diff mbox series

[bug#57187] Update hashcat to 6.2.5

Message ID 87r11jswlt.fsf@aol.com
State Accepted
Headers show
Series [bug#57187] Update hashcat to 6.2.5 | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git-branch success View Git branch
cbaines/applying patch fail View Laminar job
cbaines/issue success View issue

Commit Message

Hendursaga Aug. 13, 2022, 8:43 p.m. UTC 
Hello Guixers!

Attached you will find my first patch submitted here in awhile! I'm hoping I've followed the guidelines, they haven't really changed much that I can see. Also, if I incorrectly attached the file, do tell, as I'm on a new (Emacs + notmuch) email workflow!

Unfortunately, I wasn't able to get hashcat to build reproducibly, and I'm not sure why, but 1) the 6.1.1 version wasn't reproducible, and 2) it's literally just a few bytes.

$ guix challenge hashcat
/gnu/store/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1 contents differ:
  no local build for '/gnu/store/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1'
  https://ci.guix.gnu.org/nar/lzip/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1: 0bwc2zx3d15l6asa4hc1p70h9264q6mfyswfmj4ay1c9njlb9s19
  https://bordeaux.guix.gnu.org/nar/lzip/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1: 10q84qw6ihc0cp7d0fnfpr4bl0rsf01s6nvmgiqh6p152a0lqzfv
  differing file:
    /bin/hashcat

$ diffoscope /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5 /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check
--- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5
+++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check
│   --- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5/bin
├── +++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check/bin
│ │   --- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5/bin/hashcat
│ ├── +++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check/bin/hashcat
│ │ ├── objdump --line-numbers --disassemble --demangle --reloc --no-show-raw-insn --section=.text {}
│ │ │ @@ -66,15 +66,15 @@
│ │ │   jne    403acd <getpwuid_r@plt+0x18d>
│ │ │   mov    $0x4f5071,%esi
│ │ │   mov    %r14,%rdi
│ │ │   call   423400 <getpwuid_r@plt+0x1fac0>
│ │ │   mov    %rbx,%r8
│ │ │   mov    %r13d,%ecx
│ │ │   mov    $0x4f4e40,%edx
│ │ │ + mov    $0x62f800f1,%r9d
│ │ │ - mov    $0x62f6b8f8,%r9d
│ │ │   mov    $0x4f4e88,%esi
│ │ │   mov    %r14,%rdi
│ │ │   call   405f90 <getpwuid_r@plt+0x2650>
│ │ │   mov    %eax,%r12d
│ │ │   test   %eax,%eax
│ │ │   je     403aaa <getpwuid_r@plt+0x16a>
│ │ │   or     $0xffffffff,%r12d

Hope this helps!

--
Hendursaga

Comments

\( Aug. 13, 2022, 10:09 p.m. UTC | #1 
On Sat Aug 13, 2022 at 9:43 PM BST, Hendursaga via Guix-patches via wrote:
> Also, if I incorrectly attached the file, do tell, as I'm on a new (Emacs + notmuch) email workflow!

Although I'm not sure whether it's explicitly better practise, I usually
use `git send-email` to embed patches directly in a set of emails, instead
of using attachments.

Re reproducibility: The fact that it's the same large number but slightly
larger seems to suggest that they might be embedding timestamps, so I tried
grepping around in the hashcat source, but couldn't find anything like
__DATE__ or __TIME__.

    -- (
Tobias Geerinckx-Rice Aug. 13, 2022, 11:22 p.m. UTC | #2 
Hendursaga via Guix-patches via 写道:
> │ │ │ + mov    $0x62f800f1,%r9d
> │ │ │ - mov    $0x62f6b8f8,%r9d

Definitely a timestamp:

   λ date -d @1660420337
   Sat 13 Aug 2022 21:52:17 CEST

Kind regards,

T G-R
Hendursaga Aug. 14, 2022, 2:13 a.m. UTC | #3 
> Definitely a timestamp:
>
>    λ date -d @1660420337
>    Sat 13 Aug 2022 21:52:17 CEST

Figured as much!

Given the above disassembly, there is only one direct reference to getpwuid_r in the codebase[1] and I'm not sure how that would affect reproducibility. Anyone else have any ideas? Should I report this upstream, perhaps?

Hendursaga

[1] https://github.com/hashcat/hashcat/blob/v6.2.5/src/folder.c#L384
Ludovic Courtès Sept. 2, 2022, 3:14 p.m. UTC | #4 
Hi,

Hendursaga <hendursaga@aol.com> skribis:

> Unfortunately, I wasn't able to get hashcat to build reproducibly, and I'm not sure why, but 1) the 6.1.1 version wasn't reproducible, and 2) it's literally just a few bytes.

Since this is not a regression, I went ahead and applied it.

However, it’d be nice to address it of course.  But first, I think we
should remove the bundled OpenCL headers as well as zlib.  Could you
give it a try?

Thanks,
Ludo’.
M Sept. 3, 2022, 11:26 a.m. UTC | #5 
I think I might have found the reproducibility problem:

src/Makefile has a line

> ./src/Makefile:COMPTIME                := $(shell date +%s)
and

./src/Makefile:    $(CC)    $(CFLAGS_NATIVE) $^ -o $@ $(HASHCAT_LIBRARY) 
$(LFLAGS_NATIVE) -DCOMPTIME=$(COMPTIME) -DVERSION_TAG=\"$(VERSION_TAG)\" 
-DINSTALL_FOLDER=\"$(INSTALL_FOLDER)\" 
-DSHARED_FOLDER=\"$(SHARED_FOLDER)\" 
-DDOCUMENT_FOLDER=\"$(DOCUMENT_FOLDER)\"

comptime seems to be only ever set, never actually used, so it should be 
safe to replace it with 0. I'll try a patch.
M Sept. 3, 2022, 5:51 p.m. UTC | #6 
On 03-09-2022 13:26, Maxime Devos wrote:
> I think I might have found the reproducibility problem:
>
> src/Makefile has a line
>
>> ./src/Makefile:COMPTIME                := $(shell date +%s)
> and
>
> ./src/Makefile:    $(CC)    $(CFLAGS_NATIVE) $^ -o $@ 
> $(HASHCAT_LIBRARY) $(LFLAGS_NATIVE) -DCOMPTIME=$(COMPTIME) 
> -DVERSION_TAG=\"$(VERSION_TAG)\" 
> -DINSTALL_FOLDER=\"$(INSTALL_FOLDER)\" 
> -DSHARED_FOLDER=\"$(SHARED_FOLDER)\" 
> -DDOCUMENT_FOLDER=\"$(DOCUMENT_FOLDER)\"
>
> comptime seems to be only ever set, never actually used, so it should 
> be safe to replace it with 0. I'll try a patch.
See #57560
diff mbox series

Patch

From b005778b47f6e2a6e10435ee2fc9b648c5bde622 Mon Sep 17 00:00:00 2001
From: Hendursaga <hendursaga@aol.com>
Date: Sat, 13 Aug 2022 16:12:12 -0400
Subject: [PATCH] gnu: hashcat: Update to 6.2.5.

* gnu/packages/password-utils.scm (hashcat): Update to 6.2.5.
---
 gnu/packages/password-utils.scm | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index 0069fdd74c..e8c3feaeba 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -1112,27 +1112,25 @@  (define-public pass-rotate
 (define-public hashcat
   (package
     (name "hashcat")
-    (version "6.1.1")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "https://hashcat.net/files/hashcat-"
-                           version ".tar.gz"))
-       (sha256
-        (base32
-         "104z63m7lqbb0sdrxhf9yi15l4a9zwf9m6zs9dbb3gf0nfxl1h9r"))))
-    (native-inputs
-     (list opencl-headers))
+    (version "6.2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://hashcat.net/files/hashcat-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "0sc96xcsc20xd4fyby3i45nm9as3hl4nhk9snkvmk5l9mpbrjs3g"))))
+    (native-inputs (list opencl-headers))
     (build-system gnu-build-system)
     (arguments
-     '(#:tests? #f                      ;no tests
+     '(#:tests? #f ;no tests
        #:make-flags (list (string-append "PREFIX=" %output))
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure))))
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure))))
     (home-page "https://hashcat.net/hashcat/")
     (synopsis "Advanced password recovery utility")
-    (description "Hashcat is an password recovery utility, supporting five
+    (description
+     "Hashcat is an password recovery utility, supporting five
 unique modes of attack for over 200 highly-optimized hashing algorithms.
 Hashcat currently supports CPUs, GPUs, and other hardware accelerators on
 Linux, Windows, and macOS, and has facilities to help enable distributed
-- 
2.37.1