unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#57187] [PATCH] Update hashcat to 6.2.5
       [not found] <87r11jswlt.fsf.ref@aol.com>
@ 2022-08-13 20:43 ` Hendursaga via Guix-patches via
  2022-08-13 22:09   ` ( via Guix-patches via
                     ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Hendursaga via Guix-patches via @ 2022-08-13 20:43 UTC (permalink / raw)
  To: 57187

[-- Attachment #1: Type: text/plain, Size: 2380 bytes --]

Hello Guixers!

Attached you will find my first patch submitted here in awhile! I'm hoping I've followed the guidelines, they haven't really changed much that I can see. Also, if I incorrectly attached the file, do tell, as I'm on a new (Emacs + notmuch) email workflow!

Unfortunately, I wasn't able to get hashcat to build reproducibly, and I'm not sure why, but 1) the 6.1.1 version wasn't reproducible, and 2) it's literally just a few bytes.

$ guix challenge hashcat
/gnu/store/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1 contents differ:
  no local build for '/gnu/store/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1'
  https://ci.guix.gnu.org/nar/lzip/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1: 0bwc2zx3d15l6asa4hc1p70h9264q6mfyswfmj4ay1c9njlb9s19
  https://bordeaux.guix.gnu.org/nar/lzip/d3piidwdm4l6i2hsppyzydslcdd1idkl-hashcat-6.1.1: 10q84qw6ihc0cp7d0fnfpr4bl0rsf01s6nvmgiqh6p152a0lqzfv
  differing file:
    /bin/hashcat

$ diffoscope /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5 /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check
--- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5
+++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check
│   --- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5/bin
├── +++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check/bin
│ │   --- /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5/bin/hashcat
│ ├── +++ /gnu/store/c5a5p5yisam7wjxclvpa6agrsyarzjv8-hashcat-6.2.5-check/bin/hashcat
│ │ ├── objdump --line-numbers --disassemble --demangle --reloc --no-show-raw-insn --section=.text {}
│ │ │ @@ -66,15 +66,15 @@
│ │ │   jne    403acd <getpwuid_r@plt+0x18d>
│ │ │   mov    $0x4f5071,%esi
│ │ │   mov    %r14,%rdi
│ │ │   call   423400 <getpwuid_r@plt+0x1fac0>
│ │ │   mov    %rbx,%r8
│ │ │   mov    %r13d,%ecx
│ │ │   mov    $0x4f4e40,%edx
│ │ │ + mov    $0x62f800f1,%r9d
│ │ │ - mov    $0x62f6b8f8,%r9d
│ │ │   mov    $0x4f4e88,%esi
│ │ │   mov    %r14,%rdi
│ │ │   call   405f90 <getpwuid_r@plt+0x2650>
│ │ │   mov    %eax,%r12d
│ │ │   test   %eax,%eax
│ │ │   je     403aaa <getpwuid_r@plt+0x16a>
│ │ │   or     $0xffffffff,%r12d

Hope this helps!

--
Hendursaga


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-hashcat-Update-to-6.2.5.patch --]
[-- Type: text/x-diff, Size: 2266 bytes --]

From b005778b47f6e2a6e10435ee2fc9b648c5bde622 Mon Sep 17 00:00:00 2001
From: Hendursaga <hendursaga@aol.com>
Date: Sat, 13 Aug 2022 16:12:12 -0400
Subject: [PATCH] gnu: hashcat: Update to 6.2.5.

* gnu/packages/password-utils.scm (hashcat): Update to 6.2.5.
---
 gnu/packages/password-utils.scm | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index 0069fdd74c..e8c3feaeba 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -1112,27 +1112,25 @@ (define-public pass-rotate
 (define-public hashcat
   (package
     (name "hashcat")
-    (version "6.1.1")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "https://hashcat.net/files/hashcat-"
-                           version ".tar.gz"))
-       (sha256
-        (base32
-         "104z63m7lqbb0sdrxhf9yi15l4a9zwf9m6zs9dbb3gf0nfxl1h9r"))))
-    (native-inputs
-     (list opencl-headers))
+    (version "6.2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://hashcat.net/files/hashcat-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "0sc96xcsc20xd4fyby3i45nm9as3hl4nhk9snkvmk5l9mpbrjs3g"))))
+    (native-inputs (list opencl-headers))
     (build-system gnu-build-system)
     (arguments
-     '(#:tests? #f                      ;no tests
+     '(#:tests? #f ;no tests
        #:make-flags (list (string-append "PREFIX=" %output))
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure))))
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure))))
     (home-page "https://hashcat.net/hashcat/")
     (synopsis "Advanced password recovery utility")
-    (description "Hashcat is an password recovery utility, supporting five
+    (description
+     "Hashcat is an password recovery utility, supporting five
 unique modes of attack for over 200 highly-optimized hashing algorithms.
 Hashcat currently supports CPUs, GPUs, and other hardware accelerators on
 Linux, Windows, and macOS, and has facilities to help enable distributed
-- 
2.37.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [bug#57187] [PATCH] Update hashcat to 6.2.5
  2022-08-13 20:43 ` [bug#57187] [PATCH] Update hashcat to 6.2.5 Hendursaga via Guix-patches via
@ 2022-08-13 22:09   ` ( via Guix-patches via
  2022-08-13 23:22   ` Tobias Geerinckx-Rice via Guix-patches via
                     ` (2 subsequent siblings)
  3 siblings, 0 replies; 7+ messages in thread
From: ( via Guix-patches via @ 2022-08-13 22:09 UTC (permalink / raw)
  To: Hendursaga, 57187

On Sat Aug 13, 2022 at 9:43 PM BST, Hendursaga via Guix-patches via wrote:
> Also, if I incorrectly attached the file, do tell, as I'm on a new (Emacs + notmuch) email workflow!

Although I'm not sure whether it's explicitly better practise, I usually
use `git send-email` to embed patches directly in a set of emails, instead
of using attachments.

Re reproducibility: The fact that it's the same large number but slightly
larger seems to suggest that they might be embedding timestamps, so I tried
grepping around in the hashcat source, but couldn't find anything like
__DATE__ or __TIME__.

    -- (




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#57187] [PATCH] Update hashcat to 6.2.5
  2022-08-13 20:43 ` [bug#57187] [PATCH] Update hashcat to 6.2.5 Hendursaga via Guix-patches via
  2022-08-13 22:09   ` ( via Guix-patches via
@ 2022-08-13 23:22   ` Tobias Geerinckx-Rice via Guix-patches via
  2022-08-14  2:13     ` Hendursaga via Guix-patches via
  2022-09-02 15:14   ` bug#57187: " Ludovic Courtès
  2022-09-03 11:26   ` [bug#57187] " Maxime Devos
  3 siblings, 1 reply; 7+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2022-08-13 23:22 UTC (permalink / raw)
  To: Hendursaga; +Cc: 57187

[-- Attachment #1: Type: text/plain, Size: 241 bytes --]

Hendursaga via Guix-patches via 写道:
> │ │ │ + mov    $0x62f800f1,%r9d
> │ │ │ - mov    $0x62f6b8f8,%r9d

Definitely a timestamp:

   λ date -d @1660420337
   Sat 13 Aug 2022 21:52:17 CEST

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#57187] [PATCH] Update hashcat to 6.2.5
  2022-08-13 23:22   ` Tobias Geerinckx-Rice via Guix-patches via
@ 2022-08-14  2:13     ` Hendursaga via Guix-patches via
  0 siblings, 0 replies; 7+ messages in thread
From: Hendursaga via Guix-patches via @ 2022-08-14  2:13 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 57187

> Definitely a timestamp:
>
>    λ date -d @1660420337
>    Sat 13 Aug 2022 21:52:17 CEST

Figured as much!

Given the above disassembly, there is only one direct reference to getpwuid_r in the codebase[1] and I'm not sure how that would affect reproducibility. Anyone else have any ideas? Should I report this upstream, perhaps?

Hendursaga

[1] https://github.com/hashcat/hashcat/blob/v6.2.5/src/folder.c#L384




^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#57187: [PATCH] Update hashcat to 6.2.5
  2022-08-13 20:43 ` [bug#57187] [PATCH] Update hashcat to 6.2.5 Hendursaga via Guix-patches via
  2022-08-13 22:09   ` ( via Guix-patches via
  2022-08-13 23:22   ` Tobias Geerinckx-Rice via Guix-patches via
@ 2022-09-02 15:14   ` Ludovic Courtès
  2022-09-03 11:26   ` [bug#57187] " Maxime Devos
  3 siblings, 0 replies; 7+ messages in thread
From: Ludovic Courtès @ 2022-09-02 15:14 UTC (permalink / raw)
  To: Hendursaga; +Cc: 57187-done

Hi,

Hendursaga <hendursaga@aol.com> skribis:

> Unfortunately, I wasn't able to get hashcat to build reproducibly, and I'm not sure why, but 1) the 6.1.1 version wasn't reproducible, and 2) it's literally just a few bytes.

Since this is not a regression, I went ahead and applied it.

However, it’d be nice to address it of course.  But first, I think we
should remove the bundled OpenCL headers as well as zlib.  Could you
give it a try?

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#57187] [PATCH] Update hashcat to 6.2.5
  2022-08-13 20:43 ` [bug#57187] [PATCH] Update hashcat to 6.2.5 Hendursaga via Guix-patches via
                     ` (2 preceding siblings ...)
  2022-09-02 15:14   ` bug#57187: " Ludovic Courtès
@ 2022-09-03 11:26   ` Maxime Devos
  2022-09-03 17:51     ` Maxime Devos
  3 siblings, 1 reply; 7+ messages in thread
From: Maxime Devos @ 2022-09-03 11:26 UTC (permalink / raw)
  To: Hendursaga, 57187


[-- Attachment #1.1.1: Type: text/plain, Size: 574 bytes --]

I think I might have found the reproducibility problem:

src/Makefile has a line

> ./src/Makefile:COMPTIME                := $(shell date +%s)
and

./src/Makefile:    $(CC)    $(CFLAGS_NATIVE) $^ -o $@ $(HASHCAT_LIBRARY) 
$(LFLAGS_NATIVE) -DCOMPTIME=$(COMPTIME) -DVERSION_TAG=\"$(VERSION_TAG)\" 
-DINSTALL_FOLDER=\"$(INSTALL_FOLDER)\" 
-DSHARED_FOLDER=\"$(SHARED_FOLDER)\" 
-DDOCUMENT_FOLDER=\"$(DOCUMENT_FOLDER)\"

comptime seems to be only ever set, never actually used, so it should be 
safe to replace it with 0. I'll try a patch.


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 929 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#57187] [PATCH] Update hashcat to 6.2.5
  2022-09-03 11:26   ` [bug#57187] " Maxime Devos
@ 2022-09-03 17:51     ` Maxime Devos
  0 siblings, 0 replies; 7+ messages in thread
From: Maxime Devos @ 2022-09-03 17:51 UTC (permalink / raw)
  To: Hendursaga, 57187


[-- Attachment #1.1.1: Type: text/plain, Size: 657 bytes --]


On 03-09-2022 13:26, Maxime Devos wrote:
> I think I might have found the reproducibility problem:
>
> src/Makefile has a line
>
>> ./src/Makefile:COMPTIME                := $(shell date +%s)
> and
>
> ./src/Makefile:    $(CC)    $(CFLAGS_NATIVE) $^ -o $@ 
> $(HASHCAT_LIBRARY) $(LFLAGS_NATIVE) -DCOMPTIME=$(COMPTIME) 
> -DVERSION_TAG=\"$(VERSION_TAG)\" 
> -DINSTALL_FOLDER=\"$(INSTALL_FOLDER)\" 
> -DSHARED_FOLDER=\"$(SHARED_FOLDER)\" 
> -DDOCUMENT_FOLDER=\"$(DOCUMENT_FOLDER)\"
>
> comptime seems to be only ever set, never actually used, so it should 
> be safe to replace it with 0. I'll try a patch.
See #57560

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 929 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-09-03 17:52 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <87r11jswlt.fsf.ref@aol.com>
2022-08-13 20:43 ` [bug#57187] [PATCH] Update hashcat to 6.2.5 Hendursaga via Guix-patches via
2022-08-13 22:09   ` ( via Guix-patches via
2022-08-13 23:22   ` Tobias Geerinckx-Rice via Guix-patches via
2022-08-14  2:13     ` Hendursaga via Guix-patches via
2022-09-02 15:14   ` bug#57187: " Ludovic Courtès
2022-09-03 11:26   ` [bug#57187] " Maxime Devos
2022-09-03 17:51     ` Maxime Devos

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).