The hashcat brain

Banaanhangwagen · Oct 28, 2018 · d6fe2c7 · d6fe2c7
1 parent 24ce7ba
commit d6fe2c7
Show file tree

Hide file tree

Showing 20 changed files with 4,543 additions and 3 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "OpenCL-Headers"]
 	path = deps/git/OpenCL-Headers
 	url = https://github.com/KhronosGroup/OpenCL-Headers.git
+[submodule "xxHash"]
+	path = deps/git/xxHash
+	url = https://github.com/Cyan4973/xxHash.git
diff --git a/deps/git/xxHash b/deps/git/xxHash
diff --git a/docs/changes.txt b/docs/changes.txt
@@ -5,6 +5,13 @@
 ##
 
 - Added new option --slow-candidates which allows hashcat to generate passwords on-host
+- Added new option --brain-server to start a hashcat brain server
+- Added new option --brain-client to start a hashcat brain client, automatically activates --slow-candidates
+- Added new option --brain-host and --brain-port to specify ip and port of brain server, both listening and connecting
+- Added new option --brain-session to override automatically calculated brain session ID
+- Added new option --brain-session-whitelist to allow only explicit written session ID on brain server
+- Added new option --brain-password to specify the brain server authentication password
+- Added new option --brain-client-features which allows enable and disable certain features of the hashcat brain
 
 ##
 ## Algorithms

diff --git a/docs/readme.txt b/docs/readme.txt
@@ -21,6 +21,7 @@ NVIDIA GPUs require "NVIDIA Driver" (367.x or later)
 - Multi-Hash (Cracking multiple hashes at the same time)
 - Multi-Devices (Utilizing multiple devices in same system)
 - Multi-Device-Types (Utilizing mixed device types in same system)
+- Supports password candidate brain functionality
 - Supports distributed cracking networks (using overlay)
 - Supports interactive pause / resume
 - Supports sessions

diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh
@@ -189,8 +189,8 @@ _hashcat ()
   local BUILD_IN_CHARSETS='?l ?u ?d ?a ?b ?s ?h ?H'
 
   local SHORT_OPTS="-m -a -V -v -h -b -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -i -I -s -l -O -S -z"
-  local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-timer --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --opencl-info --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-disable --gpu-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates"
-  local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --markov-hcstat2 --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-abort --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment-min --increment-max --scrypt-tmto --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to"
+  local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-timer --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --opencl-info --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-disable --gpu-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable  --slow-candidates --brain-server --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password"
+  local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --markov-hcstat2 --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --opencl-devices --opencl-platforms --opencl-device-types --opencl-vector-width --workload-profile --kernel-accel --kernel-loops --nvidia-spin-damp --gpu-temp-abort --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment-min --increment-max --scrypt-tmto --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to  --brain-host --brain-password --brain-port --brain-session --brain-whitelist-session"
 
   COMPREPLY=()
   local cur="${COMP_WORDS[COMP_CWORD]}"
@@ -363,7 +363,51 @@ _hashcat ()
       --status-timer|--markov-threshold|--runtime|--session|--separator|--segment-size|--rule-left|--rule-right| \
       --nvidia-spin-damp|--gpu-temp-abort|--generate-rules|--generate-rules-func-min|--generate-rules-func-max| \
       --increment-min|--increment-max|--remove-timer|--bitmap-min|--bitmap-max|--skip|--limit|--generate-rules-seed| \
-      --outfile-check-timer|--outfile-check-dir|--induction-dir|--scrypt-tmto|--encoding-from|--encoding-to|--optimized-kernel-enable)
+      --outfile-check-timer|--outfile-check-dir|--induction-dir|--scrypt-tmto|--encoding-from|--encoding-to|--optimized-kernel-enable|--brain-host|--brain-port|--brain-password)
+      return 0
+      ;;
+
+    --brain-session)
+      local cur_session=$(echo "${cur}" | grep -Eo '^0x[0-9a-fA-F]*' | sed 's/^0x//')
+
+      local session_var="0x${cur_session}"
+
+      if [ "${#cur_session}" -lt 8 ]
+      then
+        session_var="${session_var}0 ${session_var}1 ${session_var}2 ${session_var}3 ${session_var}4
+                     ${session_var}5 ${session_var}6 ${session_var}7 ${session_var}8 ${session_var}9
+                     ${session_var}a ${session_var}b ${session_var}c ${session_var}d ${session_var}e
+                     ${session_var}f"
+      fi
+
+      COMPREPLY=($(compgen -W "${session_var}" -- ${cur}))
+
+      return 0
+      ;;
+
+    --brain-session-whitelist)
+      local session_list=$(echo "${cur}" | grep -Eo '^0x[0-9a-fA-F,x]*' | sed 's/^0x//')
+
+      local cur_session=$(echo "${session_list}" | sed 's/^.*0x//')
+
+      local session_var="0x${session_list}"
+
+      if [ "${#cur_session}" -eq 8 ]
+      then
+        cur_session=""
+        session_var="${session_var},0x"
+      fi
+
+      if [ "${#cur_session}" -lt 8 ]
+      then
+        session_var="${session_var}0 ${session_var}1 ${session_var}2 ${session_var}3 ${session_var}4
+                     ${session_var}5 ${session_var}6 ${session_var}7 ${session_var}8 ${session_var}9
+                     ${session_var}a ${session_var}b ${session_var}c ${session_var}d ${session_var}e
+                     ${session_var}f"
+      fi
+
+      COMPREPLY=($(compgen -W "${session_var}" -- ${cur}))
+
       return 0
       ;;
 

diff --git a/include/brain.h b/include/brain.h
@@ -0,0 +1,242 @@
+/**
+ * Author......: See docs/credits.txt
+ * License.....: MIT
+ */
+
+#ifndef _BRAIN_H
+#define _BRAIN_H
+
+#include <stdio.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <errno.h>
+#include <dirent.h>
+#include <search.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#if defined (_WIN)
+#define _WINNT_WIN32 0x0601
+#include <ws2tcpip.h>
+#include <winsock2.h>
+#include <wincrypt.h>
+#define SEND_FLAGS 0
+#else
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <signal.h>
+#define SEND_FLAGS MSG_NOSIGNAL
+#endif
+
+#include "xxhash.h"
+
+static const int BRAIN_CLIENT_CONNECT_TIMEOUT     = 5;
+static const int BRAIN_SERVER_DUMP_EVERY          = 5 * 60;
+static const int BRAIN_SERVER_SESSIONS_MAX        = 64;
+static const int BRAIN_SERVER_ATTACKS_MAX         = 64 * 1024;
+static const int BRAIN_SERVER_CLIENTS_MAX         = 256;
+static const int BRAIN_SERVER_REALLOC_HASH_SIZE   = 1024 * 1024;
+static const int BRAIN_SERVER_REALLOC_ATTACK_SIZE = 1024;
+static const int BRAIN_HASH_SIZE                  = 2 * sizeof (u32);
+static const int BRAIN_LINK_VERSION_CUR           = 1;
+static const int BRAIN_LINK_VERSION_MIN           = 1;
+static const int BRAIN_LINK_CHUNK_SIZE            = 4 * 1024;
+static const int BRAIN_LINK_CANDIDATES_MAX        = 128 * 1024 * 256; // units * threads * accel
+
+typedef enum brain_operation
+{
+  BRAIN_OPERATION_COMMIT         = 1,
+  BRAIN_OPERATION_HASH_LOOKUP    = 2,
+  BRAIN_OPERATION_ATTACK_RESERVE = 3,
+
+} brain_operation_t;
+
+typedef enum brain_client_feature
+{
+  BRAIN_CLIENT_FEATURE_HASHES    = 1,
+  BRAIN_CLIENT_FEATURE_ATTACKS   = 2,
+
+} brain_client_feature_t;
+
+typedef struct brain_server_attack_long
+{
+  u64 offset;
+  u64 length;
+
+} brain_server_attack_long_t;
+
+typedef struct brain_server_attack_short
+{
+  u64 offset;
+  u64 length;
+
+  int client_fd;
+
+} brain_server_attack_short_t;
+
+typedef struct brain_server_hash_long
+{
+  u32 hash[2];
+
+} brain_server_hash_long_t;
+
+typedef struct brain_server_hash_short
+{
+  u32 hash[2];
+
+} brain_server_hash_short_t;
+
+typedef struct brain_server_hash_unique
+{
+  u32 hash[2];
+
+  i64 hash_idx;
+
+} brain_server_hash_unique_t;
+
+typedef struct brain_server_db_attack
+{
+  u32 brain_attack;
+
+  brain_server_attack_short_t *short_buf;
+
+  i64 short_alloc;
+  i64 short_cnt;
+
+  brain_server_attack_long_t *long_buf;
+
+  i64 long_alloc;
+  i64 long_cnt;
+
+  int ab;
+
+  hc_thread_mutex_t mux_ar;
+  hc_thread_mutex_t mux_ag;
+
+  bool write_attacks;
+
+} brain_server_db_attack_t;
+
+typedef struct brain_server_db_hash
+{
+  u32 brain_session;
+
+  brain_server_hash_long_t *long_buf;
+
+  i64 long_alloc;
+  i64 long_cnt;
+
+  int hb;
+
+  hc_thread_mutex_t mux_hr;
+  hc_thread_mutex_t mux_hg;
+
+  bool write_hashes;
+
+} brain_server_db_hash_t;
+
+typedef struct brain_server_db_short
+{
+  brain_server_hash_short_t *short_buf;
+
+  i64 short_cnt;
+
+} brain_server_db_short_t;
+
+typedef struct brain_server_dbs
+{
+  // required for cyclic dump
+
+  hc_thread_mutex_t mux_dbs;
+
+  brain_server_db_hash_t   *hash_buf;
+  brain_server_db_attack_t *attack_buf;
+
+  int hash_cnt;
+  int attack_cnt;
+
+} brain_server_dbs_t;
+
+typedef struct brain_server_dumper_options
+{
+  brain_server_dbs_t *brain_server_dbs;
+
+} brain_server_dumper_options_t;
+
+typedef struct brain_server_client_options
+{
+  brain_server_dbs_t *brain_server_dbs;
+
+  int client_fd;
+
+  char *auth_password;
+
+  u32 *session_whitelist_buf;
+  int  session_whitelist_cnt;
+
+} brain_server_client_options_t;
+
+int   brain_logging                     (FILE *stream, const int client_fd, const char *format, ...);
+
+u32   brain_compute_session             (hashcat_ctx_t *hashcat_ctx);
+u32   brain_compute_attack              (hashcat_ctx_t *hashcat_ctx);
+u64   brain_compute_attack_wordlist     (const char *filename);
+
+u32   brain_auth_challenge              (void);
+u64   brain_auth_hash                   (const u32 challenge, const char *pw_buf, const int pw_len);
+
+int   brain_connect                     (int sockfd, const struct sockaddr *addr, socklen_t addrlen, const int timeout);
+bool  brain_recv                        (int sockfd, void *buf, size_t len, int flags, hc_device_param_t *device_param, const status_ctx_t *status_ctx);
+bool  brain_send                        (int sockfd, void *buf, size_t len, int flags, hc_device_param_t *device_param, const status_ctx_t *status_ctx);
+bool  brain_recv_all                    (int sockfd, void *buf, size_t len, int flags, hc_device_param_t *device_param, const status_ctx_t *status_ctx);
+bool  brain_send_all                    (int sockfd, void *buf, size_t len, int flags, hc_device_param_t *device_param, const status_ctx_t *status_ctx);
+
+bool  brain_client_reserve              (hc_device_param_t *device_param, const status_ctx_t *status_ctx, u64 words_off, u64 work, u64 *overlap);
+bool  brain_client_commit               (hc_device_param_t *device_param, const status_ctx_t *status_ctx);
+bool  brain_client_lookup               (hc_device_param_t *device_param, const status_ctx_t *status_ctx);
+bool  brain_client_connect              (hc_device_param_t *device_param, const status_ctx_t *status_ctx, const char *host, const int port, const char *password, u32 brain_session, u32 brain_attack, i64 passwords_max, u64 *highest);
+void  brain_client_disconnect           (hc_device_param_t *device_param);
+void  brain_client_generate_hash        (u64 *hash, const char *line_buf, const size_t line_len);
+
+int   brain_server                      (const char *listen_host, const int listen_port, const char *brain_password, const char *brain_session_whitelist);
+bool  brain_server_read_hash_dumps      (brain_server_dbs_t *brain_server_dbs, const char *path);
+bool  brain_server_write_hash_dumps     (brain_server_dbs_t *brain_server_dbs, const char *path);
+bool  brain_server_read_hash_dump       (brain_server_db_hash_t *brain_server_db_hash, const char *file);
+bool  brain_server_write_hash_dump      (brain_server_db_hash_t *brain_server_db_hash, const char *file);
+bool  brain_server_read_attack_dumps    (brain_server_dbs_t *brain_server_dbs, const char *path);
+bool  brain_server_write_attack_dumps   (brain_server_dbs_t *brain_server_dbs, const char *path);
+bool  brain_server_read_attack_dump     (brain_server_db_attack_t *brain_server_db_attack, const char *file);
+bool  brain_server_write_attack_dump    (brain_server_db_attack_t *brain_server_db_attack, const char *file);
+
+u64   brain_server_highest_attack       (const brain_server_db_attack_t *buf);
+u64   brain_server_highest_attack_long  (const brain_server_attack_long_t  *buf, const i64 cnt, const u64 start);
+u64   brain_server_highest_attack_short (const brain_server_attack_short_t *buf, const i64 cnt, const u64 start);
+u64   brain_server_find_attack_long     (const brain_server_attack_long_t  *buf, const i64 cnt, const u64 offset, const u64 length);
+u64   brain_server_find_attack_short    (const brain_server_attack_short_t *buf, const i64 cnt, const u64 offset, const u64 length);
+i64   brain_server_find_hash_long       (const u32 *search, const brain_server_hash_long_t  *buf, const i64 cnt);
+i64   brain_server_find_hash_short      (const u32 *search, const brain_server_hash_short_t *buf, const i64 cnt);
+int   brain_server_sort_db_hash         (const void *v1, const void *v2);
+int   brain_server_sort_db_attack       (const void *v1, const void *v2);
+int   brain_server_sort_attack_long     (const void *v1, const void *v2);
+int   brain_server_sort_attack_short    (const void *v1, const void *v2);
+int   brain_server_sort_hash            (const void *v1, const void *v2);
+int   brain_server_sort_hash_long       (const void *v1, const void *v2);
+int   brain_server_sort_hash_short      (const void *v1, const void *v2);
+int   brain_server_sort_hash_unique     (const void *v1, const void *v2);
+void  brain_server_handle_signal        (int signo);
+void *brain_server_handle_client        (void *p);
+void *brain_server_handle_dumps         (void *p);
+void  brain_server_db_hash_init         (brain_server_db_hash_t *brain_server_db_hash, const u32 brain_session);
+bool  brain_server_db_hash_realloc      (brain_server_db_hash_t *brain_server_db_hash, const i64 new_long_cnt);
+void  brain_server_db_hash_free         (brain_server_db_hash_t *brain_server_db_hash);
+void  brain_server_db_attack_init       (brain_server_db_attack_t *brain_server_db_attack, const u32 brain_attack);
+bool  brain_server_db_attack_realloc    (brain_server_db_attack_t *brain_server_db_attack, const i64 new_long_cnt, const i64 new_short_cnt);
+void  brain_server_db_attack_free       (brain_server_db_attack_t *brain_server_db_attack);
+
+#endif // _BRAIN_H
diff --git a/include/dispatch.h b/include/dispatch.h
@@ -6,6 +6,22 @@
 #ifndef _DISPATCH_H
 #define _DISPATCH_H
 
+#ifdef WITH_BRAIN
+#if defined (_WIN)
+#include <winsock.h>
+#define SEND_FLAGS 0
+#endif
+
+#if defined (__linux__)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <arpa/inet.h>
+#define SEND_FLAGS MSG_NOSIGNAL
+#endif
+#endif
+
 HC_API_CALL void *thread_calc_stdin (void *p);
 HC_API_CALL void *thread_calc (void *p);
 

diff --git a/include/status.h b/include/status.h
@@ -85,6 +85,16 @@ int         status_get_innerloop_pos_dev              (const hashcat_ctx_t *hash
 int         status_get_innerloop_left_dev             (const hashcat_ctx_t *hashcat_ctx, const int device_id);
 int         status_get_iteration_pos_dev              (const hashcat_ctx_t *hashcat_ctx, const int device_id);
 int         status_get_iteration_left_dev             (const hashcat_ctx_t *hashcat_ctx, const int device_id);
+#ifdef WITH_BRAIN
+int         status_get_brain_session                  (const hashcat_ctx_t *hashcat_ctx);
+int         status_get_brain_attack                   (const hashcat_ctx_t *hashcat_ctx);
+int         status_get_brain_link_client_id_dev       (const hashcat_ctx_t *hashcat_ctx, const int device_id);
+int         status_get_brain_link_status_dev          (const hashcat_ctx_t *hashcat_ctx, const int device_id);
+char       *status_get_brain_link_recv_bytes_dev      (const hashcat_ctx_t *hashcat_ctx, const int device_id);
+char       *status_get_brain_link_send_bytes_dev      (const hashcat_ctx_t *hashcat_ctx, const int device_id);
+char       *status_get_brain_link_recv_bytes_sec_dev  (const hashcat_ctx_t *hashcat_ctx, const int device_id);
+char       *status_get_brain_link_send_bytes_sec_dev  (const hashcat_ctx_t *hashcat_ctx, const int device_id);
+#endif
 char       *status_get_hwmon_dev                      (const hashcat_ctx_t *hashcat_ctx, const int device_id);
 int         status_get_corespeed_dev                  (const hashcat_ctx_t *hashcat_ctx, const int device_id);
 int         status_get_memoryspeed_dev                (const hashcat_ctx_t *hashcat_ctx, const int device_id);