10-16-2022, 12:16 PM
I am trying to calculate PMKID 4d4fe7aac3a2cecab195321ceb99a7d0 for WPA*01 hash 22000 but can't get the correct result. See Example hashes
I think I have the correct equations in my code to calculate PSK, PMK and PMKID according to WPA/WPA2-PSK PMKID Bruteforce Attack description mentioned at the end of article here and there
I verified my calculation of PSK is correct see online calculator
My program below will give me the results:
PSK = 88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc
PMK = 29033d570e2f52259f03135c935239053c7d0e0c3bb9ab06e97d92e3c3da3e4e
PMKID = 1e3216791e82bbc72da6590c4fae759a
I think I have the correct equations in my code to calculate PSK, PMK and PMKID according to WPA/WPA2-PSK PMKID Bruteforce Attack description mentioned at the end of article here and there
I verified my calculation of PSK is correct see online calculator
My program below will give me the results:
PSK = 88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc
PMK = 29033d570e2f52259f03135c935239053c7d0e0c3bb9ab06e97d92e3c3da3e4e
PMKID = 1e3216791e82bbc72da6590c4fae759a
Code:
#include <iostream>
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
// crypto.h used for the version
#include <openssl/crypto.h>
#include <cstdio>
#include <string>
int32_t iterations = 4096;
const char* password = "hashcat!";
const char* salttext = "hashcat-essid";
unsigned char salt_PMKID[20] = { 'P', 'M', 'K', ' ', 'n', 'a', 'm', 'e', 0xfc, 0x69, 0x0c, 0x15, 0x82, 0x64, 0xf4,0x74, 0x7f, 0x87, 0xf9, 0xf4 }; //Test
unsigned char PSK[0x20];
unsigned char PMK[0x20];
unsigned char PMKID[0x10];
uint32_t outputBytes = 32;
void PBKDF2_HMAC_SHA_1_PSK_PMK_PMKID(const char* pass, const char* salt, int32_t iterations, uint32_t outputBytes, char* hexResult)
{
unsigned int i;
unsigned int digest_PMKID_len = 16;
unsigned int* PMKID_len = &digest_PMKID_len;
unsigned char digest[0x20];
//In WPA2 PSK, the Pre-Shared Key is the same as the Pairwise Master Key (PMK).
//Calculate PSK = PBKDF2(Passphrase, SSID, 4096)
PKCS5_PBKDF2_HMAC(pass, (int)strlen(pass), (const unsigned char*)salt,(int)strlen(salt), iterations, EVP_sha1(), outputBytes, digest);
for (i = 0; i < sizeof(digest); i++)
sprintf(hexResult + (i * 2), "%02x", 255 & digest[i]);
printf_s("PSK = %s\n", hexResult);
//Calculate PMK = PBKDF2(HMAC−SHA1, PSK, SSID, 4096, 256)
PKCS5_PBKDF2_HMAC((const char*)digest, 32, (const unsigned char*)salt, (int)strlen(salt), iterations, EVP_sha1(), outputBytes, digest);
for (i = 0; i < sizeof(digest); i++)
sprintf(hexResult + (i * 2), "%02x", 255 & digest[i]);
printf_s("PMK = %s\n", hexResult);
//Calculate PMKID = HMAC-SHA1-128(PMK,"PMK Name" | MAC_AP | MAC_STA)
HMAC(EVP_sha1(), (const char*)digest, 32, (const unsigned char*)salt_PMKID, (size_t)20, digest, PMKID_len);
/*memcpy(test, (const unsigned char*)salt_PMKID, 20);*/
for (i = 0; i < 16; i++)
sprintf(hexResult + (i * 2), "%02x", 255 & digest[i]);
printf_s("PMKID = %s\n", hexResult);
}
int main()
{
// 2*outputBytes+1 is 2 hex bytes per binary byte,
// and one character at the end for the string-terminating \0
char hexResult[2 * 32 + 1];
memset(hexResult, 0, sizeof(hexResult));
PBKDF2_HMAC_SHA_1_PSK_PMK_PMKID(password, salttext, iterations, outputBytes, hexResult);
}