hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Normally we wait up to 2 minutes to get a GPX fix. If we didn't get it, we deactivate GPS.

EDIT:
I pushed another update. Now we leave the GPS fix loop if we didn't receive a GPRMC sentence within the first 120 received sentences.

If we got no fix from the device, output looks like this (after the period of at least 2 minutes):
$ sudo hcxdumptool -i wlp3s0f0u2 --filtermode=1 --filterlist_ap=$HOME/Source/raspberry/filterlistap --filterlist_client=$HOME/Source/raspberry/filterlistap -o wpatst.pcapng --enable_status=1 --gps=/dev/ttyACM0
initialization...
waiting up to 2 minutes seconds to get GPS fix
GPS failed

start capturing (stop with ctrl+c)
NMEA 0183 RMC SENTENCE..: N/A
INTERFACE NAME..........: wlp3s0f0u2
INTERFACE HARDWARE MAC..: f81a67077d0e
DRIVER..................: ath9k_htc
DRIVER VERSION..........: 5.3.7-arch1-2-ARCH
DRIVER FIRMWARE VERSION.: 1.4
ERRORMAX................: 100 errors
FILTERLIST ACCESS POINT.: 2 entries
FILTERLIST CLIENT.......: 2 entries
FILTERMODE..............: 1
PREDEFINED ACCESS POINT.: 0 entries
MAC ACCESS POINT........: 0024fb4ff852 (incremented on every new client)
MAC CLIENT..............: b025aac72741
REPLAYCOUNT.............: 62055
ANONCE..................: e40324dcb9b9756550c299aefeb303b2e9b9e5c0813022ec3b82896d0397286e
SNONCE..................: 63d1afb26a112876a5905918510f06e7b50e969ff97695f12f54b0882106ca12


If we have a fix, output looks like this:
$ sudo hcxdumptool -i wlp3s0f0u2 --filtermode=1 --filterlist_ap=$HOME/Source/raspberry/filterlistap --filterlist_client=$HOME/Source/raspberry/filterlistap -o wpatst.pcapng --enable_status=1 --gps=/dev/ttyACM0
initialization...
waiting up to 2 minutes seconds to get GPS fix

start capturing (stop with ctrl+c)
NMEA 0183 RMC SENTENCE..: 091201.00,A,5010.15472,N,00642.51819,E,0.105,,311019,,,A*77
INTERFACE NAME..........: wlp3s0f0u2
INTERFACE HARDWARE MAC..: f81a67077d0e
DRIVER..................: ath9k_htc
DRIVER VERSION..........: 5.3.7-arch1-2-ARCH
DRIVER FIRMWARE VERSION.: 1.4
ERRORMAX................: 100 errors
FILTERLIST ACCESS POINT.: 2 entries
FILTERLIST CLIENT.......: 2 entries
FILTERMODE..............: 1
PREDEFINED ACCESS POINT.: 0 entries
MAC ACCESS POINT........: 18421dd1f644 (incremented on every new client)
MAC CLIENT..............: b025aa72aee8
REPLAYCOUNT.............: 64626
ANONCE..................: 2784a27da917a4f61d5ae39b88cadd92e7db9edf0ca08fe22a84b67863e97fc6
SNONCE..................: ab5707d533d899b19258f9ea44abbb84970ad8c776b0172c3d0e9fbe43427d67

Do we get a NMEA 0183 recommended minimum sentence (starting with: $GPRMC):
$GPRMC,091201.00,A,5010.15472,N,00642.51819,E,0.105,,311019,,,A*77
running this command:
cat /dev/ttyUSB0

hcxdumptool doesn't set the device to NMEA 0183. That must be done by user.

Examples of the most common sentences can be found here:
https://en.wikipedia.org/wiki/NMEA_0183

BTW:
hcxpcaptool isn't ready for hcxdumptool v6.0.0. There is still some work to do (on both tools).
I pushed this early alfa to allow wifite2 to test the new features:
https://github.com/kimocoder/wifite2/iss...-548249943
Reply
(10-31-2019, 11:22 AM)ZerBea Wrote: Normally we wait up to 2 minutes to get a GPX fix. If we didn't get it, we deactivate GPS.

EDIT:
I pushed another update. Now we leave the GPS fix loop if we didn't receive a GPRMC sentence within the first 120 received sentences.

If we got no fix from the device, output looks like this (after the period of at least 2 minutes):
$ sudo hcxdumptool -i wlp3s0f0u2 --filtermode=1 --filterlist_ap=$HOME/Source/raspberry/filterlistap --filterlist_client=$HOME/Source/raspberry/filterlistap -o wpatst.pcapng --enable_status=1 --gps=/dev/ttyACM0
initialization...
waiting up to 2 minutes seconds to get GPS fix
GPS failed

start capturing (stop with ctrl+c)
NMEA 0183 RMC SENTENCE..: N/A
INTERFACE NAME..........: wlp3s0f0u2
INTERFACE HARDWARE MAC..: f81a67077d0e
DRIVER..................: ath9k_htc
DRIVER VERSION..........: 5.3.7-arch1-2-ARCH
DRIVER FIRMWARE VERSION.: 1.4
ERRORMAX................: 100 errors
FILTERLIST ACCESS POINT.: 2 entries
FILTERLIST CLIENT.......: 2 entries
FILTERMODE..............: 1
PREDEFINED ACCESS POINT.: 0 entries
MAC ACCESS POINT........: 0024fb4ff852 (incremented on every new client)
MAC CLIENT..............: b025aac72741
REPLAYCOUNT.............: 62055
ANONCE..................: e40324dcb9b9756550c299aefeb303b2e9b9e5c0813022ec3b82896d0397286e
SNONCE..................: 63d1afb26a112876a5905918510f06e7b50e969ff97695f12f54b0882106ca12


If we have a fix, output looks like this:
$ sudo hcxdumptool -i wlp3s0f0u2 --filtermode=1 --filterlist_ap=$HOME/Source/raspberry/filterlistap --filterlist_client=$HOME/Source/raspberry/filterlistap -o wpatst.pcapng --enable_status=1 --gps=/dev/ttyACM0
initialization...
waiting up to 2 minutes seconds to get GPS fix

start capturing (stop with ctrl+c)
NMEA 0183 RMC SENTENCE..: 091201.00,A,5010.15472,N,00642.51819,E,0.105,,311019,,,A*77
INTERFACE NAME..........: wlp3s0f0u2
INTERFACE HARDWARE MAC..: f81a67077d0e
DRIVER..................: ath9k_htc
DRIVER VERSION..........: 5.3.7-arch1-2-ARCH
DRIVER FIRMWARE VERSION.: 1.4
ERRORMAX................: 100 errors
FILTERLIST ACCESS POINT.: 2 entries
FILTERLIST CLIENT.......: 2 entries
FILTERMODE..............: 1
PREDEFINED ACCESS POINT.: 0 entries
MAC ACCESS POINT........: 18421dd1f644 (incremented on every new client)
MAC CLIENT..............: b025aa72aee8
REPLAYCOUNT.............: 64626
ANONCE..................: 2784a27da917a4f61d5ae39b88cadd92e7db9edf0ca08fe22a84b67863e97fc6
SNONCE..................: ab5707d533d899b19258f9ea44abbb84970ad8c776b0172c3d0e9fbe43427d67

Do we get a NMEA 0183 recommended minimum sentence (starting with: $GPRMC):
$GPRMC,091201.00,A,5010.15472,N,00642.51819,E,0.105,,311019,,,A*77
running this command:
cat /dev/ttyUSB0

hcxdumptool doesn't set the device to NMEA 0183. That must be done by user.

Examples of the most common sentences can be found here:
https://en.wikipedia.org/wiki/NMEA_0183

BTW:
hcxpcaptool isn't ready for hcxdumptool v6.0.0. There is still some work to do (on both tools).
I pushed this early alfa to allow wifite2 to test the new features:
https://github.com/kimocoder/wifite2/iss...-548249943


OK, thank vey much
Reply
Hello, hcxdumptool 5.2.2 y hcxcaptool 5.2.2 no working gps
Reply
Please try hcxdumptool v6.0.0 in combination with latest git head hcxpcapngtool.
hcxdumptool GPS options:
--use_gps_device=<device>          : use GPS device
                                    /dev/ttyACM0, /dev/ttyUSB0, ...
                                    NMEA 0183 $GPGGA $GPGGA
--use_gpsd                        : use GPSD device
                                    NMEA 0183 $GPGGA, $GPRMC
--nmea=<file>                      : save track to file
                                    format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                    to convert it to gpx, use GPSBabel:
                                    gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
                                    to display the track, open file.gpx with viking
If you use GPS, make sure GPS device is in fix, before you start hcxdumptool


hcxpcapngtool GPS options:
--nmea=<file>                      : output GPS data in NMEA format
                                    format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                    to convert it to gpx, use GPSBabel:
                                    gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
                                    to display the track, open file.gpx with viking

Test your GPS device:
$ lsusb
Bus 001 Device 009: ID 1546:01a7 U-Blox AG [u-blox 7]

Get information about the device
$ dmesg
[ 3954.212690] usb 1-3: new full-speed USB device number 9 using xhci_hcd
[ 3954.353840] usb 1-3: New USB device found, idVendor=1546, idProduct=01a7, bcdDevice= 1.00
[ 3954.353851] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 3954.353857] usb 1-3: Product: u-blox 7 - GPS/GNSS Receiver
[ 3954.353862] usb 1-3: Manufacturer: u-blox AG - www.u-blox.com
[ 3954.379328] cdc_acm 1-3:1.0: ttyACM0: USB ACM device

receive GPS data from the device (/dev/.... depend on your device/port)
$ cat /dev/ttyACM0

now GPS data should appear
$GPTXT,01,01,02,u-blox ag - www.u-blox.com*50
$GPTXT,01,01,02,HW  UBX-G70xx  00070000 *77
$GPTXT,01,01,02,ROM CORE 1.00 (59842) Jun 27 2012 17:43:52*59
$GPTXT,01,01,02,PROTVER 14.00*1E
$GPTXT,01,01,02,ANTSUPERV=AC SD PDoS SR*20
$GPTXT,01,01,02,ANTSTATUS=OK*3B
$GPTXT,01,01,02,LLC FFFFFFFF-FFFFFFED-FFFFFFFF-FFFFFFFF-FFFFFFF9*50
$GPRMC,,V,,,,,,,,,,N*53

wait until you get a fix (GPRMC and GPGGA is not longer empty)
if you don't receive GPS data running $ cat, your device isn't suitable or not working as expected.
GPWPL is calculated by hcxdumptool and hcxpcapngtool for every transmitter.

now run hcxdumptool with option:
--use_gps_device=/dev/ttyACM0
Reply
(12-27-2019, 08:13 PM)ZerBea Wrote: Please try hcxdumptool v6.0.0 in combination with latest git head hcxpcapngtool.
hcxdumptool GPS options:
--use_gps_device=<device>          : use GPS device
                                    /dev/ttyACM0, /dev/ttyUSB0, ...
                                    NMEA 0183 $GPGGA $GPGGA
--use_gpsd                        : use GPSD device
                                    NMEA 0183 $GPGGA, $GPRMC
--nmea=<file>                      : save track to file
                                    format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                    to convert it to gpx, use GPSBabel:
                                    gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
                                    to display the track, open file.gpx with viking
If you use GPS, make sure GPS device is in fix, before you start hcxdumptool


hcxpcapngtool GPS options:
--nmea=<file>                      : output GPS data in NMEA format
                                    format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                    to convert it to gpx, use GPSBabel:
                                    gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
                                    to display the track, open file.gpx with viking

Test your GPS device:
$ lsusb
Bus 001 Device 009: ID 1546:01a7 U-Blox AG [u-blox 7]

Get information about the device
$ dmesg
[ 3954.212690] usb 1-3: new full-speed USB device number 9 using xhci_hcd
[ 3954.353840] usb 1-3: New USB device found, idVendor=1546, idProduct=01a7, bcdDevice= 1.00
[ 3954.353851] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 3954.353857] usb 1-3: Product: u-blox 7 - GPS/GNSS Receiver
[ 3954.353862] usb 1-3: Manufacturer: u-blox AG - www.u-blox.com
[ 3954.379328] cdc_acm 1-3:1.0: ttyACM0: USB ACM device

receive GPS data from the device (/dev/.... depend on your device/port)
$ cat /dev/ttyACM0

now GPS data should appear
$GPTXT,01,01,02,u-blox ag - www.u-blox.com*50
$GPTXT,01,01,02,HW  UBX-G70xx  00070000 *77
$GPTXT,01,01,02,ROM CORE 1.00 (59842) Jun 27 2012 17:43:52*59
$GPTXT,01,01,02,PROTVER 14.00*1E
$GPTXT,01,01,02,ANTSUPERV=AC SD PDoS SR*20
$GPTXT,01,01,02,ANTSTATUS=OK*3B
$GPTXT,01,01,02,LLC FFFFFFFF-FFFFFFED-FFFFFFFF-FFFFFFFF-FFFFFFF9*50
$GPRMC,,V,,,,,,,,,,N*53

wait until you get a fix (GPRMC and GPGGA is not longer empty)
if you don't receive GPS data running $ cat, your device isn't suitable or not working as expected.
GPWPL is calculated by hcxdumptool and hcxpcapngtool for every transmitter.

now run hcxdumptool with option:
--use_gps_device=/dev/ttyACM0


Thank you, I'll try
Reply
I decided to add "raw" NMEA support, because I noticed that, if you use GPSD and GPSD hangs, hcxdumptool will hang too.
On the other side, NMEA sentences can be converted to every format, by GPSBabel and displayed by Viking

Overview of NMEA:
https://www.gpsinformation.org/dale/nmea.htm
http://aprs.gids.nl/nmea/

Overview GPSBabel:
https://www.gpsbabel.org/

Overview Viking:
https://sourceforge.net/projects/viking/

if you're using Arch Linux, the tools can be installed by pacman -S viking gpsbabel
Reply
(12-27-2019, 10:04 PM)strike1953 Wrote:
(12-27-2019, 08:13 PM)ZerBea Wrote: Please try hcxdumptool v6.0.0 in combination with latest git head hcxpcapngtool.
hcxdumptool GPS options:
--use_gps_device=<device>          : use GPS device
                                    /dev/ttyACM0, /dev/ttyUSB0, ...
                                    NMEA 0183 $GPGGA $GPGGA
--use_gpsd                        : use GPSD device
                                    NMEA 0183 $GPGGA, $GPRMC
--nmea=<file>                      : save track to file
                                    format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                    to convert it to gpx, use GPSBabel:
                                    gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
                                    to display the track, open file.gpx with viking
If you use GPS, make sure GPS device is in fix, before you start hcxdumptool


hcxpcapngtool GPS options:
--nmea=<file>                      : output GPS data in NMEA format
                                    format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                    to convert it to gpx, use GPSBabel:
                                    gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
                                    to display the track, open file.gpx with viking

Test your GPS device:
$ lsusb
Bus 001 Device 009: ID 1546:01a7 U-Blox AG [u-blox 7]

Get information about the device
$ dmesg
[ 3954.212690] usb 1-3: new full-speed USB device number 9 using xhci_hcd
[ 3954.353840] usb 1-3: New USB device found, idVendor=1546, idProduct=01a7, bcdDevice= 1.00
[ 3954.353851] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 3954.353857] usb 1-3: Product: u-blox 7 - GPS/GNSS Receiver
[ 3954.353862] usb 1-3: Manufacturer: u-blox AG - www.u-blox.com
[ 3954.379328] cdc_acm 1-3:1.0: ttyACM0: USB ACM device

receive GPS data from the device (/dev/.... depend on your device/port)
$ cat /dev/ttyACM0

now GPS data should appear
$GPTXT,01,01,02,u-blox ag - www.u-blox.com*50
$GPTXT,01,01,02,HW  UBX-G70xx  00070000 *77
$GPTXT,01,01,02,ROM CORE 1.00 (59842) Jun 27 2012 17:43:52*59
$GPTXT,01,01,02,PROTVER 14.00*1E
$GPTXT,01,01,02,ANTSUPERV=AC SD PDoS SR*20
$GPTXT,01,01,02,ANTSTATUS=OK*3B
$GPTXT,01,01,02,LLC FFFFFFFF-FFFFFFED-FFFFFFFF-FFFFFFFF-FFFFFFF9*50
$GPRMC,,V,,,,,,,,,,N*53

wait until you get a fix (GPRMC and GPGGA is not longer empty)
if you don't receive GPS data running $ cat, your device isn't suitable or not working as expected.
GPWPL is calculated by hcxdumptool and hcxpcapngtool for every transmitter.

now run hcxdumptool with option:
--use_gps_device=/dev/ttyACM0


Thank you, I'll try


Working!!!!!!!
Reply
Nice to hear that.
Please try the new hasline, too (latest git head on all tools -option 22000):
hcxdumptool -> hcxpcangtool -o new.22000 -> hashcat -m 22000 new.22000 wordlist
It works like a charm. Atom did an amazing job.
Reply
(12-28-2019, 01:14 PM)ZerBea Wrote: Nice to hear that.
Please try the new hasline, too (latest git head on all tools -option 22000):
hcxdumptool -> hcxpcangtool -o new.22000  -> hashcat -m 22000 new.22000 wordlist
It works like a charm. Atom did an amazing job.

Wonderfull, amazing job.
Congratulatios
Reply
Can some one explain to me what is in help_crack.py how it works exactly and what it is doing to better understand how I might integrate this into subsequent processes carried out by Wifite 2. It is my understanding it runs hashcat but because the process is not independently ran by hcxtools itself the scan, capture and dump files are polluted in a sense and limit effect cracking using the online API to onlinehashcrack AWS servers running GPU driven attack vectors.
Reply