(06-27-2019, 04:11 PM)ZerBea Wrote: [ -> ]GPS output is not included in --prefix-out because it depend on hcxdumptool.
In other words:
You must run hcxdumptool with connected GPS receiver and option --use_gpsd
--use_gpsd : use GPSD to retrieve position
add latitude, longitude and altitude to every pcapng fram
hcxpcaptool will add a GPS position to every received packet.
tshark and wireshark is able to show you the positions (and more) directly from the pcpang file:
$ tshark -r test.pcapng -Y frame.comment -T fields -E header=y -e frame.number -e frame.time -e wlan.sa -e frame.comment
172 Mar 6, 2019 23:01:48.793212000 CET 1a:f8:7c:91:24:a3 lat:49.126337,lon:4.626268,alt:129.500000,date:06.03.2019,time:22:01:48
If you run hcxpcaptool with option -g on such a pcapng file, you will get a GPS track (inclusive WiFi information).
-g <file> : output GPS file
format = GPX (accepted for example by Viking and GPSBabel)
Viking understand and show you the track. GPSBabel is able to convert it to other formats.
BTW 1:
Do not try to run hcxpcaptool -g option on cap or pcap files. This (ancient) format doesn't allow additional comment fields.
BTW 2:
hcxdumptool use gpsd. So GPS receiver must be supported by gpsd (https://gpsd.gitlab.io/gpsd/index.html)
BTW 3:
What do you mean GPS does not work?
If you are on a kernel > 4.19, bluetooth may not work like expected, because some
external devices are affected by an xhci issue:
https://bugzilla.kernel.org/show_bug.cgi?id=202541#c32
That means, if your device is connected via USB bluetooth adapter, it may not work as expected.
ok, I thought that when using hcapcaptool --prefix-out included gps.
(06-09-2019, 07:49 PM)ZerBea Wrote: [ -> ]Edimax EW-7811UAC
ID 7392:a812 Edimax Technology Co., Ltd
$ hcxdumptool -I
wlan interfaces:
74da380645e7 wlp0s20f0u1 (rtl88xxau)
$ hcxdumptool -i wlp0s20f0u1 -C
initialization...
available channels:
1 / 2412MHz (18 dBm)
2 / 2417MHz (18 dBm)
3 / 2422MHz (18 dBm)
4 / 2427MHz (18 dBm)
5 / 2432MHz (18 dBm)
6 / 2437MHz (18 dBm)
7 / 2442MHz (18 dBm)
8 / 2447MHz (18 dBm)
9 / 2452MHz (18 dBm)
10 / 2457MHz (18 dBm)
11 / 2462MHz (18 dBm)
12 / 2467MHz (18 dBm)
13 / 2472MHz (18 dBm)
14 / 2484MHz (18 dBm)
36 / 5180MHz (18 dBm)
40 / 5200MHz (18 dBm)
44 / 5220MHz (18 dBm)
48 / 5240MHz (18 dBm)
52 / 5260MHz (18 dBm)
56 / 5280MHz (18 dBm)
60 / 5300MHz (18 dBm)
64 / 5320MHz (18 dBm)
100 / 5500MHz (18 dBm)
104 / 5520MHz (18 dBm)
108 / 5540MHz (18 dBm)
112 / 5560MHz (18 dBm)
116 / 5580MHz (18 dBm)
120 / 5600MHz (18 dBm)
124 / 5620MHz (18 dBm)
128 / 5640MHz (18 dBm)
132 / 5660MHz (18 dBm)
136 / 5680MHz (18 dBm)
140 / 5700MHz (18 dBm)
144 / 5720MHz (18 dBm)
149 / 5745MHz (18 dBm)
153 / 5765MHz (18 dBm)
157 / 5785MHz (18 dBm)
161 / 5805MHz (18 dBm)
165 / 5825MHz (18 dBm)
169 / 5845MHz (18 dBm)
173 / 5865MHz (18 dBm)
$ uname -r
5.1.7-arch1-1-ARCH
Running not out of the box. Get driver from here:
https://github.com/aircrack-ng/rtl8812au
aircrack-ng team is doing a really good job here!
Using Alfa dongle with the 8812au chip.. seems that cant capture packages. any idea of what to check after installing drivers from Aircrack?
root@raspberrypi:/home/pi# hcxdumptool -I
wlan interfaces:
00c0ca9005f5 wlan0 (rtl88xxau)
root@raspberrypi:/home/pi# hcxdumptool -i wlan0 -C
initialization...
available channels:
1 / 2412MHz
2 / 2417MHz
3 / 2422MHz
4 / 2427MHz
5 / 2432MHz
6 / 2437MHz
7 / 2442MHz
8 / 2447MHz
9 / 2452MHz
10 / 2457MHz
11 / 2462MHz
12 / 2467MHz
13 / 2472MHz
14 / 2484MHz
36 / 5180MHz
37 / 5185MHz
38 / 5190MHz
39 / 5195MHz
40 / 5200MHz
41 / 5205MHz
42 / 5210MHz
43 / 5215MHz
44 / 5220MHz
45 / 5225MHz
46 / 5230MHz
47 / 5235MHz
48 / 5240MHz
49 / 5245MHz
50 / 5250MHz
51 / 5255MHz
52 / 5260MHz
53 / 5265MHz
54 / 5270MHz
55 / 5275MHz
56 / 5280MHz
57 / 5285MHz
58 / 5290MHz
59 / 5295MHz
60 / 5300MHz
61 / 5305MHz
62 / 5310MHz
63 / 5315MHz
64 / 5320MHz
65 / 5325MHz
66 / 5330MHz
67 / 5335MHz
68 / 5340MHz
69 / 5345MHz
70 / 5350MHz
71 / 5355MHz
72 / 5360MHz
73 / 5365MHz
74 / 5370MHz
75 / 5375MHz
76 / 5380MHz
77 / 5385MHz
78 / 5390MHz
79 / 5395MHz
80 / 5400MHz
81 / 5405MHz
82 / 5410MHz
83 / 5415MHz
84 / 5420MHz
85 / 5425MHz
86 / 5430MHz
87 / 5435MHz
88 / 5440MHz
89 / 5445MHz
90 / 5450MHz
91 / 5455MHz
92 / 5460MHz
93 / 5465MHz
94 / 5470MHz
95 / 5475MHz
96 / 5480MHz
97 / 5485MHz
98 / 5490MHz
99 / 5495MHz
100 / 5500MHz
101 / 5505MHz
102 / 5510MHz
103 / 5515MHz
104 / 5520MHz
105 / 5525MHz
106 / 5530MHz
107 / 5535MHz
108 / 5540MHz
109 / 5545MHz
110 / 5550MHz
111 / 5555MHz
112 / 5560MHz
113 / 5565MHz
114 / 5570MHz
115 / 5575MHz
116 / 5580MHz
117 / 5585MHz
118 / 5590MHz
119 / 5595MHz
120 / 5600MHz
121 / 5605MHz
122 / 5610MHz
123 / 5615MHz
124 / 5620MHz
125 / 5625MHz
126 / 5630MHz
127 / 5635MHz
128 / 5640MHz
129 / 5645MHz
130 / 5650MHz
131 / 5655MHz
132 / 5660MHz
133 / 5665MHz
134 / 5670MHz
135 / 5675MHz
136 / 5680MHz
137 / 5685MHz
138 / 5690MHz
139 / 5695MHz
140 / 5700MHz
141 / 5705MHz
142 / 5710MHz
143 / 5715MHz
144 / 5720MHz
145 / 5725MHz
146 / 5730MHz
147 / 5735MHz
148 / 5740MHz
149 / 5745MHz
150 / 5750MHz
151 / 5755MHz
152 / 5760MHz
153 / 5765MHz
154 / 5770MHz
155 / 5775MHz
156 / 5780MHz
157 / 5785MHz
158 / 5790MHz
159 / 5795MHz
160 / 5800MHz
161 / 5805MHz
162 / 5810MHz
163 / 5815MHz
164 / 5820MHz
165 / 5825MHz
166 / 5830MHz
167 / 5835MHz
168 / 5840MHz
169 / 5845MHz
170 / 5850MHz
171 / 5855MHz
172 / 5860MHz
173 / 5865MHz
174 / 5870MHz
175 / 5875MHz
Well, seems that for the moment we are better off using trusty 2,4 ghz dongles. For the moment the more reliable that I found in the TPlink w772n, cheap and super efficient, way more that the Alfa's that I own and no longer work, only I have an honorable mention to the awus036neh.
Is the TPlink T2UH working without conflicts?
BTW Is there any clean way of removing the installed driver from Aircrack or changing the version?
Is the TP-Link T2UH working without conflicts?
Unfortunately not:
https://github.com/openwrt/mt76/issues/2...-500999516
but it is on its way to be fixed and it is an official kernel driver on which work is in progress:
https://git.kernel.org/pub/scm/linux/ker...h=v5.2-rc7
Is there any clean way of removing the installed driver from Aircrack:
if installed via dkms: dkms-remove.sh (should work, but I'm not sure because I don't use dkms)
if inserted via insmod 88XXau.ko use rmmod 88XXau.ko (I prefer this way)
or changing the version?
change version can be done via git (git checkout)
$ git branch -a
* v5.2.20
remotes/origin/HEAD -> origin/v5.2.20
remotes/origin/master
remotes/origin/revert-325-MikeColes-dkms-install.sh-backticks
remotes/origin/v4.3.21
remotes/origin/v5.1.5
remotes/origin/v5.2.20
remotes/origin/v5.2.9
remotes/origin/v5.3.4
remotes/origin/v5.6.4
remotes/origin/v5.6.4.1
than switch branch:
git checkout v5.3.4
Hello ZerBea my new potfile does not work with hashcat
hashcat changed potfile format and out file format on 2500 and 16800. Both hashmodes now using the same potfile format and the same outfile format. For example:
hashcat -m 16800 --remove --potfile-path="hashcat.pmk.pot" -o hashcat.psk.out" hash.16800 wordlist
hashcat -m 2500 --remove --potfile-path="hashcat.pmk.pot" -o hashcat.psk.out" hash.hccapx wordlist
will give you the same output on both lists! Already recovered PSKs from hashmode 16800 are detected and not calculated again on hashmode 2500.
new potfile format:
PMK : ESSID(in HEX-ASCII) : PSK
new out file format:
MAC_AP : MAC : STA : ESSID : PSK
This was necessary because an EAPOL handshake and/or a PMKID is not unique for a WPA1, WPA2, WPA2 keyver 3 network, while a PMK is unique! Now we identify a network by the PMK! That keep the potfile small and we can remove allready cracked networks in a fast way.
Also you can run simple bash scripts to get/extract all the information from this files you need.
For example to get the PSK from a potfile:
cat hashcat.pmk.pot | awk 'BEGIN { FS = ":" } ; { print $NF }' >> wordlist
the same script works on the outfile
cat hashcat.psk.out | awk 'BEGIN { FS = ":" } ; { print $NF }' >> wordlist
or to get the PMKs:
cut -c -64 hashcat.pmk.pot >> pmklist
I recommend to use the same potfile/outfile for 2500 and 16800. Do not use this files on other hashmodes! I use this methods to clean my data base, because it is extrem fast on big hash lists:
$ hcxcleanpmkiddb
hashcat (v5.1.0-1186-g07915692) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PMK
Hash.Target......: archiv.16800
Time.Started.....: Tue Jul 9 09:32:32 2019 (46 secs)
Time.Estimated...: Tue Jul 9 09:33:18 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........: 180.8 MH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
Recovered........: 63430/64658 (98.10%) Digests, 61923/63151 (98.06%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:83134,4988093,119714233 (Min,Hour,Day)
Progress.........: 8217460724
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:63150 Amplifier:0-1 Iteration:0-1
Candidates.#1....: removed -> removed
Hardware.Mon.#1..: Temp: 62c Fan: 44% Util: 67% Core:1885MHz Mem:5005MHz Bus:16
Started: Tue Jul 9 09:32:30 2019
Stopped: Tue Jul 9 09:33:18 2019
$ hcxcleaneapoldb
hashcat (v5.1.0-1186-g07915692) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PMK
Hash.Target......: archiv.hccapx
Time.Started.....: Tue Jul 9 09:36:32 2019 (16 mins, 21 secs)
Time.Estimated...: Tue Jul 9 09:52:53 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........: 12806.0 kH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
Recovered........: 239521/245611 (97.52%) Digests, 88814/92027 (96.51%) Salts
Recovered/Time...: CUR:15113,N/A,N/A AVG:14642,878549,21085176 (Min,Hour,Day)
Progress.........: 11979338644
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:92026 Amplifier:0-1 Iteration:0-1
Candidates.#1....: removed -> removed
Hardware.Mon.#1..: Temp: 73c Fan: 57% Util: 88% Core:1860MHz Mem:5005MHz Bus:16
Started: Tue Jul 9 09:36:29 2019
Stopped: Tue Jul 9 09:52:54 2019
WPA-EAPOL-PMK took a little bit more time, because I'm running a high nonce error correction!
potfile and outfile working like expected.
(07-09-2019, 09:08 AM)ZerBea Wrote: [ -> ]hashcat changed potfile format and out file format on 2500 and 16800. Both hashmodes now using the same potfile format and the same outfile format. For example:
hashcat -m 16800 --remove --potfile-path="hashcat.pmk.pot" -o hashcat.psk.out" hash.16800 wordlist
hashcat -m 2500 --remove --potfile-path="hashcat.pmk.pot" -o hashcat.psk.out" hash.hccapx wordlist
will give you the same output on both lists! Already recovered PSKs from hashmode 16800 are detected and not calculated again on hashmode 2500.
new potfile format:
PMK : ESSID(in HEX-ASCII) : PSK
new out file format:
MAC_AP : MAC : STA : ESSID : PSK
This was necessary because an EAPOL handshake and/or a PMKID is not unique for a WPA1, WPA2, WPA2 keyver 3 network, while a PMK is unique! Now we identify a network on the PMK! That keep the potfile small and we can remove allready cracked networks in a fast way.
Also you can run simple bash scripts to get/extract all the information from this files you need.
For example to get the PSK from a potfile:
cat hashcat.pmk.pot | awk 'BEGIN { FS = ":" } ; { print $NF }' >> wordlist
the same script works on the outfile
cat hashcat.psk.out | awk 'BEGIN { FS = ":" } ; { print $NF }' >> wordlist
or to get the PMKs:
cut -c -64 hashcat.pmk.pot >> pmklist
I recommend to use the same potfile/outfile for 2500 and 16800. Do not use this files on other hashmodes! I use this methods to clean my data base, because it is extrem fast on big hash lists:
$ hcxcleanpmkiddb
hashcat (v5.1.0-1186-g07915692) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PMK
Hash.Target......: archiv.16800
Time.Started.....: Tue Jul 9 09:32:32 2019 (46 secs)
Time.Estimated...: Tue Jul 9 09:33:18 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........: 180.8 MH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
Recovered........: 63430/64658 (98.10%) Digests, 61923/63151 (98.06%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:83134,4988093,119714233 (Min,Hour,Day)
Progress.........: 8217460724
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:63150 Amplifier:0-1 Iteration:0-1
Candidates.#1....: removed -> removed
Hardware.Mon.#1..: Temp: 62c Fan: 44% Util: 67% Core:1885MHz Mem:5005MHz Bus:16
Started: Tue Jul 9 09:32:30 2019
Stopped: Tue Jul 9 09:33:18 2019
$ hcxcleaneapoldb
hashcat (v5.1.0-1186-g07915692) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PMK
Hash.Target......: archiv.hccapx
Time.Started.....: Tue Jul 9 09:36:32 2019 (16 mins, 21 secs)
Time.Estimated...: Tue Jul 9 09:52:53 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........: 12806.0 kH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
Recovered........: 239521/245611 (97.52%) Digests, 88814/92027 (96.51%) Salts
Recovered/Time...: CUR:15113,N/A,N/A AVG:14642,878549,21085176 (Min,Hour,Day)
Progress.........: 11979338644
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:92026 Amplifier:0-1 Iteration:0-1
Candidates.#1....: removed -> removed
Hardware.Mon.#1..: Temp: 73c Fan: 57% Util: 88% Core:1860MHz Mem:5005MHz Bus:16
Started: Tue Jul 9 09:36:29 2019
Stopped: Tue Jul 9 09:52:54 2019
WPA-EAPOL-PMK took a little bit more time, because I'm running a high nonce error correction!
potfile and outfile working like expected.
Perfect, very clear. Please, can you give me hcxcleanpmkiddb and hcxcleaneapoldb
Thank you
And another, good reason for HEX-ESSID is:
123456789abcdef0123456789abcdef01:112233445566:aabbccddeeff:5072696d656e6574
vs.
123456789abcdef0123456789abcdef01:112233445566:aabbccddeeff
rimenet
if you like to post the hash in a forum.
(07-09-2019, 05:23 PM)ZerBea Wrote: [ -> ]And another, good reason for HEX-ESSID is:
123456789abcdef0123456789abcdef01:112233445566:aabbccddeeff:5072696d656e6574
vs.
123456789abcdef0123456789abcdef01:112233445566:aabbccddeeffrimenet
if you like to post the hash in a forum.
I lost, I do not understand