Quote:
Originally Posted by ihmgsm  IMPORTANT
Look at that. Atom writes that salt is prepared from 15 digit IMEI with adding 00 in front and end. Which is the correct salt?
Here is the original post:
********************************
oclHashcat-lite SL3 cracking howto
I know we have a lot of new users from gsmhosting because of SL3 cracking. Welcome guys!
Before we get bombed with questions i decided to write a small howto.
Yes, the latest oclHashcat-lite is able to crack SL3! But please keep in mind oclHashcat-lite was not specially designed to crack SL3.
If you want an easy-to-use-one-click solution: buy one. There a diffrent commercial solutions out.
Ok, lets start:
1. AMD/ATI Users only: Get latest catalyst driver! Minimum 11.3. This step is absolutly neccessary otherwise you will not find the code and you will not get a error message!
2. Get oclHashcat-lite v0.2 from Homepage and unpack it
3. Open command shell window and cd to oclHashcat-lite installation directory
4. Get your hash (SHA1). Its a 40 char hex-encoded string and looks like this: 21b5e418af3de249677fbce2fa33db594a2b11a0
5. Get your salt (IMEA). Its a 12 char hex-encoded string and looks like this: 321521047837132
6. Prepare your salt. Prepare and Append 00 to the salt like this: 0032152104783713200
6. The following command starts oclHashcat-lite. Its a complicated looking string but its static, it does not change. The only thing that changes is your hash and your salt. The smart user put it into a .bat file!
oclHashcat64.exe -m 101 -n 160 -1 00010203040506070809 --pw-min=15 --pw-max=15 --hex-charset --hex-salt --output-format=1 --output-file=out.txt 21b5e418af3de249677fbce2fa33db594a2b11a0:003215210 4783713200 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
The linux command is exactly the same. I will explain the parameters so you know what you are doing:
-m 101: This sets the hash-type of oclHashcat-lite. SL3 uses the sha1($pass.$salt) scheme.
-n 160: This is the workload-amplifier and its the most important flag that controls the Performance of the program. If you want more speed, raise it. If you want less speed, lower it. This is if your desktop is lagging to much.
-1 00010203040506070809: This binds the charset to our custom charset 1. SL3 uses only a small charset of ten chars (0-9, binary encoded)
--pw-min=15, --pw-max=15: We want to crack a Password with length 15. SL3 Passwords have a static length: 15. If you do not specify it starts with length 4 and ends with length 15. Its good in password cracking but useless in SL3.
--hex-charset: Tells oclHashcat-lite that our charset is given in hex
--hex-salt: Tells oclHashcat-lite that our salt is given in hex
--output-format=1: This is important! Otherwise the output is ascii encoded and useless for SL3
--output-file=out.txt: This is where the cracked pass is stored to
21b5e418af3de249677fbce2fa33db594a2b11a0:003215210 4783713200: The only thing that changes.
?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1: its our "mask". 15 times ?1 (which ist custom charset 1 we bound before)
Of course there are a lot of options to optimize the attack, use it in distributed mode, restore sessions... Stuff like that.
Please play around a bit with it before asking Questions. Its really not that hard.
--
atom
EDIT
*************************
OOPS!!!
He already correct his post. Salt is first 14 digit of IMEI whit adding 00 in front and end |
Here is correct IMEI Format... I will talk to atom and ask him to correct his mistake about 15 digit IMEI...
oclHashcat-lite64
AEC495E8205F5454E6F0CFA235082B20FC1DA82A:00
3593410303987300 -1 00010203040506070809 -m 101 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 --pw-min=15 --pw-max=15 -n 160 --hex-charset --hex-salt --output-format=1 --output-file=
359341030398734_COD.txt HASH: AEC495E8205F5454E6F0CFA235082B20FC1DA82A First 14 digit of IMEI: 35934103039873 So now you can see the amount of time left when you click "s" 1 day and 15 hours :O) 