diff --git a/src/rules.c b/src/rules.c
index b95f39ad2b..2d837ff8aa 100644
--- a/src/rules.c
+++ b/src/rules.c
@@ -1437,60 +1437,106 @@ char *rules_apply(char *word_in, char *rule, int split)
 			}
 			break;
 
-/* Additional "single crack" mode rules */
-		case '1':
-			if (split < 0)
-				goto out_ERROR_UNALLOWED;
-			if (!split) REJECT
-			if (which)
-				memcpy(buffer[2][STAGE],
-				       in, length + 1);
-			else
-				strnzcpy(buffer[2][STAGE],
-				         &word[split],
-				    RULE_WORD_SIZE);
-			length = split;
-			if (length > RULE_WORD_SIZE - 1)
-				length = RULE_WORD_SIZE - 1;
-			memcpy(in, word, length);
-			in[length] = 0;
-			which = 1;
+		case 'h': /*convert the entire password to lowercase hex */
+			{
+				char outbuf[RULE_WORD_SIZE * 2];
+				int i;
+				if (length * 2 >= RULE_WORD_SIZE)
+					break;
+				for (i = 0; i < length; i++)
+					sprintf(&outbuf[i * 2], "%02x", (unsigned char)in[i]);
+				strcpy(in, outbuf);
+				length *= 2;
+			}
 			break;
 
-		case '2':
-			if (split < 0)
-				goto out_ERROR_UNALLOWED;
-			if (!split) REJECT
-			if (which) {
-				memcpy(buffer[2][STAGE],
-				       in, length + 1);
-			} else {
-				length = split;
-				if (length > RULE_WORD_SIZE - 1)
-					length = RULE_WORD_SIZE - 1;
-				strnzcpy(buffer[2][STAGE],
-				         word, length + 1);
+			case 'H': /*convert the entire password to uppercase hex*/
+			{
+				char outbuf[RULE_WORD_SIZE * 2];
+				int i;
+				if (length * 2 >= RULE_WORD_SIZE)
+					break;
+				for (i = 0; i < length; i++)
+					sprintf(&outbuf[i * 2], "%02X", (unsigned char)in[i]);
+				strcpy(in, outbuf);
+				length *= 2;
 			}
-			strnzcpy(in, &word[split], RULE_WORD_SIZE);
-			length = strlen(in);
-			which = 2;
 			break;
 
-		case '+':
-			if (hc_logic || !which) {
-				/* HC rule: increment character */
-				unsigned int x;
-				POSITION(x)
-				if (x < length)
-					++in[x];
-				break;
+			case 'B': /* add byte value of X at pos N, bytewise. Format: BNX */
+			{
+				unsigned int pos;
+				unsigned char val;
+				POSITION(pos)
+				VALUE(val)
+				if (pos < length)
+				{
+					in[pos] = (unsigned char)(in[pos] + val);
+				}
 			}
-			switch (which) {
-			case 1:
-				strcat(in, buffer[2][STAGE]);
+			break;
+
+				/* Additional "single crack" mode rules */
+			case '1':
+				if (split < 0)
+					goto out_ERROR_UNALLOWED;
+				if (!split)
+					REJECT
+				if (which)
+					memcpy(buffer[2][STAGE],
+						   in, length + 1);
+				else
+					strnzcpy(buffer[2][STAGE],
+							 &word[split],
+							 RULE_WORD_SIZE);
+				length = split;
+				if (length > RULE_WORD_SIZE - 1)
+					length = RULE_WORD_SIZE - 1;
+				memcpy(in, word, length);
+				in[length] = 0;
+				which = 1;
 				break;
 
-			case 2:
+			case '2':
+				if (split < 0)
+					goto out_ERROR_UNALLOWED;
+				if (!split)
+					REJECT
+				if (which)
+				{
+					memcpy(buffer[2][STAGE],
+						   in, length + 1);
+				}
+				else
+				{
+					length = split;
+					if (length > RULE_WORD_SIZE - 1)
+						length = RULE_WORD_SIZE - 1;
+					strnzcpy(buffer[2][STAGE],
+							 word, length + 1);
+				}
+				strnzcpy(in, &word[split], RULE_WORD_SIZE);
+				length = strlen(in);
+				which = 2;
+				break;
+
+			case '+':
+				if (hc_logic || !which)
+				{
+					/* HC rule: increment character */
+					unsigned int x;
+					POSITION(x)
+					if (x < length)
+						++in[x];
+					break;
+				}
+				switch (which)
+				{
+				case 1:
+					strcat(in, buffer[2][STAGE]);
+					break;
+
+				case 2:
 				{
 					char *out;
 					GET_OUT