< So basically for my example above the WPA*02 line is not usable since the PSK was not authorized, if I bruteforce that one I might recover a wrong PSK. Am I right ?
if the MESSAGEPAIR ends with *x0 (CHALLENGE) and you have had recovered the PSK, it might be possible that the recovered PSK does not belong to the target NETWORK.
It could belong to a different NETWORK using the same ESSID or it could be a try from a CLIENT using a false PSK.
Only PMKIDs with MESSAGEPAIR 01 and EAPOL MESSAGEPAIRS with *x2 (binary: x0010)
or this, very rare cases (because SNONCE M4 is mostly zeroed):
*x1 (binary: x0001) are authorized.
*x5 (binary: x0101) are authorized.
EAPOL MESSAGEPAIRS with *x0 (binary: 0000) are challenges and could be everything (try, old PSK, wrong PSK, ...)
The entire 802.11 stuff is really hard core.
Also hcxdumptool/hcxtools is not easy to use, because it is designed to analyze and in combination with hashcat or JtR to break an entire system.
I'll say that you get much more information than the actual PSK of a target NETWORK.
That inlcude e.g. a complete PSK change history like this:
password2001 from MP *x0
password2002 from MP *x0
password2003 from MP *x0
password2004 from PMKID or MP 0x2
All PSKs are valid and hashcat is able to recover them.while password2004 is the actual PSK.
So it is absolutely normal, if still something is blurry for you.
if the MESSAGEPAIR ends with *x0 (CHALLENGE) and you have had recovered the PSK, it might be possible that the recovered PSK does not belong to the target NETWORK.
It could belong to a different NETWORK using the same ESSID or it could be a try from a CLIENT using a false PSK.
Only PMKIDs with MESSAGEPAIR 01 and EAPOL MESSAGEPAIRS with *x2 (binary: x0010)
or this, very rare cases (because SNONCE M4 is mostly zeroed):
*x1 (binary: x0001) are authorized.
*x5 (binary: x0101) are authorized.
EAPOL MESSAGEPAIRS with *x0 (binary: 0000) are challenges and could be everything (try, old PSK, wrong PSK, ...)
The entire 802.11 stuff is really hard core.
Also hcxdumptool/hcxtools is not easy to use, because it is designed to analyze and in combination with hashcat or JtR to break an entire system.
I'll say that you get much more information than the actual PSK of a target NETWORK.
That inlcude e.g. a complete PSK change history like this:
password2001 from MP *x0
password2002 from MP *x0
password2003 from MP *x0
password2004 from PMKID or MP 0x2
All PSKs are valid and hashcat is able to recover them.while password2004 is the actual PSK.
So it is absolutely normal, if still something is blurry for you.