Using Hashcat to crack HMAC-SHA256

Question

Hashcat boasts its ability to crack over 200+ hashing algorithms, but there isn't much documentation on much of them. Hashcat --help shows it has support for HMAC cracking, but it's not very straightforward with the syntax (it just says "1450 | HMAC-SHA256 (key = $pass)" ). I understand that HMAC-SHA256 takes two parameters, one being the key and one being the message, but I'm not sure how to specify both of these with Hashcat.

What is the proper syntax for Hashcat to crack HMAC-sha256? I have two files, one contains the message and one contains the hash. I know the password and I can verify the HMAC hash using openssl dgst -SHA256 -hmac "mypassphrase" message.txt

Answer 1

The file format is MAC:message, as @atom already mentioned. By "MAC" I mean the value the HMAC produces, a.k.a. the hash, so the MAC comes first and then the message that this MAC is signing. In this setup, the goal is to crack the key that the message was signed with. (It seems that you can also try to crack the other value with -m 1460, but I haven't tested this.)

Basically you'd do something like this:

$ echo '320774ef5e33a2a0dfe8de47634f5e33d68166a51da9c84bd2f9e871c99eef2a:hi' > macmsg.txt
$ hashcat -m 1450 macmsg.txt

Except that hashcat, of course, wants cracking options. A simple hashcat command for brute forcing could look like this:

$ hashcat -m 1450 -a 3 macmsg.txt

Hashcat expects the MAC (the hash) to be binary data, so it assumes you pass it along as a hexadecimal value. The message, however, it expects to be in plaintext. If you want to have a hexadecimal message as well, you need to pass --hex-salt (the word hi is 6869 in hexadecimal ASCII):

$ echo '320774ef5e33a2a0dfe8de47634f5e33d68166a51da9c84bd2f9e871c99eef2a:6869' > macmsg.txt
$ hashcat -m 1450 -a 3 --hex-salt macmsg.txt

Answer 2

The syntax is hash:message

Note that the length of the message is limited to 51 bytes.

See hashcat example wiki page for details.