NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Strange content of hccapx version 4


7 Results - Page 1 of 1 -
1
Author Message
Avatar
kratos

Status: Member
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Wed, 08 Mar 2017 @ 12:35:30

just noticed that the information in hccapx has been changed in v4

the authenticated value that used to take values 0 and 1 has been replaced
by message_pair that now takes values 0, 1, 2, 3, 4, 5 (see below for meaning)

what is the point of the values 1, 4 and 5?
those pair of messages can never be a valid handshake
STA nonce is missing!

can anyone make any sense of this?

maybe hashcat will handle these useless handshakes OK, but it could trip
up anyone with custom hccapx parser

already seeing people using this v4 hccapx format

make sure u check hccapx version number!


Code:
value   Messages EAPOL Source  AP message   STA message
0       M1 + M2      M2            M1           M2
1       M1 + M4      M4            M1           M4
2       M2 + M3      M2            M3           M2
3       M2 + M3      M3            M3           M2
4       M3 + M4      M3            M3           M4
5       M3 + M4      M4            M3           M4 



Avatar
2BD80423

Status: Trusted
Joined: Sun, 07 Oct 2012
Posts: 401
Team:
Reputation: 651 Reputation
Offline
Wed, 08 Mar 2017 @ 13:21:06

see here https://hashcat.net/forum/thread-6361-post-33920.html#pid33920


Avatar
kratos

Status: Member
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Wed, 08 Mar 2017 @ 13:33:51

user said:

see here https://hashcat.net/forum/thread-6361-post-33920.html#pid33920

interesting read but show misunderstanding in my view

it talks about problem of not having right M1 but having M2 and M3 means AP nonce is missing

incorrect

AP nonce is in M3
M2+M3 is enough without having M1

then there is some stuff about creating virtual nonces by increasing by one

the nonce is a 256 bit random value
good luck trying to find that by incrementing by one!



Avatar
gpuhash_me

Status: Trusted
Joined: Sun, 08 Nov 2015
Posts: 843
Team: gpuhash team
Reputation: 1537 Reputation
Online
Wed, 08 Mar 2017 @ 13:37:17

You're right key frame 4 is useless for cracking purposes.
Hashcat hccapx support is under active development and I will not be surpirsed if we will see hccapx v.5, v.6, etc in the near future. Not ready for production use.

If you wish to help just open an issue here: https://github.com/hashcat/hashcat/issues


Head of cheap publicity department
Support, discounts, free offers for HK members
BTC: 1GpuHashTYDRn3S6jbLM4YwmutU5iVCxrf

Avatar
kratos

Status: Member
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Wed, 08 Mar 2017 @ 13:45:16

gpuhash_me said:

You're right key frame 4 is useless for cracking purposes.
Hashcat hccapx support is under active development and I will not be surpirsed if we will see hccapx v.5, v.6, etc in the near future. Not ready for production use.

If you wish to help just open an issue here: https://github.com/hashcat/hashcat/issues

i am more concerned hashcat is making these hccapx converters public when they
are producing outputs that are close to meaningless in some cases

hashcat should have kept backward compatibility with hccap until they sorted this out
properly

i now faced with more unplanned work to trap these hccapx issues to avoid wasting
time working on what people are posting in good faith for their handshakes

maybe we need to insist on capture files only here at hashkiller until this is sorted?
right now i trust my own eyes more than any of the hashcat converters



Avatar
gpuhash_me

Status: Trusted
Joined: Sun, 08 Nov 2015
Posts: 843
Team: gpuhash team
Reputation: 1537 Reputation
Online
Wed, 08 Mar 2017 @ 16:16:00

kratos said:

hashcat should have kept backward compatibility with hccap until they sorted this out
properly

Even more they had spare bytes in old hccap format (some by mistake so they could easily make it backward compatible. Notice hccapx have just one byte difference from older hccap (except for fields location) !!!
I understand they wanted to add HCPX signature as well but it completely broke backward compatibility.


Head of cheap publicity department
Support, discounts, free offers for HK members
BTC: 1GpuHashTYDRn3S6jbLM4YwmutU5iVCxrf

Avatar
kratos

Status: Member
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Wed, 08 Mar 2017 @ 16:20:08

gpuhash_me said:

kratos said:

hashcat should have kept backward compatibility with hccap until they sorted this out
properly

Even more they had spare bytes in old hccap format (some by mistake so they could easily make it backward compatible. Notice hccapx have just one byte difference from older hccap (except for fields location) !!!
I understand they wanted to add HCPX signature as well but it completely broke backward compatibility.

hashcat expertise absolutely peerless in GPU based hashing

but WPA understanding unfortunately not so good





7 Results - Page 1 of 1 -
1

We have a total of 211936 messages in 25992 topics.
We have a total of 22996 registered users.
Our newest registered member is tekatak.