brute forcing sha256 - need help locating salt in open source code

[royce]

And if you need it before it's added to hashcat, you'll have to fall back to other tools. John the Ripper supports it with a dynamic mode (CPU only):

Code:

Format label                         dynamic_1027
Disabled in configuration file      no
Min. password length                 0
Max. password length                 36 [worst case UTF-8] to 110 [ASCII]
Min. keys per crypt                  64
Max. keys per crypt                  1680
Flags
Case sensitive                      yes
Truncates at (our) max. length      no
Supports 8-bit characters           yes
Converts internally to UTF-16/UCS-2 no
Honours --encoding=NAME             n/a
Collisions possible (as in likely)  no
Uses a bitslice implementation      no
The split() method unifies case     yes
Supports very long hashes           no
A $dynamic$ format                  yes (Flat buffer SIMD)
A dynamic sized salt                no
Parallelized with OpenMP            no
Number of test vectors               24
Algorithm name                       sha1(sha1(sha1($p))) (hash truncated to length 32) 128/128 AVX 4x1
Format name                          
Benchmark comment                    
Benchmark length                     -1
Binary size                          16
Salt size                            0
Tunable cost parameters              
Example ciphertext                   $dynamic_1027$b8443c12b3066dac22b3857b2fb779b4

... and MDXfind also supports it.