From d7fb2ffa064f82213d145a622aeb72bb380be02e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 11 Jul 2025 15:02:58 +0200 Subject: [PATCH] Fixed both a false positive and a false negative in -m 21800. Previously, only the first hash in a multihash list was marked as cracked, regardless of which hash was actually cracked. For example, if the second hash was cracked, it incorrectly marked the first as cracked and left the second uncracked. This issue only affected beta versions and only in multihash cracking mode. Added deep-comp kernel support for Kerberos modes 28800 and 28900, enabling multihash cracking for the same user in the same domain, even if the password was changed or the recording was bad. Added a rule ensuring that device buffer sizes for password candidates, hooks, and transport (tmps) must be smaller than 1/4 of the maximum allocatable memory. If not, hashcat now automatically reduces kernel-accel down to 1, then halves the number of threads and restores kernel-accel up to its maximum, repeating until the size requirement is met. Fixed salt length limit verification for -m 20712. Fixed password length limit for -m 14400. Fixed unit test salt generator for -m 21100, which could produce duplicate hashes under certain conditions. Added the OPTS_TYPE_NATIVE_THREADS flag to the following hash modes (after benchmarking): 7700, 7701, 9000, 1375x, 1376x, 14800, 19500, 23900. --- OpenCL/m21800-pure.cl | 12 ++++++------ src/backend.c | 7 ++++--- src/interface.c | 6 ++++++ src/modules/module_07700.c | 1 + src/modules/module_07701.c | 1 + src/modules/module_09000.c | 1 + src/modules/module_13751.c | 1 + src/modules/module_13752.c | 1 + src/modules/module_13753.c | 1 + src/modules/module_13761.c | 1 + src/modules/module_13762.c | 1 + src/modules/module_13763.c | 1 + src/modules/module_14800.c | 1 + src/modules/module_19500.c | 1 + src/modules/module_20712.c | 4 ++-- src/modules/module_23900.c | 1 + src/modules/module_28800.c | 8 +++++++- src/modules/module_28900.c | 8 +++++++- tools/test_modules/m14400.pm | 2 +- tools/test_modules/m21100.pm | 2 +- 20 files changed, 46 insertions(+), 15 deletions(-) diff --git a/OpenCL/m21800-pure.cl b/OpenCL/m21800-pure.cl index a9b2bf635..9c2508d31 100644 --- a/OpenCL/m21800-pure.cl +++ b/OpenCL/m21800-pure.cl @@ -655,12 +655,12 @@ KERNEL_FQ KERNEL_FA void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, elec if ((entropy >= MIN_ENTROPY) && (entropy <= MAX_ENTROPY)) { - if (hc_atomic_inc (&hashes_shown[DIGESTS_OFFSET_HOST]) == 0) + if (hc_atomic_inc (&hashes_shown[digest_cur]) == 0) { - mark_hash (plains_buf, d_return_buf, SALT_POS_HOST, DIGESTS_CNT, 0, DIGESTS_OFFSET_HOST + 0, gid, 0, 0, 0); + mark_hash (plains_buf, d_return_buf, SALT_POS_HOST, DIGESTS_CNT, 0, digest_cur, gid, 0, 0, 0); } - return; + //return; } } } @@ -676,11 +676,11 @@ KERNEL_FQ KERNEL_FA void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, elec ((tmp[0] == 0x7b) && (tmp[1] == 0x0d) && (tmp[2] == 0x0a) && (tmp[3] == 0x20) && (tmp[4] == 0x20) && (tmp[5] == 0x20) && (tmp[6] == 0x20) && (tmp[7] == 0x22))) { - if (hc_atomic_inc (&hashes_shown[DIGESTS_OFFSET_HOST]) == 0) + if (hc_atomic_inc (&hashes_shown[digest_cur]) == 0) { - mark_hash (plains_buf, d_return_buf, SALT_POS_HOST, DIGESTS_CNT, 0, DIGESTS_OFFSET_HOST + 0, gid, 0, 0, 0); + mark_hash (plains_buf, d_return_buf, SALT_POS_HOST, DIGESTS_CNT, 0, digest_cur, gid, 0, 0, 0); } - return; + //return; } } diff --git a/src/backend.c b/src/backend.c index 317be0168..279d2f407 100644 --- a/src/backend.c +++ b/src/backend.c @@ -16329,10 +16329,11 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // let's add some extra space just to be sure. // now depends on the kernel-accel value (where scrypt and similar benefits), but also hard minimum 64mb and maximum 1024mb limit // let's see if we still need this now that we have low-level API to report free memory + // we don't want these get too big. if a plugin requires really a lot of memory, the extra buffer should be used instead. - if (size_pws > device_param->device_maxmem_alloc) memory_limit_hit = 1; - if (size_tmps > device_param->device_maxmem_alloc) memory_limit_hit = 1; - if (size_hooks > device_param->device_maxmem_alloc) memory_limit_hit = 1; + if (size_pws > device_param->device_maxmem_alloc / 4) memory_limit_hit = 1; + if (size_tmps > device_param->device_maxmem_alloc / 4) memory_limit_hit = 1; + if (size_hooks > device_param->device_maxmem_alloc / 4) memory_limit_hit = 1; // work around, for some reason apple opencl can't have buffers larger 2^31 // typically runs into trap 6 diff --git a/src/interface.c b/src/interface.c index 129c054f8..2ad355174 100644 --- a/src/interface.c +++ b/src/interface.c @@ -273,6 +273,12 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) CHECK_MANDATORY (module_ctx->module_hash_encode); } + // check deep comp kernel requirements + if (hashconfig->opts_type & OPTS_TYPE_DEEP_COMP_KERNEL) + { + CHECK_MANDATORY (module_ctx->module_deep_comp_kernel); + } + #undef CHECK_MANDATORY if (user_options->keyboard_layout_mapping) diff --git a/src/modules/module_07700.c b/src/modules/module_07700.c index 1d783d351..f9afd52e3 100644 --- a/src/modules/module_07700.c +++ b/src/modules/module_07700.c @@ -25,6 +25,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_NOT_ITERATED; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_PT_UPPER | OPTS_TYPE_ST_UPPER; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; diff --git a/src/modules/module_07701.c b/src/modules/module_07701.c index 232d7ca4d..46530492c 100644 --- a/src/modules/module_07701.c +++ b/src/modules/module_07701.c @@ -25,6 +25,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_NOT_ITERATED; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_PT_UPPER | OPTS_TYPE_ST_UPPER; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; diff --git a/src/modules/module_09000.c b/src/modules/module_09000.c index 5e0f66941..7b9680213 100644 --- a/src/modules/module_09000.c +++ b/src/modules/module_09000.c @@ -22,6 +22,7 @@ static const u64 KERN_TYPE = 9000; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_AUTODETECT_DISABLE | OPTS_TYPE_DYNAMIC_SHARED; diff --git a/src/modules/module_13751.c b/src/modules/module_13751.c index d2d0a50c2..2fbafff6d 100644 --- a/src/modules/module_13751.c +++ b/src/modules/module_13751.c @@ -27,6 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_REGISTER_LIMIT; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_MP_MULTI_DISABLE diff --git a/src/modules/module_13752.c b/src/modules/module_13752.c index bf51b8d7b..5c16f3736 100644 --- a/src/modules/module_13752.c +++ b/src/modules/module_13752.c @@ -27,6 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_REGISTER_LIMIT; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_MP_MULTI_DISABLE diff --git a/src/modules/module_13753.c b/src/modules/module_13753.c index fadb4ffed..282c78486 100644 --- a/src/modules/module_13753.c +++ b/src/modules/module_13753.c @@ -27,6 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_REGISTER_LIMIT; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_MP_MULTI_DISABLE diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c index 5b1b82b27..db4e7e957 100644 --- a/src/modules/module_13761.c +++ b/src/modules/module_13761.c @@ -27,6 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_REGISTER_LIMIT; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_MP_MULTI_DISABLE diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c index 6f1a27929..358b83cce 100644 --- a/src/modules/module_13762.c +++ b/src/modules/module_13762.c @@ -27,6 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_REGISTER_LIMIT; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_MP_MULTI_DISABLE diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c index fb50002a2..9ebd0f7f5 100644 --- a/src/modules/module_13763.c +++ b/src/modules/module_13763.c @@ -27,6 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_REGISTER_LIMIT; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_MP_MULTI_DISABLE diff --git a/src/modules/module_14800.c b/src/modules/module_14800.c index 1e4b91a15..c6a6a9afd 100644 --- a/src/modules/module_14800.c +++ b/src/modules/module_14800.c @@ -26,6 +26,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_SLOW_HASH_SIMD_LOOP2; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_ST_HEX | OPTS_TYPE_MP_MULTI_DISABLE | OPTS_TYPE_INIT2 diff --git a/src/modules/module_19500.c b/src/modules/module_19500.c index f7f139bfb..69d5fac2a 100644 --- a/src/modules/module_19500.c +++ b/src/modules/module_19500.c @@ -23,6 +23,7 @@ static const u64 KERN_TYPE = 19500; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_RAW_HASH; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_PT_GENERATE_BE; static const u32 SALT_TYPE = SALT_TYPE_GENERIC; static const char *ST_PASS = "hashcat"; diff --git a/src/modules/module_20712.c b/src/modules/module_20712.c index 987d688c4..94fc9a611 100644 --- a/src/modules/module_20712.c +++ b/src/modules/module_20712.c @@ -64,8 +64,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.len_min[1] = SALT_MIN; - token.len_max[1] = SALT_MAX; + token.len_min[1] = ((SALT_MIN * 8) / 6) + 0; + token.len_max[1] = ((SALT_MAX * 8) / 6) + 3; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_BASE64A; diff --git a/src/modules/module_23900.c b/src/modules/module_23900.c index fcee86004..48dbfcc39 100644 --- a/src/modules/module_23900.c +++ b/src/modules/module_23900.c @@ -22,6 +22,7 @@ static const u64 KERN_TYPE = 23900; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_NATIVE_THREADS | OPTS_TYPE_ST_HEX; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; diff --git a/src/modules/module_28800.c b/src/modules/module_28800.c index 519299654..772309913 100644 --- a/src/modules/module_28800.c +++ b/src/modules/module_28800.c @@ -23,6 +23,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_NOT_ITERATED | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_DEEP_COMP_KERNEL | OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -63,6 +64,11 @@ typedef struct krb5db_17_tmp static const char *SIGNATURE_KRB5DB = "$krb5db$17$"; +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + return KERN_RUN_3; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (krb5db_17_tmp_t); @@ -254,7 +260,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_bridge_name = MODULE_DEFAULT; module_ctx->module_bridge_type = MODULE_DEFAULT; module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; - module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; module_ctx->module_deprecated_notice = MODULE_DEFAULT; module_ctx->module_dgst_pos0 = module_dgst_pos0; module_ctx->module_dgst_pos1 = module_dgst_pos1; diff --git a/src/modules/module_28900.c b/src/modules/module_28900.c index 6f20f3c59..93c3374c4 100644 --- a/src/modules/module_28900.c +++ b/src/modules/module_28900.c @@ -23,6 +23,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_NOT_ITERATED | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_DEEP_COMP_KERNEL | OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -63,6 +64,11 @@ typedef struct krb5db_18_tmp static const char *SIGNATURE_KRB5DB = "$krb5db$18$"; +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + return KERN_RUN_3; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (krb5db_18_tmp_t); @@ -263,7 +269,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_bridge_name = MODULE_DEFAULT; module_ctx->module_bridge_type = MODULE_DEFAULT; module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; - module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; module_ctx->module_deprecated_notice = MODULE_DEFAULT; module_ctx->module_dgst_pos0 = module_dgst_pos0; module_ctx->module_dgst_pos1 = module_dgst_pos1; diff --git a/tools/test_modules/m14400.pm b/tools/test_modules/m14400.pm index 095d62e7f..664530bc3 100644 --- a/tools/test_modules/m14400.pm +++ b/tools/test_modules/m14400.pm @@ -10,7 +10,7 @@ use warnings; use Digest::SHA qw (sha1_hex); -sub module_constraints { [[0, 235], [20, 20], [0, 35], [20, 20], [0, 55]] } +sub module_constraints { [[0, 235], [20, 20], [0, 24], [20, 20], [0, 55]] } sub module_generate_hash { diff --git a/tools/test_modules/m21100.pm b/tools/test_modules/m21100.pm index 3bbd15b93..23e01cf7c 100644 --- a/tools/test_modules/m21100.pm +++ b/tools/test_modules/m21100.pm @@ -16,7 +16,7 @@ sub module_constraints { [[0, 256], [0, 256], [0, 55], [0, 55], [0, 55]] } sub module_generate_hash { my $word = shift; - my $salt = random_hex_string (1, 256); + my $salt = shift; my $digest = sha1_hex (md5_hex ($word . $salt));