Hi RashidMalik.
Q1:
I analyzed several handshakes and found out that the anonce (nonce of an AP) isn't random.
If we captured more than on M1 and/or M3 we are able to calculate a complete anonce for that case, if we have a packetloss (wireshark, tcpdump, aircrack-ng, kismet didn't capture that M1 and/or M3 we need to calculate a valid hash). The value of --nonce-error-corrections determines how many packetlosses we are able to correct (depending on the type of the router: big endian or lower endian router type). Default value for hashcat and hcxtools is 8 * (+/-/LE/BE).
Does converting a cap file to hccapx file causes it.
Not, if you use hcxtools.
What does hashcat do when we tell it to do a nonceerrorcorrection?
it multipies the hashes by nonce-error-corrections 8 * (+/-/LE/BE). In other words: the compare kernel has more to do and speed will drop a little bit.
hcxpcaptool AP-less handshakes doesn't requiere nonce-error-corrections. You can set this value to 0
john requiere an external tool to handle this (Magnum called it nonce fuzzing):
https://github.com/magnumripper/JohnTheR...ssues/2773
https://github.com/magnumripper/JohnTheRipper/pull/3187
Q2 is simple to answer:
hcxdumptool is designed for primary use on a raspberry (display less and speed optimzed for smaller CPUs).
That includes also a limited status output. I count in cpu cycles to perform some attacks, so I haven't the time
for a beautiful status output and some nice (but not for an attack necessary) additional functions.
Q1:
I analyzed several handshakes and found out that the anonce (nonce of an AP) isn't random.
If we captured more than on M1 and/or M3 we are able to calculate a complete anonce for that case, if we have a packetloss (wireshark, tcpdump, aircrack-ng, kismet didn't capture that M1 and/or M3 we need to calculate a valid hash). The value of --nonce-error-corrections determines how many packetlosses we are able to correct (depending on the type of the router: big endian or lower endian router type). Default value for hashcat and hcxtools is 8 * (+/-/LE/BE).
Does converting a cap file to hccapx file causes it.
Not, if you use hcxtools.
What does hashcat do when we tell it to do a nonceerrorcorrection?
it multipies the hashes by nonce-error-corrections 8 * (+/-/LE/BE). In other words: the compare kernel has more to do and speed will drop a little bit.
hcxpcaptool AP-less handshakes doesn't requiere nonce-error-corrections. You can set this value to 0
john requiere an external tool to handle this (Magnum called it nonce fuzzing):
https://github.com/magnumripper/JohnTheR...ssues/2773
https://github.com/magnumripper/JohnTheRipper/pull/3187
Q2 is simple to answer:
hcxdumptool is designed for primary use on a raspberry (display less and speed optimzed for smaller CPUs).
That includes also a limited status output. I count in cpu cycles to perform some attacks, so I haven't the time
for a beautiful status output and some nice (but not for an attack necessary) additional functions.