blackhole: added sha1_process variants

some of blackhole in action:

. removing old hashfile
. counting records in database
. listing computed pmk grepping the correct one
. exporting to a new cowpatty_hashfile
. run cowpatty attack over test libpcap capture file

cutted out cl computation, I've implemented a different vectorized sha1_process (I've two now).
results of this variant are poorly the same as first one on a 8400GS (need to check on the spus: they're the vector units).
this one needs more _private space to compute (need to stage some on _local), but I can set a larger NDRange.
thinking to write something about on Google Docs (need time).
good computation, good output.

"This is not hacking, it's crypto!"

I've wrote a single program called blackhole, it:
. Stores words,
. Computes pmk against an essid,
. Stores back results into a simple sqlite database,
. Exports computed pmks to a compatty hashfile to perform the attack later with aircrack-ng or cowpatty.

And here everybody'll say: "So why you should use this? Just use pyrit!"
Pyrit is NOT optimized to run on the Cell/BE , I'm doing this to improve the speed of computing pmks with all 7 Spe in a PS3.

Just to let you know that I'm back to work over the OpenCL code now!
I'm thinking to elaborate some of my idea, writing down to let you, interested reader, understand and maybe found better solutions;
Was Feb this year when I've got some speed improvements without knowing C, how can do the job without C basis?
Months spended reading and learning a lot of stuff, sources of aircrack-ng, stuff as genpmk.c, sha1-sse2.S, pyrit, threading, the sqlite library...
This is the power of open source, I was able to realize something I've in my mind, for free!
Don't miss my next new video "blackhole's evidence".

What's up next?

Busy at the moment, but let me know you out there what's going on:
bruteforge will be updated adding the 'Shifted variant' mode set, Niclas already knows what it does!
blackhole is importing, computing pmk and exporting to cowpatty fie as pyrit/airolib-ng/genpmk does!
About computing, I'm using the CPU in one single thread; about exporting, results are the same: diff tells me that: binary files are identical!
Now I've to implement the OpenCL code, my vectorized one(!); I can skip the stock pyrit cl implementation now, I've got error checking with SSE2 or quering blackhole_sqlite database also!
Time to give power to the Cell, targeting my 'too long time idle' 7 SPU!

What (da fuck) I'm doing now?!

bruteforge does words, where store those? I'm writing blackhole.
blackhole is a database engine with import/export capability to/from an sqlite database, the third piece of code does pmk computation via OpenCL (I'm targeting the PS3 on all 7 SPE!), an optional fourth piece will export to a cowpatty table to externally perform the attack.
All is written in C, linking gmp, sqlite, openssl; OpenSSL? Yes, blackhole starts doing pmk hash using the CPU with SSE2, I'm using for my tests the SHA-1 SSE2 implementation (C) 2008 by Alvaro Salmador, (easy, I'm not spreading anything, same code was implemented in pyrit too...)
I've melt that code to get result checking, was a new stuff, as sqlite. Many useful thing to know, as ever.

So what? One single thread export from sqlite db, compute pmk and store back result into sqlite db doing a little more of 500 pmk/s.
Sounds good, now I'm thinking how store the pmk: a uchar[32], or better: 8 uint32, 32byte, let me better explain:
After doing the math the result is 8 uint32, 8*4byte = 32byte, by the way the hash output is obtained by reading as uchar (byte after byte) the same 32byte, so simply I'm thinking to store those 8 uint32 into 8 sqlite coloums, in this way sqlite will stores max 64byte per record using INTEGER type.
The fouth piece will then read computed INTEGER results with atoi(), stores into a 32byte before get written to a cowpatty table.
Why? uchar[32] can be full of NULL and friend... How to store an uchar[32] into sqlite coloumn using BLOB type?
Storing as hexadecimal string will be the same (64byte per record), but every uchar must be hexcoded importing and then hexdecoded while exported...
Storing as binary? New stuff to learn, anyone can point examples?

bruteforge 0.6r18, here comes a new rule!

my friend don't want more than N couple of same char in word, ex:
Valid:
02AE7AABF97
2BEFFA29151
Not valid:
00EE7ABBF97
we can now append -c 1 to let bruteforge compose with max 1 couple.
grab the latest binary here.

1UP

Base system is less than 800M, I've got one more spu.
In meantime I've wrote another tool to interface with bruteforge, more to come.

missing ln -s

upgrading to IBM OpenCL Development Kit for Linux on Power 0.3, restarting F12 troubles...
Specs says tested on:
Red Hat Enterprise Linux 5.5, 5.6 and 6.0;
SUSE® Linux Enterprise Server 11 SP 1;
I test Fedora12, ppc ends at 12.

Install logs tells you that all went fine, but xlcl start script fails!
To update succesfully invoke this missing parts:
cd /opt/ibmcmp/xlc/opencl/0.3/etc/
ln -s xlc.cfg.rhel.gcc444 xlc.cfg.rhel12.gcc444
ln -s /usr/lib/libIBMOpenCL.so /usr/lib/libOpenCL.so

A voice in a loop: "... upgrade, patch your firmware, free another spe, unlock all... "!

pmk, dissected

As seen, pyrit opencl does about 1200... i've wroted a kernel that grab data as seen here to get processed by kernel as uint4 vectors, theorically this should does x4, and it does!
What's the big news? Output data are verified with tested vectors against 8192 sha1 rounds, or better;
First 20 of 32 byte of pmk are good with mine implementation, I've now enough C/OpenCL basis to target the differents cl address spaces provided, made use of _local and async_worg_group_copy and maybe redesign the algo to do 20+12 in the same time!
I've gotta go now, this fucking work...

pause, read, start

Open the door to gameos means that some developers will start to know the Cell/BE and its architecture, we all know its potentials.
Of curse, we are seeking the return of linux, with one more spu for us.
Now that I've gain some C basis and finally nvidia-toolkit 3.2 can compile fine (the stock pyrit opencl kernel back to run on my cl_developing mobile 8400gs, I can't develop on PS3 only everytime) I'm back focusing to improve performance of OpenCL implementation of PMK hash on the Cell/BE, existing implementation computes 1200 pmk/s;
Correctly improve that is possible, we have tools.

Some stuff
WPA password cracking
fedora12-ps3 setup
Cell Architecture Explained
Hints from IBM forum
CUDA/OpenCL differences
OpenCL implementation of Sha1 hashing algo