1
0
mirror of https://github.com/hashcat/hashcat.git synced 2025-07-08 07:38:17 +00:00
Commit Graph

663 Commits

Author SHA1 Message Date
Jens Steube
d9918d7e44 Add Argon2 support for OpenCL and HIP
=====================================

This patch modifies the existing Argon2 plugin, which was initially
designed to work only with CUDA. Supporting OpenCL and HIP required
broader architectural changes.

1. The tmps[] structure no longer holds the "large buffer". This
buffer stored the scratch areas for all password candidates in one
chunk. But we do not need to hold scratch areas for all candidates
simultaneously. All we need to do is hold chunks large enough
per password.

To simplify logic, the buffer is not divided by password count, but
divided by four, which fits within the "1/4 global memory" limit on
some OpenCL runtimes.

Hashcat already had logic to support this, but the buffer needed to be
moved to a different buffer type. It has now been relocated from the
"tmp buffer" to the "extra tmp buffer", following the same strategy
used in newer SCRYPT plugins.

This improves handling across several subcomponents:

  - Hashcat backend divides into four asymmetric buffers, hence the
    name "4-buffer strategy"
  - If the candidate count isn't divisible by 4, leftover candidates are
    assigned to the first (and possibly second and third) buffer
  - No code in the plugin is required, as this was designed for exactly
    such cases where future algorithms require a lot of memory
  - Plugin was rewritten to report the size needed in
    module_extra_tmp_size(), which triggers the "4-buffer" strategy
  - The split is not even, but each part is large enough to hold
    a multiple of a full scratch buffer for a password
  - The kernel code in m34000_init/loop/comp now uses a code block
    that finds its buffer by doing "group_id % 4"
  - Prevents the need to over-allocate memory to avoid OOB access
  - The original "tmps buffer" now holds a small dummy state buffer

2. Replaced warp shuffle instruction

The instruction __shfl_sync() is not available in runtimes
other than CUDA. Some have alternatives, some do not.

To prevent branching per backend runtime, the new general macro
hc__shfl_sync() replaces all calls to __shfl_sync().
This allows us to implement runtime-specific solutions and
take effect at compile time to prevent regressions.

- CUDA:
  We simply map to the original __shfl_sync()

- HIP:
  We map to shfl(), a built-in intrinsic. This instruction doesn't
  support masks like __shfl_sync() does, but masks are not needed
  in Argon2 anyway. It requires an additional parameter, the wavefront
  size. This is natively 64, but we hardcode this to 32 so it aligns
  with NVIDIA's warp size.

- OpenCL:
  - AMD: We have access to the instruction __builtin_amdgcn_ds_bpermute().
    This instruction only supports 32-bit integers, requiring us to
    pack and unpack the 64-bit values manually
  - NVIDIA: We use inline assembly with "shfl.sync.idx.b32". Same as
    with AMD, we need to pack and unpack 32-bit integers. The 64-bit
    support in CUDA is just overloaded and internally does the same thing.
  - Others: We use a shared memory pool and combine it with a barrier.
    This LOCAL_VK pool must be sized at compile time and transported to
    the Argon2 code in "inc_hash_argon2.cl". This required changing all
    function declarations that use shuffles slightly.

Unlock full threading for init and comp kernels
===============================================

This is implemented using a new flag:
  OPTS_TYPE_THREAD_MULTI_DISABLE

Behavior is similar to:
  OPTS_TYPE_MP_MULTI_DISABLE

It simply disables the multiplier normally applied to password batch size.

But attention, this change completely unbinds this effect from the
real threads spawned on the compute device. If the thread count is not
set to 1 in the plugin, it will start autotuning it.

In the case of Argon2, we hard-code it to 32 instead, which also changes
how "warp size" was used in the original implementation, and which is not
compatible with HIP and/or OpenCL. However, we need to maintain this thread
size to utilize warp shuffle and its alternatives in other runtimes.

Benefits:

  - Enables full threading for init and comp kernels (1667 H/s to 1722 H/s)
  - Allows future algorithms to enable parallel processing of single
    password candidates, if supported

Plugin changes:

  - Removed the "hack" where thread count = 1 disabled the multiplier
  - Removed per-device warp count detection code and struct changes
  - Removed warp handling and "num_elements / thread_count" division in
    the run_kernel() function

Simplified autotune logic for Argon2
====================================

The goal is to calculate the maximum number of password candidates that
can run in parallel, constrained only by device memory.

  - Removed all code related to Argon2 from autotune
  - Implemented in "module_extra_tuningdb_block()" (like SCRYPT)
  - We create a tuningdb entry at runtime!
  - Still allows override via tuningdb or CLI
  - Considers register spilling (read at startup)
  - Prevents global-to-host memory swap performance issues

Add Argon2I and ArgonD support
==============================

The kernel prepared from NFI already had support for the different Argon
types. No change was needed.

To support the other Argon2 types, the tokenizer had to be improved to
support a variety of different signatures in the same hash-mode.

Bugfixes
========

- Fixed missing entries in "switch_buffer_by_offset_8x4_le_S()"
- Fixed benchmark hash misdetection for scrypt. This was due to
  outdated logic used in scrypt to detect whether the plugin was
  called from a benchmark session or a regular one
- Fixed a bug in "module_hash_encode()" where Base64 padding '=' was
  retained
- Fixed missing "GLOBAL_AS" / "PRIVATE_AS" casts for OpenCL
- Fixed compiler warnings (e.g., "index_u32x4()", "get_group_id()")
  by adding return values
- Fixed a bug in token.len_max[6], which was allowing decoding
  of a 256-byte data into a 16-byte buffer (digest)

Other improvements
==================

- Added unit test module for automated testing
- Added support to the tokenizer to allow multiple signatures.
  Leave out TOKEN_ATTR_FIXED_LENGTH to enable this in your plugins
- Updated "hc_umulhi()", also exists for HIP
- Renamed "gid" to "bid" when using "get_group_id()" for clarity
- Removed "#ifdef IS_CUDA" as all backends are now supported
- Removed deprecated "OPTS_TYPE_MAXIMUM_ACCEL" attribute

Performance note
================

For testing, I used the self-test hash configured according to the
RFC 9106 recommendation: m=65536, t=3, p=1.

In my benchmarks, the AMD RX 7900 XTX achieved 1401 H/s using the same
hash that was used to test NVIDIA's RTX 4090. The RTX 4090 reached
1722 H/s, making it faster in absolute terms. However, at the time of
writing, it is more than three times as expensive as the 7900 XTX.

It's also worth noting that an older NVIDIA GTX 1080 Ti still reached
565 H/s with the same test vector, and may be found at significantly
lower cost.

Across all tested Argon2 configurations, the performance gap between
the RX 7900 XTX and the RTX 4090 remained proportionally consistent,
indicating a clear linear scaling relationship between the two GPUs.
2025-07-02 11:02:57 +02:00
Jens Steube
0c2ed0d199 Update plugins that benefit from an artificially limited register count (NVIDIA).
Update default hash settings to 64MiB:3:4 for Argon2 in -m 70000, following RFC 9106 recommendations.
Add option OPTS_TYPE_THREAD_MULTI_DISABLE: allows plugin developers to disable scaling the password candidate batch size based on device thread count. This can be useful for super slow hash algorithms that utilize threads differently, e.g., when the algorithm allows parallelization. Note: thread count for the device can still be set normally.
Add options OPTI_TYPE_SLOW_HASH_DIMY_INIT/LOOP/COMP: enable 2D launches for slow hash init/loop/comp kernel with dimensions X and Y. The Y value must be set via salt->salt_dimy attribute.
Change autotune kernel-loops start value to the lowest multiple of the target hash iteration count, if kernel_loops_min permits.
Fixed a bug in autotune where kernel_threads_max was not respected during initial init and loop-prepare kernel runs.
2025-06-29 14:39:14 +02:00
Gabriele Gristina
a3afca56b8
Merge remote-tracking branch 'upstream/master' into ripemd320 2025-06-26 21:37:40 +02:00
Jens Steube
e134564a73 Increase default iteration count per kernel invocation from 1024 to 2048
Add support for lower iteration counts per kernel invocation than the default, enabling TMTO for low scrypt configurations, such as N=1024
Use TMTO 2 if it reaches 4 times the device processor count, instead of TMTO 1 always
Improve performance for low scrypt configurations (hash-mode 9300)
Fix unit test for 15700 with correct scrypt configurations
Disable CPU over subscription for SCRYPT based algorithms
2025-06-15 21:14:40 +02:00
Jens Steube
8494116ded Added support for WBB4 (Woltlab Burning Board) Plugin [bcrypt(bcrypt($pass))]
Thanks for the contribution! You know who you are.
2025-06-13 12:38:06 +02:00
Jens Steube
2e640c4e9f Speed improvements for all QNX /etc/shadow
Speed improvements for all OpenSSH private key (by reducing max upported password length from 256 to 128)
2025-06-12 21:18:24 +02:00
Gabriele Gristina
2485c1fcb5 Module 33700: limit data len to 32 bytes, based on the extraction tool 2025-06-10 00:35:35 +02:00
Gabriele Gristina
86c8323ae2 Added hash-mode: Microsoft Online Account (PBKDF2-HMAC-SHA256 + AES256) 2025-06-08 21:39:29 +02:00
Jens Steube
73d817e74f The Assimilation Bridge (Python plugins -m 72000 and -m 73000) 2025-06-02 10:15:34 +02:00
Jens Steube
b02b1b5033 - Add code to recognize Microsofts OpenCL D3D12 platform
- Skip memory-free detection on MS OpenCL platform to avoid crashes
- Improve salt usage of 70100/70200, use decoder/kernels from 8900
- Add REPLACE bridge type support (eg. BRIDGE_TYPE_REPLACE_LOOP)
- Switch 70000, 70100 and 70200 to BRIDGE_TYPE_REPLACE_LOOP
- Add synchronization barriers on d2h copy when using bridges
- Improve speed status display updates when using bridges
- Set AMD_DIRECT_DISPATCH=0 to reduce CPU burning loop on AMD backends
- Set benchmark/selftest hash on 70100/70200 to 16:8:1
2025-06-02 06:59:36 +02:00
Jens Steube
ed71e41ae1 The Assimilation Bridge (Scrypt-Yescrypt GPU-CPU hybrid plugin -m 70200) 2025-06-01 07:10:00 +02:00
Jens Steube
a2a9941475 The Assimilation Bridge (Scrypt-Jane GPU-CPU hybrid plugin -m 70100) 2025-05-31 12:24:44 +02:00
Jens Steube
dc50bdbc72 The Assimilation Bridge (Argon2id plugin -m 70000) 2025-05-30 11:21:40 +02:00
Gabriele Gristina
31a19b9acf Added hash-modes: RIPEMD-320, HMAC-RIPEMD320 (key = $pass), HMAC-RIPEMD320 (key = $salt) 2025-05-26 20:28:13 +02:00
Jens Steube
b293b47ad7
Merge pull request #4196 from matrix/test_unit_33300
add test unit for 33300 (HMAC-BLAKE2s-256)
2025-05-26 20:18:17 +02:00
Jens Steube
f70022b898
Merge pull request #4197 from matrix/test_unit_20730
add test unit for 20730 (sha256(sha256($pass.$salt)))
2025-05-22 07:38:57 +02:00
Jens Steube
686c2ac078
Merge pull request #4199 from matrix/resurrect_PR_2561
Added hash-mode: BestCrypt v4 Volume Encryption
2025-05-19 13:57:14 +02:00
Jens Steube
6782d78898 Rename -m 4500x to -m 3350x 2025-05-18 21:07:44 +02:00
Gabriele Gristina
ff6185e9b4 Added hash-modes: RC4 40-bit DropN, RC4 72-bit DropN, RC4 104-bit DropN 2025-05-06 20:44:50 +02:00
Gabriele Gristina
24fa627f2f Added hash-mode: BestCrypt v4 Volume Encryption 2025-04-27 20:57:43 +02:00
Gabriele Gristina
af6afc06ea add test unit for 20730 (sha256(sha256($pass.$salt))) 2025-04-26 13:15:28 +02:00
Gabriele Gristina
12bc11482b add test unit for 33300 (HMAC-BLAKE2s-256) 2025-04-26 13:07:08 +02:00
Jens Steube
cc9ed0e24b
Merge pull request #3845 from philsmd/26610_verify_fix
verify test fix for -m 26610 = MetaMask Wallet (short)
2023-09-05 08:19:08 +02:00
Jens Steube
4d31e4d6ce
Merge pull request #3846 from philsmd/31900_verify_fix
verify test fix for -m 31900 = MetaMask Mobile Wallet
2023-09-04 15:31:33 +02:00
Jens Steube
8a3fa5c7d9
Merge pull request #3847 from philsmd/32100_verify_fix
verify fix for -m 32100=Kerberos 5,etype 17,AS-REP
2023-09-03 20:18:42 +02:00
Jens Steube
0dcd2a757b
Merge pull request #3848 from philsmd/32200_verify_fix
verify fix for -m 32200=Kerberos 5, etype 18, AS-REP
2023-09-02 20:00:25 +02:00
red
61944481b9
Update m31900.pm
adapt mode's unit-test for longer CT sections
2023-08-29 21:50:12 +02:00
Jens Steube
c2de4961a3
Merge pull request #3843 from philsmd/30700_verify_fix
verify test fix for -m 30700 = Anope IRC Services
2023-08-29 13:45:46 +02:00
Jens Steube
5752ad9ab6
Merge pull request #3842 from philsmd/3730_verify_fix
verify test fix for -m 3730 = md5($s1.uc(md5($s2.$p)))
2023-08-28 11:05:24 +02:00
Jens Steube
20682e55b1
Merge pull request #3841 from philsmd/6800_verify_fix
verify test fix for -m 6800 = LastPass sniffed
2023-08-26 22:06:08 +02:00
philsmd
d462e61e55
verify fix for -m 32200=Kerberos 5,etype 18,AS-REP 2023-08-19 12:09:59 +02:00
philsmd
5b6eecd253
verify fix for -m 32100=Kerberos 5,etype 17,AS-REP 2023-08-19 12:05:49 +02:00
philsmd
b2fc157624
verify test fix for -m 31900 = MetaMask Mobile Wallet 2023-08-19 12:00:29 +02:00
philsmd
dd77925cdd
verify test fix for -m 2661- = MetaMask Wallet (short) 2023-08-19 11:54:49 +02:00
philsmd
9807494f46
verify test fix for -m 30700 = Anope IRC Services 2023-08-19 11:50:10 +02:00
philsmd
1dcc0e2868
verify test fix for -m 3730 = md5($s1.uc(md5($s2.$p))) 2023-08-19 11:45:58 +02:00
philsmd
b71a2d09f2
verify test fix for -m 6800 = LastPass sniffed 2023-08-19 11:40:05 +02:00
philsmd
8743246641
verify test fix for -m 13400/-m 29700 2023-08-19 11:34:57 +02:00
jsteube
c2065d158c Renamed hash-mode 6150 to 32600 2023-08-03 20:55:47 +00:00
Jens Steube
92e9247995
Merge pull request #3813 from PenguinKeeper7/CubeCart
Added hash-mode: CubeCart (whirlpool($salt.$pass.$salt))
2023-08-02 22:39:26 +02:00
PenguinKeeper7
abe6fd76c4 Added hash-mode: CubeCart (whirlpool($salt.$pass.$salt)) 2023-07-28 18:43:21 +01:00
justpretending
b2f14f2f5d Fix some typos 2023-07-27 23:11:55 +07:00
Gabriele Gristina
567ceefaf0 Added hash-mode: sha512(sha512_bin($pass).$salt) 2023-07-01 23:49:48 +02:00
Gabriele Gristina
b6ae3d867e Added hash-mode: md5(sha1($salt.$pass)) 2023-06-27 02:58:20 +02:00
Jens Steube
f5ec183552
Merge pull request #3773 from matrix/algo_2630
Added hash-mode: md5(md5($pass.$salt))
2023-06-26 20:04:40 +02:00
Gabriele Gristina
c31d8d2b95 Added hash-mode: md5(md5($pass.$salt)) 2023-06-24 03:25:00 +02:00
Gabriele Gristina
40f087923f Added hash-mode: md5(sha1($pass.$salt)) 2023-06-24 00:21:33 +02:00
Jens Steube
2d60359827
Merge pull request #3766 from matrix/algo_RSA_NetWitness
Added hash-mode: RSA Security Analytics / NetWitness (sha256)
2023-06-19 19:42:15 +02:00
Jens Steube
82cf3b63b9
Merge pull request #3764 from matrix/algo_21310
Added hash-mode: md5($salt1.sha1($salt2.$pass))
2023-06-17 16:57:49 +02:00
Gabriele Gristina
e506823772 Added hash-mode: RSA Security Analytics / NetWitness (sha256) 2023-06-17 14:41:17 +02:00