server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon hashtopolis

Nonce-error-corrections value as an attribute of hashlist for WPA hashes (2500, 22000)

Open TevPalver opened this issue 4 years ago • 3 comments

New feature: Set nonce-error-corrections (NC) value on "New hashlist" page for WPA hashes (2500, 22000 hashtypes).

At present, this value can be set only in task line or in extra parameters field for a client (hashcat: --nonce-error-corrections=value). But in case of many preconfigured tasks and many clients you have to change this value for every task or every client in case of new WPA hash with new suggested NC value. It's more convenient to make this value as an attribute for a particular WPA hash (2500, 22000). In case of creating a superhashlist of WPA hashes - NC value should be the maximum NC among the included WPA hashes.

TevPalver avatar Nov 23 '20 17:11 TevPalver

I have some small questions to clarify:

  • Which exact hash modes all would be affected by this? Only 2500 and 22000, or more?
  • Based on the last statement, I assume it's just a number, correct?

s3inlc avatar Dec 22 '20 13:12 s3inlc

It looks like it's based on this post: https://hashcat.net/forum/thread-6361.html

The recommended is --nonce-error-corrections=16

cyrus104 avatar Dec 30 '20 03:12 cyrus104

Using nonce-error-corrections it is possible to compensate an EAPOL M1 or M3 packet loss during capturing and to calculate a valid M1M2 or M2M3, or M3M4 or M1M4) message pair. from which the PSK can be recovered. Usually the conversion program will detect this by comparing the ANONCE of at least two M1 or M3 messages. If NC is possible, it will add this information to the hccapx struct or append it to a 22000 hash line using the MESSAGE PAIR FIELD. Now hashcat is able to compensate this packet loss, too.

A state of the art attack tool should detect packet loss and request the missing frame. A state of the art conversion tool should detect packet loss and inform hashcat via message pair field about that: https://github.com/hashcat/hashcat/issues/1816#issuecomment-567357767

Please note: Not all conversion programs will do this. A passive dump tool is not able to request missing packets. In both cases hashcat will use the default value. A user can override this by nonce-error-correction option.

ZerBea avatar Feb 22 '21 16:02 ZerBea