Hello all, I installed hashcat and hcxdumptool from Ubuntu 22.04:
$ sudo dpkg -l | grep hashcat
ii hashcat 6.2.5+ds1-2 amd64 World's fastest and most advanced password recovery utility
ii hashcat-data 6.2.5+ds1-2 all Data files for hashcat advanced password recovery utility
$ sudo dpkg -l | grep hcxdump
ii hcxdumptool 6.2.5-2 amd64 Small tool to capture packets from wlan devices
However, when I try to run the command:
$ sudo hcxdumptool -i wlan1 -o dumpfile.pcapng --active_beacon --enable_status=15
I get this:
initialization of hcxdumptool 6.2.5...
failed to set monitor mode, ioctl(SIOCSIWMODE) not supported by driver: Operation not permitted
warning: failed to init socket
terminating...
1 driver error encountered
failed to restore old SIOCSIWMODE: Operation not permitted
I currently have this adapter:
Bus 003 Device 002: ID 0bda:8812 Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
Should I try to download and install from source the latest versions of hashcat and hcxdumptool?
When doing additional research I found the following:
Quote:$ ethtool -i wlan1
driver: rtl88XXau
version: 6.5.0-25-generic
firmware-version:
expansion-rom-version:
bus-info: 3-1:1.0
supports-statistics: no
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
Older versions (< 6.3.0) of hcxdumptool use WIRELESS EXTENSIONs (WEXT) to control the device via ioctl() system calls.
RTL88xxau is a NETLINK only driver that does not support WEXT.
Starting with version 6.3.0 hcxdumptool moved to NETLINK (because WEXT is deprecated) and it should work, now.
https://github.com/ZerBea/hcxdumptool/bl...gelog#L167
Please notice that the your driver is an out of Linux tree driver which is not part of the official Linux kernel.
More information about this third party drivers is here:
https://github.com/morrownr/USB-WiFi/issues/314
I see @ZerBea,
Thank you very much for the information. I am not sure I am following what I need to do next to confirm the driver works, please correct me if I am wrong:
1. I need to download a newer/different version of the driver RTL88xxau, is there an official github page with the latest versions/release notes of these drivers?
2. I also need to make sure the driver I install is not part of the Linux Kernel tree? Ho do I accomplish this? by installing the correct driver?
I will be investigating myself in the meantime. Thank you again!
Hello @ZerBea,
Noted and thank you so very much for your response and advise. I will check the driver you shared and also look into Linux Stock Kernel Drivers. One thing though, I thoguht in the previous message you commented that the driver I was using was one of the Linux Kernel Drivers?
In any way, I will check the issues list, and then verify the type of driver I am currently using.
Again, Thank you! this information and links are very helpful, and I appreciate it.
Sincerely,
Maybe I explained it in a misleading way:
Your driver is a third party driver which is not part of the official Linux kernel.
The source of your driver is unknown, as well as monitor mode and frame injection capabilities.
Your driver is a NETLINK driver that does not support WEXT.
As a result, ancient drivers and tools will not work (as expected).
That shouldn't be a problem, because hcxdumptool (>= 6.3.0) moved completely to NETLINK.
To identify tools take a look at dmesg log:
Code:
$ sudo dmesg | grep extensions
If you see something like this, the tool is using deprecated WEXT:
Code:
[143049.646937] warning: `xxxxxxxxx' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
This warning should not appear on hcxdumptool >= 6.3.0.
Some more information about WIRELESS EXTENSIONS (WEXT):
https://wireless.wiki.kernel.org/en/deve...Extensions
Thank you again @ZerBea,
This is what I see on my end:
$ sudo dmesg | grep extensions
[ 84.575399] warning: `megasync' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
I will definitely continuing testing and reviewing the settings and check again if hashcash works.
Looks like some tools still use WEXT. But that has nothing to do with the driver.
A quick and dirty test of the aircrack-ng driver:
Complies and inserts fine running Linux kernel 6.8.1:
Code:
$ uname -r
6.8.1-arch1-1
$ make
make ARCH=x86_64 CROSS_COMPILE= -C /lib/modules/6.8.1-arch1-1/build M=/tmp/git_rtl8812au_aircrack-ng modules
make[1]: Entering directory '/usr/lib/modules/6.8.1-arch1-1/build'
make[1]: Leaving directory '/usr/lib/modules/6.8.1-arch1-1/build'
---------------------------------------------------------------------------
Visit https://github.com/aircrack-ng/rtl8812au for support/reporting issues
or check for newer versions (branches) of these drivers.
---------------------------------------------------------------------------
$ insmod 88XXau.ko
Running hcxdumptool latest git head:
Code:
$ hcxdumptool -v
hcxdumptool 6.3.4-14-g3693e77 (C) 2024 ZeroBeat
running on Linux kernel 6.8.1-arch1-1
running GNU libc version 2.39
compiled by gcc 13.2.1
compiled with Linux API headers 6.7.0
compiled with GNU libc headers 2.39
enabled REALTIME DISPLAY
enabled GPS support
enabled BPF compiler
Driver information:
Code:
$ hcxdumptool -l
3 6 74da3876251a c8aacc43f6fd + wlp22s0f0u4 rtl88XXau NETLINK
Test target has been (successful) attacked in 6,403s (that include the time to init the device - this device is really slow):
Code:
$ time hcxdumptool -i wlp22s0f0u4 --bpf=target.bpfc -c 10a --rds=1 --exitoneapol=7 -w test.pcapng
0 ERROR(s) during runtime
128 Packet(s) captured by kernel
0 Packet(s) dropped by kernel
1 SHB written to pcapng dumpfile
1 IDB written to pcapng dumpfile
1 ECB written to pcapng dumpfile
5 EPB written to pcapng dumpfile
exit on EAPOL M1M2
real 0m6,403s
user 0m0,000s
sys 0m0,008s
Successful converted by hcxpcapngtool:
Code:
$ hcxpcapngtool -o test.hc22000 test.pcapng
hcxpcapngtool 6.3.4-6-gb7886cb reading from test.pcapng...
summary capture file
--------------------
file name.................................: test.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 6.8.1-arch1-1
application..............................: hcxdumptool 6.3.4-14-g3693e77
...
EAPOL pairs written to 22000 hash file...: 1 (RC checked)
PSK has been sucessful recovered by hashcat:
Code:
$ hashcat -m 22000 test.hc22000 -a 3 12345678
hashcat (v6.2.6-848-gc1a10518f) starting
...
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: test.hc22000
Time.Started.....: Tue Mar 19 18:32:22 2024 (0 secs)
Time.Estimated...: Tue Mar 19 18:32:22 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: 12345678 [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 40 H/s (0.65ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 12345678 -> 12345678
Hardware.Mon.#1..: Temp: 49c Util: 6% Core:1875MHz Mem:4001MHz Bus:8
Started: Tue Mar 19 18:32:00 2024
Stopped: Tue Mar 19 18:32:22 2024
That is the way as described in hashcat wiki:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
@ZerBea,
Excellent, I will proceed with testing that and respond with the result, I really appreciate the details!
Sincerely,