+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html)
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-31-2019
Normally we wait up to 2 minutes to get a GPX fix. If we didn't get it, we deactivate GPS.
EDIT:
I pushed another update. Now we leave the GPS fix loop if we didn't receive a GPRMC sentence within the first 120 received sentences.
If we got no fix from the device, output looks like this (after the period of at least 2 minutes):
$ sudo hcxdumptool -i wlp3s0f0u2 --filtermode=1 --filterlist_ap=$HOME/Source/raspberry/filterlistap --filterlist_client=$HOME/Source/raspberry/filterlistap -o wpatst.pcapng --enable_status=1 --gps=/dev/ttyACM0
initialization...
waiting up to 2 minutes seconds to get GPS fix
GPS failed
start capturing (stop with ctrl+c)
NMEA 0183 RMC SENTENCE..: N/A
INTERFACE NAME..........: wlp3s0f0u2
INTERFACE HARDWARE MAC..: f81a67077d0e
DRIVER..................: ath9k_htc
DRIVER VERSION..........: 5.3.7-arch1-2-ARCH
DRIVER FIRMWARE VERSION.: 1.4
ERRORMAX................: 100 errors
FILTERLIST ACCESS POINT.: 2 entries
FILTERLIST CLIENT.......: 2 entries
FILTERMODE..............: 1
PREDEFINED ACCESS POINT.: 0 entries
MAC ACCESS POINT........: 0024fb4ff852 (incremented on every new client)
MAC CLIENT..............: b025aac72741
REPLAYCOUNT.............: 62055
ANONCE..................: e40324dcb9b9756550c299aefeb303b2e9b9e5c0813022ec3b82896d0397286e
SNONCE..................: 63d1afb26a112876a5905918510f06e7b50e969ff97695f12f54b0882106ca12
If we have a fix, output looks like this:
$ sudo hcxdumptool -i wlp3s0f0u2 --filtermode=1 --filterlist_ap=$HOME/Source/raspberry/filterlistap --filterlist_client=$HOME/Source/raspberry/filterlistap -o wpatst.pcapng --enable_status=1 --gps=/dev/ttyACM0
initialization...
waiting up to 2 minutes seconds to get GPS fix
start capturing (stop with ctrl+c)
NMEA 0183 RMC SENTENCE..: 091201.00,A,5010.15472,N,00642.51819,E,0.105,,311019,,,A*77
INTERFACE NAME..........: wlp3s0f0u2
INTERFACE HARDWARE MAC..: f81a67077d0e
DRIVER..................: ath9k_htc
DRIVER VERSION..........: 5.3.7-arch1-2-ARCH
DRIVER FIRMWARE VERSION.: 1.4
ERRORMAX................: 100 errors
FILTERLIST ACCESS POINT.: 2 entries
FILTERLIST CLIENT.......: 2 entries
FILTERMODE..............: 1
PREDEFINED ACCESS POINT.: 0 entries
MAC ACCESS POINT........: 18421dd1f644 (incremented on every new client)
MAC CLIENT..............: b025aa72aee8
REPLAYCOUNT.............: 64626
ANONCE..................: 2784a27da917a4f61d5ae39b88cadd92e7db9edf0ca08fe22a84b67863e97fc6
SNONCE..................: ab5707d533d899b19258f9ea44abbb84970ad8c776b0172c3d0e9fbe43427d67
Do we get a NMEA 0183 recommended minimum sentence (starting with: $GPRMC):
$GPRMC,091201.00,A,5010.15472,N,00642.51819,E,0.105,,311019,,,A*77
running this command:
cat /dev/ttyUSB0
hcxdumptool doesn't set the device to NMEA 0183. That must be done by user.
Examples of the most common sentences can be found here:
https://en.wikipedia.org/wiki/NMEA_0183
BTW:
hcxpcaptool isn't ready for hcxdumptool v6.0.0. There is still some work to do (on both tools).
I pushed this early alfa to allow wifite2 to test the new features:
https://github.com/kimocoder/wifite2/issues/1#issuecomment-548249943
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - strike1953 - 10-31-2019
(10-31-2019, 11:22 AM)ZerBea Wrote: Normally we wait up to 2 minutes to get a GPX fix. If we didn't get it, we deactivate GPS.
EDIT:
I pushed another update. Now we leave the GPS fix loop if we didn't receive a GPRMC sentence within the first 120 received sentences.
If we got no fix from the device, output looks like this (after the period of at least 2 minutes):
$ sudo hcxdumptool -i wlp3s0f0u2 --filtermode=1 --filterlist_ap=$HOME/Source/raspberry/filterlistap --filterlist_client=$HOME/Source/raspberry/filterlistap -o wpatst.pcapng --enable_status=1 --gps=/dev/ttyACM0
initialization...
waiting up to 2 minutes seconds to get GPS fix
GPS failed
start capturing (stop with ctrl+c)
NMEA 0183 RMC SENTENCE..: N/A
INTERFACE NAME..........: wlp3s0f0u2
INTERFACE HARDWARE MAC..: f81a67077d0e
DRIVER..................: ath9k_htc
DRIVER VERSION..........: 5.3.7-arch1-2-ARCH
DRIVER FIRMWARE VERSION.: 1.4
ERRORMAX................: 100 errors
FILTERLIST ACCESS POINT.: 2 entries
FILTERLIST CLIENT.......: 2 entries
FILTERMODE..............: 1
PREDEFINED ACCESS POINT.: 0 entries
MAC ACCESS POINT........: 0024fb4ff852 (incremented on every new client)
MAC CLIENT..............: b025aac72741
REPLAYCOUNT.............: 62055
ANONCE..................: e40324dcb9b9756550c299aefeb303b2e9b9e5c0813022ec3b82896d0397286e
SNONCE..................: 63d1afb26a112876a5905918510f06e7b50e969ff97695f12f54b0882106ca12
If we have a fix, output looks like this:
$ sudo hcxdumptool -i wlp3s0f0u2 --filtermode=1 --filterlist_ap=$HOME/Source/raspberry/filterlistap --filterlist_client=$HOME/Source/raspberry/filterlistap -o wpatst.pcapng --enable_status=1 --gps=/dev/ttyACM0
initialization...
waiting up to 2 minutes seconds to get GPS fix
start capturing (stop with ctrl+c)
NMEA 0183 RMC SENTENCE..: 091201.00,A,5010.15472,N,00642.51819,E,0.105,,311019,,,A*77
INTERFACE NAME..........: wlp3s0f0u2
INTERFACE HARDWARE MAC..: f81a67077d0e
DRIVER..................: ath9k_htc
DRIVER VERSION..........: 5.3.7-arch1-2-ARCH
DRIVER FIRMWARE VERSION.: 1.4
ERRORMAX................: 100 errors
FILTERLIST ACCESS POINT.: 2 entries
FILTERLIST CLIENT.......: 2 entries
FILTERMODE..............: 1
PREDEFINED ACCESS POINT.: 0 entries
MAC ACCESS POINT........: 18421dd1f644 (incremented on every new client)
MAC CLIENT..............: b025aa72aee8
REPLAYCOUNT.............: 64626
ANONCE..................: 2784a27da917a4f61d5ae39b88cadd92e7db9edf0ca08fe22a84b67863e97fc6
SNONCE..................: ab5707d533d899b19258f9ea44abbb84970ad8c776b0172c3d0e9fbe43427d67
Do we get a NMEA 0183 recommended minimum sentence (starting with: $GPRMC):
$GPRMC,091201.00,A,5010.15472,N,00642.51819,E,0.105,,311019,,,A*77
running this command:
cat /dev/ttyUSB0
hcxdumptool doesn't set the device to NMEA 0183. That must be done by user.
Examples of the most common sentences can be found here:
https://en.wikipedia.org/wiki/NMEA_0183
BTW:
hcxpcaptool isn't ready for hcxdumptool v6.0.0. There is still some work to do (on both tools).
I pushed this early alfa to allow wifite2 to test the new features:
https://github.com/kimocoder/wifite2/issues/1#issuecomment-548249943
OK, thank vey much
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - strike1953 - 12-27-2019
Hello, hcxdumptool 5.2.2 y hcxcaptool 5.2.2 no working gps
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 12-27-2019
Please try hcxdumptool v6.0.0 in combination with latest git head hcxpcapngtool.
hcxdumptool GPS options:
--use_gps_device=<device> : use GPS device
/dev/ttyACM0, /dev/ttyUSB0, ...
NMEA 0183 $GPGGA $GPGGA
--use_gpsd : use GPSD device
NMEA 0183 $GPGGA, $GPRMC
--nmea=<file> : save track to file
format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
to convert it to gpx, use GPSBabel:
gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
to display the track, open file.gpx with viking
If you use GPS, make sure GPS device is in fix, before you start hcxdumptool
hcxpcapngtool GPS options:
--nmea=<file> : output GPS data in NMEA format
format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
to convert it to gpx, use GPSBabel:
gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
to display the track, open file.gpx with viking
Test your GPS device:
$ lsusb
Bus 001 Device 009: ID 1546:01a7 U-Blox AG [u-blox 7]
Get information about the device
$ dmesg
[ 3954.212690] usb 1-3: new full-speed USB device number 9 using xhci_hcd
[ 3954.353840] usb 1-3: New USB device found, idVendor=1546, idProduct=01a7, bcdDevice= 1.00
[ 3954.353851] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 3954.353857] usb 1-3: Product: u-blox 7 - GPS/GNSS Receiver
[ 3954.353862] usb 1-3: Manufacturer: u-blox AG - www.u-blox.com
[ 3954.379328] cdc_acm 1-3:1.0: ttyACM0: USB ACM device
receive GPS data from the device (/dev/.... depend on your device/port)
$ cat /dev/ttyACM0
now GPS data should appear
$GPTXT,01,01,02,u-blox ag - www.u-blox.com*50
$GPTXT,01,01,02,HW UBX-G70xx 00070000 *77
$GPTXT,01,01,02,ROM CORE 1.00 (59842) Jun 27 2012 17:43:52*59
$GPTXT,01,01,02,PROTVER 14.00*1E
$GPTXT,01,01,02,ANTSUPERV=AC SD PDoS SR*20
$GPTXT,01,01,02,ANTSTATUS=OK*3B
$GPTXT,01,01,02,LLC FFFFFFFF-FFFFFFED-FFFFFFFF-FFFFFFFF-FFFFFFF9*50
$GPRMC,,V,,,,,,,,,,N*53
wait until you get a fix (GPRMC and GPGGA is not longer empty)
if you don't receive GPS data running $ cat, your device isn't suitable or not working as expected.
GPWPL is calculated by hcxdumptool and hcxpcapngtool for every transmitter.
now run hcxdumptool with option:
--use_gps_device=/dev/ttyACM0
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - strike1953 - 12-27-2019
(12-27-2019, 08:13 PM)ZerBea Wrote: Please try hcxdumptool v6.0.0 in combination with latest git head hcxpcapngtool.
hcxdumptool GPS options:
--use_gps_device=<device> : use GPS device
/dev/ttyACM0, /dev/ttyUSB0, ...
NMEA 0183 $GPGGA $GPGGA
--use_gpsd : use GPSD device
NMEA 0183 $GPGGA, $GPRMC
--nmea=<file> : save track to file
format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
to convert it to gpx, use GPSBabel:
gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
to display the track, open file.gpx with viking
If you use GPS, make sure GPS device is in fix, before you start hcxdumptool
hcxpcapngtool GPS options:
--nmea=<file> : output GPS data in NMEA format
format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
to convert it to gpx, use GPSBabel:
gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
to display the track, open file.gpx with viking
Test your GPS device:
$ lsusb
Bus 001 Device 009: ID 1546:01a7 U-Blox AG [u-blox 7]
Get information about the device
$ dmesg
[ 3954.212690] usb 1-3: new full-speed USB device number 9 using xhci_hcd
[ 3954.353840] usb 1-3: New USB device found, idVendor=1546, idProduct=01a7, bcdDevice= 1.00
[ 3954.353851] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 3954.353857] usb 1-3: Product: u-blox 7 - GPS/GNSS Receiver
[ 3954.353862] usb 1-3: Manufacturer: u-blox AG - www.u-blox.com
[ 3954.379328] cdc_acm 1-3:1.0: ttyACM0: USB ACM device
receive GPS data from the device (/dev/.... depend on your device/port)
$ cat /dev/ttyACM0
now GPS data should appear
$GPTXT,01,01,02,u-blox ag - www.u-blox.com*50
$GPTXT,01,01,02,HW UBX-G70xx 00070000 *77
$GPTXT,01,01,02,ROM CORE 1.00 (59842) Jun 27 2012 17:43:52*59
$GPTXT,01,01,02,PROTVER 14.00*1E
$GPTXT,01,01,02,ANTSUPERV=AC SD PDoS SR*20
$GPTXT,01,01,02,ANTSTATUS=OK*3B
$GPTXT,01,01,02,LLC FFFFFFFF-FFFFFFED-FFFFFFFF-FFFFFFFF-FFFFFFF9*50
$GPRMC,,V,,,,,,,,,,N*53
wait until you get a fix (GPRMC and GPGGA is not longer empty)
if you don't receive GPS data running $ cat, your device isn't suitable or not working as expected.
GPWPL is calculated by hcxdumptool and hcxpcapngtool for every transmitter.
now run hcxdumptool with option:
--use_gps_device=/dev/ttyACM0
Thank you, I'll try
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 12-27-2019
I decided to add "raw" NMEA support, because I noticed that, if you use GPSD and GPSD hangs, hcxdumptool will hang too.
On the other side, NMEA sentences can be converted to every format, by GPSBabel and displayed by Viking
Overview of NMEA:
https://www.gpsinformation.org/dale/nmea.htm
http://aprs.gids.nl/nmea/
Overview GPSBabel:
https://www.gpsbabel.org/
Overview Viking:
https://sourceforge.net/projects/viking/
if you're using Arch Linux, the tools can be installed by pacman -S viking gpsbabel
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - strike1953 - 12-28-2019
(12-27-2019, 10:04 PM)strike1953 Wrote:(12-27-2019, 08:13 PM)ZerBea Wrote: Please try hcxdumptool v6.0.0 in combination with latest git head hcxpcapngtool.
hcxdumptool GPS options:
--use_gps_device=<device> : use GPS device
/dev/ttyACM0, /dev/ttyUSB0, ...
NMEA 0183 $GPGGA $GPGGA
--use_gpsd : use GPSD device
NMEA 0183 $GPGGA, $GPRMC
--nmea=<file> : save track to file
format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
to convert it to gpx, use GPSBabel:
gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
to display the track, open file.gpx with viking
If you use GPS, make sure GPS device is in fix, before you start hcxdumptool
hcxpcapngtool GPS options:
--nmea=<file> : output GPS data in NMEA format
format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
to convert it to gpx, use GPSBabel:
gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
to display the track, open file.gpx with viking
Test your GPS device:
$ lsusb
Bus 001 Device 009: ID 1546:01a7 U-Blox AG [u-blox 7]
Get information about the device
$ dmesg
[ 3954.212690] usb 1-3: new full-speed USB device number 9 using xhci_hcd
[ 3954.353840] usb 1-3: New USB device found, idVendor=1546, idProduct=01a7, bcdDevice= 1.00
[ 3954.353851] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 3954.353857] usb 1-3: Product: u-blox 7 - GPS/GNSS Receiver
[ 3954.353862] usb 1-3: Manufacturer: u-blox AG - www.u-blox.com
[ 3954.379328] cdc_acm 1-3:1.0: ttyACM0: USB ACM device
receive GPS data from the device (/dev/.... depend on your device/port)
$ cat /dev/ttyACM0
now GPS data should appear
$GPTXT,01,01,02,u-blox ag - www.u-blox.com*50
$GPTXT,01,01,02,HW UBX-G70xx 00070000 *77
$GPTXT,01,01,02,ROM CORE 1.00 (59842) Jun 27 2012 17:43:52*59
$GPTXT,01,01,02,PROTVER 14.00*1E
$GPTXT,01,01,02,ANTSUPERV=AC SD PDoS SR*20
$GPTXT,01,01,02,ANTSTATUS=OK*3B
$GPTXT,01,01,02,LLC FFFFFFFF-FFFFFFED-FFFFFFFF-FFFFFFFF-FFFFFFF9*50
$GPRMC,,V,,,,,,,,,,N*53
wait until you get a fix (GPRMC and GPGGA is not longer empty)
if you don't receive GPS data running $ cat, your device isn't suitable or not working as expected.
GPWPL is calculated by hcxdumptool and hcxpcapngtool for every transmitter.
now run hcxdumptool with option:
--use_gps_device=/dev/ttyACM0
Thank you, I'll try
Working!!!!!!!
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 12-28-2019
Nice to hear that.
Please try the new hasline, too (latest git head on all tools -option 22000):
hcxdumptool -> hcxpcangtool -o new.22000 -> hashcat -m 22000 new.22000 wordlist
It works like a charm. Atom did an amazing job.
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - strike1953 - 12-30-2019
(12-28-2019, 01:14 PM)ZerBea Wrote: Nice to hear that.
Please try the new hasline, too (latest git head on all tools -option 22000):
hcxdumptool -> hcxpcangtool -o new.22000 -> hashcat -m 22000 new.22000 wordlist
It works like a charm. Atom did an amazing job.
Wonderfull, amazing job.
Congratulatios
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - Anonym0us_User - 01-04-2020
Can some one explain to me what is in help_crack.py how it works exactly and what it is doing to better understand how I might integrate this into subsequent processes carried out by Wifite 2. It is my understanding it runs hashcat but because the process is not independently ran by hcxtools itself the scan, capture and dump files are polluted in a sense and limit effect cracking using the online API to onlinehashcrack AWS servers running GPU driven attack vectors.