Hex-Charset cracked, but now what
#1
First, off, this product has saved me a lot of time of reformatting PCs since I can not get into ex-employees PC who didn't leave me their password. Secondly, discovering and cracking into rogue access points in our corporate environment is my main use of this product.

Question I have is this: I have generated an 8 character hex file, all combinations of 1234567890ABCDEF.
When using this with oclhashcat, I specify this to use --hex-charset
I am able to crack the WPA2 with the HEX output, but how does this convert back to a human readable ascii passphrase?
Reply
#2
This may help: https://hashcat.net/forum/thread-3522.html

There is also a hashcat option to show cracks (--show).
Reply
#3
(09-12-2016, 04:45 PM)abcminer Wrote: First, off, this product has saved me a lot of time of reformatting PCs since I can not get into ex-employees PC who didn't leave me their password. Secondly, discovering and cracking into rogue access points in our corporate environment is my main use of this product.

Question I have is this: I have generated an 8 character hex file, all combinations of 1234567890ABCDEF.
When using this with oclhashcat, I specify this to use --hex-charset
I am able to crack the WPA2 with the HEX output, but how does this convert back to a human readable ascii passphrase?

hi there. you are saying your wifi hotspot is encoding the ASCII chars from your password into a HEX key of length 8? for WPA2? really? - i thought hex keys would only be used for WEP and possibly WPA, but not WPA2. So to me this sounds interesting. Maybe you can clarify and/or give more details?
Reply
#4
Note that hashcat automatically switches to hex output when the password is not in the 7 bit range, so not between 0x20 and 0x80. That's important to avoid encoding problem on the shell. So, for example, if the password contains "ö" it's shown as $HEX[...] and can then be decoded with any hex decoder.
Reply
#5
thanks atom. true that, even knew about hashcat's hex input and output modes just never used 'em yet. got confused because if the length 8 AND being hex input, now it's clear. ^^ but why would i create a file for brute forcing ?b. wasn't there custom charsets for that, e.g. using charset "de" (which includes äöüß) being way smaller than full binary charset, or at least using ?b mask instead ?
Reply
#6
Absolutely. No one should use ?b unless he knows what he's doing.
Reply
#7
According to the specs, a WPA/WPA2 password is printable ASCII with length between 8 and 63 inclusive. Are you seeing non-ASCII somewhere?
Reply
#8
Well, it's just a specification. You know that from a technical perspective it would work, too.
Reply
#9
(09-14-2016, 02:45 PM)atom Wrote: Well, it's just a specification. You know that from a technical perspective it would work, too.

Sure, I'm just interested in knowing about systems that allow it. All OS/router GUIConfused I've tried (not many) have rejected non-ASCII.
Reply