Hi,
I quickly decided to accept this challenge and to try to build a *POC* code that is able to *pseudo*-convert the hccap back to a valid cap file.
ATTENTION: cap2hccap (the "*other*"==reverse) conversion is *NOT* loseless. we loose a lot of information, therefore the reverse hccap2cap makes some assumption (e.g. assigns some "standard" values (see my #define DEFAULT_* in code below etc))
I think the conversion is *not* impossible but neither it is very useful; but one can say e.g. for research purposes it could be of help... or if someone lost the cap file... there are maybe some use cases (but again: not many!).
The POC:
It is very hackish, written done quickly and may miss some important points OR may *not* comply fully with the standards (e.g. WPA standards/cap file format etc...).
GOAL:
It is not a 1:1 map of cap to hccap! The main goal is that it outputs a *valid* cap file which can be opened by wireshark and others. Furthermore a conversion back w/ cap2hccap should generate the IDENTICAL hccap file.
This is not true the other way, e.g. cap->hccap->cap will *NOT* generate the exactly same cap file (NOT possible).
If and only if some guys here find it nevertheless useful, I could imagine that this could become a nice small project (e.g. on my/someones github) and we could improve the code wherever possible, i.e.
1. MAKE IT BETTER readable (more functions usage, better message generation etc... etc..), FORMAT the code w/ max line length and improve readability (again!)
2. FIX the edge cases and bugs that break the WPA etc standards (if any) ;-)
3. consider adding some useful stuff to other projects (e.g. aircrack-ng), maybe not the whole conversion but parts of it... maybe just reading in hccap files etc
4. TEST the code with a huge set of hccap files... TEST,FIX,TEST,FIX
.....
so before anyone should point out bugs etc. let me know if this could be of interest to somebody and most importantly *WHY*
If useful, we need to organize and put it on a repo e.g. nearby
http://sourceforge.net/projects/cap2hccap/ or similar OR on github
and *IMPROVE* the code
Hopefully, this is of use to someone and it gets a chance to become a nice/small project
BTW: please don't blame me for the (quickly written done) code. HEHE
Best
--ATTACHED--
UPDATE 2: Code removed, it may be outdated, therefore it is better to have a look at the github repo (link below):
UPDATE 1: I decided to put it anyway on github, maybe there is some interest some day for this project. There are some things to cleanup and improve, so please contribute and submit pull requests here:
https://github.com/philsmd/hccap2cap
I quickly decided to accept this challenge and to try to build a *POC* code that is able to *pseudo*-convert the hccap back to a valid cap file.
ATTENTION: cap2hccap (the "*other*"==reverse) conversion is *NOT* loseless. we loose a lot of information, therefore the reverse hccap2cap makes some assumption (e.g. assigns some "standard" values (see my #define DEFAULT_* in code below etc))
I think the conversion is *not* impossible but neither it is very useful; but one can say e.g. for research purposes it could be of help... or if someone lost the cap file... there are maybe some use cases (but again: not many!).
The POC:
It is very hackish, written done quickly and may miss some important points OR may *not* comply fully with the standards (e.g. WPA standards/cap file format etc...).
GOAL:
It is not a 1:1 map of cap to hccap! The main goal is that it outputs a *valid* cap file which can be opened by wireshark and others. Furthermore a conversion back w/ cap2hccap should generate the IDENTICAL hccap file.
This is not true the other way, e.g. cap->hccap->cap will *NOT* generate the exactly same cap file (NOT possible).
If and only if some guys here find it nevertheless useful, I could imagine that this could become a nice small project (e.g. on my/someones github) and we could improve the code wherever possible, i.e.
1. MAKE IT BETTER readable (more functions usage, better message generation etc... etc..), FORMAT the code w/ max line length and improve readability (again!)
2. FIX the edge cases and bugs that break the WPA etc standards (if any) ;-)
3. consider adding some useful stuff to other projects (e.g. aircrack-ng), maybe not the whole conversion but parts of it... maybe just reading in hccap files etc
4. TEST the code with a huge set of hccap files... TEST,FIX,TEST,FIX
.....
so before anyone should point out bugs etc. let me know if this could be of interest to somebody and most importantly *WHY*
If useful, we need to organize and put it on a repo e.g. nearby
http://sourceforge.net/projects/cap2hccap/ or similar OR on github
and *IMPROVE* the code
Hopefully, this is of use to someone and it gets a chance to become a nice/small project
BTW: please don't blame me for the (quickly written done) code. HEHE
Best
--ATTACHED--
UPDATE 2: Code removed, it may be outdated, therefore it is better to have a look at the github repo (link below):
UPDATE 1: I decided to put it anyway on github, maybe there is some interest some day for this project. There are some things to cleanup and improve, so please contribute and submit pull requests here:
https://github.com/philsmd/hccap2cap