hashcat Forum
hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html)



RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 01-14-2020

@WPA_Catcher nice suggestion, but not the philosophy of Arch Linux:
"Arch Linux adheres to five principles: simplicity, modernity, pragmatism, user centrality and versatility. In general, the principles maintain minimal distribution-specific changes, minimal breakage with updates, pragmatic over ideological design choices, user-friendliness, and minimal bloat."
hcxtools/hcxdumptool/hcxkeys are part of Arch Linux:
https://www.archlinux.org/packages/?q=hcx

From README.md:
Multiple stand-alone binaries - designed to run on Arch Linux.

No chance for old tools working on old formats, only. I leave a limited option to convert to this old formats, but not more.

And, of course, the Unix philosophy, too (Linux is similar):
https://en.wikipedia.org/wiki/Unix_philosophy


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - WPA_Catcher - 01-14-2020

OK, no problem.
I just thought it would have been something you might have liked.
I am still learning in my spare time. Smile


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 01-14-2020

Well, I'm retired, but I am still learning something new, too.


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - strike1953 - 01-14-2020

(01-14-2020, 06:31 PM)ZerBea Wrote: Well, not easy to explain:
https://www.kernel.org/doc/html/v4.17/process/submitting-patches.html
But in simple words, it works like this procedure:
First step is to report an issue (if it is related to the kernel and not not to your distribution) here:
https://bugzilla.kernel.org
Next step is to wait for a fix/patch and to test it.
Third step is to wait until the fix reach the mainline kernel.
Last step is to wait until the (fixed) mainline kernel reach your distribution.

So, patience issue or change my wifi adapter


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 01-14-2020

Patience....
example:
issue reported: 2019-10-24 08:50:38
https://bugzilla.kernel.org/show_bug.cgi?id=205305
received patch: 2019-10-28 11:59:09
https://bugzilla.kernel.org/show_bug.cgi?id=205305#c2
tested patch: 2019-10-28 12:49:18
https://bugzilla.kernel.org/show_bug.cgi?id=205305#c3
...
waiting for Kernel....
$ hcxdumptool -I
wlan interfaces:
503eaa1c3eab wlan0 (usb)

$ uname -r
5.4.11-arch1-1

so, not arrived, yet!


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - WPA_Catcher - 01-14-2020

Ah you’re retired, I wondered how you were working on hcxtools so quickly.

As I am stuck with old formats I have always been concerned any capture I have may be unbreakable due to error/corruption and not password strength.

I understand all hcxtools are unlikely to produce an uncrackable hash which is due to error.  Are we allowed to know how you do this?  Is there a pdf or something explaining it?

As part of my learning I would like to look through a capture with wireshark and see if I can manually fix broken caps.

Also is there a gradient of good - excellent within hcxtools of the likely-hood of the hash being crackable?  What I am trying to ask is if there are several text hashes (new format) within the output for the same AP - Client is there a way for the user to pick the best option?

Thanks


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 01-14-2020

Before you start with Wireshark, take a look at the basics of 802.11
here:
https://en.wikipedia.org/wiki/802.11_Frame_Types
Than dive into the study guide here:
https://mrncciew.com/tag/802-11-overview/
Start with a simple frame here:
https://mrncciew.com/2014/10/08/802-11-mgmt-beacon-frame/
Find it in your sample cap, using Wireshark.
Understand the information elements (IE) inside the frame and how a CLIENT acts, if he received this frame.
Do this on all frames of an authentication process:
Beacon
Proberequest
Proberesponse
Authentication
Association request
Association response
M1
M2
M3
M4
Investigate, why some APs transmitting/requesting additional frames (e.g.: action frames during an authentication)

Read about EAPOL TIMER here:
https://www.researchgate.net/publication/3434048_Effects_of_the_EAPOL_timers_in_IEEE_8021X_authentication
What is their purpose, what will happen if a timer expire - and you will know why some of your converted handshakes are not recoverable.

If we include the radio part (HF) some knowledge about radio basics isn't so bad, too:
radio transmission power
antenna types
wave propagation
radio phase shift
radio modulation types


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - WPA_Catcher - 01-15-2020

Thank you!


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 01-15-2020

Don't thank me. That are only the basics.
Next part is to understand RSN-IE and WPA-IE. How do they affect the following EAP authentication.
Why isn't it enough to capture a BEACON and M2M3 (discover the difference between RSN-IE/WPA-IE of a BEACON and RSN-IE/WPA-IE of an ASSOCIATION REQUEST) within the same authentication sequence.
What is EAP, EXPANDED EAP, EAPOL.
What is the function of AKM PSK/PSK256 and how does it affect calculation of the PMK.
And much more...


RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 01-19-2020

There is no need to run hcxtools on the new hashline format. Nearly every bash cmd is working on the new hashline:

e.g. running a simple bash line will give you the ESSID in ASCII format:
cat test.22000 | awk 'BEGIN { FS = "*" } ; { print $6 }' | perl -pe 's/(..)/chr(hex($1))/ge'