Short answer to your question:
Yes, it is possible with latest hashcat!
Long statement:
But you don't need that tool!
Using only M1 and M2 is not a new idea.
You can use every combination of the handshake to crack the net:
M1/M2
M2/M3
M3/M4
M1/M4 (if M4 snonce is not zero)
cap2hccapx/wlancap2hcx will convert every combination of the message pairs.
They also tests the timestamp and the possibility to use hashcats --nonce-error-corrections.
Nonce error correction is possible, because of the non-existing entropy of some access points.
That means the anonce isn't random!
If you use wlandump-ng/wlanresponse to capture the traffic, you only need the M2 of a client
(booth tools generates the M1).
Yes, it is possible with latest hashcat!
Long statement:
But you don't need that tool!
Using only M1 and M2 is not a new idea.
You can use every combination of the handshake to crack the net:
M1/M2
M2/M3
M3/M4
M1/M4 (if M4 snonce is not zero)
cap2hccapx/wlancap2hcx will convert every combination of the message pairs.
They also tests the timestamp and the possibility to use hashcats --nonce-error-corrections.
Nonce error correction is possible, because of the non-existing entropy of some access points.
That means the anonce isn't random!
If you use wlandump-ng/wlanresponse to capture the traffic, you only need the M2 of a client
(booth tools generates the M1).