Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt hcxtools' (and hashcat's) new unified WPA input line format #4183

Open
magnumripper opened this issue Dec 19, 2019 · 4 comments
Open

Adopt hcxtools' (and hashcat's) new unified WPA input line format #4183

magnumripper opened this issue Dec 19, 2019 · 4 comments
Assignees
@magnumripper
Labels
enhancement portability

Comments

@magnumripper
Copy link
Member

magnumripper commented Dec 19, 2019
edited
Loading

See hashcat/hashcat#1816 (comment)

The new format is:

SIGNATURE*TYPE*PMKID/MIC*MACAP*MACSTA*ESSID*ANONCE*EAPOL*MESSAGEPAIR

Some notes:

  • SIGNATURE = "WPA"
  • TYPE = 01 for PMKID, 02 for EAPOL, others to follow
  • PMKID/MIC = PMKID if TYPE==01, MIC if TYPE==02
  • MACAP = MAC of AP
  • MACSTA = MAC of station
  • ESSID = ESSID
  • ANONCE = ANONCE
  • EAPOL = EAPOL (SNONCE is in here)
  • MESSAGEPAIR = Bitmask:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
3: x (unused)
4: ap-less attack (set to 1) - no nonce-error-corrections necessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary

All fields are encoded in hex except SIGNATURE.

This is a great improvement to our old hack of simply Base-64 encoding the (deprecated) hccap struct.

A corresponding pot line in JtR will only contain ESSID and calculated PMK, something like

WPA*00*PMK***ESSID***:password

That is: TYPE is set to 00, next field is PMK and all other fields but ESSID are empty.
@magnumripper magnumripper self-assigned this Dec 19, 2019
@magnumripper
Copy link
Member Author

Hm no, that won't work. We need to preserve the input in order to match it for --show

@magnumripper
Copy link
Member Author

magnumripper commented Dec 19, 2019
edited
Loading

OK maybe not. Let's say we have a pot line of WPA*00*pmk*essid:psk. To match it to input lines at load time, we'd need to try that PMK for post-processing each input line with matching ESSID, and if it passes we know we have a hit without needing to do the heavy PBKDF2 part.

Still, for a 1,000,000 entry input file and a 250,000 entry pot file, that will be some hard work at load time, or for --show. I'll need to try that out. Also, I'm not sure yet our current format interface allows this without fugly hacks.

@ZerBea ZerBea mentioned this issue Dec 21, 2019
Closed
@ZerBea
Copy link

ZerBea commented Dec 21, 2019

The new hasline alone is worth it and will be a huge improvement for all.

ZerBea referenced this issue in RealEnder/dwpa Dec 22, 2019
@RealEnder
Lower nonce correction for the client too
be75d7e
@ZerBea
Copy link

ZerBea commented Dec 27, 2019

Now we have another (portable) conversion tool for the new hash line:
s77rt/multicapconverter#1

This was referenced Jan 4, 2020
Closed
Closed
@ZerBea ZerBea mentioned this issue Jan 24, 2020
Closed
@ZerBea ZerBea mentioned this issue Apr 6, 2020
Open
@ZerBea ZerBea mentioned this issue Jun 12, 2020
Closed
@ZerBea ZerBea mentioned this issue Oct 18, 2020
Closed
@magnumripper magnumripper mentioned this issue Nov 15, 2022
Closed
@ZerBea ZerBea mentioned this issue Dec 6, 2022
Open
@magnumripper magnumripper mentioned this issue Oct 6, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@magnumripper magnumripper

Labels
enhancement portability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@magnumripper @ZerBea