Apr/11
2011

oclhashcat-lite SL3 cracking howto

I know we have a lot of new users from gsmhosting because of SL3 cracking. Welcome guys!

Before we get bombed with questions i decided to write a small howto.

Yes, the latest oclHashcat-lite is able to crack SL3! But please keep in mind oclHashcat-lite was not specially designed to crack SL3.

If you want an easy-to-use-one-click solution: buy one. There a diffrent commercial solutions out.

Ok, lets start:
AMD/ATI Users only: Get latest catalyst driver! Minimum 11.3. This step is absolutly neccessary otherwise you will not find the code and you will not get a error message!
Get oclHashcat-lite v0.2 from Homepage and unpack it
Open command shell window and cd to oclHashcat-lite installation directory
Get your hash (SHA1). Its a 40 char hex-encoded string and looks like this: 21B1E417AF2DE6496772BCC2FE33D2593A9BB7A0
Get your salt (IMEI). Its a 14 char hex-encoded string and looks like this: 35152304783734
Prepare your salt. Prepend and Append 00 to the salt like this: 003515230478373400
The following command starts oclHashcat-lite. Its a complicated looking string but its static, it does not change. The only thing that changes is your hash and your salt. The smart user put it into a .bat file!

Quote:
oclHashcat64.exe -m 101 -n 160 -1 00010203040506070809 --pw-min=15 --pw-max=15 --hex-charset --hex-salt --output-format=1 --output-file=out.txt 21B1E417AF2DE6496772BCC2FE33D2593A9BB7A0:003515230478373400 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

The linux command is exactly the same. I will explain the parameters so you know what you are doing:
-m 101: This sets the hash-type of oclHashcat-lite. SL3 uses the sha1($pass.$salt) scheme.
-n 160: This is the workload-amplifier and its the most important flag that controls the Performance of the program. If you want more speed, raise it. If you want less speed, lower it. This is if your desktop is lagging to much.
-1 00010203040506070809: This binds the charset to our custom charset 1. SL3 uses only a small charset of ten chars (0-9, binary encoded)
--pw-min=15 --pw-max=15: We want to crack a Password with length 15. SL3 Passwords have a static length: 15. If you do not specify it starts with length 4 and ends with length 15. Its good in password cracking but useless in SL3.
--hex-charset: Tells oclHashcat-lite that our charset is given in hex
--hex-salt: Tells oclHashcat-lite that our salt is given in hex
--output-format=1: This is important! Otherwise the output is ascii encoded and useless for SL3
--output-file=out.txt: This is where the cracked pass is stored to
21B1E417AF2DE6496772BCC2FE33D2593A9BB7A0:003515230478373400: The only thing that changes.
?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1: its our "mask". 15 times ?1 (which ist custom charset 1 we bound before)

Of course there are a lot of options to optimize the attack, use it in distributed mode, restore sessions... Stuff like that.

Please play around a bit with it before asking Questions. Its really not that hard.

--
atom

http://hashcat.net/forum/thread-366.html