WPA2 - not working vs aircrack-ng?
#1
Hi,

I have captured my own 4-way handshake. I know my password so I've put it at the end of my wordlist. (for testing)

aircrack-ng is able to find the password easily (but sloooooooooowwww) - now I have extracted the hcap via aircrack-ng -J option

hashcat cannot find the password.

the only thing... the current testfile contains 100 words with a special character (aircrack skips it) and then my passphrase. could that be confusing hashcat?

Code:
 hashcat-3.10 # ./hashcat32.bin -m 2500 3.hccap.hccap common_passwords_from_hacked_websites2.txt
hashcat (v3.10) starting...

ATTENTION!
  The WPA/WPA2 key version in your .hccap file is invalid!
  This could be due to a recent aircrack-ng bug.
  The key version was automatically reset to a reasonable value.

OpenCL Platform #1: NVIDIA Corporation
======================================
- Device #1: GeForce GTX 560 Ti, 255/1023 MB allocatable, 8MCU

WARNING: Failed loading the XNVCTRL library: libXNVCtrl.so: cannot open shared object file: No such file or directory
         Please install libxnvctrl-dev package.

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

WARNING: Failed to set initial fan speed for device #1
Generated dictionary stats for common_passwords_from_hacked_websites2.txt: 1071 bytes, 100 words, 100 keyspace

ATTENTION!
  The wordlist or mask you are using is too small.
  Therefore, hashcat is unable to utilize the full parallelization power of your device(s).
  The cracking speed will drop.
  Workaround: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_to_create_more_work_for_full_speed

INFO: approaching final keyspace, workload adjusted


Session.Name...: hashcat
Status.........: Exhausted
Input.Mode.....: File (common_passwords_from_hacked_websites2.txt)
Hash.Target....: WIFINAME (xx:xx:xx:xx:f5:91 <-> xx:xx:xx:xx:a5:10)
Hash.Type......: WPA/WPA2
Time.Started...: 0 secs
Speed.Dev.#1...:        0 H/s (0.55ms)
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 100/100 (100.00%)
Rejected.......: 30/100 (30.00%)

Started: Thu Sep  1 13:21:43 2016
Stopped: Thu Sep  1 13:21:49 2016
#2
Just guessing.

1) Rejected.......: 30/100 (30.00%) ... are you sure your password hasn't been rejected. I'd try with a second passwordfile that ONLY has your password and see if it gets rejected or not.

2) Do you have multiple handshakes stored in that .cap file when converting it to .hccap with aircrack-ng -J ? If yes, try isolating one handshake to another .cap and then convert that to .hccap using aircrack-ng. Have a look here: https://hashcat.net/forum/thread-5792-po...l#pid31068
#3
I have done a little testing...

The hccap contains exactly 1 hash, the wpa.cap contained multiple, but aircrack lets you select 1 network to export. (I selected my own)

the password is rather long. 41 characters

if I delete everything but my password the result is the same (the rejected rate is 0/1)

Code:
client1 hashcat-2.00 # ./hashcat-cli32.bin -m 2500 3.hccap.hccap common_passwords_from_hacked_websites2.txt
Initializing hashcat v2.00 with 4 threads and 32mb segment-size...

ATTENTION!
  The WPA/WPA2 key version in your .hccap file is invalid!
  This could be due to a recent aircrack-ng bug.
  The key version was automatically reset to a reasonable value.

Added hashes from file 3.hccap.hccap: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

3.hccap.hccap:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

All hashes have been recovered

Input.Mode: Dict (common_passwords_from_hacked_websites2.txt)
Index.....: 1/1 (segment), 105 (words), 1276 (bytes)
Recovered.: 1/1 hashes, 1/1 salts
Speed/sec.: - plains, 101 words
Progress..: 102/105 (97.14%)
Running...: 00:00:00:01
Estimated.: --:--:--:--


Started: Thu Sep  1 14:08:02 2016
Stopped: Thu Sep  1 14:08:03 2016



Code:
client1 cudaHashcat-2.01 # ./cudaHashcat32.bin -m 2500 3.hccap.hccap common_passwords_from_hacked_websites2.txt
cudaHashcat v2.01 starting...

ATTENTION!
  The WPA/WPA2 key version in your .hccap file is invalid!
  This could be due to a recent aircrack-ng bug.
  The key version was automatically reset to a reasonable value.

Device #1: GeForce GTX 560 Ti, 1023MB, 1670Mhz, 8MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4318/m02500.sm_21.32.cubin
Device #1: Kernel ./kernels/4318/amp_a0_v1.sm_21.32.cubin

Generated dictionary stats for common_passwords_from_hacked_websites2.txt: 1276 bytes, 105 words, 105 keyspace


ATTENTION!
  The wordlist or mask you are using is too small.
  Therefore, oclHashcat is unable to utilize the full parallelization power of your GPU(s).
  The cracking speed will drop.
  Workaround: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_to_create_more_work_for_full_speed


INFO: approaching final keyspace, workload adjusted


Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: File (common_passwords_from_hacked_websites2.txt)
Hash.Target....: Mikrowelle ( <-> )
Hash.Type......: WPA/WPA2
Time.Started...: 0 secs
Time.Estimated.: 0 secs
Speed.GPU.#1...:        0 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 105/105 (100.00%)
Rejected.......: 30/105 (28.57%)
HWMon.GPU.#1...: -1% Util, 42c Temp, 30% Fan

Started: Thu Sep  1 14:08:33 2016
Stopped: Thu Sep  1 14:08:36 2016


(09-01-2016, 04:01 PM)jodler303 Wrote: Just guessing.

1) Rejected.......: 30/100 (30.00%)  ... are you sure your password hasn't been rejected.  I'd try with a second passwordfile that ONLY has your password and see if it gets rejected or not.

2) Do you have multiple handshakes stored in that .cap file when converting it to .hccap with aircrack-ng -J ?   If yes, try isolating one handshake to another .cap and then convert that to .hccap using aircrack-ng. Have a look here: https://hashcat.net/forum/thread-5792-po...l#pid31068
#4
Try using cap2hccap locally:

https://sourceforge.net/projects/cap2hccap/

Get that - compile it - and see if you get better/expected results.

PS: Why are you running older versions of (cuda)hashcat in some of your outputs ?
#5
Sometimes it's requred to use wpaclean (part of aircrack-ng) before using cap2hccap.
#6
>Sometimes it's requred to use wpaclean (part of aircrack-ng) before using cap2hccap.
the file is already clean due to its origin (wpaclean doesnt change the file)

>PS: Why are you running older versions of (cuda)hashcat in some of your outputs ?

for comparison

I've tried those 4 versions. same hcap file, same wordlist
cpuhashcat 2.0 -> OK
cudahashcat 2.1 -> NG
hashcat 3.0 -> NG
hashcat 3.1 -> NG

Now compiling wine so I can use the 32bit binary.exe

Are you guys really using windows?
#7
IOW, it never worked on GPU. Did you try hashcat 3.1 in CPU mode?
#8
(09-01-2016, 07:03 PM)atom Wrote: IOW, it never worked on GPU. Did you try hashcat 3.1 in CPU mode?

Sorry to ask, but how??

I checked the docs and it seems it only accepts the gpu as available device.

   --opencl-platforms        | Str  | OpenCL platforms to use, separate with comma         | --opencl-platforms=2
-D, --opencl-device-types     | Str  | OpenCL device-types to use, separate with comma      | -D 1

[ OpenCL Device Types ] -

 # | Device Type
===+=============
 1 | CPU
 2 | GPU
 3 | FPGA, DSP, Co-Processor





--opencl-platforms=1 <- nvidia device
--opencl-platforms=2 <- not available

Code:
client1 hashcat-3.10 # ./hashcat32.bin -m 2500 --opencl-platforms=2 test.hccap common_passwords_from_hacked_websites.txt

Generating bitmap tables with 16 bits...

ERROR: The platform selected by the --opencl-platforms parameter is larger than the number of available platforms (1)

and also

Code:
client1 hashcat-3.10 # ./hashcat32.bin -m 2500 -D 1 test.hccap common_passwords_from_hacked_websites.txt
ERROR: No devices found/left
#9
You just need to install the OpenCL runtime for your CPU model
#10
sorry for my late reply, i had issues installing na appropriate opencl runtime on my gentoo. maybe my cpu is not supported or something.

I tried to reproduce the issue on a windows machine. It behaves exactly the same. even when running the cpu opencl....

tables with 16 bits...
                                       
OpenCL Platform #1: NVIDIA Corporation
======================================
- Device #1: GeForce GT 630M, skipped

OpenCL Platform #2: Intel(R) Corporation
========================================
- Device #2:        Intel(R) Core(TM) i7-3770S CPU @ 3.10GHz, 2037/8148 MB allocatable, 8MCU

OpenCL Platform #3: Intel(R) Corporation
========================================
- Device #3:        Intel(R) Core(TM) i7-3770S CPU @ 3.10GHz, 2037/8148 MB allocatable, 8MCU

.....

Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 2202/2202 (100.00%)
Rejected.......: 0/2202 (0.00%)

of course i tried that wordlist on aircrack again just for verification