This page hosts a formal specification of Hashcat Restore file using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
All parsing code for C++11/STL generated by Kaitai Struct depends on the C++/STL runtime library. You have to install it before you can parse data.
For C++, the easiest way is to clone the runtime library sources and build them along with your project.
Using Kaitai Struct in C++/STL usually consists of 3 steps.
std::istream). One can open local file for that, or use existing std::string or char* buffer.
#include <fstream>
std::ifstream is("path/to/local/file.restore", std::ifstream::binary);
#include <sstream>
std::istringstream is(str);
#include <sstream>
const char buf[] = { ... };
std::string str(buf, sizeof buf);
std::istringstream is(str);
#include "kaitai/kaitaistream.h"
kaitai::kstream ks(&is);
hashcat_restore_t data(&ks);
After that, one can get various attributes from the structure by invoking getter methods like:
data.version() // => get version
#pragma once
// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
#include "kaitai/kaitaistruct.h"
#include <stdint.h>
#include <memory>
#include <vector>
#if KAITAI_STRUCT_VERSION < 9000L
#error "Incompatible Kaitai Struct C++/STL API: version 0.9 or later is required"
#endif
/**
* \sa https://hashcat.net/wiki/doku.php?id=restore Source
*/
class hashcat_restore_t : public kaitai::kstruct {
public:
hashcat_restore_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent = nullptr, hashcat_restore_t* p__root = nullptr);
private:
void _read();
void _clean_up();
public:
~hashcat_restore_t();
private:
uint32_t m_version;
std::string m_cwd;
uint32_t m_dicts_pos;
uint32_t m_masks_pos;
std::string m_padding;
uint64_t m_current_restore_point;
uint32_t m_argc;
std::string m_padding2;
std::unique_ptr<std::vector<std::string>> m_argv;
hashcat_restore_t* m__root;
kaitai::kstruct* m__parent;
public:
uint32_t version() const { return m_version; }
std::string cwd() const { return m_cwd; }
uint32_t dicts_pos() const { return m_dicts_pos; }
uint32_t masks_pos() const { return m_masks_pos; }
std::string padding() const { return m_padding; }
uint64_t current_restore_point() const { return m_current_restore_point; }
uint32_t argc() const { return m_argc; }
std::string padding2() const { return m_padding2; }
std::vector<std::string>* argv() const { return m_argv.get(); }
hashcat_restore_t* _root() const { return m__root; }
kaitai::kstruct* _parent() const { return m__parent; }
};
// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
#include "hashcat_restore.h"
hashcat_restore_t::hashcat_restore_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent, hashcat_restore_t* p__root) : kaitai::kstruct(p__io) {
m__parent = p__parent;
m__root = this;
m_argv = nullptr;
_read();
}
void hashcat_restore_t::_read() {
m_version = m__io->read_u4le();
m_cwd = kaitai::kstream::bytes_to_str(kaitai::kstream::bytes_terminate(m__io->read_bytes(256), 0, false), std::string("UTF-8"));
m_dicts_pos = m__io->read_u4le();
m_masks_pos = m__io->read_u4le();
m_padding = m__io->read_bytes(4);
m_current_restore_point = m__io->read_u8le();
m_argc = m__io->read_u4le();
m_padding2 = m__io->read_bytes(12);
m_argv = std::unique_ptr<std::vector<std::string>>(new std::vector<std::string>());
const int l_argv = argc();
for (int i = 0; i < l_argv; i++) {
m_argv->push_back(std::move(kaitai::kstream::bytes_to_str(m__io->read_bytes_term(10, false, true, true), std::string("UTF-8"))));
}
}
hashcat_restore_t::~hashcat_restore_t() {
_clean_up();
}
void hashcat_restore_t::_clean_up() {
}