Good morning, below is the issue I have been having and can’t seem to figure it out.
I have followed the directions in this YouTube video https://www.youtube.com/watch?v=J8A8rKFZW-M&t=526s
I searched posts on here for an answer and the only error I found was that I using -m 2500 instead of -m 22000
Any ideas would be greatly appreciated.
Thank you
C:hashcat-6.2.5>hashcat.exe -m 22000 -a3 wpa2.hccapx ?d?d?d?d?d?d?d?d?d
hashcat (v6.2.5) starting
Successfully initialized NVIDIA CUDA library.
Failed to initialize NVIDIA RTC library.
* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
Falling back to OpenCL runtime.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause «CL_OUT_OF_RESOURCES» or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL API (OpenCL 1.2 CUDA 11.1.114) — Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: GeForce RTX 2070 with Max-Q Design, 7168/8192 MB (2048 MB allocatable), 36MCU
OpenCL API (OpenCL 2.1 ) — Platform #2 [Intel(R) Corporation]
=============================================================
* Device #2: Intel(R) UHD Graphics, 13024/26135 MB (2047 MB allocatable), 24MCU
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashfile ‘wpa2.hccapx’ on line 1 (HCPX♦): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 2 (): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 3 (ä╚Ƶ¼ì=E1│⌡ƒ╩%╗9◄Xzσ╚╡▼░[7┴): Separator unmatched
∩±Zif┘╦ktcÇ↓y): Separator unmatchedc┐♫òíFd‼¬╔
Hashfile ‘wpa2.hccapx’ on line 5 (): Separator unmatched
∩±Zif┘╦ktcÇ↓): Separator unmatchedφc┐♫òíFd‼¬╔
Hashfile ‘wpa2.hccapx’ on line 7 (`U→φ(♀⌐╗▐í-]K░ÿ►E┤Ü↕î7y┌t¥←─_ÿ↕): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 8 (): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 9 (`U→φ(♀⌐╗▐í-]K░ÿ►E┤Ü↕î7y┌t¥←─_ÿ↕): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 10 (): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 11 (): Separator unmatched
Hashfile ‘wpa2.hccapx’ on line 12 (): Separator unmatched
No hashes loaded.
Started: Fri Jan 07 09:12:39 2022
Stopped: Fri Jan 07 09:12:41 2022
Posts: 935
Threads: 2
Joined: Jun 2017
01-07-2022, 04:42 PM
(This post was last modified: 01-07-2022, 07:46 PM by ZerBea.)
Hash formats 250x and 1680x are deprecated. Successor is hash mode 22000 which use a new hash format (not longer binary hccapx)
Please read more here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
here:
https://hashcat.net/forum/thread-10544.h…=separator
here:
https://hashcat.net/forum/thread-10441.h…=separator
or this forum search for hash mode 22000:
https://hashcat.net/forum/search.php?act…order=desc
The online converter moved to the new hash format, too:
https://hashcat.net/cap2hashcat/
and forget all ancient youtube video tutorials.
If you have more questions regarding the new hash format, feel free to ask.
Posts: 2
Threads: 1
Joined: Jan 2022
Thank you, that info helped me get it running.
I wasn’t sure how to tell if it was using the CPU or GPU. I have an RTX 2070, it took almost an hour to run. The command output said ‘Failed to initialize NVIDIA RTC library.’ Wasn’t sure what that meant.
I found the example hashes page; however, I’m not sure how it works. Is that something I can use to test my system to see if it is set up correctly since my session failed/exhausted without retrieving a password?
Session……….: hashcat
Status………..: Exhausted
Hash.Mode……..: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target……: 27279_1641567199.hc22000
Time.Started…..: Fri Jan 07 10:22:11 2022 (46 mins, 56 secs)
Time.Estimated…: Fri Jan 07 11:09:07 2022 (0 secs)
Kernel.Feature…: Pure Kernel
Guess.Mask…….: ?d?d?d?d?d?d?d?d?d [9]
Guess.Queue……: 1/1 (100.00%)
Speed.#1………: 333.2 kH/s (0.75ms) @ Accel:32 Loops:256 Thr:64 Vec:1
Speed.#2………: 7679 H/s (5.96ms) @ Accel:4 Loops:16 Thr:128 Vec:1
Speed.#*………: 340.8 kH/s
Recovered……..: 0/1 (0.00%) Digests
Progress………: 1000000000/1000000000 (100.00%)
Rejected………: 0/1000000000 (0.00%)
Restore.Point….: 99852288/100000000 (99.85%)
Restore.Sub.#1…: Salt:0 Amplifier:9-10 Iteration:0-1
Restore.Sub.#2…: Salt:0 Amplifier:9-10 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1….: 646173973 -> 676464973
Candidates.#2….: 623451649 -> 637893737
Hardware.Mon.#1..: Temp: 65c Util: 0% Core: 900MHz Mem:5409MHz Bus:16
Hardware.Mon.#2..: N/A
Started: Fri Jan 07 10:22:07 2022
Stopped: Fri Jan 07 11:09:09 2022
Posts: 935
Threads: 2
Joined: Jun 2017
01-08-2022, 09:54 PM
(This post was last modified: 01-09-2022, 10:41 AM by ZerBea.)
I’m glad I could be of help.
The example hashes are useful to test your system, as mentioned here:
https://hashcat.net/forum/thread-10553-p…l#pid54456
Code:
$ hashcat -m 22000 "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" -a 3 hashcat!
hashcat (v6.2.5-52-g806257f2e) starting
4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747f87f9f4:hashcat-essid:hashcat!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: 4d4fe7aac3a2cecab195321ceb99a7d0:fc690c158264:f4747...-essid
Time.Started.....: Thu Jan 6 07:32:28 2022 (0 secs)
Time.Estimated...: Thu Jan 6 07:32:28 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 35 H/s (0.74ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 32c Util: 7% Core:1770MHz Mem:3500MHz Bus:8
Started: Thu Jan 6 07:32:26 2022
Stopped: Thu Jan 6 07:32:30 2022
To get benefit of CUDA, it is mandatory to install the CUDA SDK toolkit, which is not the case on your system (warning 1)
Additional you have to disable the Kernel exec timeout, which is also not the case on your system (warning 2).
How to do this depend on your operating system. Regarding the screenshots, it looks like you’re running Windows.
I’m on Arch Linux, so I can’t answer this question.
Speed.#1 = your GPU running OpenCL
Speed.#2 = your CPU integrated UHD graphics running OpenCL
hashcat -I option will give you a detailed information (in my case NVIDIA CUDA and OpenCL installed):
Code:
$ hashcat -I
hashcat (v6.2.5-98-g79f3145a4) starting in backend information mode
CUDA Info:
==========
CUDA.Version.: 11.5
Backend Device ID #1 (Alias: #2)
Name...........: NVIDIA GeForce GTX 1080 Ti
Processor(s)...: 28
Clock..........: 1620
Memory.Total...: 11175 MB
Memory.Free....: 5747 MB
Local.Memory...: 48 KB
PCI.Addr.BDFe..: 0000:26:00.0
OpenCL Info:
============
OpenCL Platform ID #1
Vendor..: NVIDIA Corporation
Name....: NVIDIA CUDA
Version.: OpenCL 3.0 CUDA 11.5.103
Backend Device ID #2 (Alias: #1)
Type...........: GPU
Vendor.ID......: 32
Vendor.........: NVIDIA Corporation
Name...........: NVIDIA GeForce GTX 1080 Ti
Version........: OpenCL 3.0 CUDA
Processor(s)...: 28
Clock..........: 1620
Memory.Total...: 11175 MB (limited to 2793 MB allocatable in one block)
Memory.Free....: 5696 MB
Local.Memory...: 48 KB
OpenCL.Version.: OpenCL C 1.2
Driver.Version.: 495.46
PCI.Addr.BDF...: 26:00.0
BTW:
The success rate of hashcat depends on the attack vector and the quality of the dump file. If you received some ERRORs or WARNINGs during conversion of the dump file, it is a good idea to reconsider your attack vector and/or to re-capture the traffic.
I’m trying to crack the password Ul1234 using hashcat. I created a user with that password in kali and copied the hash in the shadow folder:
nils:$6$3q88Up7LX1RFIlRU$gVzo1NvtuV4SmJ2SNv6mcLLc9rWtzNsI6u3TKEkKVXb3gNQKhcK/C6y1DW6q4ODNIJrjf1ondgZ7RHqD7kprI1:18296:0:99999:7:::
So the hash should be :
$6$3q88Up7LX1RFIlRU$gVzo1NvtuV4SmJ2SNv6mcLLc9rWtzNsI6u3TKEkKVXb3gNQKhcK/C6y1DW6q4ODNIJrjf1ondgZ7RHqD7kprI1
i copied the hash into file nils2.txt and typed the following command:
kali@kali:~/Documents$ hashcat -m 1800 -a 3 ?u?l?d?d?d?d -o ans.txt --force nils2.txt
hashcat (v5.1.0) starting...
OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz, 1024/2955 MB allocatable, 2MCU
Hash '?u?l?d?d?d?d': Separator unmatched
No hashes loaded.
Started: Wed Feb 5 09:08:13 2020
Stopped: Wed Feb 5 09:08:14 2020
I don’t understand why I’m getting an error
I have error «separator unmatched» when trying to use handshake hccapx with hashcat mode 22000
I generated the file using my own access point.
PS F:hashcat-6.2.4> hashcat -m 22000 capture1.hccapx wordlist.txt
hashcat (v6.2.4) starting
Successfully initialized NVIDIA CUDA library.
* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
Falling back to OpenCL runtime.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL API (OpenCL 3.0 CUDA 11.4.125) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: NVIDIA GeForce GTX 1660 Ti, 5376/6144 MB (1536 MB allocatable), 24MCU
OpenCL API (OpenCL 2.1 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #2: Intel(R) UHD Graphics 630, 1568/3214 MB (803 MB allocatable), 24MCU
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashfile 'capture1.hccapx' on line 1 (HCPX♦): Separator unmatched
Hashfile 'capture1.hccapx' on line 2 ("·↑úæF┬m▒∟#◄∟ å/╧èû∞$): Separator unmatched
Hashfile 'capture1.hccapx' on line 3 (): Separator unmatched
No hashes loaded.
Started: Mon Sep 06 12:42:23 2021
Stopped: Mon Sep 06 12:42:24 2021
I am trying to get this hash:
633c097a37b26c0caad3b435b51404e
with the following command:
hashcat -a 0 -m 1800 -o final.txt hash.txt /usr/share/wordlists/rockyou.txt
But it gives me an error saying my separator is unmatched.
I’m new to this so I’m not exactly sure what that means or how I can fix it …
asked Apr 28, 2022 at 3:55
The hash you are trying with is of type MD5, so you have to specify the correct hash type for the hash mode flag -m, which is 0 for the MD5, so it should be -m 0 instead of -m 1800 which is used for sha512crypt $6$, SHA512 (Unix) 2.
Refer to this link from the official documentation of hashcat which provides examples for all the has types.
answered Apr 28, 2022 at 4:07
Moaz El-sawafMoaz El-sawaf
2,0561 gold badge14 silver badges28 bronze badges
Why are there a series of technical challenges behind “OMG buy it”>>> 
Working environment: Ubuntu 16.04, NVIDIA graphics card gtx750ti, driver and CUDA have been installed
Recently, when a RAR compressed package was encrypted, it forgot its password and crashed. Fortunately, there is no way out. I searched the Internet for rar files like this, which are encrypted even the file list. It’s relatively difficult to decrypt them. If the file list is not encrypted (that is, you can see the file list when you open it, but you need a password to decompress it, if you want to decrypt this kind of file, you don’t need to look down ), this kind of encrypted rar file is troublesome to decrypt, because you can only write the check code to try to decompress and then compare the file. Fortunately, at that time, for the sake of “safety”, people chose not to see the file list
HashCat
https://github.com/hashcat/hashcat.git
The compilation guidance document is in build.md, and it’s easy to make and compile. After compiling, there will be an executable program of hashcat in the current source code directory
JohnTheRipper
https://github.com/magnumripper/JohnTheRipper.git
Ubuntu16 actually comes with John, but it doesn’t seem to come with rar2john, so I have to compile it myself. In fact, Jhon itself is also a password decryption tool, but here we only use rar2john to extract the encrypted hash of RAR. The compiled guidance document is in Doc/install-ubuntu. The actual compilation is also very smooth. After entering the SRC directory configure, make is OK, just like many open source software. Then you can find rar2john in the run directory
Then I use the RAR command to prepare a test file rar a – HP file.rar test.txt, and input 123 as the password to test the performance of hashcat
Then I use John to extract the encrypted hash of the rar file
rar2john file.rar
file.rar:$RAR3$*0*a64766df3a5c3bc9*0e875d8103a381d7f81a03121c693ef4:0::::file.rar
So far, everything is going well. But when I use hashcat to decrypt, something goes wrong
hashcat -m 12500 -a 3 $RAR3$*0*a64766df3a5c3bc9*0e875d8103a381d7f81a03121c693ef4 ?d?d?d -o out.txt
hashcat (v5.1.0-1671-g1de0857+) starting…
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause “CL_ OUT_ OF_ RESOURCES” or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
This may cause “CL_ OUT_ OF_ RESOURCES” or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 9.0)
===================
* Device #1: GeForce GTX 750 Ti, 1554/1992 MB, 5MCU
OpenCL API (OpenCL 1.2 CUDA 9.0.368) – Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: GeForce GTX 750 Ti, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hash ‘0*a64766df3a5c3bc9*0e875d8103a381d7f81a03121c693ef4’: Separator unmatched
Yeah?Separator unmatched?
I suspect that the parameter I input is wrong?Theoretically, 12500 corresponds to rar encryption hash. See the official wiki of hashcat
https://hashcat.net/wiki/doku.php?id=example_ hashes
12500 RAR3-hp $RAR3$*0*45109af8ab5f297a*adbf6c5385d7a40373e8f77d7b89d317
I input the example given by the official wiki into my compiled hashcat for decryption, and also report “separator unmatched”. I’m speechless, because according to my experience, hashcat, a mature open source project, won’t have too many problems, unless I’m lucky enough to memorize clone. The latest code is not stable, and it’s more likely that I didn’t find any low-level mistakes in my operation
But after trying several parameter combinations, I still can’t find out the reason. I can only debug hashcat. Hashcat is a C code project. GDB is the first choice for debugging in Linux environment. The executable program I compiled does not have debugging information, so I need to add the – G option when compiling GCC. Originally, I thought that modifying makefile would be a troublesome process. After a simple analysis, I found that makefile supports generating code with debugging information, so I don’t need to modify it by myself. The method is to change debug: = 0 at the beginning of makefile file to debug: = 1
The source code structure of hashcat itself is relatively clear, and it is easy to find the code corresponding to 12500 mode in Src/modules/module_ 12500.c。 The function responsible for parsing is module_ hash_ decode。 However, after some breakpoint debugging, I still don’t quite understand the cause of the error. It seems that a * separator is missing. Until I noticed the hash string passed in:
#0 module_ hash_ decode (hashconfig=0x711360, digest_ buf=0x93a0a0, salt=0x8e45d0, esalt_ buf=0x0,
hook_ salt_ buf=0x0, hash_ info=0x0,
line_ buf=0x7fffffffdf8e “0*45109af8ab5f297a*adbf6c5385d7a40373e8f77d7b89d317*”, line_ len=52)
at src/modules/module_ 12500.c:115
It turns out that the debugging direction I started with was wrong. The line passed in when I called the function_ The content of buf itself is incomplete. Where is the head “$rar3 $”?Or is this normal?So I changed the direction and started to analyze from the outside. I broke the breakpoint directly on the main function and found a problem
(gdb) p argv[3]
$29 = 0x7fffffffdf8e “0*45109af8ab5f297a*adbf6c5385d7a40373e8f77d7b89d317*”
It turns out that there was something wrong with the parameters I passed in… The operation was as fierce as a tiger, and I finally found myself in the middle of the two hundred and five
So, what caused me to enter the program with complete parameter input and the head “$rar3 $” was eaten?I immediately thought of the reason: the information I’m looking for is operated under windows, while under the command line of Linux, $is a special character
I test
Echo “$rar3 $* 0 *”
output results
0*
Echo “ $rar3 $* 0 *”
output results
$RAR3$*0*
So the final solution is obvious. Just add a “” escape, similar to
hashcat -m 12500 -a 3 $RAR3$*0*58c34e824da2ba03*1e760c511a8c6498e32f9514d2ef6764 ?d?d?d?d?d?d -o out.txt
Hashcat in my machine configuration can try an encrypted hash combination of 5K RARs in a second. If it is a pure digital password of 0-9, 3 bits is the third power of 10, and 10 bits is the tenth power of 10. When it comes to such a long number of digits, according to my environment, the decryption speed of 10 ^ 10/5000/60/60/24 in the worst case also needs 20 days