Posts: 2
Threads: 1
Joined: Dec 2022
12-09-2022, 05:57 PM
(This post was last modified: 12-09-2022, 06:06 PM by h9k.)
Hello,
I would like to understand how the hc22000 format result can be used to manual calculate the known PSK.
As we already known the hc22000 format is:
case#1 - WPA*01*PMKID*MAC_AP*MAC_CLIENT*ESSID***
case#2 - WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR
Manual check:
case#1 it is very simple to know if the PSK is right as we need to compare the PMKID in hc22000 file with the formula PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA), where PMK=PBKDF2(PSK, SSID, 4096,32))
case#2 I do not understand how hashcat can find the right PSK as the SNonce is missing in the hc22000
For the 4-Way handshake:
First there is a value called PMK. (PMK=PBKDF2(PSK, SSID, 4096,32)).
PTK is derived from PMK as follows:
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.
in the hc22000 case#2 the SNonce and data are not present!
Sorry if I post maybe a silly question but I would like to learn more. Can you please help?
Thanks!
Posts: 2
Threads: 1
Joined: Dec 2022
12-23-2022, 02:19 PM
(This post was last modified: 12-23-2022, 02:19 PM by h9k.)
in general, how hashcat compare the list of PSK with the WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR in the hc22000 format?
What is the algorithm?
Posts: 1,044
Threads: 2
Joined: Jun 2017
12-23-2022, 05:10 PM
(This post was last modified: 12-23-2022, 05:15 PM by ZerBea.)
This is done by three algorithms:
first: PBKDF2 to get the PMK from ESSID and PSK (on all versions WPA1, WPA2, WPA2 keyversion 3)
PMK = PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256)
second: HMAC to get the PTK from PMK, MAC_AP, MAC_CLIENT, ANONCE and SNONCE
HMAC-SHA1 to get the PTK (WPA1 and WPA2)
HMAC-SHA256 to get the PTK (WPA2 keyversion 3)
third: (HMAC or CMAC) to get the MIC (from PTK and entire EAPOL_CLIENT message [M2])
HMAC-MD5 to get the MIC (WPA1)
HMAC-SHA1 to get the MIC (WPA2)
CMAC AEC-128CBC toe get the MIC (WPA2 key version 3))
After this, the calculated MIC is compared to the MIC in field 3 of the hash line. If it matches, the PSK is correct.
Posts: 1,044
Threads: 2
Joined: Jun 2017
12-23-2022, 08:34 PM
(This post was last modified: 12-23-2022, 08:52 PM by ZerBea.)
Your question is not silly. The entire 802.11 stuff is quite difficult to understand.
The SNONCE is not missing in a hc22000 line. It is inside the EAPOL field.
Example taken from here:
https://hashcat.net/wiki/doku.php?id=example_hashes
Code:
WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2
First some information about the hash line:
Code:
$ hcxhashtool -i test.hc22000 --info=stdout
SSID.......: TP-LINK_HASHCAT_TEST
MAC_AP.....: 6466b38ec3fc (TP-LINK TECHNOLOGIES CO.,LTD.)
MAC_CLIENT.: 225edc49b7aa (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 1
RC INFO....: NC suggested
MP M2M3 E2.: authorized
MIC........: 024022795224bffca545276c3762686f
HASHLINE...: WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2
EAPOL MESSAGE taken from field 8:
Code:
0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000
displayed in Wireshark format:
Code:
802.1X Authentication
Version: 802.1X-2001 (1)
Type: Key (3)
Length: 117
Key Descriptor Type: EAPOL RSN Key (2)
[Message number: 2]
Key Information: 0x010a
Key Length: 0
Replay Counter: 1
WPA Key Nonce: 48ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171
Key IV: 00000000000000000000000000000000
WPA Key RSC: 0000000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: 024022795224bffca545276c3762686f
WPA Key Data Length: 22
WPA Key Data: 30140100000fac040100000fac040100000fac028000
and final the calculated/confirmed keys:
Code:
$ hcxpmktool -l WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2 -p hashcat!
HASH FORMAT.: EAPOL (WPA*02)
ESSID.......: TP-LINK_HASHCAT_TEST
MAC_AP......: 6466b38ec3fc
MAC_CLIENT..: 225edc49b7aa
PSK.........: hashcat!
PMK.........: 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82 (calculated)
KEY VERSION.: WPA2
NONCE AP....: 10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e
NONCE CLIENT: 48ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171
KCK.........: 57d0f2ff5faef56f9b94390aebf4474d (calculated)
KEK.........: 9913af266f6e00225edc49b7aa6466b3 (calculated)
TK..........: 8ec3fc10e3be3b005a629e89de088d6a (calculated)
TKIP TX MIC.: 2fdc489db83ad476 (calculated)
TKIP RX MIC.: 4f2d186b9cde1544 (calculated)
MIC.........: 024022795224bffca545276c3762686f (confirmed)
PMKID.......: e7b71e94595346b4c5e084cbf7ac328e (calculated)
The PTK is composed of KCK + KEK + TK + TKIP TX MIC + TKIP RX MIC
Once we got the PMK, it is easy to calculate a matching PMKID, too.
confirm the PMK:
Code:
$ wlangenpmk -e TP-LINK_HASHCAT_TEST -p hashcat!
essid (networkname)....: TP-LINK_HASHCAT_TEST
password...............: hashcat!
plainmasterkey (SHA1)..: 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82
Posts: 6
Threads: 0
Joined: Nov 2023
I understood the whole stuff but didn't understood that how to know what is the hash type of my psk
I have WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR
Now how to determine the hash type as it is not recognised by hash identifier or any online tool ?
I want to brootforce the above .hc22000 file but without knowing the hash type/algorithm it will take more time.
So will u plzz let me know how to determine the hash algorithm of wpa2 .hc22000 .
I am sorry if I post an silly question.
Posts: 69
Threads: 2
Joined: Dec 2021
11-30-2023, 06:46 PM
(This post was last modified: 11-30-2023, 06:55 PM by v71221.)
You can upload hash to this site, for example
https://www.onlinehashcrack.com/hash-identification.php
For hash-mode 22000 it'll say
Your hash may be one of the following:
WPA PBKDF2 (PMKID/EAPOL)
In addition, hashcat tries to automatically detect the hash mode if you omit
-m
Code:
Hash-mode was not specified with -m. Attempting to auto-detect hash mode.
The following mode was auto-detected as the only one matching your input hash:
22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocol
NOTE: Auto-detect is best effort. The correct hash-mode is NOT guaranteed!
Do NOT report auto-detect issues unless you are certain of the hash type.
Try to play with example hashes
https://hashcat.net/wiki/doku.php?id=example_hashes
Run this example:
Code:
hashcat -a 3 -m 22000 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2" "hashcat!"
Posts: 69
Threads: 2
Joined: Dec 2021
Hope you understand.
If not, here's another example.
We know that the password consists of 8 digits, but we only know the last six digits.
The actual password is 12345678
Code:
hashcat -a 3 -m 22000 "WPA*01*ca5396d611cf330aebefd48ebbfb0e63*020000000001*020000000020*61703031***01" "?d?d345678"
https://hashcat.net/wiki/doku.php?id=brute_force_attack