Well, the dependencies are a real problem and I'll get rid of this.
The latest update has only included minor changes (faster detection of driver crash on 4.4 kernel).
Please do a git clone again. I removed an ugly debug message (hallo - implemented to test Frame Check Sequence FCS).
Major update is done on hcxpcaptool:
-o <file> : output hccapx file
-O <file> : output raw hccapx file
-x <file> : output hccap file
-X <file> : output raw hccap file
-j <file> : output john WPAPSK-PMK file
-J <file> : output raw john WPAPSK-PMK file
-E <file> : output wordlist (autohex enabled) to use as input wordlist for cracker
-I <file> : output identity list
: needs to be sorted unique
-P <file> : output possible WPA/WPA2 plainmasterkey list
-T <file> : output management traffic information list
: european date : timestamp : mac_sta : mac_ap : essid
-A <file> : output nonce information list
: european date : timestamp : mac_sta : mac_ap : message : replaycount : nonce
-S <file> : output EAPOL information list
: european date : timestamp : mac_sta : mac_ap : message : replaycount : eapol_len : eapol
-H <file> : output dump raw packets in hex
-V : verbose (but slow) status output
-h : show this help
-v : show version
--time-error-corrections : maximum allowed time gap (default: 600s)
--nonce-error-corrections : maximum allowed nonce gap (default: 8)
: should be the same value as in hashcat
Prime goal was the detection of handshakes. You can test the new functions with the demo cap from this post:
https://hashcat.net/forum/thread-7207.html
Download the repository. Inside is a demo cap file: wpa2psk-linksys.cap (i think original from aircrack-ng trunk)
$ hcxpcaptool -o test.hccapx wpa2psk-linksys.cap
start reading from wpa2psk-linksys.cap
summary:
--------
file name..............: wpa2psk-linksys.cap
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11 (105)
endianess..............: little endian
read errors............: flawless
packets inside.........: 499
skippedpackets.........: 0
packets with FCS.......: 0
beacons................: 85
probe requests.........: 11
probe responses........: 6
association requests...: 4
association responses..: 4
authentications........: 8
deauthentications......: 3
EAPOL packets..........: 9
best handshakes........: 1
1 handshake(s) written to test.hccapx
$ hashcat -m 2500 test.hccapx wpa-sec.txt
hashcat (v4.0.1-84-g7c1fb014) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA/WPA2
Hash.Target......: linksys (AP:00:0b:86:c2:a4:85 STA:00:13:ce:55:98:ef)
Time.Started.....: Fri Jan 19 19:01:33 2018 (1 sec)
Time.Estimated...: Fri Jan 19 19:01:34 2018 (0 secs)
Guess.Base.......: File (wpa-sec.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 421.8 kH/s (2.74ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 40493/40493 (100.00%)
Rejected.........: 0/40493 (0.00%)
Restore.Point....: 0/40493 (0.00%)
Candidates.#1....: -> ١٢٣٤٥٦٧٨٩
HWMon.Dev.#1.....: Temp: 34c Fan: 29% Util: 86% Core:1835MHz Mem:5005MHz Bus:16
This cap is a really nice playground (thanks to JohnDN90). You can play around with the raw options and the error-corrections values. Depending on this options you will retrieve the best handshake or all 9 handshakes (3 are crackable):
$ hcxpcaptool -O test.hccapx *.cap
start reading from wpa2psk-linksys.cap
summary:
--------
file name..............: wpa2psk-linksys.cap
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11 (105)
endianess..............: little endian
read errors............: flawless
packets inside.........: 499
skippedpackets.........: 0
packets with FCS.......: 0
beacons................: 85
probe requests.........: 11
probe responses........: 6
association requests...: 4
association responses..: 4
authentications........: 8
deauthentications......: 3
EAPOL packets..........: 9
raw handshakes.........: 9
best handshakes........: 1
9 handshake(s) written to test.hccapx
$ hashcat -m 2500 test.hccapx wpa-sec.txt
hashcat (v4.0.1-84-g7c1fb014) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2
Hash.Target......: test.hccapx
Time.Started.....: Fri Jan 19 19:12:55 2018 (1 sec)
Time.Estimated...: Fri Jan 19 19:12:56 2018 (0 secs)
Guess.Base.......: File (wpa-sec.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 264.5 kH/s (2.77ms)
Recovered........: 3/9 (33.33%) Digests, 0/1 (0.00%) Salts
Progress.........: 40493/40493 (100.00%)
Rejected.........: 0/40493 (0.00%)
Restore.Point....: 40493/40493 (100.00%)
Candidates.#1....: -> ١٢٣٤٥٦٧٨٩
HWMon.Dev.#1.....: Temp: 39c Fan: 29% Util: 84% Core:1835MHz Mem:5005MHz Bus:16
The latest update has only included minor changes (faster detection of driver crash on 4.4 kernel).
Please do a git clone again. I removed an ugly debug message (hallo - implemented to test Frame Check Sequence FCS).
Major update is done on hcxpcaptool:
-o <file> : output hccapx file
-O <file> : output raw hccapx file
-x <file> : output hccap file
-X <file> : output raw hccap file
-j <file> : output john WPAPSK-PMK file
-J <file> : output raw john WPAPSK-PMK file
-E <file> : output wordlist (autohex enabled) to use as input wordlist for cracker
-I <file> : output identity list
: needs to be sorted unique
-P <file> : output possible WPA/WPA2 plainmasterkey list
-T <file> : output management traffic information list
: european date : timestamp : mac_sta : mac_ap : essid
-A <file> : output nonce information list
: european date : timestamp : mac_sta : mac_ap : message : replaycount : nonce
-S <file> : output EAPOL information list
: european date : timestamp : mac_sta : mac_ap : message : replaycount : eapol_len : eapol
-H <file> : output dump raw packets in hex
-V : verbose (but slow) status output
-h : show this help
-v : show version
--time-error-corrections : maximum allowed time gap (default: 600s)
--nonce-error-corrections : maximum allowed nonce gap (default: 8)
: should be the same value as in hashcat
Prime goal was the detection of handshakes. You can test the new functions with the demo cap from this post:
https://hashcat.net/forum/thread-7207.html
Download the repository. Inside is a demo cap file: wpa2psk-linksys.cap (i think original from aircrack-ng trunk)
$ hcxpcaptool -o test.hccapx wpa2psk-linksys.cap
start reading from wpa2psk-linksys.cap
summary:
--------
file name..............: wpa2psk-linksys.cap
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11 (105)
endianess..............: little endian
read errors............: flawless
packets inside.........: 499
skippedpackets.........: 0
packets with FCS.......: 0
beacons................: 85
probe requests.........: 11
probe responses........: 6
association requests...: 4
association responses..: 4
authentications........: 8
deauthentications......: 3
EAPOL packets..........: 9
best handshakes........: 1
1 handshake(s) written to test.hccapx
$ hashcat -m 2500 test.hccapx wpa-sec.txt
hashcat (v4.0.1-84-g7c1fb014) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Type........: WPA/WPA2
Hash.Target......: linksys (AP:00:0b:86:c2:a4:85 STA:00:13:ce:55:98:ef)
Time.Started.....: Fri Jan 19 19:01:33 2018 (1 sec)
Time.Estimated...: Fri Jan 19 19:01:34 2018 (0 secs)
Guess.Base.......: File (wpa-sec.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 421.8 kH/s (2.74ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 40493/40493 (100.00%)
Rejected.........: 0/40493 (0.00%)
Restore.Point....: 0/40493 (0.00%)
Candidates.#1....: -> ١٢٣٤٥٦٧٨٩
HWMon.Dev.#1.....: Temp: 34c Fan: 29% Util: 86% Core:1835MHz Mem:5005MHz Bus:16
This cap is a really nice playground (thanks to JohnDN90). You can play around with the raw options and the error-corrections values. Depending on this options you will retrieve the best handshake or all 9 handshakes (3 are crackable):
$ hcxpcaptool -O test.hccapx *.cap
start reading from wpa2psk-linksys.cap
summary:
--------
file name..............: wpa2psk-linksys.cap
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11 (105)
endianess..............: little endian
read errors............: flawless
packets inside.........: 499
skippedpackets.........: 0
packets with FCS.......: 0
beacons................: 85
probe requests.........: 11
probe responses........: 6
association requests...: 4
association responses..: 4
authentications........: 8
deauthentications......: 3
EAPOL packets..........: 9
raw handshakes.........: 9
best handshakes........: 1
9 handshake(s) written to test.hccapx
$ hashcat -m 2500 test.hccapx wpa-sec.txt
hashcat (v4.0.1-84-g7c1fb014) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2
Hash.Target......: test.hccapx
Time.Started.....: Fri Jan 19 19:12:55 2018 (1 sec)
Time.Estimated...: Fri Jan 19 19:12:56 2018 (0 secs)
Guess.Base.......: File (wpa-sec.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 264.5 kH/s (2.77ms)
Recovered........: 3/9 (33.33%) Digests, 0/1 (0.00%) Salts
Progress.........: 40493/40493 (100.00%)
Rejected.........: 0/40493 (0.00%)
Restore.Point....: 40493/40493 (100.00%)
Candidates.#1....: -> ١٢٣٤٥٦٧٨٩
HWMon.Dev.#1.....: Temp: 39c Fan: 29% Util: 84% Core:1835MHz Mem:5005MHz Bus:16