05-15-2020, 10:34 PM
How does hcxdumptool work with WPA3?
It only detect the AUTHENTICATION.
Do you reuse tools from Dragloblood?
No, this tools are useless, because they require at least unprivileged access to the victim.
Handshakes and PMKID extraction is no longer possible?
It is possible, but I deactivated it (KDV 0 - Authentication Key Management defined) in hcxdumptool and hcxpcapngtool, because hashcat has no hash mode to recover the pre-shared key.
WPA3 PMK calculation - totally different to WPA1/WPA2:
KCK || PMK = KDF-512(keyseed, "SAE KCK and PMK", (commit-scalar + peer-commit-scalar) modulo r)
WPA3 PMKID calculation - totally different to WPA2:
PMKID = L((commit-scalar + peer-commit-scalar) modulo r, 0, 128)
It only detect the AUTHENTICATION.
Do you reuse tools from Dragloblood?
No, this tools are useless, because they require at least unprivileged access to the victim.
Handshakes and PMKID extraction is no longer possible?
It is possible, but I deactivated it (KDV 0 - Authentication Key Management defined) in hcxdumptool and hcxpcapngtool, because hashcat has no hash mode to recover the pre-shared key.
WPA3 PMK calculation - totally different to WPA1/WPA2:
KCK || PMK = KDF-512(keyseed, "SAE KCK and PMK", (commit-scalar + peer-commit-scalar) modulo r)
WPA3 PMKID calculation - totally different to WPA2:
PMKID = L((commit-scalar + peer-commit-scalar) modulo r, 0, 128)