hashcat Forum - Very old oclHashcat-plus Announcements

[split] oclHashcat-plus v0.15

Mon, 14 Oct 2013 12:26:07 +0000

I am very satisfied this feature:
Directories containing dictionaries
"You already know that with straight mode, you can specify a directory directly on the command line, and hashcat will loop through all of the dictionaries in that directory automatically."

I would like to same with the rules. (--attack-mode 1)
I relly admire, if I can specify a directory directly on the command line, and hashcat will loop through all of the rules in that directory automatically.

Could you help me?

oclHashcat-plus v0.15

Sat, 24 Aug 2013 18:03:19 +0000

This version is the result of over 6 months of work, having modified 618,473 total lines of source code.

Before we go into the details of the changes, here's a quick summary of the major changes:

Added support for cracking passwords longer than 15 characters
Added support for mask-files, which enables password policy-specific candidate generation using PACK
Added support for multiple dictionaries in attack modes other than straight mode
Rewrote workload dispatcher from scratch
Rewrote restore support from scratch
Rewrote kernel scheduler to reduce screen lags
Better handling of smaller workloads/dictionaries
Language-specific charset presets for use with masks

New supported algorithms:

TrueCrypt 5.0+
1Password
Lastpass
OpenLDAP {SSHA512}
AIX {SMD5} and {SSHA*}
SHA256(Unix) aka sha256crypt
MacOSX v10.8
Microsoft SQL Server 2012
Microsoft EPi Server v4+
Samsung Android Password/PIN
GRUB2
RipeMD160, Whirlpool, sha256-unicode, sha512-unicode, ...

New supported GPUs:

NVidia:

All sm_35-based GPUs
GTX Titan
GTX 7xx
Tesla K20

AMD:

All Caicos, Oland, Bonaire, Kalindi and Hainan -based GPU/APU
hd77xx
hd8xxx

And last but not least, lots of bugs have been fixed. For a full list, see the changelog below.

Passwords longer than 15 characters

This was by far one of the most requested features. We resisted adding this "feature", as it would force us to remove several optimizations, resulting in a decrease in performance for the fast hashes. The actual performance loss depends on several factors (GPU, attack mode, etc), but typically averages around 15%.

Adding support for passwords longer than 15 characters required removing the following optimizations for fast hashes:

Zero-based optimizations: Many algorithms can be optimized based on the fact that zero values in arithmetic or logic operations do not change the input value. With a password limit of less than 16 characters, it was guaranteed that values for positions 16-63 were zero, allowing us to omit dozens of operations from each step. These optimizations can no longer be used. I explain this in a bit more detail in my Passwords13 presentation: http://hashcat.net/p13/js-ocohaaaa.pdf
Register pressure: If a password is 15 characters or less, we only need four 32-bit registers to hold it. But as we increase the length, more registers are required. This can slow down the entire process if more registers are required than accessible, as the compiler has to swap out data to global memory. Supporting passwords longer than 15 characters increases register pressure.
Wordlist caching: oclHashcat-plus handles wordlist data in a very unique way. The words are not simply pushed to GPU from start to finish; they are first sorted by length. This is done because many algorithms can be further optimized when all of the input data is the same length. oclHashcat-plus v0.14 attempted to cache all words of a specific length until it hit a threshold, and then flushed the cache. This required a lot of host memory. Depending on the number of GPUs we have and the specified -n value, oclHashcat-plus easily allocated 16GB of host memory, and even more for large VCL clusters. This buffer would have been increased 4x since we wanted to increase from a maximum length of 16 to a maximum length of 64. In other words, our host system would request 64GB of RAM!

We've spent a lot of time focusing on these issues, trying to minimize the impact of each. The good news is that we were able to solve #2 and #3. But, because there is no solution for #1, there will still be some performance loss in some cases.

The precise decrease depends on GPU type, algorithm, number of hashes, well... just about everything! But, we also managed to increase performance for some algorithms, too. In order to solve #2, we rewrote nearly all candidate-generating code, and found some sections that could be optimized. In other words, the solution to #2 was to optimize the code in special sections, and then use the resulting performance increase to compensate against the performance decrease. Also, some of the algorithms do not require a lot of registers. All in all, the losses are less than expected.

To solve #3, we had to rewrite the workload dispatcher from scratch. There's a special subsection about that topic below, since it contains some other important information as well. As a positive sideeffect of this solution, the host memory requirements are now less than those of v0.14!

The slow hash types will not drop in speed, except for phpass and md5crypt:

phpass, MD5(Wordpress), MD5(phpBB3)
md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
md5apr1, MD5(APR), Apache MD5
sha512crypt, SHA512(Unix)
Domain Cached Credentials2, mscash2
WPA/WPA2
bcrypt, Blowfish(OpenBSD)
Password Safe SHA-256
TrueCrypt
1Password
Lastpass
sha256crypt, SHA256(Unix)

If you're curious about real-world performance losses and gains between v0.14 and v0.15, we've compiled a table that compares the two versions for each architecture:

This table shows single-hash MD5, which has been choosen since it's a very sensible hash-type. Changes to this hash-type typically reflect onto other hashes as well.

Note: Because we've had to make a lot of deep changes to the core of hashcat, there can be no "old" method for < 16 character support as many people already suggested. The changes we made are to deep and they are no longer compatible to old-style kernels, and we really don't want to maintain two different tools.

One last note about performance. There was a change to the status-display of the speed value which does not affect the real performance. With new oclHashcat-plus v0.15 the speed that is shown gets divided by the number of uncracked unique salts. Older oclHashcat-plus versions did not take this into account. Don't get shocked when you're cracking a large salted hashlist and the speed dropped by hundret of times (or to be exact by number of hashes/salts), the total time will stay equal.

Essential performance note

We can help hashcat compensate for the performance decrease by preparing our dictionaries!

Get hashcat-utils, and run your dictionaries through splitlen. Using rockyou.txt as an example:

Quote:
$ mkdir foo
$ ./splitlen.bin foo < rockyou.txt
$ cat foo/* > rockyou-sorted.txt

The example works on windows, too.

This typically gives 15% speed boost, because we get much higher cache hits. This is essential, especially for VLIW4 and VLIW5 systems.

Passwords less than 55 characters

Adding support for passwords longer than 15 characters does not completely remove the length limitations in hashcat. Generally speaking, the new maximum length is 55 characters, except in the following cases:

For slow hashes:

mode 400 is limited to 40 characters
mode 5200 is limited to 24 characters
modes 500, 1600, 1800, 3200, 5300, 6300 and 7400 are limited to 16 characters

NOTE: We're planing to remove the limits for these modes in the next version.

For fast hashes, the important factor is the attack mode:

attack-mode 0, the maximum length is 31
attack-mode 1, the maximum size of the words of both dictionaries is 31
attack-mode 6 and 7, the maximum size of the words of the dictionary is 31

Just to make this clear: We can crack passwords up to length 55, but in case we're doing a combinator attack, the words from both dictionaries can not be longer than 31 characters. But if the word from the left dictionary has the length 24 and the word from the right dictionary is 28, it will be cracked, because together they have length 52.

Also note that algorithms based on unicode, from plaintext view, only support a maximum of 27. This is because unicode uses two bytes per character, making it 27 * 2 = 54.

TrueCrypt 5.0+

Finally, we have a TrueCrypt cracking mode that fully computes on GPU -- everything is written 100% on GPU! There is no copy overhead to the host, thus our CPU will stay cool at 0% and we can do whatever we want to do with it.

Current implementation is able to crack the following supported hashes:

RipeMD160
SHA512
Whirlpool

For the ciphers, we're currently doing only AES, and of course the XTS block-cipher. Serpent and Twofish -- and their cascaded modes -- will be added next.

Here are some speeds from 2x hd6990:

PBKDF2-HMAC-RipeMD160 / AES: 223 kHash/s
PBKDF2-HMAC-SHA512 / AES: 95 kHash/s
PBKDF2-HMAC-Whirlpool / AES: 49 kHash/s *updated*
PBKDF2-HMAC-RipeMD160 boot-mode / AES: 451 kHash/s

These tests show oclHashcat-plus is world's fastest TrueCrypt cracker!!

Here's the original article: http://hashcat.net/forum/thread-2301.html

Mask files

Mask files are very easy to understand: they are just plain text file with one mask per line. Supply the filename instead of a mask on the command line, and hashcat will automatically loop through the masks in the file -- see some examples here: http://hashcat.net/wiki/doku.php?id=mask...mask_files

Until now to use a list of masks, we would need to manually iterate (or using some self-made wrapper scripts) through the set of masks, fully restarting hashcat on each loop iteration. It worked, but we suffered from the startup and shutdown times for each invocation. Storing those masks into a hcmask file and using this new feature is much faster, especially when we have lots of small masks.

The coolest thing though is what iPhelix from Team Hashcat made out of this feature...

If we're a pentester, and we're to audit an AD domain, we typically face a password policy. Password policies aren't always very clever; most of the time, they force users to select passwords with predictable patterns (you can read more about this topic in Minga's Passwords13 talk). Using a specific set of masks we can avoid candidate passwords that do not match the policy, thus reducing the keyspace efficiently. There are a few ways to do this. For example, we could pre-check our password candidates against a policy, which requires some branching, and we all know GPUs are bad when it comes to branching.

Therefore, it's far more clever to simply never generate those candidates which do not match the password complexity policy, and that's where this new feature comes in. iPhelix, the autor of the PACK, wrote a tool to automatically create mask files for us based on a password policy. He also added some preset mask files for default AD password policies! I strongly recommend you take a look at PACK: http://thesprawl.org/projects/pack/

With Hashcat, PACK, and mask file support, we now have a completely unique and powerful feature that no other password cracking program supports!

Directories containing dictionaries

You already know that with straight mode, you can specify a directory directly on the command line, and hashcat will loop through all of the dictionaries in that directory automatically.

Now you can do this in hybrid modes, too!

The same is true for using multiple dictionaries on command line. For hybrid-mode, the mask is always just a single argument. That means that for instance for -a 6, all arguments except the last one can be dictionaries.

Rewrote workload dispatcher

This was required to solve problem #3 from the password length increase, but it quickly turned out to add some unexpected benefits. One benefit is the way smaller workloads are handled.

A problem that every one of us ran into was that, with small workloads, oclHashcat-plus did not fully utilize the power of all GPUs. To fully utilize the GPUs, there need to be enough different input data for the calculation. For example, when oclHashcat-plus displays that it is cracking at a rate of 8.3 GH/s, the program actually requires us to feed it with 8,300,000,000 different words per second. We get that high of a number because of the attack modes. Our dictionary does not need to have 8,300,000,000 different words, but if we were to run it in -a 0 mode with 40,000 rules, we still need to feed it with 207,500 words from our dictionary per second (207,500 * 40,000 = 8,300,000,000). Well actually that's not entirely correct. We still need to invoke the GPU kernel and compute the hashes on it and this tasks takes 99.9% of the time. So to load this stuff, we actually have just a few miliseconds otherwise our cracking speed will drop since the GPU is idleing.

The typical process is that our host program parses the dictionary, then copies it to the GPU, then runs the kernel and collects the results. Now, because of the old caching structure, oclHashcat-plus was a bit more complicated than this. It was not loading 207,500 words from our dictionary per second -- it was loading much more. And then it was sorting the words by length into specific buffers. Once a buffer's threshold was reached, it pushed the buffer to GPU, processed it, and collected the results.

The typical dictionary does not contain only words of one specific length (unless we run it through splitlen.bin from hashcat-utils). Typically, most of the words range from six to ten characters. We know these graphs, right? Let's say the distribution for all words of length 6 - 10 is all the same (which it isn't really, but it's easier to explain this way), then only every 5th word has a length of 8 characters. In other words, to feed oclHashcat-plus fast enough, the host program needed to parse 5 * 207,500 words from our dictionary per second.

Now think of a small dictionary, like milworm with 80k or what it has. We cannot even feed the 207,500 words required with it. And it's actually much worse, since the 80k has to be divided by 5 because of the above reason. So, we only provided oclHashcat-plus with 16k words from our dictionary per second, not with 207k. So the GPU wasn't able to exceed ~7% utilization. And then, we still have some small number for length 22 or 43 left that need to be checked... what a waste of time! This is typically what we saw at the end of each run.

With oclHashcat-plus v0.15, this structure has radically changed. There is still some caching, but it's totally different. We don't want to go to much into detail, but typically the divisor is now just 2. We still can not fully utilize all power with a tiny dictionary, but the requirement from huge dictionaries is much less.

Thanks

Many thanks to our beta testers, and everyone reporting bugs on the hashcat TRAC system. This is really pushing the project forward, and we greatly appreciate your effort. Please continue to support us!

We also want to thank KoreLogic for the "Crack Me If You Can" contest and the organizers from PHD's "Hashrunner". These contests give us a good view on what a typical pentester / IT-forensic needs and shows a direction to go.

Full Changelog

Quote:
* changes v0.14 -> v0.15:

type: driver
file: kernels
desc: added support for AMD Catalyst v13.4 (new GPU architectures: Bonaire, Kalindi, Hainan)
trac: #127

type: driver
file: kernels
desc: added support for AMD Catalyst v13.6 beta

type: driver
file: kernels
desc: added support for AMD Catalyst v13.8 beta

type: driver
file: kernels
desc: added support for NVidia ForceWare 319.37

type: driver
file: kernels
desc: added support for NVidia CUDA 5.5

type: feature
file: kernels
desc: added support for password length up to 55

type: feature
file: kernels
desc: allow variable salt length (length: 16 - 48) for aix hashes -m 6400, 6500, 6700

type: feature
file: kernels
desc: variable number of iterations for hash modes 500, 1600, 1800, 7400 (using e.g. $rounds=5000$)

type: feature
file: kernels
desc: added mode -m 1430 = sha256(unicode($pass).$salt)

type: feature
file: kernels
desc: added mode -m 1440 = sha256($salt.unicode($pass))

type: feature
file: kernels
desc: added mode -m 1441 = EPiServer 6.x > v4

type: feature
file: kernels
desc: added mode -m 1711 = SSHA-512(Base64), LDAP {SSHA512}

type: feature
file: kernels
desc: added mode -m 1730 = sha512(unicode($pass).$salt)

type: feature
file: kernels
desc: added mode -m 1731 = MSSQL(2012)

type: feature
file: kernels
desc: added mode -m 1740 = sha512($salt.unicode($pass))

type: feature
file: kernels
desc: added mode -m 5800 = Samsung Android Password/PIN
cred: Bjoern Kerler

type: feature
file: kernels
desc: added mode -m 6000 = RipeMD160

type: feature
file: kernels
desc: added mode -m 6100 = Whirlpool

type: feature
file: kernels
desc: added mode -m 6200 = TrueCrypt 5.0+

type: feature
file: kernels
desc: added mode -m 6300 = AIX {smd5}

type: feature
file: kernels
desc: added mode -m 6400 = AIX {ssha256}

type: feature
file: kernels
desc: added mode -m 6500 = AIX {ssha512}

type: feature
file: kernels
desc: added mode -m 6600 = 1Password

type: feature
file: kernels
desc: added mode -m 6700 = AIX {ssha1}

type: feature
file: kernels
desc: added mode -m 6800 = Lastpass

type: feature
file: kernels
desc: added mode -m 7100 = OS X v10.8

type: feature
file: kernels
desc: added mode -m 7200 = GRUB 2

type: feature
file: kernels
desc: added mode -m 7400 = sha256crypt, SHA256(Unix)

type: feature
file: kernels
desc: moved word-generator out of main kernels, as seen in oclHashcat-lite, reduces diskspace

type: feature
file: kernels
desc: changed the E rule to lowercase all input before processing, its more intuitive
trac: #110

type: bug
file: kernels
desc: rule * worked only for adjacent characters
trac: #110

type: bug
file: kernels
desc: fixed support for new GPU architectures: Oland
trac: #128

type: bug
file: kernels
desc: fixed a bug in Half MD5, in multi-hash mode it only found the first hash
trac: #136

type: feature
file: host programs
desc: added new rule function (JtR compatible): M - memorize the word (for use with "Q", "X", "4" and "6")

type: feature
file: host programs
desc: added new rule function (JtR compatible): Q - query the memory and reject the word unless it has changed

type: feature
file: host programs
desc: added new rule function (JtR compatible): X - extract substring NM from memory and insert into current word at I

type: feature
file: host programs
desc: added new rule function: 4 - appends word from memory to current word

type: feature
file: host programs
desc: added new rule function: 6 - prepends word from memory to current word

type: feature
file: host programs
desc: add rule file rules/rockyou-30000.rule based on PACK output
cred: iphelix

type: feature
file: host programs
desc: the .restore file now remembers also the last processed position in maskfiles

type: feature
file: host programs
desc: removed special VCL binaries - Not longer required since VCL 1.21 works transparently

type: feature
file: host programs
desc: added support for Tesla Deployment Kit v2.295.2

type: feature
file: host programs
desc: added support for NVAPI R313

type: feature
file: host programs
desc: add presets for .hcmask files based on PACK output. One policy covering for default AD scheme and one best-of-in-time-x based on rockyou

type: feature
file: host programs
desc: dropped predefined charsets ?h, ?F, ?G and ?R
trac: #55

type: feature
file: host programs
desc: added a collection of language-specific charset-files for use with masks
trac: #55

type: feature
file: host programs
desc: allow users to specify multiple dicts and/or directories containing dicts
trac: #71

type: feature
file: host programs
desc: support added to allow salts of length 1-31 for mode 111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
trac: #78

type: feature
file: host programs
desc: allow users to add masks using a file containing one or multiple masks, one per line, called .hcmask files
trac: #79

type: feature
file: host programs
desc: Leave username in hash file when using --remove together w/ --username
trac: #116

type: feature
file: host programs
desc: Format output according to --outfile-format option when using --show
trac: #117

type: feature
file: host programs
desc: changed units of measurement in terms of H/s, KH/s, MH/s, etc...
trac: #130

type: feature
file: host programs
desc: do not allow loading of duplicate rules (like hashcat)
trac: #132

type: feature
file: host programs
desc: removed rules/perfect.rule
trac: #132

type: feature
file: host programs
desc: reject -r option when not using straight attack -a 0
trac: #169

type: feature
file: host programs
desc: show mask length in status screen
trac: #180

type: bug
file: host programs
desc: Runtime timer (--runtime) delayed the program exit when using a huge list of hashes
trac: #93

type: bug
file: host programs
desc: fixed a bug in NetNTLMv2 parser, did not took client challenge into sort for unique
trac: #106

type: bug
file: host programs
desc: rare triggered crash when file opening/writing fails
trac: #111

type: bug
file: host programs
desc: fixed a bug in NetNTLMv2 parser, only cracking first hash in file
trac: #114

type: bug
file: host programs
desc: fixed a bug in NetNTLMv2 parser, using --remove option replaces all the old users
trac: #115

type: bug
file: host programs
desc: ensure that DES output does not contain plains with lengths greater than 8

type: bug
file: host programs
desc: don't force to update .restore too often e.g. when using -i and/or maskfiles

type: bug
file: host programs
desc: fixed output of show/left when there are colons in the plaintext part (in hashcat.pot)

type: change
file: host programs
desc: updated default values for --gpu-accel and --gpu-loops for NVidia
cred: Rolf

type: change
file: host programs
desc: changed speed display, now divides speed by number of uncracked unique salts

type: change
file: host programs
desc: updated --help text regarding --username
cred: #121

type: feature
file: rules
desc: added a more more complex leetspeak rule from unix-ninja
trac: #112

type: feature
file: rules
desc: added a more more complex leetspeak rule from Incisive
trac: #119

--
atom

hashcat v0.44, oclHashcat-plus v0.14 and oclHashcat-lite v0.15

Fri, 22 Mar 2013 16:10:10 +0000

hashcat v0.44:

Download here: http://hashcat.net/hashcat/

Quote:
type: feature
file: hashcat-cli
desc: added mode -m 9999 = Plaintext
trac: #45

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1 + ESS
trac: #96

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: change
file: hashcat-cli
desc: changed the hash-format for NetNTLMv1 and NetNTLMv2 to .lc format
cred: #98

type: bug
file: hashcat-cli
desc: fixed bug in 32 bit version, did not crack -m 1800 sha512crypt
trac: #92

type: bug
file: hashcat-cli
desc: fixed bug in NetNTLMv2 parser
trac: #95

oclHashcat-plus v0.14:

Download here: http://hashcat.net/oclhashcat-plus/

Quote:
type: driver
file: host programs
desc: added support for AMD ADL v5.0 library

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
trac: #51
trac: #96

type: feature
file: hashcat-cli
desc: added mode -m 5600 = NetNTLMv2
trac: #56

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so that it accepts only 16 byte input, see next change why
trac: #89

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so it can crack middle and right portions, too (not just left)
trac: #89

type: bug
file: kernels
desc: fixed bug in NVidia version had to switch back to bitness-depending kernels

type: bug
file: kernels
desc: fixed bug in NVidia version writing to constant memory from kernel isnt allowed

oclHashcat-lite v0.15:

Download here: http://hashcat.net/oclhashcat-lite/

Quote:
type: driver
file: host programs
desc: added support for AMD ADL v5.0 library

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
trac: #51
trac: #96

type: feature
file: hashcat-cli
desc: added mode -m 5600 = NetNTLMv2
trac: #56

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so that it accepts only 16 byte input, see next change why
trac: #89

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so it can crack middle and right portions, too (not just left)
trac: #89

type: bug
file: kernels
desc: fixed bug in NVidia version had to switch back to bitness-depending kernels

type: bug
file: kernels
desc: fixed bug in NVidia version writing to constant memory from kernel isnt allowed

type: bug
file: hashcat-cli
desc: fixed bug in benchmark-mode, do not run MD5 again at end

type: bug
file: hashcat-cli
desc: fixed bug in benchmark-mode, Memory stepping when doing a benchmark
trac: #57

oclHashcat-plus v0.13 and oclHashcat-lite v0.14

Fri, 01 Feb 2013 11:09:59 +0000

This update is about:

Support for new drivers
Support for new algorithms
Support for new GPU types
Bugfixes

Based on what user reported on our new tracker: http://hashcat.net/trac/ - Thanks guys!

Download it here:

oclHashcat-plus: http://hashcat.net/oclhashcat-plus/
oclHashcat-lite: http://hashcat.net/oclhashcat-lite/

List of changes for oclHashcat-plus in detail:

Code:
type: driver

file: kernels

desc: added support for AMD Catalyst v13.1 (new GPU architectures: Oland, Cats, Raccoons)

type: driver

file: kernels

desc: added support for AMD APP SDK v2.8

type: driver

file: kernels

desc: added support for NVidia sm_35 gpu-architecture [ Tesla K20* ]

type: feature

file: kernels

desc: added -m 5100 = Half MD5

trac: #6

type: feature

file: kernels

desc: added -m 5200 = Password Safe SHA-256

trac: #19

type: feature

file: kernels

desc: added -m 5300 = IKE-PSK MD5

trac: #5

type: feature

file: kernels

desc: added -m 5400 = IKE-PSK SHA1

trac: #5

type: feature

file: host programs

desc: added --status and --status-timer for automatic status-display updates without pressing "s"

trac: #4

type: feature

file: host programs

desc: when using the --show or the --left switch make use of --outfile in case user specified it

trac: #12

type: feature

file: host programs

desc: added percentage of recovered hashes / salts in status-display

trac: #13

type: feature

file: host programs

desc: added blank line each time "s" is pressed to separate reports for easier viewing

trac: #14

type: feature

file: host programs

desc: for salted algorithms, report the number of words tried per second, not crypts

trac: #24

type: feature

file: host programs

desc: brought back special VCL binaries - VCL 1.18 doesnt work that transparently as required

trac: #33

type: feature

file: host programs

desc: added shortcut for --gpu-loops, you can use -u now as well

trac: #39

type: bug

file: host programs

desc: fixed bug in thread handling that can lead to progress more than 100%

trac: #9

type: bug

file: host programs

desc: fixed bug in case one uses a rule in -j or -k which is invalid or produces rejects

trac: #37

type: bug

file: host programs

desc: fixed bug in dictionary-stats handling in case more than 1000 entries have been added

trac: #38

type: bug

file: host programs

desc: fixed bug in rule-engine (slow hashes) in Dx function

trac: #52

type: bug

file: host programs

desc: fixed bug in user-defined charset if using to many predefined variables

type: bug

file: host programs

desc: fixed bug in in case user specified to many wordlists or to long paths to wordlists

List of changes for oclHashcat-lite in detail:

Code:
type: driver

file: kernels

desc: added support for AMD Catalyst v13.1 (new GPU architectures: Oland, Cats, Raccoons)

type: driver

file: kernels

desc: added support for AMD APP SDK v2.8

type: driver

file: kernels

desc: added support for NVidia sm_35 gpu-architecture [ Tesla K20* ]

type: feature

file: kernels

desc: removed -m 1900 = SL3

type: feature

file: kernels

desc: added -m 5100 = Half MD5

trac: #6

type: feature

file: host programs

desc: brought back special VCL binaries - VCL 1.18 doesnt work that transparently as required

trac: #33

type: feature

file: host programs

desc: added shortcut for --gpu-loops, you can use -u now as well

trac: #39

type: feature

file: host programs

desc: added --status and --status-timer for automatic status-display updates without pressing "s"

trac: #4

type: feature

file: host programs

desc: added blank line each time "s" is pressed to separate reports for easier viewing

trac: #14

type: bug

file: host programs

desc: fixed bug in user-defined charset if using to many predefined variables

--
atom

oclHashcat-plus v0.10 and oclHashcat-lite v0.11

Mon, 31 Dec 2012 15:21:08 +0000

I have decided to do a dual-release of both oclHashcat-plus v0.10 and oclHashcat-lite v0.11.

That is because both programs share many of the changes that have been done in the last months.
The most time I spend adding two major features to oclHashcat-plus (see changes below).
They could also enable me to move the high-speed brute-force from oclHashcat-lite into oclHashcat-plus in the next version.
Chances that this plan will work out are high. If it does, it would enable me to fusion oclHashcat-plus and oclHashcat-lite into a single one.

My original plan for this release was to wait for a more recent catalyst driver, since this is what most of us use.
But the new year and the timebomb forces me to release this sooner as expected. Thats why there is a small number of known bugs left.

Download it here:

oclHashcat-plus: http://hashcat.net/oclhashcat-plus/
oclHashcat-lite: http://hashcat.net/oclhashcat-lite/

Support added for mixed gpu types.

Previous versions of oclHashcat-plus required a homogeneous computing environment, in which not only were all GPUs required to be of the same model, but were forced to run at the same clock speed as well. Version 0.10 introduces the possibility of heterogeneous computing environments with both mixed models and mixed clock speeds, thanks to a custom workload dispatcher which replaces the dispatcher in the OpenCL runtime.

This is a major win for VCL users, as it promotes adding cluster nodes with any supported GPU. This also provides a path for future versions to support the parallel use of other devices, such as CPUs or FPGAs.

See here for requests/details:

http://hashcat.net/forum/thread-1542.html
http://hashcat.net/forum/thread-1478.html
http://hashcat.net/forum/thread-1395.html
http://hashcat.net/forum/thread-1154.html
http://hashcat.net/forum/thread-1233.html
http://hashcat.net/forum/thread-1047.html
http://hashcat.net/forum/thread-893.html
http://hashcat.net/forum/thread-608.html
http://hashcat.net/forum/thread-376.html
http://hashcat.net/forum/thread-297.html

Support added for restore/resume.

Title says it all -- version 0.10 introduces the ability to restore and resume halted sessions. oclHashcat-lite users are already familiar with this feature.

If you wish to restore a session after a graceful or ungraceful shutdown, simply restart oclHashcat-plus with the --restore parameter:

Code:
./oclHashcat-plus64.bin --restore

To support this feature, a state file is periodically written which saves your session and its current progress. This file is named "oclHashcat-plus.restore" by default, but can be renamed using the --session parameter detailed in the next section. This file is written every 60 seconds by default, but you may tune the timer using the "--restore-timer " parameter. The state file is also written upon graceful shutdown (e.g. user presses ^C or 'q' to halt the program), so that your most recent progress is saved upon exit. This file is automatically cleaned up when all hashes have been recovered or the keyspace for an attack has been exhausted.

See here for requests/details:

http://hashcat.net/forum/thread-1524.html
http://hashcat.net/forum/thread-1422.html
http://hashcat.net/forum/thread-1403.html
http://hashcat.net/forum/thread-1172.html
http://hashcat.net/forum/thread-1154.html
http://hashcat.net/forum/thread-990.html
http://hashcat.net/forum/thread-908.html
http://hashcat.net/forum/thread-565.html
http://hashcat.net/forum/thread-244.html

Support added for sessions.

The introduction of restore/resume support also introduces the challenge of running multiple concurrent instances of oclHashcat-plus, as each instance would attempt to store its progress to the same restore file. This challenge has been addressed by adding support for named sessions.

When using the "--session " parameter, each instance writes its progress to its own restore file, rather than the default restore file. To restore a named session, simply tell oclHashcat-plus which session to restore:

Code:
./oclHashcat-plus64.bin --restore --session mysession

A named session can also be created from a default session upon exiting oclHashcat-plus. For example, if you start oclHashcat-plus without the --session parameter and later choose to exit the application to work on a more important job, you can stop the process by pressing 'q' like normal, and rename "oclHashcat-plus.restore" to ".restore" before running the other job. This will allow you to resume your previous job using "--session " at a later time.

Support added for new SHA-3 algorithm.

On Oct 3, 2012, NIST selected Keccak as the winner of the SHA-3 competition. Two days later I added it to Hashcat, making Hashcat the first password recovery tool to support SHA-3. It is now being introduced in oclHashcat-plus as well.

NOTE: SHA-3 has the potential to support up to four specific variants in the future: SHA-3 224, SHA-3 256, SHA-3 384 and SHA-3 512. For the time being, only SHA-3 512 will be implemented.

See here for requests/details:

http://twitter.com/hashcat/status/253462812620361728
http://twitter.com/hashcat/status/253865680426893313

Support added for loading dictionaries in parallel while GPU is cracking.

In previous versions of oclHashcat-plus, dictionary files were read and parsed during program initialization. This meant that while your dictionary files were being parsed, your GPUs were idle. This lead to the display of two different speeds: "Real c/s," and "GPU c/s." You can read more about that at http://hashcat.net/wiki/doku.php?id=oclh...pu_cs_mean

But you do not need to think about that any longer. It is history now.

Support added for autotuning.

There is this magical -n parameter. I know you often use it, but you can also misuse it. You know the higher you set it, the faster it cracks (and the more the screen lags). But there is this (rare) case in which you can actually make it slower by setting it too high.

A little mathematical background (skip if you don't care):

The number of workload oclHashcat-plus chooses for a GPU is:

Code:
Number-of-processors * Number-of-optimal-threads *

Number-of-optimal-vectorsize * Value-of-n-parameter

Now imagine the result of such a calculation is 8000000 and you set -n 80. The thing I call base-power of your GPU (the part you can not tune) is 100000. On the other hand we have the keyspace we want to search. For example we have a mask ?d?d?d?d?d?d?d?d. That makes the keyspace = 100000000 (10^8). So we have 100000000 / 8000000 = 12.5. That's fine, we can call the kernel 12.5 (actually 13) times before the keyspace is exhausted.

Now imagine you have two cards of that speed. We add up the power and get 8000000 * 2 = 16000000. This time we have 100000000 / 16000000 = 6.25. That's still fine, both GPU are called 6.25 times. Now what happens if we set from -n 80 to -n 800? Right, the GPU power jumps from 16000000 to 160000000. So we have 100000000 / 160000000 = 0,625. Because this value is smaller than 1, the dispatcher can not assign enough work to both GPU. One of both GPU will not get used at all.

This demonstrates a case when using too high of a -n value will crack slower than a lower -n value. If you ever wondered why not all your GPUs are used, this might be the cause.

The new autotune function helps you with that. It cannot be disabled -- it will automatically tune down your -n amplifier in case you set it too high.

Support added for dictionary word counter cache.

This is simple to explain: it is necessary to know the number of words inside a dictionary in order to calculate the ETC in the status display, as the keyspace is dimensioned based on the number of words.

When oclHashcat-plus starts and you use an attack using a dictionary, you see it parsing the dictionary before starting the attack itself. This can take a bit of time and can become very annoying; plus, most of the time the dictionary has not changed since the last time it was loaded.

So what oclHashcat-plus is doing is that it reads the dictionary only one time and then stores the number of words into the cache files hashcat.dictstat in oclHashcat-plus installation directory. In case the dictionary did not change (checked by comparing mtime, filesize etc) in a later attack, this cache file is used as reference for the word count instead of parsing the dictionary again.

This reduces the startup time a lot, especially if you focus fast attacks.

See here for requests/details:

http://hashcat.net/forum/thread-1711.html

List of changes for oclHashcat-plus in detail:

Code:
type: feature

file: kernels

desc: added -m 5000 = SHA-3(Keccak)

type: bug

file: kernels

desc: fixed -m 1100 = DCC, mscash (NVidia only) in case of -a 3 against multiple hashes

type: driver

file: kernels

desc: added support for NVidia ForceWare 304.51

type: feature

file: host programs

desc: added support for mixed GPU types

type: feature

file: host programs

desc: added support for restore/resume 

type: feature

file: host programs

desc: added support for sessions

type: feature

file: host programs

desc: added autotune function in case user choosed to high value for the --gpu-accel amplifier

type: feature

file: host programs

desc: added timestamps like [Thu Nov  8 13:05:59 2012] to timers in status display

type: feature

file: host programs

desc: added support for loading dictionary in parallel while gpu is cracking

type: feature

file: host programs

desc: added dictionary word counter cache

type: feature

file: host programs

desc: doubled dictionary word counter performance on startup

type: feature

file: host programs

desc: if default-mask is used increment mode is automatically turned on

type: feature

file: host programs

desc: removed special VCL binaries - Not longer required since VCL 1.16 works transparently

type: bug

file: host programs

desc: fixed file-globbing on cmdline for windows

cred: Mem5

type: bug

file: host programs

desc: fixed Segmentation fault (core dump) on --show and --left

cred: splash, undeath

type: bug

file: host programs

desc: fixed --increment-min was ignored

cred: Kgx Pnqvhm

type: bug

file: host programs

desc: fixed a bug that made length 6 masks faster than length 7 masks

List of changes for oclHashcat-lite in detail:

Code:
type: feature

file: kernels

desc: added -m 5000 = SHA-3(Keccak)

type: driver

file: kernels

desc: added support for NVidia ForceWare 304.51

type: driver

file: kernels

desc: added support for NVidia CUDA 5.0

type: driver

file: kernels

desc: added support for AMD APP SDK v2.7

type: feature

file: host programs

desc: added timestamps like [Thu Nov  8 13:05:59 2012] to timers in status display

type: feature

file: host programs

desc: removed special VCL binaries - Not longer required since VCL 1.16 works transparently

type: change

file: host program

desc: updated exit status code, see status_codes.txt for details

cred: m4tr1x

type: feature

file: host programs

desc: add ?a to built-in charsets as ?l?u?d?s

cred: m4tr1x

type: improvement

file: kernels

desc: performance increase in sha512 kernels with password len < 16

cred: m4tr1x

--
atom

oclHashcat-plus v0.09

Fri, 07 Sep 2012 14:44:28 +0000

We are proud to present oclHashcat-plus v0.09!

Download it here: http://hashcat.net/oclhashcat-plus/

Lots of new features and algorithms have been added, and many bugs have been fixed.

The major changes are:

Support for cracking the bcrypt and sha512crypt ($6$) algorithms.
Support for GPU clustering across multiple LAN hosts via VCL, and an increase to support 128 GPUs.
Added what we call a Brute-Force++ attack (see details for description).
Increased cracking performance, especially on multi-hash due to partially reversing as you know it from single-hash cracking.

Lets start with the algorithms added; in this case, the generic types:

added -m 10 = md5(pass.salt)
added -m 20 = md5(salt.pass)
added -m 30 = md5(unicode(pass).salt)
added -m 40 = md5(salt.unicode(pass))
added -m 110 = sha1(pass.salt)
added -m 120 = sha1(salt.pass)
added -m 130 = sha1(unicode(pass).salt)
added -m 140 = sha1(salt.unicode(pass))
added -m 1410 = sha256(pass.salt)
added -m 1420 = sha256(salt.pass)
added -m 1710 = sha512(pass.salt)
added -m 1720 = sha512(salt.pass)

They have been added for two reasons.

1. Because there were many requests by users to add them like here:

http://hashcat.net/forum/thread-1009.html
http://hashcat.net/forum/thread-1152.html
http://hashcat.net/forum/thread-1444.html
http://hashcat.net/forum/thread-474.html
http://hashcat.net/forum/thread-490.html
http://hashcat.net/forum/thread-574.html
http://hashcat.net/forum/thread-577.html
http://hashcat.net/forum/thread-651.html
http://hashcat.net/forum/thread-830.html
http://hashcat.net/forum/thread-833.html
http://hashcat.net/forum/thread-944.html
http://hashcat.net/forum/thread-951.html

2. By adding another feature -- that is, setting the minimum length for a salt to 0 -- you can construct your own hashing modes if you exploit the salt by putting some data into the calculation. Since we have support in oclHashcat-plus for --hex-salt, this will make your lives even easier.

Next one is the bcrypt algorithm.

Guys, there is not much to say. Just one thing: do not expect too much! This algorithm was designed to run extremly slow on GPUs. It is highly dependant on memory-lookups, and is both salted and iterated. On our hd6990, we can reach 4085/s. This isn't much, but it's still multiple times faster than on CPU.

Details here:

http://hashcat.net/forum/thread-1219.html
http://hashcat.net/forum/thread-302.html
http://hashcat.net/forum/thread-186.html

Another algorithm we added was the EPIserver algorithm. These are the hashes stored by the ASP.NET membership provider. For more detailed information about this, have a look here: http://hashcat.net/forum/thread-987.html

There are plans to rename this algorithm from EPIserver to something like "asp.net membership provider." For now we will stick to EPIserver, but we will certainly rename this in a later version.

There was already an interesting blog post about all this here, definitely a good read: http://www.troyhunt.com/2012/06/our-pass...othes.html

Last but at least, the most impressive addition is the sha512crypt algorithm, aka $6$, which is used in nearly all Linux distributions by default.

Like all crypt(3) algorithms, this is another algorithm which is designed to run slow; plus, it is based on sha512, which uses 64 bit integers. Today's AMD GPUs do not have support for native 64 bit bitwise arithmetics (except shifts), so this is another reason why this algorithm is slow.

Still, the speedup cracking sha512crypt on GPU versus CPU is much higher compared to bcrypt. My hd6990 gives an impressive 32519/s, which we are very proud of!

This algorithm was requested here:

http://hashcat.net/forum/thread-790.html
http://hashcat.net/forum/thread-736.html
http://hashcat.net/forum/thread-303.html

The partial reversing of hashes for multi-hash lists differs a bit from classic single-hash reversal, which you are already familiar with if you use oclHashcat-lite. For several reasons, it is not efficient to reverse all hashes that many steps back as in single-hash cracking, and thus we can not reach oclHashcat-lite speed. But, it can still be more efficient than just traditional early checks.

To visualize this, here made some graphs:

You can see that the less hashes you have, the more efficient it is. The curves on Nvidia are a bit sharper.

Whenever you run brute force on multiple MD4, NTLM or MD5 hashes, oclHashcat-plus will use this partial reveral technique. In theory we can port this to salted hashes as well, but multi-hash on a salted hash is a bad idea. So for now, we stick to raw and reversable algorithms.

Another nice thing that came up lately is the Virtual OpenCL Cluster Platform (VCL) project. When thorsheim and epixoip informed us about this project in this post http://hashcat.net/forum/thread-1473.html it was totally not working with oclHashcat-*, nor any other OpenCL-based password cracker. But, we got in contact with the developers at MOSIX, and after some debugging and trace sessions, we were able to pinpoint the problems. MOSIX then released VCL version 1.15 which addressed these issues.

The overhead produced by the network agents is very low. This is one of the most important factors for a distributed solution. I made some stats on this here:

VCL is intended to be used on dedicated LANs or with High Speed Interconnects. I would not recommend clustering nodes over the Internet, as both latency and bandwidth would be an issue.

Development for VCL support is still in its infancy, but I've tested it with 22 GPUs and it worked well. Installing and configuring VCL is outside the scope of these release notes, but I plan to write a form post on this topic soon. However, there is no magic required to get VCL running on your own.

To better support VCL, we have increased the maximum number of GPUs from 16 to 128. We do not know for a fact if VCL can handle 128 GPUs, but it works with at least 22 GPUs.

Another nice thing about this is that it works around the 8-GPU limitation in AMD's drivers and Xorg. Since VCL does not require X to run, you can build giant GPU clusters this way.

Something that already was included in the newer versions of oclHashcate-lite is the support for markov-chains.

It does not matter if you do simple Brute-Force attack using -a 3 or you do a dictionary based Hybrid-Attack using either -a 6 or -a 7. This enhancement is automatically used EVERY time you use a mask.

A little background on this, as if you do not use oclHashcat-lite you might not know:

The markov-attack is a statistically based brute-force like attack, but instead of specifying a charset or a mask, we specify a file that was generated once in a previous step. It contains statistical information which is made out of an automated analysis of a given dictionary.

It can fully replace Brute-Force since it covers the full keyspace.

In Brute-Force Attack (or in Mask Attack) we can limit the keyspace by setting a smaller charset in order to reduce the attack-time. In Markov Attack we have something similar, the "threshold". All you do is to specify a number. The higher the number, the higher the threshold to add a new link between two characters on the two-level table on which the markov-attack is based on.

The background is not so important -- just remember that the lower the value, the smaller the keyspace, and thus the faster the attack is.

But if you take a close look on it, the technical correct description would be: "Brute-Force attack enhanced by per-position markov-chains built out of wordlists for statistics with the ability to use filters using a mask". OK? That required some special naming, and since it's 100% replacing Brute Force, we made it simple for ourselves and called it Brute-Force++

Here is a nice chart that visualizes the efficiency of Brute-Force++:

The original description of how this works can be found here:

http://hashcat.net/forum/thread-1291.html
http://hashcat.net/forum/thread-1285.html
http://hashcat.net/forum/thread-1265.html

Use .ptx ad .llvmir intermediate kernels - from oclHashcat-lite

The kernels are distributed in an "intermediate" format (aka IL). This format cannot be reversed to its original C code, but is still not a binary format that can be used for execution.

The JIT (just-in-time) compilers from both OpenCL and CUDA, which ship with the driver, compile the final bytecode out of the IL. This takes a few seconds per kernel, but this is a one-time operation as the bytecode is cached (CUDA does it automatically, OpenCL does not, but we add eda function that emulates CUDA's behavior.)

This has some nice advantages:

Not 32/64 bit specific
Less HDD space
Smaller .7z
Less problems with driver specific problems as we often see with Catalyst
There is no more need to release a new oclHashcat-* in case a new driver optimization has been added. Cached oclHashcat-* kernels are driver specific. If it recognizes a driver change, it will rebuild the bytecode from the IL, but using the new JIT from the new driver, resulting in driver-specific optimized bytecode.

Added Retaining GPU temperature - from oclHashcat-lite

When I started with oclHashcat-* Hardware mangement support, some people asked me for add support for fan-speed. For a long time I was not interessted in adding fan-speed code to oclHashcat-* since this is the job for the driver or some specialized controling software.

I did not change my mind completly on this, but still we have added some fan-speed controlling code. The new parameters are:

Code:
--gpu-temp-disable            Disable temperature and fanspeed readings and triggers

--gpu-temp-abort=NUM          Abort session if GPU temperature reaches NUM degrees celsius

--gpu-temp-retain=NUM         Try to retain GPU temperature at NUM degrees celsius (AMD only)

So what this does is, if the temperature configured with the new --gpu-temp-retain parameter is reached, it starts to increase the fan-speed by 1 percent each second. Thats all. In practice, this means is it enables you to enfore a very specific operating temperature for your GPUs.

Some notes:

--gpu-temp-disable you can completly disable all the temperature stuff.
--gpu-temp-retain currently only works for AMD.
--gpu-temp-abort parameter is just the renamed version of the old --gpu-watchdog.
Both parameters accept the 0 value which disables only this specific feature. This means you can step back to the old behavior by specifying --gpu-temp-retain 0.
The default for --gpu-temp-abort is still 90c.
The default for --gpu-temp-retain is 80c.

More implemented feature requestes on forum:

http://hashcat.net/forum/thread-1303.html - Increment-mode for Brute Force
http://hashcat.net/forum/thread-1065.html - OpenLDAP SSHA's Dynamic Base64 Parser
http://hashcat.net/forum/thread-1335.html - Implement command line rules for plus
http://hashcat.net/forum/thread-1263.html - Add Charset ?a
http://hashcat.net/forum/thread-1140.html - Hashcat Exit Statuses
http://hashcat.net/forum/thread-1043.html - Next Dictionary In Line

More implemented feature requestes on PM / IRC / Email:

Default-mask for -a 3 mode from oclHashcat-lite v0.10
Commandline switch --disable-potfile feature from hashcat v0.40

This new version has been tested by many beta testers on a wide variety of hardware and operating systems.

All new features were available to beta tester for several weeks. All we did for the last few weeks was perform both automated and manual tests of all features and algorithms, until all issues were 100% fixed.

We want to say a special thank-you to the following beta-testers for their massive support during development:

This is great proof of how the cracking community is working together, regardless of what team they are on.

Of course we want to say thanks to all the beta testers who helped finding bugs and suggesting things as well -- Thanks!

--
atom and matrix

Full changelog:

Code:
type: feature

file: kernels

desc: added -m 10 = md5(pass.salt)

type: feature

file: kernels

desc: added -m 20 = md5(salt.pass)

type: feature

file: kernels

desc: added -m 30 = md5(unicode(pass).salt)

type: feature

file: kernels

desc: added -m 40 = md5(salt.unicode(pass))

type: feature

file: kernels

desc: added -m 110 = sha1(pass.salt)

type: feature

file: kernels

desc: added -m 120 = sha1(salt.pass)

type: feature

file: kernels

desc: added -m 130 = sha1(unicode(pass).salt)

type: feature

file: kernels

desc: added -m 140 = sha1(salt.unicode(pass))

type: feature

file: kernels

desc: added -m 141 = EPiServer 6.x

cred: thorsheim

type: feature

file: kernels

desc: added -m 1410 = sha256(pass.salt)

type: feature

file: kernels

desc: added -m 1420 = sha256(salt.pass)

type: feature

file: kernels

desc: added -m 1710 = sha512(pass.salt)

type: feature

file: kernels

desc: added -m 1720 = sha512(salt.pass)

type: feature

file: kernels

desc: added -m 1800 = sha512crypt, SHA512(Unix)

type: feature

file: kernels

desc: added -m 3200 = bcrypt

type: feature

file: kernels

desc: removed -a 4 permutation attack (use rules and combinator-attack instead)

type: feature

file: kernels

desc: added reversing kernel for multihash MD5 if running in -a 3 mode and mask < length 9

type: feature

file: kernels

desc: added reversing kernel for multihash MD4 if running in -a 3 mode and mask < length 13

type: feature

file: kernels

desc: added reversing kernel for multihash NTLM if running in -a 3 mode and mask < length 9

type: feature

file: kernels

desc: on AMD, switched from .kernel to .llvmir to reduce diskspace

type: feature

file: kernels

desc: on NV, switched from .cubin to .ptx to reduce diskspace

type: feature

file: kernels

desc: added kernel cache to avoid unnecessary recompilation

cred: m4tr1x

type: feature

file: kernels

desc: brought back support for AMD hd4xxx GPUS due to .llvmir integration

type: feature

file: kernels

desc: optimized 0x80 handling; +3.6% speed in combinator- and hybrid-attack

type: feature

file: host programs

desc: added support for Virtual OpenCL (VCL) Cluster Platform VCL 1.15

cred: epixoip

type: feature

file: host programs

desc: added support for up to 128 GPUS

type: feature

file: host programs

desc: ported markov-attack from oclHashcat-lite v0.10

type: feature

file: host programs

desc: ported increment-mode from oclHashcat-lite v0.10

type: feature

file: host programs

desc: ported default-mask from oclHashcat-lite v0.10

type: feature

file: host programs

desc: ported -j and -k single rules from oclHashcat v0.27

type: feature

file: host programs

desc: allowed zero-length salts in the generic algorithms makes it more easy to exploit them

type: feature

file: host programs

desc: added next-dictionary-in-line feature to skip inefficient dictionaries on keypress

type: feature

file: host programs

desc: implemented base64 parser that would allow for dynamic salt lengths in nsldaps

type: feature

file: host programs

desc: worked around memory allocation limit, you can load twice as much hashes in multihash

type: driver

file: kernels

desc: added support for NVidia CUDA 5.0

type: driver

file: kernels

desc: added support for AMD APP SDK v2.7

type: driver

file: host programs

desc: added support for NVidia NVML library and got rid of nvidia-smi command

type: feature

file: host programs

desc: splitted --gpu-watchdog to --gpu-temp-disable and --gpu-temp-abort

type: feature

file: host programs

desc: added --gpu-temp-retain to try retain temperature at NUM degrees celsius

cred: m4tr1x

type: feature

file: host programs

desc: worked around AMD bug in clGetDeviceInfo() CL_DEVICE_MAX_CLOCK_FREQUENCY

cred: m4tr1x

type: change

file: host program

desc: updated exit status code, see status_codes.txt for details

cred: m4tr1x

type: feature

file: host programs

desc: backported --disable-potfile feature from hashcat v0.41

cred: m4tr1x

type: feature

file: host programs

desc: add ?a to built-in charsets as ?l?u?d?s

cred: m4tr1x

type: feature

file: host programs

desc: added fan-speeds to status display

type: bug

file: host programs

desc: fixed a bug in host program for WPA/WPA2 in -a 1, -a 6 and -a 7 mode

cred: bjorn

type: bug

file: kernels

desc: fixed a bug in kernel for WPA/WPA2 on AMD VLIW architecture leading to code not found

cred: DrGeek

type: change

file: contact.txt

desc: updated contact information (moved to freenode IRC)

oclHashcat-plus v0.09 special version

Thu, 07 Jun 2012 17:10:43 +0000

This is a special oclHashcat-plus version.

Its able to crack the "masked" 3.5mil hashes in your 6.5mil hashlist, use -m 150.

http://hashcat.net/files/oclHashcat-plus-0.09_150.7z

oclHashcat-plus v0.081 HOTFIX

Tue, 08 May 2012 09:35:59 +0000

If you are cracking WPA/WPA2 on an AMD GPU which is not of GCN architecture you should upgrade.

Download here: http://hashcat.net/oclhashcat-plus/

Original discussion is here: http://hashcat.net/forum/thread-1147.html

--
atom

oclHashcat-plus v0.08

Tue, 01 May 2012 16:49:45 +0000

Welcome to the latest version of the hashcat flagship: oclHashcat-plus.

Download it here: http://hashcat.net/oclhashcat-plus/

I will go into detail about all the changes shortly, but first let me thank the beta testers and forum members. They do a really great job of sending me bug-reports, benchmarks, suggestions, keeping the wiki up to date, etc. You guys rock! Many thanks for your help!

There are many new changes and its hard to pick which is the most important one. I will start in no particular order, but limit it to the most interesting changes. The full change-log can be found on the bottom.

Added support for Catalyst 12.4.

There is nothing much to say, but this enables the use of the following hd7xxx GPUS:

Scrapper: 7350
Capeverde: 7570, 7670, 7770
Devastator: 7450, 7550
Pitcairn: 7850, 7870
Tahiti: 7950, 7970

Added support for CUDA 4.2.

This is interesting for two reasons:

Adds support for the sm_30 gpu-architecture, aka Kepler, aka gtx6xx
NVidia switched from GCC to LLVM for kernel compilations, that brings some good automated optimizations.

I hope there is something more inside sm_30 that I can use for optimization.

To do this one requires the PTX documentation to be updated.

I have backported the base SHA-512 algorithm to oclHashcat-plus.

As always, most of the code has been backported from oclHashcat-lite. My favorite way of developing is to: Start implementing on oclHashcat-lite, then collect some user experience and do some optimizations, then backport to oclHashcat-plus.

It will run slower than you might expect it to (but not that slow).

Still, it is pretty fast: The hd7970 runs at 72582 khash/s, the gtx570@1600 runs at 71454 khash/s.

The original request post for the algorithm is here: http://hashcat.net/forum/thread-992.html

SHA-512 is also the base hash of the Mac OSX v10.7 Lion hashes.

Its just salted with random 4 byte data. So I quickly decided to add it since there were several requests on IRC and via Email for it.

The salt has an optimization impact on the NVidia kernel that actually makes it a bit faster than the raw SHA-512 hash.

The hd7970 runs at 69894 khash/s, the gtx570@1600 runs at 76266 khash/s.

But think before you start. These hashes are salted. That means you probably want to limit your attack to a single (but important) one.

One of the most intrusive changes was the back-porting of the GPU-based password candidate generator from oclHashcat-lite v0.09.

This greatly reduces the CPU load and the bus I/O and GPU idle times decrease.

This has been implemented for both the mask-attack and both hybrid-attacks.

It generally increases the performance by ~ +2% - but for all algorithm types!

Another very intrusive change that took me several weeks was to back-porting of the vector datatype on NVidia from oclHashcat-lite v0.09.

This drastically improved the performance on the sm_21 based cards like the GTX460 or GTX560Ti.

For example: The MD5 performance on my GTX560Ti increased from 893 Mhash/s to 1181 Mhash/s.

I found motivation to backport the long missed rule functions for GPU from hashcat v0.38:

RULE_OP_MANGLE_REPLACE_NP1
RULE_OP_MANGLE_REPLACE_NM1
RULE_OP_MANGLE_DUPEBLOCK_FIRST
RULE_OP_MANGLE_DUPEBLOCK_LAST

I also added the new RULE_OP_MANGLE_TITLE rule which was requested here: http://hashcat.net/forum/thread-499.html

With both these changes the GPU rule engine is 100% compatible to the Hashcat rule engine.

The LM algorithm was something I never wanted to add, but now its done.

Check this thread and you know why I had to change my mind: http://hashcat.net/forum/thread-167.html

One of the things that make me most proud is when oclHashcat-plus is used during a pentest. From what I have heard, pentesters usually have to check LM, NTLM, DES, Oracle, ... This LM kernel makes oclHashcat-plus much more feature-rich for the above task.

This kernel is not the same one that I used when I wrote about the kernel on here: http://hashcat.net/forum/thread-846.html

I have optimized it a couple of times since then: The hd7970 now runs at 1193 Mhash/s, the gtx560Ti runs at 448 Mhash/s.

While Oracle 11g already was supported with oclHashcat-plus v0.07, this version also brings support for the old Oracle 7-10g versions, too.

Yes, the one that was based on DES-CBC.

There was also a request here: http://hashcat.net/forum/thread-962.html

But real reason was the same as for LM - I wanted to make oclHashcat-plus a more complete tool for pentesters.

The hd7970 runs at 429 Mhash/s, the gtx570@1600 runs at 164 Mhash/s.

When I've added WPA/WPA2 to oclHashcat-plus I was a bit lazy. Instead of implementing a clean solution to pass all the required data to crack WPA to the kernel I've just added this data to the salt struct. Compared to the salt size of other hash-types the ~400 byte for WPA is huge.

That works fine but because of this all salted hash-types had to allocate and carry 400 additional bytes for nothing - for each salt. For example, if you crack an IPB2 hashlist which contains 1 million unique salts this took additional 400mb host AND GPU memory - for nothing.

This has been fixed now.

After Hashcat v0.39 and oclHashcat-lite v0.09 already got the update to the new relaxed EULA, oclHashcat-plus got it, too.

This change for example, now allows companies to use all Hashcat derivates as long such use is inside a legal context. You can also distribute it within your linux distribution, package it or mirror it.

I also removed the anti-leech protection for the files from the official download location and made them wget friendly.

Although I am always very focused on increasing performance its not always possible. Each new driver, each new SDK always change the performance somehow for each kernel. It happens that code can become faster or slower without a single code change. So I can tell you, I made lots of performance increases code-wise, but due to some driver and SDK reasons some changes were sacrificed to compensate for their losses.

But some improvements were so large that they still make a notable difference. For example I found a better way to deal with the salt on Joomla and MSSQL hashes and the slow hashes like phpass, and md5crypt or md5apr1 improved a lot due to other architecture changes in the host-code.

To better keep track of the performance changes, you can take a look at arex's homepage.

He put up a benchmarking section: http://thepasswordproject.com/oclhashcat_benchmarking

Currently it lacks reports for NVidia, but the site also contains all the scripts I use for benchmarking.

If you want to compare locally you can just download the scripts and run them to see how everything compares on your hardware.

Thanks to superjames from Team Hashcat we had an awesome event which was based on Hashcat called "The Best64 Challenge".

If you are interested in exactly what it was, visit the contest page here: http://beeeer.org/best64/

The short story: Building on the results of this challenge, I create a new best64.rule and overwrite the old one.

A write-up on how this was done can be found here: http://hashcat.net/forum/thread-1002-pos...ml#pid5284

Did you ever try to crack hashes that include language specific or so called non-printable letters? Adding them to your charset on the command-line can be very tricky. There is a lot that can go wrong due to terminal emulation, encoding on the shell, fonts used, etc...

So there was this request made for File-based charsets: http://hashcat.net/forum/thread-916.html

Just add them to a file and this file will be parsed byte-wise.

A change but something you will like is that I have added some more information to the status display.

For example, if you crack WPA/WPA2, you can now see the ESSID, MAC Addresses etc.

This goes back to this request: http://hashcat.net/forum/thread-752.html

I also added things like hashfile and rulefile so you will be reminded of your attack (in case its has been running for some weeks).

Last but not least, the fixed bugs list:

Fixed bug leading to host program crash in NTLM and DCC brute-force AMD kernels
Fixed bug leading to host program crash in --show when having more than 100k entries in hashcat.pot
Fixed bug leading to host program crash in ETA display, if ETA calculated > 60 years
Fixed bug leading to hash-not-found in Joomla if plaintext is of a length 4 or 8 and greater
Fixed bug leading to useless cracking in -a 6 mode in combination with WPA when the base plain is smaller than length 8
Fixed bug in UI: prompt was not shown after pause or resume session

Some last words:

If something does not work after upgrading - Always remember to update to the latest driver before you post a thread on the Forum. Old drivers are the No. 1 problem of all reported problems on forum. There is a special page for drivers on the Wiki: http://hashcat.net/wiki/oclhashcat_catalyst_forceware

For this release, you *must* update to Catalyst 12.4

If you are on AMD, do *not* install the SDK unless you really know what you are doing. It contains an outdated library for OpenCL leading to slower and unstable kernels. Its confusing that AMD still ships them with the SDK.

Here is the full changelog:

Code:
type: feature

file: kernels

desc: added -m 1700 = SHA512

type: feature

file: kernels

desc: added -m 1722 = OSX v10.7

type: feature

file: kernels

desc: added -m 2600 = Double MD5

type: feature

file: kernels

desc: added -m 3000 = LM

type: feature

file: kernels

desc: added -m 3100 = Oracle 7-10g

type: driver

file: kernels

desc: added support for NVAPI R300

type: driver

file: kernels

desc: added support for NVidia CUDA 4.2

type: driver

file: kernels

desc: added support for NVidia sm_30 gpu-architecture [ Kepler ]

type: driver

file: kernels

desc: removed support for old AMD 4xxx GPU's (AMD removes support with Catalyst 12.7)

type: driver

file: host programs

desc: workarounded a bug in CUDA cuMemAllocHost() to be able to support recent ForceWare

cred: radix

type: feature

file: kernels and host programs

desc: backported GPU-based password candidate generator from oclHashcat-lite v0.09

type: feature

file: kernels and host programs

desc: backported vector datatype NVidia kernels from oclHashcat-lite v0.09

type: feature

file: host programs

desc: backported --seperator-char feature from hashcat v0.38

cred: Thorsheim

type: feature

file: host programs

desc: added support for charset files and charset files

cred: Thorsheim

type: feature

file: host programs

desc: include line number in error message where applicable

cred: arex1337

type: feature

file: host programs

desc: added BSSID to status display

cred: Hash-IT

type: feature

file: kernels and host programs

desc: Added new rule 'E', upper cases the first letter and every letter after a space

cred: Hash-IT

type: feature

file: kernels and host programs

desc: Backported rule '.' and ',' from hashcat v0.38

type: feature

file: kernels and host programs

desc: Backported rule 'y' and 'Y' from hashcat v0.38

type: feature

file: host programs

desc: added hashfile and rulefile to status display

cred: chort, Thorsheim

type: feature

file: kernels

desc: improved memory handling with salted hashes

type: feature

file: kernels

desc: added reversing kernel for multihash MD5 if running in -a 3 mode and mask < length 8

type: bug

file: kernels

desc: fixed bug in NTLM and DCC brute-force AMD kernels

type: bug

file: kernels

desc: fixed bug in Joomla if pt is of length 4 or greater than 8 it was not getting cracked

type: bug

file: host programs

desc: fixed bug in Oracle 11g hash parsing function, salt length increased to 10 byte

cred: flipit

type: bug

file: host programs

desc: fixed bug in --show when having more than 100k entries in hashcat.pot

cred: Tixos

type: bug

file: host programs

desc: fixed bug in -a 6 mode in combination with WPA when base plain is < length 8

cred: logistix

type: bug

file: host programs

desc: fixed bug in UI: prompt was not shown after pause or resume session

type: bug

file: host programs

desc: fixed bug in ETA display if ETA calculated > 60 years

cred: arex

type: bug

file: host programs

desc: fixed a race condition in --remove leading to not removing cracked hashes from hashlist

cred: forumhero

type: bug

file: host programs

desc: check for integer overflow in keyspace of mask 

cred: LarryX

type: change

file: best64.rule

desc: replaced content of best64.rule with the best rules from the best64.rule contest

type: change

file: host programs

desc: EULA. Removed sections 2, 6, 8 and 9. Relaxed sections 3 and 7

cred: hdmoore

oclHashcat-plus v0.071 HOTFIX

Mon, 12 Mar 2012 17:27:04 +0000

If you are using NVidia GPU and you are using ForceWare > v275.33 you need this. Otherwise you dont need to upgrade.

Download here: http://hashcat.net/oclhashcat-plus/

Installation steps: Just overwrite the binaries.

This version workarounds the buggy cuMemAllocHost() function which leads to missing hashes.

Original discussion is here: http://hashcat.net/forum/thread-954.html

--
atom

oclHashcat-plus v0.07

Sat, 31 Dec 2011 14:52:33 +0000

Hello Hashcat-Community,

I am proud to present you the latest oclHashcat-plus v0.07 release.

As you might already know, porting features from regular oclHashcat to oclHashcat-plus was my biggest goal for this release.

But there are also:

Performance improvements
Support for updated Drivers/SDKs
Implemented feature requests
Fixed bugs

This new oclHashcat-plus v0.07 is the result of all these changes.

The following features that have been ported from regular oclHashcat v0.26 to oclHashcat-plus v0.07:

These Attack-modes made regular oclHashcat unique.

Since they have been ported to oclHashcat-plus I can finally officially deprecate regular oclHashcat.

Running an Brute-Force attack and Mask attack was already possible with oclHashcat-plus v0.06 but you had to pipe the data from maskprocessor into oclHashcat-plus. It was getting more complicated If you wanted to attack so called "fast algorithms" like MD5. you had to split and generate rules to run them efficient.

To be exact, the Brute-Force attack and Mask attack kernels are not-reversed versions from oclHashcat-lite v0.08. This version is specialized on doing Brute-Force and Mask attacks. For those using regular oclHashcat for Brute-Force and do not know the difference to oclHashcat-lite: There is no more thing called right- and left-side of the mask. The new oclHashcat-plus automatically calculates the most efficient split. This will hopefully make it easier especially for the new users.

The next feature, or let me say killer feature, is what I call "multirules".

To explain it I made a special forum post with some examples and details here: http://hashcat.net/forum/thread-703.html

Especially when you think of creating own rules this will totally boost your creativity.

To get started I also added some example rules which i called hybrid rules. They can be found in rules/hybrid/. When you start playing with multirules you will shortly notice how to use the hybrid rules and why they have been added.

Then there was this nice request: http://hashcat.net/forum/thread-437.html

Basically it says: If you are a pentester and you use oclHashcat-plus on the hashes of your customer you might have some restrictive policies on how to handle the cracked hashes.

This new requested feature tells oclHashcat-plus to NOT show the cracked plaintext. It will show only the cracked hash. That might be enough for you to build statistics or to inform users to change their passwords.

So, if you are interessted in this, check the new --outfile-format parameters.

Then there are new Kernels. Some of them have been heavily requested.

Joomla
osCommerce, xt:Commerce
SMF
OSX v10.4, v10.5, v10.6

You know, oclHashcat-plus does not have generic Kernels like md5($salt.$pass) or md5($pass.$salt). But if you take a close look at what is behind the new kernels and with a bit of knowledge in hashcracking you might be able to exploit these kernels

Another important thing to notice is that i have renamed some of the hash-types. For example, Vbull which was -m 5 is now -m 2611. There is a full list of the renamed kernels in the Changelog below. The reason for this that i put in some system into the numbers.

A nice bugfix to mention is that you can now use commandline file-globbing on windows again. For example, you can now use *.dict to tell oclHashcat-plus that it should use all files matching *.dict as your wordlists in a sequence. This was changed somehow in a previous mingw release and i did not notice this change so it was not useable even it was already supported.

CUDA 4.1 dropped in unexpected. OK, its still just an RC but I really have to say: WOW! They claim a speed increase of 10% on their presentation. And its true, the llvm compiler (which was added) create some neat optimizations in the kernels. But to make use of them, I have to change all the datatypes used in the kernels to vector datatypes. Otherwise they produce slower code than CUDA 4.0. So thats why I stick to CUDA 4.0 for this release. In a later release I will switch to vector datatypes and then to CUDA 4.1.

AMD was not lazy, too. The new AMD APP SDK v2.6 include support for the upcomming hd7xxx series. So what I did is that i blindly generated the Kernels for all hd7xxx and added them to this release. Well this is only theory. We will see how it works out. These new kernels are called "Capeverde", "Pitcairn" and "Tahiti".

Last but not least here is the Full changelog v0.06 -> v0.07:

Code:
type: speedups

file: kernels and host programs

desc: vBulletin < v3.8.5:  AMD hd5970  +5.20%, NV GTX580  +7.86%

desc: vBulletin > v3.8.5:  AMD hd5970 +16.19%, NV GTX580  +5.93%

desc: IPB2, MyBB1.2:       AMD hd5970 +14.83%, NV GTX580  +5.78%

desc: SHA1:                AMD hd5970  +9.01%, NV GTX580   0.00%

desc: SHA256:              AMD hd5970  +1.55%, NV GTX580  +4.21%

desc: md5crypt:            AMD hd5970 +11.19%, NV GTX580  +2.83%

desc: md5apr1:             AMD hd5970 +10.17%, NV GTX580  +1.73%

desc: NTLM:                AMD hd5970  +3.43%, NV GTX580   0.00%

desc: DCC:                 AMD hd5970  +2.46%, NV GTX580  +0.33%

type: feature

file: kernels

desc: added -m 11 = Joomla

type: feature

file: kernels

desc: added -m 21 = osCommerce, xt:Commerce

type: feature

file: kernels

desc: added -m 121 = SMF > v1.1

type: feature

file: kernels

desc: added -m 122 = OSX v10.4, v10.5, v10.6

type: driver

file: kernels

desc: added support for AMD Catalyst 11.12 and AMD APP SDK 2.6

type: feature

file: kernels

desc: added support for AMD GPU's "Devastator" and "Scrapper"

type: feature

file: kernels

desc: added support for AMD GPU's "Capeverde", "Pitcairn" and "Tahiti"

type: feature

file: host programs and kernel

desc: backported combinator attack from oclHashcat v0.26

type: feature

file: host programs and kernel

desc: backported hybrid attack from oclHashcat v0.26

type: feature

file: host programs and kernel

desc: backported brute-force attack from oclHashcat-lite v0.08

type: feature

file: host programs

desc: backported --cpu-affinity from oclHashcat-lite v0.08

type: feature

file: host programs

desc: backported --outfile-format from oclHashcat-lite v0.08

type: feature

file: host programs

desc: added support for multirules (multiple -r parameters allowed)

cred: http://hashcat.net/forum/thread-703.html

type: improvement

file: rules

desc: added lots of minirules for multirule engine to rules/hybrid/

type: change

file: kernels

desc: renamed -m 5    to -m 2611

desc: renamed -m 9    to -m 2811

desc: renamed -m 15   to -m 2711

desc: renamed -m 600  to -m 101

desc: renamed -m 700  to -m 111

desc: renamed -m 1300 to -m 131

desc: renamed -m 2000 to -m 112

desc: renamed -m 2300 to -m 132

type: change

file: rules

desc: redesigned usage screen

cred: http://hashcat.net/forum/thread-716.html

type: bug

file: kernels

desc: fixed bug in WPA/WPA2 kernel if essid length >= 28

cred: http://hashcat.net/forum/showthread.php?tid=494

type: bug

file: host programs

desc: reenabled file-globbing on cmdline for windows

type: bug

file: host programs

desc: fixed bug in length check of hash parser if user specified --hex-salt

type: docs

file: todo.txt

desc: added todo file

[/code

]

oclHashcat-plus v0.06

Fri, 16 Sep 2011 12:11:23 +0000

Hello Hashcat users,

I am really proud to release this new version 0.06 of oclHashcat-plus to public. It contains a lot of new features, improvements, changes and bugfixes.

As you may already know, the highlight is the new WPA/WPA2 kernel.
This new oclHashcat-plus was faster than every other WPA cracker in every configuration i had tested.
Especially owners of AMD cards and owners of multi-gpu systems will see a neat improvement. But dont expect too much.
The rumours saying its 3 or 4 times faster than other WPA crackers are true, but only because of a very special case (Big number of GPUs).
What makes the oclHashcat-plus WPA/WPA2 kernel really unique is that it calculates the full WPA handshake on GPU.
It calculates the PMK, the PTK and the final EAPOL HMAC, everything on GPU. So its not just the PMK.
Doing everything in GPU results in 0% CPU usage and therefore saves a lot of energy and gives a lag-free desktop.

But WPA isnt everything. There is also many other new algorithms added.
For example mscash2 (DCC2), vBulletin (both salt versions), Cisco PIX, SHA256 etc.., see changelog for full list.
I also improved the performance of the already supported algorithms by optimizing them for the current state of the art GPUs.
For example; NTLM and DEScrypt on the 4xx and 5xx NVidias is +27.15% and +28.91%.
On AMD I focused on hd69xx tuning and achieved +16.07% again on DEScrypt.

Some new features many of you will like:

The support for a potfile and therefore the parameter using it: --show, --left and --usernames (finally usernames).
This is useful in hashlist management.
The first "real" ported alternative attack vector from hashcat CPU: the Permutation-attack.
Hint: For best performance, use the prepare utility from hashcat-utils with your dictionaries. It reorders their content so that you can unique the resulting dictionary afterwards.
Fine-tuned and re-calibrated default workload settings depending on the combination of GPU-type and algorithm.
This greatly reduces desktop lags.
The status screen got a complete facelift (additional informations like GPU-Idle, reject counter etc.)

Due to the massive changes of core code, all the new kernels and the new features, it may occour you face some bugs.
Beta testers did a really great job finding them and all the reported bugs have been fixed.
If you find bugs or any other irregularities do not hesitate to report them on Hashcat Forum or on #hashcat IRC channel on rizon.

Enough said. HF Guys!!!

Download it here: http://hashcat.net/oclhashcat-plus/

Full changelog v0.05 -> v0.06:

Code:
type: speedups

desc: MD5:      AMD hd6990  +7.78%, NV gtx580  +1.84%

desc: phpass:   AMD hd6990  +1.01%, NV gtx580   0.00%

desc: md5crypt: AMD hd6990 +10.13%, NV gtx580  +7.08%

desc: MD4:      AMD hd6990 +15.34%, NV gtx580 +15.71%

desc: NTLM:     AMD hd6990  +9.06%, NV gtx580 +27.15%

desc: DCC:      AMD hd6990  +7.06%, NV gtx580  +6.71%

desc: descrypt: AMD hd6990 +16.07%, NV gtx580 +28.91%

desc: md5apr1:  AMD hd6990  +9.62%, NV gtx580  +7.85%

type: feature

file: kernels

desc: added -m 5 = vBulletin < v3.8.5

type: feature

file: kernels

desc: added -m 9 = IPB2, MyBB1.2

type: feature

file: kernels

desc: added -m 15 = vBulletin > v3.8.5

type: feature

file: kernels

desc: added -m 100 = SHA1

type: feature

file: kernels

desc: added -m 300 = MySQL > v4.1

type: feature

file: kernels

desc: added -m 500 = Cisco-IOS MD5 (additional)

type: feature

file: kernels

desc: added -m 600 = nsldap, SHA-1(Base64), Netscape LDAP SHA

type: feature

file: kernels

desc: added -m 700 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA

type: feature

file: kernels

desc: added -m 1300 = MSSQL(2000)

type: feature

file: kernels

desc: added -m 1400 = SHA256

type: feature

file: kernels

desc: added -m 2000 = Oracle 11g

type: feature

file: kernels

desc: added -m 2100 = Domain Cached Credentials2, mscash2

type: feature

file: kernels

desc: added -m 2300 = MSSQL(2005)

type: feature

file: kernels

desc: added -m 2400 = Cisco-PIX MD5

type: feature

file: kernels

desc: added -m 2500 = WPA/WPA2

type: feature

file: host programs, kernels

desc: added -a 4 = permutation attack

type: feature

file: host programs, kernels

desc: moved rule engine for slow algorithms from gpu to cpu based calculation

type: feature

file: host programs

desc: added potfile support

type: feature

file: host programs

desc: added parameter --show to show all cracked hashes using the potfile

type: feature

file: host programs

desc: added parameter --left to show all uncracked hashes using the potfile

type: feature

file: host programs

desc: added parameter --username to enable ignore usernames in hashfile

type: feature

file: host programs

desc: added seperate timers for real speed (GPU+CPU) and cracking speed (GPU)

type: feature

file: host programs

desc: backported --hex-salt from oclHashcat-lite v0.06

type: feature

file: host programs

desc: backported status codes on exit from oclHashcat-lite v0.06

type: improvement

file: kernels

desc: increased maximum functions per rule from 8 to 16

type: improvement

file: kernels

desc: increased maximum --gpu-loops from 512 to 1024

type: improvement

file: kernels

desc: increased maximum username length in DCC kernels from 7 to 15

type: improvement

file: host programs

desc: added display progress of dictionary scanning phase, keep user updated

type: feature

file: host programs

desc: added display of the hash itself in single hash cracking

type: improvement

file: host programs

desc: redesigned digest-to-salt handling to remove irregular hash handling

type: improvement

file: rules

desc: updated d3adone.rule (to 35406 unique rules)

type: improvement

file: rules

desc: added rules/T0XlC.rule

type: improvement

file: rules

desc: added rules/toggles[12345].rule

type: contrib

file: external

desc: added patch for aircrack-ng to enable aircrack-ng dumping .hccap file

type: contrib

file: external

desc: added alternative solution for converting: http://hashcat.net/cap2hccap

type: contrib

file: external

desc: added configureable leetspeek.rule permutation generator script

cred: lanjelot

type: change

file: host programs

desc: recalibrated defaults so that kernels run fast but not to aggressive

type: change

file: host programs

desc: changed speed display compressing threshold from 10000 to 100000

type: change

file: host programs

desc: changed exit behaviour in case of invalid hash from exit to skip-only

type: bug

file: kernels (nvidia only)

desc: fixed single-hash issue in MD4, NTLM and DCC kernels

cred: http://hashcat.net/forum/thread-822.html

type: bug

file: kernels

desc: fixed multi-hash issue in phpass kernel

cred: http://hashcat.net/forum/thread-768.html

type: bug

file: kernels

desc: fixed issue in multi-hash in DCC kernel

type: bug

file: kernels

desc: fixed issue in gpu rule-engine in function "s"

type: bug

file: host programs

desc: fixed issue when enabling pause mode in salted multihash cracking

cred: San

type: bug

file: host programs

desc: fixed calculating wrong progress issue in status display

cred: http://hashcat.net/forum/thread-721.html

type: bug

file: host programs

desc: fixed bug in --gpu-async which was not enabled even if specified

type: bug

file: host programs

desc: fixed version string on startup

cred: http://hashcat.net/forum/showthread.php?tid=470

type: bug

file: host programs

desc: workarounded AMD issue ../../src/xcb_io.c:140: dequeue_pending_request

cred: http://hashcat.net/forum/showthread.php?tid=462

--
atom

oclHashcat-plus v0.05

Wed, 17 Aug 2011 08:14:16 +0000

This is a Bugfix Release!

Download it here: http://hashcat.net/oclhashcat-plus/

* changes v0.04 -> v0.05:

Code:
type: bug

file: oclHashcat-plus, cudaHashcat-plus

desc: fixed bug in --remove causing hashlists getting destroyed

cred: http://hashcat.net/forum/thread-732.html

--
atom

oclHashcat-plus v0.04

Wed, 17 Aug 2011 08:12:21 +0000

Download it here: http://hashcat.net/oclhashcat-plus/

* changes v0.03 -> v0.04:

Code:
type: rename

file: oclHashcat-plus, cudaHashcat-plus

desc: renamed oclHashcat+ to oclHashcat-plus, cudaHashcat+ to cudaHashcat-plus

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: backported interactive status screen feature from oclHashcat-lite v0.05

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: backported ETA display feature from oclHashcat-lite v0.05

refe: http://hashcat.net/forum/thread-515.html

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: backported pause / resume feature from oclHashcat-lite v0.05

refe: http://hashcat.net/forum/thread-506.html

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: backported thermal watchdog feature from oclHashcat-lite v0.05

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: backported gpu-async feature from oclHashcat-lite v0.05

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: backported runtime-limit feature from oclHashcat-lite v0.05

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: backported remove feature from hashcat v0.36

refe: http://hashcat.net/forum/thread-270.html

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: backported dictionary directory scan feature from hashcat v0.36

type: improvement

file: oclHashcat-plus, cudaHashcat-plus

desc: optimized loading huge rulesets and hashlists a lot

refe: http://hashcat.net/forum/thread-522.html

type: improvement

file: kernels

desc: merged -m 501 into -m 500. hashcat will automatically choose whats best

type: improvement

file: kernels

desc: added -m 1500 = descrypt, DES(Unix), Traditional DES

refe: http://hashcat.net/forum/thread-299.html

type: improvement

file: kernels

desc: added -m 1600 = md5apr1, MD5(APR), Apache MD5

refe: http://hashcat.net/forum/thread-163.html

type: driver

file: kernels

desc: added support for AMD Catalyst v11.4 and SDK 2.4

type: driver

file: kernels

desc: added support for NVidia ForceWare v270.x

type: improvement

file: kernels

desc: added support for BeaverCreek, Caicos, Turks, WinterPark GPU's

type: improvement

file: kernels AMD

desc: backported BFI_INT binary patching hack from oclHashcat-lite v0.05

type: improvement

file: kernels AMD

desc: performance increase MD5 +17.5% : 4673M/s -> 5665M/s

type: improvement

file: kernels AMD

desc: performance increase phpass +23.5% : 2247k/s -> 2935k/s

type: improvement

file: kernels AMD

desc: performance increase md5crypt +11.1% : 3378k/s -> 3800k/s

type: improvement

file: kernels AMD

desc: performance increase NTLM +13.4% : 6323M/s -> 7222M/s

type: bug

file: oclHashcat-plus

desc: DCC cracking in multi-hash mode was broken

type: docs

file: credits.txt

desc: added credits file

type: docs

file: user_manuals.txt

desc: added links to online documentation

--
atom

oclHashcat+ v0.03

Mon, 31 Jan 2011 09:51:23 +0000

This is a Bugfix Release!

Download it here: http://hashcat.net/oclhashcat+/

* changes v0.02 -> v0.03:

Code:
type: bug

file: oclHashcat+

desc: md5crypt / phpass cracking in multi-hash mode was broken

type: bug

file: examples

desc: MD5 example Script on windows, wrong hashlist filename

type: bug

file: examples

desc: phpass example Script on windows, echo appends space to plaintext

type: bug

file: examples

desc: stdin and stdout on windows was not switched to binary mode

--
atom

hashcat Forum - Very old oclHashcat-plus Announcements

[split] oclHashcat-plus v0.15

oclHashcat-plus v0.15

hashcat v0.44, oclHashcat-plus v0.14 and oclHashcat-lite v0.15

oclHashcat-plus v0.13 and oclHashcat-lite v0.14

oclHashcat-plus v0.10 and oclHashcat-lite v0.11

oclHashcat-plus v0.09

oclHashcat-plus v0.09 special version

oclHashcat-plus v0.081 *HOTFIX*

oclHashcat-plus v0.08

oclHashcat-plus v0.071 *HOTFIX*

oclHashcat-plus v0.07

oclHashcat-plus v0.06

oclHashcat-plus v0.05

oclHashcat-plus v0.04

oclHashcat+ v0.03

oclHashcat-plus v0.081 HOTFIX

oclHashcat-plus v0.071 HOTFIX