hashcat Forum
format of hash mode 22001 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: format of hash mode 22001 (/thread-11616.html)



format of hash mode 22001 - blnprasad - 09-21-2023

Hi,
     I'm finding that there is detailed explanation of  hashmode 22000 like below but not for 22001

WPA*01*PMKID*MAC_AP*MAC_CLIENT*ESSID***MESSAGEPAIR
WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR

What's the format for hashmode 22001? 
I have details of MIC, MAC_AP, MAC_CLIENT, ESSID, NONCE_AP, EAPOL_CLIENT, and M2 message. How do i fit this info into hashmode 22001 format?

Please do the needful.


RE: format of hash mode 22001 - ZerBea - 09-22-2023

Both formats take the same hash line (WPA*01 or WPA*02) as hash input.

The difference is described here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Code:
Difference between hash mode 22000 and hash mode 22001:

    Use hash mode 22000 to recover a Pre-Shared-Key (PSK). Length of a PSK can be 8 up to 63 characters
    Use hash mode 22001 to verify an existing (pre-calculated) Plain Master Key (PMK). Length of a PMK is always 64 xdigits



RE: format of hash mode 22001 - ly88888 - 01-06-2024

(09-22-2023, 08:46 PM)ZerBea Wrote: Both formats take the same hash line (WPA*01 or WPA*02) as hash input.

The difference is described here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Code:
Difference between hash mode 22000 and hash mode 22001:

    Use hash mode 22000 to recover a Pre-Shared-Key (PSK). Length of a PSK can be 8 up to 63 characters
    Use hash mode 22001 to verify an existing (pre-calculated) Plain Master Key (PMK). Length of a PMK is always 64 xdigits

I also don't understand how to use the 22001 mode, .cap is converted to .hc22000 online, and what happens after that?

Can I convert any existing .cap directly, or do I have to use your hcxdumptool to listen again?


RE: format of hash mode 22001 - ManuB1G - 01-06-2024

ly88888 dateline='[url=tel:1704516312' Wrote: 1704516312[/url]']

I also don't understand how to use the 22001 mode, .cap is converted to .hc22000 online, and what happens after that?

Can I convert any existing .cap directly, or do I have to use your hcxdumptool to listen again?

For 22001 you need to precalculate the pmk for an essid and passwords. This is only helpful if you have different hashes for the same ssid.
The steps to use this are:
Use wlangenpmkocl to get pmks from essid and passwordlist
Use  hashcat with 22001 hashfile pmklist as input


RE: format of hash mode 22001 - ly88888 - 01-07-2024

(01-06-2024, 04:37 PM)ManuB1G Wrote:
ly88888 dateline='[url=tel:1704516312' Wrote: 1704516312[/url]']

I also don't understand how to use the 22001 mode, .cap is converted to .hc22000 online, and what happens after that?

Can I convert any existing .cap directly, or do I have to use your hcxdumptool to listen again?

For 22001 you need to precalculate the pmk for an essid and passwords. This is only helpful if you have different hashes for the same ssid.
The steps to use this are:
Use wlangenpmkocl to get pmks from essid and passwordlist
Use  hashcat with 22001 hashfile pmklist as input

Does it mean that this data must be scraped while listening and cannot be extracted from the existing .cab? I just cracked it and haven't tried to scrape it yet, so I don't know much about it.thanks all!


RE: format of hash mode 22001 - ly88888 - 01-07-2024

(01-06-2024, 04:37 PM)ManuB1G Wrote:
ly88888 dateline='[url=tel:1704516312' Wrote: 1704516312[/url]']

I also don't understand how to use the 22001 mode, .cap is converted to .hc22000 online, and what happens after that?

Can I convert any existing .cap directly, or do I have to use your hcxdumptool to listen again?

For 22001 you need to precalculate the pmk for an essid and passwords. This is only helpful if you have different hashes for the same ssid.
The steps to use this are:
Use wlangenpmkocl to get pmks from essid and passwordlist
Use  hashcat with 22001 hashfile pmklist as input

What does it mean that this data has to be scraped while listening, and cannot be extracted from existing .cab? I just cracked it, and I haven't learned Xi and tried to listen yet, so I don't know much.
I simply understand that if the same wifi has changed the password, you can find out the pmk, and then use 22001?


RE: format of hash mode 22001 - ManuB1G - 01-08-2024

The PMK is a hash from ssid and the password. With 22000 this has to be calculated for each password - ssid is part of the capture. 
With 22001 you have to precalculate the pmk from one ssid and many passwords with an external tool like wlangenpmk and use this list as input to hashcat.
This does not save time if used only once, but for ssids with the same name (e.g. wlan1, wifi,…) this can speed up the process.