hashcat Forum Support hashcat v
4-way handshaking vs hc22000

Linear Mode
4-way handshaking vs hc22000
h9k Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Dec 2022
#1
12-09-2022, 05:57 PM (This post was last modified: 12-09-2022, 06:06 PM by h9k.)
Hello,
I would like to understand how the hc22000 format result can be used to manual calculate the known PSK.

As we already known the hc22000 format is:
case#1 - WPA*01*PMKID*MAC_AP*MAC_CLIENT*ESSID***
case#2 - WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR

Manual check:
case#1 it is very simple to know if the PSK is right as we need to compare the PMKID in hc22000 file with the formula PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA), where PMK=PBKDF2(PSK, SSID, 4096,32))

case#2 I do not understand how hashcat can find the right PSK as the SNonce is missing in the hc22000
For the 4-Way handshake:
First there is a value called PMK. (PMK=PBKDF2(PSK, SSID, 4096,32)).
PTK is derived from PMK as follows:
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.

in the hc22000 case#2 the SNonce and data are not present!

Sorry if I post maybe a silly question but I would like to learn more. Can you please help?

Thanks!
Find
Reply


Messages In This Thread
4-way handshaking vs hc22000 - by h9k - 12-09-2022, 05:57 PM
RE: 4-way handshaking vs hc22000 - by h9k - 12-23-2022, 02:19 PM
RE: 4-way handshaking vs hc22000 - by ZerBea - 12-23-2022, 05:10 PM
RE: 4-way handshaking vs hc22000 - by ZerBea - 12-23-2022, 08:34 PM
RE: 4-way handshaking vs hc22000 - by Sairaj@2001 - 11-30-2023, 02:27 PM
RE: 4-way handshaking vs hc22000 - by v71221 - 11-30-2023, 06:46 PM
RE: 4-way handshaking vs hc22000 - by v71221 - 12-01-2023, 08:41 AM