Determine if PKMID is dynamic?
#1
Hi all,

I've used hcxcaptool to capture PKMID's from my home network router. I succesfully captured 2 (there were 2 clients connected at the time). After converting it into hashcat forma,  the issue I have is that I've used hashcat and a wordlist with my password in but the hashcat does not recover it!

I read that the attack vector won't work on devices that don't use PKMID caching, I suspect that is the issue I've got? I've ran whoismac on the 16800 file and I can see that it is indeed the correct SSID / Mac address.

Is there any way I can prove that the device is not reusing the PKMID?

Thanks
Reply
#2
If you have a traditional WPA handshake captured it's possible the capture is broken and even with the correct password you can not crack it. With PMKID this is not possible. IF you have used the right password, it will crack.
Reply
#3
Hmm ok, where can I go from here then? I captured the PMKIDs but i've ran them across a wordlist in Hashcat and the password isn't recovered, even though i know for a fact the password is in the wordlist.

Would the opengl self test failing be responsible for this?
Reply
#4
(08-14-2019, 04:55 PM)arniezonez Wrote: Would the opengl self test failing be responsible for this?

LOL
Reply
#5
(08-14-2019, 05:01 PM)undeath Wrote:
(08-14-2019, 04:55 PM)arniezonez Wrote: Would the opengl self test failing be responsible for this?

LOL

I'll take that a yes then.. lol, I didn't realise opengl failing would actually affect the integrity of hashcat veryfying the hashes, I thought maybe it would just affect performance.
Reply
#6
To determine if PKMID is dynamic (EAP Authentication Key Management [AKM] defined) just check the RSN-IE field in beacon, (re)associationrequest or EAPOL M2 or the Key Descriptor Version field in EAPOL M1, M2, M3, M4 messages.
EAP AKM defined PMKIDs are dynamic.
Reply