-Stdout Option Failure
#1
I recently fired up an old mining rig after I found an old TrueCrypt file that I wanted to gain access to. I'm pretty confident my password is around 15 digits and even bruteforcing that with 7 GPUs isn't realistic as far as I can tell.

I've been playing with settings for the past several days and I've come down to:

Code:
sudo hashcat --status --outfile out.txt --outfile-format 2 --session ses_TC -O -w 3 --custom-charset1 custom.hcchr --increment --increment-min=1 --increment-max=8 -a 6 dict.dict ?1?1?1?1?1?1?1?1

I'm also guessing on the encryption I used so I may need to run this multiple times with different "- m" values

The problem with this is it only utilizes 1 GPU and instead of taking an hour or two to process thru the 8 or 9 so remaining characters I think I need it is going to take weeks or months.  My dictionary file only has about ~10 or so phrases/words I probably would have used to begin the password, the remaining 8 digits could be anything. 

I've read a bunch about the --stdout however when I add it to my code it appears to be starting up then I get a crash and another generic message about failure to allocate swap storage I cannot find anything helpful about.

Code:
sudo hashcat --status --outfile out.txt --outfile-format 2 --session ses_TC -O -w 3 --custom-charset1 custom.hcchr --increment --increment-min=1 --increment-max=8 -a 6 dict.dict ?1?1?1?1?1?1?1?1 --stdout | sudo hashcat -m 6211 TC
hashcat (v5.1.0) starting...

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: Ellesmere, 3263/4090 MB allocatable, 36MCU
* Device #2: Ellesmere, 3256/4082 MB allocatable, 36MCU
* Device #3: Ellesmere, 4048/8178 MB allocatable, 36MCU
* Device #4: Ellesmere, 3256/4082 MB allocatable, 36MCU
* Device #5: Ellesmere, 3256/4082 MB allocatable, 36MCU
* Device #6: Ellesmere, 4048/8178 MB allocatable, 36MCU
* Device #7: Ellesmere, 3256/4082 MB allocatable, 36MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 64

Watchdog: Temperature abort trigger set to 90c

Starting attack in stdin mode...

Session..........: hashcat
Status...........: Running
Hash.Type........: TrueCrypt PBKDF2-HMAC-RIPEMD160 + XTS 512 bit
Hash.Target......: TC
Time.Started.....: Tue Jan  5 16:15:44 2021 (9 secs)
Time.Estimated...: Tue Jan  5 16:15:53 2021 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........:        0 H/s (0.00ms) @ Accel:32 Loops:32 Thr:64 Vec:1
Speed.#2.........:        0 H/s (0.00ms) @ Accel:32 Loops:32 Thr:64 Vec:1
Speed.#3.........:        0 H/s (0.00ms) @ Accel:32 Loops:32 Thr:64 Vec:1
Speed.#4.........:        0 H/s (0.00ms) @ Accel:32 Loops:32 Thr:64 Vec:1
Speed.#5.........:        0 H/s (0.00ms) @ Accel:32 Loops:32 Thr:64 Vec:1
Speed.#6.........:        0 H/s (0.00ms) @ Accel:64 Loops:16 Thr:64 Vec:1
Speed.#7.........:        0 H/s (0.00ms) @ Accel:32 Loops:32 Thr:64 Vec:1
Speed.#*.........:        0 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-32
Restore.Sub.#2...: Salt:0 Amplifier:0-0 Iteration:0-4
Restore.Sub.#3...: Salt:0 Amplifier:0-0 Iteration:0-16
Restore.Sub.#4...: Salt:0 Amplifier:0-0 Iteration:0-16
Restore.Sub.#5...: Salt:0 Amplifier:0-0 Iteration:0-32
Restore.Sub.#6...: Salt:0 Amplifier:0-0 Iteration:0-16
Restore.Sub.#7...: Salt:0 Amplifier:0-0 Iteration:0-32
Candidates.#1....: [Copying]
Candidates.#2....: [Copying]
Candidates.#3....: [Copying]
Candidates.#4....: [Copying]
Candidates.#5....: [Copying]
Candidates.#6....: [Copying]
Candidates.#7....: [Copying]
Hardware.Mon.#1..: Temp: 32c Fan: 33% Core: 300MHz Mem: 300MHz Bus:8
Hardware.Mon.#2..: Temp: 30c Fan: 33% Core: 300MHz Mem: 300MHz Bus:8
Hardware.Mon.#3..: Temp: 22c Fan: 33% Core: 300MHz Mem: 300MHz Bus:8
Hardware.Mon.#4..: Temp: 29c Fan: 33% Core:1000MHz Mem: 300MHz Bus:16
Hardware.Mon.#5..: Temp: 31c Fan: 33% Core: 300MHz Mem: 300MHz Bus:8
Hardware.Mon.#6..: Temp: 27c Fan: 33% Core: 300MHz Mem: 300MHz Bus:8
Hardware.Mon.#7..: Temp: 29c Fan: 33% Core: 300MHz Mem: 300MHz Bus:8


ATTENTION! Read timeout in stdin mode. The password candidates input is too slow:
* Are you sure that you are using the correct attack mode (--attack-mode or -a)?
* Are you sure that you want to use input from standard input (stdin)?
* If so, are you sure that the input from stdin (the pipe) is working correctly and is fast enough?


[ 727.883964] Killed process 2066 (hashcat (hashcat) total-vm3712192kB, anon-rss1285700kB, file-rss:0kb, shmem-rss:0kb
[ 728.945995] [TTM] Failed allocating Swap Storage


If anyone has any ideas I would appreciate it, if any more info is needed please also let me know.
Reply
#2
Clean up your command. When using --outfile with --stdout hashcat will write the words to your outfile instead. Also -w3 -O --status --session and other stuff don't make sense with --stdout.
Reply
#3
(01-05-2021, 07:41 PM)undeath Wrote: Clean up your command. When using --outfile with --stdout hashcat will write the words to your outfile instead. Also -w3 -O --status --session and other stuff don't make sense with --stdout.

Thanks for the reply, I updated to
Code:
sudo hashcat --custom-charset1 custom.hcchr --increment --increment-min=6 --increment-max=9 -a 6 dict.dict ?1?1?1?1?1?1?1?1 --stdout | sudo hashcat -m 6211 TC
 

Now after it initializes I get a "Out of memory: kill process (hashcat)"

I watched my physical memory + the swap file and re-ran the above command and I don't see hashcat using more than maybe 30% of the available memory before it gives up and kills the process. I also threw in another 4GB stick of RAM as I only had 4GB initially but I still get the same error.
Reply
#4
That's exactly the reason why mining rigs have never been recommended for running hashcat. hashcat needs a bit of ram (as much as it needs vram), especially for the more heavy algorithms.
Reply
#5
(01-05-2021, 11:02 PM)undeath Wrote: That's exactly the reason why mining rigs have never been recommended for running hashcat. hashcat needs a bit of ram (as much as it needs vram), especially for the more heavy algorithms.

Does that specific mode take up that much RAM?

I'm successfully running 
Code:
sudo hashcat -a 3 -O -w 4 -m 6211 TC --custom-charset1 000000 --custom-charset2 XXzxxXx --custom-charset3 Xxxxxxx0 ?1?1?1?1?1?1?1?2?2?3?3?3?3?3?3?3 -i --increment-min=15 --increment-max=16

But this is still going to take ~30 days on the mining rig, but it runs without any problem. This is technically more intensive then me trying to set the other way and use a dictionary word for the first 9 digits then guess the remaining 6.

I am just missing something else? is there another way to utilize all of the GPUs while using the wordlist (10 or so words) + a custom charset?

* just for the record I removed the actual characters I'm using for my charset with X's and 0's
Reply
#6
Mask attack is the only attack that requires a significantly smaller amount of (v)ram than all other attacks. It makes sense that you cannot run any attack other than pure mask attacks with a limited amount of ram.

Since you have only ten words or so you can run hashcat with a mask for each of those words where you prepend the fixed word to your mask. Mask performance with fixed prefixes is usually very poor but try for yourself. You might succeed with using -S but that probably requires more ram again.
Reply