This page hosts a formal specification of Hashcat Restore file using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
All parsing code for Ruby generated by Kaitai Struct depends on the Ruby runtime library. You have to install it before you can parse data.
The Ruby runtime library can be installed from RubyGems:
gem install kaitai-structParse a local file and get structure in memory:
data = HashcatRestore.from_file("path/to/local/file.restore")
Or parse structure from a string of bytes:
bytes = "\x00\x01\x02..."
data = HashcatRestore.new(Kaitai::Struct::Stream.new(bytes))
After that, one can get various attributes from the structure by invoking getter methods like:
data.version # => get version
# This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
require 'kaitai/struct/struct'
unless Gem::Version.new(Kaitai::Struct::VERSION) >= Gem::Version.new('0.9')
raise "Incompatible Kaitai Struct Ruby API: 0.9 or later is required, but you have #{Kaitai::Struct::VERSION}"
end
##
# @see https://hashcat.net/wiki/doku.php?id=restore Source
class HashcatRestore < Kaitai::Struct::Struct
def initialize(_io, _parent = nil, _root = self)
super(_io, _parent, _root)
_read
end
def _read
@version = @_io.read_u4le
@cwd = (Kaitai::Struct::Stream::bytes_terminate(@_io.read_bytes(256), 0, false)).force_encoding("UTF-8")
@dicts_pos = @_io.read_u4le
@masks_pos = @_io.read_u4le
@padding = @_io.read_bytes(4)
@current_restore_point = @_io.read_u8le
@argc = @_io.read_u4le
@padding2 = @_io.read_bytes(12)
@argv = []
(argc).times { |i|
@argv << (@_io.read_bytes_term(10, false, true, true)).force_encoding("UTF-8")
}
self
end
attr_reader :version
attr_reader :cwd
attr_reader :dicts_pos
attr_reader :masks_pos
attr_reader :padding
attr_reader :current_restore_point
attr_reader :argc
attr_reader :padding2
attr_reader :argv
end