hashcat Forum

Full Version: The ?F code appears to cause a problem
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Possible problem with 0.12 - the ?F code appears to cause a problem in the following expression.

This was on Ubuntu 12.04, running 64 bit, with a M2070 graphics card in a Supermicro system. Removing the ?F allows it to work fine.

./cuda --session=three -a 3 -m 0 -1 '?d?u?l?s?h?D?F?R' g2 '?1'

cuda: malloc.c:2451: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)
Something is strange with that reports. See when I tried to execute your cmd I get:

Quote:root@ht:~/oclHashcat# ./oclHashcat-plus64.bin --session=three -a 3 -m 0 -1 '?d?u?l?s?h?D?F?R' g2 '?1'

ERROR: If you want to brute-force (-a 3) a single hash of the hash-type (-m 0) use oclHashcat-lite use --force to ignore this warning
How strange.

I cut-and-pasted the line from the message, and was able to duplicate it on my system:

./cuda --session=three -a 3 -m 0 -1 '?d?u?l?s?h?D?F?R' g2 '?1'
cuda: malloc.c:2451: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)


Next, I unpacked the oclHashcat-0.12.7z file into a new directory, and tried it again:

...
Enter YES in uppercase if you accept this EULA: YES
cudaHashcat-plus64.bin: malloc.c:2451: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)

The 32 bit version does the same:

./cudaHashcat-plus32.bin --session=three -a 3 -m 0 -1 '?d?u?l?s?h?D?F?R' g2 '?1'
cudaHashcat-plus32.bin: malloc.c:2451: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)

Removing the ?F causes it to fail on the 32 bit version, in a different way:

./cudaHashcat-plus32.bin --session=three -a 3 -m 0 -1 '?d?u?l?s?h?D?R' g2 '?1'
cudaHashcat-plus v0.12 by atom starting...

Hashes: 1884750 total, 1 unique salts, 1884750 unique digests
Bitmaps: 21 bits, 1048576 entries, 0x000fffff mask, 4194304 bytes
Workload: 256 loops, 80 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Tesla M2070, 4095MB, 1147Mhz, 14MCU
Device #1: Kernel ./kernels/4318/m0000_a3.sm_20.ptx

[s]tatus [p]ause [r]esume [b]ypass [q]uit => ERROR: cuMemcpyDtoH() 700

But allows it to work on the 64 bit version:

./cudaHashcat-plus64.bin --session=three -a 3 -m 0 -1 '?d?u?l?s?h?D?R' g2 '?1'
cudaHashcat-plus v0.12 by atom starting...

Hashes: 1884750 total, 1 unique salts, 1884750 unique digests
Bitmaps: 21 bits, 1048576 entries, 0x000fffff mask, 4194304 bytes
Workload: 256 loops, 80 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Tesla M2070, 5375MB, 1147Mhz, 14MCU
Device #1: Kernel ./kernels/4318/m0000_a3.sm_20.ptx


Session.Name...: three
Status.........: Exhausted
Input.Mode.....: Mask (?1)
Hash.Target....: File (g2)
Hash.Type......: MD5
Time.Started...: Fri Jan 4 07:22:48 2013 (5 secs)
Time.Estimated.: 0 secs
Speed.GPU.#1...: 1800/s
Recovered......: 0/1884750 Digests, 0/1 Salts
Progress.......: 175/175 (100.00%)
Rejected.......: 0/175 (0.00%)
HWMon.GPU.#1...: 99% Util, -1c Temp, -1% Fan

Started: Fri Jan 4 07:22:48 2013
Stopped: Fri Jan 4 07:23:02 2013


Thanks again for looking into this - I'm very much enjoying working with your software!
I reported the same bug yesturday in the irc (didn't really report, just asked)
The problem that seemed to be happening, is that it went over the 125 char limit (or something)

./hashcat-ocl-64.bin --gpu-loops 1024 -n 800 --remove -m 2811 uncracked.txt -o cracked.txt -a 3 -1 ?l?d?s?u?h?F?R?D
causes this error:
Code:
*** glibc detected *** ./hashcat-ocl-64.bin: double free or corruption (!prev): 0x0000000000baf990 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7f13cacddb96]
./hashcat-ocl-64.bin[0x423df7]
./hashcat-ocl-64.bin[0x4083e2]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f13cac8076d]
./hashcat-ocl-64.bin[0x4028a9]
======= Memory map: ========
00400000-00430000 r-xp 00000000 00:13 32569357                           /home/toil/oclHashcat-plus-0.12/hashcat-ocl-64.bin
0062f000-00630000 r--p 0002f000 00:13 32569357                           /home/toil/oclHashcat-plus-0.12/hashcat-ocl-64.bin
00630000-00631000 rw-p 00030000 00:13 32569357                           /home/toil/oclHashcat-plus-0.12/hashcat-ocl-64.bin
00631000-00632000 rw-p 00000000 00:00 0
00bad000-00bce000 rw-p 00000000 00:00 0                                  [heap]
7f13cac5f000-7f13cae14000 r-xp 00000000 08:11 4206123                    /lib/x86_64-linux-gnu/libc-2.15.so
7f13cae14000-7f13cb013000 ---p 001b5000 08:11 4206123                    /lib/x86_64-linux-gnu/libc-2.15.so
7f13cb013000-7f13cb017000 r--p 001b4000 08:11 4206123                    /lib/x86_64-linux-gnu/libc-2.15.so
7f13cb017000-7f13cb019000 rw-p 001b8000 08:11 4206123                    /lib/x86_64-linux-gnu/libc-2.15.so
7f13cb019000-7f13cb01e000 rw-p 00000000 00:00 0
7f13cb01e000-7f13cb033000 r-xp 00000000 08:11 4202540                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f13cb033000-7f13cb232000 ---p 00015000 08:11 4202540                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f13cb232000-7f13cb233000 r--p 00014000 08:11 4202540                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f13cb233000-7f13cb234000 rw-p 00015000 08:11 4202540                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f13cb234000-7f13cb32f000 r-xp 00000000 08:11 4206131                    /lib/x86_64-linux-gnu/libm-2.15.so
7f13cb32f000-7f13cb52e000 ---p 000fb000 08:11 4206131                    /lib/x86_64-linux-gnu/libm-2.15.so
7f13cb52e000-7f13cb52f000 r--p 000fa000 08:11 4206131                    /lib/x86_64-linux-gnu/libm-2.15.so
7f13cb52f000-7f13cb530000 rw-p 000fb000 08:11 4206131                    /lib/x86_64-linux-gnu/libm-2.15.so
7f13cb530000-7f13cb612000 r-xp 00000000 08:11 40453986                   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16
7f13cb612000-7f13cb811000 ---p 000e2000 08:11 40453986                   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16
7f13cb811000-7f13cb819000 r--p 000e1000 08:11 40453986                   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16
7f13cb819000-7f13cb81b000 rw-p 000e9000 08:11 40453986                   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16
7f13cb81b000-7f13cb830000 rw-p 00000000 00:00 0
7f13cb830000-7f13cb832000 r-xp 00000000 08:11 4206122                    /lib/x86_64-linux-gnu/libdl-2.15.so
7f13cb832000-7f13cba32000 ---p 00002000 08:11 4206122                    /lib/x86_64-linux-gnu/libdl-2.15.so
7f13cba32000-7f13cba33000 r--p 00002000 08:11 4206122                    /lib/x86_64-linux-gnu/libdl-2.15.so
7f13cba33000-7f13cba34000 rw-p 00003000 08:11 4206122                    /lib/x86_64-linux-gnu/libdl-2.15.so
7f13cba34000-7f13cba39000 r-xp 00000000 08:11 40586479                   /usr/lib/fglrx/libOpenCL.so.1
7f13cba39000-7f13cbc39000 ---p 00005000 08:11 40586479                   /usr/lib/fglrx/libOpenCL.so.1
7f13cbc39000-7f13cbc3a000 rw-p 00005000 08:11 40586479                   /usr/lib/fglrx/libOpenCL.so.1
7f13cbc3a000-7f13cbc52000 r-xp 00000000 08:11 4206125                    /lib/x86_64-linux-gnu/libpthread-2.15.so
7f13cbc52000-7f13cbe51000 ---p 00018000 08:11 4206125                    /lib/x86_64-linux-gnu/libpthread-2.15.so
7f13cbe51000-7f13cbe52000 r--p 00017000 08:11 4206125                    /lib/x86_64-linux-gnu/libpthread-2.15.so
7f13cbe52000-7f13cbe53000 rw-p 00018000 08:11 4206125                    /lib/x86_64-linux-gnu/libpthread-2.15.so
7f13cbe53000-7f13cbe57000 rw-p 00000000 00:00 0
7f13cbe57000-7f13cbe79000 r-xp 00000000 08:11 4206137                    /lib/x86_64-linux-gnu/ld-2.15.so
7f13cc037000-7f13cc063000 rw-p 00000000 00:00 0
7f13cc075000-7f13cc079000 rw-p 00000000 00:00 0
7f13cc079000-7f13cc07a000 r--p 00022000 08:11 4206137                    /lib/x86_64-linux-gnu/ld-2.15.so
7f13cc07a000-7f13cc07c000 rw-p 00023000 08:11 4206137                    /lib/x86_64-linux-gnu/ld-2.15.so
7fffdcb20000-7fffdcb41000 rw-p 00000000 00:00 0                          [stack]
7fffdcb59000-7fffdcb5a000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)


./hashcat-ocl-64.bin --gpu-loops 1024 -n 800 --remove -m 2811 uncracked.txt -o cracked.txt -a 3 -1 ?l?d?s?u?h?D?F?R

causes this error:

Code:
hashcat-ocl-64.bin: malloc.c:2451: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)
Quote:The problem that seemed to be happening, is that it went over the 125 char limit (or something)
It crashes when you use all charsets together. This already happened in the old versions. It crashes before it checks the hashes in the hashfile.

I just tried the following cmd which causes a crash.
oclHashcat-plus.exe -n 80 -m 0 list.txt -o found.txt -a 3 --remove -1 ?l?u?d?s?h?R?D?F ?1?1?1?1?1
OK cool, I can reproduce with this:

./oclHashcat-plus64.bin --gpu-loops 1024 -n 800 --remove -m 2811 uncracked.txt -o cracked.txt -a 3 -1 ?l?d?s?u?h?F?R?D

Looks not to complicated. Thanks for report!
OK, code fixed. This bug was in the shared code so it is inside oclHashcat-lite as well.

@ Beta tester please confirm if its fixed.
Code:
./oclHashcat-plus64.bin --gpu-loops 1024 -n 800 test -a 3 -1 ?l?d?s?u?h?F?R?D --force

Session.Name...: oclHashcat-plus
Status.........: Aborted
Input.Mode.....: Mask (?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d)
Hash.Target....: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Hash.Type......: MD5
Speed.GPU.#1...:  5278.9M/s
Recovered......: 0/1 Digests, 0/1 Salts
Progress.......: 22976921600/260000000000 (8.84%)
Rejected.......: 0/22976921600 (0.00%)
HWMon.GPU.#1...: 95% Util, 45c Temp, 20% Fan

looks good
It doesn't crash anymore. Seems to be fixed.