IGHASHGPU v0.90

Copyright (C) 2009-2010 Ivan Golubev, http://golubev.com

Read notes about v0.90 at my blog first if you're curious why ATI version is so limited now.

Description

This software using ATI RV 7X0/8X0 and nVidia "CUDA" video cards to brute-force MD4, MD5 & SHA1 hashes. Speed depends on GPU,

ATI HD5870:
~3650M/s single MD5
~1360M/s single SHA1

ATI HD4770:
~1075M/s single MD5
~350M/s single SHA1

nVidia GTS250:
~570M single MD5
~175M single SHA1

As ighashgpu supports salted hashes it's possible to use it for:

Supported GPUs

Only supported ATI cards are: HD RV7X0 and RV830/870. Which means -- 4550, 4670, 4830, 4730, 4770, 4850, 4870, 4890, 5750, 5770, 5850, 5870, 5970.

Catalyst 9.9+ must be installed. Catalyst 10.2/10.3 recommended.
Catalysts 10.4-10.6 and 5970 are incompatible.
Catalyst 10.7 not heavily tested but looks like working.

Only supported nVidia cards are: the ones with CUDA support, i.e. G80+.

Systems with multiple GPUs supported.

Current status

No major updates are planned till 2011. Specifically there won't be any ($salt.$pass) schemes implemented in nearest future.

Usage

It is console application, so should be run from command line.

ighashgpu.exe [switch:param] [hashfile.txt]

hashfile.txt only used with unsalted MD5 and NTLM hashes. This file must contains plain MD4/MD5 hashes (32 HEX digits) in form username:hash or simply hash at each line. For example:

aaaa:74b87337454200d4d33f80c4663dc5e5
aaab:4c189b020ceb022e0ecc42482802e2b8
aaac:3963a2ba65ac8eb1c6e2140460031925
aaad:aa836f154f3bf01eed8df286a1fbb388

Switches

-c:csdepa Charset definition (caps, smalls (default), digits, special, space, all)
-u:[chars] User-defined characters
-uh:[HEX] User-defined characters in HEX (2 chars each)
-uhh:[HEX] User-defined characters in Unicode HEX (4 chars each)
-uf:[filename] Load characters from file. Not used with Unicode.

By default charset processed as ANSI one. (i.e. WideCharToMultiByte(CP_ACP, ...)) You can change this with:

-unicode Use unicode
-oem Use oem encoding
-codepage:[page] Convert charset to specific codepage (need to have it at system of course)

-sf:[password] Password to start attack from
-m:[mask] Password mask
-ms:[symbol] Mask symbol
-salt:[hex] Append salt after password
-asalt:[string] Append salt in ascii after password
-usalt:[string] Append salt in unicode after password
-ulsalt:[string] Same as above but unicode string firstly transformed to lower case
-min:[value] Minimum length (default == 4), must be >= 4
-max:[value] Maximum length (default == 6), must be <= 31 (not counting salt length)
-h:[hash] Hash to attack (16 or 20 bytes in HEX)
-t:[type] Type of hash to attack

-devicemask:[N] Bit mask for GPUs usage, bit 0 == first GPU (default 0xFF, i.e. all GPUs).

Special parameters (like " or /) can be passed by using single or double quotes:

-asalt:"h/X"
-asalt:'-"-'
-sf:"aa//bb"

-cpudontcare From v0.60 ighashgpu trying to use cpu as low as possible, however it can cause reduced GPU performance. This switch tells ighashgpu that we want maximum from GPU and so don't care about CPU usage at all (and it means one CPU core at 100% per one GPU).

-hm:[N] Set threshold temperature for hardware monitoring, default is 90C. You can disable monitoring by setting this value to zero.

-blocksize:[N] Set block size, by default N = 23 which means 2^23 = 8388608 passwords offloaded to GPU in a single batch. As GPU job cannot be interrupted the video system will freeze until all passwords processed. So, for example, with rate of 980M and block size = 23 it means that screen updates will freeze for about 8-9ms which is generally normal. While if speed is only around 100M it'll takes ~83ms and so screen cannot be updated more than 12 times per second and thus you'll notice video lags. If you want smooth video response you can lower block size (values 16..23 are supported) but of course it'll reduce performance of the program as well.

Most special switch is:
-fun which in fact is +fun! It's really important to have fun even if it costs two additional lines.

Brute-force attack examples

ighashgpu.exe -h:239361613fe5281d8efb90e7f8e0ceb0 -t:md5 -c:sd -m:????assw???1234
ighashgpu.exe /h:a2b7caddbc353bd7d7ace2067b8c4e34db2097a3 /t:sha1 /max:6
ighashgpu.exe /h:cbe1d6d5800ec1e03a5f2a64882a0d41 /t:md5 /c:sd /max:7
ighashgpu.exe /c:d /max:10 /h:e807f1fcf82d132f9bb018ca6738a19f /t:md5
ighashgpu.exe -h:47c8fb7775aec7a11e1d141bc26a5a33726e5d6e -t:mysql5 -c:sd -max:6

MSSQL can be processed as:

ighashgpu.exe -h:a72befac3e58eb24d559d9fe0045cfdf090782e2 -t:sha1 -unicode -max:6 -salt:e16bed51

NTLM hashes:

ighashgpu.exe -h:9D4518F84296B9CE26D02F229870D2D4 -t:md4 -c:a -unicode
ighashgpu.exe /h:252bb1fe4ecb040ebc8c78d2a1b89218 /t:md4 /c:sd /m:????00pa?? /unicode

vBulletin:

ighashgpu.exe -h:a4e5e1fd2cb7ae7d2961470ce50b966c -t:md5x2s -asalt:_~Y /max:7

Multihashing:

ighashgpu.exe /t:md5 /c:csd /max:6 test.md5
ighashgpu.exe /t:md4 /c:a /max:6 /unicode test.txt

Oracle 11g

ighashgpu.exe -c:sd -salt:01234567890123456789 -h:bedfe061a33474a9d403c809dd93a8cc79b46f74 -t:sha1
ighashgpu.exe -c:a -salt:02B03D5D74B6841CEA2E -h:D39F4CC16573323279E5E4E16D359D6C55DCC092 -t:sha1

IPB

ighashgpu.exe /t:ipb /h:a8b35664407b264c6de709705f0b1dd4 /asalt:"]#/R_" /c:s

Domain Cached Credentials, note the -ulsalt switch usage, not just -usalt.

ighashgpu.exe -t:dcc -ulsalt:DelPotro -h:89af0c6c397bc879d7206ea8a41a11bb -c:sc

Limitations

Known problems

Future plans

Acknowledgements

This software includes parts of LZMA SDK written by Igor Pavlov.

Thanks to Dalibor from hashcat forums for MD5's 3rd round optimization idea.

Contact info

Comments are welcome.

http://www.golubev.com
ighashgpu (?) golubev.com