john icon indicating copy to clipboard operation
john copied to clipboard
verified publisher icon openwall

Update hashcat mode rules for character class support

Open solardiz opened this issue 1 year ago • 6 comments

Once https://github.com/hashcat/hashcat/pull/4107 is merged, we'll need to enable our class support in the purge command also in hashcat mode. It is currently disabled with the check here:

#define CLASS_export_pos(start, true, false) { \
        char value, *class; \
        if (((value = RULE) == '?') && !hc_logic) { \

This may be a bit complicated because:

  1. It looks like hashcat is currently only adding class support to this one command, whereas we use the same macro for many commands.
  2. hashcat will likely add exceptions where @? followed by some characters found in existing rulesets is treated the same as @??. We'll likely want to mimic those exceptions when in hashcat mode (or we'll need to update our copies of hashcat style rulesets to use @?? where appropriate - it's just 3 places).

solardiz avatar Nov 02 '24 03:11 solardiz

The referenced hashcat pull request has changed a lot since I posted the original description of this issue. It isn't yet clear what will actually go into hashcat, and thus what changes we need to make here, but now it looks likely that hashcat will implement character classes not only for the purge command, but for most or all commands where we support character classes.

solardiz avatar Nov 02 '24 23:11 solardiz

The hashcat PR referenced here got merged 2 weeks ago, and a new hashcat release was made today. So we need to review what actually got into hashcat and adapt our "hashcat logic" accordingly. cc: @matrix

solardiz avatar Aug 02 '25 01:08 solardiz

A number of other rules have been added to hashcat in the meantime: h, H, S, B, v.

fukc-gihtub avatar Nov 20 '25 06:11 fukc-gihtub

A number of other rules have been added to hashcat in the meantime: h, H, S, B, v.

Did they add others back in August or were those the ones?

Here's what they do:

Hashcat Description Comment JtR (clash or not)
h convert the entire password to lowercase hex I assume it means hello -> 68656c6c6f free
H convert the entire password to uppercase hex  free
S shift the case of each char, JtR-like Like it says, we have this.
B add byte value of X at pos N, bytewise. ex: hello0 -> hello` BNX free
v insert char X every N chars vNX vVNM: "update l (length), then subtract M from N and assign to variable V"

magnumripper avatar Nov 21 '25 02:11 magnumripper

BNX and vNX.

fukc-gihtub avatar Nov 21 '25 03:11 fukc-gihtub

Thanks @fukc-gihtub and @magnumripper. I don't understand this description of B, but anyway I think we should open a separate issue for these additions. This issue is to figure out what happened to character class support and mimic that.

solardiz avatar Nov 21 '25 03:11 solardiz