hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
(02-08-2020, 12:56 PM)ZerBea Wrote: The TP-LINK Archer T2UH is working out of the box running kernel >= 4.19 and there are no additional driver necessary.

$ lsusb
ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G WLAN Adapter

Running a kernel < 5.5.2 the interface name is wlanX because the patch for this issue isn't back ported, yet.
https://bugzilla.kernel.org/show_bug.cgi?id=205305

Running kernel 5.5.2, the interface name is correct:
$ uname -r
5.5.2-arch1-1

$ hcxdumptool -I
wlan interfaces:
503eaaa08f6f wlp39s0f3u3u1u2 (mt76x0u)

The content of the dump file (Raspberry Pi Zero) is as expected:
Code:
$ hcxpcapngtool 202002041459.pcapng
summary capture file
--------------------
file name................................: 202002041459.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 4.19.97-1-ARCH
application..............................: hcxdumptool 6.0.1
interface name...........................: wlan0
interface vendor.........................: 503eaa
weak candidate...........................: 12345678
MAC ACCESS POINT.........................: 980ee4769225 (incremented on every new client)
MAC CLIENT...............................: c8aacc13c229
REPLAYCOUNT..............................: 64335
ANONCE...................................: e4afe682bee0da2829e8780800e720e001ce7af840ad3401904a2e2e36a3685b
SNONCE...................................: aec9e891edf4da663b6dc3a563f5d185916751b8d99a555de98852ad95d585e8
timestamp minimum (GMT)..................: 04.02.2020 14:59:15
timestamp maximum (GMT)..................: 04.02.2020 15:00:18
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianess (capture system)...............: little endian
packets inside...........................: 128
BEACON (total)...........................: 7
PROBERESONSE.............................: 6
AUTHENTICATION (total)...................: 4
AUTHENTICATION (OPEN SYSTEM).............: 4
EAPOL messages (total)...................: 107
EAPOL RSN messages.......................: 107
ESSID (total unique).....................: 7
EAPOL M1 messages........................: 107
PMKID (total)............................: 24
PMKID (best).............................: 1

The content of a dump file, running kernel 5.5.2 on an INTEL system is as expected, too:
Code:
$ hcxpcapngtool *.pcapng
reading from 202002081140.pcapng...

summary capture file
--------------------
file name................................: 202002081140.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 5.5.2-arch1-1
application..............................: hcxdumptool 6.0.1
interface name...........................: wlp0s20f0u3
interface vendor.........................: 503eaa
weak candidate...........................: 12345678
MAC ACCESS POINT.........................: 0086a0a67e30 (incremented on every new client)
MAC CLIENT...............................: dc7014286317
REPLAYCOUNT..............................: 63641
ANONCE...................................: 0f7bbac2bec9a7e9a5d23aafeba8f66f67625f1147b241e5bd27789165920be0
SNONCE...................................: 165df36ea2156576a14040190eadd1856aa1251edaee1ce6b87857e4b9db0372
timestamp minimum (GMT)..................: 08.02.2020 11:50:51
timestamp maximum (GMT)..................: 08.02.2020 11:50:58
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianess (capture system)...............: little endian
packets inside...........................: 413
BEACON (total)...........................: 34
PROBEREQUEST.............................: 6
PROBERESONSE.............................: 29
AUTHENTICATION (total)...................: 24
AUTHENTICATION (OPEN SYSTEM).............: 24
REASSOCIATIONREQUEST (total).............: 1
REASSOCIATIONREQUEST (PSK)...............: 1
EAPOL messages (total)...................: 301
EAPOL RSN messages.......................: 301
ESSID (total unique).....................: 31
EAPOL M1 messages........................: 301
PMKID (total)............................: 86
PMKID (useless)..........................: 19
PMKID (best).............................: 5


not working on AMD RYZEN systems if connected to USB 3 port, because of this kernel issue:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
Code:
[16300.890097] mt76x0u 5-3.1.2:1.0: ASIC revision: 76100002 MAC revision: 76502000
[16301.239555] mt76x0u 5-3.1.2:1.0: EEPROM ver:02 fae:01
[16301.578393] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[16301.595805] mt76x0u 5-3.1.2:1.0 wlp39s0f3u3u1u2: renamed from wlan0
[16316.881303] device wlp39s0f3u3u1u2 entered promiscuous mode
[16316.881347] audit: type=1700 audit(1581158632.980:189): dev=wlp39s0f3u3u1u2 prom=256 old_prom=0 auid=1000 uid=0 gid=0 ses=2
[16316.882150] mt76x0u 5-3.1.2:1.0: tx urb failed: -71
[16316.882187] mt76u_complete_rx: 1989 callbacks suppressed
[16316.882190] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882227] mt76x0u 5-3.1.2:1.0: tx urb failed: -71
[16316.882267] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882346] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882426] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882505] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882586] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882666] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882745] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882825] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.882905] mt76x0u 5-3.1.2:1.0: rx urb failed: -71
[16316.911559] usb 5-3.1.2: USB disconnect, device number 8
[16316.911980] xhci_hcd 0000:27:00.3: WARN Cannot submit Set TR Deq Ptr
[16316.911982] xhci_hcd 0000:27:00.3: A Set TR Deq Ptr command is pending.
[16316.921294] mt76x0u 5-3.1.2:1.0: mac specific condition occurred
[16316.948240] device wlp39s0f3u3u1u2 left promiscuous mode

Thanks, something musk be missing.. what I got:

root@raspberrypi:/home/pi# lsusb
Bus 001 Device 004: ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G WLAN Adapter

root@raspberrypi:/home/pi# iwconfig
eth0      no wireless extensions.
lo        no wireless extensions.

root@raspberrypi:/home/pi# uname -r
4.19.97-v7+
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by powermi - 02-08-2020, 01:32 PM