+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html)
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-24-2020
Please specify the "invalid channel message" (exact output of hcxdumptool).
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ciccio17 - 10-24-2020
hcxdumptool -i wlan0 -c xx
unknown channel selected
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-24-2020
Have you modified the default channel list as mentioned here:
https://hashcat.net/forum/thread-6661-post-50505.html#pid50505
You want channel 74 ( -c 74).
First hcxdumptool check if desired channel is in channel list here:
https://github.com/ZerBea/hcxdumptool/blob/master/hcxdumptool.c#L6430
The allowed channel are here:
https://github.com/ZerBea/hcxdumptool/blob/master/hcxdumptool.c#L226
channel 74 is not in this list, so you receive an error.
The default frequencies are here:
https://github.com/ZerBea/hcxdumptool/blob/master/hcxdumptool.c#L6464
They depend on standard 802.11 as mentioned here:
https://en.wikipedia.org/wiki/List_of_WLAN_channels
If you have patched your firmware and/or your driver the values inside this functions must match to the values of your patched firmware/driver!
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-24-2020
After some more investigation, I found this in ath9k/common-init.c:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/net/wireless/ath/ath9k/common-init.c?h=v5.8.16
Code:
/* Some 2 GHz radios are actually tunable on 2312-2732
* on 5 MHz steps, we support the channels which we know
* we have calibration data for all cards though to make
* this static */It's time to play around with an Atheros device:
Code:
$ lsusb
ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n
$ hcxdumptool -I
wlan interfaces:
f81a67077d0e wlp39s0f3u1u1u2 (ath9k_htc)hcxdumptool showing available channels as coded in ath9k/common-init.c:
Code:
static const struct ieee80211_channel ath9k_2ghz_chantable[] = {
CHAN2G(2412, 0), /* Channel 1 */
CHAN2G(2417, 1), /* Channel 2 */
CHAN2G(2422, 2), /* Channel 3 */
CHAN2G(2427, 3), /* Channel 4 */
CHAN2G(2432, 4), /* Channel 5 */
CHAN2G(2437, 5), /* Channel 6 */
CHAN2G(2442, 6), /* Channel 7 */
CHAN2G(2447, 7), /* Channel 8 */
CHAN2G(2452, 8), /* Channel 9 */
CHAN2G(2457, 9), /* Channel 10 */
CHAN2G(2462, 10), /* Channel 11 */
CHAN2G(2467, 11), /* Channel 12 */
CHAN2G(2472, 12), /* Channel 13 */
CHAN2G(2484, 13), /* Channel 14 */
};
$ sudo hcxdumptool -i wlp39s0f3u1u1u2 -C
initialization...
available channels:
1 / 2412MHz (20 dBm)
2 / 2417MHz (20 dBm)
3 / 2422MHz (20 dBm)
4 / 2427MHz (20 dBm)
5 / 2432MHz (20 dBm)
6 / 2437MHz (20 dBm)
7 / 2442MHz (20 dBm)
8 / 2447MHz (20 dBm)
9 / 2452MHz (20 dBm)
10 / 2457MHz (20 dBm)
11 / 2462MHz (20 dBm)
12 / 2467MHz (20 dBm)
13 / 2472MHz (20 dBm)
14 / 2484MHz (20 dBm)
terminating...By latest commit, I added support for additional 2.4GHz channels 15...33 (ath9k driver modification mandatory)
Code:
-c <digit> : set channel (1,2,3, ...)
default channels: 1...13
maximum entries: 127
allowed channels (depends on the device):
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33 (driver modification)
36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 68, 96
100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128
132, 134, 136, 138, 140, 142, 144, 149, 151, 153, 155, 157, 159
161, 165, 169, 173Channellist according to The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) channel patch:
https://github.com/0x90/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)-scripts/blob/master/patches/ath9k-htc-channels-unlock.patch
Code:
CHAN2G(2407, 14)
CHAN2G(2402, 15)
CHAN2G(2397, 16)
CHAN2G(2392, 17)
CHAN2G(2387, 18)
CHAN2G(2382, 19)
CHAN2G(2377, 20)
CHAN2G(2372, 21)
CHAN2G(2367, 22)
CHAN2G(2362, 23)
CHAN2G(2357, 24)
CHAN2G(2352, 25)
CHAN2G(2347, 26)
CHAN2G(2342, 27)
CHAN2G(2337, 28)
CHAN2G(2332, 29)
CHAN2G(2327, 30)
CHAN2G(2322, 31)
CHAN2G(2317, 32)
CHAN2G(2312, 33)RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ciccio17 - 10-24-2020
hi zerbea, i can send you the patch i used for my spectrum
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-24-2020
Thanks, but I don't need it.
Please test latest git head. I need the exact output of hcxdumptool -i interface -C
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ciccio17 - 10-24-2020
so i should switch radio? i need work with 2.4 ghz?
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-24-2020
No, not necessary. I'll dive into the driver code and rewrite hcxdumptool channel behavior. First on 2.4GHz - maybe I need some additional information on 5GHz later on. Thanks
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ciccio17 - 10-24-2020
ok talk later i need go now. anyway last git show
hcxdumptool -i wlan0 -C
initialization...
interface is already in monitor mode
available channels:
1 / 2412MHz (26 dBm)
2 / 2417MHz (26 dBm)
3 / 2422MHz (26 dBm)
4 / 2427MHz (26 dBm)
5 / 2432MHz (26 dBm)
6 / 2437MHz (26 dBm)
7 / 2442MHz (26 dBm)
8 / 2447MHz (26 dBm)
9 / 2452MHz (26 dBm)
10 / 2457MHz (26 dBm)
11 / 2462MHz (26 dBm)
12 / 2467MHz (26 dBm)
13 / 2472MHz (26 dBm)
14 / 2484MHz (26 dBm)
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-24-2020
Ok, thanks.
By latest commit, default channels are not longer hard coded. Instead hcxdumptool take the channel from -c option and see if the driver is able to set it.