QNX -m 19200 Salt Length
#1
I've got a QNX 512 hash from a real system, and now that I've verified I can run the test hash on my system I've discovered an issue with my hash or with hashcat.

My hash is in the format of @S@[Base64 string, that I've converted to hex and it's the right length]@YzY5NjU0N2M3YjIxMTM3MjI2MTYwMzE0MGRkMjMzMDc=

My issue is with the length of the salt.  If I convert straight from base64, it's hex compliant as c696547c7b211372261603140dd23307 but that doesn't fit within the hashcat source code declaration of the hash tokens 

Code:
token.token_cnt  = 4;
  token.sep[0]    = '@';
  token.len_min[0] = 0;
  token.len_max[0] = 0;
  token.attr[0]    = TOKEN_ATTR_VERIFY_LENGTH;
  token.sep[1]    = '@';
  token.len_min[1] = 1;
  token.len_max[1] = 8;
  token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH;
  token.sep[2]    = '@';
  token.len_min[2] = 32;
  token.len_max[2] = 128;
  token.attr[2]    = TOKEN_ATTR_VERIFY_LENGTH
                  | TOKEN_ATTR_VERIFY_HEX;
  token.sep[3]    = '@';
  token.len_min[3] = 8;
  token.len_max[3] = 16;
  token.attr[3]    = TOKEN_ATTR_VERIFY_LENGTH;

which expects either a length of 8 or 16 and I'm at 32 (if I assume it isn't hex and that's a happy coincidence or 64)

Just for kicks, I copied the salt from the test hash and once the salt is 16 long hashcat has no token length exceptions.
Reply
#2
maybe you can do some research on how many and what alternatives / variants exists. Are there different supported salt lengths etc for QNX.

yeah, the len above are the lengths within the hash file (so I guess you call it the "hex length", not the raw lengths).
Reply