oclHashcat-plus v0.08
#1


Welcome to the latest version of the hashcat flagship: oclHashcat-plus.

Download it here: http://hashcat.net/oclhashcat-plus/

I will go into detail about all the changes shortly, but first let me thank the beta testers and forum members. They do a really great job of sending me bug-reports, benchmarks, suggestions, keeping the wiki up to date, etc. You guys rock! Many thanks for your help!

There are many new changes and its hard to pick which is the most important one. I will start in no particular order, but limit it to the most interesting changes. The full change-log can be found on the bottom.



Added support for Catalyst 12.4.

There is nothing much to say, but this enables the use of the following hd7xxx GPUS:
  • Scrapper: 7350
  • Capeverde: 7570, 7670, 7770
  • Devastator: 7450, 7550
  • Pitcairn: 7850, 7870
  • Tahiti: 7950, 7970



Added support for CUDA 4.2.

This is interesting for two reasons:
  • Adds support for the sm_30 gpu-architecture, aka Kepler, aka gtx6xx
  • NVidia switched from GCC to LLVM for kernel compilations, that brings some good automated optimizations.

I hope there is something more inside sm_30 that I can use for optimization.

To do this one requires the PTX documentation to be updated.



I have backported the base SHA-512 algorithm to oclHashcat-plus.

As always, most of the code has been backported from oclHashcat-lite. My favorite way of developing is to: Start implementing on oclHashcat-lite, then collect some user experience and do some optimizations, then backport to oclHashcat-plus.

It will run slower than you might expect it to (but not that slow).

Still, it is pretty fast: The hd7970 runs at 72582 khash/s, the gtx570@1600 runs at 71454 khash/s.

The original request post for the algorithm is here: http://hashcat.net/forum/thread-992.html



SHA-512 is also the base hash of the Mac OSX v10.7 Lion hashes.

Its just salted with random 4 byte data. So I quickly decided to add it since there were several requests on IRC and via Email for it.

The salt has an optimization impact on the NVidia kernel that actually makes it a bit faster than the raw SHA-512 hash.

The hd7970 runs at 69894 khash/s, the gtx570@1600 runs at 76266 khash/s.

But think before you start. These hashes are salted. That means you probably want to limit your attack to a single (but important) one.



One of the most intrusive changes was the back-porting of the GPU-based password candidate generator from oclHashcat-lite v0.09.

This greatly reduces the CPU load and the bus I/O and GPU idle times decrease.

This has been implemented for both the mask-attack and both hybrid-attacks.

It generally increases the performance by ~ +2% - but for all algorithm types!



Another very intrusive change that took me several weeks was to back-porting of the vector datatype on NVidia from oclHashcat-lite v0.09.

This drastically improved the performance on the sm_21 based cards like the GTX460 or GTX560Ti.

For example: The MD5 performance on my GTX560Ti increased from 893 Mhash/s to 1181 Mhash/s.



I found motivation to backport the long missed rule functions for GPU from hashcat v0.38:
  • RULE_OP_MANGLE_REPLACE_NP1
  • RULE_OP_MANGLE_REPLACE_NM1
  • RULE_OP_MANGLE_DUPEBLOCK_FIRST
  • RULE_OP_MANGLE_DUPEBLOCK_LAST

I also added the new RULE_OP_MANGLE_TITLE rule which was requested here: http://hashcat.net/forum/thread-499.html

With both these changes the GPU rule engine is 100% compatible to the Hashcat rule engine.



The LM algorithm was something I never wanted to add, but now its done.

Check this thread and you know why I had to change my mind: http://hashcat.net/forum/thread-167.html

One of the things that make me most proud is when oclHashcat-plus is used during a pentest. From what I have heard, pentesters usually have to check LM, NTLM, DES, Oracle, ... This LM kernel makes oclHashcat-plus much more feature-rich for the above task.

This kernel is not the same one that I used when I wrote about the kernel on here: http://hashcat.net/forum/thread-846.html

I have optimized it a couple of times since then: The hd7970 now runs at 1193 Mhash/s, the gtx560Ti runs at 448 Mhash/s.



While Oracle 11g already was supported with oclHashcat-plus v0.07, this version also brings support for the old Oracle 7-10g versions, too.

Yes, the one that was based on DES-CBC.

There was also a request here: http://hashcat.net/forum/thread-962.html

But real reason was the same as for LM - I wanted to make oclHashcat-plus a more complete tool for pentesters.

The hd7970 runs at 429 Mhash/s, the gtx570@1600 runs at 164 Mhash/s.



When I've added WPA/WPA2 to oclHashcat-plus I was a bit lazy. Instead of implementing a clean solution to pass all the required data to crack WPA to the kernel I've just added this data to the salt struct. Compared to the salt size of other hash-types the ~400 byte for WPA is huge.

That works fine but because of this all salted hash-types had to allocate and carry 400 additional bytes for nothing - for each salt. For example, if you crack an IPB2 hashlist which contains 1 million unique salts this took additional 400mb host AND GPU memory - for nothing.

This has been fixed now.



After Hashcat v0.39 and oclHashcat-lite v0.09 already got the update to the new relaxed EULA, oclHashcat-plus got it, too.

This change for example, now allows companies to use all Hashcat derivates as long such use is inside a legal context. You can also distribute it within your linux distribution, package it or mirror it.

I also removed the anti-leech protection for the files from the official download location and made them wget friendly.



Although I am always very focused on increasing performance its not always possible. Each new driver, each new SDK always change the performance somehow for each kernel. It happens that code can become faster or slower without a single code change. So I can tell you, I made lots of performance increases code-wise, but due to some driver and SDK reasons some changes were sacrificed to compensate for their losses.

But some improvements were so large that they still make a notable difference. For example I found a better way to deal with the salt on Joomla and MSSQL hashes and the slow hashes like phpass, and md5crypt or md5apr1 improved a lot due to other architecture changes in the host-code.

To better keep track of the performance changes, you can take a look at arex's homepage.

He put up a benchmarking section: http://thepasswordproject.com/oclhashcat_benchmarking

Currently it lacks reports for NVidia, but the site also contains all the scripts I use for benchmarking.

If you want to compare locally you can just download the scripts and run them to see how everything compares on your hardware.



Thanks to superjames from Team Hashcat we had an awesome event which was based on Hashcat called "The Best64 Challenge".

If you are interested in exactly what it was, visit the contest page here: http://beeeer.org/best64/

The short story: Building on the results of this challenge, I create a new best64.rule and overwrite the old one.

A write-up on how this was done can be found here: http://hashcat.net/forum/thread-1002-pos...ml#pid5284



Did you ever try to crack hashes that include language specific or so called non-printable letters? Adding them to your charset on the command-line can be very tricky. There is a lot that can go wrong due to terminal emulation, encoding on the shell, fonts used, etc...

So there was this request made for File-based charsets: http://hashcat.net/forum/thread-916.html

Just add them to a file and this file will be parsed byte-wise.



A change but something you will like is that I have added some more information to the status display.

For example, if you crack WPA/WPA2, you can now see the ESSID, MAC Addresses etc.

This goes back to this request: http://hashcat.net/forum/thread-752.html

I also added things like hashfile and rulefile so you will be reminded of your attack (in case its has been running for some weeks).



Last but not least, the fixed bugs list:
  • Fixed bug leading to host program crash in NTLM and DCC brute-force AMD kernels
  • Fixed bug leading to host program crash in --show when having more than 100k entries in hashcat.pot
  • Fixed bug leading to host program crash in ETA display, if ETA calculated > 60 years
  • Fixed bug leading to hash-not-found in Joomla if plaintext is of a length 4 or 8 and greater
  • Fixed bug leading to useless cracking in -a 6 mode in combination with WPA when the base plain is smaller than length 8
  • Fixed bug in UI: prompt was not shown after pause or resume session



Some last words:

If something does not work after upgrading - Always remember to update to the latest driver before you post a thread on the Forum. Old drivers are the No. 1 problem of all reported problems on forum. There is a special page for drivers on the Wiki: http://hashcat.net/wiki/oclhashcat_catalyst_forceware

For this release, you *must* update to Catalyst 12.4

If you are on AMD, do *not* install the SDK unless you really know what you are doing. It contains an outdated library for OpenCL leading to slower and unstable kernels. Its confusing that AMD still ships them with the SDK.



Here is the full changelog:

Code:
type: feature
file: kernels
desc: added -m 1700 = SHA512

type: feature
file: kernels
desc: added -m 1722 = OSX v10.7

type: feature
file: kernels
desc: added -m 2600 = Double MD5

type: feature
file: kernels
desc: added -m 3000 = LM

type: feature
file: kernels
desc: added -m 3100 = Oracle 7-10g

type: driver
file: kernels
desc: added support for NVAPI R300

type: driver
file: kernels
desc: added support for NVidia CUDA 4.2

type: driver
file: kernels
desc: added support for NVidia sm_30 gpu-architecture [ Kepler ]

type: driver
file: kernels
desc: removed support for old AMD 4xxx GPU's (AMD removes support with Catalyst 12.7)

type: driver
file: host programs
desc: workarounded a bug in CUDA cuMemAllocHost() to be able to support recent ForceWare
cred: radix

type: feature
file: kernels and host programs
desc: backported GPU-based password candidate generator from oclHashcat-lite v0.09

type: feature
file: kernels and host programs
desc: backported vector datatype NVidia kernels from oclHashcat-lite v0.09

type: feature
file: host programs
desc: backported --seperator-char feature from hashcat v0.38
cred: Thorsheim

type: feature
file: host programs
desc: added support for charset files and charset files
cred: Thorsheim

type: feature
file: host programs
desc: include line number in error message where applicable
cred: arex1337

type: feature
file: host programs
desc: added BSSID to status display
cred: Hash-IT

type: feature
file: kernels and host programs
desc: Added new rule 'E', upper cases the first letter and every letter after a space
cred: Hash-IT

type: feature
file: kernels and host programs
desc: Backported rule '.' and ',' from hashcat v0.38

type: feature
file: kernels and host programs
desc: Backported rule 'y' and 'Y' from hashcat v0.38

type: feature
file: host programs
desc: added hashfile and rulefile to status display
cred: chort, Thorsheim

type: feature
file: kernels
desc: improved memory handling with salted hashes

type: feature
file: kernels
desc: added reversing kernel for multihash MD5 if running in -a 3 mode and mask < length 8

type: bug
file: kernels
desc: fixed bug in NTLM and DCC brute-force AMD kernels

type: bug
file: kernels
desc: fixed bug in Joomla if pt is of length 4 or greater than 8 it was not getting cracked

type: bug
file: host programs
desc: fixed bug in Oracle 11g hash parsing function, salt length increased to 10 byte
cred: flipit

type: bug
file: host programs
desc: fixed bug in --show when having more than 100k entries in hashcat.pot
cred: Tixos

type: bug
file: host programs
desc: fixed bug in -a 6 mode in combination with WPA when base plain is < length 8
cred: logistix

type: bug
file: host programs
desc: fixed bug in UI: prompt was not shown after pause or resume session

type: bug
file: host programs
desc: fixed bug in ETA display if ETA calculated > 60 years
cred: arex

type: bug
file: host programs
desc: fixed a race condition in --remove leading to not removing cracked hashes from hashlist
cred: forumhero

type: bug
file: host programs
desc: check for integer overflow in keyspace of mask
cred: LarryX

type: change
file: best64.rule
desc: replaced content of best64.rule with the best rules from the best64.rule contest

type: change
file: host programs
desc: EULA. Removed sections 2, 6, 8 and 9. Relaxed sections 3 and 7
cred: hdmoore
#2
HOLY S**T!!!
#3
I'll be Mr. Second.
GJ Atom!
#4
Third, I guess... Smile

thanks for this update atom!
especially these two:
Mac OSX v10.7 Lion hashes
wget friendly

(also i see you split the 32 and 64 bit into two separate files...awesome!)
#5
Good job Smile
#6
So much thanks Wink
#7
That's really a great step forward. The changelog is simply overwhelming! Thank you for all the effort you put into hashcat!
#8
Great work,

You updated the best64.rule, cool.
Something I have been wanting to ask: what is the point of the "perfect.rule"? It's just 51.200 colons ":" ??
#9
Cheers for the update. Have been looking forward to the LM functionality as it's usually the hash i attempt the most when on jobs.

Have done a small comparison and write up with performance while testing using my 6950 2gb card here if anyone is interested:
http://www.phillips321.co.uk/2012/05/01/...ntu-11-10/

Cheers again atom
#10
great job, atom. thank you for all your hard work