hashcat Forum

hashcat Forum > Misc > User Contributions > hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Full Version: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

ZerBea

10-24-2020, 02:14 PM
Please specify the "invalid channel message" (exact output of hcxdumptool).

ciccio17

10-24-2020, 02:43 PM
hcxdumptool -i wlan0 -c xx
unknown channel selected

ZerBea

10-24-2020, 03:15 PM
Have you modified the default channel list as mentioned here:
https://hashcat.net/forum/thread-6661-po...l#pid50505

You want channel 74 ( -c 74).
First hcxdumptool check if desired channel is in channel list here:
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L6430

The allowed channel are here:
https://github.com/ZerBea/hcxdumptool/bl...ool.c#L226
channel 74 is not in this list, so you receive an error.

The default frequencies are here:
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L6464

They depend on standard 802.11 as mentioned here:
https://en.wikipedia.org/wiki/List_of_WLAN_channels

If you have patched your firmware and/or your driver the values inside this functions must match to the values of your patched firmware/driver!

ZerBea

10-24-2020, 06:09 PM
After some more investigation, I found this in ath9k/common-init.c:
https://git.kernel.org/pub/scm/linux/ker...?h=v5.8.16
Code:
/* Some 2 GHz radios are actually tunable on 2312-2732
* on 5 MHz steps, we support the channels which we know
* we have calibration data for all cards though to make
* this static */

It's time to play around with an Atheros device:
Code:
$ lsusb
ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n

$ hcxdumptool -I
wlan interfaces:
f81a67077d0e wlp39s0f3u1u1u2 (ath9k_htc)

hcxdumptool showing available channels as coded in ath9k/common-init.c:
Code:
static const struct ieee80211_channel ath9k_2ghz_chantable[] = {
    CHAN2G(2412, 0), /* Channel 1 */
    CHAN2G(2417, 1), /* Channel 2 */
    CHAN2G(2422, 2), /* Channel 3 */
    CHAN2G(2427, 3), /* Channel 4 */
    CHAN2G(2432, 4), /* Channel 5 */
    CHAN2G(2437, 5), /* Channel 6 */
    CHAN2G(2442, 6), /* Channel 7 */
    CHAN2G(2447, 7), /* Channel 8 */
    CHAN2G(2452, 8), /* Channel 9 */
    CHAN2G(2457, 9), /* Channel 10 */
    CHAN2G(2462, 10), /* Channel 11 */
    CHAN2G(2467, 11), /* Channel 12 */
    CHAN2G(2472, 12), /* Channel 13 */
    CHAN2G(2484, 13), /* Channel 14 */
};

$ sudo hcxdumptool -i wlp39s0f3u1u1u2 -C
initialization...
available channels:
  1 / 2412MHz (20 dBm)
  2 / 2417MHz (20 dBm)
  3 / 2422MHz (20 dBm)
  4 / 2427MHz (20 dBm)
  5 / 2432MHz (20 dBm)
  6 / 2437MHz (20 dBm)
  7 / 2442MHz (20 dBm)
  8 / 2447MHz (20 dBm)
  9 / 2452MHz (20 dBm)
10 / 2457MHz (20 dBm)
11 / 2462MHz (20 dBm)
12 / 2467MHz (20 dBm)
13 / 2472MHz (20 dBm)
14 / 2484MHz (20 dBm)

terminating...

By latest commit, I added support for additional 2.4GHz channels 15...33 (ath9k driver modification mandatory)
Code:
-c <digit>     : set channel (1,2,3, ...)
                 default channels: 1...13
                 maximum entries: 127
                 allowed channels (depends on the device):
                 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
                 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33 (driver modification)
                 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 68, 96
                 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128
                 132, 134, 136, 138, 140, 142, 144, 149, 151, 153, 155, 157, 159
                 161, 165, 169, 173

Channellist according to The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) channel patch:
https://github.com/0x90/The-Distribution...penCL-Well (Kali)-scripts/blob/master/patches/ath9k-htc-channels-unlock.patch
Code:
CHAN2G(2407, 14)
CHAN2G(2402, 15)
CHAN2G(2397, 16)
CHAN2G(2392, 17)
CHAN2G(2387, 18)
CHAN2G(2382, 19)
CHAN2G(2377, 20)
CHAN2G(2372, 21)
CHAN2G(2367, 22)
CHAN2G(2362, 23)
CHAN2G(2357, 24)
CHAN2G(2352, 25)
CHAN2G(2347, 26)
CHAN2G(2342, 27)
CHAN2G(2337, 28)
CHAN2G(2332, 29)
CHAN2G(2327, 30)
CHAN2G(2322, 31)
CHAN2G(2317, 32)
CHAN2G(2312, 33)

ciccio17

10-24-2020, 06:32 PM
hi zerbea, i can send you the patch i used for my spectrum

ZerBea

10-24-2020, 06:41 PM
Thanks, but I don't need it.
Please test latest git head. I need the exact output of hcxdumptool -i interface -C

ciccio17

10-24-2020, 06:53 PM
so i should switch radio? i need work with 2.4 ghz?

ZerBea

10-24-2020, 07:38 PM
No, not necessary. I'll dive into the driver code and rewrite hcxdumptool channel behavior. First on 2.4GHz - maybe I need some additional information on 5GHz later on. Thanks

ciccio17

10-24-2020, 07:56 PM
ok talk later i need go now. anyway last git show

hcxdumptool -i wlan0 -C
initialization...
interface is already in monitor mode
available channels:
1 / 2412MHz (26 dBm)
2 / 2417MHz (26 dBm)
3 / 2422MHz (26 dBm)
4 / 2427MHz (26 dBm)
5 / 2432MHz (26 dBm)
6 / 2437MHz (26 dBm)
7 / 2442MHz (26 dBm)
8 / 2447MHz (26 dBm)
9 / 2452MHz (26 dBm)
10 / 2457MHz (26 dBm)
11 / 2462MHz (26 dBm)
12 / 2467MHz (26 dBm)
13 / 2472MHz (26 dBm)
14 / 2484MHz (26 dBm)

ZerBea

10-24-2020, 08:54 PM
Ok, thanks.
By latest commit, default channels are not longer hard coded. Instead hcxdumptool take the channel from -c option and see if the driver is able to set it.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
hashcat Forum > Misc > User Contributions > hcxtools - solution for capturing wlan traffic and conversion to hashcat formats