Note: all versions of oclHashcat have been replaced by a unified OpenCL CPU/GPU version, now known simply as hashcat.
oclHashcat is a GPGPU-based multi-hash cracker using a combinator attack.
Note: this is the old deprecated version of oclHashcat up to version 0.26, see oclHashcat-plus for newer version.
Last Version was 0.26 before it was replaced by oclHashcat-plus.
Before oclHashcat, there was only the CPU-based hashcat version from the hashcat family. However, when hashcat was written there were already GPU crackers like EGB, CUDA-Multiforcer, IGHASHGPU or BarsWF. In terms of cracking performance, they totally owned hashcat. However they were not faster than hashcat in terms of how fast they could crack a hash. That is the big difference. Since these tools all used Brute-Force attack, it was nearly impossible for them to crack a 12-character long password. That is why the most efficient method of cracking passwords is dictionary-based. None of the GPU crackers were able to handle dictionary-based attacks.
After reviewing some sites/forums/blogs etc. to find out why there is no GPU cracker using dictionaries, it quickly turned out that they can not run efficiently because of the slow PCI-E transfer rates. That does sound logical (at least for the fast algorithms), but no one wanted to do a simple dictionary attack. Hashcat already handled that very well.
Dictionary-based does not always mean a dictionary attack. There is much more to it, like rule-based attack, toggle-case attack or combinator attack. Unlike a simple dictionary attack, these advanced-attack versions should run efficiently on a GPU program. That is because they can mutate the base words on the kernel and because of this, there is no need to execute slow PCI-E transfers.
After some weeks of effort, the first engine worked. It was capable of doing a combinator attack. This first version was written as a simple proof-of-concept version that shows how to efficiently use GPUs for dictionary-based attacks and was called “Combination-CUDA”. A video can be watched here: http://www.youtube.com/watch?v=cCD65oWts5I. This program was very limited. For example, it only supported NVidia GPUs, no Multi-GPU setup and could crack MD5 only.
The next step was to write a real program bundling all the experience gained from hashcat and combination-cuda development. This approach was called “hashcat+” (NOTE: not oclHashcat+), but it was never released to the public. The reason for this was that during the development of hashcat+ a new version of OpenCL was released by the Khronos Group. The cool thing about OpenCL is that it supported both NVidia and ATI/AMD cards. Actually both vendors added an OpenCL runtime to their drivers/SDK. To utilize it, it was neccessary to rewrite hashcat+ from scratch, since it was made for CUDA, not OpenCL. This new program was called “oclHashcat”.
With the release of oclHashcat the limitations of combination-CUDA have been eliminated.
The first official Combination-CUDA release was v0.01, released on 05.02.2010.
The first official oclHashcat release was v0.18, released on 01.05.2010.
Usage: oclHashcat [options] hashlist dict_left|mask_left dict_right|mask_right Startup: -V, --version print version -h, --help print help --eula print eula Logging and Files: --quiet suppress output -o, --outfile=FILE outfile for recovered hash --outfile-format=NUM 0 = hash:pass 1 = hash:hex_pass 2 = hash:pass:hex_pass --remove enable remove of hash from hashlist once it is cracked -e, --salt-file=FILE salts-file for unsalted hashlists Session: --runtime=NUM automatically abort session after NUM seconds Misc: --hex-salt assume salt is given in hex --hex-charset assume charset is given in hex Resources: --gpu-async use non-blocking async calls (NVidia only) -d, --gpu-devices=STR CUDA devices to use, seperate with comma -n, --gpu-accel=NUM workload tuning: 1, 8, 40, 80, 160, 400 or 800 --gpu-loops=NUM workload fine-tuning if -n is not precise enough --gpu-watchdog=NUM automatically abort session at NUM celsius Built-in charsets: ?l = abcdefghijklmnopqrstuvwxyz ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ ?d = 0123456789 ?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ?h = 8 bit characters from 0xc0 - 0xff ?D = 8 bit characters from german alphabet ?F = 8 bit characters from french alphabet ?R = 8 bit characters from russian alphabet Custom charsets: -1, --custom-charset1=CS user-definable charsets -2, --custom-charset2=CS example: -3, --custom-charset3=CS --custom-charset1=?dabcdef -4, --custom-charset4=CS sets charset ?1 to 0123456789abcdef Attack options: --increment enable increment mode -j, --rule-left=RULE rule applied to each word from left dict -k, --rule-right=RULE rule applied to each word from right dict Hash types: -m, --hash-type=NUM number correlates to hash-type 0 = MD5 1 = md5($pass.$salt) 2 = md5($salt.$pass) 3 = md5(md5($pass)) 5 = vBulletin < v3.8.5 100 = SHA1 101 = sha1($pass.$salt) 102 = sha1($salt.$pass) 300 = MySQL > v4.1 900 = MD4 1000 = NTLM 1100 = Domain Cached Credentials 1400 = SHA256
Attribute | Value | Note |
---|---|---|
--version | false | |
--help | false | |
--eula | false | |
--quiet | false | |
--outfile | NULL | |
--outfile-format | 0 | |
--remove | false | |
--salt-file | NULL | |
--runtime | 0 | |
--hex-salt | false | |
--hex-charset | false | |
--gpu-async | false | |
--gpu-devices | NULL | |
--gpu-accel | 0 | |
--gpu-loops | 128 | |
--gpu-watchdog | 90 | |
--custom-charset1 | NULL | |
--custom-charset2 | NULL | |
--custom-charset3 | NULL | |
--custom-charset4 | NULL | |
--increment | false | |
--rule-left | : | |
--rule-right | : | |
--hash-type | 0 |
NOTE: A value “0” or “NULL” can mean undefined, unlimited or all.
Hash-Type | minimum length | maximum length | Note |
---|---|---|---|
MD5 | 2 | 15 | |
md5($pass.$salt) | 2 | 15 | 1 |
md5($salt.$pass) | 2 | 15 | 1 |
md5(md5($pass)) | 2 | 15 | |
vBulletin < v3.8.5 | 2 | 15 | |
SHA1 | 2 | 15 | |
sha1($pass.$salt) | 2 | 15 | 1 |
sha1($salt.$pass) | 2 | 15 | 1 |
MySQL > v4.1 | 2 | 15 | |
MD4 | 2 | 15 | |
NTLM | 2 | 14 | 3 |
Domain Cached Credentials | 2 | 14 | 3, 2 |
SHA256 | 2 | 15 |
Please use the reference at homepage to get latest benchmarks.