Passware Forensic Kit, a distributed password-cracking solution, officially supports macOS. However, there are two major limitations compared to its Windows and Linux support:
- There is no headless Agent for macOS, so if Windows, Linux, and macOS devices are part of the same cluster, the Mac must be the machine distributing tasks to others. As a result, only one Mac can be used in a cluster.
- On Apple Silicon Macs, OpenCL is highly unstable, hence the M-series GPUs can't be used for decryption tasks by default. This is due to a half-baked OpenCL implementation (which Apple officially deprecated in 2018 before the switch to Apple Silicon architecture), leading to regular crashes.
Ideally, Passware would offer a native arm64 build (instead of a Rosetta-translated x86 one) with support for Metal Compute Shaders instead of relying on outdated OpenCL. However, given the niche use case, this is unlikely to happen. And while it absolutely does not make sense to get a Mac for password-cracking purposes, but if you already have a few Macs in your lab, why not use them too? That's where Asahi Linux with Vulkan GPU driver steps in. While we could simply spin up an x86 Linux VM in OrbStack to run the Linux headless agent from macOS, that would not let us use the GPU.
- Install Asahi Linux
curl https://alx.sh | sh-
Boot into Asahi Linux
-
Get the latest drivers
sudo dnf upgrade --refresh && reboot- Install the Asahi Steam wrapper that ships with the required
FEXandmuvmpackages
sudo dnf install steam-
Download and extract
passware-kit-agent-64bit_2024.4.0.tar.gzinto~/Downloads/passware-kit-agent-64bit -
Install Fedora 41-based MESA overlays (temporary workaround until Fedora 41 Asahi ships) required for OpenCL to work
wget https://download.copr.fedorainfracloud.org/results/@asahi/mesa/fedora-41-i386/08122408-mesa/mesa-fex-emu-overlay-i386-24.3.0~asahipre20241006-1.fc41.noarch.rpm
wget https://download.copr.fedorainfracloud.org/results/@asahi/mesa/fedora-41-x86_64/08122408-mesa/mesa-fex-emu-overlay-x86_64-24.3.0~asahipre20241006-1.fc41.noarch.rpm
sudo dfs install mesa-fex-emu-overlay-i386-24.3.0~asahipre20241006-1.fc41.noarch.rpm
sudo dfs install mesa-fex-emu-overlay-x86_64-24.3.0~asahipre20241006-1.fc41.noarch.rpm- Download and extract libgsf
wget https://rpmfind.net/linux/fedora/linux/updates/40/Everything/x86_64/Packages/l/libgsf-1.14.53-1.fc40.x86_64.rpm
rpm2cpio libgsf-1.14.53-1.fc40.x86_64.rpm | cpio -idmv ./usr/lib64/libgsf-1.so.114.0.53
mv ./usr/lib64/libgsf-1.so.114.0.53 ~/Downloads/passware-kit-agent-64bit/libgsf-1.so.114- Create a passt socket with relevant ports forwarded
passt -f -u 10555,10776,10777 -s /tmp/muvm.socket- Start muvm using the created socket
muvm --passt-socket="/tmp/muvm.socket" --env="PASSWARE_OPENCL_VENDORS=Apple" sh- The passware agent should now detect your OpenCL device
sh-5.2$ ~/Downloads/passware-kit-agent-64bit/passware-kit-agent -l
cpu1 = Apple Avalanche (M2 Max) x8
gpu1 = OpenCL device [0] Unknown GPU Apple M2 Max (G14C B1)Q: Why do we need to install Steam, and what is muvm and passt?
A: The Passware Linux agent is an x86-64 ELF binary expecting a 4k Linux kernel, while Apple Silicon Macs have an arm64 CPU and use 16k kernel pages. We use FEX to translate the x86 code (similar to Rosetta on macOS), but it does not resolve the 4k vs. 16k kernel page issue. muvm spins up a microVM with a 4k kernel to bridge this gap, while passt serves as the network backend for muvm, forwarding the Passware-related ports. Although these tools can be manually installed, the Asahi Steam package conveniently handles this setup.
Q: Is CPU performance under FEX comparable to Rosetta?
A: The single-core score in Geekbench 6, running under FEX within the muvm VM, is less than half of Rosetta's score. Multi-core performance also sees degradation, partly because muvm only utilizes the 8 Performance cores, excluding Efficiency cores. However, as shown in the benchmarks below, the real-world performance is closer to Rosetta than the synthetic benchmark suggests.
Q: Is OpenCL performance under Asahi Linux comparable to macOS?
A: Comparing the "native" macOS Geekbench 6 OpenCL score with the Honeykrisp Vulkan driver score on Asahi, we currently reach about 40% of the hardware's potential. This is a promising result for an initial driver release, although there is significant room for improvement. The Asahi development team prioritizes correctness and completeness over speed, which will come into focus as the driver matures over time.
Q: Does this setup actually work?
A: Currently, no. The Vulkan driver is still in its infancy and Passware probably does something that breaks it one way or another. Since Geekbench OpenCL benchmark already works well, I believe that even Passware will eventually run better on Asahi than on macOS, which is likely to completely drop OpenCL support at some point. Besides not passing the GPU calibration step, running Passware with OpenCL enabled currently also locks up the GUI, as GPU preemption has not yet been implemented in the driver. As the ecosystem develops further, we can expect improved CPU and GPU performance under Asahi Linux, as well as better overall support and stability. I will keep testing future driver releases and I will update the benchmark table when the situation improves.
Q: How to enable the experimental OpenCL acceleration under macOS?
A: Run the following from the Terminal on your Mac:
PASSWARE_OPENCL_VENDORS="Apple" /Applications/Passware\ Kit\ Forensic\ 2024\ v4.0.app/Contents/MacOS/Passware\ Kit\ Forensic\ 2024\ v4.0| Apple Mac Studio M2 Max 64GB (2023) | CPU | GPU | ||||
| macOS | Asahi Linux | Delta | macOS | Asahi Linux | Delta | |
| File type | VirtualApple @ 2.50GHz x12 | Apple Avalanche (M2 Max) x8 | OpenCL device [0] Apple GPU Apple M2 Max@Built-in | OpenCL device [0] Unknown GPU Apple M2 Max (G14C B1) | ||
| MS Office 2010 | 1,333 | 1,043 | -21.76% | crash | - | 0% |
| MS Office 2013-2019 | 255 | 263 | 3.14% | 36,753 | - | -100% |
| APFS (encrypted) | 135 | 81 | -40.00% | 1,476 | - | -100% |
| FileVault Non-system Volume | 102 | 60 | -41.18% | 2,077 | - | -100% |
| RAR 5.0 | 239 | 131 | -45.19% | crash | - | 0% |
| Bitlocker Volume | 15 | 9 | -39.33% | 6,037 | - | -100% |
| 7-Zip 0.3 | 181 | 151 | -16.57% | 4,155 | - | -100% |
| Acrobat 6.0 | 800,104 | 592,089 | -26.00% | 57,875,052 | - | -100% |
| Blockchain wallet version 3 | 6,698 | 5,280 | -21.17% | crash | - | 0% |
| Cryptocurrency wallet (Bitcoin Core, Dash Core, Dogecoin, Litecoin) | 94 | 93 | -1.06% | 7,323 | - | -100% |
| iTunes Backup 5.0 | 3,407 | 2,643 | -22.42% | 929 | - | -100% |
| iWork 2013-2020 | 684 | 530 | -22.51% | 6,893 | - | -100% |
| TrueCrypt System Volume | 578 | 531 | -8.13% | crash | - | 0% |
| Zip 2.1 | 67,356 | 52,269 | -22.40% | 2,294,796 | - | -100% |