oclHashcat

Note: all versions of oclHashcat have been replaced by a unified OpenCL CPU/GPU version, now known simply as hashcat.

Description

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.

This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite, both very well-known suites at that time, but now deprecated. There also existed a now very old oclHashcat GPU cracker that was replaced w/ plus and lite, which - as said - were then merged into oclHashcat 1.00 again.

oclHashcat, starting with version 2.00, is released as open source software under the MIT license.

Current version

Last version was 2.01 before it was replaced by hashcat.

Background

The main problem with the very first GPGPU based hashcat, the old oclHashcat version (0.26 etc), had to do with it's architecture. It was designed for doing Combinator attack. That worked well with fast algorithms but in combination with slow (modern, highly iterated and salted) algorithms,that was an inefficient strategy.

As a consequence, people still used the CPU-based hashcat for serious hash-cracking. This is because it is possible to work with simple dictionary-based attacks. To be able to do dictionary-based attacks on a GPU, it was neccessary to deal with the architecture problem of oclHashcat first. The only solution was a complete new approach, therefore a new (but now deprecated) oclHashcat-plus was born.

While at it, the oclHashcat developers came up with a very specialized version of a GPU cracker, which focused and was limited to do mask attacks and bruteforce attacks, oclHashcat-lite. This tool was heavily used for competitions/benchmarks/pentesting and did focus on single hash cracking.

To allow users to be less limited (e.g. more hash types, not be able to use more than only mask attacks, multi hashes.. to name only some), oclHashcat-plus existed in parallel. The developers of the two oclHashcat suites had to adapt/maintain/update and improve both GPU crackers.

With oclHashcat version 1.00 (released on Friday December 6th 2013), the developers announced a fusioned version of oclHashcat (which is very different from the old oclHashcat suite) on which they worked heavily to get all (or most of the) benefits of oclHashcat-lite, while having all and more features of oclHashcat-plus. For some hash types the cracking speed was identical of the speed reached w/ the specialized oclHashcat-lite or sometimes even faster (during the process of fusioning the both programs, several ideas for optimization were found and implemented).

Notes about simple dictionary attack on GPU:

  • Fast algorithms like MD4, MD5 or NTLM do work with simple dictionary attacks on a GPU, but this is not very efficient. It takes longer to transfer the wordlist data to GPU global memory rather than to just attack them on the CPU.
  • Slow algorithms like md5crypt (1000 iterations), phpass (up to 8k iterations) or WPA/WPA2 (16k iterations) can efficiently run on a GPU. The reason for this is that they are designed to slow down cracking performance itself. In this case, and unlike the fast algorithms, the time to copy the wordlist to GPU global memory is of no consequence.

An additional major feature of oclHashcat is the GPU-based rule engine. With this it is possible to do Rule-based attack.

  • Fast algorithms make use of the GPU-based rule engine to increase GPU utilization. Using this strategy, simple dictionary-based attacks become efficient on the GPU again. The rule-engine on a GPU is very fast. Depending on the rule itself, you can reach nearly the same speed as with a combinator attack in oclHashcat. This is an absolutely unique feature against all other hash crackers.
  • Slow algorithms make use of the CPU-based rule engine to increase wordlist size. This way you can use even the very small dictionaries like “common4.txt” or “mil-dict.txt”. They are virtually expanded in memory by the CPU-based rule engine. This fits perfectly in the situation above in that the time to copy the wordlist to GPU global memory is of no consequence.

As a result, oclHashcat is a lot more like the original CPU-based hashcat.

The first official release was v1.00, released on Friday 6th December 2013.

For additional notes on older versions of the oclHashcat suite see either oclHashcat-plus or oclHashcat-lite.

Remember: with release 1.00, oclHashcat replaced oclHashcat-plus and oclHashcat-lite, i.e. it was a merged version (among others) of those two suites

Options

oclHashcat, advanced password recovery

Usage: oclHashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...

=======
Options
=======

* General:

  -m,  --hash-type=NUM               Hash-type, see references below
  -a,  --attack-mode=NUM             Attack-mode, see references below
  -V,  --version                     Print version
  -h,  --help                        Print help
       --quiet                       Suppress output

* Benchmark:

  -b,  --benchmark                   Run benchmark
       --benchmark-mode=NUM          Benchmark-mode, see references below

* Misc:

       --hex-charset                 Assume charset is given in hex
       --hex-salt                    Assume salt is given in hex
       --hex-wordlist                Assume words in wordlist is given in hex
       --force                       Ignore warnings
       --status                      Enable automatic update of the status-screen
       --status-timer=NUM            Seconds between status-screen update
       --status-automat              Display the status view in a machine readable format
       --loopback                    Add new plains to induct directory
       --weak-hash-threshold=NUM     Threshold when to stop checking for weak hashes, default is 100 salts

* Markov:

       --markov-hcstat=FILE          Specify hcstat file to use, default is hashcat.hcstat
       --markov-disable              Disables markov-chains, emulates classic brute-force
       --markov-classic              Enables classic markov-chains, no per-position enhancement
  -t,  --markov-threshold=NUM        Threshold when to stop accepting new markov-chains

* Session:

       --runtime=NUM                 Abort session after NUM seconds of runtime
       --session=STR                 Define specific session name
       --restore                     Restore session from --session
       --restore-disable             Do not write restore file

* Files:

  -o,  --outfile=FILE                Define outfile for recovered hash
       --outfile-format=NUM          Define outfile-format for recovered hash, see references below
       --outfile-autohex-disable     Disable the use of $HEX[] in output plains
       --outfile-check-timer=NUM     Seconds between outfile checks
  -p,  --separator=CHAR              Separator char for hashlists and outfile
       --show                        Show cracked passwords only
       --left                        Show un-cracked passwords only
       --username                    Enable ignoring of usernames in hashfile (recommended: also use --show)
       --remove                      Enable remove of hash once it is cracked
       --remove-timer=NUM            Update input hash file each NUM seconds
       --potfile-disable             Do not write potfile
       --debug-mode=NUM              Defines the debug mode (hybrid only by using rules), see references below
       --debug-file=FILE             Output file for debugging rules (see also --debug-mode)
       --induction-dir=FOLDER        Specify induction directory to use, default is $session.induct
       --outfile-check-dir=FOLDER    Specify the outfile directory which should be monitored, default is $session.outfiles
       --logfile-disable             Disable the logfile
       --truecrypt-keyfiles=FILE     Keyfiles used, seperate with comma

* Resources:

  -c,  --segment-size=NUM            Size in MB to cache from the wordfile
       --bitmap-min=NUM              Minimum number of bits allowed for bitmaps
       --bitmap-max=NUM              Maximum number of bits allowed for bitmaps
       --cpu-affinity=STR            Locks to CPU devices, seperate with comma
       --gpu-async                   Use non-blocking async calls (NV only)
  -d,  --gpu-devices=STR             Devices to use, separate with comma
  -w,  --workload-profile=NUM        Enable a specific workload profile, see references below
  -n,  --gpu-accel=NUM               Workload tuning: 1, 8, 40, 80, 160
  -u,  --gpu-loops=NUM               Workload fine-tuning: 8 - 1024
       --gpu-temp-disable            Disable temperature and fanspeed readings and triggers
       --gpu-temp-abort=NUM          Abort session if GPU temperature reaches NUM degrees celsius
       --gpu-temp-retain=NUM         Try to retain GPU temperature at NUM degrees celsius (AMD only)
       --powertune-enable            Enable automatic power tuning option (AMD OverDrive 6 only)
       --scrypt-tmto=NUM             Manually override automatically calculated TMTO value for scrypt

* Distributed:

  -s,  --skip=NUM                    Skip number of words
  -l,  --limit=NUM                   Limit number of words
       --keyspace                    Show keyspace base:mod values and quit

* Rules:

  -j,  --rule-left=RULE              Single rule applied to each word from left dict
  -k,  --rule-right=RULE             Single rule applied to each word from right dict
  -r,  --rules-file=FILE             Rules-file, multi use: -r 1.rule -r 2.rule
  -g,  --generate-rules=NUM          Generate NUM random rules
       --generate-rules-func-min=NUM Force NUM functions per random rule min
       --generate-rules-func-max=NUM Force NUM functions per random rule max
       --generate-rules-seed=NUM     Force RNG seed to NUM

* Custom charsets:

  -1,  --custom-charset1=CS          User-defined charsets
  -2,  --custom-charset2=CS          Example:
  -3,  --custom-charset3=CS          --custom-charset1=?dabcdef : sets charset ?1 to 0123456789abcdef
  -4,  --custom-charset4=CS          -2 mycharset.hcchr : sets charset ?2 to chars contained in file

* Increment:

  -i,  --increment                   Enable increment mode
       --increment-min=NUM           Start incrementing at NUM
       --increment-max=NUM           Stop incrementing at NUM

==========
References
==========

* Workload Profile:

    1 = Reduced performance profile (low latency desktop)
    2 = Default performance profile
    3 = Tuned   performance profile (high latency desktop)

* Benchmark Settings:

    0 = Manual Tuning
    1 = Performance Tuning, default

* Outfile Formats:

    1 = hash[:salt]
    2 = plain
    3 = hash[:salt]:plain
    4 = hex_plain
    5 = hash[:salt]:hex_plain
    6 = plain:hex_plain
    7 = hash[:salt]:plain:hex_plain
    8 = crackpos
    9 = hash[:salt]:crackpos
   10 = plain:crackpos
   11 = hash[:salt]:plain:crackpos
   12 = hex_plain:crackpos
   13 = hash[:salt]:hex_plain:crackpos
   14 = plain:hex_plain:crackpos
   15 = hash[:salt]:plain:hex_plain:crackpos

* Debug mode output formats (for hybrid mode only, by using rules):

    1 = save finding rule
    2 = save original word
    3 = save original word and finding rule
    4 = save original word, finding rule and modified plain

* Built-in charsets:

   ?l = abcdefghijklmnopqrstuvwxyz
   ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
   ?d = 0123456789
   ?s =  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
   ?a = ?l?u?d?s
   ?b = 0x00 - 0xff

* Attack modes:

    0 = Straight
    1 = Combination
    3 = Brute-force
    6 = Hybrid dict + mask
    7 = Hybrid mask + dict

* Hash types:

[[ Roll-your-own: Raw Hashes ]]

    900 = MD4
      0 = MD5
   5100 = Half MD5
    100 = SHA1
  10800 = SHA-384
   1400 = SHA-256
   1700 = SHA-512
   5000 = SHA-3(Keccak)
  10100 = SipHash
   6000 = RipeMD160
   6100 = Whirlpool
   6900 = GOST R 34.11-94
  11700 = GOST R 34.11-2012 (Streebog) 256-bit
  11800 = GOST R 34.11-2012 (Streebog) 512-bit

[[ Roll-your-own: Iterated and / or Salted Hashes ]]

     10 = md5($pass.$salt)
     20 = md5($salt.$pass)
     30 = md5(unicode($pass).$salt)
     40 = md5($salt.unicode($pass))
   3800 = md5($salt.$pass.$salt)
   3710 = md5($salt.md5($pass))
   2600 = md5(md5($pass)
   4300 = md5(strtoupper(md5($pass)))
   4400 = md5(sha1($pass))
    110 = sha1($pass.$salt)
    120 = sha1($salt.$pass)
    130 = sha1(unicode($pass).$salt)
    140 = sha1($salt.unicode($pass))
   4500 = sha1(sha1($pass)
   4700 = sha1(md5($pass))
   4900 = sha1($salt.$pass.$salt)
   1410 = sha256($pass.$salt)
   1420 = sha256($salt.$pass)
   1430 = sha256(unicode($pass).$salt)
   1440 = sha256($salt.unicode($pass))
   1710 = sha512($pass.$salt)
   1720 = sha512($salt.$pass)
   1730 = sha512(unicode($pass).$salt)
   1740 = sha512($salt.unicode($pass))

[[ Roll-your-own: Authenticated Hashes ]]

     50 = HMAC-MD5 (key = $pass)
     60 = HMAC-MD5 (key = $salt)
    150 = HMAC-SHA1 (key = $pass)
    160 = HMAC-SHA1 (key = $salt)
   1450 = HMAC-SHA256 (key = $pass)
   1460 = HMAC-SHA256 (key = $salt)
   1750 = HMAC-SHA512 (key = $pass)
   1760 = HMAC-SHA512 (key = $salt)

[[ Generic KDF ]]

    400 = phpass
   8900 = scrypt
  11900 = PBKDF2-HMAC-MD5
  12000 = PBKDF2-HMAC-SHA1
  10900 = PBKDF2-HMAC-SHA256
  12100 = PBKDF2-HMAC-SHA512

[[ Network protocols, Challenge-Response ]]

     23 = Skype
   2500 = WPA/WPA2
   4800 = iSCSI CHAP authentication, MD5(Chap)
   5300 = IKE-PSK MD5
   5400 = IKE-PSK SHA1
   5500 = NetNTLMv1
   5500 = NetNTLMv1 + ESS
   5600 = NetNTLMv2
   7300 = IPMI2 RAKP HMAC-SHA1
   7500 = Kerberos 5 AS-REQ Pre-Auth etype 23
   8300 = DNSSEC (NSEC3)
  10200 = Cram MD5
  11100 = PostgreSQL Challenge-Response Authentication (MD5)
  11200 = MySQL Challenge-Response Authentication (SHA1)
  11400 = SIP digest authentication (MD5)

[[ Forums, CMS, E-Commerce, Frameworks, Middleware, Wiki, Management ]]

    121 = SMF (Simple Machines Forum)
    400 = phpBB3
   2611 = vBulletin < v3.8.5
   2711 = vBulletin > v3.8.5
   2811 = MyBB
   2811 = IPB (Invison Power Board)
   8400 = WBB3 (Woltlab Burning Board)
     11 = Joomla < 2.5.18
    400 = Joomla > 2.5.18
    400 = Wordpress
   2612 = PHPS
   7900 = Drupal7
     21 = osCommerce
     21 = xt:Commerce
  11000 = PrestaShop
    124 = Django (SHA-1)
  10000 = Django (PBKDF2-SHA256)
   3711 = Mediawiki B type
   7600 = Redmine

[[ Database Server ]]

     12 = PostgreSQL
    131 = MSSQL(2000)
    132 = MSSQL(2005)
   1731 = MSSQL(2012)
   1731 = MSSQL(2014)
    200 = MySQL323
    300 = MySQL4.1/MySQL5
   3100 = Oracle H: Type (Oracle 7+)
    112 = Oracle S: Type (Oracle 11+)
  12300 = Oracle T: Type (Oracle 12+)
   8000 = Sybase ASE

[[ HTTP, SMTP, LDAP Server]]

    141 = EPiServer 6.x < v4
   1441 = EPiServer 6.x > v4
   1600 = Apache $apr1$
  12600 = ColdFusion 10+
   1421 = hMailServer
    101 = nsldap, SHA-1(Base64), Netscape LDAP SHA
    111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
   1711 = SSHA-512(Base64), LDAP {SSHA512}

[[ Checksums ]]

  11500 = CRC32

[[ Operating-Systems ]]

   3000 = LM
   1000 = NTLM
   1100 = Domain Cached Credentials (DCC), MS Cache
   2100 = Domain Cached Credentials 2 (DCC2), MS Cache 2
  12800 = MS-AzureSync PBKDF2-HMAC-SHA256
   1500 = descrypt, DES(Unix), Traditional DES
  12400 = BSDiCrypt, Extended DES
    500 = md5crypt $1$, MD5(Unix)
   3200 = bcrypt $2*$, Blowfish(Unix)
   7400 = sha256crypt $5$, SHA256(Unix)
   1800 = sha512crypt $6$, SHA512(Unix)
    122 = OSX v10.4
    122 = OSX v10.5
    122 = OSX v10.6
   1722 = OSX v10.7
   7100 = OSX v10.8
   7100 = OSX v10.9
   7100 = OSX v10.10
   6300 = AIX {smd5}
   6700 = AIX {ssha1}
   6400 = AIX {ssha256}
   6500 = AIX {ssha512}
   2400 = Cisco-PIX
   2410 = Cisco-ASA
    500 = Cisco-IOS $1$
   5700 = Cisco-IOS $4$
   9200 = Cisco-IOS $8$
   9300 = Cisco-IOS $9$
     22 = Juniper Netscreen/SSG (ScreenOS)
    501 = Juniper IVE
   5800 = Android PIN
   8100 = Citrix Netscaler
   8500 = RACF
   7200 = GRUB 2
   9900 = Radmin2

[[ Enterprise Application Software (EAS) ]]

   7700 = SAP CODVN B (BCODE)
   7800 = SAP CODVN F/G (PASSCODE)
  10300 = SAP CODVN H (PWDSALTEDHASH) iSSHA-1
   8600 = Lotus Notes/Domino 5
   8700 = Lotus Notes/Domino 6
   9100 = Lotus Notes/Domino 8
    133 = PeopleSoft

[[ Archives ]]

  11600 = 7-Zip
  12500 = RAR3-hp

[[ Full-Disk encryptions (FDE) ]]

   62XY = TrueCrypt 5.0+
     X  = 1 = PBKDF2-HMAC-RipeMD160
     X  = 2 = PBKDF2-HMAC-SHA512
     X  = 3 = PBKDF2-HMAC-Whirlpool
     X  = 4 = PBKDF2-HMAC-RipeMD160 + boot-mode
      Y = 1 = XTS  512 bit (Ciphers: AES or Serpent or Twofish)
      Y = 2 = XTS 1024 bit (Ciphers: AES or Serpent or Twofish or AES-Twofish or Serpent-AES or Twofish-Serpent)
      Y = 3 = XTS 1536 bit (Ciphers: All)
   8800 = Android FDE < v4.3
  12200 = eCryptfs

[[ Documents ]]

   9700 = MS Office <= 2003 MD5 + RC4, oldoffice$0, oldoffice$1
   9710 = MS Office <= 2003 MD5 + RC4, collider-mode #1
   9720 = MS Office <= 2003 MD5 + RC4, collider-mode #2
   9800 = MS Office <= 2003 SHA1 + RC4, oldoffice$3, oldoffice$4
   9810 = MS Office <= 2003 SHA1 + RC4, collider-mode #1
   9820 = MS Office <= 2003 SHA1 + RC4, collider-mode #2
   9400 = MS Office 2007
   9500 = MS Office 2010
   9600 = MS Office 2013
  10400 = PDF 1.1 - 1.3 (Acrobat 2 - 4)
  10410 = PDF 1.1 - 1.3 (Acrobat 2 - 4) + collider-mode #1
  10420 = PDF 1.1 - 1.3 (Acrobat 2 - 4) + collider-mode #2
  10500 = PDF 1.4 - 1.6 (Acrobat 5 - 8)
  10600 = PDF 1.7 Level 3 (Acrobat 9)
  10700 = PDF 1.7 Level 8 (Acrobat 10 - 11)

[[ Password Managers ]]

   9000 = Password Safe v2
   5200 = Password Safe v3
   6800 = Lastpass
   6600 = 1Password, agilekeychain
   8200 = 1Password, cloudkeychain
  11300 = Bitcoin/Litecoin wallet.dat
  12700 = Blockchain, My Wallet

Default Values

Attribute Value Note
--version false
--help false
--eula false
--quiet false
--show false
--left false
--username false
--remove false
--force false
--outfile NULL
--outfile-format 3
--runtime 0
--hex-salt false
--hex-charset false
--segment-size 1
--gpu-async false
--gpu-devices NULL
--gpu-accel 0 *
--gpu-loops 0 *
--gpu-temp-disable 0
--gpu-temp-abort 90
--gpu-temp-retain 80
--rules-file NULL
--generate-rules 0
--generate-rules-func-min 1
--generate-rules-func-max 4
--hash-type 0
--increment false
--increment-min 1
--increment-max 54
--attack-mode 0
--benchmark false
--benchmark-mode 1
--status false
--status-timer 10
--markov-hcstat NULL
--markov-disable false
--markov-classic false
--markov-threshold 0
--session oclHashcat / cudaHashcat *
--restore false
--restore-timer 60
--restore-disable false
--separator :
--disable-potfile false
--cpu-affinity NULL
--rule-left :
--rule-right :
--custom-charset1 ?l?d?u #
--custom-charset2 ?l?d #
--custom-charset3 ?l?d*!$@_ #
--custom-charset4 NULL #

Note: if you do not specify any mask while performing a mask attack (-a 3), then the following default mask is used: ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d

* Indicates that the value is dependent on the algorithm and GPU platform vendor (see below)

# Indicates all the custom charset values which only work together with the default mask (i.e. whenever no mask is specified at all). This is especially important since otherwise some users confuse ?1 (question mark and number one) with ?l (question mark and lowercase letter el) etc.

Supported algorithms and GPU defaults

Hash-Type --gpu-accel (NVidia) --gpu-loops (NVidia) --gpu-accel (AMD) --gpu-loops (AMD)
MD5 128 512 256 256
md5($pass.$salt) 128 512 256 256
Joomla 128 512 256 256
md5($salt.$pass) 64 128 256 256
osCommerce, xt:Commerce 64 128 256 256
md5(unicode($pass).$salt) 128 512 256 256
md5($salt.unicode($pass)) 64 128 256 256
HMAC-MD5 (key = $pass) 64 64 64 64
HMAC-MD5 (key = $salt) 64 64 64 64
SHA1 64 128 128 128
nsldap, SHA-1(Base64), Netscape LDAP SHA 64 128 128 128
sha1($pass.$salt) 64 128 128 128
nsldaps, SSHA-1(Base64), Netscape LDAP SSHA 64 128 128 128
Oracle 11g 64 128 128 128
sha1($salt.$pass) 64 64 128 128
SMF > v1.1 64 64 128 128
OSX v10.4, v10.5, v10.6 64 64 128 128
sha1(unicode($pass).$salt) 64 64 128 128
MSSQL(2000) 64 64 128 128
MSSQL(2005) 64 64 128 128
sha1($salt.unicode($pass)) 64 64 128 128
EPiServer 6.x < v4 64 64 128 128
HMAC-SHA1 (key = $pass) 64 32 64 64
HMAC-SHA1 (key = $salt) 64 32 64 64
sha1(LinkedIn) 64 64 128 128
MySQL 64 64 64 64
phpass, MD5(Wordpress), MD5(phpBB3) 64 128 16 16
md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5 64 64 16 16
MD4 128 512 256 256
NTLM 128 512 256 256
Domain Cached Credentials, mscash 64 256 128 128
SHA256 64 128 64 64
sha256($pass.$salt) 64 128 64 64
sha256($salt.$pass) 64 64 64 64
sha256(unicode($pass).$salt) 64 128 64 64
sha256($salt.unicode($pass)) 64 64 64 64
EPiServer 6.x > v4 64 64 64 64
HMAC-SHA256 (key = $pass) 64 64 32 32
HMAC-SHA256 (key = $salt) 64 64 32 32
descrypt, DES(Unix), Traditional DES 64 16 16 16
md5apr1, MD5(APR), Apache MD5 64 64 16 16
SHA512 64 32 32 32
sha512($pass.$salt) 64 32 32 32
SSHA-512(Base64), LDAP {SSHA512} 64 32 32 32
sha512($salt.$pass) 64 16 32 32
OSX v10.7 64 16 32 32
sha512(unicode($pass).$salt) 64 32 32 32
MSSQL(2012) 64 32 32 32
sha512($salt.unicode($pass)) 64 16 32 32
HMAC-SHA512 (key = $pass) 64 16 16 16
HMAC-SHA512 (key = $salt) 64 16 16 16
sha512crypt, SHA512(Unix) 8 4 16 16
Domain Cached Credentials2, mscash2 8 8 16 16
Cisco-PIX MD5 64 512 256 256
WPA/WPA2 8 8 16 16
Double MD5 64 256 128 128
vBulletin < v3.8.5 64 256 128 128
vBulletin > v3.8.5 64 128 64 64
IPB2+, MyBB1.2+ 64 128 64 64
LM 64 128 16 16
Oracle 7-10g, DES(Oracle) 8 64 16 16
bcrypt, Blowfish(OpenBSD) 8 16 16 16
SHA-3(Keccak) 64 64 64 64
Half MD5 64 512 256 256
Password Safe SHA-256 8 8 16 16
IKE-PSK MD5 64 128 128 128
IKE-PSK SHA1 64 128 128 128
NetNTLMv1-VANILLA / NetNTLMv1+ESS 64 128 128 128
NetNTLMv2 64 128 128 128
Cisco-IOS SHA256 64 256 64 64
Samsung Android Password/PIN 64 16 16 16
RipeMD160 64 128 64 64
Whirlpool 64 64 64 64
AIX {smd5} 64 64 16 16
AIX {ssha256} 8 8 16 16
AIX {ssha512} 8 8 16 16
1Password 8 8 16 16
AIX {ssha1} 8 8 16 16
Lastpass 8 8 16 16
GOST R 34.11-94 64 64 64 64
OSX v10.8 8 4 16 16
GRUB 2 8 4 16 16
sha256crypt, SHA256(Unix) 8 4 16 16
Kerberos 5 AS-REQ Pre-Auth etype 23 64 64 64 64

Supported attack modes

Dictionary loading

The reason behind the special loading of the dictionary is that some kernels require all plaintexts to be of the same length to process them efficiently.

Brute-force crackers usually do not have this problem because the length of the generated plaintext is always the same. But it's not so in wordlists. Usually the words in wordlists are not sorted by their length. So the idea was oclHashcat would cache each of the loaded words once, and store them into specific buffers. Each word-length has one unique buffer. If a word has the length 8; it sorts it into buffer number 8. Then, if buffer 8's threshold is reached, it processes them and clears it afterwards. This is why it is so hard for oclHashcat to have a restore / resume position.

Hint: You can optimize your wordlists for oclhashcat usage. You just need to sort them by their length. It is recommended that you generate seperate wordlists sorted by their length. The hashcat-utils ship with a tool called: “splitlen”, which was written for this task.

Resume support

Stopping and resuming oclHashcat needs always at least 2 steps. To stop and resume a cracking task in oclHashcat, --disable-restore must not be used. The 2 or more steps are: First you start a cracking job, something simple like this:

oclHashcat64 -m 0 hash.txt -a 3 ?a?a?a?a?a?a?a

you can if want/need to stop the running process, by pressing either 'q' for quit or sending it a signal e.g. CTRL-C.

Depending on the session name (--session, default session name is “oclHashcat” for oclHashcat and “cudaHashcat” for cudaHashcat), an up-to-date .restore file will be available in your current working directory.

If this is the case (the .restore file exists), you can simply resume the cracking job with:

oclHashcat64 --session oclHashcat --restore

Note: --session is an optional parameter, oclHashcat will use the default (as mentioned above). Other parameters are not allowed to be used when restoring with --restore, i.e. they are ignored. That is also why something like --restore -w 3 won't change the workload profile when restoring (Note: the reason behind this behavior is that --restore should be as simple as possible and restoring should always work, i.e. conflicting command line options shouldn't destroy the .restore file or lead to strange behavior. Yes believe it or not but some users even tried to change the hash type -m x when restoring etc).

Parsing the restore-file

If you want to automatically check the status of the progress it is a good idea to parse the restore-file rather than to parse STDOUT.

The format used by oclHashcat previous to version 1.20 was different and is incompatible with the new format.

There is just one entry in the restore-file of the following datatype.

typedef struct
{
  uint32_t    version_bin;
  char        cwd[256];
  uint32_t    pid;

  uint32_t    dictpos;
  uint32_t    maskpos;

  uint64_t    pw_cur;

  uint32_t    argc;
  char      **argv;

} restore_data_t;
  • “version_bin” is the version of oclHashcat that was used to create the file.
  • “cwd” is the current working directory. oclHashcat will cd to that directory on startup if it is in --restore mode.
  • “argc” and “argv” is the argument line itself, 1:1 copied.
  • “pid” is the current pid oclHashcat is running with. This is used for to avoid multiple instances of the same session name.
  • “dictpos” indicates the number of dictionary that is beeing parsed last for instance if you specified a folder instead of a single file.
  • “maskpos” indicates the number in the maskfile (if not used it will always be 0).
  • “pw_cur” is used to indicate the last position in dict/mask, comparable to the –skip value

The restore file is written asychonously as soon as there is an update ready.

Custom HCCAP format

If you are interested in writing .hccap files, it's structure is explained here: HCCAP format description

Performance

Please refer to the homepage to get the latest benchmarks.

What does Real c/s and GPU c/s mean ?

Real c/s is derived from dividing all tested passwords from zero to present from the moment oclHashcat started. This is often a lower figure as it takes into account copying wordlists into GPU memory and also the PCI-Express overhead.

GPU c/s is derived from dividing the time for the last 32 kernel launches by the number of finished passwords from the previous 32 kernel launches. This figure is usually higher than Real c/s as there is no time lost copying the wordlist or PCI-Express overhead.

In general GPU c/s is a more accurate representation of oclHashcat's performance as wordlist loading is dependant on the I/O performance of the users computer.

Limitations

  • Password-length is set to a maximum of 55 on most algorithms, algorithms which use unicode, from plaintext view, are limited to a maximum length of 27 (for full details see >= 15 announcement and explanation here: https://hashcat.net/forum/thread-2543.html )

Future Plans

  • Add more algorithms
  • Request features on github
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain