> From what i see there (which is obvisouly wrong) 010 is authorized, so I must missing a key somewhere
The value in the explanation is binary while the value in the MESSAGEPAIRFIELD is HEX.
You have to convert it.
hex 10 == binary 00010000
regarding the matrix and reading the bits from the right to the left:
this MESSAGE PAIR is from a connect attempt (M1M2 challenge) from a CLIENT to hcxdumptool.
Default key space SFR_xxxx (vendor SFR):
?l?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
Default key space Livebox-xxxx (vendor Arcadyan):
?l?u?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
Default key space Livebox-xxxx (vendor SAGEMCOM):
?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H
impossible to recover by hashcat (even with a GPU farm).
BTW:
The hash from this comment
https://hashcat.net/forum/thread-11513-p...l#pid58698
is easy to recover, because it is not the default PSK.
Took me only a few seconds to get it:
The value in the explanation is binary while the value in the MESSAGEPAIRFIELD is HEX.
You have to convert it.
hex 10 == binary 00010000
regarding the matrix and reading the bits from the right to the left:
Code:
000 == M1M2 challenge
0 == reserved
1 == ap-less attack (set to 1) - nonce-error-corrections not required
0 == LE router detected (set to 1) - nonce-error-corrections required only on LE
0 == BE router detected (set to 1) - nonce-error-corrections required only on BE
0 == replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections mandatoryDefault key space SFR_xxxx (vendor SFR):
?l?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
Default key space Livebox-xxxx (vendor Arcadyan):
?l?u?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
Default key space Livebox-xxxx (vendor SAGEMCOM):
?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H
impossible to recover by hashcat (even with a GPU farm).
BTW:
The hash from this comment
https://hashcat.net/forum/thread-11513-p...l#pid58698
Code:
WPA*02*f26698......Took me only a few seconds to get it:
Code:
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: /tmp/x
Time.Started.....: Tue Jul 25 07:41:47 2023 (4 secs)
Time.Estimated...: Tue Jul 25 07:41:51 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 959.7 kH/s (6.31ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 3736554/10354402 (36.09%)
Rejected.........: 1002/3736554 (0.03%)
Restore.Point....: 3580884/10354402 (34.58%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 001AEF24D2F3 -> 737291Ol
Hardware.Mon.#1..: Temp: 53c Fan: 0% Util: 66% Core:2835MHz Mem:10802MHz Bus:16
Started: Tue Jul 25 07:41:47 2023
Stopped: Tue Jul 25 07:41:53 2023