And now the funny part: impact of insufficient NC.
This is mostly the case if you use a passive dumper or a dumper that
is not able to detect a packet loss
is not able to detect the router endianess (big endian / little endian)
is not able to calculate NC
Again we take our example hash:
As expected, hashcat was able to recover the PSK.
Now we simulate a packet loss.
7 EAPOL M1 got lost and we do not got an information about the type of the router (BE or LE) - MESSAGEPAIR is set to *02 == AUTHENTICATED
This is outside hashcat's default NC of +/-8 and the status is exhausted.
but if we set NC to 17 this will happen:
As expected, hashcat was able to recover the PSK.
This is mostly the case if you use a passive dumper or a dumper that
is not able to detect a packet loss
is not able to detect the router endianess (big endian / little endian)
is not able to calculate NC
Again we take our example hash:
Code:
$ hashcat -m 22000 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2" -a 3 hashcat!
hashcat (v6.2.6-661-gf924ee801) starting
...
024022795224bffca545276c3762686f:6466b38ec3fc:225edc49b7aa:TP-LINK_HASHCAT_TEST:hashcat!
Session..........: hashcat
Status...........: Cracked
Now we simulate a packet loss.
7 EAPOL M1 got lost and we do not got an information about the type of the router (BE or LE) - MESSAGEPAIR is set to *02 == AUTHENTICATED
Code:
$ hashcat -m 22000 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e9725*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*02" -a 3 hashcat!
hashcat (v6.2.6-661-gf924ee801) starting
...
Session..........: hashcat
Status...........: Exhausted
but if we set NC to 17 this will happen:
Code:
$ hashcat -m 22000 --nonce-error-corrections=17 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e9725*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*02" -a 3 hashcat!
hashcat (v6.2.6-661-gf924ee801) starting
...
024022795224bffca545276c3762686f:6466b38ec3fc:225edc49b7aa:TP-LINK_HASHCAT_TEST:hashcat!
Session..........: hashcat
Status...........: Cracked