NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - [Hashcat] Custom optimized kernel development

WARNING!
Due to the number of SCAMS going on in the PAID forum, PLEASE ask an ADMIN or MODERATOR to verify ALL found passwords to ensure you are not being SCAMMED.
DO NOT PAY until an ADMIN or MOD has verified them for you!


22 Results - Page 1 of 1 -
1
Author Message
Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Fri, 06 Apr 2018 @ 13:56:37

Hello,

We've developed a custom kernel for Hashcat's OpenCL.

We're now wondering how to develop the optimized version, but we can't find documentation about this.
We've already read other optimized kernels code, but there're not "like-this" algorithm already developed on hashcat due to it's length.

The algorithm is md5(sha1($pass).md5($pass).sha1($pass)).

The problem we're facing is that since we have the md5(sha1($pass)), we're having troubles when concatenating the second sha1($pass) inside the md5 function.

Any help or clues will be appreciated.

Thanks.


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Wed, 11 Apr 2018 @ 18:23:39

We managed to do this.

Attached is the -a0 and -a3 modes for the specified algorithm on non-optimized form for those who are interested in developing its own kernel for a certain algorithm or for mixed/iterated hashes.

Thanks to those who read this thread.


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Attachments: Login to view attachments.
Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Thu, 10 May 2018 @ 18:02:49


EDMODO

That's it. We managed to create an Edmodo OpenCL custom kernel for hashcat.

Some numbers:


Hashmode: 3200 - bcrypt $2*$, Blowfish (Unix) (Iterations: 32)

Speed.Dev.#1.....: 15193 H/s (161.72ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#2.....: 15897 H/s (156.98ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#3.....: 15899 H/s (157.14ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#4.....: 15915 H/s (156.65ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#5.....: 15932 H/s (156.53ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#6.....: 15959 H/s (156.69ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#7.....: 15932 H/s (156.77ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#8.....: 15910 H/s (156.90ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#*.....: 126.6 kH/s

Hashmode: 3201 - Edmodo $826y4$ bcrypt(md5($pass)) (Iterations: 32)

Speed.Dev.#1.....: 15499 H/s (161.34ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#2.....: 15932 H/s (156.94ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#3.....: 15852 H/s (157.11ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#4.....: 15951 H/s (156.78ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#5.....: 15933 H/s (156.66ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#6.....: 15896 H/s (156.67ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#7.....: 15940 H/s (156.73ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#8.....: 15846 H/s (157.07ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#*.....: 126.8 kH/s


(note: speed relies on the difficulty)

hashcat64 -m3201 -O -a3 --opencl-platforms=1 --opencl-device-types=2 -w4 $826y4$31226$dMby2sfGeQ3Gbfe04/0.cNcY2b4H1p8V7L7Gfj6ua52ecS970ybeZOYtuDG0ZKPVEU7WOZWC7QfJksu --potfile-disable ?d?d?d?d

hashcat (v4.1.0-7-gf6cfcbb+) starting...


The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

$2y$12$MysGQGf0/.NYbHpVLGju5eS7yeZOYtuDG0ZKPVEU7WOZWC7QfJksu:1337

Session..........: hashcat
Status...........: Cracked
Hash.Type........: Edmodo $826y4$ bcrypt(md5($pass))
Hash.Target......: $2y$12$MysGQGf0/.NYbHpVLGju5eS7yeZOYtuDG0ZKPVEU7WOZ...QfJksu
Time.Started.....: Thu May 10 19:58:12 2018 (2 secs)
Time.Estimated...: Thu May 10 19:58:14 2018 (0 secs)
Guess.Mask.......: ?d?d?d?d [4]
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 63 H/s (9.50ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#2.....: 66 H/s (9.36ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#3.....: 65 H/s (9.37ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#4.....: 66 H/s (9.35ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#5.....: 66 H/s (9.35ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#6.....: 66 H/s (9.37ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#7.....: 16 H/s (9.39ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#8.....: 0 H/s (0.00ms) @ Accel:32 Loops:16 Thr:8 Vec:1
Speed.Dev.#*.....: 406 H/s
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 640/10000 (6.40%)
Rejected.........: 0/640 (0.00%)
Restore.Point....: 0/1000 (0.00%)
Candidates.#1....: 1234 -> 1741
Candidates.#2....: 0287 -> 0719
Candidates.#3....: 1219 -> 1790
Candidates.#4....: 0271 -> 0774
Candidates.#5....: 1253 -> 1760
Candidates.#6....: 0238 -> 0749
Candidates.#7....: 1283 -> 1764
Candidates.#8....: [Generating]
HWMon.Dev.#1.....: Temp: 40c Fan:100% Util: 98% Core:2025MHz Mem:5514MHz Bus:16
HWMon.Dev.#2.....: Temp: 37c Fan:100% Util: 98% Core:2025MHz Mem:5514MHz Bus:16
HWMon.Dev.#3.....: Temp: 34c Fan:100% Util: 98% Core:2025MHz Mem:5514MHz Bus:16
HWMon.Dev.#4.....: Temp: 36c Fan:100% Util: 98% Core:2025MHz Mem:5514MHz Bus:16
HWMon.Dev.#5.....: Temp: 38c Fan:100% Util: 98% Core:2025MHz Mem:5514MHz Bus:16
HWMon.Dev.#6.....: Temp: 34c Fan:100% Util: 99% Core:2025MHz Mem:5514MHz Bus:16
HWMon.Dev.#7.....: Temp: 35c Fan:100% Util: 98% Core:2025MHz Mem:5514MHz Bus:16
HWMon.Dev.#8.....: Temp: 32c Fan:100% Util: 0% Core:1607MHz Mem:5514MHz Bus:16


The addition of this kernels requires some hashcat modifications on files:

  • interface.c
  • interface.h
  • opencl.c
Although this expects $2*$ hashes, just like bcrypt, we've made a custom parser that can handle $826y4$-like hashes and deal with it. We know that the memmove method is not as fast as we would like, but this only needs to be processed once per hash, and doesn't even loads into OpenCL kernel, so no speed drawbacks are expected on it, but any suggestion or improvement is always welcome.

Attached you can find the OpenCL kernel for Edmodo hashes and the parser that deals with the Edmodo obfuscation.

Feedback, tips, hashes, rep or just a "thanks" is always welcome.

Have fun.


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Attachments: Login to view attachments.
Avatar
SigmundFreud

Status: Banned
Joined: Sun, 18 Feb 2018
Posts: 278
Team:
Reputation: 248 Reputation
Offline
Thu, 10 May 2018 @ 19:07:27

WARNING! User is BANNED and maybe a SCAMMER.

Good work +10 rep given


Avatar
Milzo
Administrator
Status: Elite
Joined: Sat, 29 Dec 2012
Posts: 3115
Team:
Reputation: 4844 Reputation
Online
Thu, 10 May 2018 @ 19:43:58

Would have been simpler to remove the obfuscation than to re-invent the wheel.

Just parse the edmodo hash list and run as norm -m 3200


Code:
echo '$826y4$31226$dMby2sfGeQ3Gbfe04/0.cNcY2b4H1p8V7L7Gfj6ua52ecS970ybeZOYtuDG0ZKPVEU7WOZWC7QfJksu' | cut -b 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65-
$2y$12$MysGQGf0/.NYbHpVLGju5eS7yeZOYtuDG0ZKPVEU7WOZWC7QfJksu


1CrqbgYU63zfLjwKVagyiTYP9XGMgyFAVm

Forum Rules
Scammer Tracker - https://i-disclose.net/o/scamtracker.php
XMPP - milzo@xmpp.jp

Avatar
SigmundFreud

Status: Banned
Joined: Sun, 18 Feb 2018
Posts: 278
Team:
Reputation: 248 Reputation
Offline
Thu, 10 May 2018 @ 20:06:52

WARNING! User is BANNED and maybe a SCAMMER.

Milzo said:

Would have been simpler to remove the obfuscation than to re-invent the wheel.

Just parse the edmodo hash list and run as norm -m 3200


Code:
echo '$826y4$31226$dMby2sfGeQ3Gbfe04/0.cNcY2b4H1p8V7L7Gfj6ua52ecS970ybeZOYtuDG0ZKPVEU7WOZWC7QfJksu' | cut -b 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65-
$2y$12$MysGQGf0/.NYbHpVLGju5eS7yeZOYtuDG0ZKPVEU7WOZWC7QfJksu

Does salt need to be changed too or not?


Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Thu, 10 May 2018 @ 20:07:36

Edmodo hashes includes a md5 pass, so unless you have a precalculated md5 dictionary, -m 3200 wont find the passwords.

obfuscation(bcrypt(md5($pass)));


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Avatar
s3in!c
Moderator
Status: Elite
Joined: Wed, 10 Apr 2013
Posts: 815
Team:
Reputation: 1148 Reputation
Online
Thu, 10 May 2018 @ 20:29:03

EHF is right that it would not run with -m 3200, so the custom kernel is a nice work. But I agree with milzo that it would be easier to just undo the obfuscation and then run it with the bcrypt(md5()) kernel.


+Rep if I helped

Hashes.org - Powerful Community Password Recovery
Hashtopolis - Hashcat distributed cracking tool

BTC: 1VTuiKrNoytU1PvYrF3J7VapQ9oPg93Jn

Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Thu, 10 May 2018 @ 20:34:46

We agree it would be easier, but...

- The de-obfuscation process is not being ran on the kernel, just the parser, which is optional.
- The de-obfuscation process only takes place during initialization, when hashes are loaded into RAM, no more de-obfuscation passes are coming in.
- If you set the parser up and pass a de-obfuscated hash, it will run the same that if no parser were set up.

With or without the parser, the performance will be the same.
If you set de-obfuscated hashes list, no additional processes are coming in.
If you set an obfuscated hashes list, it will de-obfuscate it and then run the kernel over the bcrypt hashes.
If you set an hybrid list, it just de-obfuscate those that are obfuscated, not all.


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Avatar
s3in!c
Moderator
Status: Elite
Joined: Wed, 10 Apr 2013
Posts: 815
Team:
Reputation: 1148 Reputation
Online
Thu, 10 May 2018 @ 21:51:50

Ok, so I understand correctly that I can also just run it with the full de-obfuscated list (like it is on hashes.org) and it will run without any problems with the kernel?


+Rep if I helped

Hashes.org - Powerful Community Password Recovery
Hashtopolis - Hashcat distributed cracking tool

BTC: 1VTuiKrNoytU1PvYrF3J7VapQ9oPg93Jn

Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Thu, 10 May 2018 @ 21:52:36

Yes, that's correct.


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Avatar
s3in!c
Moderator
Status: Elite
Joined: Wed, 10 Apr 2013
Posts: 815
Team:
Reputation: 1148 Reputation
Online
Thu, 10 May 2018 @ 22:40:36

Ok, then that's pretty nice. That way it's flexible
In this case ignore my comment about that the parser should not do the obfuscation


+Rep if I helped

Hashes.org - Powerful Community Password Recovery
Hashtopolis - Hashcat distributed cracking tool

BTC: 1VTuiKrNoytU1PvYrF3J7VapQ9oPg93Jn

Avatar
payknight

Status: Cracker
Joined: Wed, 13 Apr 2016
Posts: 502
Team: just4fun
Reputation: 349 Reputation
Offline
Fri, 11 May 2018 @ 23:43:02

have u commited that into their github repo?


+rep if i helped
BTC : 1PAyKniGHt7yyCb8HdsziTHBEFX6zkGSHz

Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Mon, 14 May 2018 @ 16:10:37

No, just this forum.


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Avatar
-DDNK-

Status: Trusted
Joined: Fri, 11 Nov 2016
Posts: 1827
Team:
Reputation: 4311 Reputation
Online
Mon, 14 May 2018 @ 16:11:36

{EHF} said:

No, just this forum.

Sorry to post here, but your PM is disabled. Can I send the 40$ for the 2k IPB founds now?


+rep if I helped out!
Send BTC here: 14z84iFtBsyi4fALLsaLEtjjg2Jj8arX6Y
Send ETH here: 0x7e6B3F64B46161579ef73edbBbE0f9A5D7956E5F

Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Mon, 14 May 2018 @ 16:17:04

Hashkiller said:

Your account has had PM disabled but you can still PM admins. The reason we disable PM for new users is we have been having problems with scammers. If you want to use PM, you'll need to build your trust level up first and request access from our admins in the list above.

Yes, I will send them to an admin/moderator to forward it to you.

Thanks.


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Avatar
-DDNK-

Status: Trusted
Joined: Fri, 11 Nov 2016
Posts: 1827
Team:
Reputation: 4311 Reputation
Online
Mon, 14 May 2018 @ 16:18:53

{EHF} said:

Hashkiller said:

Your account has had PM disabled but you can still PM admins. The reason we disable PM for new users is we have been having problems with scammers. If you want to use PM, you'll need to build your trust level up first and request access from our admins in the list above.

Yes, I will send them to an admin/moderator to forward it to you.

Thanks.


Thanks, 40$ has been sent to your BTC address below.


+rep if I helped out!
Send BTC here: 14z84iFtBsyi4fALLsaLEtjjg2Jj8arX6Y
Send ETH here: 0x7e6B3F64B46161579ef73edbBbE0f9A5D7956E5F

Avatar
payknight

Status: Cracker
Joined: Wed, 13 Apr 2016
Posts: 502
Team: just4fun
Reputation: 349 Reputation
Offline
Mon, 14 May 2018 @ 16:32:07

{EHF} said:

No, just this forum.

mind sharing it on the git repo?

or can i do that in ur name?

u done an amazing job, i think more ppl should enjoy it.


+rep if i helped
BTC : 1PAyKniGHt7yyCb8HdsziTHBEFX6zkGSHz

Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Mon, 14 May 2018 @ 16:37:32

You can do it.

The more people enjoying this, the better


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Avatar
str0nGh0ld

Status: Cracker
Joined: Thu, 07 Sep 2017
Posts: 546
Team:
Reputation: 729 Reputation
Offline
Mon, 14 May 2018 @ 20:02:13

how is work?

i copy this files *.cl in OpenCl folder and when i try to run this new algorithms:

Unknown hash-type '4440' selected.
Unknown hash-type '3201' selected.


where is the mistake?

thaks


btc: 3MW21HgLqEQ7tw8UwCAtVhfJx1T7MzCgCe

Avatar
liff
Moderator
Status: Trusted
Joined: Thu, 28 Jul 2016
Posts: 1912
Team:
Reputation: 6475 Reputation
Offline
Mon, 14 May 2018 @ 20:09:53

str0nGh0ld said:

how is work?

i copy this files *.cl in OpenCl folder and when i try to run this new algorithms:

Unknown hash-type '4440' selected.
Unknown hash-type '3201' selected.


where is the mistake?

thaks

You need to add those modes in a source code and then compile it. It's explained here https://www.synopsys.com/blogs/software-security/cracking-xenforo-corpuses/


BTC: 1LiffHBEGk9L4neAgk2cGLJhU9D4xJ8L4N
XMPP: liff@xmpp.is

Avatar
{EHF}

Status: Elite
Joined: Wed, 07 Feb 2018
Posts: 411
Team: {EHF}
Reputation: 694 Reputation
Offline
Tue, 04 Dec 2018 @ 19:13:23

New Kernel: 4410

It's md5($salt.sha1($salt.$pass)) for hashcat 5.1 (latest version) and modes a0 and a3, pure and optimized.

As always interface.c and interface.h needs to be modified in order to run.

I hope someone find this useful.

Enjoy.


BTC: 1EHFTeamaugMZLYPZUW5xd1MWQReT18brW
Email: b961be2b6c3675d4ba1490fa85268a2a
Now accepting custom, mixed or iterated hashes via PM or mail.
Custom hashcat kernels

Attachments: Login to view attachments.

22 Results - Page 1 of 1 -
1

We have a total of 163692 messages in 20542 topics.
We have a total of 19308 registered users.
Our newest registered member is WeeJobbieMilzo.