Posts: 1
Threads: 1
Joined: Sep 2023
Hi,
I'm finding that there is detailed explanation of hashmode 22000 like below but not for 22001
WPA*01*PMKID*MAC_AP*MAC_CLIENT*ESSID***MESSAGEPAIR
WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR
What's the format for hashmode 22001?
I have details of MIC, MAC_AP, MAC_CLIENT, ESSID, NONCE_AP, EAPOL_CLIENT, and M2 message. How do i fit this info into hashmode 22001 format?
Please do the needful.
Posts: 1,042
Threads: 2
Joined: Jun 2017
09-22-2023, 08:46 PM
(This post was last modified: 09-22-2023, 08:50 PM by ZerBea.)
Both formats take the same hash line (WPA*01 or WPA*02) as hash input.
The difference is described here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Code:
Difference between hash mode 22000 and hash mode 22001:
Use hash mode 22000 to recover a Pre-Shared-Key (PSK). Length of a PSK can be 8 up to 63 characters
Use hash mode 22001 to verify an existing (pre-calculated) Plain Master Key (PMK). Length of a PMK is always 64 xdigits
Posts: 31
Threads: 2
Joined: Mar 2020
01-06-2024, 06:45 AM
(This post was last modified: 01-06-2024, 06:47 AM by ly88888.)
(09-22-2023, 08:46 PM)ZerBea Wrote: Both formats take the same hash line (WPA*01 or WPA*02) as hash input.
The difference is described here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Code:
Difference between hash mode 22000 and hash mode 22001:
Use hash mode 22000 to recover a Pre-Shared-Key (PSK). Length of a PSK can be 8 up to 63 characters
Use hash mode 22001 to verify an existing (pre-calculated) Plain Master Key (PMK). Length of a PMK is always 64 xdigits
I also don't understand how to use the 22001 mode, .cap is converted to .hc22000 online, and what happens after that?
Can I convert any existing .cap directly, or do I have to use your hcxdumptool to listen again?
Posts: 21
Threads: 5
Joined: Sep 2023
01-06-2024, 04:37 PM
(This post was last modified: 01-06-2024, 04:38 PM by ManuB1G.)
ly88888 dateline='[url=tel:1704516312' Wrote: 1704516312[/url]']
I also don't understand how to use the 22001 mode, .cap is converted to .hc22000 online, and what happens after that?
Can I convert any existing .cap directly, or do I have to use your hcxdumptool to listen again?
For 22001 you need to precalculate the pmk for an essid and passwords. This is only helpful if you have different hashes for the same ssid.
The steps to use this are:
Use wlangenpmkocl to get pmks from essid and passwordlist
Use hashcat with 22001 hashfile pmklist as input
Posts: 31
Threads: 2
Joined: Mar 2020
(01-06-2024, 04:37 PM)ManuB1G Wrote: ly88888 dateline='[url=tel:1704516312' Wrote: 1704516312[/url]']
I also don't understand how to use the 22001 mode, .cap is converted to .hc22000 online, and what happens after that?
Can I convert any existing .cap directly, or do I have to use your hcxdumptool to listen again?
For 22001 you need to precalculate the pmk for an essid and passwords. This is only helpful if you have different hashes for the same ssid.
The steps to use this are:
Use wlangenpmkocl to get pmks from essid and passwordlist
Use hashcat with 22001 hashfile pmklist as input
Does it mean that this data must be scraped while listening and cannot be extracted from the existing .cab? I just cracked it and haven't tried to scrape it yet, so I don't know much about it.thanks all!
Posts: 31
Threads: 2
Joined: Mar 2020
(01-06-2024, 04:37 PM)ManuB1G Wrote: ly88888 dateline='[url=tel:1704516312' Wrote: 1704516312[/url]']
I also don't understand how to use the 22001 mode, .cap is converted to .hc22000 online, and what happens after that?
Can I convert any existing .cap directly, or do I have to use your hcxdumptool to listen again?
For 22001 you need to precalculate the pmk for an essid and passwords. This is only helpful if you have different hashes for the same ssid.
The steps to use this are:
Use wlangenpmkocl to get pmks from essid and passwordlist
Use hashcat with 22001 hashfile pmklist as input
What does it mean that this data has to be scraped while listening, and cannot be extracted from existing .cab? I just cracked it, and I haven't learned Xi and tried to listen yet, so I don't know much.
I simply understand that if the same wifi has changed the password, you can find out the pmk, and then use 22001?
Posts: 21
Threads: 5
Joined: Sep 2023
The PMK is a hash from ssid and the password. With 22000 this has to be calculated for each password - ssid is part of the capture.
With 22001 you have to precalculate the pmk from one ssid and many passwords with an external tool like wlangenpmk and use this list as input to hashcat.
This does not save time if used only once, but for ssids with the same name (e.g. wlan1, wifi,…) this can speed up the process.