Apple Silicon

Hashcat on Apple Silicon: GPU-Accelerated Password Cracking

Apple Silicon Macs (M1, M2, M3, M4) aren't just for creative work and AI inference—they're surprisingly capable password-cracking machines. With hashcat's native Metal backend, you can leverage those GPU cores for high-speed hash cracking right from your MacBook.

Legal Disclaimer: Only use hashcat on systems and data you own or have explicit written permission to test. Unauthorized password cracking is illegal and can result in criminal prosecution. This guide is for educational and authorized security testing purposes only.

Why Apple Silicon for Password Cracking?

Traditionally, password cracking has been dominated by NVIDIA GPUs with their CUDA cores. But Apple Silicon changes the game for Mac users:

  • Native Metal support since hashcat v6.2.5 (no more CPU-only or Rosetta workarounds)
  • Unified memory architecture means the GPU can access all system RAM
  • Power efficiency makes it practical for extended cracking sessions on laptops
  • No external GPU needed for respectable performance

Important: Apple Silicon won't beat a dedicated NVIDIA RTX 4090 in raw speed. But for Mac users, it's the best option available—and it's surprisingly capable.

Performance Comparison

Apple Silicon vs NVIDIA GPUs

Let's be realistic about expectations. Here's how Apple Silicon compares to dedicated GPUs:

GPU MD5 (MH/s) SHA1 (MH/s) WPA2 (kH/s) Power Draw
RTX 4090 ~164,000 ~54,000 ~2,500 450W
RTX 3090 ~65,000 ~21,000 ~1,106 350W
RTX 3080 ~45,000 ~15,000 ~769 320W
M2 Ultra ~26,410 ~10,866 ~400* 60W
M2 Max ~16,720 ~6,844 ~250* 40W
M1 Ultra ~17,137 ~6,098 ~207 60W
M3 Max ~14,172 ~6,272 ~220* 40W
M2 Pro ~7,040 ~2,845 ~140* 30W
M3 Pro ~6,802 ~3,020 ~120* 30W
M1 Pro ~4,500 ~2,000 ~103 30W

*Estimated based on scaling from benchmark data

The Reality Check

An RTX 3090 is roughly 5x faster than an M1 Max for WPA2 cracking. An RTX 4090 would be even faster.

But consider:

  • An RTX 4090 costs $1,600+ and requires a desktop PC
  • It draws 450W of power
  • You can't take it to a coffee shop

If you already have a Mac with Apple Silicon, hashcat's Metal backend turns it into a capable cracking machine at no additional cost.

Performance Per Watt

Apple Silicon shines in efficiency:

GPU WPA2 (kH/s) Power (W) kH/s per Watt
RTX 4090 ~2,500 450 5.6
RTX 3090 ~1,106 350 3.2
M2 Ultra ~400 60 6.7
M2 Max ~250 40 6.3
M2 Pro ~140 30 4.7
M3 Pro ~120 30 4.0

The M2 Ultra actually delivers better performance per watt than an RTX 4090 for WPA2 cracking.

Apple Silicon Technical Specifications

Understanding your chip's specifications helps explain hashcat performance. More GPU cores and higher memory bandwidth directly translate to faster cracking.

M1 Family (5nm, 1st generation)

Chip CPU Cores GPU Cores Neural Engine Memory BW Max RAM Transistors
M1 8 (4P + 4E) 7-8 16-core (11 TOPS) 68 GB/s 16 GB 16B
M1 Pro 8-10 (6-8P + 2E) 14-16 16-core (11 TOPS) 200 GB/s 32 GB 33.7B
M1 Max 10 (8P + 2E) 24-32 16-core (11 TOPS) 400 GB/s 64 GB 57B
M1 Ultra 20 (16P + 4E) 48-64 32-core (22 TOPS) 800 GB/s 128 GB 114B

M2 Family (5nm, 2nd generation)

Chip CPU Cores GPU Cores Neural Engine Memory BW Max RAM Transistors
M2 8 (4P + 4E) 8-10 16-core (15.8 TOPS) 100 GB/s 24 GB 20B
M2 Pro 10-12 (6-8P + 4E) 16-19 16-core (15.8 TOPS) 200 GB/s 32 GB 40B
M2 Max 12 (8P + 4E) 30-38 16-core (15.8 TOPS) 400 GB/s 96 GB 67B
M2 Ultra 24 (16P + 8E) 60-76 32-core (31.6 TOPS) 800 GB/s 192 GB 134B

M3 Family (3nm, 1st generation)

Chip CPU Cores GPU Cores Neural Engine Memory BW Max RAM Transistors
M3 8 (4P + 4E) 8-10 16-core (18 TOPS) 100 GB/s 24 GB 25B
M3 Pro 11-12 (5-6P + 6E) 14-18 16-core (18 TOPS) 150 GB/s 36 GB 37B
M3 Max 14-16 (10-12P + 4E) 30-40 16-core (18 TOPS) 300-400 GB/s 128 GB 92B

M4 Family (3nm, 2nd generation)

Chip CPU Cores GPU Cores Neural Engine Memory BW Max RAM Transistors
M4 10 (4P + 6E) 10 16-core (38 TOPS) 120 GB/s 32 GB 28B
M4 Pro 14 (10P + 4E) 20 16-core (38 TOPS) 273 GB/s 64 GB ~55B
M4 Max 16 (12P + 4E) 40 16-core (38 TOPS) 546 GB/s 128 GB ~92B

Legend:

  • P = Performance cores (high-power, fast)
  • E = Efficiency cores (low-power, background tasks)
  • TOPS = Trillion Operations Per Second (Neural Engine AI performance)
  • Memory BW = Memory Bandwidth (higher = faster data transfer to GPU)
  • B = Billion transistors

Key insight: GPU cores matter most for hashcat. The M2 Pro's 16-19 GPU cores explain why it achieves ~7,000 MH/s on MD5, roughly half of the M2 Max's 30-38 cores at ~16,700 MH/s.

Installation

Prerequisites

  • macOS 12 (Monterey) or later
  • Apple Silicon Mac (M1, M2, M3, or M4)
  • Homebrew package manager

Install via Homebrew

# Install Homebrew if not already installed
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

# Install hashcat
brew install hashcat

Verify installation:

hashcat --version

You need hashcat v6.2.5 or later for Metal support. Homebrew typically provides the latest version.

Verify Metal Backend

Check that hashcat detects your GPU:

hashcat -I

You should see output like:

Backend Device ID #1 (Alias: #2)
  Type...........: GPU
  Vendor.ID......: 8
  Vendor.........: Apple Inc.
  Name...........: Apple M2 Max
  Processor(s)...: 38
  Backend........: Metal

Note: You may see "Device #2: Apple's OpenCL drivers (GPU) are known to be unreliable." This is expected—hashcat automatically uses the Metal backend instead.

Running Benchmarks

Test your system's performance across all hash types:

hashcat -b

For a specific hash type (e.g., WPA2):

hashcat -b -m 22000

Sample M2 Max Benchmark Output

Hashmode: 0 - MD5
Speed.#1.........: 16719.5 MH/s (75.50ms) @ Accel:512 Loops:1024 Thr:64 Vec:1

Hashmode: 100 - SHA1
Speed.#1.........:  6844.0 MH/s (75.53ms) @ Accel:256 Loops:1024 Thr:64 Vec:1

Hashmode: 1400 - SHA2-256
Speed.#1.........:  2622.9 MH/s (79.56ms) @ Accel:256 Loops:512 Thr:64 Vec:1

Hashmode: 22000 - WPA-PBKDF2-PMKID+EAPOL
Speed.#1.........:   250.3 kH/s (70.42ms) @ Accel:32 Loops:512 Thr:64 Vec:1

Cracking WPA2 Handshakes

If you captured a WPA2 handshake (see our Aircrack-ng tutorials), convert it to hashcat format:

# Install hcxtools
brew install hcxtools

# Convert capture file
hcxpcapngtool -o hash.hc22000 capture-01.cap

Then crack with hashcat:

hashcat -m 22000 hash.hc22000 ~/wordlists/rockyou.txt

Estimated WPA2 Cracking Times

Using rockyou.txt (~14 million passwords):

Chip Speed (kH/s) Time to Complete
M1 ~50 ~4.8 hours
M1 Pro ~103 ~2.3 hours
M2 Pro ~140 ~1.7 hours
M1 Max ~207 ~1.2 hours
M2 Max ~250 ~1.0 hour
M2 Ultra ~400 ~36 minutes
RTX 3090 ~1,106 ~13 minutes
RTX 4090 ~2,500 ~6 minutes

For larger wordlists or rule-based attacks, the time difference becomes more significant.

Optimization Tips

1. Use Optimized Kernels

The -O flag enables optimized kernels that boost speed at the cost of maximum password length (usually 32 characters):

hashcat -O -m 22000 hash.hc22000 wordlist.txt

2. Let the GPU Do the Work

Don't try to combine CPU and GPU processing. On Apple Silicon, the GPU alone provides better results:

# Use only the Metal GPU (device 2)
hashcat -d 2 -m 22000 hash.hc22000 wordlist.txt

3. Workload Profiles

Adjust workload intensity based on your use case:

# Low power (laptop on battery)
hashcat -w 1 -m 22000 hash.hc22000 wordlist.txt

# Default (balanced)
hashcat -w 2 -m 22000 hash.hc22000 wordlist.txt

# High performance (plugged in, dedicated cracking)
hashcat -w 3 -m 22000 hash.hc22000 wordlist.txt

# Nightmare mode (maximum performance, system may lag)
hashcat -w 4 -m 22000 hash.hc22000 wordlist.txt

4. Monitor Temperature

Apple Silicon throttles when hot. Keep your Mac cool:

# Check GPU temperature during cracking
sudo powermetrics --samplers smc -i 1000 | grep -i "GPU"

Consider:

  • Using a laptop stand for better airflow
  • Keeping ambient temperature low
  • Avoiding blocking ventilation

5. Use Session Management

For long-running attacks, use sessions to resume if interrupted:

# Start with a session name
hashcat --session=wpa2crack -m 22000 hash.hc22000 wordlist.txt

# Resume later
hashcat --session=wpa2crack --restore

Attack Modes

Dictionary Attack (Mode 0)

The simplest attack—test every word in a wordlist:

hashcat -a 0 -m 22000 hash.hc22000 wordlist.txt

Dictionary + Rules (Mode 0 with rules)

Apply transformation rules to each word:

hashcat -a 0 -m 22000 hash.hc22000 wordlist.txt -r /opt/homebrew/share/hashcat/rules/best64.rule

Common rules included with hashcat:

  • best64.rule - 64 effective transformations
  • rockyou-30000.rule - 30,000 rules derived from rockyou analysis
  • d3ad0ne.rule - Comprehensive rule set

Combinator Attack (Mode 1)

Combine words from two dictionaries:

hashcat -a 1 -m 22000 hash.hc22000 dict1.txt dict2.txt

Brute Force (Mode 3)

Try all combinations of a character set:

# 8-character lowercase + digits
hashcat -a 3 -m 22000 hash.hc22000 ?l?l?l?l?l?l?d?d

# Custom charset
hashcat -a 3 -m 22000 hash.hc22000 -1 ?l?d ?1?1?1?1?1?1?1?1

Character sets:

  • ?l - lowercase (a-z)
  • ?u - uppercase (A-Z)
  • ?d - digits (0-9)
  • ?s - special characters
  • ?a - all printable ASCII

Hybrid Attacks (Modes 6 & 7)

Combine dictionary words with brute force:

# Word + 4 digits (password1234)
hashcat -a 6 -m 22000 hash.hc22000 wordlist.txt ?d?d?d?d

# 2 digits + word (12password)
hashcat -a 7 -m 22000 hash.hc22000 ?d?d wordlist.txt

Common Hash Types

Mode Hash Type Example Use Case
0 MD5 Legacy web apps
100 SHA1 Older applications
1400 SHA2-256 Modern applications
1700 SHA2-512 High-security apps
1000 NTLM Windows passwords
3200 bcrypt Modern web apps
22000 WPA-PBKDF2 WiFi passwords
13400 KeePass Password managers
13721-13723 VeraCrypt Encrypted volumes

Troubleshooting

"No devices found/left"

Ensure you're running hashcat v6.2.5 or later:

hashcat --version
brew upgrade hashcat

Metal Backend Not Detected

Check macOS version (requires 12+):

sw_vers

Hash Mode Skipped

Some hash modes don't work on Metal due to driver limitations. You'll see:

* Device #1: Skipping hash-mode 6211 - a]known Metal runtime and/or device driver issue (not a hashcat issue)

These modes require an NVIDIA GPU with CUDA.

Performance Lower Than Expected

  1. Check if you're on battery power (throttled)
  2. Verify thermal throttling isn't occurring
  3. Use -w 3 or -w 4 for higher performance
  4. Close other GPU-intensive applications

System Becomes Unresponsive

Use a lower workload profile:

hashcat -w 2 -m 22000 hash.hc22000 wordlist.txt

Or limit GPU usage with --gpu-temp-abort and --gpu-temp-retain.

Real-World Expectations

Be realistic about what Apple Silicon can accomplish:

Good for:

  • Testing your own passwords and security policies
  • CTF competitions and learning
  • Cracking common/weak passwords
  • Dictionary attacks with moderate wordlists
  • Situations where you need portability

Not ideal for:

  • Large-scale professional password auditing
  • Attacking strong, unique passwords
  • Competing with dedicated GPU rigs
  • Hash types requiring CUDA

Summary

Task Command
Install hashcat brew install hashcat
Check GPU detection hashcat -I
Run benchmark hashcat -b
Benchmark specific hash hashcat -b -m 22000
Dictionary attack hashcat -a 0 -m [mode] hash.txt wordlist.txt
With rules hashcat -a 0 -m [mode] hash.txt wordlist.txt -r rules.rule
Brute force hashcat -a 3 -m [mode] hash.txt ?a?a?a?a?a?a
High performance hashcat -w 3 -O -m [mode] hash.txt wordlist.txt
Save session hashcat --session=name -m [mode] hash.txt wordlist.txt
Resume session hashcat --session=name --restore

References

Official Documentation:

Apple Silicon Benchmarks:

Apple Silicon Specifications:

Performance Optimization:

Related Tutorials:

Read next