Segmentation fault (core dump) on --show and --left
#1
Well, I'm opening a new thread since the one where I was discussing the issue has been closed.

Alright, so after updating Catalyst to 12.8 and performing a full upgrade of my Ubuntu machine, it appears the problem is not the Catalyst itself since I am able to run/crack with oclhashcat-plus 0.9 (below):

Catalyst version 12.8 / fglrx 8.98.2:
Code:
hashcat@elysium:~/tools$ dmesg | grep module.*fglrx
[   18.142330] [fglrx] module loaded - fglrx 8.98.2 [Jul 27 2012] with 4 minors

Normal cracking:
Code:
hashcat@elysium:~/tools/oclHashcat-plus-0.09$ ./oclHashcat-plus64.bin -m 500 ../hashes/hashes.txt ../dictionaries/wordlist --username
oclHashcat-plus v0.09 by atom starting...

Hashes: 1557 total, 55 unique salts, 55 unique digests
Bitmaps: 14 bits, 16384 entries, 0x00003fff mask, 65536 bytes
Rules: 1
Workload: 16 loops, 8 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Tahiti, 2821MB, 925Mhz, 32MCU
Device #2: Tahiti, 2950MB, 925Mhz, 32MCU
Device #3: Tahiti, 2950MB, 925Mhz, 32MCU
Device #4: Tahiti, 2950MB, 925Mhz, 32MCU
Device #1: Kernel ./kernels/4098/m0500.Tahiti_938.2_1.4.1741.kernel (2030888 bytes)
Device #2: Kernel ./kernels/4098/m0500.Tahiti_938.2_1.4.1741.kernel (2030888 bytes)
Device #3: Kernel ./kernels/4098/m0500.Tahiti_938.2_1.4.1741.kernel (2030888 bytes)
Device #4: Kernel ./kernels/4098/m0500.Tahiti_938.2_1.4.1741.kernel (2030888 bytes)

Scanned dictionary ../dictionaries/wordlist: 104 bytes, 14 words, 14 keyspace, starting attack...

$1$oYD4$??????????????????????:xxxxxxx        
$1$dIgL$??????????????????????:xxxxxxx        
$1$xrui$??????????????????????:xxxxxxx          
$1$wPc9$??????????????????????:xxxxxxx          
$1$sQ/b$??????????????????????:xxxxxxx        
$1$UNb6$??????????????????????:xxxxxxx        
$1$jHC9$??????????????????????:xxxxxxx        
$1$EVXl$??????????????????????:xxxxxxx        
$1$CTey$??????????????????????:xxxxxxx        
$1$ohmz$??????????????????????:xxxxxxx        
                                            
Status.......: Exhausted
Input.Mode...: File (../dictionaries/wordlist)
Hash.Target..: File (../hashes/hashes.txt)
Hash.Type....: md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
Time.Running.: 6 secs
Time.Left....: 0 secs
Time.Util....: 6002.5ms/0.0ms Real/CPU, 0.0% idle
Speed........:      124 c/s Real,      124 c/s GPU
Recovered....: 10/55 Digests, 10/55 Salts
Progress.....: 770/770 (100.00%)
Rejected.....: 27/770 (3.51%)
HWMon.GPU.#1.: 32% Util, 49c Temp, 20% Fan
HWMon.GPU.#2.: 38% Util, 47c Temp, 20% Fan
HWMon.GPU.#3.: 39% Util, 42c Temp, 20% Fan
HWMon.GPU.#4.:  0% Util, 35c Temp, 20% Fan

Started: Fri Oct 12 20:09:30 2012
Stopped: Fri Oct 12 20:09:36 2012
hashcat@elysium:~/tools/oclHashcat-plus-0.09$

But if I wanna check which hashes have been cracked, it Seg Faults.

--show or --left usage
Code:
hashcat@elysium:~/tools/oclHashcat-plus-0.09$ ./oclHashcat-plus64.bin -m 500 ../hashes/hashes.txt --username --show
Segmentation fault (core dumped)

Code:
hashcat@elysium:~$ uname -a ; cat /etc/issue
Linux elysium 3.2.0-32-generic #51-Ubuntu SMP Wed Sep 26 21:33:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Ubuntu 12.04.1 LTS \n \l

The same happens with --left.

I'm puzzled. Anyone experiencing the same issue with --show/left?
#2
Can someone reproduce pls?
#3
can reproduce

Code:
[ undeath@2600k: /tmp ] % ~> for i in `seq 20` ; do PW=`date "+%s%N%n%:::z%T" | md5sum | xxd -r -ps | base64 | cut -c1-13` ; echo "$PW" >> /tmp/plain ; echo -n "${PW}:" >> /tmp/md5crypt ; mkpasswd -5 "$PW" >> /tmp/md5crypt ; done
[ undeath@2600k: /tmp ] % ~> ~/hashcracking/oclHashcat-plus-0.09/oclHashcat-plus64.bin -m500 /tmp/md5crypt /tmp/plain --username
oclHashcat-plus v0.09 by atom starting...

Hashes: 20 total, 20 unique salts, 20 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Workload: 16 loops, 8 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cypress, 1024MB, 725Mhz, 18MCU
Device #1: Kernel /home/undeath/hashcracking/oclHashcat-plus-0.09/kernels/4098/m0500.Cypress_938.2_1.4.1741.kernel not found in cache! Building may take a while...
Device #1: Kernel /home/undeath/hashcracking/oclHashcat-plus-0.09/kernels/4098/m0500.Cypress_938.2_1.4.1741.kernel (2869300 bytes)

Scanned dictionary /tmp/plain: 280 bytes, 20 words, 20 keyspace, starting attack...

$1$qqgaBQt1$DR2WmIEuNAeaPdU2SEdFw0:PH3fJC0WyBU1g
$1$jUumlHa2$46669Mo/2AePHYM19NSFi1:vEvG8/FHCtngY
$1$DkA.IT49$RB78Now0FDTH/3FfzEchv/:w4dtc0UlN6L3s
$1$UOFcnkmB$.66vULsOaaDlEaWerVRKr1:Y//UOPo3O1LdW
$1$fLn7vosB$SKCqYv/cHP8mQVAU61BiC/:Kr9FrSGF4QqQd
$1$JukpUllC$FppsU.pHrynpnIv4CFU0m1:udm0mTvbLl4f7
$1$KCaT.5jD$FMC1S0dqGO88l5JOufGkl/:Xc8FbaJPKaNAs
$1$07rmf7IG$cqPzButqe9AJmrWw/iAr1.:v2aU1Ho7WeQZf
$1$Za77bu2L$sei.iiBGrctCXyPwJKnOA/:UzTyshB2JRxct
$1$tk11IQHT$xmcOZ5/9uomgPKNyjnFP5/:8fTvpnN7noL/R
$1$VU1tog4X$ckG4fE95wwszXkUWfnC7l1:pBVSbitE9r9VE
$1$xgtATtnc$G5zD9pwWhuD54RKgjQEB9/:7Pp/Sgq8podjG
$1$9dx6wI6e$foEux0vH2c9TBYFZ0EwF30:ceTF64WSZa5iQ
$1$dpMdtV2l$TYXQ9zY9jlVArLzHTmuUI1:yo2wEcwrzZSHE
$1$tXfHKYHl$c.FFQ/OuRYL7Qgh15JgiV/:yJX3hPSP0bmXN
$1$Updx2N.o$4hKq9gjNnSFWPTI6FLaGx.:gsAlL8THX+hWZ
$1$gjNehyGo$bOZI4UfopHsz1QdBbAKG21:Y31FT2zMjrqXs
$1$WXGUumno$Py13kGn7QEIME5WtYphTx1:/TpZZc5E6ouUi
$1$bWXGS8Yx$46NZSZzzZaxWU1wy.TNKN1:xcVTAEXj184rs
$1$nMwKE8ny$8610u0gHHTrvISsaZ9C6t1:AqKDZgOg/eLc0
                                            
Status.......: Cracked
Input.Mode...: File (/tmp/plain)
Hash.Target..: File (/tmp/md5crypt)
Hash.Type....: md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
Time.Running.: 1 sec
Time.Util....: 1001.1ms/0.0ms Real/CPU, 0.0% idle
Speed........:      400 c/s Real,      745 c/s GPU
Recovered....: 20/20 Digests, 20/20 Salts
Progress.....: 400/400 (100.00%)
Rejected.....: 0/400 (0.00%)
HWMon.GPU.#1.: 94% Util, 58c Temp, 46% Fan

Started: Sun Oct 14 13:31:41 2012
Stopped: Sun Oct 14 13:31:47 2012
[ undeath@2600k: /tmp ] % ~> ~/hashcracking/oclHashcat-plus-0.09/oclHashcat-plus64.bin -m500 /tmp/md5crypt --username --show
zsh: segmentation fault  ~/hashcracking/oclHashcat-plus-0.09/oclHashcat-plus64.bin -m500 /tmp/md5crypt
#4
Interesting thread. I would like to hear the details as well.

By the way, after the crash occurs, maybe you can check the dmesg output and check the last few lines with tail command?

If the crash is being triggered due to incompatible driver, then check if there is an option in the fglrx drivers to log the errors. that might help.

@undeath: I like your first command line Smile
#5
(10-14-2012, 07:46 PM)NeonFlash Wrote: Interesting thread. I would like to hear the details as well.

By the way, after the crash occurs, maybe you can check the dmesg output and check the last few lines with tail command?

If the crash is being triggered due to incompatible driver, then check if there is an option in the fglrx drivers to log the errors. that might help.

@undeath: I like your first command line Smile

dmesg -> /var/log/kern.log shows this:
Code:
[  429.451697] oclHashcat-plus[2959]: segfault at 0 ip 00007f4f69f5f8c3 sp 00007fff1024ee08 error 6 in libc-2.15.so[7f4f69e10000+1b5000]

and with gdb we get this:
Code:
$ gdb oclHashcat-plus64.bin
<banner suppressed>
Reading symbols from /home/hashcat/tools/oclHashcat-plus-0.09/oclHashcat-plus64.bin...(no debugging symbols found)...done.
(gdb) set args -m 500 /home/hashcat/hashes/hashes.txt --username --show
(gdb) run
Starting program: /home/hashcat/tools/oclHashcat-plus-0.09/oclHashcat-plus64.bin -m 500 /home/hashcat/hashes/hashes.txt --username --show
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6d338c3 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007ffff6d338c3 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x000000000041b366 in ?? ()
#2  0x000000000040a715 in ?? ()
#3  0x00007ffff6c0576d in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#4  0x0000000000402509 in ?? ()
#5  0x00007fffffffe5a8 in ?? ()
#6  0x000000000000001c in ?? ()
#7  0x0000000000000006 in ?? ()
#8  0x00007fffffffe7f1 in ?? ()
#9  0x00007fffffffe830 in ?? ()
#10 0x00007fffffffe833 in ?? ()
#11 0x00007fffffffe857 in ?? ()
#12 0x00007fffffffe862 in ?? ()
#13 0x00007fffffffe837 in ?? ()
#14 0x0000000000000000 in ?? ()
(gdb)

glibc version 2.15
Code:
$ ldd --version
ldd (Ubuntu EGLIBC 2.15-0ubuntu10.2) 2.15
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
$

It appears to be a libc issue. For those who can't reproduce, what's the glibc version you're running?
#6
u can use --outfile C:/[path to file] to log cracked hash
#7
irrelevant, rolter09.
#8
I was able to reproduce this with -salted- hashes only (and fixed it). I just want to make sure that this was really the reason. Can someone pls retry with an unsalted hash pls? It should work. If thats the case, this bug is fixed.
#9
I think it may still be an issue. I just tried with cudaHashcat-plus64 v0.9 and got the segmentation error, but using v0.7 works just fine. I can test further if you're interested. The hashes were NTLM.

-edit:

This is the error showing up under /var/log/kern.log

Code:
Oct 27 15:50:33 bt kernel: [ 5882.662992] cudaHashcat-plu[3347]: segfault at 0 ip 000000000041801f sp 00007fff0a8ad6e0 error 6 in cudaHashcat-plus64.bin[400000+28000]
#10
I was talking about oclHashcat-plus v0.10 beta. Its fixed on there. We know oclHashcat v0.09 is affected.