Updated hcxpcaptool - new (long) options (now we went into direct sync with hashcat and JtR!):
--time-error-corrections : maximum allowed time gap (default: 10000s)
--nonce-error-corrections : maximum allowed nonce gap (default: 8) [should be the same value as in hashcat]
Use the same values as in hashcat or JtR.
That means, if you convert the cap to hccapx using --nonce-error-corrections=128
you must(!) use the same value in hashcat or in JtR!
The --time-error-corrections is the maximum allowed timegap between 2 messages
within the authentication.
Result: only one (the best !) handshake per combination mac_sta, mac_ap, ESSID.
No longer need to remove duplicates from your hashfile!
If you have bad reception, use higher values for both options!
That makes us more flexible and brings us more crackable handshakes (~20% more).
And keep in mind:
The quality of a hccapx file is based solely on on the skills of the attack tool and the conversion tool.
If the attacker or the dumper fails - the hccapx will be crappy (even on a messagepair M1M2M3M4)!
But nevertheless, I added an option to convert to raw handshakes (all handshakes):
-O <file> : output raw hccapx file
--time-error-corrections : maximum allowed time gap (default: 10000s)
--nonce-error-corrections : maximum allowed nonce gap (default: 8) [should be the same value as in hashcat]
Use the same values as in hashcat or JtR.
That means, if you convert the cap to hccapx using --nonce-error-corrections=128
you must(!) use the same value in hashcat or in JtR!
The --time-error-corrections is the maximum allowed timegap between 2 messages
within the authentication.
Result: only one (the best !) handshake per combination mac_sta, mac_ap, ESSID.
No longer need to remove duplicates from your hashfile!
If you have bad reception, use higher values for both options!
That makes us more flexible and brings us more crackable handshakes (~20% more).
And keep in mind:
The quality of a hccapx file is based solely on on the skills of the attack tool and the conversion tool.
If the attacker or the dumper fails - the hccapx will be crappy (even on a messagepair M1M2M3M4)!
But nevertheless, I added an option to convert to raw handshakes (all handshakes):
-O <file> : output raw hccapx file