Looks like the dump file contain a WPA3 (SAE) handshake.
WPA3 is not supported by hashcat and there is no need for the converter to convert this EAPOL messages.
Get example dump file from here https://github.com/vanhoefm/wifi-example-captures
e.g.
wget https://github.com/vanhoefm/wifi-example...pa3.pcapng
open it running tshark and you'll see a 4-way handshake:
but unfortunately this information is incomplete!
Open the dump file in Wireshark, take a look at the EAPOL M1 messages (or the ASSOCIATIONREQUEST) and you'll see that it is WPA3 (Key Descriptor Version: Unknown (0))
compared to WPA2:
or WPA1:
or WPA2 key version 3:
"At this point I'd like to understand by what this problem is caused and how can I avoid it."
The problem: The NETWORK is WPA3 secured (hcxpcapngtool told you that).
A solution: To get an EAPOL M2 message (WPA2) try to downgrade the CLIENT to WPA2 (AP-LESS attack by hcxlabtool/hcxdumptool).
BTW:
Usually WPA3 management frames are protected (Management Frame Protection):
Another indicator is the RSN-IE of the EAPOL M2 message:
or the RSN-IE of the ASSOCIATIONREQUET:
or the RSN-IE of the BEACON/PROBERESPONSE:
as well as the entire AUTHENTICATION (4 frames to exchange the keys)
BTW:
Injecting stupid DEAUTHENTICATION frames is completely useless, because they are ignored!
If you try to convert the example dump file mentioned above, you'll end up here:
Code:
ASSOCIATIONREQUEST (SAE SHA256)..........: 2WPA3 is not supported by hashcat and there is no need for the converter to convert this EAPOL messages.
Get example dump file from here https://github.com/vanhoefm/wifi-example-captures
e.g.
wget https://github.com/vanhoefm/wifi-example...pa3.pcapng
open it running tshark and you'll see a 4-way handshake:
Code:
$ tshark -r wpa3.pcapng -n -Y eapol
92 21:48:38,122663902 e2:20:ae:cb:03:04 → d2:c6:b4:ab:58:88 EAPOL 177 2412 Key (Message 1 of 4)
94 21:48:38,126796696 d2:c6:b4:ab:58:88 → e2:20:ae:cb:03:04 EAPOL 183 2412 Key (Message 2 of 4)
96 21:48:38,127115096 e2:20:ae:cb:03:04 → d2:c6:b4:ab:58:88 EAPOL 243 2412 Key (Message 3 of 4)
98 21:48:38,127394652 d2:c6:b4:ab:58:88 → e2:20:ae:cb:03:04 EAPOL 155 2412 Key (Message 4 of 4)Open the dump file in Wireshark, take a look at the EAPOL M1 messages (or the ASSOCIATIONREQUEST) and you'll see that it is WPA3 (Key Descriptor Version: Unknown (0))
Code:
Key Information: 0x0088
.... .... .... .000 = Key Descriptor Version: Unknown (0)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 1... .... = Key ACK: Set
.... ...0 .... .... = Key MIC: Not set
.... ..0. .... .... = Secure: Not set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not setcompared to WPA2:
Code:
Key Information: 0x008a
.... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 1... .... = Key ACK: Set
.... ...0 .... .... = Key MIC: Not set
.... ..0. .... .... = Secure: Not set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not setor WPA1:
Code:
Key Information: 0x0089
.... .... .... .001 = Key Descriptor Version: RC4 Cipher, HMAC-MD5 MIC (1)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 1... .... = Key ACK: Set
.... ...0 .... .... = Key MIC: Not set
.... ..0. .... .... = Secure: Not set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not setor WPA2 key version 3:
Code:
Key Information: 0x008b
.... .... .... .011 = Key Descriptor Version: AES Cipher, AES-128-CMAC MIC (3)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 1... .... = Key ACK: Set
.... ...0 .... .... = Key MIC: Not set
.... ..0. .... .... = Secure: Not set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not set"At this point I'd like to understand by what this problem is caused and how can I avoid it."
The problem: The NETWORK is WPA3 secured (hcxpcapngtool told you that).
A solution: To get an EAPOL M2 message (WPA2) try to downgrade the CLIENT to WPA2 (AP-LESS attack by hcxlabtool/hcxdumptool).
BTW:
Usually WPA3 management frames are protected (Management Frame Protection):
Code:
RSN Capabilities: 0x00cc
.... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
.... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
.... .... .... 11.. = RSN PTKSA Replay Counter capabilities: 16 replay counters per PTKSA/GTKSA/STAKeySA (0x3)
.... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... .1.. .... = Management Frame Protection Required: True
.... .... 1... .... = Management Frame Protection Capable: True
.... ...0 .... .... = Joint Multi-band RSNA: False
.... ..0. .... .... = PeerKey Enabled: False
..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported
.0.. .... .... .... = OCVC: FalseAnother indicator is the RSN-IE of the EAPOL M2 message:
Code:
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 26
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) SAE (SHA256)
RSN Capabilities: 0x00c0
PMKID Count: 0
PMKID List
Group Management Cipher Suite: 00:0f:ac (Ieee 802.11) BIP (128)or the RSN-IE of the ASSOCIATIONREQUET:
Code:
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 26
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) SAE (SHA256)
RSN Capabilities: 0x00c0
.... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
.... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
.... .... .... 00.. = RSN PTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... .1.. .... = Management Frame Protection Required: True
.... .... 1... .... = Management Frame Protection Capable: True
.... ...0 .... .... = Joint Multi-band RSNA: False
.... ..0. .... .... = PeerKey Enabled: False
..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported
.0.. .... .... .... = OCVC: False
PMKID Count: 0
PMKID List
Group Management Cipher Suite: 00:0f:ac (Ieee 802.11) BIP (128)or the RSN-IE of the BEACON/PROBERESPONSE:
Code:
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 20
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) SAE (SHA256)
RSN Capabilities: 0x00cc
.... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
.... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
.... .... .... 11.. = RSN PTKSA Replay Counter capabilities: 16 replay counters per PTKSA/GTKSA/STAKeySA (0x3)
.... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... .1.. .... = Management Frame Protection Required: True
.... .... 1... .... = Management Frame Protection Capable: True
.... ...0 .... .... = Joint Multi-band RSNA: False
.... ..0. .... .... = PeerKey Enabled: False
..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported
.0.. .... .... .... = OCVC: Falseas well as the entire AUTHENTICATION (4 frames to exchange the keys)
Code:
Authentication Algorithm: Simultaneous Authentication of Equals (SAE) (3)
followed byBTW:
Injecting stupid DEAUTHENTICATION frames is completely useless, because they are ignored!
If you try to convert the example dump file mentioned above, you'll end up here:
Code:
$ hcxpcapngtool wpa3.pcapng
hcxpcapngtool 6.3.5-3-g9f659b0 reading from wpa3.pcapng...
summary capture file
--------------------
file name................................: wpa3.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 5.2.0-kali2-amd64
application..............................: Dumpcap (Wireshark) 3.0.3 (Git v3.0.3 packaged as 3.0.3-1)
interface name...........................: hwsim0
interface vendor.........................: 000000
openSSL version..........................: 1.0
weak candidate...........................: N/A
MAC ACCESS POINT.........................: 000000000000 (incremented on every new client)
MAC CLIENT...............................: 000000000000
REPLAYCOUNT..............................: 0
ANONCE...................................: 0000000000000000000000000000000000000000000000000000000000000000
SNONCE...................................: 0000000000000000000000000000000000000000000000000000000000000000
timestamp minimum (timestamp)............: 17.10.2019 21:48:31 (1571348911)
timestamp maximum (timestamp)............: 17.10.2019 21:48:44 (1571348924)
duration of the dump tool (seconds)......: 13
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianness (capture system)..............: little endian
packets inside...........................: 167
packets received on 2.4 GHz..............: 167
ESSID (total unique).....................: 1
BEACON (total)...........................: 132
BEACON on 2.4 GHz channel (from IE_TAG)..: 1
PROBEREQUEST (undirected)................: 11
PROBERESPONSE (total)....................: 1
DEAUTHENTICATION (total).................: 1
AUTHENTICATION (total)...................: 4
AUTHENTICATION (SAE).....................: 4
ASSOCIATIONREQUEST (total)...............: 1
ASSOCIATIONREQUEST (SAE SHA256)..........: 1
EAPOL messages (total)...................: 4
EAPOL RSN messages.......................: 4
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 1
EAPOL M1 messages (KDV:0 AKM defined)....: 1 (PMK not recoverable)
EAPOL M2 messages (total)................: 1
EAPOL M2 messages (KDV:0 AKM defined)....: 1 (PMK not recoverable)
EAPOL M3 messages (total)................: 1
EAPOL M3 messages (KDV:0 AKM defined)....: 1 (PMK not recoverable)
EAPOL M4 messages (total)................: 1
EAPOL M4 messages (KDV:0 AKM defined)....: 1 (PMK not recoverable)
RSN PMKID (total)........................: 1
RSN PMKID (KDV:0 AKM defined)............: 1 (PMK not recoverable)
frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
2412: 157 2417: 1 2422: 1 2427: 1
2432: 1 2437: 1 2442: 1 2447: 1
2452: 1 2457: 1 2462: 1
Information: missing frames!
This dump file does not contain enough EAPOL M1 frames.
It always happens if the capture file was cleaned or it could happen if filter options are used during capturing.
That makes it impossible to calculate nonce-error-correction values.
https://hashcat.net/forum/thread-6361.html
Duration of the dump tool was a way too short to capture enough additional information.
Information: no hashes written to hash files
session summary
---------------
processed pcapng files................: 1