hashcat v6.2.0

Welcome to hashcat v6.2.0!

Download binaries and source code from: https://hashcat.net/hashcat/

This release includes a new attack-mode, expanded support for many new algorithms, and a number of bug fixes:
  • Added hash-mode: Apple iWork
  • Added hash-mode: AxCrypt 2 AES-128
  • Added hash-mode: AxCrypt 2 AES-256
  • Added hash-mode: BestCrypt v3 Volume Encryption
  • Added hash-mode: Bitwarden
  • Added hash-mode: Dahua Authentication MD5
  • Added hash-mode: KNX IP Secure - Device Authentication Code
  • Added hash-mode: MongoDB ServerKey SCRAM-SHA-1
  • Added hash-mode: MongoDB ServerKey SCRAM-SHA-256
  • Added hash-mode: Mozilla key3.db
  • Added hash-mode: Mozilla key4.db
  • Added hash-mode: MS Office 2016 - SheetProtection
  • Added hash-mode: PDF 1.4 - 1.6 (Acrobat 5 - 8) - edit password
  • Added hash-mode: PKCS#8 Private Keys
  • Added hash-mode: RAR3-p (Compressed)
  • Added hash-mode: RAR3-p (Uncompressed)
  • Added hash-mode: RSA/DSA/EC/OPENSSH Private Keys
  • Added hash-mode: SolarWinds Orion v2
  • Added hash-mode: SolarWinds Serv-U
  • Added hash-mode: SQLCipher
  • Added hash-mode: Stargazer Stellar Wallet XLM
  • Added hash-mode: Stuffit5
  • Added hash-mode: Telegram Desktop >= v2.1.14 (PBKDF2-HMAC-SHA512)
  • Added hash-mode: Umbraco HMAC-SHA1
  • Added hash-mode: sha1($salt.sha1($pass.$salt))
  • Added hash-mode: sha1(sha1($pass).$salt)

The major feature in this release is the new attack-mode 9, called the "Association Attack".

It's an attack similar to JtR's single mode where you use an username, a filename, a hint, or any other pieces of information which could have had an influence in the password generation to attack one specific hash. The important part is that hashcat will use the information only for one specific hash out of a list of many.

Typically it's the username, but you are free to choose whatever piece of information you like. This speeds up clearing out easy passwords from large lists of salted hashes like bcrypt. The idea is that the more you clear in the beginning, the faster your attack is in general because hashcat can skip the cracked hashes in any subsequent attacks.

For this attack-mode hashcat switches its workitem distribution strategy slightly in such a way that the top-level loop, which normally iterates through the different salts, is removed completely and instead each salt is assigned to a single GPU shader and that same shader computes the related information you provide. You can optionally apply rules to modify the candidates, creating groups of candidates per hash. They will be applied on the GPU, similar to normal `-r` usage. This can create enough work to fully utilize the GPU during this attack mode even for fast hashes.

I've posted a more detailed write-up on how to use it here: https://hashcat.net/forum/thread-9534.html

Another time consuming task included in this update was refactoring of the scrypt algorithm implementation.

While it wasn't that bad to being with, it wasn't as good as it could be. The main problem was that it was declared as a slow hash, because it is a slow hash, but did not have any loop splitting in the kernel. Instead it assigned 1 to the iteration count statically and did all the loops in that one iteration. That's not great because typically the loop iteration count enables hashcat to step out of the loop every N iterations (that's what you set with the -u parameter) and return from the kernel. In that moment hashcat can update your status screen and the GPU driver has the chance to update the screen and other things. This will also prevent the driver watchdog from reseting the driver state due to a perceived kernel timeout (typically happens on windows only and sometimes causes the compute API to crash). All other slow hashes use this technique to act nice to the OS, but scrypt was not previously doing this. This part of the implementation was completely refactored. It now uses the N parameter from scrypt which typically is a large number - large enough for us to serve as entry point for a regular loop kernel.

There are also several other scrypt related improvements including some of the most in-depth sections of the salsa algorithm having been optimized. For scrypt it is important to have our devices fine-tuned. This is a complicated task for a generic scrypt implementation like the one included in hashcat because it has to deal with many different scrypt parameters that are not fixed as they would be, for example, in a cryptocurrency miner setup. We need to tune them for each device and for each hash-mode to get the best results. I've posted a write-up on how to find the ideal tuning settings for your device here: https://github.com/hashcat/hashcat/blob/...#L388-L474

Some algorithms and devices greatly benefit from this kind of fine-tuning. For instance, on my GTX980 development GPU the speed of Cisco-IOS $9$ (scrypt) doubled from 8107 H/s to 15662 H/s after the fine-tuning changes. On my Vega64 it tripled from 11554 H/s to 33082 H/s; this relates mostly to the manual tuning. In order to enable real fine-tuning of scrypt based algorithms, there are two new flags which plugin developers should check out: OPTS_TYPE_MP_MULTI_DISABLE and OPTS_TYPE_NATIVE_THREADS.

Changelog features:

  • Added new attack-mode: Association Attack (aka "Context Attack") to attack hashes from a hashlist with associated "hints"
  • Added support for true UTF-8 to UTF-16 conversion in kernel crypto library
  • Added option --hash-info to show generic information for each hash-mode
  • Added command prompt [f]inish to tell hashcat to quit after finishing the current attack

Changelog fixed Bugs:

  • Fixed access to filename which is a null-pointer in benchmark mode
  • Fixed both false negative and false positive results in -m 3000 in -a 3 (affecting only NVIDIA GPU)
  • Fixed buffer overflow in -m 1800 in -O mode which is optimized to handle only password candidates up to length 15
  • Fixed buffer overflow in -m 4710 in -P mode and only in single hash mode if salt length is larger than 32 bytes
  • Fixed hardware management sysfs readings in status screen (typically ROCm controlled GPUs)
  • Fixed include guards in several header files
  • Fixed incorrect maximum password length support for -m 400 in optimized mode (reduced from 55 to 39)
  • Fixed internal access on module option attribute OPTS_TYPE_SUGGEST_KG with the result that it was unused
  • Fixed invalid handling of outfile folder entries for -m 22000
  • Fixed memory leak causing problems in sessions with many iterations - for instance, --benchmark-all or large mask files
  • Fixed memory leaks in several cases of errors with access to temporary files
  • Fixed NVML initialization in WSL2 environments
  • Fixed out-of-boundary reads in cases where user activates -S for fast but pure hashes in -a 1 or -a 3 mode
  • Fixed out-of-boundary reads in kernels using module_extra_buffer_size() if -n is set to 1
  • Fixed password reassembling for cracked hashes on host for slow hashes in optimized mode that are longer than 32 characters
  • Fixed race condition in potfile check during removal of empty hashes
  • Fixed race condition resulting in out of memory error on startup if multiple hashcat instances are started at the same time
  • Fixed rare case of misalignment of the status prompt when other user warnings are shown in the hashcat output
  • Fixed search of tuning database - if a device was not assigned an alias, it couldn't be found in general
  • Fixed test on gzip header in wordlists and hashlists
  • Fixed too-early execution of some module functions that use non-final values opts_type and opti_type
  • Fixed unexpected non-unique salts in multi-hash cracking in Bitcoin/Litecoin wallet.dat module which led to false negatives
  • Fixed unit test for -m 3000 by preventing it to generate zero hashes
  • Fixed unit tests using 'null' as padding method in Crypt::CBC but actually want to use 'none'
  • Fixed unterminated salt buffer in -m 23400 module_hash_encode() in case salt was of length 256
  • Fixed vector datatype support in -m 21100 only -P mode and only -a 3 mode were affected

Changelog Improvements:

  • Apple Keychain: Notify the user about the risk of collisions / false positives
  • CUDA Backend: Do not warn about missing CUDA SDK installation if --backend-ignore-cuda is used
  • CUDA Backend: Give detailed warning if either the NVIDIA CUDA or the NVIDIA RTC library cannot be initialized
  • CUDA Backend: Use blocking events to avoid 100% CPU core usage (per GPU)
  • OpenCL Runtime: Workaround JiT compiler deadlock on NVIDIA driver >= 465.89
  • OpenCL Runtime: Workaround JiT compiler segfault on legacy AMDGPU driver compiling RAR3 OpenCL kernel
  • RAR3 Kernels: Improved loop code, improving performance by 23%
  • Scrypt Kernels: Added a number of GPU specific optimizations per hash modes to hashcat.hctune
  • Scrypt Kernels: Added detailed documentation on device specific tunings in hashcat.hctune
  • Scrypt Kernels: Optimized Salsa code portion by reducing register copies and removed unnecessary byte swaps
  • Scrypt Kernels: Reduced kernel wait times by making it a true split kernel where iteration count = N value
  • Scrypt Kernels: Refactored workload configuration strategy based on available resources
  • Startup time: Improved startup time by avoiding some time-intensive operations for skipped devices

Changelog Technical:

  • Bcrypt: Make BCRYPT entry for CPU in hashcat.hctune after switch to OPTS_TYPE_MP_MULTI_DISABLE (basically set -n to 1)
  • Benchmark: Update benchmark_deep.pl with new hash modes added (also new hash modes which were added with v6.1.0)
  • Building: Declare phony targets in Makefile to avoid conflicts of a target name with a file of the same name
  • Building: Fixed build warnings on macOS for unrar sources
  • Building: Fixed test for DARWIN_VERSION in Makefile
  • Commandline Options: Removed option --example-hashes, now an alias of --hash-info
  • Compute API: Skipping devices instead of stop if error occured in initialization
  • Documentation: Added 3rd party licenses to docs/license_libs
  • Hash-Mode 8900 (Scrypt): Changed default benchmark scrypt parameters from 1k:1:1 to 16k:8:1 (default)
  • Hash-Mode 11600 (7-Zip): Improved memory handling (alloc and free) for the hook function
  • Hash-Mode 13200 (AxCrypt): Changed the name to AxCrypt 1 to avoid confusion
  • Hash-Mode 13300 (AxCrypt in-memory SHA1): Changed the name to AxCrypt 1 in-memory SHA1
  • Hash-Mode 16300 (Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256): Use correct buffer size allocation for AES key
  • Hash-Mode 20710 (sha256(sha256($pass).$salt)): Removed unused code and fixed module_constraints
  • Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL): Support loading a hash from command line
  • Hash-Mode 23300 (Apple iWork): Use correct buffer size allocation for AES key
  • Hash Parser: Output support for machine-readable hash lines in --show and --left and in error messages
  • Kernel Development: Kernel cache is disabled automatically when hashcat is compiled with DEBUG=1
  • Kernel Functions: Added generic AES-GCM interface see OpenCL/inc_cipher_aes-gcm.h
  • Kernel Functions: Refactored OpenCL/inc_ecc_secp256k1.cl many functions, add constants and documentation
  • Kernel Functions: Refactored OpenCL/inc_ecc_secp256k1.cl to improve usage in external programs
  • Kernel Functions: Wrap atomic functions with hc_ prefix. Custom kernels need to rename "atomic_inc()" to "hc_atomic_inc()"
  • Kernel Parameters: Added new parameter 'salt_repeat' to improve large buffer management
  • Module Parameters: Add OPTS_TYPE_MP_MULTI_DISABLE for use by plugin developers to prevent multiply -n with the MCU count
  • Module Parameters: Add OPTS_TYPE_NATIVE_THREADS for use by plugin developers to enforce native thread count
  • Module Structure: Add 3rd party library hook management functions. This also requires an update to all existing module_init()
  • OpenCL Runtime: Add support for clUnloadPlatformCompiler() to release some resources after JiT compilation
  • OpenCL Runtime: Switched default OpenCL device type on macOS from GPU to CPU. Use -D 2 to enable GPU devices
  • OpenCL Runtime: Update module_unstable_warnings() for all hash modes based on most recent versions of many OpenCL runtimes
  • Unit tests: Added 'potthrough' (like passthrough, but hash:plain) to tools/test.pl
  • Unit tests: Added Python 3 support for all of the Python code in our test framework
  • Unit tests: Fixed the packaging of test (-p) feature
  • Unit tests: Updated test.sh to show kernel type (pure or optimized) in output
  • Unit tests: Use python3/pip3 instead of just python/pip in tools/install_modules.sh

- atom
Amazing work! Can't wait to work with the association attack!
Thanks to everybody working on these releases, really appreciate the effort.
Any chance we can see support for unsalted hashes in -a9?
And an accept on the 3201 bcrypt(md5()) pull request that's been open for quite a while
(05-14-2021, 08:08 PM)0x69BE027C97 Wrote: Any chance we can see support for unsalted hashes in -a9?
And an accept on the 3201 bcrypt(md5()) pull request that's been open for quite a while

Unsalted hash modes will most likely not be added to -a 9 as it doesn't make sense from a technical standpoint based on how -a 9 actually functions. As for the pull requests that are still open, they are being worked through but some things take time to work out and/or priority over others.
Great word. Thanks for your effort, Atom.
awesome. Thanks to everyone contributing on github and/or by reporting problems/bugs on github/forum/IRC etc !
You guys are awesome !
I have updated to hashcat 6.2.1 to allow package maintainers to not use unrar sources and updated unrar sources to latest version 6.0.5.
mind blowing, awesome!