hashcat v5.1.0
#1


Welcome to hashcat v5.1.0! 

Download binaries or sources: https://hashcat.net/hashcat/ 



This release is mostly about expanding support for new algorithms and fixing bugs:
  • Added pure kernels for hash-mode 11700 (Streebog-256)
  • Added pure kernels for hash-mode 11800 (Streebog-512)
  • Added hash-mode 11750 (HMAC-Streebog-256 (key = $pass), big-endian)
  • Added hash-mode 11760 (HMAC-Streebog-256 (key = $salt), big-endian)
  • Added hash-mode 11850 (HMAC-Streebog-512 (key = $pass), big-endian)
  • Added hash-mode 11860 (HMAC-Streebog-512 (key = $salt), big-endian)
  • Added hash-mode 13771 (VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 512 bit)
  • Added hash-mode 13772 (VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 1024 bit)
  • Added hash-mode 13773 (VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 1536 bit)
  • Added hash-mode 18200 (Kerberos 5 AS-REP etype 23)
  • Added hash-mode 18300 (Apple File System (APFS))
  • Added Kuznyechik cipher and cascades support for VeraCrypt kernels
  • Added Camellia cipher and cascades support for VeraCrypt kernels
Thanks to Naufragous for contributing the VeraCrypt extensions! We're now VeraCrypt feature complete.



New Features:
  • Added support for using --stdout in brain-client mode
  • Added new option --stdin-timeout-abort, to set how long hashcat should wait for stdin input before aborting
  • Added new option --kernel-threads to manually override the automatically-calculated number of threads
  • Added new option --keyboard-layout-mapping to map users keyboard layout, required to crack TC/VC system boot volumes


Some notes about the --keyboard-layout-mapping feature:

This new configuration item was added to handle a special TrueCrypt and VeraCrypt "feature" which is automatically active during the setup of encryption for a system partition or an entire system drive. Due to BIOS requirements, the user's keyboard layout is always set to the US keyboard layout during the pre-boot stage (no matter which layout is actually in use). In other words, in the pre-boot stage, when TC/VC asks the user to enter the password, the layout is actually set to the US keyboard layout.

To avoid conflicts with the real keyboard layout configured in the OS, both TC and VC have a little trick: they set the OS keyboard layout to US keyboard layout while the password prompt window is opened. You can actually verify this in the language task bar while the password prompt window is open. It will switch from whatever is configured to English, and after the window is closed, the original keyboard layout is restored.

This has a serious impact on cracking the password. For example, my German keyboard layout is a "QWERTZ" keyboard layout. The US keyboard, however used a "QWERTY" layout. The difference is that the position of the "y" and "z" letter is exchanged. If it was just that, this wouldn't be much of a problem - but almost all the special symbols are mapped very differently. (I won't go into the details; you might want to compare it yourself for fun.)

And when it comes to non-Latin based languages, this behaviour gets completely out of control. Just one example: If the user enters the password بين التخصصات (interdisciplinary) on an Arabic keyboard, the password we need to guess is: fdk hgjowwhj[g.

To deal with all of this, a hashcat user needs to know exactly which keyboard was enabled when the password was entered into the password window during setup. For German, I've added an example keyboard layout to the newly created folder "layouts", which now ships with the binary and on GitHub master. For instance, if you know a German keyboard was used, you can now add "--keyboard-layout-mapping layouts/de.hckmap" to the commandline.

Unfortunately, since I don't own all of the existing keyboards, it will be necessary for hashcat users to contribute the rest of the missing mapping tables - ideally, as a GitHub PR. Almost every language I know has special keyboard layouts. There's even a difference between the UK and US layouts.

Here's how you can help. To create a language-specific mapping table, open a text editor, and press every key on the keyboard, starting from the top left to the top right. Press Enter after every key. Use only keys which represent a real character, and ignore control keys such as Backspace, Caps Lock, etc. Then move to the next row below and repeat the process from the left to the right, and so on until you reach the space character. At that point, repeat exactly the same sequence, but with Shift pressed. When done, add a Tab after each character (Tab is used as separator character). Then switch the keyboard layout to English and repeat the entire process exactly in the same order, adding each character after the tab character. Hashcat fully supports all multibyte characters up to 32 bits on both sides of the mapping table (even if the right side side will be always a single byte character). As an example, see the layouts/de.hckmap file.

Note that when it comes to Alt/AltGr, this behavior is exploitable. TC/VC does not accept those modifier keys. If a user uses AltGr while entering the password, a window appears that tells the user that the use of this key is not allowed. For instance, on my German keyboard layout, I need to use AltGr+q to get the "@" character. As a consequence of this, we know that the TC/VC password cannot include any of the characters ("@", "[", "]", "\", "€", "|", "{", "}", "~") if the user was using a German keyboard to enter the password.

At the same time, we can guarantee that "@" will never be listed on the left side of the mapping table - because the only characters that can appear there are the ones that are are reachable only without any modifier or by using shift (but not AltGr). If we combine these concepts, we could add some code to reject all passwords which contain at least one character not listed in a mapping table. This is not yet implemented - but I'll add it if hashcat users agree that there is value in it.



Improvements:
  • OpenCL Devices: Add support for up to 64 OpenCL devices per system
  • OpenCL Platforms: Add support for up to 64 OpenCL platforms per system
  • OpenCL Runtime: Use our own yielding technique for synchronizing rather than vendor specific
  • Startup: Show OpenCL runtime initialization message (per device)
  • xxHash: Added support for using the version provided by the OS/distribution


Fixed Bugs:
  • Fixed automated calculation of brain-session when not using all hashes in the hashlist
  • Fixed calculation of brain-attack if a given wordlist has zero size
  • Fixed checking the length of the last token in a hash if it was given the attribute TOKEN_ATTR_FIXED_LENGTH
  • Fixed endianness and invalid separator character in outfile format for hash-mode 16801 (WPA-PMKID-PMK)
  • Fixed ignoring --brain-client-features configuration when brain server has attack-position information from a previous run
  • Fixed invalid hardware monitor detection in benchmark mode
  • Fixed invalid warnings about throttling when --hwmon-disable was used
  • Fixed missing call to WSACleanup() to cleanly shutdown windows sockets system
  • Fixed missing call to WSAStartup() and client indexing in order to start the brain server on Windows
  • Fixed out-of-boundary read in DPAPI masterkey file v2 OpenCL kernel
  • Fixed out-of-bounds write in short-term memory of the brain server
  • Fixed output of --speed-only and --progress-only when fast hashes are used in combination with --slow-candidates
  • Fixed selection of OpenCL devices (-d) if there's more than 32 OpenCL devices installed
  • Fixed status output of progress value when -S and -l are used in combination
  • Fixed thread count maximum for pure kernels in straight attack mode


Technical:
  • Brain: Set --brain-client-features default from 3 to 2
  • Dependencies: Added xxHash and OpenCL-Headers to deps/ in order to allow building hashcat from GitHub source release package
  • Dependencies: Removed gitmodules xxHash and OpenCL-Headers
  • Keymaps: Added hashcat keyboard mapping us.hckmap (can be used as template)
  • Keymaps: Added hashcat keyboard mapping de.hckmap
  • Hardware Monitor: Renamed --gpu-temp-abort to --hwmon-temp-abort
  • Hardware Monitor: Renamed --gpu-temp-disable to --hwmon-disable
  • Memory: Limit maximum host memory allocation depending on bitness
  • Memory: Reduced default maximum bitmap size from 24 to 18 and give a notice to use --bitmap-max to restore
  • Parameter: Rename --nvidia-spin-damp to --spin-damp (now accessible for all devices)
  • Pidfile: Treat a corrupted pidfile like a not existing pidfile
  • OpenCL Device: Do a real query on OpenCL local memory type instead of just assuming it
  • OpenCL Runtime: Disable auto-vectorization for Intel OpenCL runtime to workaround hanging JiT since version 18.1.0.013
  • Tests: Added hash-mode 11700 (Streebog-256)
  • Tests: Added hash-mode 11750 (HMAC-Streebog-256 (key = $pass), big-endian)
  • Tests: Added hash-mode 11760 (HMAC-Streebog-256 (key = $salt), big-endian)
  • Tests: Added hash-mode 11800 (Streebog-512)
  • Tests: Added hash-mode 11850 (HMAC-Streebog-512 (key = $pass), big-endian)
  • Tests: Added hash-mode 11860 (HMAC-Streebog-512 (key = $salt), big-endian)
  • Tests: Added hash-mode 13711 (VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 512 bit)
  • Tests: Added hash-mode 13712 (VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 1024 bit)
  • Tests: Added hash-mode 13713 (VeraCrypt PBKDF2-HMAC-RIPEMD160 + XTS 1536 bit)
  • Tests: Added hash-mode 13721 (VeraCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit)
  • Tests: Added hash-mode 13722 (VeraCrypt PBKDF2-HMAC-SHA512 + XTS 1024 bit)
  • Tests: Added hash-mode 13723 (VeraCrypt PBKDF2-HMAC-SHA512 + XTS 1536 bit)
  • Tests: Added hash-mode 13731 (VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit)
  • Tests: Added hash-mode 13732 (VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 1024 bit)
  • Tests: Added hash-mode 13733 (VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 1536 bit)
  • Tests: Added hash-mode 13751 (VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit)
  • Tests: Added hash-mode 13752 (VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1024 bit)
  • Tests: Added hash-mode 13753 (VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1536 bit)
  • Tests: Added hash-mode 13771 (VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 512 bit)
  • Tests: Added hash-mode 13772 (VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 1024 bit)
  • Tests: Added hash-mode 13773 (VeraCrypt PBKDF2-HMAC-Streebog-512 + XTS 1536 bit)
  • Tests: Added VeraCrypt containers for Kuznyechik cipher and cascades
  • Tests: Added VeraCrypt containers for Camellia cipher and cascades


- atom
#2
Thank you Hashcat you are the best Smile
#3
Awesome, thanks again!
#4
Why change the temperature control variables?
Hardware Monitor: Renamed --gpu-temp-abort to --hwmon-temp-abort
Hardware Monitor: Renamed --gpu-temp-disable to --hwmon-disable
Now the GUI does not support the new version of hashcat 5.1.0.
And manually deleting each time is not very convenient.
#5
Great release!

This fixed all the segmentation faults I had while using hashcat 4.x.x with OpenCL 1.2 & the free amdgpu driver.