Mike

@greencatcommunity hccapx (binary format, old mode 2500) is deprecated and should not be used any longer. It has been replaced by the new format 22000 (ASCII). Specification is here (Working...

The formulas to recover the PSK: PBKDF2 (the same as on WPA1, WPA2 and WPA2 key version 3): `PMK[256] = PBKDF2(PSK, SSID, SSID-length, 4096).` get PMK-R0: ``` PMK-R0 = R0-Key-Data...

RxKH-ID field can be up to 48 bytes: https://mentor.ieee.org/802.11/dcn/07/11-07-0126-01-000r-variable-length-r0kh-id.doc

Calculation of the MIC is similar to WPA2 key version 3 (AES-128-CMAC) More information is here: https://www.cwnp.com/uploads/802-11_rsn_ft.pdf

Interesting case, because I have no idea what's going on, yet. We take the hash from Yesterday: ``` $ hcxpmktool -l WPA*02*039e9239445d7895309a3b92118d9a2f*482cd00afa2c*dc5360ad926f*4c6576692042792047656f726765*aedd076acec4b077786a3eea7d0ec51a6d0f8377d285ca10e3f8a38bd8170b16*0103008702010a000000000000000000015ac167d0bbbdcf3d23eff8d9ef3c532d8fe5e7f2f217a62f1da3e270d268888c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002830260100000fac040100000fac040100000fac023c00010000000000000000000000000000000000*02 -p 12345678 HASH FORMAT.: EAPOL (WPA*02) ESSID.......: Levi...

I'll contact Atom (hashcat) to figure out, what went wrong. My suspect is the hash line calculated by hcxpcapngtool - but I'm not sure without analyzing the dump file.

I got it! The difference between hashcat and hcxpmktool and hashcat is that hashcat is doing NONCE ERROR CORRECTIONS (NC) https://hashcat.net/forum/thread-6361.html hcxpcapngtool converted the MESSAGEPAIR to hashcat, but due to...