How to extract passcode from iphone 6s?

December 8, 2021, 8:13 pm

≫ Next: Crack WPA2 (.hc22000 file) with list not completing

≪ Previous: Debrief: Cracked Ethereum wallet - a beginners approach

$

0

0

у меня iphone 6s 
как экспортировать хэш-код доступа методом 26500?

https://github.com/tihmstar/uido2hashcat
есть эта ссылка, а как со скриптом работать?
Я лично считаю, что надо сначала скомпилировать этот скрипт, потому что он на C ++, а уже потом запускать, а потом понятия не имею, что там

---

Crack WPA2 (.hc22000 file) with list not completing

December 2, 2021, 7:27 am

≫ Next: Separator Unmatched using Output Formats

≪ Previous: How to extract passcode from iphone 6s?

$

0

0

I have a WPA2 hash file .hc22000 (so mode 22000) but when I try to find the password located in a small list of 5 words it just keeps running but doesn't complete it. I let the command run for an hour before closing it, it kept loading on "Initializing backend runtime for device #1. Please be patient...". I'm using the command:
"hashcat -a 0 -m 22000 hashfile.hc22000 wordlist.txt". Does someone have experience with these .hc22000 files or maybe something wrong with my command?

The hash looks like following:
"WPA*02*<bunch of letters and numbers with a * from time to time>*02"

Text file looks like following:
"
RandomWord
anotherRandomWord
password
notMyPassword
another
"

The command is running when I'm in the folder of hashcat (hashcat-6.2.5) and the files used are located in this folder as well. I get no error codes except  "nvmlDeviceGetFanSpeed(): Not Supported" but this shouldn't be an issue from what I've read.

I'm using a i7-9750h and RTX2060 so you would expect that it wouldn't take that long to get a hash from a 5 word long list (let alone a huge list like rockyou).

P.S. I'm new to hashcat so it's possible I'm missing some obvious steps.

Separator Unmatched using Output Formats

December 9, 2021, 2:22 am

≫ Next: How does hashcat calculate Time.Estimated?

≪ Previous: Crack WPA2 (.hc22000 file) with list not completing

$

0

0

I'm puzzled as to why I cannot get the output-formats working and require assistance.

OS: Debian Buster
Hashcat Version: v6.2.5-21-g0bf0414dc

I get slightly different messages with a 5600 to a 1000 hash. (i have tried doing all the format types to test also 1 - 15)
Could someone give an example of the correct syntax please?


Using the examples hashes:

5600 Hash

$ cat 5600.hash
admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030

$ cat 5600.hash.pot
ADMIN::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030:hashcat

So I have confirmed I have cracked this example hash and can see it in the potfile as expected.

hashcat -m 5600 --potfile-path 5600.hash.pot --show  --username --outfile-format=2 5600.hash
Hashfile '5600.hash' on line 1 (admin:...85f78d013c31cdb3b92f5d765c783030): Separator unmatched
No hashes loaded.

Why am I getting this error with a 5600 hash?

----------------------------------------------------------------------------------------------------

If I do the same test with a NTLM 1000 hash

$ cat 1000.hash.pot
b4b9b02e6f09a9bd760f388b67351e2b:hashcat

$ cat 1000.hash
b4b9b02e6f09a9bd760f388b67351e2b

hashcat -m 1000 --potfile-path 1000.hash.pot --show  --username --outfile-format=2 1000.hash
Failed to parse hashes using the 'native hashcat' format.
No hashes loaded.

How does hashcat calculate Time.Estimated?

December 9, 2021, 3:46 am

≫ Next: hipDeviceGetAttribute error on 6.2.5

≪ Previous: Separator Unmatched using Output Formats

$

0

0

Hi
I've modified the hash type 14000 to do output feedback where the output of one round of DES is fed into the input of the next round. The code works and cracks my test hashes, however I think running the DES round multiple times has messed with the brain part of hashcat somehow. As you can see below hashcat thinks my GTX3080 ti can hash DES at 430 GH/s which isn't the case at all. Also that keyspace I am testing should take about an hour or so to run but as you can see it thinks it will run in 18 minutes. 

Another thing I noticed is it doesn't actually find the password after the run completes however if I provide more of the password it does find the password. I'm thinking that passwords are being skipped. 

Any suggestions as to why it may be acting this way?

Code:

Session..........: hashcat
Status...........: Running
Hash.Name........: DES-OFB
Hash.Target......: xxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxx
Time.Started.....: Thu Dec 09 16:50:26 2021, (8 mins, 4 secs)
Time.Estimated...: Thu Dec 09 17:08:41 2021, (10 mins, 11 secs)
Guess.Mask.......: 01?1?1?1?1?1?1?1 [8]
Guess.Charset....: -1 charsets/DES_full.hcchr, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  430.3 GH/s (5.25ms) @ Accel:512 Loops:1024 Thr:64 Vec:1
Speed.#2.........: 84013.5 MH/s (6.90ms) @ Accel:512 Loops:1024 Thr:64 Vec:1
Speed.#*.........:  514.3 GH/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 248599417978880/562949953421312 (44.16%)
Rejected.........: 0/248599417978880 (0.00%)
Restore.Point....: 15169617920/34359738368 (44.15%)
Restore.Sub.#1...: Salt:0 Amplifier:5120-6144 Iteration:0-1024
Restore.Sub.#2...: Salt:0 Amplifier:6144-7168 Iteration:0-1024
Candidates.#1....: $HEX[010151616e61896e] -> $HEX[01fe5efefe3e896e]
Candidates.#2....: $HEX[010161616eb58370] -> $HEX[01fe6efefefe856e]
Hardware.Mon.#1..: Temp: 67c Fan:100% Util: 96% Core:1902MHz Mem:9242MHz Bus:16
Hardware.Mon.#2..: Temp: 52c Fan:100% Util: 87% Core:1787MHz Mem:4513MHz Bus:4

hipDeviceGetAttribute error on 6.2.5

December 9, 2021, 12:54 pm

≫ Next: help to identify hash type

≪ Previous: How does hashcat calculate Time.Estimated?

$

0

0

I upgraded from 6.2.4 to version 6.2.5 and I started getting an error: hipDeviceGetAttribute(): 1
There is no error on version 6.2.4

help to identify hash type

December 10, 2021, 3:39 am

≫ Next: Separator unmatched for hmac sha512

≪ Previous: hipDeviceGetAttribute error on 6.2.5

$

0

0

HI, im in trouble with hash type identify.

please help to get proper hashtype

Code:

dcd0a0b69c950bc2aa9dc81b1a299af605a52034b7cb2db104c961a0616bce7b:d6f15367513f554ceb2351a4d3b916c6bf3677bb493f6768519f6b34b31c3c9f

passwd is:
Qwerty123

also here is another hash with salt and login:

Code:

inoff:8b21e1e2b3027413f8275f7bba8f5578c5fe48586d03fc4b79061d03840eb725:0789f6ac6db3339ff762051030b00f66e00b9d8d938afad152ca5130e205d330

passwd is newdream


looks like sha256, but no luck.

Separator unmatched for hmac sha512

December 10, 2021, 6:25 am

≫ Next: Recovering old Scatter wallet (EOS)

≪ Previous: help to identify hash type

$

0

0

Consider the following

python script:

Code:

#!/usr/bin/env python
import hashlib
import hmac


def to_hash(raw):
    return hmac.new(raw.encode("utf-8"),
                    digestmod=hashlib.sha512).digest().hex()


if __name__ == "__main__":
    raw_pass = "123456"
    h = to_hash(raw_pass)
    with open("hlist", "w") as lf:
        lf.write(h)

output file:

Code:

$ cat hlist
d3f2f066f0da13b4cd51085457a9c50f4dfc3ddc2b790133d49f6a11bd048ab7bf4292abaae52d5c2841f7eda24f51bce0858ef75dd0ee02283c73783d63c6a4%

password list file:

Code:

$ cat pass_list
qwerty
123456
zxcvbn

command:

Code:

$ hashcat -m 1750 -a 0 hlist pass_list

output

Code:

hashcat (v6.2.5) starting

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 11.5)
====================
* Device #1: NVIDIA GeForce RTX 2060, 5559/5933 MB, 30MCU

OpenCL API (OpenCL 3.0 CUDA 11.5.100) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce RTX 2060, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashfile 'hlist' on line 1 (d3f2f0...e0858ef75dd0ee02283c73783d63c6a4): Separator unmatched
No hashes loaded.

Started: Fri Dec 10 17:15:01 2021
Stopped: Fri Dec 10 17:15:01 2021

---

without -m option:

Code:

$ hashcat -a 0 hlist pass_list

output is:

Code:

The following 7 hash-modes match the structure of your input hash:

      # | Name                                                | Category
  ======+=====================================================+============================
==========
  1700 | SHA2-512                                            | Raw Hash
  17600 | SHA3-512                                            | Raw Hash
  11800 | GOST R 34.11-2012 (Streebog) 512-bit, big-endian    | Raw Hash
  18000 | Keccak-512                                          | Raw Hash
  6100 | Whirlpool                                          | Raw Hash
  1770 | sha512(utf16le($pass))                              | Raw Hash
  21000 | BitShares v0.x - sha512(sha512_bin(pass))          | Cryptocurrency Wallet

I tried them all, they don't return errors, but simply fail to find password
example:

Code:

$ hashcat -m 1700 -a 0 hlist pass_list

output:

Code:

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 1700 (SHA2-512)
Hash.Target......: d3f2f066f0da13b4cd51085457a9c50f4dfc3ddc2b790133d49...63c6a4
Time.Started.....: Fri Dec 10 17:20:04 2021 (0 secs)
Time.Estimated...: Fri Dec 10 17:20:04 2021 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (pass_list)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    16228 H/s (0.02ms) @ Accel:1024 Loops:1 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 3/3 (100.00%)
Rejected.........: 0/3 (0.00%)
Restore.Point....: 3/3 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: qwerty -> zxcvbn
Hardware.Mon.#1..: Temp: 50c Fan:  0% Util:  8% Core:1365MHz Mem:6801MHz Bus:16

---

please help: I am out of touch? Or it's the hashcat who is wrong?

Recovering old Scatter wallet (EOS)

December 11, 2021, 8:54 am

≫ Next: Token processing question

≪ Previous: Separator unmatched for hmac sha512

$

0

0

A friend of mine has turned to me for recovering his wallet. He only has the old .json but forgot everything else. The .json can be unlocked when you fill out a password prompt and is different from the public/private key of a "normal" crypto-wallet.

This is the structure of the scatter.json:

{"iv":"n6BfNLnLmiSNKTG5R3sCMA=="
"salt":"ebkL9wmntc8="
"ct":FUCrfl+0EqTJQErgavm6Zh8DG+xUlE5ClLkCpHoqKx54BWI+eh5gJVl2j58z5Wf1kAGrwaeKHGL+TUM4dvy8AhBK19PPSd/- this goes on for a long time ending with }

Then comes the interesting part immediately after '}'. 

|SLT|b6a8087434adbe09099a0b863bd632808b30ddda34ba30d1cdccbbad9aa4b60b

I suspect this to be a SHA-256 hash of the wallet password but I am not sure of this at all. I tried cracking it but to no avail. 

Any help would be greatly appreciated! The developer of this wallet has sadly blocked me because he did not want to help.

Ethscan of the movement of the tokens from Ethereum to the WAX-Chain wallet:

https://etherscan.io/address/0x378e857bc...f6a5ea0935

 

---

Token processing question

December 5, 2021, 3:42 am

≫ Next: unfeasible wordlists

≪ Previous: Recovering old Scatter wallet (EOS)

$

0

0

I have the following password candidate:

word1word2word3word4word5word6word7word8word9word10word11word12word13word14word15word16

Each actual word length is different and I have a few options for each numbered word (so word1 could be 5-6 different options) and one of the words could have some capitalization in place.

I'm looking for a token processor that can help me represent this in an easy way so that I could either feed it directly to hashcat, or create a word list to then feed it with mode 0.

To give a concise example (using only 4 words, to keep it simple), I'm currently using BTCRecover tokenlists, which works great but is extremely slow:

Code:

+ ^1^word1 ^1^Word1 ^1^wOrd1 ^1^word11 ^1^Word11 ^1^wOrd11
+ ^2^word2 ^2^Word2 ^2^wOrd2 ^2^word22 ^2^Word222 ^2^wordddd222 ^2^worD2
+ ^3^woRD3 ^3^word3 ^3^Word3 ^3^w0rd3 ^3^WORD3 ^3^word33 ^3^Word333
+ ^4^WORd44 ^4^word4 ^4^woRD44 ^4^wOrd4 ^4^WORD4 ^4^Word444 ^4^word4444

Is there any processor I can use that takes a similar input in a way that will allow me to set anchors for the positions, set multiple variations and feed back to hashcat?

Thanks in advance.

unfeasible wordlists

December 11, 2021, 3:39 pm

≫ Next: how do I turn my mykey.backup file into a hash?

≪ Previous: Token processing question

$

0

0

I do use wordlist password generation software on windows that always generates a heap of unsorted, unpractical words that I end up wasting the time the cracking session has had. that is to say, I do know the WIFI password, and by choosing a charset based on that password pattern, the software comes never to produce that specific password that I'm looking for, only similar ones; because I didn't want to launch a worthless session. Upon completion of the generation process, I search within the wordlist file for the password but in vain.

how do I turn my mykey.backup file into a hash?

December 12, 2021, 4:29 am

≫ Next: Quadro RTX 8000 48 GB or Geforce RTX 3090 24 GB ?

≪ Previous: unfeasible wordlists

$

0

0

I have a mykey.backup file but its written in the following format. 

-----BEGIN TENDERMINT PRIVATE KEY-----
kdf: bcrypt
salt: xxxxxxxxxxxxxxx
type: secp256k1

AZR4zB8FPeh+v+8DgE2dH/xxxxxxx/xxxxxxxxxx+zSxlX/XU=
=NvMn

-----END TENDERMINT PRIVATE KEY-----

I replaced some of the characters with x for security reasons. 
I am trying to crack a crypto wallet that I lost the password to that is neither ethereum or bitcoin, please help.

Quadro RTX 8000 48 GB or Geforce RTX 3090 24 GB ?

December 12, 2021, 8:10 am

≫ Next: Why are there different speeds?

≪ Previous: how do I turn my mykey.backup file into a hash?

$

0

0

What's better? 1 or 2?


Quadro RTX 8000 48 GB
or
Geforce RTX 3090 24 GB

Why are there different speeds?

December 12, 2021, 9:50 am

≫ Next: *.VHDX Bitlocker -> Hash-Extraction

≪ Previous: Quadro RTX 8000 48 GB or Geforce RTX 3090 24 GB ?

$

0

0

I use 2611 method and -O
I have RX 550 

Benchmark: 708.0 MH/s
Just bruteforce: 98491.4 kH/s

Why?

*.VHDX Bitlocker -> Hash-Extraction

December 13, 2021, 3:52 am

≫ Next: Custom mask

≪ Previous: Why are there different speeds?

$

0

0

Hello,
is it possible to extract a Bitlocker Hash from a *.vhdx encrypted image file?
(No OS, only data partition)


Thank you.

Custom mask

December 13, 2021, 1:29 pm

≫ Next: Reuse of rejected passwords by optimized kernel -O

≪ Previous: *.VHDX Bitlocker -> Hash-Extraction

$

0

0

Hello everyone,

In 2018 i locked a 66 ethereum wallet inside a zip file with a password , i thought i was being careful and i used i pretty long password. the laptop keyboard was french and from what i can remember, i generated a more like regex mask, but i cant seem to have it work on hashcat, i have read the documentation and couldn't convert it to hashcat usable mask. Any help would be appreciated, thank you.

Here is the mask in jtr format:

[cC][vV][@à0À][Ee€][Tt][Hh][nN][Oo][Tt][1&][2Éé~][3#"][\.;][0@àÀ]

---

Reuse of rejected passwords by optimized kernel -O

December 13, 2021, 3:16 pm

≫ Next: rar5 multiple hashes

≪ Previous: Custom mask

$

0

0

If you run -O (optimized Kernel), passwords over 31 letters will be rejected, which is very handy. Is there any savvy way/flag to re-run from command line the rejected passwords on non optimized kernel (no -O)? Like ignore/reject passwords below 31letters.

rar5 multiple hashes

December 15, 2021, 11:20 am

≫ Next: [RFC] Carmageddon cheat retrieval

≪ Previous: Reuse of rejected passwords by optimized kernel -O

$

0

0

Hi,

I have a password protected rar5.
rar2john gives me 38k lines.

I haven't been able to create a rar archive that contains multiple hashes.

Do you have an idea how to create one?

Thanks

[RFC] Carmageddon cheat retrieval

December 16, 2021, 6:28 am

≫ Next: Wrong WPA password

≪ Previous: rar5 multiple hashes

$

0

0

Hello,



Recently we've begun looking into reverse engineering the old venerable Carmageddon game.

As part of this, we found hashes of cheat codes in the binary.



The game engine applies a hash function on the recent keys and looks into a table for matches.

This avoids putting the cheat codes as strings into the binary.



I've created a hashcat module to find matches, at https://github.com/madebr/hashcat/tree/carmageddon.

I'm interested in feedback about ways to speed it up.


The c equivalent of the hashing algorithm can be found below.
It only accepts lower case letters [a-z].

Code:

#include <ctype.h>

#include <stdint.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>



typedef struct {

  uint32_t sum;

  uint32_t code1;

  uint32_t code2;

} state_t;



typedef struct {

  uint32_t code1;

  uint32_t code2;

} hash_t;



void

hash_reset(state_t *state) {

  memset(state, 0, sizeof(state_t));

}



void

hash_update(state_t *state, const char *txt) {

  while (*txt != '\0') {

    uint8_t letterCode = tolower(*txt) - 'a' + 22;

    state->sum += letterCode;

    state->code1 += letterCode << 11;

    state->code1 = (state->code1 >> 17) + (state->code1 << 4);

    state->code2 = (state->code2 >> 29) + (state->code2 << 3) + letterCode * letterCode;

    txt += 1;

  }

}



void

hash_digest(const state_t *state, hash_t *hash) {

hash->code1 = (state->code1 >> 11) + (state->sum << 21);

hash->code2 = state->code2;

}



int main(int argc, char *argv[]) {

  if (argc == 1) {

#ifdef _WIN32

    fprintf(stderr, "Need at least one argument\n");

    return 1;

#else

    char *line = NULL;

    size_t lineSize = 0;

    while (!feof(stdin)) {

      ssize_t nb = getline(&line, &lineSize, stdin);

      line[nb - 1] = '\0';

      printf("got '%s'\n", line);

    }

    free(line);

    return 0;

#endif

  }

  state_t state;

  hash_t hash;

  for (int i = 1; i < argc; i += 1) {

    hash_reset(&state);

    hash_update(&state, argv[i]);

    hash_digest(&state, &hash);

    printf("%08x:%08x %s\n", hash.code1, hash.code2, argv[i]);

  }

  return 0;

}

Wrong WPA password

December 16, 2021, 6:35 am

≫ Next: Why kernel restrict min and max pass length

≪ Previous: [RFC] Carmageddon cheat retrieval

$

0

0

Hi,

I tried hashcat to crack my own router wpa2 pass, but it is giving the wrong password, while if I use aircrack-ng for the same .cap and wordlist, then I will get the right password.

Code:

hashcat -m 22000 -w 3 -d 1 wpa_handshake-01-tplink5g.hccapx wordlist2.txt

Code:

Session..........: hashcat
Status...........: Cracked
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: wpa_handshake-01-tplink5g.hccapx
Time.Started.....: Thu Dec 16 14:14:07 2021 (9 secs)
Time.Estimated...: Thu Dec 16 14:14:16 2021 (0 secs)
Guess.Base.......: File (wordlist2.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    17098 H/s (55.65ms) @ Accel:1024 Loops:512 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests
Progress.........: 233773/468750 (49.87%)
Rejected.........: 78125/233773 (33.42%)
Restore.Point....: 225581/468750 (48.12%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 38428533 -> 38882284

While aircrack-ng returns the correct password:

Code:

aircrack-ng wpa_handshake-01.cap -w wordlist2.txt

...

Code:

KEY FOUND! [ 38432583 ]

--------
versions:

Code:

hashcat version v6.1.1
aircrack-ng version 1.6
OS: The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) GNU/Linux Rolling 2021.1
Codename: The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)-rolling

I attached my wordlist2.txt and other files

  files.zip (Size: 731.99 KB / Downloads: 1)

Why kernel restrict min and max pass length

December 16, 2021, 7:25 pm

≫ Next: MSI Radeon RX 6600 XT 8 GB MECH 2X OC Video Card good for hashcat?

≪ Previous: Wrong WPA password

$

0

0

Hello there!

Currently i am trying to find pass to 2003 office .xls file.

As predicted first thing first i extracting hash from it. In order to do that i am using JTR with specific command:

Code:

./office2john.py '/data/Dima/Programs/Password_Crack/john/run/test.xls' > test.hash

Next i am looking which hash mode must be used. Since hash file says:

Code:

$oldoffice$0

i am assuming that proper mode is 9700.

Last thing is to create right command which looks like this:

Code:

hashcat -a 3 -m 9700 -D 1,2 -i --increment-min=1 --increment-max=5 --status -o pass.txt test.txt -1 \?a \?1\?1\?1\?1\?1

And it works as i intend.

Code:

Minimum password length supported by kernel: 0

Maximum password length supported by kernel: 15

Here comes the first question: Can someone explain it to me in simple manner or give link to page where i can read about it myself?

Next question appeared when i looked at benchmarks from other. In those benchmarks i saw that mode 9710 have more performance than 9700.

Code:

Hashmode: 9700 - MS Office <= 2003 $0/$1, MD5 + RC4

Speed.#1.........:  1142.7 MH/s (72.61ms) @ Accel:64 Loops:512 Thr:32 Vec:1

Hashmode: 9710 - MS Office <= 2003 $0/$1, MD5 + RC4, collider #1

Speed.#1.........:  1637.7 MH/s (50.08ms) @ Accel:256 Loops:128 Thr:32 Vec:1

And after i tried to run with mode 9710 output showed this:

Code:

Minimum password length supported by kernel: 5

Maximum password length supported by kernel: 5

And even there is was performance increase i cant understand why min and max is 5. Why not 7, 12 or from 4 to 9? Does it means that i am using wrong mode and can not get extra speed boost?

The full output of commands in the attached files
  output.txt (Size: 9.11 KB / Downloads: 2) .