hashcat Forum

Full Version: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I saw people using Wlandump instead hcxdumptool.. any difference on the output?
wlandump-ng is the predecessor of hcxdumptool. It has less functions and it depend on libpcap. That make it slow.
hcxdumptool doesn't depend on libnl, libpcap, wiringpi and other wrappers. That will make it fast.

Could be possible to create a minimal raspberry distro just for hcxtools and access via ssh only?
Yes. This is a backup of my headless system, controlled via ssh:
$ ls -All
total 477912
-rw-r--r-- 1 root root 21043310 5. Jun 17:41 rpiboot.tgz
-rw-r--r-- 1 root root 468330646 5. Jun 17:43 rpiroot.tgz

from this base system:
ArchLinuxARM-rpi-latest.tar.gz 02-Jun-2019 17:47 43059753

No, beautiful GUI, no unnecessary tools - only speed!

BTW:
The gz files doesn't contain images. I don't like the idea to backup a system by "dd".
Seems that closing the ssh window from a terminal stops the process on the raspberry. Any other way to keep it alive ?


-- thanks, working great on the background.
run it as background task
$ hcxdumptool -i interface ..... &
Is any 5ghz dongle working good with hcxtools?
Im about to buy a dongle for another setup cause my AWUS 036AC from Alfa seems not to work.
TP-LINK Archer T2UH
ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G WLAN Adapter)

$ hcxdumptool -I
wlan interfaces:
503eaaa08f6f wlp3s0f0u10u2 (mt76x0u)

$ hcxdumptool -i wlp3s0f0u10u2 -C
initialization...
available channels:
 1 / 2412MHz (14 dBm)
 2 / 2417MHz (14 dBm)
 3 / 2422MHz (14 dBm)
 4 / 2427MHz (14 dBm)
 5 / 2432MHz (14 dBm)
 6 / 2437MHz (14 dBm)
 7 / 2442MHz (14 dBm)
 8 / 2447MHz (14 dBm)
 9 / 2452MHz (14 dBm)
10 / 2457MHz (14 dBm)
11 / 2462MHz (14 dBm)
12 / 2467MHz (14 dBm)
13 / 2472MHz (14 dBm)
14 / 2484MHz (14 dBm)
36 / 5180MHz (17 dBm)
40 / 5200MHz (17 dBm)
44 / 5220MHz (17 dBm)
48 / 5240MHz (17 dBm)
52 / 5260MHz (17 dBm)
56 / 5280MHz (17 dBm)
60 / 5300MHz (17 dBm)
64 / 5320MHz (17 dBm)
100 / 5500MHz (17 dBm)
104 / 5520MHz (17 dBm)
108 / 5540MHz (17 dBm)
112 / 5560MHz (17 dBm)
116 / 5580MHz (17 dBm)
120 / 5600MHz (17 dBm)
124 / 5620MHz (17 dBm)
128 / 5640MHz (17 dBm)
132 / 5660MHz (17 dBm)
136 / 5680MHz (17 dBm)
140 / 5700MHz (17 dBm)
149 / 5745MHz (17 dBm)
153 / 5765MHz (17 dBm)
157 / 5785MHz (17 dBm)
161 / 5805MHz (17 dBm)
165 / 5825MHz (17 dBm)


Requirement: new kernel!
$ uname -r
5.1.7-arch1-1-ARCH
Just being wondering.. what do you use the gpio_button for? its a trigger?
BTW Im looking for the --enable_status values and cant find the meaning of each. any guide?
If you take a look at this photo:
https://github.com/ZerBea/hcxdumptool/wi...g-system-1
You'll see a "push button" and a LED.

Both are used to control the RPI.
The push button is used to safely shut the RPI down.
The LED is used to indicate the status.
LED flashing every 5 seconds: everything's fine
LED permanent on: no signal received - perhaps no traffic on the channel or driver broken
LED flashing twice every 5 seconds: RPI is under control of hcxpioff

circuit diagram is here:
https://github.com/ZerBea/hcxdumptool/tree/master/docs

--enable_status is explained in --help
--enable_status=<digit>            : enable status messages
                                    bitmask:
                                     1: EAPOL
                                     2: PROBEREQUEST/PROBERESPONSE
                                     4: AUTHENTICATON
                                     8: ASSOCIATION
                                    16: BEACON

We use a bitmask to select the options.

For example:
--enable_status=1 : show only EAPOL info
--enable_status=2 : show only PROBEREQUEST/PROBERESPONSE

to get both messages you must add the values:
--enable_status=3 : show EAPOL info and PROBEREQUEST/PROBERESPONSE info

That's the "secret" of the --enable_status switch. In other words we can use many options running a single switch.

BTW:
Sent you a PM.
ASUS AC51:
ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U]

$ hcxdumptool -I
wlan interfaces:
0c9d92b486ca wlp0s20f0u1 (mt76x0u)

$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
1 / 2412MHz (16 dBm)
2 / 2417MHz (16 dBm)
3 / 2422MHz (16 dBm)
4 / 2427MHz (16 dBm)
5 / 2432MHz (16 dBm)
6 / 2437MHz (16 dBm)
7 / 2442MHz (16 dBm)
8 / 2447MHz (16 dBm)
9 / 2452MHz (16 dBm)
10 / 2457MHz (16 dBm)
11 / 2462MHz (16 dBm)
12 / 2467MHz (16 dBm)
13 / 2472MHz (16 dBm)
14 / 2484MHz (16 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)

$ uname -r
5.1.7-arch1-1-ARCH
Edimax EW-7811UAC
ID 7392:a812 Edimax Technology Co., Ltd

$ hcxdumptool -I
wlan interfaces:
74da380645e7 wlp0s20f0u1 (rtl88xxau)

$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
1 / 2412MHz (18 dBm)
2 / 2417MHz (18 dBm)
3 / 2422MHz (18 dBm)
4 / 2427MHz (18 dBm)
5 / 2432MHz (18 dBm)
6 / 2437MHz (18 dBm)
7 / 2442MHz (18 dBm)
8 / 2447MHz (18 dBm)
9 / 2452MHz (18 dBm)
10 / 2457MHz (18 dBm)
11 / 2462MHz (18 dBm)
12 / 2467MHz (18 dBm)
13 / 2472MHz (18 dBm)
14 / 2484MHz (18 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
144 / 5720MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)
169 / 5845MHz (18 dBm)
173 / 5865MHz (18 dBm)

$ uname -r
5.1.7-arch1-1-ARCH

Running not out of the box. Get driver from here:
https://github.com/aircrack-ng/rtl8812au

aircrack-ng team is doing a really good job here!
So, my awus036ac should work too, as they share the driver. Is it necessary to start airmon-ng on the interface before hcxdumptool?
I'm doing it, but don't know if it's right.