+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: simple hccapx(2500) to 22000 converter python script (/thread-11417.html)
simple hccapx(2500) to 22000 converter python script - sleshep - 05-05-2023
https://gist.github.com/sleshep/eba782703d3be4d95ba14765705f647d
Code:
import sys
import os
import struct
def main():
if len(sys.argv) != 2:
print("Usage: python convert_hccapx_to_22000.py <input_hccapx_file>")
sys.exit(1)
input_file = sys.argv[1]
if not os.path.isfile(input_file):
print(f"Error: File '{input_file}' does not exist.")
sys.exit(1)
with open(input_file, "rb") as f:
data = f.read()
def get_data(fmt, data):
result = struct.unpack(fmt, data)
# unpack the (som,) to som
if isinstance(result, tuple) and len(result) == 1:
result = result[0]
return result
"""
Field name Offsets (hex) Offsets (dec) Field description
signature 0x00 to 0x03 0 to 3 the signature (file magic) of .hccapx files, it is always the string HCPX
version 0x04 to 0x07 4 to 7 the version number of the .hccapx file format
message_pair 0x08 8 possible values range from 0 to 5 or 128 to 133 (see message_pair table below) 1
essid_len 0x09 9 the length of the network name (ESSID)
essid 0x0a to 0x29 10 to 41 the network name (ESSID)
keyver 0x2a 42 set to 1 if WPA is used, other values (preferably 2) means WPA2
keymic 0x2b to 0x3a 43 to 58 the actual hash value (MD5 for WPA, SHA1 for WPA2) truncated to 128 bit (16 bytes)
mac_ap 0x3b to 0x40 59 to 64 the mac address of the access point (BSSID)
nonce_ap 0x41 to 0x60 65 to 96 nonce (random salt) generated by the access point
mac_sta 0x61 to 0x66 97 to 102 the mac address of the client connecting to the access point
nonce_sta 0x67 to 0x86 103 to 134 nonce (random salt) generated by the client connecting to the access point
eapol_len 0x87 to 0x88 135 to 136 the length of the EAPOL
eapol 0x89 to 0x188 137 to 392 the EAPOL (max 256 bytes)
"""
signature: str = get_data('4s', data[0:4]) # type:ignore
if signature != b'HCPX':
print(f"Error: Invalid hccapx file.signature is {signature}")
sys.exit(1)
version: int = get_data('I', data[4:8]) # type:ignore
message_pair: int = get_data('B', data[8:9]) # type:ignore
essid_len: int = get_data('B', data[9:10]) # type:ignore
essid: bytes = get_data(
f'{essid_len}s', data[10:10+essid_len]) # type:ignore
keyver: int = get_data('B', data[42:43]) # type:ignore
keymic: bytes = get_data('16s', data[43:59]) # type:ignore
mac_ap: bytes = get_data('6s', data[59:65]) # type:ignore
nonce_ap: bytes = get_data('32s', data[65:97]) # type:ignore
mac_sta: bytes = get_data('6s', data[97:103]) # type:ignore
nonce_sta: bytes = get_data('32s', data[103:135]) # type:ignore
eapol_len: int = get_data('H', data[135:137]) # type:ignore
eapol: bytes = get_data(f'{eapol_len}s', data[137:137+eapol_len]) # type:ignore
"""
For developers
The new hash format 22000 in detail:
Code:
PROTOCOL*TYPE*PMKID/MIC*MACAP*MACCLIENT*ESSID*ANONCE*EAPOL*MESSAGEPAIR
PROTOCOL = Fixed string "WPA"
TYPE = 01 for PMKID, 02 for EAPOL
PMKID/MIC = PMKID if TYPE=01, MIC if TYPE=02
MACAP = MAC of AP
MACCLIENT = MAC of CLIENT
ESSID = network name (ESSID) in HEX
ANONCE = ANONCE
EAPOL = EAPOL (SNONCE is in here)
MESSAGEPAIR = Bitmask:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
3: x (unused)
4: ap-less attack (set to 1) - no nonce-error-corrections necessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary
"""
# Construct hashcat 22000 format string
protocol = "WPA"
pmkid_mic = keymic.hex()
type = "02"
if keyver == 1:
raise Exception("version 2 file not supported")
mac_ap_hex = mac_ap.hex()
mac_client_hex = mac_sta.hex()
essid_hex = essid.hex()
nonce_ap_hex = nonce_ap.hex()
eapol_hex = eapol.hex()
message_pair_hex = f"{message_pair:02x}"
print(f"{protocol}*{type}*{pmkid_mic}*{mac_ap_hex}*{mac_client_hex}*{essid_hex}*{nonce_ap_hex}*{eapol_hex}*{message_pair_hex}")
if __name__ == "__main__":
main()RE: simple hccapx(2500) to 22000 converter python script - marc1n - 05-05-2023
Works! ThX!
RE: simple hccapx(2500) to 22000 converter python script - ZerBea - 05-05-2023
Nice work.
By this portable tool, there is no longer need to run hashcat on ancient binary hccapx files.
RE: simple hccapx(2500) to 22000 converter python script - WPA_Catcher - 05-05-2023
(05-05-2023, 10:47 AM)ZerBea Wrote: Nice work.
By this portable tool, there is no longer need to run hashcat on ancient binary hccapx files.
For me there is a need to run ancient binary files.
hashcat will not work on old hardware such as my ancient graphics card. Without hcx still being able to convert to .hccap I would be priced out.
Thank you ZeroBeat for continuing to support .hccap and hccapx !
RE: simple hccapx(2500) to 22000 converter python script - ZerBea - 05-05-2023
Indeed, older hardware is a serious problem and it is becoming more and more difficult to support it.
A couple of hours ago I released hcxdumptool 6.3.0 (and hcxtools 6.3.0) according to the release of Linux kernel 6.3.0.
After I compiled kernel 6.3, I got this dmesg warning:
Code:
[ 2770.939021] warning: hcxdumptool uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211For the first time I noticed that when Arch Linux discontinued support for the ARMv5 and ARMv6 architectures, late 2022:
https://archlinuxarm.org/about
As I write this comment, Arch Linux is on
Code:
$ uname -r
6.3.1-arch1-1Code:
$ gcc -v
gcc version 13.1.1 20230429 (GCC)