hashcat Forum

Full Version: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
From hcxdumptool changelog:
Code:
06.05.2023
==========
hcxdumptool: added option to save GPS information to pcapng dumpfile
--nmea_pcapng                  : write GPS information to pcapng dump file

There are standard and non-standard (e.g. Kismet GPS data) message formats. Nearly all GPS receivers output NMEA data. The NMEA standard is formatted in lines of data called sentences. Each sentence contains various bits of data organized in comma delimited format (i.e. data separated by commas).
https://en.wikipedia.org/wiki/NMEA_0183
https://www.tronico.fi/OH6NT/docs/NMEA0183.pdf

NME0183 GPRMC, GPGGA and GPWPL sentences are directly stored to a PCPNG CUSTOM BLOCK:
https://github.com/ZerBea/hcxdumptool/bl...C1-L995C30

hcxpcapngtool detect the presence of NMEA 0183 (recorded by hcxdumptool) and store it either as NMEA 0183 or as CSV (both formats are very common and widely used):
Code:
--nmea=<file>                      : output GPS data in NMEA 0183 format
                                     format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                     to convert it to gpx, use GPSBabel:
                                     gpsbabel -i nmea -f hcxdumptool.nmea -o gpx,gpxver=1.1 -F hcxdumptool.gpx
                                     to display the track, open file.gpx with viking
--csv=<file>                       : output ACCESS POINT information in CSV format
                                     delimiter: tabulator (0x08)
                                     columns:
                                     YYYY-MM-DD HH:MM:SS MAC_AP ESSID ENC_TYPE CIPHER AKM COUNTRY_INFO CHANNEL RSSI GPS(DM.m) GPS(D.d) GPSFIX SATCOUNT HDOP ALTITUDE UNIT
                                     to convert it to other formats, use bash tools or scripting languages
                                     GPS FIX:
                                     0 = fix not available or invalid
                                     1 = fix valid (GPS SPS mode)
                                     2 = fix valid (differential GPS SPS Mode)
                                     3 = not supported
                                     4 = not supported
                                     5 = not supported
                                     6 = fix valid (Dead Reckoning Mode)

There is no plan to add an additional format, because the entire information is available in NMEA 0183 fields or CSV fields.
Conversion to whatever you want can be done by simple bash commands or tools like
gpsbabel
https://www.gpsbabel.org/
or online converters
https://duckduckgo.com/?q=nmea+0183+gps+...fab&ia=web

Viking will show this e.g. by GPS babel converted data on a map:
https://github.com/viking-gps/viking
NMEA 0183 is well documented and there are various "how-to" in www, e.g.:
https://wiki.openstreetmap.org/wiki/Conv...MEA_to_GPX

Am example is here:
https://github.com/ZerBea/hcxdumptool/issues/157
Thanks! This should be enough to get started on some scripts to convert to the format I need.
Glad to read this.

Pre-process data at runtime (to a non standard format) take a lot of CPU cycles.

And there are a lot of them:
https://www.gpsbabel.org/capabilities.html

hcxdumptool use and deliver this standard formats:

radiotap (interface information - taken from the interface)
https://www.radiotap.org/

80211 MAC (frames - taken from the traffic)
https://en.wikipedia.org/wiki/802.11_Frame_Types

NMEA 0183 (GPS - taken from the GPS receiver)
https://en.wikipedia.org/wiki/NMEA_0183

pcapng (storage)
https://pcapng.com

and hcxpcapngtool convert them to formats, hashcat and JtR understand.
Hi, ZerBea! Could you kindly provide examples of launching the hcxdumptool (ver6.3.1) for different attack vectors, particularly for clients-only attack (ap-less).

I found previous examples, but in the newest hcxdumptool the options have been changed.
https://hashcat.net/forum/thread-9639-po...l#pid50750
https://hashcat.net/forum/thread-6661-po...l#pid52103
Code:
$ sudo hcxdumptool -i INTERFACENAME  --rds=1  --attemptapmax=0 -t 120

See hcxdumptool --help for more information.
Code:
sudo hcxdumptool -i wlan0 -w dump.pcapng --attemptapmax=0 --attemptclientmax=0

Sorry for the question, but will the above options run hcxdumptool (ver6.3.1) as a passive dumper?
If not, please correct me.
Yes, I read the help, but sometimes what is obvious to the Author isn't always obvious to others.
No, beacause hcxdumptool still transmit its own BEACON.

This must be disabled, too:
Code:
$ sudo hcxdumptool -i wlan0 -w dump.pcapng --attemptapmax=0 --attemptclientmax=0 --disable_beacon

or on latest git head (>= 6.3.1-65-ge3c196e) additional option:
Code:
$ sudo hcxdumptool -i wlan0 -w dump.pcapng --attemptapmax=0 --attemptclientmax=0 --beacontx=0

To monitor outgoing packets run tshark in parallel on the same interface:
Code:
$ tshark -i wlan0 -Y "radiotap.present.dbm_antsignal == 0"

or run WireShark in parallel on the same interface and apply display filter:
Code:
radiotap.present.dbm_antsignal == 0