calculate hashcat's "--nonce-error-corrections" using hcxtools
In some special cases hashcat isn't able to do nonce-error-corrections.
If you use wlanhcxinfo option -a -A to get the required informations and you see this:
mac_ap anonce
-----------------------------------------------------------------------------------------------------
xxxxxxxxxxxx:4a8d0509f2a10031e819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a10034e819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a10037e819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a1003ae819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a1003ce819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a1003ee819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
Byte 7 is incremented.
There are gaps between the values (caused by packetloss of the dumper).
Now it's time for wlanhcxmnc. This tool will do the nonce-err-corrections for hashcat.
Calculate the nonce-err-corrections value as in post 61 described: 0x3e - 0x31 = 0xd
Then run:
wlanhcxmnc -i yourfile.hccapx -a xxxxxxxxxxxx -o correctedfile.hccapx -b 7 -n d
wlanhcxmnc will correct the nonce values for this ap xxxxxxxxxxxx and save them to a file.
Now you can run hashcat with --nonce-error-corrections=0 on that file.
This is possible, because the nonce-error-corrections is allready done by wlanhcxmnc!
update hcxtools 4.0.0-rc1:
Added new option -I to wlanhcxmnc:
-I : show mac_ap and anonces
now you can use
$ wlanhcxmnc -i yourfile.hccapx -I
to get the required informations for hashcat's nonce-error-corrections
stdout is used for printing this informations. So it's possible to redirect the output to a file
$ wlanhcxmnc -i yourfile.hccapx -I > apinfos
wlanhcxinfo option -a -A no longer needed for this purpose!
In some special cases hashcat isn't able to do nonce-error-corrections.
If you use wlanhcxinfo option -a -A to get the required informations and you see this:
mac_ap anonce
-----------------------------------------------------------------------------------------------------
xxxxxxxxxxxx:4a8d0509f2a10031e819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a10034e819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a10037e819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a1003ae819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a1003ce819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
xxxxxxxxxxxx:4a8d0509f2a1003ee819d487f95a33825cbaf6ea6d7dff3ade2c7c3071889316
Byte 7 is incremented.
There are gaps between the values (caused by packetloss of the dumper).
Now it's time for wlanhcxmnc. This tool will do the nonce-err-corrections for hashcat.
Calculate the nonce-err-corrections value as in post 61 described: 0x3e - 0x31 = 0xd
Then run:
wlanhcxmnc -i yourfile.hccapx -a xxxxxxxxxxxx -o correctedfile.hccapx -b 7 -n d
wlanhcxmnc will correct the nonce values for this ap xxxxxxxxxxxx and save them to a file.
Now you can run hashcat with --nonce-error-corrections=0 on that file.
This is possible, because the nonce-error-corrections is allready done by wlanhcxmnc!
update hcxtools 4.0.0-rc1:
Added new option -I to wlanhcxmnc:
-I : show mac_ap and anonces
now you can use
$ wlanhcxmnc -i yourfile.hccapx -I
to get the required informations for hashcat's nonce-error-corrections
stdout is used for printing this informations. So it's possible to redirect the output to a file
$ wlanhcxmnc -i yourfile.hccapx -I > apinfos
wlanhcxinfo option -a -A no longer needed for this purpose!