Comments (34)
When using hcxpcapngtool -- all -- ignore ie - o
Generate unbreakable hash 'FT PSK'
from hcxtools.
Yes. That is mentioned in -h menu:
--ignore-ie : do not use CIPHER and AKM information
this will convert all frames regadless of
CIPHER and/or AKM information,
and can lead to uncrackable hashes
Usually this option is only useful if you have a "deadly" cleaned dump file (1 BEACON, EAPOL M1, EAPOL M2 and ASSOCIATIONREQUEST or REASSOCIATIONREQUEST is missing).
There is absolutely no need to use this option on pcpng dump files recorded by hcxdumptool/hcxlabtool.
from hcxtools.
Use the same command "hcxpcapngtool -- all -- ignore ie - o"
Fortunately, this ' FT PSK ' packet skipped, not generated
FtPsk.zip
from hcxtools.
Please take a look at the status output:
EAPOL M2 messages (oversized)............: 1
EAPOL M3 messages (oversized)............: 1
Because hashcat can't handle oversized EAPOL messages, they will not be converted.
Wireshark confirms that the packets are oversized and truncated.
packet 1114 EAPOL M2
WPA Key Data [truncated]: 30260100000fac020100000fac040100000fac0400000100d196452e3be7e8c85c75604eca5e839d3603525403377400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Tag: RSN Information
Tag: Mobility Domain
Tag: Fast BSS Transition
packet 1116 EAPOL M3
WPA Key Data [truncated]: 12542eca77f1c8787b159b848568f87834e2517af03e34bbdaa7f72696bab7ff978011fcc5eee63f3f1bac77d1dc9ebf5cc23db401fbc15b768546179e094b20169bb7dcef21ffe11a1b298e3da2916c5f22d6695994c01ed8199d09136d832890830e2302397ef15f319
from hcxtools.
I think, should reject unbreakable hashes, regardless of using any parameters, refuse conver it
from hcxtools.
They have been rejected:
EAPOL M2 messages (oversized)............: 1
EAPOL M3 messages (oversized)............: 1
...
Information: no hashes written to hash files
from hcxtools.
I think, should reject unbreakable hashes, regardless of using any parameters, refuse convert it
By default options, this hashes will not be converted.
Using additional options is a decision of the user. After reading -h menu he should be warned that this can lead to invalid hashes.
Every additional option added to the command line may lead to invalid hashes!
But it also could make it possible to recover the PSK from crappy dump files (cap/pcap).
Neither hcxdumptool/hcxlabtool nor hcxtools knows that a hash is crackable or not.
None of this tools is able to recover a PSK because there are absolutely no functions inside this tools to recover a PSK.
Only the big GPU tools (hashcat/JtR) can do this.
BTW:
Status of hcxpcapngtool shows the AKM:
ASSOCIATIONREQUEST (total)...............: 1
ASSOCIATIONREQUEST (FT using PSK)........: 1
Adding "--ignore-ie" to the command line doesn't make sense as well as "--all, --eapoltimeout, --nonce-error-corrections".
from hcxtools.
Hi, ZerBea...
your collect have these types of data packets? you can share it ? Thanks
from hcxtools.
I'm not sure what you mean by "you can share it ? "
hcxcapngtool detect all common Authentication Key Management (AKM) suites and all common Cipher suites. This information is shown in the status and it can be printed to a csv file (if needed).
But it handles only the AKMs and Cipher suites which hashcat and JtR can work on.
E.g. SAE256 (WPA3) is ignored as long as hashcat and JtR have no hash mode for it.
An example:
$ hcxpcapngtool aircrack-ng/test/wpa3-psk.pcap --csv=tab.csv
hcxpcapngtool 6.3.4-45-gfb039b5 reading from wpa3-psk.pcap...
summary capture file
--------------------
file name................................: wpa3-psk.pcap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (timestamp)............: 16.04.2019 23:55:58 (1555458958)
timestamp maximum (timestamp)............: 16.04.2019 23:56:02 (1555458962)
duration of the dump tool (seconds)......: 3
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianness (capture system)..............: little endian
packets inside...........................: 24
packets received on 2.4 GHz..............: 24
ESSID (total unique).....................: 1
BEACON (total)...........................: 1
BEACON on 2.4 GHz channel (from IE_TAG)..: 1
PROBEREQUEST (undirected)................: 1
PROBERESPONSE (total)....................: 1
AUTHENTICATION (total)...................: 4
AUTHENTICATION (SAE).....................: 4
ASSOCIATIONREQUEST (total)...............: 1
ASSOCIATIONREQUEST (SAE SHA256)..........: 1
EAPOL messages (total)...................: 4
EAPOL RSN messages.......................: 4
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 1
EAPOL M1 messages (KDV:0 AKM defined)....: 1 (PMK not recoverable)
EAPOL M2 messages (total)................: 1
EAPOL M2 messages (KDV:0 AKM defined)....: 1 (PMK not recoverable)
EAPOL M3 messages (total)................: 1
EAPOL M3 messages (KDV:0 AKM defined)....: 1 (PMK not recoverable)
EAPOL M4 messages (total)................: 1
EAPOL M4 messages (KDV:0 AKM defined)....: 1 (PMK not recoverable)
RSN PMKID (total)........................: 1
RSN PMKID (KDV:0 AKM defined)............: 1 (PMK not recoverable)
frequency statistics from radiotap header (frequency: received packets)
-----------------------------------------------------------------------
2412: 24
Information: limited dump file format detected!
This file format is a very basic format to save captured network data.
It is recommended to use PCAP Next Generation dump file format (or pcapng for short) instead. The PCAP Next Generation dump file format is an attempt to overcome the limitations of the currently widely used (but very limited) libpcap (cap, pcap) format.
https://www.wireshark.org/docs/wsug_html_chunked/AppFiles.html#ChAppFilesCaptureFilesSection
https://github.com/pcapng/pcapng
Information: missing frames!
This dump file does not contain enough EAPOL M1 frames.
It always happens if the capture file was cleaned or it could happen if filter options are used during capturing.
That makes it impossible to calculate nonce-error-correction values.
Duration of the dump tool was a way too short to capture enough additional information.
Information: no hashes written to hash files
session summary
---------------
processed cap files...................: 1
$ cat tab.csv
2019-04-16 23:55:58 02:00:00:00:00:00 WPA3-Network [WPA2] [CCMP] [SAE_SHA256] 00 1 0 0.000000 E 0.000000 S 0.000000 0.000000 0 0 0.000000 0.000000 M
2019-04-16 23:55:58 02:00:00:00:00:00 WPA3-Network [WPA2] [CCMP] [SAE_SHA256] 00 1 0 0.000000 E 0.000000 S 0.000000 0.000000 0 0 0.000000 0.000000 M
Example is from here:
https://github.com/aircrack-ng/aircrack-ng/tree/master/test
from hcxtools.
I'm not sure what you mean by "you can share it ? "
Example is from here:
Thanks, I need are these types of cap files
from hcxtools.
No, these are encryption types used by the ACCESS POINT.
The are located e.g. in the RSN-IE of an ASSOCIATIONREQUEST:
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 26
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Group Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
Group Cipher Suite type: AES (CCM) (4)
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) SAE (SHA256)
Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) SAE (SHA256)
RSN Capabilities: 0x00c0
.... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
.... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
.... .... .... 00.. = RSN PTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... .1.. .... = Management Frame Protection Required: True
.... .... 1... .... = Management Frame Protection Capable: True
.... ...0 .... .... = Joint Multi-band RSNA: False
.... ..0. .... .... = PeerKey Enabled: False
..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported
.0.. .... .... .... = OCVC: False
PMKID Count: 0
PMKID List
Group Management Cipher Suite: 00:0f:ac (Ieee 802.11) BIP (128)
Group Management Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
Group Management Cipher Suite type: BIP (128) (6)
from hcxtools.
This should be a rare type of data packet. Are you sure hashcat supports it
I tried to restore it using 150GB dict, but failed
I am very skeptical
if there are any packets of this type that match the PSK ? This should be the best proof
or
have any link to technical description ? thanks
from hcxtools.
hcxpcapngtool convert it and hashcat is able to recover the PSK:
hashcat/hashcat#1300
from hcxtools.
Thanks
from hcxtools.
I'm a little curious. it conversion style is hc22000 format, PSKSHA256 and PSK use different algorithms. How does hashcat recognize it and switch to the PSKSHA256 algorithm to work? Thanks
from hcxtools.
As of today hashcat is able to recover the PSK of WPA1, WPA2 and WPA2 key version 3 (PSKSHA256) networks.
hcxdumptool/hcxpcapngtool/hashcat/JtR take this information from an EAPOL MESSAGE (Key Information field):
WPA1 (key version 1):
.... .... .... .001 = Key Descriptor Version: RC4 Cipher, HMAC-MD5 MIC (1)
WPA2 (key version 2):
.... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
WPA2 (key version 3):
.... .... .... .011 = Key Descriptor Version: AES Cipher, AES-128-CMAC MIC (3)
from hcxtools.
Sorry , I mean
How to distinguish whether hc22000 is of CMAC/PSKSHA256 or HMAC/PSK hash type
Additionally, seems AES-028-CMAC type PMKID crack is not supported ?
e.g
Can distinguish which type it belongs to by the following hash ? CMAC/PSKSHA256 or HMAC/PSK type ?
EAPOL:0203007502010b001000000000000000036467233e730767c33e1df875c3ad0eb58a51ad704a3fae06b818c0c5fcebf3af000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac068c00
EAPOL:020300b70213cb001000000000000000040218c7b64ecef40c4f15915fbceb19c8d62608387eb6b986d9599a8bd70dc85d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000582e09cd25683d452ad1bc92dffe0be5b022873e359dbb413b9d888c90266fe67a0fed2684a98e3bdddf70bbbc1d21af00a0b8cade7814d09c105058a288c2df8ff57582a84d0e8b960b66612e71ad64afffa200e5f72ea120
EAPOL:0203007502010a00100000000000000001f958cb60172650bec86d21ce7d943734d917dcd4e2098f6ee91f0e39427496ea000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020c00
EAPOL:020300af0213ca001000000000000000029042a988b62c3d4d6eaf53437ebd3726a88f1a100ae0b9d654bac089396b49a9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005090db2493ef20933ec64f8e9f564f029bdf00ed5e7519444c8ff935693a5da8f8c8e74e2ddc33030c7777541e897b14aa22cad2fcb6ac44f31cf6cb57ae2d3e3d4d596bd1593f4a2ed63eed37ef807a45
from hcxtools.
Please keep in mind, we are talking about verifying the MIC of an EAPOL MESSAGE.
Please use hcxhashtool to identify the key version:
$ hcxhashtool -i test.22000 --info=stdout
The first 2:
VERSION....: 802.1X-2004 (2)
KEY VERSION: WPA2 key version 3
The last 2:
VERSION....: 802.1X-2004 (2)
KEY VERSION: WPA2
The first 18 bytes of the EAPOL MESSAGE field of a hcx22000 line:
*0203007502010b0010...
02 = Version: 802.1X-2004 (2)
03 = Type: Key (3)
0075 = Length: 117
02 = Key Descriptor Type: EAPOL RSN Key (2)
010b =Key Information: 0x010b
.... .... .... .011 = Key Descriptor Version: AES Cipher, AES-128-CMAC MIC (3)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 0... .... = Key ACK: Not set
.... ...1 .... .... = Key MIC: Set
.... ..0. .... .... = Secure: Not set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not set
0010 = Key Length: 16
About PMKIDs:
hashcat is able to verify this PMKID type (used on standard wpa2 and wpa2 key version 3):
PMKID = Truncate-128(HMAC-SHA-1(PMK, "PMK Name" || AA || SPA))
Not implemented in hashcat is:
rsn_pmkid_suite_b (EAP)
PMKID = Truncate(HMAC-SHA-256(KCK, "PMK Name" || AA || SPA))
and
rsn_pmkid_suite_b_192 (FILS)
PMKID = Truncate(HMAC-SHA-384(KCK, "PMK Name" || AA || SPA))
``
from hcxtools.
Well good thanks
from hcxtools.
Use compiled hcxpmktool hcxpmktool.zip
seems calculating CMAC/SHA256 hash line on WINDOWS 22H2 has failed, why
But calculation of HAMC/SHA1 hash line is normal
from hcxtools.
Thanks for reporting that issue.
It should be fixed now. Please try latest git head.
from hcxtools.
Ok,
returning some prompts in cygwin compilation during
But seem not affect use of the tool
$ make
fatal: not a git repository (or any of the parent directories): .git
mkdir -p .deps
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/hcxpcapngtool.d -o hcxpcapngtool hcxpcapngtool.c -lssl -lcrypto -lz -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
In file included from hcxpcapngtool.c:2:
include/strings.c: In function 'ishexvalue':
include/strings.c:47:25: warning: array subscript has type 'char' [-Wchar-subscripts]
47 | if(!isxdigit(str[i])) return false;
| ~~~^~~
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/hcxhashtool.d -o hcxhashtool hcxhashtool.c -lssl -lcrypto -lcurl -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
In file included from hcxhashtool.c:2:
include/strings.c: In function 'ishexvalue':
include/strings.c:47:25: warning: array subscript has type 'char' [-Wchar-subscripts]
47 | if(!isxdigit(str[i])) return false;
| ~~~^~~
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/hcxpsktool.d -o hcxpsktool hcxpsktool.c -lssl -lcrypto -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
In file included from hcxpsktool.c:2:
include/strings.c: In function 'ishexvalue':
include/strings.c:47:25: warning: array subscript has type 'char' [-Wchar-subscripts]
47 | if(!isxdigit(str[i])) return false;
| ~~~^~~
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/hcxpmktool.d -o hcxpmktool hcxpmktool.c -lssl -lcrypto -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
In file included from include/strings.c:2,
from hcxpmktool.c:26:
include/strings.c: In function 'ishexvalue':
include/strings.c:47:25: warning: array subscript has type 'char' [-Wchar-subscripts]
47 | if(!isxdigit(str[i])) return false;
| ~~~^~~
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/hcxeiutool.d -o hcxeiutool hcxeiutool.c -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
In file included from hcxeiutool.c:2:
include/strings.c: In function 'ishexvalue':
include/strings.c:47:25: warning: array subscript has type 'char' [-Wchar-subscripts]
47 | if(!isxdigit(str[i])) return false;
| ~~~^~~
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/hcxwltool.d -o hcxwltool hcxwltool.c -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
In file included from hcxwltool.c:2:
include/strings.c: In function 'ishexvalue':
include/strings.c:47:25: warning: array subscript has type 'char' [-Wchar-subscripts]
47 | if(!isxdigit(str[i])) return false;
| ~~~^~~
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/hcxhash2cap.d -o hcxhash2cap hcxhash2cap.c -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
In file included from hcxhash2cap.c:2:
include/strings.c: In function 'ishexvalue':
include/strings.c:47:25: warning: array subscript has type 'char' [-Wchar-subscripts]
47 | if(!isxdigit(str[i])) return false;
| ~~~^~~
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/wlancap2wpasec.d -o wlancap2wpasec wlancap2wpasec.c -lssl -lcrypto -lcurl -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
cc -O3 -Wall -Wextra -Wpedantic -std=gnu99 -MMD -MF .deps/whoismac.d -o whoismac whoismac.c -lssl -lcrypto -lcurl -DVERSION_TAG=\"6.3.4\" -DVERSION_YEAR=\"2024\" -DWANTZLIB
In file included from whoismac.c:2:
include/strings.c: In function 'ishexvalue':
include/strings.c:47:25: warning: array subscript has type 'char' [-Wchar-subscripts]
47 | if(!isxdigit(str[i])) return false;
| ~~~^~~
from hcxtools.
By this commit
18238fc
the warning should not longer appear.
from hcxtools.
why not convert hcxpcapngtool ?
12.zip
from hcxtools.
Unsupported Authentication Key Management (AKM)
Please take a look at the RSN-IE of the BEACON:
Frame 1: 292 bytes on wire (2336 bits), 292 bytes captured (2336 bits)
IEEE 802.11 Beacon frame, Flags: ........
IEEE 802.11 Wireless Management
Fixed parameters (12 bytes)
Tagged parameters (256 bytes)
Tag: SSID parameter set: "LianLian_CD_Employee"
Tag: Supported Rates 6(B), 9, 12(B), 18, 24(B), 36, 48, 54, [Mbit/sec]
Tag: Traffic Indication Map (TIM): DTIM 0 of 1 bitmap
Tag: Country Information: Country Code CN, Environment All
Tag: HT Capabilities (802.11n D1.10)
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 24
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) TKIP
Pairwise Cipher Suite Count: 2
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM) 00:0f:ac (Ieee 802.11) TKIP
Pairwise Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite: 00:0f:ac (Ieee 802.11) TKIP
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) WPA
Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) WPA
Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
Auth Key Management (AKM) type: WPA (1)
RSN Capabilities: 0x0000
Tag: HT Information (802.11n D1.10)
Tag: Extended Capabilities (10 octets)
Tag: VHT Capabilities
Tag: VHT Operation
Ext Tag: HE Capabilities
Ext Tag: HE Operation
Tag: Vendor Specific: Microsoft Corp.: WPA Information Element
Tag: Vendor Specific: Microsoft Corp.: WMM/WME: Parameter Element
AKM is PMKSA and not PSK. This is not supported by hashcat and JtR so there is no need to convert it:
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) WPA
These AKs are supported by hashcat and JtR:
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK (SHA256)
There is a feature request to support this one:
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) FT using PSK
This is an example of a by hashcat or JtR supported AKM:
BTW:
The dump file is deadly cleaned. Important frames like AUTHENTICATION and ASSOCIATION frames are completely. missing.That is the reason why hcxpcapngtool can't give you additional information about the exact used encryption system.
from hcxtools.
I want to understand if AKM will affect its M1 PMKID algorithm ?
from hcxtools.
Its M1 PMKID version key is: HMAC-SHA1 MIC (2)
It should belong to WPA2 PMKID, hashcat and JtR supported
Key Information: 0x008a
.... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 1... .... = Key ACK: Set
.... ...0 .... .... = Key MIC: Not set
.... ..0. .... .... = Secure: Not set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not set
Here's a problem need be clarified here
AKM will affect its M1 PMKID "HMAC-SHA1" algorithm crack ?
from hcxtools.
On WPA-PSK or WPA_PSK256 the PMK is calculated by PBKDF2 (from ESSID and PASSWORD).
hashcat and JtR are able to recover the PMK and the PSK from a PMKID or from an EAPOL MESSAGE PAIR.
That is not the case on e.g. EAP related authentications as the one you attached.
Get this example and take a look at it. It is a complete authentication and not deadly cleaned by a crappy tool:
https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/wpa-eap-tls.pcap.gz
$ hcxpcapngtool wpa-eap-tls.pcap.gz
decompressing wpa-eap-tls.pcap.gz to /tmp/wpa-eap-tls.pcap.gz.tmp
hcxpcapngtool 6.3.4-65-g82461bd reading from wpa-eap-tls.pcap.gz.tmp...
summary capture file
--------------------
file name................................: wpa-eap-tls.pcap.gz
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (timestamp)............: 03.05.2015 14:19:18 (1430662758)
timestamp maximum (timestamp)............: 03.05.2015 14:23:34 (1430663014)
duration of the dump tool (minutes)......: 4
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11_RADIO (127)
endianness (capture system)..............: little endian
packets inside...........................: 86
packets received on 2.4 GHz..............: 86
WPA encrypted............................: 61
IDENTITIES...............................: 1
EAP (total)..............................: 21
EAP CODE request.........................: 11
EAP CODE response........................: 9
EAP ID...................................: 4
EAP-TLS messages.........................: 17
EAPOL messages (total)...................: 4
EAPOL RSN messages.......................: 4
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 1
EAPOL M2 messages (total)................: 1
EAPOL M3 messages (total)................: 1
EAPOL M4 messages (total)................: 1
EAPOL M4 messages (zeroed NONCE).........: 1
RSN PMKID (total)........................: 1
The ACCESS key is generated by TLS. It doesn't use a PSK!
EAP (total)..............................: 21
EAP CODE request.........................: 11
EAP CODE response........................: 9
EAP ID...................................: 4
EAP-TLS messages.........................: 17
The traffic itself is WPA encrypted:
WPA encrypted............................: 61
hashcat and JtR can't crack it because the PMK is calculated from TLS AUTHENTICATION (which is removed in your dump files) and not from a PSK via PBKDF2!
For all other readers:
Do not clean dump files, because this information will be removed.
Do not use tools that do not record this information.
from hcxtools.
On overview of the CIPHER suites and the AKM suites is here:
https://mentor.ieee.org/802.11/dcn/04/11-04-0588-01-000i-tutorial-using-ouis-to-identify-cipher-and-akm-suites.doc
To answer your question: I want to understand if AKM will affect its M1 PMKID algorithm ?
The AKM defines how the PMK is calculated.
Another example:
https://github.com/vanhoefm/wifi-example-captures/blob/master/wpa3.pcapng
This time SAE authentication.
Before the 4way handshake is done, four AUTHENTICATION packets (packets 80, 82, 84, 86) are used to calculate the PMK.
This PMK is used to do the following 4way handshake.
from hcxtools.
Well thanks, AKM will affect M1 and M2 PMKID
from hcxtools.
Related Issues (20)
- handshake detection HOT 40
- Check PMKID HOT 9
- Warning: out of sequence timestamps! hcxpcapngtool/hcxdumptool HOT 9
- wifite ends in an infinite loop HOT 6
- About using - o some questions HOT 17
- atal error: openssl/core.h: No such file or directory HOT 3
- valid message pairs and nonce-error-corrections HOT 29
- hcxhash2cap not working on some files HOT 18
- feature request: hcxhashtool - add import function of deprecatred hccapx hash files HOT 1
- feature request: hcxhashtool - add import function of ancient hccap hash file HOT 1
- please help me in this issue HOT 1
- Maximum of supported interfaces reached HOT 3
- fatal error: openssl/sha.h: No such file or directory (misconfigured KALI distribution) HOT 9
- Issue with cap2hccapx.bin not producing readable hash HOT 7
- Please add obtain BSSID HOT 11
- Package Offers to Uninstall 1000+ packages on Debian kali-pi HOT 1
- Please add more detailed valid hash info HOT 19
- KALI Linux: unable to install i tried everything i could HOT 2
- Convert hccap (hccapx) to pcap (pcapng) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hcxtools.