hashcat Forum
hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html)



RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-08-2019

I saw people using Wlandump instead hcxdumptool.. any difference on the output?
wlandump-ng is the predecessor of hcxdumptool. It has less functions and it depend on libpcap. That make it slow.
hcxdumptool doesn't depend on libnl, libpcap, wiringpi and other wrappers. That will make it fast.

Could be possible to create a minimal raspberry distro just for hcxtools and access via ssh only?
Yes. This is a backup of my headless system, controlled via ssh:
$ ls -All
total 477912
-rw-r--r-- 1 root root 21043310 5. Jun 17:41 rpiboot.tgz
-rw-r--r-- 1 root root 468330646 5. Jun 17:43 rpiroot.tgz

from this base system:
ArchLinuxARM-rpi-latest.tar.gz 02-Jun-2019 17:47 43059753

No, beautiful GUI, no unnecessary tools - only speed!

BTW:
The gz files doesn't contain images. I don't like the idea to backup a system by "dd".


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-08-2019

Seems that closing the ssh window from a terminal stops the process on the raspberry. Any other way to keep it alive ?


-- thanks, working great on the background.


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-08-2019

run it as background task
$ hcxdumptool -i interface ..... &


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-08-2019

Is any 5ghz dongle working good with hcxtools?
Im about to buy a dongle for another setup cause my AWUS 036AC from Alfa seems not to work.


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-08-2019

TP-LINK Archer T2UH
ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G WLAN Adapter)

$ hcxdumptool -I
wlan interfaces:
503eaaa08f6f wlp3s0f0u10u2 (mt76x0u)

$ hcxdumptool -i wlp3s0f0u10u2 -C
initialization...
available channels:
 1 / 2412MHz (14 dBm)
 2 / 2417MHz (14 dBm)
 3 / 2422MHz (14 dBm)
 4 / 2427MHz (14 dBm)
 5 / 2432MHz (14 dBm)
 6 / 2437MHz (14 dBm)
 7 / 2442MHz (14 dBm)
 8 / 2447MHz (14 dBm)
 9 / 2452MHz (14 dBm)
10 / 2457MHz (14 dBm)
11 / 2462MHz (14 dBm)
12 / 2467MHz (14 dBm)
13 / 2472MHz (14 dBm)
14 / 2484MHz (14 dBm)
36 / 5180MHz (17 dBm)
40 / 5200MHz (17 dBm)
44 / 5220MHz (17 dBm)
48 / 5240MHz (17 dBm)
52 / 5260MHz (17 dBm)
56 / 5280MHz (17 dBm)
60 / 5300MHz (17 dBm)
64 / 5320MHz (17 dBm)
100 / 5500MHz (17 dBm)
104 / 5520MHz (17 dBm)
108 / 5540MHz (17 dBm)
112 / 5560MHz (17 dBm)
116 / 5580MHz (17 dBm)
120 / 5600MHz (17 dBm)
124 / 5620MHz (17 dBm)
128 / 5640MHz (17 dBm)
132 / 5660MHz (17 dBm)
136 / 5680MHz (17 dBm)
140 / 5700MHz (17 dBm)
149 / 5745MHz (17 dBm)
153 / 5765MHz (17 dBm)
157 / 5785MHz (17 dBm)
161 / 5805MHz (17 dBm)
165 / 5825MHz (17 dBm)


Requirement: new kernel!
$ uname -r
5.1.7-arch1-1-ARCH


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-09-2019

Just being wondering.. what do you use the gpio_button for? its a trigger?
BTW Im looking for the --enable_status values and cant find the meaning of each. any guide?


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-09-2019

If you take a look at this photo:
https://github.com/ZerBea/hcxdumptool/wiki/Penetration-testing-system-1
You'll see a "push button" and a LED.

Both are used to control the RPI.
The push button is used to safely shut the RPI down.
The LED is used to indicate the status.
LED flashing every 5 seconds: everything's fine
LED permanent on: no signal received - perhaps no traffic on the channel or driver broken
LED flashing twice every 5 seconds: RPI is under control of hcxpioff

circuit diagram is here:
https://github.com/ZerBea/hcxdumptool/tree/master/docs

--enable_status is explained in --help
--enable_status=<digit>            : enable status messages
                                    bitmask:
                                     1: EAPOL
                                     2: PROBEREQUEST/PROBERESPONSE
                                     4: AUTHENTICATON
                                     8: ASSOCIATION
                                    16: BEACON

We use a bitmask to select the options.

For example:
--enable_status=1 : show only EAPOL info
--enable_status=2 : show only PROBEREQUEST/PROBERESPONSE

to get both messages you must add the values:
--enable_status=3 : show EAPOL info and PROBEREQUEST/PROBERESPONSE info

That's the "secret" of the --enable_status switch. In other words we can use many options running a single switch.

BTW:
Sent you a PM.


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-09-2019

ASUS AC51:
ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U]

$ hcxdumptool -I
wlan interfaces:
0c9d92b486ca wlp0s20f0u1 (mt76x0u)

$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
1 / 2412MHz (16 dBm)
2 / 2417MHz (16 dBm)
3 / 2422MHz (16 dBm)
4 / 2427MHz (16 dBm)
5 / 2432MHz (16 dBm)
6 / 2437MHz (16 dBm)
7 / 2442MHz (16 dBm)
8 / 2447MHz (16 dBm)
9 / 2452MHz (16 dBm)
10 / 2457MHz (16 dBm)
11 / 2462MHz (16 dBm)
12 / 2467MHz (16 dBm)
13 / 2472MHz (16 dBm)
14 / 2484MHz (16 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)

$ uname -r
5.1.7-arch1-1-ARCH


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-09-2019

Edimax EW-7811UAC
ID 7392:a812 Edimax Technology Co., Ltd

$ hcxdumptool -I
wlan interfaces:
74da380645e7 wlp0s20f0u1 (rtl88xxau)

$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
1 / 2412MHz (18 dBm)
2 / 2417MHz (18 dBm)
3 / 2422MHz (18 dBm)
4 / 2427MHz (18 dBm)
5 / 2432MHz (18 dBm)
6 / 2437MHz (18 dBm)
7 / 2442MHz (18 dBm)
8 / 2447MHz (18 dBm)
9 / 2452MHz (18 dBm)
10 / 2457MHz (18 dBm)
11 / 2462MHz (18 dBm)
12 / 2467MHz (18 dBm)
13 / 2472MHz (18 dBm)
14 / 2484MHz (18 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
144 / 5720MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)
169 / 5845MHz (18 dBm)
173 / 5865MHz (18 dBm)

$ uname -r
5.1.7-arch1-1-ARCH

Running not out of the box. Get driver from here:
https://github.com/aircrack-ng/rtl8812au

aircrack-ng team is doing a really good job here!


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-09-2019

So, my awus036ac should work too, as they share the driver. Is it necessary to start airmon-ng on the interface before hcxdumptool?
I'm doing it, but don't know if it's right.