New hccapx format explained
#46
(03-10-2017, 11:58 AM)atom Wrote: For short readers: Everything is fine here. For all others, here's our analysis:

The Handshake in the cap has the following entries:

M1 and M2 from the first handshake
M1, M2, M3 and M4 from the second handshake.

The evil about this is that the ReplayCounter was always set to 4. That is kind of a bad behavior from the AP, but hashcat can deal with it. So it created the following hanshakes:

M1 + M2 of the first handshake
M1 + M2 of the second handshake
M2 + M3 of the second handshake.

Those are fine, and they all have been cracked with hashcat. There's also

M1 of the first and M2 of the second handshake.

The cap2hccapx tool exported it correctly, because the AP marked both with ReplayCounter 4, which caused by the deauth attack spam. So it's not possible to crack this, but that's the price to pay in general. We export more handshakes than required just to make sure that there's at least one that is cracking. It doesn't cost us any performance to check 4 or 1, because the calculation is done after the PBKDF2.

Thanks for the info, atom.

My newbie question still remains, however. How come I was able to crack it as a .hccap but not as a .hccapx?

.hccap was generated by aircrack-ng
.hccapx was generated with the cap2hccapx.exe tool (Windows)

Also.. what do you mean by "Those are fine, and they all have been cracked with hashcat." I just got "hashcat exhausted"....


Messages In This Thread
New hccapx format explained - by atom - 02-06-2017, 10:29 PM
RE: New hccapx format explained - by martin.po21 - 02-06-2017, 11:39 PM
RE: New hccapx format explained - by atom - 02-07-2017, 11:28 AM
RE: New hccapx format explained - by rico - 02-07-2017, 01:01 AM
RE: New hccapx format explained - by atom - 02-07-2017, 11:49 AM
RE: New hccapx format explained - by atom - 02-07-2017, 12:09 PM
RE: New hccapx format explained - by rico - 02-07-2017, 12:25 PM
RE: New hccapx format explained - by atom - 02-07-2017, 12:29 PM
RE: New hccapx format explained - by rico - 02-07-2017, 10:20 PM
RE: New hccapx format explained - by c4p0ne - 02-08-2017, 02:57 PM
RE: New hccapx format explained - by c4p0ne - 02-08-2017, 06:39 PM
RE: New hccapx format explained - by rico - 02-08-2017, 06:45 PM
RE: New hccapx format explained - by c4p0ne - 02-08-2017, 07:13 PM
RE: New hccapx format explained - by rico - 02-08-2017, 07:17 PM
RE: New hccapx format explained - by atom - 02-08-2017, 09:45 PM
RE: New hccapx format explained - by c4p0ne - 02-08-2017, 11:37 PM
RE: New hccapx format explained - by atom - 02-09-2017, 10:51 AM
RE: New hccapx format explained - by c4p0ne - 02-09-2017, 01:48 PM
RE: New hccapx format explained - by philsmd - 02-09-2017, 02:15 PM
RE: New hccapx format explained - by c4p0ne - 02-09-2017, 10:35 PM
RE: New hccapx format explained - by philsmd - 02-10-2017, 10:51 AM
RE: New hccapx format explained - by c4p0ne - 02-10-2017, 06:42 PM
RE: New hccapx format explained - by abdou99 - 02-10-2017, 12:03 PM
RE: New hccapx format explained - by philsmd - 02-10-2017, 02:20 PM
RE: New hccapx format explained - by abdou99 - 02-10-2017, 02:29 PM
RE: New hccapx format explained - by atom - 02-10-2017, 03:09 PM
RE: New hccapx format explained - by c4p0ne - 02-11-2017, 10:24 PM
RE: New hccapx format explained - by hawaii - 02-15-2017, 06:05 AM
RE: New hccapx format explained - by atom - 02-15-2017, 09:01 PM
RE: New hccapx format explained - by hawaii - 02-15-2017, 09:08 PM
RE: New hccapx format explained - by atom - 02-15-2017, 09:25 PM
RE: New hccapx format explained - by c4p0ne - 02-16-2017, 08:28 PM
RE: New hccapx format explained - by TheFool - 03-09-2017, 06:50 PM
RE: New hccapx format explained - by atom - 02-16-2017, 09:29 PM
RE: New hccapx format explained - by c4p0ne - 02-16-2017, 10:06 PM
RE: New hccapx format explained - by rico - 02-16-2017, 11:25 PM
RE: New hccapx format explained - by abdou99 - 02-26-2017, 01:52 PM
RE: New hccapx format explained - by TNO - 02-26-2017, 07:21 PM
RE: New hccapx format explained - by rico - 02-26-2017, 10:56 PM
RE: New hccapx format explained - by abdou99 - 03-09-2017, 07:10 PM
RE: New hccapx format explained - by TheFool - 03-09-2017, 07:17 PM
RE: New hccapx format explained - by c4p0ne - 03-09-2017, 09:48 PM
RE: New hccapx format explained - by TheFool - 03-10-2017, 01:40 AM
RE: New hccapx format explained - by c4p0ne - 03-10-2017, 02:24 AM
RE: New hccapx format explained - by atom - 03-10-2017, 11:58 AM
RE: New hccapx format explained - by TheFool - 03-11-2017, 07:06 AM
RE: New hccapx format explained - by atom - 03-11-2017, 09:50 PM
RE: New hccapx format explained - by oayz - 09-05-2017, 11:50 PM
RE: New hccapx format explained - by undeath - 12-24-2017, 03:41 PM