Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: 2013 MBP with -d 3 option not cracking properly
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello all,

I am writing this to helpfully let the smart developers and other supporters of hashcat know of a possible bug I found today. I tried doing some searching through the forums and couldn't find it posted anywhere else, so figured I would.

BLUF: On a Late 2013 MBP 15-Inch Retina with GT 750 using the '-d 3' option, will not crack hashes properly in mask mode.

Long Story: Currently I'm taking a course that needed me to crack some hashes. Since I'm traveling, I have to use my MBP I brought with me to attempt to crack some hashes. Just incase I had a friend willing to help with a 3x 7970 rig. I knew the password was 15 chars as per guidance from my instructor. I attempted to get cracking on it first, after struggling with some syntax issues(RTFM errors on my part), I got it going. However the time needed was way too long.

I gave my friend the hash, and let him attempt it, same result, not as long, but still too long. So this morning I was able to get my instructor to give me a good chunk of the password in order to speed up the processes. His rig cracked it in about 7 mins. Awesome! However I still wanted to crack it on my own hardware. I let my MBP stay on it, it estimated about 9 hours. I let it chug along all day, and then I get a "Status.........: Exhausted"? I was puzzled as to why my MBP didn't crack it. Obviously now that I knew what the password was I shortened up the brute mask to help speed up testing.

I went into testing mode and tried to figure out if there was anything I could do to make it crack successfully. After some quick testing it only seems that the mask/brute mode fails. I tried a simple word list and it works fine. I tried a combination attack, and it works fine. It appears from the little testing that I've done, that it only fails with the '-d 3' option on mask/brute mode. Below is two snippets from the command outputs show the difference in failure/success.

Code:
$ ./hashcat.app -m 1000 class.hash -a 3 -d 3 '!N$Piringac?a?a?a?a'
OpenCL Platform #1: Apple              
=========================
- Device #1: Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz, skipped
- Device #2: Iris Pro, skipped
- Device #3: GeForce GT 750M, 512/2048 MB allocatable, 2MCU
Session.Name...: hashcat
Status.........: Exhausted
Input.Mode.....: Mask (!N$Piringac?a?a?a?a) [15]
Hash.Target....: 44a7cb664573c159179478d001012b68
Hash.Type......: NTLM
Time.Started...: Tue Aug  9 20:32:21 2016 (3 secs)
Speed.Dev.#3...: 22709.4 kH/s (0.07ms)
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 81450625/81450625 (100.00%)
Rejected.......: 0/81450625 (0.00%)


Code:
$ ./hashcat.app -m 1000 class.hash -a 3 '!N$Piringact?a?a?a'
OpenCL Platform #1: Apple              
=========================
- Device #1: Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz, skipped
- Device #2: Iris Pro, 384/1536 MB allocatable, 40MCU
- Device #3: GeForce GT 750M, 512/2048 MB allocatable, 2MCU

44a7cb664573c159179478d001012b68:!N$Piringact10n          
                                                         
Session.Name...: hashcat
Status.........: Cracked
Input.Mode.....: Mask (!N$Piringact?a?a?a) [15]
Hash.Target....: 44a7cb664573c159179478d001012b68
Hash.Type......: NTLM
Time.Started...: 0 secs
Speed.Dev.#2...:   128.3 MH/s (3.00ms)
Speed.Dev.#3...: 56533.3 kH/s (0.01ms)
Speed.Dev.#*...:   184.8 MH/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 857375/857375 (100.00%)
Rejected.......: 0/857375 (0.00%)
This seems to be *exactly* the same problem as reported here: https://github.com/hashcat/hashcat/issues/428

Current conclusion is that it's a driver problem only affecting Apple devices, but the alternative driver did work for some users. Maybe you can test and confirm that too (i.e. use the "alternative driver"). You could also see if the version in https://hashcat.net/beta/ makes any difference (but at this time we got many reports that it doesn't seem to be a hashcat (host/kernel) problem).
Sad seems my google, and forum searching skills need some practice. Thanks for the link philsmd. I will attempt the driver fix and see where I get.

(08-10-2016, 08:04 AM)philsmd Wrote: [ -> ]This seems to be *exactly* the same problem as reported here: https://github.com/hashcat/hashcat/issues/428

Current conclusion is that it's a driver problem only affecting Apple devices, but the alternative driver did work for some users. Maybe you can test and confirm that too (i.e. use the "alternative driver"). You could also see if the version in https://hashcat.net/beta/ makes any difference (but at this time we got many reports that it doesn't seem to be a hashcat (host/kernel) problem).