The Assimilation Bridge, in particular its Python plugin, is designed for rapid prototyping.
I originally added this plugin for situations where I had reversed some algorithm from an application or library, but usually it was a one-hash scenario. In most cases, I would simply write a quick proof of concept in, crack the single hash, and move on. The Python plugin is for such cases where the hashes are more resistant, for example when they are not based on a weak password. In that case you might need both computational power and some smart password guessing. You may want to take advantage of hashcat features such as the rule engine, hybrid attack modes, restart functionality, or built-in multithreading.
Instead of just writing your own standalone cracking tool, you can later move your PoC logic into the Python bridge and directly benefit from hashcat features.
We recently participated in the Jabbercracky password contest (DEFCON 33) where we faced a set of completely unknown hashes with no context at all.
When you do not know the hash type and there is no obvious signature or pattern in the hashes, a great tool to try is mdxfind. It is multithreaded, has many useful features, and is ideal for such situations. It supports iterations, external salt or username inputs, and more. In this contest, mdxfind could identify some of the algorithms, but some others the players had to figure out manually.
That is a perfect example of when the Python bridge is useful because it gives you a programming language with access to a large pool of third-party cryptographic libraries, and using a programming language gives you maximum flexibility.
Note!!! that in order to use this you need a version higher than 7.0.0, for instance the beta binary from https://hashcat.net/beta or by compiling from GitHub master sources.
0. Set up the Python bridge
If hashcat -b -m 73000 runs successfully, you are ready for step 1. If you have never used it before, check out the Quickstart Guide.
1. Download the contest hash list
Here is a mirror.
2. Convert it for use with the Python bridge
Mode 73000 expects the format HASH*SALT. In this contest there were no salts, only peppers, so we leave the salt field empty and handle the pepper in our Python code. We skip the bcrypts intentionally. You can also implement bcrypt in the Python bridge, but since bcrypt has a recognizable signature and is supported directly with mode 3200, it is better to handle those natively.
We use mode 73000 instead of 72000 for better cross-platform compatibility.
3. Edit Python/generic_hash_mp.py
4. Run hashcat normally
- atom
I originally added this plugin for situations where I had reversed some algorithm from an application or library, but usually it was a one-hash scenario. In most cases, I would simply write a quick proof of concept in, crack the single hash, and move on. The Python plugin is for such cases where the hashes are more resistant, for example when they are not based on a weak password. In that case you might need both computational power and some smart password guessing. You may want to take advantage of hashcat features such as the rule engine, hybrid attack modes, restart functionality, or built-in multithreading.
Instead of just writing your own standalone cracking tool, you can later move your PoC logic into the Python bridge and directly benefit from hashcat features.
We recently participated in the Jabbercracky password contest (DEFCON 33) where we faced a set of completely unknown hashes with no context at all.
When you do not know the hash type and there is no obvious signature or pattern in the hashes, a great tool to try is mdxfind. It is multithreaded, has many useful features, and is ideal for such situations. It supports iterations, external salt or username inputs, and more. In this contest, mdxfind could identify some of the algorithms, but some others the players had to figure out manually.
That is a perfect example of when the Python bridge is useful because it gives you a programming language with access to a large pool of third-party cryptographic libraries, and using a programming language gives you maximum flexibility.
Note!!! that in order to use this you need a version higher than 7.0.0, for instance the beta binary from https://hashcat.net/beta or by compiling from GitHub master sources.
0. Set up the Python bridge
If hashcat -b -m 73000 runs successfully, you are ready for step 1. If you have never used it before, check out the Quickstart Guide.
1. Download the contest hash list
Here is a mirror.
2. Convert it for use with the Python bridge
Code:
$ cat hash_list_3.txt | grep -v '^\$2a\$' | sed -e 's/$/*/g' > hashes73000.txtMode 73000 expects the format HASH*SALT. In this contest there were no salts, only peppers, so we leave the salt field empty and handle the pepper in our Python code. We skip the bcrypts intentionally. You can also implement bcrypt in the Python bridge, but since bcrypt has a recognizable signature and is supported directly with mode 3200, it is better to handle those natively.
We use mode 73000 instead of 72000 for better cross-platform compatibility.
3. Edit Python/generic_hash_mp.py
Code:
import sys
import struct
import hashlib
import hcshared
import hcmp
import hmac
# SELF TEST pair
ST_HASH = "9c016f79fdcdc7422af93fcc203b0eda43278d32e3a6edd607d35c63*"
ST_PASS = "Location"
def calc_hash(password: bytes, salt: dict) -> list:
results = []
# SHA2-224 (20 percent)
results.append(hashlib.sha224(password).hexdigest())
# SHA2-224 with constant prefix (10 percent)
results.append(hashlib.sha224(b"d3fc0n" + password).hexdigest())
# SHA2-224 HMAC (10 percent)
results.append(hmac.new(b"DEFCON", password, hashlib.sha224).hexdigest())
# SHA2-224 of SHA2-224 (15 percent total with shuck bonus)
results.append(hashlib.sha224(hashlib.sha224(password).hexdigest().encode()).hexdigest())
# SHA2-224 of SHA1 (15 percent total with shuck bonus)
results.append(hashlib.sha224(hashlib.sha1(password).hexdigest().encode()).hexdigest())
# SHA2-384 (100k Flat)
results.append(hashlib.sha384(password).hexdigest())
return results4. Run hashcat normally
Code:
$ ./hashcat -m 73000 hashes73000.txt example.dict
hashcat (v7.0.0-117-ge6758bf60+) starting
Initializing bridges. Please be patient...
Loaded python library from: /home/atom/.pyenv/versions/3.13.3/lib/libpython3.13.so
Assimilation Bridge
===================
* Unit #01 -> #01: Python Interpreter (3.13.3 (main, Jun 2 2025, 22:02:22) [GCC 13.3.0])
...
Hashes: 275002 digests; 275002 unique digests, 1 unique salts
...
2397b137125c9057e24395767580e9766a340bc13447b5dca4f240d7*:CHOCOLATE
b6a567591e336b320e866187f7993de073589e8518e0b24a6902bcf9*:Learning
bb838248f9023a39bfa873d982aed3260279286ba51975684c42f0ec*:Property
f1cc31f19daa3f07b0278cada69ddfce3619ccbcaf33dd584739e0d8*:Universal
...- atom
