.. | ||
m00000.pm | ||
m00010.pm | ||
m00011.pm | ||
m00012.pm | ||
m00020.pm | ||
m00021.pm | ||
m00022.pm | ||
m00023.pm | ||
m00030.pm | ||
m00040.pm | ||
m00050.pm | ||
m00060.pm | ||
m00100.pm | ||
m00110.pm | ||
m00120.pm | ||
m00200.pm | ||
m00300.pm | ||
m01000.pm | ||
m01500.pm | ||
m05600.pm | ||
m18400.pm | ||
m18500.pm | ||
m18600.pm | ||
README.md |
Hashcat test modules
Each module provides the functions module_constraints
, module_generate_hash
and module_verify_hash
.
- The
module_constraints
function should return the minimum and maximum length of the password, salt and the combination of password and salt in following order: password (pure), salt (pure), password (optimized), salt (optimized) and combination (optimized). Each pair should be set to -1 if the hash mode is not supporting the appropriate field. For example, if a hash-mode does not support a salt, it should be set to -1. The last field (combination) is important if the the password and the salt is stored in the same buffer in the kernel (typically raw hashes only). - The first parameter to
module_generate_hash
is the password, which can be either in ASCII or binary (packed) form. The second parameter is the salt *which can be undefined for unsalted hash modes). - The
module_verify_hash
function accepts a line from the cracks file, without the newline characters.
During single
and passthrough
tests the module_generate_hash
function must provide random values (e.g. salt) for hash generation if necessary. The test.pl script offers a few handy functions like random_hex_string
, random_numeric_string
and random_bytes
. You can implement your own salt generation functions, if your mode has specific requirements.
During verify
tests the module_verify_hash
function must parse the hash:password line and calculate a hash by passing all necessary data to module_generate_hash
. How you pass it is up to you, as long as the first parameter is the password.
Important: You have to call pack_if_HEX_notation
as soon as you have parsed the password, or your tests will fail on passwords in the $HEX[...]
format.
If the algorithm has ambiguous hashes (e.g. partial case-insensetivity), the test module can provide an optional function module_preprocess_hashlist
. It recieves a reference to the hashlist array and can unify the hashes in a way that guarantees the match with the output of module_verify_hash
.
Examples
- For the most basic test modules, see m00000.pm and m00100.pm
- For the basic salted hash tests, see m00110.pm and m00120.pm
- For some sligthly more complex modules with PBKDF2 and encryption, see m18400.pm and m18600.pm
- For a test module with hashlist preprocessing and a custom salt generation algorithm, see m05600.pm
NOTE:
In order to not have double work while migrating existing code to test modules, here's a work sheet for everyone who wants to contribute. Simply put your name to reserve a particular mode here:
https://docs.google.com/spreadsheets/d/14uxfwDiq316Qad0ILavWD2eeYSVr4vn2HD58hdlL35g/edit#gid=0