4-way handshaking vs hc22000 - Printable Version

4-way handshaking vs hc22000 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: 4-way handshaking vs hc22000 (/thread-11176.html)

4-way handshaking vs hc22000 - h9k - 12-09-2022

Hello,
I would like to understand how the hc22000 format result can be used to manual calculate the known PSK.

As we already known the hc22000 format is:
case#1 - WPA*01*PMKID*MAC_AP*MAC_CLIENT*ESSID***
case#2 - WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR

Manual check:
case#1 it is very simple to know if the PSK is right as we need to compare the PMKID in hc22000 file with the formula PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA), where PMK=PBKDF2(PSK, SSID, 4096,32))

case#2 I do not understand how hashcat can find the right PSK as the SNonce is missing in the hc22000
For the 4-Way handshake:
First there is a value called PMK. (PMK=PBKDF2(PSK, SSID, 4096,32)).
PTK is derived from PMK as follows:
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.

in the hc22000 case#2 the SNonce and data are not present!

Sorry if I post maybe a silly question but I would like to learn more. Can you please help?

Thanks!

RE: 4-way handshaking vs hc22000 - h9k - 12-23-2022

in general, how hashcat compare the list of PSK with the WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR in the hc22000 format?

What is the algorithm?

RE: 4-way handshaking vs hc22000 - ZerBea - 12-23-2022

This is done by three algorithms:

first: PBKDF2 to get the PMK from ESSID and PSK (on all versions WPA1, WPA2, WPA2 keyversion 3)
PMK = PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256)

second: HMAC to get the PTK from PMK, MAC_AP, MAC_CLIENT, ANONCE and SNONCE
HMAC-SHA1 to get the PTK (WPA1 and WPA2)
HMAC-SHA256 to get the PTK (WPA2 keyversion 3)

third: (HMAC or CMAC) to get the MIC (from PTK and entire EAPOL_CLIENT message [M2])
HMAC-MD5 to get the MIC (WPA1)
HMAC-SHA1 to get the MIC (WPA2)
CMAC AEC-128CBC toe get the MIC (WPA2 key version 3))

After this, the calculated MIC is compared to the MIC in field 3 of the hash line. If it matches, the PSK is correct.

RE: 4-way handshaking vs hc22000 - ZerBea - 12-23-2022

Your question is not silly. The entire 802.11 stuff is quite difficult to understand.
The SNONCE is not missing in a hc22000 line. It is inside the EAPOL field.
Example taken from here:
https://hashcat.net/wiki/doku.php?id=example_hashes

Code:
WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2

First some information about the hash line:

Code:
$ hcxhashtool -i test.hc22000 --info=stdout

SSID.......: TP-LINK_HASHCAT_TEST

MAC_AP.....: 6466b38ec3fc (TP-LINK TECHNOLOGIES CO.,LTD.)

MAC_CLIENT.: 225edc49b7aa (Unknown)

VERSION....: 802.1X-2001 (1)

KEY VERSION: WPA2

REPLAYCOUNT: 1

RC INFO....: NC suggested

MP M2M3 E2.: authorized

MIC........: 024022795224bffca545276c3762686f

HASHLINE...: WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2

EAPOL MESSAGE taken from field 8:

Code:
0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000

displayed in Wireshark format:

Code:
802.1X Authentication

    Version: 802.1X-2001 (1)

    Type: Key (3)

    Length: 117

    Key Descriptor Type: EAPOL RSN Key (2)

    [Message number: 2]

    Key Information: 0x010a

    Key Length: 0

    Replay Counter: 1

    WPA Key Nonce: 48ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171

    Key IV: 00000000000000000000000000000000

    WPA Key RSC: 0000000000000000

    WPA Key ID: 0000000000000000

    WPA Key MIC: 024022795224bffca545276c3762686f

    WPA Key Data Length: 22

    WPA Key Data: 30140100000fac040100000fac040100000fac028000

and final the calculated/confirmed keys:

Code:
$ hcxpmktool -l WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2 -p hashcat!

HASH FORMAT.: EAPOL (WPA*02)

ESSID.......: TP-LINK_HASHCAT_TEST

MAC_AP......: 6466b38ec3fc

MAC_CLIENT..: 225edc49b7aa

PSK.........: hashcat!

PMK.........: 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82 (calculated)

KEY VERSION.: WPA2

NONCE AP....: 10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e

NONCE CLIENT: 48ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171

KCK.........: 57d0f2ff5faef56f9b94390aebf4474d (calculated)

KEK.........: 9913af266f6e00225edc49b7aa6466b3 (calculated)

TK..........: 8ec3fc10e3be3b005a629e89de088d6a (calculated)

TKIP TX MIC.: 2fdc489db83ad476 (calculated)

TKIP RX MIC.: 4f2d186b9cde1544 (calculated)

MIC.........: 024022795224bffca545276c3762686f (confirmed)

PMKID.......: e7b71e94595346b4c5e084cbf7ac328e (calculated)

The PTK is composed of KCK + KEK + TK + TKIP TX MIC + TKIP RX MIC

Once we got the PMK, it is easy to calculate a matching PMKID, too.

confirm the PMK:

Code:
$ wlangenpmk -e TP-LINK_HASHCAT_TEST -p hashcat!

essid (networkname)....: TP-LINK_HASHCAT_TEST

password...............: hashcat!

plainmasterkey (SHA1)..: 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82

RE: 4-way handshaking vs hc22000 - Sairaj@2001 - 11-30-2023

I understood the whole stuff but didn't understood that how to know what is the hash type of my psk

I have WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR

Now how to determine the hash type as it is not recognised by hash identifier or any online tool ?
I want to brootforce the above .hc22000 file but without knowing the hash type/algorithm it will take more time.
So will u plzz let me know how to determine the hash algorithm of wpa2 .hc22000 .
I am sorry if I post an silly question.

RE: 4-way handshaking vs hc22000 - v71221 - 11-30-2023

You can upload hash to this site, for example
https://www.onlinehashcrack.com/hash-identification.php

For hash-mode 22000 it'll say
Your hash may be one of the following:
WPA PBKDF2 (PMKID/EAPOL)

In addition, hashcat tries to automatically detect the hash mode if you omit -m

Code:
Hash-mode was not specified with -m. Attempting to auto-detect hash mode.

The following mode was auto-detected as the only one matching your input hash:

22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocol

NOTE: Auto-detect is best effort. The correct hash-mode is NOT guaranteed!

Do NOT report auto-detect issues unless you are certain of the hash type.

Try to play with example hashes
https://hashcat.net/wiki/doku.php?id=example_hashes
Run this example:

Code:
hashcat -a 3 -m 22000 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2" "hashcat!"

RE: 4-way handshaking vs hc22000 - v71221 - 12-01-2023

Hope you understand.
If not, here's another example.
We know that the password consists of 8 digits, but we only know the last six digits.
The actual password is 12345678

Code:
hashcat -a 3 -m 22000 "WPA*01*ca5396d611cf330aebefd48ebbfb0e63*020000000001*020000000020*61703031***01"  "?d?d345678"

https://hashcat.net/wiki/doku.php?id=brute_force_attack