hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Hi RashidMalik.

I analyzed several handshakes and found out that the anonce (nonce of an AP) isn't random.
If we captured more than on M1 and/or M3 we are able to calculate a complete anonce for that case, if we have a packetloss (wireshark, tcpdump, aircrack-ng, kismet didn't capture that M1 and/or M3 we need to calculate a valid hash). The value of --nonce-error-corrections determines how many packetlosses we are able to correct (depending on the type of the router: big endian or lower endian router type). Default value for hashcat and hcxtools is 8 * (+/-/LE/BE).

Does converting a cap file to hccapx file causes it.
Not, if you use hcxtools.

What does hashcat do when we tell it to do a nonceerrorcorrection?
it multipies the hashes by nonce-error-corrections  8 *  (+/-/LE/BE). In other words: the compare kernel has more to do and speed will drop a little bit.
hcxpcaptool AP-less handshakes doesn't requiere nonce-error-corrections. You can set this value to 0
john requiere an external tool to handle this (Magnum called it nonce fuzzing):

Q2 is simple to answer:
hcxdumptool is designed for primary use on a raspberry (display less and speed optimzed for smaller CPUs).
That includes also a limited status output. I count in cpu cycles to perform some attacks, so I haven't the time
for a beautiful status output and some nice (but not for an attack necessary) additional functions.

Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 05-22-2018, 10:27 AM