PBKDF2-HMAC-SHA1 format for WPA hex key
#1
Hello together,
I try since about 3 hours to crack a 4096 WPA-DK.
I used this website to generate a testhash:
ASCII-ESSID: "Testnetwork" == salt
ASCII-PSK: "12345678"
HEX-WPA-Key: "bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8"

I used the v1.00rc3 GUI with hashcat-4.1.0 (x64) to crack it but it won't work.
I don't know the expected input format, but I orientated myself on the example hashes and on this thread.
The example hasĀ  (used it as shown below) was cracked very fast with a wordlist so I got the following information:
Code:
sha1:1000:MzU4NTA4MzIzNzA1MDQ=:19ofiY+ahBXhvkDsp0j2ww==
hash_type:bit_size:salt(b64):hash(unknown format)

Based in this information I entered my own string in 2 formats:
Code:
Plain:
sha1:4096:Testnetwork:bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8

hex key raw:
sha1:4096:VGVzdG5ldHdvcms=:bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8
hex key in base64:
sha1:4096:VGVzdG5ldHdvcms=:YmM5NzFmODE0ZDdiZDM3Zjc1MDJjYzY3NDA4YzRmMmM1YTA2ZTFiM2Q0OGRjMDQxZTQyYjU0NzgxNTRkZjFhOA==

Aditionally based on this post I modified the salt (ESSID) with a ":" at the end. In the post the seperator for John the Ripper is "$".
Code:
Plain:
sha1:4096:Testnetwork::bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8

hex key raw:
sha1:4096:VGVzdG5ldHdvcms6:bc971f814d7bd37f7502cc67408c4f2c5a06e1b3d48dc041e42b5478154df1a8
hex key in base64
sha1:4096:VGVzdG5ldHdvcms6:YmM5NzFmODE0ZDdiZDM3Zjc1MDJjYzY3NDA4YzRmMmM1YTA2ZTFiM2Q0OGRjMDQxZTQyYjU0NzgxNTRkZjFhOA==

I had now 4 variants and tried them with "12345678" in the wordlist with following arguments (also used for the example hash):
Code:
hashcat64.exe -a 0 --session=2018-04-18 -m 12000 -w 3 --status --status-timer=60 --potfile-disable --remove -p : --gpu-temp-disable -o "D:\Downloads\Temp\data\output.txt" --outfile-format=3 "C:\Users\CryptoKiddie\AppData\Local\Temp\tmp84FC.tmp" "D:\Downloads\Temp\data\wordlist.txt"


Can you tell me what I'm doing wrong?
#2
base64-encoding the hex data is wrong. You first need to decode the hex, then base64-encode the result.

Quote:Aditionally based on this post I modified the salt (ESSID) with a ":" at the end. In the post the seperator for John the Ripper is "$".
I have no idea why you did this, but don't.
#3
(04-18-2018, 07:31 PM)undeath Wrote: base64-encoding the hex data is wrong. You first need to decode the hex, then base64-encode the result.

Quote:Aditionally based on this post I modified the salt (ESSID) with a ":" at the end. In the post the seperator for John the Ripper is "$".
I have no idea why you did this, but don't.

Perfect it works!
I missed this information. For the long term it was useful to find it somewhere.

I set the colon at the end of the ESSID because here magnum built it into the input string so I thought it is maybe needed/defined in the IEEE802.11.
magnum Wrote:
Code:
echo 'Harkonen:$pbkdf2-hmac-sha1$4096$486[...]
(the "Harkonen:" in this line is just a "username" that will be output if/when the hash is cracked. It's not part of the hash itself and can be omitted).


Thanks for helping Smile