hashcat & hcxdumptool ioctl(SIOCSIWMODE)

[jairu]

Hello all, I installed hashcat and hcxdumptool from Ubuntu 22.04:

$ sudo dpkg -l | grep hashcat
ii  hashcat                                    6.2.5+ds1-2                            amd64        World's fastest and most advanced password recovery utility
ii  hashcat-data                              6.2.5+ds1-2                            all          Data files for hashcat advanced password recovery utility

$ sudo dpkg -l | grep hcxdump
ii  hcxdumptool                                6.2.5-2                                amd64        Small tool to capture packets from wlan devices

However, when I try to run the command:
$ sudo hcxdumptool -i wlan1 -o dumpfile.pcapng --active_beacon --enable_status=15

I get this:
initialization of hcxdumptool 6.2.5...
failed to set monitor mode, ioctl(SIOCSIWMODE) not supported by driver: Operation not permitted
warning: failed to init socket

terminating...
1 driver error encountered
failed to restore old SIOCSIWMODE: Operation not permitted

I currently have this adapter:
Bus 003 Device 002: ID 0bda:8812 Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter

Should I try to download and install from source the latest versions of hashcat and hcxdumptool?

[jairu]

When doing additional research I found the following:

$ ethtool -i wlan1
driver: rtl88XXau
version: 6.5.0-25-generic
firmware-version:
expansion-rom-version:
bus-info: 3-1:1.0
supports-statistics: no
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no

[ZerBea]

Older versions (< 6.3.0) of hcxdumptool use WIRELESS EXTENSIONs (WEXT) to control the device via ioctl() system calls.
RTL88xxau is a NETLINK only driver that does not support WEXT.

Starting with version 6.3.0 hcxdumptool moved to NETLINK (because WEXT is deprecated) and it should work, now.
https://github.com/ZerBea/hcxdumptool/bl...gelog#L167

Please notice that the your driver is an out of Linux tree driver which is not part of the official Linux kernel.
More information about this third party drivers is here:
https://github.com/morrownr/USB-WiFi/issues/314

[jairu]

I see @ZerBea,

Thank you very much for the information. I am not sure I am following what I need to do next to confirm the driver works, please correct me if I am wrong:

1. I need to download a newer/different version of the driver RTL88xxau, is there an official github page with the latest versions/release notes of these drivers?
2. I also need to make sure the driver I install is not part of the Linux Kernel tree? Ho do I accomplish this? by installing the correct driver?

I will be investigating myself in the meantime. Thank you again!

[ZerBea]

There are hundreds of third party drivers out in the wildness. Some of them support monitor mode, some of them support packet injection, some of them are old and some of them are well maintained.
Maybe this one will work for you:
https://github.com/aircrack-ng/rtl8812au
But the issue list is long:
https://github.com/aircrack-ng/rtl8812au/issues

BTW:
I can't and I won't test all this third party drivers.
That is the reason why I recommend Linux stock kernel drivers.
https://git.kernel.org/pub/scm/linux/ker...s?h=v6.8.1

If you buy a device that need an out of tree driver you will run into problems, at the latest with the next Linux kernel update.

[jairu]

Hello @ZerBea,

Noted and thank you so very much for your response and advise. I will check the driver you shared and also look into Linux Stock Kernel Drivers. One thing though, I thoguht in the previous message you commented that the driver I was using was one of the Linux Kernel Drivers?

In any way, I will check the issues list, and then verify the type of driver I am currently using.

Again, Thank you! this information and links are very helpful, and I appreciate it.

Sincerely,

[ZerBea]

Maybe I explained it in a misleading way:
Your driver is a third party driver which is not part of the official Linux kernel.
The source of your driver is unknown, as well as monitor mode and frame injection capabilities.

Your driver is a NETLINK driver that does not support WEXT.
As a result, ancient drivers and tools will not work (as expected).
That shouldn't be a problem, because hcxdumptool (>= 6.3.0) moved completely to NETLINK.

To identify tools take a look at dmesg log:

Code:

$ sudo dmesg | grep extensions

If you see something like this, the tool is using deprecated WEXT:

Code:

[143049.646937] warning: `xxxxxxxxx' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211

This warning should not appear on hcxdumptool >= 6.3.0.

Some more information about WIRELESS EXTENSIONS (WEXT):
https://wireless.wiki.kernel.org/en/deve...Extensions

[jairu]

Thank you again @ZerBea,

This is what I see on my end:

$ sudo dmesg | grep extensions
[ 84.575399] warning: `megasync' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211

I will definitely continuing testing and reviewing the settings and check again if hashcash works.

[ZerBea]

Looks like some tools still use WEXT. But that has nothing to do with the driver.

A quick and dirty test of the aircrack-ng driver:

Complies and inserts fine running Linux kernel 6.8.1:

Code:

$ uname -r
6.8.1-arch1-1

$ make
make ARCH=x86_64 CROSS_COMPILE= -C /lib/modules/6.8.1-arch1-1/build M=/tmp/git_rtl8812au_aircrack-ng  modules
make[1]: Entering directory '/usr/lib/modules/6.8.1-arch1-1/build'
make[1]: Leaving directory '/usr/lib/modules/6.8.1-arch1-1/build'
---------------------------------------------------------------------------
Visit https://github.com/aircrack-ng/rtl8812au for support/reporting issues
or check for newer versions (branches) of these drivers.                  
---------------------------------------------------------------------------

$ insmod 88XXau.ko

Running hcxdumptool latest git head:

Code:

$ hcxdumptool -v
hcxdumptool 6.3.4-14-g3693e77 (C) 2024 ZeroBeat
running on Linux kernel 6.8.1-arch1-1
running GNU libc version 2.39
compiled by gcc 13.2.1
compiled with Linux API headers 6.7.0
compiled with GNU libc headers 2.39
enabled REALTIME DISPLAY
enabled GPS support
enabled BPF compiler

Driver information:

Code:

$ hcxdumptool -l
  3      6    74da3876251a    c8aacc43f6fd    +    wlp22s0f0u4         rtl88XXau    NETLINK

Test target has been (successful) attacked in 6,403s (that include the time to init the device - this device is really slow):

Code:

$ time hcxdumptool -i wlp22s0f0u4 --bpf=target.bpfc -c 10a --rds=1 --exitoneapol=7 -w test.pcapng

0 ERROR(s) during runtime
128 Packet(s) captured by kernel
0 Packet(s) dropped by kernel
1 SHB written to pcapng dumpfile
1 IDB written to pcapng dumpfile
1 ECB written to pcapng dumpfile
5 EPB written to pcapng dumpfile

exit on EAPOL M1M2

real    0m6,403s
user    0m0,000s
sys     0m0,008s

Successful converted by hcxpcapngtool:

Code:

$ hcxpcapngtool -o test.hc22000 test.pcapng
hcxpcapngtool 6.3.4-6-gb7886cb reading from test.pcapng...

summary capture file
--------------------
file name.................................: test.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 6.8.1-arch1-1
application..............................: hcxdumptool 6.3.4-14-g3693e77
...
EAPOL pairs written to 22000 hash file...: 1 (RC checked)

PSK has been sucessful recovered by hashcat:

Code:

$ hashcat -m 22000 test.hc22000 -a 3 12345678
hashcat (v6.2.6-848-gc1a10518f) starting
...                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)
Hash.Target......: test.hc22000
Time.Started.....: Tue Mar 19 18:32:22 2024 (0 secs)
Time.Estimated...: Tue Mar 19 18:32:22 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: 12345678 [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:       40 H/s (0.65ms) @ Accel:64 Loops:256 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 12345678 -> 12345678
Hardware.Mon.#1..: Temp: 49c Util:  6% Core:1875MHz Mem:4001MHz Bus:8

Started: Tue Mar 19 18:32:00 2024
Stopped: Tue Mar 19 18:32:22 2024

That is the way as described in hashcat wiki:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2

[jairu]

@ZerBea,

Excellent, I will proceed with testing that and respond with the result, I really appreciate the details!

Sincerely,