hashcat Forum

Full Version: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
@WPA_Catcher nice suggestion, but not the philosophy of Arch Linux:
"Arch Linux adheres to five principles: simplicity, modernity, pragmatism, user centrality and versatility. In general, the principles maintain minimal distribution-specific changes, minimal breakage with updates, pragmatic over ideological design choices, user-friendliness, and minimal bloat."
hcxtools/hcxdumptool/hcxkeys are part of Arch Linux:

From README.md:
Multiple stand-alone binaries - designed to run on Arch Linux.

No chance for old tools working on old formats, only. I leave a limited option to convert to this old formats, but not more.

And, of course, the Unix philosophy, too (Linux is similar):
OK, no problem.
I just thought it would have been something you might have liked.
I am still learning in my spare time. Smile
Well, I'm retired, but I am still learning something new, too.
(01-14-2020, 06:31 PM)ZerBea Wrote: [ -> ]Well, not easy to explain:
But in simple words, it works like this procedure:
First step is to report an issue (if it is related to the kernel and not not to your distribution) here:
Next step is to wait for a fix/patch and to test it.
Third step is to wait until the fix reach the mainline kernel.
Last step is to wait until the (fixed) mainline kernel reach your distribution.

So, patience issue or change my wifi adapter
issue reported: 2019-10-24 08:50:38
received patch: 2019-10-28 11:59:09
tested patch: 2019-10-28 12:49:18
waiting for Kernel....
$ hcxdumptool -I
wlan interfaces:
503eaa1c3eab wlan0 (usb)

$ uname -r

so, not arrived, yet!
Ah you’re retired, I wondered how you were working on hcxtools so quickly.

As I am stuck with old formats I have always been concerned any capture I have may be unbreakable due to error/corruption and not password strength.

I understand all hcxtools are unlikely to produce an uncrackable hash which is due to error.  Are we allowed to know how you do this?  Is there a pdf or something explaining it?

As part of my learning I would like to look through a capture with wireshark and see if I can manually fix broken caps.

Also is there a gradient of good - excellent within hcxtools of the likely-hood of the hash being crackable?  What I am trying to ask is if there are several text hashes (new format) within the output for the same AP - Client is there a way for the user to pick the best option?

Before you start with Wireshark, take a look at the basics of 802.11
Than dive into the study guide here:
Start with a simple frame here:
Find it in your sample cap, using Wireshark.
Understand the information elements (IE) inside the frame and how a CLIENT acts, if he received this frame.
Do this on all frames of an authentication process:
Association request
Association response
Investigate, why some APs transmitting/requesting additional frames (e.g.: action frames during an authentication)

Read about EAPOL TIMER here:
What is their purpose, what will happen if a timer expire - and you will know why some of your converted handshakes are not recoverable.

If we include the radio part (HF) some knowledge about radio basics isn't so bad, too:
radio transmission power
antenna types
wave propagation
radio phase shift
radio modulation types
Thank you!
Don't thank me. That are only the basics.
Next part is to understand RSN-IE and WPA-IE. How do they affect the following EAP authentication.
Why isn't it enough to capture a BEACON and M2M3 (discover the difference between RSN-IE/WPA-IE of a BEACON and RSN-IE/WPA-IE of an ASSOCIATION REQUEST) within the same authentication sequence.
What is the function of AKM PSK/PSK256 and how does it affect calculation of the PMK.
And much more...
There is no need to run hcxtools on the new hashline format. Nearly every bash cmd is working on the new hashline:

e.g. running a simple bash line will give you the ESSID in ASCII format:
cat test.22000 | awk 'BEGIN { FS = "*" } ; { print $6 }' | perl -pe 's/(..)/chr(hex($1))/ge'