Developing Hashcat, a tool for advanced password recovery

As general-purpose computing on graphics processing units (GPGPU) became more viable around 2009, professional software developer Jens “atom” Steube wanted to understand the technology. He was on the lookout for a piece of software that could make use of high performance computing, something that will be helpful to many users.

Steube had a background in information security and was a prolific bug hunter. He found many exploitable security holes, and practiced responsible disclosure. Since he often had to use password-cracking software which requires plenty of computing power, he decided to write a password cracker to learn about GPGPU.

Hashcat

This resulted in the creation of Hashcat, an advanced password recovery utility for Windows, OS X, and GNU/Linux, available under the MIT license. Hashcat supports seven unique modes of attack for over 100 optimized hashing algorithms. Here are some of the features:

  • Multi-GPU (up to 128 GPUs)
  • Multi-Hash (up to 100 million hashes)
  • Low resource utilization (you can still watch movies or play games while cracking)
  • Supports pause / resume while cracking
  • Supports sessions, restore, reading words from file/stdin
  • Supports hex-salt, hex-charset
  • Built-in benchmarking system
  • Integrated thermal watchdog
  • 150+ algorithms implemented with performance in mind.

Development challenges

Back in the day, the biggest challenge for Steube was to compete with already established GPGPU crackers like Multiforcer, IGHASHGPU, BarsWF and EGB. “I saw a flaw in all of them: they only supported brute-force. When I talked to the developers why they don’t support wordlist-based attacks, they said it wasn’t possible due to the PCIE Bus – they found it to be too slow for wordlist-based cracking. I was surprised, and tried the seemingly impossible in combination with my goal to learn about GPGPU,” says Steube.

He wanted to solve the problem by transfering two wordlists. Once transfered, he would store them both in GPU memory and then combine each word of wordlist 1 with each word of wordlist 2. This created passwords people typically use, enough workload to utilize GPU parallelization power, and worked around the problem with the slow PCIE Bus. Here’s a video of it:

Plans for the future

There are currently two versions of the tool available: Hashcat and oclHashcat, one to use CPU and one to use GPU. Steube says we can expect the final version of Hashcat 3.00 this month, and the most important news will be the fusion of the two tools. Not only that, but you’ll also be able to utilize both CPU and GPU, even in parallel, and it will support exotic hardware like FPGA and DSP.

“In order to make it easier to create packages I added a lot of code and changes to lower the difficulty for package maintainers, with the hope it will be comfortable enough to create Hashcat packages for every Linux distribution, and also (as long as there is driver and OpenCL support) for BSD. For example, there’s a native compiler target, an install and uninstall target and it’s fully FHS compatible. It even uses $HOME/.hashcat for its temporary files. On top of that, we were able to rewrite most of the code which enabled us to drop all depencies on other libraries. You will be able to compile a native hashcat with a simple make,” says Steube.