How to crack Apple Secure Notes?
#1
I've extracted the hash via the tool from Johntheripple

Code:
NoteStore.sqlite:$ASN$*30*20000*f47190017f7edb0be98586d6ee102119*.....................:::::old

Tried to crack with the following command

Code:
Hashcat -m 16200 $ASN$*30*20000*f47190017f7edb0be98586d6ee102119*....................

and returns

Quote:hashcat (v5.1.0) starting...

OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz, skipped.
* Device #2: Intel(R) UHD Graphics 630, 384/1536 MB allocatable, 24MCU
* Device #3: AMD Radeon Pro 5500M Compute Engine, 1020/4080 MB allocatable, 24MCU

Hash '30*20000*f47190017f7edb0be98586d6ee102119*....................: Separator unmatched
No hashes loaded.

Started: Sun Jul 12 22:26:53 2020
Stopped: Sun Jul 12 22:26:53 2020


May I know did i execute wrongly? or what's the right way to use this?
Reply
#2
Wrap the hash in single quotes or save it in a text file, otherwise your shell will try to interpret some special characters and pass invalid data to hashcat.
Reply
#3
(07-12-2020, 04:33 PM)undeath Wrote: Wrap the hash in single quotes or save it in a text file, otherwise your shell will try to interpret some special characters and pass invalid data to hashcat.

Thanks for quick respond.
Yes, save to a file and it work. What about attack mode?

Anyone could suggest me the attack mode please.
Code:
ATTENTION! Read timeout in stdin mode. The password candidates input is too slow:
* Are you sure that you are using the correct attack mode (--attack-mode or -a)?
* Are you sure that you want to use input from standard input (stdin)?
* If so, are you sure that the input from stdin (the pipe) is working correctly and is fast enough?
Thanks!!!
Reply
#4
Code:
hashcat -m 16200 -a 0 -w 3 -r rules/best64.rule hash_file.txt word_list.txt
Reply
#5
(07-12-2020, 07:18 PM)philsmd Wrote:
Code:
hashcat -m 16200 -a 0 -w 3 -r rules/best64.rule hash_file.txt word_list.txt

Could anyone please help me to tune it to work with mask? 
I know that the password is variation of the word 'solitude' containing Uppercase, lowercase, numbers and special characters. 

I've tried things like 
Code:
hashcat -m 16200 -a 3 -1 SOLITUDEsolitude#)!%3015 ?1?1?1?1?1?1?1?1 -w 3 hashes.txt
hashcat -m 16200 -a 3 -1 SOLITUDEsolitude#)!%3015 ?1?1?1?1?1?1?1?1 -w 3 -r rules/best64.rule hashes.txt
and few other similar options but keep receiving the error messages like 
Code:
zsh: parse error near `)'
zsh: no matches found: ?1?1?1?1?1?1?1?1
macOS Big Sur, latest version of hashcat
Reply
#6
Put your custom charset between single quotes.
Reply
#7
(12-15-2020, 09:28 AM)Karamba Wrote: Put your custom charset between single quotes.

When I try 
Code:
hashcat -m 16200 -a 3 -1 'SOLITUDEsolitude#)!%3015' ?1?1?1?1?1?1?1?1 -w 3 hashes.txt
zsh: no matches found: ?1?1?1?1?1?1?1?1

When wrapping the mask with single quotes like this
Code:
hashcat -m 16200 -a 3 -1 'SOLITUDEsolitude#)!%3015' '?1?1?1?1?1?1?1?1' -w 3 hashes.txt
hashcat (v6.1.1-120-g15bf8b730) starting...
... ...
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hash '?1?1?1?1?1?1?1?1': Separator unmatched
No hashes loaded.
Reply
#8
Maybe the zsh is giving you a hard time. Change it to bash for example.
Reply
#9
zsh requires the ?1?1?1 to also be in quotes, that is correct, but you also need the ordering to be correct:

Code:
hashcat -m 16200 -a 3 -w 3 -1 'SOLITUDEsolitude#)!%3015' hashes.txt '?1?1?1?1?1?1?1?1'
Reply