diff --git a/docs/changes.txt b/docs/changes.txt index cda140812..b73cb00d3 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -13,6 +13,12 @@ - Added hash-mode: iPhone passcode (UID key + System Keybag) - Added hash-mode: MetaMask Wallet +## +## Features +## + +- Added option --markov-inverse to inverse markov statistics, with the idea of reversing the order of the password candidates + ## ## Bugs ## diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index ec48c339d..a1bd0842c 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -426,7 +426,7 @@ _hashcat () local BUILD_IN_CHARSETS='?l ?u ?d ?a ?b ?s ?h ?H' local SHORT_OPTS="-m -a -V -h -b -t -T -o -p -c -d -D -w -n -u -j -k -r -g -1 -2 -3 -4 -i -I -s -l -O -S -z" - local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-json --status-timer --stdin-timeout-abort --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --hash-info --backend-ignore-cuda --backend-ignore-opencl --backend-info --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-disable --hwmon-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates --brain-server --brain-server-timer --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password --identify" + local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-json --status-timer --stdin-timeout-abort --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-inverse --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --hash-info --backend-ignore-cuda --backend-ignore-opencl --backend-info --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-disable --hwmon-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates --brain-server --brain-server-timer --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password --identify" local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --stdin-timeout-abort --markov-hcstat2 --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-temp-abort --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment-min --increment-max --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --brain-server-timer --brain-client-features --brain-host --brain-password --brain-port --brain-session --brain-session-whitelist" COMPREPLY=() diff --git a/include/types.h b/include/types.h index 302180055..99a766689 100644 --- a/include/types.h +++ b/include/types.h @@ -641,6 +641,7 @@ typedef enum user_options_defaults MACHINE_READABLE = false, MARKOV_CLASSIC = false, MARKOV_DISABLE = false, + MARKOV_INVERSE = false, MARKOV_THRESHOLD = 0, NONCE_ERROR_CORRECTIONS = 8, BACKEND_IGNORE_CUDA = false, @@ -751,55 +752,56 @@ typedef enum user_options_map IDX_MARKOV_CLASSIC = 0xff28, IDX_MARKOV_DISABLE = 0xff29, IDX_MARKOV_HCSTAT2 = 0xff2a, + IDX_MARKOV_INVERSE = 0xff2b, IDX_MARKOV_THRESHOLD = 't', - IDX_NONCE_ERROR_CORRECTIONS = 0xff2b, + IDX_NONCE_ERROR_CORRECTIONS = 0xff2c, IDX_OPENCL_DEVICE_TYPES = 'D', IDX_OPTIMIZED_KERNEL_ENABLE = 'O', - IDX_OUTFILE_AUTOHEX_DISABLE = 0xff2c, - IDX_OUTFILE_CHECK_DIR = 0xff2d, - IDX_OUTFILE_CHECK_TIMER = 0xff2e, - IDX_OUTFILE_FORMAT = 0xff2f, + IDX_OUTFILE_AUTOHEX_DISABLE = 0xff2d, + IDX_OUTFILE_CHECK_DIR = 0xff2e, + IDX_OUTFILE_CHECK_TIMER = 0xff2f, + IDX_OUTFILE_FORMAT = 0xff30, IDX_OUTFILE = 'o', - IDX_POTFILE_DISABLE = 0xff30, - IDX_POTFILE_PATH = 0xff31, - IDX_PROGRESS_ONLY = 0xff32, - IDX_QUIET = 0xff33, - IDX_REMOVE = 0xff34, - IDX_REMOVE_TIMER = 0xff35, - IDX_RESTORE = 0xff36, - IDX_RESTORE_DISABLE = 0xff37, - IDX_RESTORE_FILE_PATH = 0xff38, + IDX_POTFILE_DISABLE = 0xff31, + IDX_POTFILE_PATH = 0xff32, + IDX_PROGRESS_ONLY = 0xff33, + IDX_QUIET = 0xff34, + IDX_REMOVE = 0xff35, + IDX_REMOVE_TIMER = 0xff36, + IDX_RESTORE = 0xff37, + IDX_RESTORE_DISABLE = 0xff38, + IDX_RESTORE_FILE_PATH = 0xff39, IDX_RP_FILE = 'r', - IDX_RP_GEN_FUNC_MAX = 0xff39, - IDX_RP_GEN_FUNC_MIN = 0xff3a, + IDX_RP_GEN_FUNC_MAX = 0xff3a, + IDX_RP_GEN_FUNC_MIN = 0xff3b, IDX_RP_GEN = 'g', - IDX_RP_GEN_SEED = 0xff3b, + IDX_RP_GEN_SEED = 0xff3c, IDX_RULE_BUF_L = 'j', IDX_RULE_BUF_R = 'k', - IDX_RUNTIME = 0xff3c, - IDX_SCRYPT_TMTO = 0xff3d, + IDX_RUNTIME = 0xff3d, + IDX_SCRYPT_TMTO = 0xff3e, IDX_SEGMENT_SIZE = 'c', - IDX_SELF_TEST_DISABLE = 0xff3e, + IDX_SELF_TEST_DISABLE = 0xff3f, IDX_SEPARATOR = 'p', - IDX_SESSION = 0xff3f, - IDX_SHOW = 0xff40, + IDX_SESSION = 0xff40, + IDX_SHOW = 0xff41, IDX_SKIP = 's', IDX_SLOW_CANDIDATES = 'S', - IDX_SPEED_ONLY = 0xff41, - IDX_SPIN_DAMP = 0xff42, - IDX_STATUS = 0xff43, - IDX_STATUS_JSON = 0xff44, - IDX_STATUS_TIMER = 0xff45, - IDX_STDOUT_FLAG = 0xff46, - IDX_STDIN_TIMEOUT_ABORT = 0xff47, - IDX_TRUECRYPT_KEYFILES = 0xff48, - IDX_USERNAME = 0xff49, - IDX_VERACRYPT_KEYFILES = 0xff4a, - IDX_VERACRYPT_PIM_START = 0xff4b, - IDX_VERACRYPT_PIM_STOP = 0xff4c, + IDX_SPEED_ONLY = 0xff42, + IDX_SPIN_DAMP = 0xff43, + IDX_STATUS = 0xff44, + IDX_STATUS_JSON = 0xff45, + IDX_STATUS_TIMER = 0xff46, + IDX_STDOUT_FLAG = 0xff47, + IDX_STDIN_TIMEOUT_ABORT = 0xff48, + IDX_TRUECRYPT_KEYFILES = 0xff49, + IDX_USERNAME = 0xff4a, + IDX_VERACRYPT_KEYFILES = 0xff4b, + IDX_VERACRYPT_PIM_START = 0xff4c, + IDX_VERACRYPT_PIM_STOP = 0xff4d, IDX_VERSION_LOWER = 'v', IDX_VERSION = 'V', - IDX_WORDLIST_AUTOHEX_DISABLE = 0xff4d, + IDX_WORDLIST_AUTOHEX_DISABLE = 0xff4e, IDX_WORKLOAD_PROFILE = 'w', } user_options_map_t; @@ -2006,6 +2008,7 @@ typedef struct user_options bool machine_readable; bool markov_classic; bool markov_disable; + bool markov_inverse; bool backend_ignore_cuda; bool backend_ignore_opencl; bool backend_info; diff --git a/src/brain.c b/src/brain.c index 371e818f6..c479232d0 100644 --- a/src/brain.c +++ b/src/brain.c @@ -295,10 +295,12 @@ u32 brain_compute_attack (hashcat_ctx_t *hashcat_ctx) const int markov_classic = user_options->markov_classic; const int markov_disable = user_options->markov_disable; + const int markov_inverse = user_options->markov_inverse; const int markov_threshold = user_options->markov_threshold; XXH64_update (state, &markov_classic, sizeof (markov_classic)); XXH64_update (state, &markov_disable, sizeof (markov_disable)); + XXH64_update (state, &markov_inverse, sizeof (markov_inverse)); XXH64_update (state, &markov_threshold, sizeof (markov_threshold)); if (user_options->markov_hcstat2) @@ -352,10 +354,12 @@ u32 brain_compute_attack (hashcat_ctx_t *hashcat_ctx) const int markov_classic = user_options->markov_classic; const int markov_disable = user_options->markov_disable; + const int markov_inverse = user_options->markov_inverse; const int markov_threshold = user_options->markov_threshold; XXH64_update (state, &markov_classic, sizeof (markov_classic)); XXH64_update (state, &markov_disable, sizeof (markov_disable)); + XXH64_update (state, &markov_inverse, sizeof (markov_inverse)); XXH64_update (state, &markov_threshold, sizeof (markov_threshold)); if (user_options->markov_hcstat2) @@ -445,10 +449,12 @@ u32 brain_compute_attack (hashcat_ctx_t *hashcat_ctx) const int markov_classic = user_options->markov_classic; const int markov_disable = user_options->markov_disable; + const int markov_inverse = user_options->markov_inverse; const int markov_threshold = user_options->markov_threshold; XXH64_update (state, &markov_classic, sizeof (markov_classic)); XXH64_update (state, &markov_disable, sizeof (markov_disable)); + XXH64_update (state, &markov_inverse, sizeof (markov_inverse)); XXH64_update (state, &markov_threshold, sizeof (markov_threshold)); if (user_options->markov_hcstat2) diff --git a/src/mpsp.c b/src/mpsp.c index 908d0d443..67168e189 100644 --- a/src/mpsp.c +++ b/src/mpsp.c @@ -659,6 +659,7 @@ static int sp_setup_tbl (hashcat_ctx_t *hashcat_ctx) char *hcstat = user_options->markov_hcstat2; u32 disable = user_options->markov_disable; u32 classic = user_options->markov_classic; + bool inverse = user_options->markov_inverse; hcstat_table_t *root_table_buf = mask_ctx->root_table_buf; hcstat_table_t *markov_table_buf = mask_ctx->markov_table_buf; @@ -720,7 +721,7 @@ static int sp_setup_tbl (hashcat_ctx_t *hashcat_ctx) HCFILE fp; - if (hc_fopen (&fp, hcstat, "rb") == false) + if (hc_fopen_raw (&fp, hcstat, "rb") == false) { event_log_error (hashcat_ctx, "%s: %s", hcstat, strerror (errno)); @@ -793,6 +794,16 @@ static int sp_setup_tbl (hashcat_ctx_t *hashcat_ctx) for (int i = 0; i < SP_ROOT_CNT; i++) root_stats_buf[i] = byte_swap_64 (root_stats_buf[i]); for (int i = 0; i < SP_MARKOV_CNT; i++) markov_stats_buf[i] = byte_swap_64 (markov_stats_buf[i]); + /** + * markov inverse: https://github.com/hashcat/hashcat/issues/1058 + */ + + if (inverse == true) + { + for (int i = 0; i < SP_ROOT_CNT; i++) root_stats_buf[i] = 0 - (1 + root_stats_buf[i]); + for (int i = 0; i < SP_MARKOV_CNT; i++) markov_stats_buf[i] = 0 - (1 + markov_stats_buf[i]); + } + /** * verify header */ diff --git a/src/user_options.c b/src/user_options.c index d8aa7f5b3..eca0244c5 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -82,6 +82,7 @@ static const struct option long_options[] = {"markov-classic", no_argument, NULL, IDX_MARKOV_CLASSIC}, {"markov-disable", no_argument, NULL, IDX_MARKOV_DISABLE}, {"markov-hcstat2", required_argument, NULL, IDX_MARKOV_HCSTAT2}, + {"markov-inverse", no_argument, NULL, IDX_MARKOV_INVERSE}, {"markov-threshold", required_argument, NULL, IDX_MARKOV_THRESHOLD}, {"nonce-error-corrections", required_argument, NULL, IDX_NONCE_ERROR_CORRECTIONS}, {"opencl-device-types", required_argument, NULL, IDX_OPENCL_DEVICE_TYPES}, @@ -216,6 +217,7 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->markov_classic = MARKOV_CLASSIC; user_options->markov_disable = MARKOV_DISABLE; user_options->markov_hcstat2 = NULL; + user_options->markov_inverse = MARKOV_INVERSE; user_options->markov_threshold = MARKOV_THRESHOLD; user_options->nonce_error_corrections = NONCE_ERROR_CORRECTIONS; user_options->opencl_device_types = NULL; @@ -425,6 +427,7 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_RULE_BUF_R: user_options->rule_buf_r = optarg; break; case IDX_MARKOV_DISABLE: user_options->markov_disable = true; break; case IDX_MARKOV_CLASSIC: user_options->markov_classic = true; break; + case IDX_MARKOV_INVERSE: user_options->markov_inverse = true; break; case IDX_MARKOV_THRESHOLD: user_options->markov_threshold = hc_strtoul (optarg, NULL, 10); break; case IDX_MARKOV_HCSTAT2: user_options->markov_hcstat2 = optarg; break; case IDX_OUTFILE: user_options->outfile = optarg; break; @@ -3070,6 +3073,7 @@ void user_options_logger (hashcat_ctx_t *hashcat_ctx) logfile_top_uint (user_options->machine_readable); logfile_top_uint (user_options->markov_classic); logfile_top_uint (user_options->markov_disable); + logfile_top_uint (user_options->markov_inverse); logfile_top_uint (user_options->markov_threshold); logfile_top_uint (user_options->backend_info); logfile_top_uint (user_options->backend_vector_width);