Restoring a WPA session from hashcat 5.1.0 in 6.0.0?
#1
I've noticed 6.0.0 is quite a bit faster at brute forcing WPA.  I have a session (Hash.Type........: WPA-EAPOL-PBKDF2) running on hashcat 5.1.0 that's 10% done which I'd like to move to 6.0.0, but when I move the restore file and try to --restore I get:

Incompatible restore-file version

Is it possible to migrate a session between versions?  I haven't tried just changing the version number in the .restore file...

Apologies if it has been covered elsewhere, I did a quick search but couldn't find anything.

Fantastic tool by the way, especially with the recent performance increases Smile
Reply
#2
You could be lucky since the data itself that is stored was not changed directly (actually never changed for years, exactly for "compatibility reasons"... but see reason for updated versoin below), see changes (blame log):
https://github.com/hashcat/hashcat/blame...1786-L1799

The problem mainly is that hashcat 6.0.0 has many new options and some command line arguments also changed a little bit etc and therefore they might be not compatible. That is why the development team decided to bump up the minium .restore format number required to 600:
https://github.com/hashcat/hashcat/commi...4c52555R18


The details about the .restore format can be found here:
https://hashcat.net/wiki/doku.php?id=restore#screenshot

and to change some options (for advanced users only, need to use the perl interpreter), you could try to use this:
https://github.com/philsmd/analyze_hc_restore

(the perl file that you need to download and run is https://raw.githubusercontent.com/philsm...restore.pl)

before making any changes to the .restore file, I would of course recommend to make backups of the files (maybe even of the whole old hashcat folder including wordlist hashes etc). and only afterwards begin to tamper with the .restore file.
What needs to be changed for sure is the restore format number, the hashcat binary paths and command (even cwd might need to be changed, depending on the local paths you use).

the binary for instance also changed from hashcat64.exe to hashcat.exe (or hashcat64.bin to hashcat.bin on linux)... all these changes need to be reflected also in the updated .restore file

with this code you will get all the options:
Code:
perl analyze_hc_restore.pl hashcat.restore

with this command you will see all the options:
Code:
perl analyze_hc_restore.pl --help

again, this should normally only be used by advanced users and it might be dangerous if you don't have backups of your .restore files.
Reply
#3
Smile 
(06-17-2020, 03:08 PM)philsmd Wrote: What needs to be changed for sure is the restore format number, the hashcat binary paths and command (even cwd might need to be changed, depending on the local paths you use).

Thanks, that worked perfectly, I'm restoring where I left off but on version 6.0.0!  You were right, I had to modify the version, path and command line (name of the .exe - the command line options I used haven't changed).  I used your Perl tool.

Thanks again for the detailed reply, and the tool Smile
Reply