hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Please specify the "invalid channel message" (exact output of hcxdumptool).
Reply
hcxdumptool -i wlan0 -c xx
unknown channel selected
Reply
Have you modified the default channel list as mentioned here:
https://hashcat.net/forum/thread-6661-po...l#pid50505

You want channel 74 ( -c 74).
First hcxdumptool check if desired channel is in channel list here:
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L6430

The allowed channel are here:
https://github.com/ZerBea/hcxdumptool/bl...ool.c#L226
channel 74 is not in this list, so you receive an error.

The default frequencies are here:
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L6464

They depend on standard 802.11 as mentioned here:
https://en.wikipedia.org/wiki/List_of_WLAN_channels

If you have patched your firmware and/or your driver the values inside this functions must match to the values of your patched firmware/driver!
Reply
After some more investigation, I found this in ath9k/common-init.c:
https://git.kernel.org/pub/scm/linux/ker...?h=v5.8.16
Code:
/* Some 2 GHz radios are actually tunable on 2312-2732
* on 5 MHz steps, we support the channels which we know
* we have calibration data for all cards though to make
* this static */

It's time to play around with an Atheros device:
Code:
$ lsusb
ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n

$ hcxdumptool -I
wlan interfaces:
f81a67077d0e wlp39s0f3u1u1u2 (ath9k_htc)

hcxdumptool showing available channels as coded in ath9k/common-init.c:
Code:
static const struct ieee80211_channel ath9k_2ghz_chantable[] = {
    CHAN2G(2412, 0), /* Channel 1 */
    CHAN2G(2417, 1), /* Channel 2 */
    CHAN2G(2422, 2), /* Channel 3 */
    CHAN2G(2427, 3), /* Channel 4 */
    CHAN2G(2432, 4), /* Channel 5 */
    CHAN2G(2437, 5), /* Channel 6 */
    CHAN2G(2442, 6), /* Channel 7 */
    CHAN2G(2447, 7), /* Channel 8 */
    CHAN2G(2452, 8), /* Channel 9 */
    CHAN2G(2457, 9), /* Channel 10 */
    CHAN2G(2462, 10), /* Channel 11 */
    CHAN2G(2467, 11), /* Channel 12 */
    CHAN2G(2472, 12), /* Channel 13 */
    CHAN2G(2484, 13), /* Channel 14 */
};

$ sudo hcxdumptool -i wlp39s0f3u1u1u2 -C
initialization...
available channels:
  1 / 2412MHz (20 dBm)
  2 / 2417MHz (20 dBm)
  3 / 2422MHz (20 dBm)
  4 / 2427MHz (20 dBm)
  5 / 2432MHz (20 dBm)
  6 / 2437MHz (20 dBm)
  7 / 2442MHz (20 dBm)
  8 / 2447MHz (20 dBm)
  9 / 2452MHz (20 dBm)
10 / 2457MHz (20 dBm)
11 / 2462MHz (20 dBm)
12 / 2467MHz (20 dBm)
13 / 2472MHz (20 dBm)
14 / 2484MHz (20 dBm)

terminating...

By latest commit, I added support for additional 2.4GHz channels 15...33 (ath9k driver modification mandatory)
Code:
-c <digit>     : set channel (1,2,3, ...)
                 default channels: 1...13
                 maximum entries: 127
                 allowed channels (depends on the device):
                 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
                 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33 (driver modification)
                 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 68, 96
                 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128
                 132, 134, 136, 138, 140, 142, 144, 149, 151, 153, 155, 157, 159
                 161, 165, 169, 173

Channellist according to The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) channel patch:
https://github.com/0x90/The-Distribution...penCL-Well (Kali)-scripts/blob/master/patches/ath9k-htc-channels-unlock.patch
Code:
CHAN2G(2407, 14)
CHAN2G(2402, 15)
CHAN2G(2397, 16)
CHAN2G(2392, 17)
CHAN2G(2387, 18)
CHAN2G(2382, 19)
CHAN2G(2377, 20)
CHAN2G(2372, 21)
CHAN2G(2367, 22)
CHAN2G(2362, 23)
CHAN2G(2357, 24)
CHAN2G(2352, 25)
CHAN2G(2347, 26)
CHAN2G(2342, 27)
CHAN2G(2337, 28)
CHAN2G(2332, 29)
CHAN2G(2327, 30)
CHAN2G(2322, 31)
CHAN2G(2317, 32)
CHAN2G(2312, 33)
Reply
hi zerbea, i can send you the patch i used for my spectrum
Reply
Thanks, but I don't need it.
Please test latest git head. I need the exact output of hcxdumptool -i interface -C
Reply
so i should switch radio? i need work with 2.4 ghz?
Reply
No, not necessary. I'll dive into the driver code and rewrite hcxdumptool channel behavior. First on 2.4GHz - maybe I need some additional information on 5GHz later on. Thanks
Reply
ok talk later i need go now. anyway last git show

hcxdumptool -i wlan0 -C
initialization...
interface is already in monitor mode
available channels:
1 / 2412MHz (26 dBm)
2 / 2417MHz (26 dBm)
3 / 2422MHz (26 dBm)
4 / 2427MHz (26 dBm)
5 / 2432MHz (26 dBm)
6 / 2437MHz (26 dBm)
7 / 2442MHz (26 dBm)
8 / 2447MHz (26 dBm)
9 / 2452MHz (26 dBm)
10 / 2457MHz (26 dBm)
11 / 2462MHz (26 dBm)
12 / 2467MHz (26 dBm)
13 / 2472MHz (26 dBm)
14 / 2484MHz (26 dBm)
Reply
Ok, thanks.
By latest commit, default channels are not longer hard coded. Instead hcxdumptool take the channel from -c option and see if the driver is able to set it.
Reply