Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Custom dual MD5 support - (StuffIt 5 passwords)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I was wondering if this software suite could have a module added to do a variation of double MD5 hashing.

I've spent some time trying to build a (glacially-slow) password recovery application for Stuffit archives password protected by a forgotten password. Stuffit archives were pretty predominant on Macs back in the day, and all but dead nowadays. My application utilizes the commercial application's CLI tools for scriptable brute-force attacks, which of course is slow. I've been getting a number of requests for password recovery as my application has gotten some hits in google, and I am bummed I can't help out everyone as I can only do a few hundred passwords a second with my architecture.

One of the ~4 methods of password-protecting archives over the years, (thankfully the most prevalent!) is a custom dual MD5 function that returns a binary MD5 hash of the password, then takes the first 5 characters of the result and returns a hexadecimal MD5 hash. This resulting MD5 hash is then chopped off at the tenth character and used in the archive. This discovery means an attack that doesn't require the CLI tools is possible, and rather than build a hashing generator I'd rather turn to where the speed is off-the-charts.

I'd like to request if this can be added to the software suite. Here is my project Google code site where I've placed some Perl scripts which can show what I'm talking about, including a test archive and some text/Excel files with pre-computed passwords and their hashes:

Kasper Stuffit Password Recovery main link

Script and text downloads

Hash Generator

In addition to being able to create archives (if you have the Stuffit CLI tools) and the hashes, I've made a script to extract the hashed password (as per my research it is always in a predictable location). I can make sure to make the extraction fits what Hashcat expects for loading moving forward.

I've spent a few weeks trying to get all the pieces to make this request as easy to explain to others as possible. If you'd like more in depth explanations, test cases, etc. then the site may have more and I'd like to help as much as possible. Thanks for your time!
Making a feature request like a boss.