The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Hashcat's GPU-accelerated Gauss encryption cracker

Kaspersky Lab Expert
Posted December 28, 10:45  GMT
Tags: Linux, AMD, Gauss

2012 was a year full of major security incidents: Flame, Shamoon, Flashback, Wiper, Gauss, and so on. As we are about to turn the page, many unsolved mysteries remain still. Perhaps the most interesting unsolved mysteries are related to the Gauss Trojan: the Palida Narrow font and the unknown encrypted payload.

Previously, we’ve published a blogpost about the encrypted payload hoping that the crypto community will take on the challenge and break the encryption scheme to reveal the true purpose of the mysterious malware.

Yesterday, Jens ‘atom’ Steube, who is best known as the author of ‘(ocl)hashcat’ - a GPU accelerated password recovery tool, released his Gauss cracker as open source software under a GPL license. This is a major breakthrough towards solving the Gauss encryption scheme because of the speeds it achieves: 489k c/s on a AMD Radeon HD 7970 card. If you’re wondering, this is over 30 times faster than an AMD FX 8120 CPU.

You can download the sources and Linux binary from Jens’ 'hashcat' page.

Happy New (Cracking) Year!

Update: Version 1.1 has just been released and includes Windows binaries as well as other enhancements.



2012 Dec 28, 19:10


Thats very exciting! Hopefully we'll know what that payload contains soon. I also created an open source app to check the paths on the computer it is ran on - but its not near as advanced as that one.


Edited by lightswitch05, 2012 Dec 28, 19:45

If you would like to comment on this article you must first

Bookmark and Share

Related Links