPU e.g. a windows (or even ubuntu linux) system with a modern NVIDIA GPU. but also note that scrypt is most of the time (depends of course on the make/model of the hardware and the amount of hardware) faster on modern CPU. so a modern i9 processor on linux/windows etc would probably be even better

There is little we can do here if the driver doesn't work (but the same code works witch each and every other driver/device/operating system etc)
Reply
#3
Thanks @philsmd. It doesn't say anything about Device #1 so I assumed that it could work on the CPU since devices 2 and 3 are graphics.
Reply
#4
When I pass the --opencl-device-types 1 flag, it skips the cpu and of course uses the graphics cards. This makes me think that there is something else going on. 

Code:
hashcat -m 15700 hash3.txt guesses.txt --opencl-device-types 1
hashcat (v5.1.0) starting...

OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i9-9980HK CPU @ 2.40GHz, 8192/32768 MB allocatable, 16MCU
* Device #2: Intel(R) UHD Graphics 630, skipped.
* Device #3: AMD Radeon Pro 5500M Compute Engine, skipped.

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

* Device #1: Skipping unstable hash-mode 15700 for this device.
            You can use --force to override, but do not report related errors.
Dictionary cache built:
* Filename..: guesses.txt
* Passwords.: 1
* Bytes.....: 11
* Keyspace..: 1
* Runtime...: 0 secs

Session..........: hashcat                     
Status...........: Exhausted
Hash.Type........: Ethereum Wallet, SCRYPT
Hash.Target......: $ethereum$s*262144*8*1*68d970bdfa9f074c516862b7eaa9...cffa62
Time.Started.....: Thu May 21 17:11:33 2020 (0 secs)
Time.Estimated...: Thu May 21 17:11:33 2020 (0 secs)
Guess.Base.......: File (guesses.txt)
Guess.Queue......: 1/1 (100.00%)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/1 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)

Started: Thu May 21 17:11:33 2020
Stopped: Thu May 21 17:11:34 2020

[color=#333333][size=small][font=Tahoma, Verdana, Arial, sans-serif]
[/font][/size][/color]
Reply
#5
did you try to test with the beta version from https://hashcat.net/beta/
Reply
#6
Thanks! It looks like there is a linux binary and windows executable in there. I'm not seeing a binary for macOS. I will build from master on GitHub and try it out.
Reply
#7
For the latest if any macOs users are curious
Code:
brew uninstall hashcat
brew install hashcat --HEAD

Success!

hashcat -m 15700 hash3.txt guesses.txt --opencl-device-types 1 --show

Where is it storing the result so that --show is required?

For other newbs. I cleared my console too quickly and wanted to run again to see the results. You can run with --potfile-disable to get it to run through the process again: hashcat -m 15700 hash3.txt guesses.txt --opencl-device-types 1 --potfile-disable
Reply