Welcome to hashcat 4.0.0 release!
This release deserved the 4.x.x major version increase because of a new major feature:
Added support to crack passwords and salts up to length 256
Internally, this change took a lot of effort - many months of work. The first step was to add an OpenSSL-style low-level hash interface with the typical HashInit(), HashUpdate() and HashFinal() functions. After that, every OpenCL kernel had to be rewritten from scratch using those functions. Adding the OpenSSL-style low-level hash functions also had the advantage that you can now add new kernels more easily to hashcat - but the disadvantage is that such kernels are slower than hand-optimized kernels.
The OpenCL kernels from 3.6.0 were all hand-optimized for performance. No worries - these kernels still exist, and can be explicitly requested with the new -O (optimized kernel) option. This configures hashcat to use the optimized OpenCL kernels, but at the cost of limited password length support (typically 32).
Added self-test functionality to detect broken OpenCL runtimes on startup
Another important missing feature in the previous hashcat version was the self-test on startup. Some (mostly older) OpenCL runtimes were somewhat buggy (thanks to NV and AMD) in ways that created non-working kernels. The problem was that the user didn't get any error message that clarified the reason for the problems. With this version, hashcat tries to crack a known hash on startup with a known password. Failing to crack a simple known hash is a bulletproof way to test whether your system is set up correctly.
Added hash-mode 2501 = WPA/WPA2 PMK
This mode was added to run precomputed PMK lists against a hccapx, like cowpatty did (genpmk). You still have to precompute the PMK. Please use wlangenpmk/wlangenpmkocl from hcxtools to do so.
Improved macOS support
The evil "abort trap 6" error is now handled in a different way. There is no more need to maintain many different OpenCL devices in the hashcat.hctune database.
Download here: https://hashcat.net/hashcat/
Features:
- Added support to crack passwords and salts up to length 256
- Added option --optimized-kernel-enable to use faster kernels but limit the maximum supported password- and salt-length
- Added self-test functionality to detect broken OpenCL runtimes on startup
- Added option --self-test-disable to disable self-test functionality on startup
- Added option --wordlist-autohex-disable to disable the automatical conversion of $HEX[] words from the word list
- Added option --example-hashes to show an example hash for each hash-mode
- Removed option --weak-hash-check (zero-length password check) to increase startup time, it also causes many Trap 6 error on macOS
Algorithms:
- Added hash-mode 2500 = WPA/WPA2 (SHA256-AES-CMAC)
- Added hash-mode 2501 = WPA/WPA2 PMK
Bugs:
- Fixed a buffer overflow in mangle_dupechar_last function
- Fixed a calculation error in get_power() leading to errors of type "BUG pw_add()!!"
- Fixed a memory problem that occured when the OpenCL folder was not found and e.g. the shared and session folder were the same
- Fixed a missing barrier() call in the RACF OpenCL kernel
- Fixed a missing salt length value in benchmark mode for SIP
- Fixed an integer overflow in hash buffer size calculation
- Fixed an integer overflow in innerloop_step and innerloop_cnt variables
- Fixed an integer overflow in masks not skipped when loaded from file
- Fixed an invalid optimization code in kernel 7700 depending on the input hash, causing the kernel to loop forever
- Fixed an invalid progress value in status view if words from the base wordlist get rejected because of length
- Fixed a parser error for mode -m 9820 = MS Office <= 2003 $3, SHA1 + RC4, collider #2
- Fixed a parser error in multiple modes not checking for return code, resulting in negative memory index writes
- Fixed a problem with changed current working directory, for instance by using --restore together with --remove
- Fixed a problem with the conversion to the $HEX[] format: convert/hexify also all passwords of the format $HEX[]
- Fixed the calculation of device_name_chksum; should be done for each iteration
- Fixed the dictstat lookup if nanoseconds are used in timestamps for the cached files
- Fixed the estimated time value whenever the value is very large and overflows
- Fixed the output of --show when used together with the collider modes -m 9710, 9810 or 10410
- Fixed the parsing of command line options. It doesn't show two times the same error about an invalid option anymore
- Fixed the parsing of DCC2 hashes by allowing the "#" character within the user name
- Fixed the parsing of descrypt hashes if the hashes do have non-standard characters within the salt
- Fixed the use of --veracrypt-pim option. It was completely ignored without showing an error
- Fixed the version number used in the restore file header
Improvements:
- Autotune: Do a pre-autotune test run to find out if kernel runtime is above some TDR limit
- Charset: Add additional DES charsets with corrected parity
- OpenCL Buffers: Do not allocate memory for amplifiers for fast hashes, it's simply not needed
- OpenCL Kernels: Improved performance of SHA-3 Kernel (keccak) by hardcoding the 0x80 stopbit
- OpenCL Kernels: Improved rule engine performance by 6% on for NVidia
- OpenCL Kernels: Move from ld.global.v4.u32 to ld.const.v4.u32 in _a3 kernels
- OpenCL Kernels: Replace bitwise swaps with rotate() versions for AMD
- OpenCL Kernels: Rewritten Keccak kernel to run fully on registers and partially reversed last round
- OpenCL Kernels: Rewritten SIP kernel from scratch
- OpenCL Kernels: Thread-count is set to hardware native count except if -w 4 is used then OpenCL maximum is used
- OpenCL Kernels: Updated default scrypt TMTO to be ideal for latest NVidia and AMD top models
- OpenCL Kernels: Vectorized tons of slow kernels to improve CPU cracking speed
- OpenCL Runtime: Improved detection for AMD and NV devices on macOS
- OpenCL Runtime: Improved performance on Intel MIC devices (Xeon PHI) on runtime level (300MH/s to 2000MH/s)
- OpenCL Runtime: Updated AMD ROCm driver version check, warn if version < 1.1
- Show cracks: Improved the performance of --show/--left if used together with --username
- Startup: Add visual indicator of active options when benchmarking
- Startup: Check and abort session if outfile and wordlist point to the same file
- Startup: Show some attack-specific optimizer constraints on start, eg: minimum and maximum support password- and salt-length
- WPA cracking: Improved nonce-error-corrections mode to use a both positive and negative corrections
Technical:
- General: Update C standard from c99 to gnu99
- Hash Parser: Improved salt-length checks for generic hash modes
- HCdict File: Renamed file from hashcat.hcdict to hashcat.hcdict2 and add header because versions are incompatible
- HCstat File: Add code to read LZMA compressed hashcat.hcstat2
- HCstat File: Add hcstat2 support to enable masks of length up to 256, also adds a filetype header
- HCstat File: Renamed file from hashcat.hcstat to hashcat.hcstat2 and add header because versions are incompatible
- HCtune File: Remove apple related GPU entries to workaround Trap 6 error
- OpenCL Kernels: Added code generator for most of the switch_* functions and replaced existing code
- OpenCL Kernels: Declared all include functions as static to reduce binary kernel cache size
- OpenCL Kernels: On AMD GPU, optimized kernels for use with AMD ROCm driver
- OpenCL Kernels: Removed some include functions that are no longer needed to reduce compile time
- OpenCL Runtime: Fall back to 64 threads default (from 256) on AMD GPU to prevent creating too many workitems
- OpenCL Runtime: Forcing OpenCL 1.2 no longer needed. Option removed from build options
- OpenCL Runtime: On AMD GPU, recommend AMD ROCm driver for Linux
- Restore: Fixed the version number used in the restore file header
- Time: added new type for time measurements hc_time_t and related functions to force the use of 64 bit times
- atom