PBKDF2-HMAC-SHA1 format for WPA hex key

PBKDF2-HMAC-SHA1 format for WPA hex key - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: PBKDF2-HMAC-SHA1 format for WPA hex key (/thread-7450.html)

PBKDF2-HMAC-SHA1 format for WPA hex key - CryptoKiddie - 04-18-2018

Hello together,
I try since about 3 hours to crack a 4096 WPA-DK.
I used this website to generate a testhash:
ASCII-ESSID: "Testnetwork" == salt
ASCII-PSK: "12345678"
HEX-WPA-Key: "bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8"

I used the v1.00rc3 GUI with hashcat-4.1.0 (x64) to crack it but it won't work.
I don't know the expected input format, but I orientated myself on the example hashes and on this thread.
The example has (used it as shown below) was cracked very fast with a wordlist so I got the following information:

Code:
sha1:1000:MzU4NTA4MzIzNzA1MDQ=:19ofiY+ahBXhvkDsp0j2ww==

hash_type:bit_size:salt(b64):hash(unknown format)

Based in this information I entered my own string in 2 formats:

Code:
Plain:

sha1:4096:Testnetwork:bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8

hex key raw:

sha1:4096:VGVzdG5ldHdvcms=:bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8

hex key in base64:

sha1:4096:VGVzdG5ldHdvcms=:YmM5NzFmODE0ZDdiZDM3Zjc1MDJjYzY3NDA4YzRmMmM1YTA2ZTFiM2Q0OGRjMDQxZTQyYjU0NzgxNTRkZjFhOA==

Aditionally based on this post I modified the salt (ESSID) with a ":" at the end. In the post the seperator for John the Ripper is "$".

Code:
Plain:

sha1:4096:Testnetwork::bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8

hex key raw:

sha1:4096:VGVzdG5ldHdvcms6:bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8

hex key in base64

sha1:4096:VGVzdG5ldHdvcms6:YmM5NzFmODE0ZDdiZDM3Zjc1MDJjYzY3NDA4YzRmMmM1YTA2ZTFiM2Q0OGRjMDQxZTQyYjU0NzgxNTRkZjFhOA==

I had now 4 variants and tried them with "12345678" in the wordlist with following arguments (also used for the example hash):

Code:
hashcat64.exe -a 0 --session=2018-04-18 -m 12000 -w 3 --status --status-timer=60 --potfile-disable --remove -p : --gpu-temp-disable -o "D:\Downloads\Temp\data\output.txt" --outfile-format=3 "C:\Users\CryptoKiddie\AppData\Local\Temp\tmp84FC.tmp" "D:\Downloads\Temp\data\wordlist.txt"

Can you tell me what I'm doing wrong?

RE: PBKDF2-HMAC-SHA1 format for WPA hex key - undeath - 04-18-2018

base64-encoding the hex data is wrong. You first need to decode the hex, then base64-encode the result.

Quote:Aditionally based on this post I modified the salt (ESSID) with a ":" at the end. In the post the seperator for John the Ripper is "$".

I have no idea why you did this, but don't.

RE: PBKDF2-HMAC-SHA1 format for WPA hex key - CryptoKiddie - 04-18-2018

(04-18-2018, 07:31 PM)undeath Wrote: base64-encoding the hex data is wrong. You first need to decode the hex, then base64-encode the result.

Quote:Aditionally based on this post I modified the salt (ESSID) with a ":" at the end. In the post the seperator for John the Ripper is "$".
I have no idea why you did this, but don't.

Perfect it works!
I missed this information. For the long term it was useful to find it somewhere.

I set the colon at the end of the ESSID because here magnum built it into the input string so I thought it is maybe needed/defined in the IEEE802.11.

magnum Wrote:
Code:
echo 'Harkonen:$pbkdf2-hmac-sha1$4096$486[...]
(the "Harkonen:" in this line is just a "username" that will be output if/when the hash is cracked. It's not part of the hash itself and can be omitted).

Thanks for helping Smile