Mike
Mike
I changed the head line, because it is more a feature request than a bug. Now I test if we can add at least NC = 8. The impact is...
Adding NC will take awhile. The entire tools must be refactored.
No, that is not necessary, because I know what's going on: packet loss during capturing hcxpcapngtool converted the hash and detected MESSAGEPAIR CONDITION a0 (bin: 10100000 = nonce-error-corrections mandatory) In...
Thanks for the information. Now we know that hcxdumptool and hcxpcapngtool are working as expected. We gt a hash and hashcat was able to recover the PSK (with NC). hcxpmktool...
Doing NC is a little bit tricky (on CPU), because we need several load balancers: PBKDF2 load balancer MD5 load balancer (WPA1) SHA1 load balancer (WPA2) SHA256 load balancer (WPA2...
As of today all hcxtools only detect if NC is possible and hcxdumptool give a suggestion about the value. This is done by comparing different EAPOL M1 and/or EAPOL M3...
BTW: I'm still undecided to add NC to hcxpmktool, because this tool is not a cracking tool. Hashcat and JtR can do this a hundred thousand better and faster. The...
To decrypt WPA it is mandatory to calculate a PTK that is exactly part of the same AUTHENTICATION sequence (session) as the 4way handshake. A matching MESSAGE PAIR that is...
Some information about NC: NC is implemented to hashcat to possible compensate a packet loss during capturing a 4way handshake. However, this should not be the norm under any circumstances!...
Take a look at this example: A dump file contain one M1 MESSAGE, one M2 MESSAGE and one M1 MESSAGE ``` 1 M1 30c5c31418a16285142b50ad7a92ea48adb9491848c7231ee70f9c3c1e1c7870 2 M2 c86506005b8970ff7604348c818e262d3fa54ccb030a087f6d07397443f2e1ff 3 M1 30c5c31418a16285142b50ad7a92ea48adb9491848c7231ee70f9c3c1e1c7878...