Cracking a password present in wordlist doesn't work
#11
First, thanks for you time and patience, it is still a bit blurry to me ^^

So basically for my example above the WPA*02 line is not usable since the PSK was not authorized, if I bruteforce that one I might recover a wrong PSK. Am I right ?

And the 2 others WPA*01 comes from AP so the password might be find.

I am able to distiguinsh the differents parts of the output, you said the MP 10 is unauthorized, so i'm just checking the doc.

Code:
bitmask of message pair field EAPOL (WPA*02):
2,1,0:
000 = M1+M2, EAPOL from M2 (challenge)
001 = M1+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed
010 = M2+M3, EAPOL from M2 (authorized)
011 = M2+M3, EAPOL from M3 (authorized) - unused
100 = M3+M4, EAPOL from M3 (authorized) - unused
101 = M3+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed
3: reserved
4: ap-less attack (set to 1) - nonce-error-corrections not required
5: LE router detected (set to 1) - nonce-error-corrections required only on LE
6: BE router detected (set to 1) - nonce-error-corrections required only on BE
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections mandatory

From what i see there (which is obvisouly wrong) 010 is authorized, so I must missing a key somewhere
Reply
#12
(07-24-2023, 03:15 PM)ZerBea Wrote: BTW:
Regarding the default  key space of the examples (which is huge), it is nearly impossible to recover the PSK.
You need to reverse engineer the firmware

I'm not sure what you mean by that. here is the example of a wifi i was able to crack. Also contains 10 as a MP. Or am I looking at the wrong info? 
Which part is the default key space in my example that made you said that ?

Code:
WPA*02*f2669842745aa877b9ba43fdaf6a0347*ac84c914d3d8*002a2a5c0ac6*43495a4f*83cb1df39855193ced7a078c550033e19e7b0d89c1831983de91b157d84902c3*0103007502010a0000000000000000f608c3def9b4c94159504292f49ba78134b8f1bb6b8a63261ca51b16ad52c82cc9d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000*10
Reply
#13
> From what i see there (which is obvisouly wrong) 010 is authorized, so I must missing a key somewhere

The value in the explanation is binary while the value in the MESSAGEPAIRFIELD is HEX.
You have to convert it.

hex 10 == binary 00010000
regarding the matrix and reading the bits from the right to the left:
Code:
000 == M1M2 challenge
0    == reserved
1    == ap-less attack (set to 1) - nonce-error-corrections not required
0    ==  LE router detected (set to 1) - nonce-error-corrections required only on LE
0    ==  BE router detected (set to 1) - nonce-error-corrections required only on BE
0    ==  replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections mandatory
this MESSAGE PAIR is from a connect attempt (M1M2 challenge) from a CLIENT to hcxdumptool.

Default key space SFR_xxxx (vendor SFR):
?l?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

Default key space Livebox-xxxx (vendor Arcadyan):
?l?u?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

Default key space Livebox-xxxx (vendor SAGEMCOM):
?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H

impossible to recover by hashcat (even with a GPU farm).

BTW:
The hash from this comment
https://hashcat.net/forum/thread-11513-p...l#pid58698
Code:
WPA*02*f26698......
is easy to recover, because it is not the default PSK.
Took me only a few seconds to get it:
Code:
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: /tmp/x
Time.Started.....: Tue Jul 25 07:41:47 2023 (4 secs)
Time.Estimated...: Tue Jul 25 07:41:51 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   959.7 kH/s (6.31ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 3736554/10354402 (36.09%)
Rejected.........: 1002/3736554 (0.03%)
Restore.Point....: 3580884/10354402 (34.58%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 001AEF24D2F3 -> 737291Ol
Hardware.Mon.#1..: Temp: 53c Fan:  0% Util: 66% Core:2835MHz Mem:10802MHz Bus:16
Started: Tue Jul 25 07:41:47 2023
Stopped: Tue Jul 25 07:41:53 2023
Reply
#14
< So basically for my example above the WPA*02 line is not usable since the PSK was not authorized, if I bruteforce that one I might recover a wrong PSK. Am I right ?

if the MESSAGEPAIR ends with *x0 (CHALLENGE) and you have had recovered the PSK, it might be possible that the recovered PSK does not belong to the target NETWORK.
It could belong to a different NETWORK using the same ESSID or it could be a try from a CLIENT using a false PSK.

Only PMKIDs with MESSAGEPAIR 01 and EAPOL MESSAGEPAIRS with *x2 (binary: x0010)
or this, very rare cases (because SNONCE M4 is mostly zeroed):
*x1 (binary: x0001) are authorized.
*x5 (binary: x0101) are authorized.
EAPOL MESSAGEPAIRS with *x0 (binary: 0000) are challenges and could be everything (try, old PSK, wrong PSK, ...)

The entire 802.11 stuff is really hard core.
Also hcxdumptool/hcxtools is not easy to use, because it is designed to analyze and in combination with hashcat or JtR to break an entire system.
I'll say that you get much more information than the actual PSK of a target NETWORK.
That inlcude e.g. a complete PSK change history like this:
password2001 from MP *x0
password2002 from MP *x0
password2003 from MP *x0
password2004 from PMKID or MP 0x2

All PSKs are valid and hashcat is able to recover them.while password2004 is the actual PSK.

So it is absolutely normal, if still something is blurry for you.
Reply
#15
BTW:
Please (partly) mask your example hashes with xxxx, because it violate the forum rules to comment unmasked hashes.

Or use example hashes from here:
https://hashcat.net/wiki/doku.php?id=example_hashes
or example dump files from here:
https://wiki.wireshark.org/SampleCaptures
https://gitlab.com/wireshark/wireshark/-...leCaptures
https://github.com/wireshark/wireshark/t...t/captures

Everything can be explained and make things understandable using this examples mentioned above.
Reply
#16
(07-25-2023, 08:27 AM)ZerBea Wrote: BTW:
Please (partly) mask your example hashes with xxxx, because it violate the forum rules to comment unmasked hashes.

Or use example hashes from here:
https://hashcat.net/wiki/doku.php?id=example_hashes
or example dump files from here:
https://wiki.wireshark.org/SampleCaptures
https://gitlab.com/wireshark/wireshark/-...leCaptures
https://github.com/wireshark/wireshark/t...t/captures

Everything can be explained and make things understandable using this examples mentioned above.

Ok my bad i'll be careful with that.
Reply
#17
(07-25-2023, 07:40 AM)ZerBea Wrote: > From what i see there (which is obvisouly wrong) 010 is authorized, so I must missing a key somewhere

The value in the explanation is binary while the value in the MESSAGEPAIRFIELD is HEX.
You have to convert it.

hex 10 == binary 00010000
regarding the matrix and reading the bits from the right to the left:
Code:
000 == M1M2 challenge
0    == reserved
1    == ap-less attack (set to 1) - nonce-error-corrections not required
0    ==  LE router detected (set to 1) - nonce-error-corrections required only on LE
0    ==  BE router detected (set to 1) - nonce-error-corrections required only on BE
0    ==  replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections mandatory
this MESSAGE PAIR is from a connect attempt (M1M2 challenge) from a CLIENT to hcxdumptool.

Default key space SFR_xxxx (vendor SFR):
?l?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

Default key space  Livebox-xxxx (vendor Arcadyan):
?l?u?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

Default key space  Livebox-xxxx (vendor SAGEMCOM):
?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H

impossible to recover by hashcat (even with a GPU farm).

BTW:
The hash from this comment
https://hashcat.net/forum/thread-11513-p...l#pid58698
Code:
WPA*02*f26698......
is easy to recover, because it is not the default PSK.
Took me only a few seconds to get it:
Code:
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: /tmp/x
Time.Started.....: Tue Jul 25 07:41:47 2023 (4 secs)
Time.Estimated...: Tue Jul 25 07:41:51 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  959.7 kH/s (6.31ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 3736554/10354402 (36.09%)
Rejected.........: 1002/3736554 (0.03%)
Restore.Point....: 3580884/10354402 (34.58%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 001AEF24D2F3 -> 737291Ol
Hardware.Mon.#1..: Temp: 53c Fan:  0% Util: 66% Core:2835MHz Mem:10802MHz Bus:16
Started: Tue Jul 25 07:41:47 2023
Stopped: Tue Jul 25 07:41:53 2023


Alright thanks to take the time to explains this.
How did you came to the conclusion of that ? i'd be glad to know how to do that for it would spare some time on cracking possible passwords Big Grin

Quote:Default key space SFR_xxxx (vendor SFR):
?l?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

Default key space Livebox-xxxx (vendor Arcadyan):
?l?u?d, ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

Default key space Livebox-xxxx (vendor SAGEMCOM):
?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H?H

Just to be sure when you MESSAGEPRAI is x0, by x you mean any digits right ? or is it a HEX convention ?

I got it for the MESSAGEPAIR is in hex and have to convet it to binary to get the bitmask. 
From my previous example  hex 10 == binary 00010000 that is very clear no problem

How do you go from that ?


Code:
000 = M1+M2, EAPOL from M2 (challenge)
3: reserved
4: ap-less attack (set to 1) - nonce-error-corrections not required
5: LE router detected (set to 1) - nonce-error-corrections required only on LE
6: BE router detected (set to 1) - nonce-error-corrections required only on BE
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections mandatory

to this :

Code:
000 == M1M2 challenge
0    == reserved
1    == ap-less attack (set to 1) - nonce-error-corrections not required
0    ==  LE router detected (set to 1) - nonce-error-corrections required only on LE
0    ==  BE router detected (set to 1) - nonce-error-corrections required only on BE
0    ==  replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections mandatory

From my understanding of your reply, I have to read binary from right to left.
I think that the doc numbers confuse me 3,4,5,6,7 are just the 'index' of the bit ? 

The acronyms are kinda confusing as well.

Quote:So basically for my example above the WPA*02 line is not usable since the PSK was not authorized, if I bruteforce that one I might recover a wrong PSK. Am I right ?

Yes, i'd be glad tho if you could teach me how to know if a PSK is right or wrong by reading the hash like you seems to do .

Again many thanks for your time sir.
Reply
#18
> I think that the doc numbers confuse me 3,4,5,6,7 are just the 'index' of the bit ?
absolutely correct.

> Just to be sure when you MESSAGEPRAIR is x0, by x you mean any digits right ? or is it a HEX convention ?
This is an xdigit hex 0x00 to 0xff (the entire hash line consists of xdigits)
not binary 00000000 to 11111111
not decimal 0 to 255

The information about the type of the MESSAGEPAIR (CHALLENGE, AUTHORIZATION) is part of the last xdigit.
Only the last three bits (0 to 2) are in use while bit 3 is reserved.
*x2 = the explanation does not take care about bit 4 to 7) so it is masked by x


A bitmask can contain a lot of information, so what not take advantage of this.
Unfortunately binary values are long and they are a way too long to use them inside a hash line.
HEX values are much better to handle.
Reply
#19
To make it a little bit more complicated.
The information in the first part of the MESSAGEPAIR *2x has a huge impact on hashcat's speed because it determine NONCE-ERROR-CORRECTIONS.
Reply
#20
NONCE-ERROR-CORRECTIONS is explained here:
https://hashcat.net/forum/thread-6361.html


An example has is take from here:
https://hashcat.net/wiki/doku.php?id=example_hashes

I have a NVIDIA 1080 TI. The GPU is undervolted, because I'm a coder and not a hashcracker. In combination with hcxdumptool/hcxtools/hashcat/JtR it is more than enough for me.
Code:
$ hashcat -m 22000 --benchmark
hashcat (v6.2.6-532-g939a97d14) starting in benchmark mode
CUDA API (CUDA 12.2)
====================
* Device #1: NVIDIA GeForce GTX 1080 Ti, 10818/11169 MB, 28MCU

OpenCL API (OpenCL 3.0 CUDA 12.2.79) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce GTX 1080 Ti, skipped

Benchmark relevant options:
===========================
* --backend-devices-virtual=1
* --optimized-kernel-enable

-------------------------------------------------------------
* Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL) [Iterations: 4095]
-------------------------------------------------------------

Speed.#1.........:   612.1 kH/s (90.32ms) @ Accel:16 Loops:1024 Thr:512 Vec:1

Started: Tue Jul 25 12:17:59 2023
Stopped: Tue Jul 25 12:18:21 2023


Default NC == 8
Code:
$ hashcat -m 22000 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2" hashmob.net_2023-07-23.large.found
Session..........: hashcat
Status...........: Running
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: 024022795224bffca545276c3762686f:6466b38ec3fc:225ed...T_TEST
Time.Started.....: Tue Jul 25 12:16:37 2023 (4 secs)
Time.Estimated...: Tue Jul 25 12:20:11 2023 (3 mins, 30 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (hashmob.net_2023-07-23.large.found)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   228.3 kH/s (5.66ms) @ Accel:4 Loops:256 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 1388085/49365271 (2.81%)
Rejected.........: 527925/1388085 (38.03%)
Restore.Point....: 1388085/49365271 (2.81%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: champola -> stellarose1
Hardware.Mon.#1..: Temp: 63c Fan: 42% Util: 24% Core:1708MHz Mem:5005MHz Bus:16

NC == 0
Code:
$ hashcat -m 22000 --nonce-error-corrections=0 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2" hashmob.net_2023-07-23.large.found
Session..........: hashcat                                
Status...........: Quit
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: 024022795224bffca545276c3762686f:6466b38ec3fc:225ed...T_TEST
Time.Started.....: Tue Jul 25 12:17:34 2023 (4 secs)
Time.Estimated...: Tue Jul 25 12:19:56 2023 (2 mins, 18 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (hashmob.net_2023-07-23.large.found)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   343.3 kH/s (11.37ms) @ Accel:8 Loops:256 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 1726213/49365271 (3.50%)
Rejected.........: 694021/1726213 (40.20%)
Restore.Point....: 1657296/49365271 (3.36%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: billchen -> daniel0708
Hardware.Mon.#1..: Temp: 73c Fan: 54% Util: 26% Core:1746MHz Mem:5005MHz Bus:16

NC == 1024
Code:
$ hashcat -m 22000 --nonce-error-corrections=1024 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2" hashmob.net_2023-07-23.large.found
Session..........: hashcat
Status...........: Running
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: 024022795224bffca545276c3762686f:6466b38ec3fc:225ed...T_TEST
Time.Started.....: Tue Jul 25 12:15:18 2023 (8 secs)
Time.Estimated...: Tue Jul 25 12:23:23 2023 (7 mins, 57 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (hashmob.net_2023-07-23.large.found)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   100.8 kH/s (5.44ms) @ Accel:4 Loops:256 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 1236546/49365271 (2.50%)
Rejected.........: 491074/1236546 (39.71%)
Restore.Point....: 1206339/49365271 (2.44%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: vanesa17 -> chan2009
Hardware.Mon.#1..: Temp: 60c Fan: 40% Util:100% Core:1873MHz Mem:5005MHz Bus:16

I'll say that it is always a good idea to take a look at the MP field (all bits).
Reply