2012 was a year full of major security incidents: Flame, Shamoon, Flashback, Wiper, Gauss, and so on. As we are about to turn the page, many unsolved mysteries remain still. Perhaps the most interesting unsolved mysteries are related to the Gauss Trojan: the Palida Narrow font and the unknown encrypted payload.
Previously, weve published a blogpost about the encrypted payload hoping that the crypto community will take on the challenge and break the encryption scheme to reveal the true purpose of the mysterious malware.
Yesterday, Jens atom Steube, who is best known as the author of (ocl)hashcat – a GPU accelerated password recovery tool, released his Gauss cracker as open source software under a GPL license. This is a major breakthrough towards solving the Gauss encryption scheme because of the speeds it achieves: 489k c/s on a AMD Radeon HD 7970 card. If youre wondering, this is over 30 times faster than an AMD FX 8120 CPU.
You can download the sources and Linux binary from Jens ‘hashcat’ page.
Happy New (Cracking) Year!
Hashcat’s GPU-accelerated Gauss encryption cracker