New 22000 mode is USELESS GARBAGE
#11
maybe its just the same old opencl 1.2 problem

@listbunny
what is the outpt of hashcat -I

if it tells you pocl 1.2 or anything else below 2.0 thats your problem
Reply
#12
My laptop says OpenCL 2.0 pocl 1.8 yet it was able to crack the example when the correct hash was provided, and my desktop got always newest CUDA so I don't think this is the reason.

I think I need to just debug this by tiny little steps, something is still off. Feel free to throw at me some docs and references or even books that I may need to know. It may take me some time, but this bugs me like hell and I just have to figure it out.

Today I was running hcxdumptool with filtered the same mac as before for an entire day, and it didn't cap anything except the basic wildcard beacons. I've checked it via wireshark and there was just nothing else. Yesterday I have managed to actually crash my router a few times, so there is also some nasty DOS possible because the router software seems kinda bugged too. I will have a lot of stuff to research but maybe at least I will learn something new.
Reply
#13
BTW:
A good wordlist:
https://3wifi.stascorp.com/3wifi-dic-2022-03-03.7z
updated every three month and announced here:
https://3wifi.stascorp.com/

as well as this small ones (updated several times a day):
https://wpa-sec.stanev.org/dict/cracked.txt.gz
https://wpa-sec.stanev.org/dict/rkg.txt.gz
recovered from uploaded dump files here:
https://wpa-sec.stanev.org
Reply
#14
Hi! this may sound stupid but how can i get the protect.bpf have a list with multiple SSIDs?

Is it
(1) Concat with: not wlan addr1 AP1 or not wlan addr2 AP1 > protect.bpfc; not wlan addr1 AP2 or not wlan addr2 AP2 >> protect.bpfc

where APx is the format (aa22ddcceedd)

When I do a rca scan the bpfc filter only works if i am using only one protected AP - for multiple i am unable to get it working. rca scan with multiples in bpfc still shows all procted APs.

thank you very much !
Reply
#15
The key word is "and" because you want to protect MAC addr1 and MAC addr2 and MAC addrX.
Code:
create BPF to protect a MAC
$ tcpdump -i <interface> not wlan addr3 11:22:33:44:55:66 and not wlan addr2 11:22:33:44:55:66 -ddd > protect.bpf
where addr3 protect ACCESS POINTs and addr2 protect CLIENTs
recommended to protect own devices

example:
AP1 = 11:22:33:44:55:66
AP2 = 22:22:33:44:55:66
AP3 = 33:22:33:44:55:66

sudo tcpdump -i wlp3s0f0u1
not wlan addr3 11:22:33:44:55:66 and not wlan addr3 22:22:33:44:55:66 and not wlan addr3 33:22:33:44:55:66 > -ddd > own.bpfc
This BPF protect all frames containing BSSID in ADDR 3 field.

sudo tcpdump -i wlp3s0f0u1
not wlan addr3 11:22:33:44:55:66 and not wlan addr3 22:22:33:44:55:66 and not wlan addr3 33:22:33:44:55:66
and not wlan addr2 11:22:33:44:55:66 and not wlan addr2 22:22:33:44:55:66 and not wlan addr2 33:22:33:44:55:66 >
-ddd > own.bpfc
This BPF protect all frames containing BSSID in addr2 and addr3 field.

It is important to understand the purpose of the address fields to code a BPF.
If an AP transmit you can expect its MAC in addr2 and addr3 but never in addr1.
The address fields are explained here:
https://www.researchgate.net/figure/8021..._220205363
Reply
#16
thank you so much! After several years trying and testing with hcx tools I am still impressed by your supportness and kindness. Keep up the great work and spirit. Happy new year to you all.
Reply
#17
You're welcome.

BTW:
The usage of the address fields in MAC header depend on the type of the frames:
https://howiwifi.com/2020/07/13/802-11-f...d-formats/

Some frames only use addr1, some frames only use addr1 and addr2, some frames use addr1, addr2 and addr3 and some frames use addr1 - addr4.
If you want to protect a CLIENT you have to use addr2 to protect it. Please notice that the BPF will fail if MAC randomization is in use. Most of the CLIENTs use MAC randomization because it prevent tracking. Unfortunately it also prevent that you can protect this CLIENTs.
Reply
#18
(01-03-2023, 07:57 PM)ZerBea Wrote: You're welcome.

BTW:
The usage of the address fields in MAC header depend on the type of the frames:
https://howiwifi.com/2020/07/13/802-11-f...d-formats/

Some frames only use addr1, some frames only use addr1 and addr2, some frames use addr1, addr2 and addr3 and some frames use addr1 - addr4.
If you want to protect a CLIENT you have to use addr2 to protect it. Please notice that the BPF will fail if MAC randomization is in use. Most of the CLIENTs use MAC randomization because it prevent tracking. Unfortunately it also prevent that you can protect this CLIENTs.

Please know that your advanced knowledge and generosity in the sharing of it do not go unrecognized. You truly are some kind of "cyber-hero". Thank You! (Vielen danke!)
Reply