oclHashcat-plus v0.07
#1
Hello Hashcat-Community,

I am proud to present you the latest oclHashcat-plus v0.07 release.

As you might already know, porting features from regular oclHashcat to oclHashcat-plus was my biggest goal for this release.

But there are also:
  • Performance improvements
  • Support for updated Drivers/SDKs
  • Implemented feature requests
  • Fixed bugs

This new oclHashcat-plus v0.07 is the result of all these changes.



The following features that have been ported from regular oclHashcat v0.26 to oclHashcat-plus v0.07:

These Attack-modes made regular oclHashcat unique.

Since they have been ported to oclHashcat-plus I can finally officially deprecate regular oclHashcat.

Running an Brute-Force attack and Mask attack was already possible with oclHashcat-plus v0.06 but you had to pipe the data from maskprocessor into oclHashcat-plus. It was getting more complicated If you wanted to attack so called "fast algorithms" like MD5. you had to split and generate rules to run them efficient.

To be exact, the Brute-Force attack and Mask attack kernels are not-reversed versions from oclHashcat-lite v0.08. This version is specialized on doing Brute-Force and Mask attacks. For those using regular oclHashcat for Brute-Force and do not know the difference to oclHashcat-lite: There is no more thing called right- and left-side of the mask. The new oclHashcat-plus automatically calculates the most efficient split. This will hopefully make it easier especially for the new users.



The next feature, or let me say killer feature, is what I call "multirules".

To explain it I made a special forum post with some examples and details here: http://hashcat.net/forum/thread-703.html

Especially when you think of creating own rules this will totally boost your creativity.

To get started I also added some example rules which i called hybrid rules. They can be found in rules/hybrid/. When you start playing with multirules you will shortly notice how to use the hybrid rules and why they have been added.



Then there was this nice request: http://hashcat.net/forum/thread-437.html

Basically it says: If you are a pentester and you use oclHashcat-plus on the hashes of your customer you might have some restrictive policies on how to handle the cracked hashes.

This new requested feature tells oclHashcat-plus to NOT show the cracked plaintext. It will show only the cracked hash. That might be enough for you to build statistics or to inform users to change their passwords.

So, if you are interessted in this, check the new --outfile-format parameters.



Then there are new Kernels. Some of them have been heavily requested.
  • Joomla
  • osCommerce, xt:Commerce
  • SMF
  • OSX v10.4, v10.5, v10.6

You know, oclHashcat-plus does not have generic Kernels like md5($salt.$pass) or md5($pass.$salt). But if you take a close look at what is behind the new kernels and with a bit of knowledge in hashcracking you might be able to exploit these kernels Smile

Another important thing to notice is that i have renamed some of the hash-types. For example, Vbull which was -m 5 is now -m 2611. There is a full list of the renamed kernels in the Changelog below. The reason for this that i put in some system into the numbers.



A nice bugfix to mention is that you can now use commandline file-globbing on windows again. For example, you can now use *.dict to tell oclHashcat-plus that it should use all files matching *.dict as your wordlists in a sequence. This was changed somehow in a previous mingw release and i did not notice this change so it was not useable even it was already supported.



CUDA 4.1 dropped in unexpected. OK, its still just an RC but I really have to say: WOW! They claim a speed increase of 10% on their presentation. And its true, the llvm compiler (which was added) create some neat optimizations in the kernels. But to make use of them, I have to change all the datatypes used in the kernels to vector datatypes. Otherwise they produce slower code than CUDA 4.0. So thats why I stick to CUDA 4.0 for this release. In a later release I will switch to vector datatypes and then to CUDA 4.1.

AMD was not lazy, too. The new AMD APP SDK v2.6 include support for the upcomming hd7xxx series. So what I did is that i blindly generated the Kernels for all hd7xxx and added them to this release. Well this is only theory. We will see how it works out. These new kernels are called "Capeverde", "Pitcairn" and "Tahiti".



Last but not least here is the Full changelog v0.06 -> v0.07:

Code:
type: speedups
file: kernels and host programs
desc: vBulletin < v3.8.5:  AMD hd5970  +5.20%, NV GTX580  +7.86%
desc: vBulletin > v3.8.5:  AMD hd5970 +16.19%, NV GTX580  +5.93%
desc: IPB2, MyBB1.2:       AMD hd5970 +14.83%, NV GTX580  +5.78%
desc: SHA1:                AMD hd5970  +9.01%, NV GTX580   0.00%
desc: SHA256:              AMD hd5970  +1.55%, NV GTX580  +4.21%
desc: md5crypt:            AMD hd5970 +11.19%, NV GTX580  +2.83%
desc: md5apr1:             AMD hd5970 +10.17%, NV GTX580  +1.73%
desc: NTLM:                AMD hd5970  +3.43%, NV GTX580   0.00%
desc: DCC:                 AMD hd5970  +2.46%, NV GTX580  +0.33%

type: feature
file: kernels
desc: added -m 11 = Joomla

type: feature
file: kernels
desc: added -m 21 = osCommerce, xt:Commerce

type: feature
file: kernels
desc: added -m 121 = SMF > v1.1

type: feature
file: kernels
desc: added -m 122 = OSX v10.4, v10.5, v10.6

type: driver
file: kernels
desc: added support for AMD Catalyst 11.12 and AMD APP SDK 2.6

type: feature
file: kernels
desc: added support for AMD GPU's "Devastator" and "Scrapper"

type: feature
file: kernels
desc: added support for AMD GPU's "Capeverde", "Pitcairn" and "Tahiti"

type: feature
file: host programs and kernel
desc: backported combinator attack from oclHashcat v0.26

type: feature
file: host programs and kernel
desc: backported hybrid attack from oclHashcat v0.26

type: feature
file: host programs and kernel
desc: backported brute-force attack from oclHashcat-lite v0.08

type: feature
file: host programs
desc: backported --cpu-affinity from oclHashcat-lite v0.08

type: feature
file: host programs
desc: backported --outfile-format from oclHashcat-lite v0.08

type: feature
file: host programs
desc: added support for multirules (multiple -r parameters allowed)
cred: http://hashcat.net/forum/thread-703.html

type: improvement
file: rules
desc: added lots of minirules for multirule engine to rules/hybrid/

type: change
file: kernels
desc: renamed -m 5    to -m 2611
desc: renamed -m 9    to -m 2811
desc: renamed -m 15   to -m 2711
desc: renamed -m 600  to -m 101
desc: renamed -m 700  to -m 111
desc: renamed -m 1300 to -m 131
desc: renamed -m 2000 to -m 112
desc: renamed -m 2300 to -m 132

type: change
file: rules
desc: redesigned usage screen
cred: http://hashcat.net/forum/thread-716.html

type: bug
file: kernels
desc: fixed bug in WPA/WPA2 kernel if essid length >= 28
cred: http://hashcat.net/forum/showthread.php?tid=494

type: bug
file: host programs
desc: reenabled file-globbing on cmdline for windows

type: bug
file: host programs
desc: fixed bug in length check of hash parser if user specified --hex-salt

type: docs
file: todo.txt
desc: added todo file
[/code
]
#2
Hey atom !

You are awesome, hashcatplus is awesome....everything is awesome !! Big Grin

Thank you very much for all your hard work and I really do hope you have a great new year !
#3
good job <3
#4
again perfect work, i was looking forward to the multi rule attack , test it soon.
#5
Thank you! I'll be making a comprehensive tutorial on cracking WPA/WPA2 handshakes with multirules/bruteforce.
#6
Very Good Job atom!! Really Impressed.
All these changes are so usefull!!!

Keep up the good work atom!

Happy new year to all
#7
Great work with this one. Seems easier to use than before 'coz you don't need left and right masks. Big Grin Thanks!
#8
good job!
#9
Using plus to replace old oclhashcat is a good idea!