4-way handshaking vs hc22000

[h9k]

Hello,
I would like to understand how the hc22000 format result can be used to manual calculate the known PSK.

As we already known the hc22000 format is:
case#1 - WPA*01*PMKID*MAC_AP*MAC_CLIENT*ESSID***
case#2 - WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR

Manual check:
case#1 it is very simple to know if the PSK is right as we need to compare the PMKID in hc22000 file with the formula PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA), where PMK=PBKDF2(PSK, SSID, 4096,32))

case#2 I do not understand how hashcat can find the right PSK as the SNonce is missing in the hc22000
For the 4-Way handshake:
First there is a value called PMK. (PMK=PBKDF2(PSK, SSID, 4096,32)).
PTK is derived from PMK as follows:
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.

in the hc22000 case#2 the SNonce and data are not present!

Sorry if I post maybe a silly question but I would like to learn more. Can you please help?

Thanks!

[h9k]

in general, how hashcat compare the list of PSK with the WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR in the hc22000 format?

What is the algorithm?

[ZerBea]

This is done by three algorithms:

first: PBKDF2 to get the PMK from ESSID and PSK (on all versions WPA1, WPA2, WPA2 keyversion 3)
PMK = PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256)

second: HMAC to get the PTK from PMK, MAC_AP, MAC_CLIENT, ANONCE and SNONCE
HMAC-SHA1 to get the PTK (WPA1 and WPA2)
HMAC-SHA256 to get the PTK (WPA2 keyversion 3)

third: (HMAC or CMAC) to get the MIC (from PTK and entire EAPOL_CLIENT message [M2])
HMAC-MD5 to get the MIC (WPA1)
HMAC-SHA1 to get the MIC (WPA2)
CMAC AEC-128CBC toe get the MIC (WPA2 key version 3))

After this, the calculated MIC is compared to the MIC in field 3 of the hash line. If it matches, the PSK is correct.

[ZerBea]

Your question is not silly. The entire 802.11 stuff is quite difficult to understand.
The SNONCE is not missing in a hc22000 line. It is inside the EAPOL field.
Example taken from here:
https://hashcat.net/wiki/doku.php?id=example_hashes

Code:

WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2

First some information about the hash line:

Code:

$ hcxhashtool -i test.hc22000 --info=stdout
SSID.......: TP-LINK_HASHCAT_TEST
MAC_AP.....: 6466b38ec3fc (TP-LINK TECHNOLOGIES CO.,LTD.)
MAC_CLIENT.: 225edc49b7aa (Unknown)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 1
RC INFO....: NC suggested
MP M2M3 E2.: authorized
MIC........: 024022795224bffca545276c3762686f
HASHLINE...: WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2

EAPOL MESSAGE taken from field 8:

Code:

0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000

displayed in Wireshark format:

Code:

802.1X Authentication
    Version: 802.1X-2001 (1)
    Type: Key (3)
    Length: 117
    Key Descriptor Type: EAPOL RSN Key (2)
    [Message number: 2]
    Key Information: 0x010a
    Key Length: 0
    Replay Counter: 1
    WPA Key Nonce: 48ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171
    Key IV: 00000000000000000000000000000000
    WPA Key RSC: 0000000000000000
    WPA Key ID: 0000000000000000
    WPA Key MIC: 024022795224bffca545276c3762686f
    WPA Key Data Length: 22
    WPA Key Data: 30140100000fac040100000fac040100000fac028000

and final the calculated/confirmed keys:

Code:

$ hcxpmktool -l WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2 -p hashcat!

HASH FORMAT.: EAPOL (WPA*02)
ESSID.......: TP-LINK_HASHCAT_TEST
MAC_AP......: 6466b38ec3fc
MAC_CLIENT..: 225edc49b7aa
PSK.........: hashcat!
PMK.........: 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82 (calculated)
KEY VERSION.: WPA2
NONCE AP....: 10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e
NONCE CLIENT: 48ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171
KCK.........: 57d0f2ff5faef56f9b94390aebf4474d (calculated)
KEK.........: 9913af266f6e00225edc49b7aa6466b3 (calculated)
TK..........: 8ec3fc10e3be3b005a629e89de088d6a (calculated)
TKIP TX MIC.: 2fdc489db83ad476 (calculated)
TKIP RX MIC.: 4f2d186b9cde1544 (calculated)
MIC.........: 024022795224bffca545276c3762686f (confirmed)
PMKID.......: e7b71e94595346b4c5e084cbf7ac328e (calculated)

The PTK is composed of KCK + KEK + TK + TKIP TX MIC + TKIP RX MIC

Once we got the PMK, it is easy to calculate a matching PMKID, too.


confirm the PMK:

Code:

$ wlangenpmk -e TP-LINK_HASHCAT_TEST -p hashcat!

essid (networkname)....: TP-LINK_HASHCAT_TEST
password...............: hashcat!
plainmasterkey (SHA1)..: 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82

[Sairaj@2001]

I understood the whole stuff but didn't understood that how to know what is the hash type of my psk

I have WPA*02*MIC*MAC_AP*MAC_CLIENT*ESSID*NONCE_AP*EAPOL_CLIENT*MESSAGEPAIR

Now how to determine the hash type as it is not recognised by hash identifier or any online tool ?
I want to brootforce the above .hc22000 file but without knowing the hash type/algorithm it will take more time.
So will u plzz let me know how to determine the hash algorithm of wpa2 .hc22000 .
I am sorry if I post an silly question.

[v71221]

You can upload hash to this site, for example
https://www.onlinehashcrack.com/hash-identification.php

For hash-mode 22000 it'll say
Your hash may be one of the following:
 WPA PBKDF2 (PMKID/EAPOL)

In addition, hashcat tries to automatically detect the hash mode if you omit -m

Code:

Hash-mode was not specified with -m. Attempting to auto-detect hash mode.
The following mode was auto-detected as the only one matching your input hash:

22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocol

NOTE: Auto-detect is best effort. The correct hash-mode is NOT guaranteed!
Do NOT report auto-detect issues unless you are certain of the hash type.

Try to play with example hashes
https://hashcat.net/wiki/doku.php?id=example_hashes
Run this example:

Code:

hashcat -a 3 -m 22000 "WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2" "hashcat!"

[v71221]

Hope you understand.
If not, here's another example.
We know that the password consists of 8 digits, but we only know the last six digits.
The actual password is 12345678

Code:

hashcat -a 3 -m 22000 "WPA*01*ca5396d611cf330aebefd48ebbfb0e63*020000000001*020000000020*61703031***01"  "?d?d345678"

https://hashcat.net/wiki/doku.php?id=brute_force_attack