hashcat v6.2.0
#31
Sweet, thanks! So overhead of using 40x extra hashed is 40%. Still, would you agree that saving timestamp in hash file and ability to sort/filter by it would be nice?

Also could you search for oui.txt in current directory too? Some of us are still on Windows ;-)
Reply
#32
The procces to recover a PSK from a PMKID or a MESSAGEPAIR is divided into two parts.
A slow part which take most of the GPU cycles:
calculate the PMK by PBKDF2 function

And a fast part:
verify the calculated PMK by PMKID (HMAC_SHA1_128)
or
verify the calculated PMK by MIC, which is slower than verifying the PMK by PMKID because this is additional divided into two parts:
part one:
calculate PTK from PMK by HMAC function
part two:
verify PTK by MIC HMAC_MD5, HMAC_SHA1_128, AES_128_CBC according to WPA1, WPA2, WPA2 keyver 3))

The formulas:

Code:
Part one:
PMK = PBKDF2(PSK, ESSID, 4096)
the same on PMKID and on MIC (from EAPOL MESSAGEPAIRs) of WPA1, WPA2 and WPA2 keyversion 3

Part two on PMKID:
PMKID = HMAC_SHA1_128(PMK, “PMK Name” + AP_MAC + CL_MAC)

Part two on MIC:
PTK = CustomPRF(PMK, "Pairwise key expansion", SUM(CL_MAC, AP_MAC, SNONCE, ANONCE))
the same on WPA1 and WPA2 (SHA1_128), but not on WPA2 keyversion 3 (SHA1_256)
KCK = PTK[0:16]
MIC = HMAC_MD5(KCK, payload) on WPA1
MIC = HMAC_SHA1(KCK, payload) on WPA2
MIC = HMAC_AES_128_CBC(KCK, payload) on WPA2 keyversion 3

Please read this related comment:
https://github.com/hashtopolis/server/is...-749482259

If we, e.g., skip the slow PBKDF2 part, we are really fast:
https://hashcat.net/forum/thread-10253-p...l#pid53647

So, regarding this, 40x extra hashed is 40% is not correct.
Please take a look at the elapsed time, which will confirm this:
Code:
0/887 (0.00%) Digests
real    0m7,271s
vs
0/20 (0.00%) Digests
real    0m5,291s
I run the test on a hash file that contain
the same ESSID on all hash lines
one or more MESSAGEPAIRs and PMKIDs of the same NETWORK
one or more MESSAGEPAIRs and PMKIDs of different NETWORKs running the same ESSID.

The hash line only contain fields/values that are mandatory to calculate/recover the PSK.
The timestamp is not mandatory.
If the admin change the PSK or the ESSID, your old hash lines are useless for you.
I strongly recommend to capture new traffic rather than to use old hash files.

Hashcat doesn't need an oui file to recover the PSK and
hcxdumdptool/hcxlabtool/hcxtools is Linux only.
The two default folders to search for the oui file are:
Code:
local: $HOME/.hcxtools/oui.txt
system wide: /usr/share/ieee-data/oui.txt
following this philosophy:
https://hashcat.net/forum/thread-10253-p...l#pid53612

BTW:
To successful recover a PSK it is mandatory, that you understand the whole process of AUTHENTICATION rather than doing unnecessary formatting on hash lines.
Reply
#33
(09-29-2021, 08:08 AM)ZerBea Wrote: So, regarding this, 40x extra hashed is 40% is not correct.

Please take a look at the elapsed time, which will confirm this:

Code:
0/887 (0.00%) Digests
real    0m7,271s
vs
0/20 (0.00%) Digests
real    0m5,291s

What is my mistake?
7271/5291=1.3742~=40%

Quote:The hash line only contain fields/values that are mandatory to calculate/recover the PSK.

The timestamp is not mandatory.

Agree, I said "nice", not "mandatory"

Quote:If the admin change the PSK or the ESSID, your old hash lines are useless for you.

I strongly recommend to capture new traffic rather than to use old hash files.

Definitely true but not always possible for multiple reasons 

Quote:hcxdumdptool/hcxlabtool/hcxtools is Linux only.

Why such a restriction? Me and probably some other folks are very happy using it under Windows ;-)

Quote:The two default folders to search for the oui file are:

Code:
local: $HOME/.hcxtools/oui.txt
system wide: /usr/share/ieee-data/oui.txt

following this philosophy:
https://hashcat.net/forum/thread-10253-p...l#pid53612

Sorry but these directories don't look like a good KISS example, current dir and the one where executable is located, do.  Anyway, your choice is well noted and respected

Quote:To successful recover a PSK it is mandatory, that you understand the whole process of AUTHENTICATION rather than doing unnecessary formatting on hash lines.

Absolutely, that's why I appreciated YOUR work so much!
Reply
#34
"7271/5291=1.3742~=40%"
Not a mistake. Regarding the elapsed time only, your math is correct.
But you have to include the number of the hashes and the calculation time of them [PBKDF2, PMKID and/or (PTK and MIC)], too:
20 hashes in 0m5,291s vs 887 hashes in 0m7,271s = +0m1,980 for +867 hashes
You have to pay the price (PBKDF2, slow) only once.
Than hashcat re-use the calculated PMK to verify the PMKID (fast due to one function) or the MIC (half as fast due to two functions) on each hash.

"Sorry but these directories don't look like a good KISS example, current dir and the one where executable is located, do. Anyway, your choice is well noted and respected"
On Linux file hierarchy, the directories for binaries and non-binaries are mandatory.
Please read more about the Linux file hierarchy here:
https://www.man7.org/linux/man-pages//ma...chy.7.html
or here
https://www.geeksforgeeks.org/linux-file...structure/
E.g. on Arch Linux (which is my preferred distribution), hcxtools (which are part of this distribution) are located in this directories:
https://archlinux.org/packages/community...ols/files/
I don't allow to download oui.txt into that directory.

"Why such a restriction? Me and probably some other folks are very happy using it under Windows"
That is simple to answer: I don't have/use Windows and I never used it.
All my machines running Arch Linux
https://archlinux.org/
or (Raspberry Pi)
https://archlinuxarm.org
or (some older machines)
https://www.archlinux32.org/
with the exception of my Smart Phones, which are running Lineage:
https://lineageos.org/

Why I prefer Arch (Linux)? The answer is simple, too:
Let us say, I detect an issue and report it to the Arch bug tracker.
I can be sure, it will receive a fix as soon as possible:
https://bugs.archlinux.org/task/72153
Let us say, I detect an issue on Linux kernel (e.g. driver) and report it to the Linux bug tracker.
I can be sure, it will receive a fix as soon as possible:
https://bugzilla.kernel.org/show_bug.cgi?id=205305

To get hcxdumptool/hcxtools, the only thing an Arch Linux user has to do is to use the package manager (pacman) to install it:
On Arch Linux:
$ sudo pacman -Syu hcxdumptool hcxtools
On Arch Linux Arm:
$ sudo pacman -Syu hcxdumptool hcxtools
On Arch Linux 32:
$ sudo pacman -Syu hcxdumptool hcxtools
From now on, he will receive every new version by Arch Linux update.
Reply
#35
"Your code - your rules", so no complains, just respect. You've got yourself very appropriate avatar ;-)
Reply
#36
"Your code"
I fully agree.

"Your rules"
No. Linux rules, because it is an open source kernel (except of some firmware blobs)
https://git.kernel.org/
and it is well documented (content of every function from void to return instead of some comments on single API calls).
https://www.kernel.org/doc/html/latest/

In contrast to Windows:
https://www.answers.com/Q/What_is_propri...ing_system
Reply
#37
Just released minor hashcat update to v6.2.5.

This release adds performance improvements, a new rule-engine function, several new hash-modes, and bug fixes.

This is a minor release. If you are looking for release notes please refer to docs/changes.txt.

The next major update v6.3.0 will contain a list of all changes from 6.2.x -> 6.3.0.
Reply
#38
(11-21-2021, 05:52 PM)atom Wrote: Just released minor hashcat update to v6.2.5.

This release adds performance improvements, a new rule-engine function, several new hash-modes, and bug fixes.

This is a minor release. If you are looking for release notes please refer to docs/changes.txt.

The next major update v6.3.0 will contain a list of all changes from 6.2.x -> 6.3.0.


Hi. atom
V6.2.5 I tested it with NVIDIA GeForce RTX series equipment, and it seems to look good. Several bugs that occurred in the old version have been fixed, and it seems that there is no problem at all.  very good

But during the test of amd series devices, sometimes it appears that the keyboard and mouse are all out of control, and nothing happens.  can only disconnect the power and restart the device.

When the program works to this step, sometimes it will appear that the keyboard and mouse are all out of control.
Code:
starting autotune please be patient
Reply
#39
(11-21-2021, 05:52 PM)atom Wrote: Just released minor hashcat update to v6.2.5.

This release adds performance improvements, a new rule-engine function, several new hash-modes, and bug fixes.

This is a minor release. If you are looking for release notes please refer to docs/changes.txt.

The next major update v6.3.0 will contain a list of all changes from 6.2.x -> 6.3.0.

Big fan of your work!
Does hashcat export microsoft account Pword/PIN hashes yet? Or will it only ever be for local users?
Reply
#40
@atom
Could you kindly explain why initializing of Hashcat v6.2.5 takes so long time (about 16 minutes, in my case).
v5.1.0 is much faster on the same laptop.
Yes, I understand that my laptop is not the best system for cracking passwords.
Rather, it is suitable for hobby/home study.
Please see https://hashcat.net/forum/thread-10548.html
Reply