Hello there,
i recently wrote some lines of C++ code to read in wordlists, to chunk them up into smaller ones and to crack a hash value by calculating and comparing each the hash for the word in the list in multiple threads for educational purpose only.
Then i asked myself wheather i could also try to crack WPA Handshakes.
So i sniffed on my (OWN) network and captured one in aircracks .cap format. Then i went and executed
|
aircrack-ng -J hash.hccap handshake.cap
| |
to convert this into a hashcat readable format, because i wanted to extract the hash of that Handshake to be able to crack it with my own library.
i found this information at hashcats wiki (
https://hashcat.net/wiki/doku.php?id=hccap ):
HCCAP C-Structure:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
|
typedef struct
{
char essid[36];
unsigned char mac1[6];
unsigned char mac2[6];
unsigned char nonce1[32];
unsigned char nonce2[32];
unsigned char eapol[256];
int eapol_size;
int keyver;
unsigned char keymic[16];
} hccap_t;
| |
and i quickly read in a hccap_t struct from the hccap file.
Theres a table too which tells about the particular Attribures.
After having read this doe, i wanted to get the Attribute "keymic", cause the desription said:
keymic : the final hash value. MD5 for WPA and SHA-1 for WPA2
i calculated the sha1 hash of my wifis pass and compared it to that hash val (examples):
|
900150983cd24fb0d6963f7d28e17f72 != 37029430cfd06ae2a279cc1e2504e7c3
| |
After quick research i realized that WPA2 cracking is more likely a big deal than i thought such as calculating Nonces and PMKs/PTKs and 2 salts.
So in general i just wanna know what to calculate together to be able to crack it my way.
Do i need to calc the (Password + salt1 + salt2) to get the value "keymic" or what is the correct formula?
Thank you all very much in advance
Luke