GNU bug report logs -
#57187
[PATCH] Update hashcat to 6.2.5
Previous Next
Reported by: Hendursaga <hendursaga <at> aol.com>
Date: Sat, 13 Aug 2022 21:44:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 57187 in the body.
You can then email your comments to 57187 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sat, 13 Aug 2022 21:44:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Hendursaga <hendursaga <at> aol.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Sat, 13 Aug 2022 21:44:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello Guixers!
Attached you will find my first patch submitted here in awhile! I'm hoping I've followed the guidelines, they haven't really changed much that I can see. Also, if I incorrectly attached the file, do tell, as I'm on a new (Emacs + notmuch) email workflow!
Unfortunately, I wasn't able to get hashcat to build reproducibly, and I'm not sure why, but 1) the 6.1.1 version wasn't reproducible, and 2) it's literally just a few bytes.
$ guix challenge hashcat
/gnu/store/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1 contents differ:
no local build for '/gnu/store/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1'
https://ci.guix.gnu.org/nar/lzip/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1: 0bwc2zx3d15l6asa4hc1p70h9264q6mfyswfmj4ay1c9njlb9s19
https://bordeaux.guix.gnu.org/nar/lzip/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1: 10q84qw6ihc0cp7d0fnfpr4bl0rsf01s6nvmgiqh6p152a0lqzfv
differing file:
/bin/hashcat
$ diffoscope /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5 /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check
--- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5
+++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check
│ --- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5/bin
├── +++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check/bin
│ │ --- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5/bin/hashcat
│ ├── +++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check/bin/hashcat
│ │ ├── objdump --line-numbers --disassemble --demangle --reloc --no-show-raw-insn --section=.text {}
│ │ │ @@ -66,15 +66,15 @@
│ │ │ jne 403acd <getpwuid_r <at> plt+0x18d>
│ │ │ mov $0x4f5071,%esi
│ │ │ mov %r14,%rdi
│ │ │ call 423400 <getpwuid_r <at> plt+0x1fac0>
│ │ │ mov %rbx,%r8
│ │ │ mov %r13d,%ecx
│ │ │ mov $0x4f4e40,%edx
│ │ │ + mov $0x62f800f1,%r9d
│ │ │ - mov $0x62f6b8f8,%r9d
│ │ │ mov $0x4f4e88,%esi
│ │ │ mov %r14,%rdi
│ │ │ call 405f90 <getpwuid_r <at> plt+0x2650>
│ │ │ mov %eax,%r12d
│ │ │ test %eax,%eax
│ │ │ je 403aaa <getpwuid_r <at> plt+0x16a>
│ │ │ or $0xffffffff,%r12d
Hope this helps!
--
Hendursaga
[0001-gnu-hashcat-Update-to-6.2.5.patch (text/x-diff, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sat, 13 Aug 2022 22:10:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 57187 <at> debbugs.gnu.org (full text, mbox):
On Sat Aug 13, 2022 at 9:43 PM BST, Hendursaga via Guix-patches via wrote:
> Also, if I incorrectly attached the file, do tell, as I'm on a new (Emacs + notmuch) email workflow!
Although I'm not sure whether it's explicitly better practise, I usually
use `git send-email` to embed patches directly in a set of emails, instead
of using attachments.
Re reproducibility: The fact that it's the same large number but slightly
larger seems to suggest that they might be embedding timestamps, so I tried
grepping around in the hashcat source, but couldn't find anything like
__DATE__ or __TIME__.
-- (
Information forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sat, 13 Aug 2022 23:25:01 GMT)
Full text and
rfc822 format available.
Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hendursaga via Guix-patches via 写道:
> │ │ │ + mov $0x62f800f1,%r9d
> │ │ │ - mov $0x62f6b8f8,%r9d
Definitely a timestamp:
λ date -d @1660420337
Sat 13 Aug 2022 21:52:17 CEST
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sat, 13 Aug 2022 23:25:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sun, 14 Aug 2022 02:15:02 GMT)
Full text and
rfc822 format available.
Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):
> Definitely a timestamp:
>
> λ date -d @1660420337
> Sat 13 Aug 2022 21:52:17 CEST
Figured as much!
Given the above disassembly, there is only one direct reference to getpwuid_r in the codebase[1] and I'm not sure how that would affect reproducibility. Anyone else have any ideas? Should I report this upstream, perhaps?
Hendursaga
[1] https://github.com/hashcat/hashcat/blob/v6.2.5/src/folder.c#L384
Information forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sun, 14 Aug 2022 02:15:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Fri, 02 Sep 2022 15:15:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Hendursaga <hendursaga <at> aol.com>:
bug acknowledged by developer.
(Fri, 02 Sep 2022 15:15:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 57187-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Hendursaga <hendursaga <at> aol.com> skribis:
> Unfortunately, I wasn't able to get hashcat to build reproducibly, and I'm not sure why, but 1) the 6.1.1 version wasn't reproducible, and 2) it's literally just a few bytes.
Since this is not a regression, I went ahead and applied it.
However, it’d be nice to address it of course. But first, I think we
should remove the bundled OpenCL headers as well as zlib. Could you
give it a try?
Thanks,
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sat, 03 Sep 2022 11:27:01 GMT)
Full text and
rfc822 format available.
Message #28 received at 57187 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
I think I might have found the reproducibility problem:
src/Makefile has a line
> ./src/Makefile:COMPTIME := $(shell date +%s)
and
./src/Makefile: $(CC) $(CFLAGS_NATIVE) $^ -o $@ $(HASHCAT_LIBRARY)
$(LFLAGS_NATIVE) -DCOMPTIME=$(COMPTIME) -DVERSION_TAG=\"$(VERSION_TAG)\"
-DINSTALL_FOLDER=\"$(INSTALL_FOLDER)\"
-DSHARED_FOLDER=\"$(SHARED_FOLDER)\"
-DDOCUMENT_FOLDER=\"$(DOCUMENT_FOLDER)\"
comptime seems to be only ever set, never actually used, so it should be
safe to replace it with 0. I'll try a patch.
[OpenPGP_0x49E3EE22191725EE.asc (application/pgp-keys, attachment)]
[OpenPGP_signature (application/pgp-signature, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sat, 03 Sep 2022 17:52:01 GMT)
Full text and
rfc822 format available.
Message #31 received at 57187 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 03-09-2022 13:26, Maxime Devos wrote:
> I think I might have found the reproducibility problem:
>
> src/Makefile has a line
>
>> ./src/Makefile:COMPTIME := $(shell date +%s)
> and
>
> ./src/Makefile: $(CC) $(CFLAGS_NATIVE) $^ -o $@
> $(HASHCAT_LIBRARY) $(LFLAGS_NATIVE) -DCOMPTIME=$(COMPTIME)
> -DVERSION_TAG=\"$(VERSION_TAG)\"
> -DINSTALL_FOLDER=\"$(INSTALL_FOLDER)\"
> -DSHARED_FOLDER=\"$(SHARED_FOLDER)\"
> -DDOCUMENT_FOLDER=\"$(DOCUMENT_FOLDER)\"
>
> comptime seems to be only ever set, never actually used, so it should
> be safe to replace it with 0. I'll try a patch.
See #57560
[OpenPGP_0x49E3EE22191725EE.asc (application/pgp-keys, attachment)]
[OpenPGP_signature (application/pgp-signature, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57187; Package
guix-patches.
(Sun, 04 Sep 2022 21:09:02 GMT)
Full text and
rfc822 format available.
Message #34 received at 57187-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Maxime Devos <maximedevos <at> telenet.be> skribis:
> X-Debbugs-CC: Hendursaga <hendursaga <at> aol.com>
> X-Debbugs-CC: ( <paren <at> disroot.org>
> X-Debbugs-CC: Tobias Geerinckx-Rice <me <at> tobias.gr>
> X-Debbugs-CC: Ludovic Courtès <ludo <at> gnu.org>
That didn’t work. :-)
> This patch series:
>
> * Removed bundled libraries, except for LZMA-SDK for which I didn't
> find a corresponding Guix package
> * Makes hashcat cross-compilable, at least from an x86_64-linux-gnu to
> an aarch64-linux-gnu
> * Removes the embedded build time timestamp reported in
> <https://guix.gnu.org/57187>.
Perfect! I’ve applied it all.
> My current working tree is a bit dirty, so there will be a small
> rebase conflict because of the 6.2.4->6.2.5 and a few imports will
> need to be moved to the top of the file.
Right, I had to fiddle quite a bit with the patches to get them to
apply.
Thanks!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 03 Oct 2022 11:24:18 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 199 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.