hccap to cap ? Possible ?
#1
Hi,

Just would like to know if it is possible to convert a hccap file into a cap file, in order to confirm the crack with aircrack-ng (I've deleted the original cap file).

Thank you.
#2
no. The message is too short. Please enter a message longer than 5 characters.
#3
I think this is possible, Atom stated that cap -> hccap conversion isn't a conversion at all, it just rearranges the data and throws out the unneeded bits, but it's somewhat harder than one expects.
No software exists for this though.
#4
cap consists of network data packages whereas hccap consists only of data regarding a wpa login.
#5
Yes, the cap -> hccap -> cap conversion will make an incomplete file, but it should still work with aircrack-ng, no?
#6
no, hccap file is not compatible with aircrack-ng (or I can't see the right parameter ?!)
#7
Hi,
I quickly decided to accept this challenge and to try to build a *POC* code that is able to *pseudo*-convert the hccap back to a valid cap file.

ATTENTION: cap2hccap (the "*other*"==reverse) conversion is *NOT* loseless. we loose a lot of information, therefore the reverse hccap2cap makes some assumption (e.g. assigns some "standard" values (see my #define DEFAULT_* in code below etc))

I think the conversion is *not* impossible but neither it is very useful; but one can say e.g. for research purposes it could be of help... or if someone lost the cap file... there are maybe some use cases (but again: not many!).

The POC:
It is very hackish, written done quickly and may miss some important points OR may *not* comply fully with the standards (e.g. WPA standards/cap file format etc...).

GOAL:
It is not a 1:1 map of cap to hccap! The main goal is that it outputs a *valid* cap file which can be opened by wireshark and others. Furthermore a conversion back w/ cap2hccap should generate the IDENTICAL hccap file.
This is not true the other way, e.g. cap->hccap->cap will *NOT* generate the exactly same cap file (NOT possible).

If and only if some guys here find it nevertheless useful, I could imagine that this could become a nice small project (e.g. on my/someones github) and we could improve the code wherever possible, i.e.
1. MAKE IT BETTER readable (more functions usage, better message generation etc... etc..), FORMAT the code w/ max line length and improve readability (again!)
2. FIX the edge cases and bugs that break the WPA etc standards (if any) ;-)
3. consider adding some useful stuff to other projects (e.g. aircrack-ng), maybe not the whole conversion but parts of it... maybe just reading in hccap files etc
4. TEST the code with a huge set of hccap files... TEST,FIX,TEST,FIX
.....
so before anyone should point out bugs etc. let me know if this could be of interest to somebody and most importantly *WHY*
If useful, we need to organize and put it on a repo e.g. nearby
http://sourceforge.net/projects/cap2hccap/ or similar OR on github
and *IMPROVE* the code

Hopefully, this is of use to someone and it gets a chance to become a nice/small project

BTW: please don't blame me for the (quickly written done) code. HEHE

Best

--ATTACHED--
UPDATE 2: Code removed, it may be outdated, therefore it is better to have a look at the github repo (link below):

UPDATE 1: I decided to put it anyway on github, maybe there is some interest some day for this project. There are some things to cleanup and improve, so please contribute and submit pull requests here:
https://github.com/philsmd/hccap2cap
#8
awesome work philipp, thanks
#9
Thank you very much !
#10
Oh wow. I have been wanting something like this for bloody ages. Damn good job sir!