potfile wpa format/derivation - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: potfile wpa format/derivation (/thread-9506.html) |
potfile wpa format/derivation - qaksmmnvkpjv - 09-15-2020 hashcat versions: 5.1.0 and 6.1.1 I've been looking at hccapx to better understand wpa/wpa2, but there's one thing that befuddles me. I cannot figure out how hashcat creates a 128 bit prefix for found passwords. hashcat will output something like XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:<ap_mac>:<sta_mac>:<ssid>:<password> Where the X's are a hex encoding of something. How is this derived? I've been looking through the source code where -m 2500 (wpa/wpa2) is defined, but I can't see how it's done. https://github.com/hashcat/hashcat/blob/master/OpenCL/m02500-pure.cl In the rules I'm not supposed to post the actual hash, but I see no problem with that because it's published on hashcat.net as an example for explanation purposes. Once someone gives me the ok I'll post the actual hash. I think it'll be easier to work with a specific example. RE: potfile wpa format/derivation - philsmd - 09-15-2020 an independent checksum that is used to identify/find the correct hash, see https://github.com/hashcat/hashcat/blob/8207af471cee80012d370d551653d28516abf0c1/src/modules/module_02500.c#L756-L823 you shouldn't bother too much about it, it's just used internally for the potfile hash lookup and to distinguish the different hashes it's also recommended to switch to the new hash format -m 22000 = WPA-PBKDF2-PMKID+EAPOL as mentioned in the docs and release notes RE: potfile wpa format/derivation - qaksmmnvkpjv - 09-15-2020 (09-15-2020, 07:50 AM)philsmd Wrote: an independent checksum that is used to identify/find the correct hash, see https://github.com/hashcat/hashcat/blob/8207af471cee80012d370d551653d28516abf0c1/src/modules/module_02500.c#L756-L823 Can you point me to the documentation and release notes that you're referring to. RE: potfile wpa format/derivation - philsmd - 09-15-2020 To be honest, when I wrote that I believed that we had added a whole paragraph about the new -m 22000 format here: https://hashcat.net/forum/thread-9303.html (but we only mentioned that WPA-PBKDF2-PMKID+EAPOL was added). I guess the best resource for now is this: https://github.com/hashcat/hashcat/issues/1816 where the format was discuessed RE: potfile wpa format/derivation - ZerBea - 09-15-2020 You can read more about this format (2200x, outfile format and potfile format) and the tools working on it here: https://hashcat.net/forum/thread-6661-post-47931.html#pid47931 RE: potfile wpa format/derivation - qaksmmnvkpjv - 09-15-2020 As an academic exercise, I'm creating an sqlite database to manage cracked/uncracked hashes. I want to use the hash as the primary key, but I didn't know how to produce the hash in the same way as hashcat for -m 2500. Which means I didn't know how to ingest hccapx files uniquely that was compatible with the hashcat potfile. RE: potfile wpa format/derivation - ZerBea - 09-15-2020 As mentioned in this thread: https://hashcat.net/forum/thread-6661-post-47931.html#pid47931 22000 format is no longer binary. All bash tools (cat, sort, awk, cut, ....) are working on it, on the potfile and on the outfile A good example (php code inclusive data base) can be found here: https://github.com/RealEnder/dwpa Old hashcat use an md5_64 to make the hash unique. That is deprecated (because it spam the potfile) and is removed since v6. I recommend to use 22000 instead of 2500 and/or 16800. |