I'm trying to connect to my meter by using some open-source software, all the meter supports the dlms-cosem standard. But the problem is the meter disconnected due to a failed security check.
After some research about the issue, I found the encryption method:
data(F [ StoC] = MD5[ StoC || Hls-secret]).
The meter is disconnecting because of the wrong value HLS-secret set by open-source software.
So, I wanted to find this parameter by using hashcat to retrieve it from the plaintext of F [ StoC ].
After I sniff the communication between the manufacturer software and the meter, I managed to get:
StoC: 852F8855BBD04A34F2710D132813D071
F[StoC]: C7E7A14A19ECFC56C3BC9636BF950AC1
from these parameters, how can I get the HLS-secret with hashcat?
md5($salt.$pass), where StoC is $salt, and you are tring to find $pass which is HLS-secret. – mti2935 Mar 06 '23 at 10:53