Closed adrastee closed 4 years ago
That is very, very difficult: https://stackoverflow.com/questions/15165306/compile-a-static-binary-which-code-there-a-function-gethostbyname You must remove the whole server/client code - than it may(!) work.
BTW: The same applies to the crypto stuff, too.
Thanks. I was able to statically compile hcxpcaptool v5.1.6. But not the latest one (v5.3.0) Any hints why? network functions?
massive network and crypto inside.
Ok. So.. no way to manage a static compilation?
I don't see a chance - glibc sets the rules!
We have several dependencies: openssl, zlib and some glibc networking for wlancap2wpasec. First two should be OK for static compilation and wlancap2wpasec can be skipped for static compilation with Makefile flag. There is also #106 , which will require more work though.
Forgot curl, but anyways. BTW, from zlib we're using only decompression, so it may be useful to include only minimal decompress code like this: https://liblzg.bitsnbites.eu/ or this: https://github.com/pfalcon/uzlib . This a bit over engineering and may get us to obscure errors/performance issues.
Understood. I'm mainly interested in hcxpcapngtool. Is my best option to use python tool https://github.com/s77rt/multicapconverter ? Hoping it is as well coded as hcxpcapngtool :D
Well, you can always compare the results and submit bugs upstream ;)
multicapconverter is a good and portable alternative. It is coded well (we share knowledge), but provides less functions (BTW: hcxpcapngtool is still missing many functions, too - netNTLMv1, MD5 challenge, TACACS+ - I'll add them step by step, before I'm going to remove deprecated hcxtools). If the migration to hash mode 22000 finished (that is a lot of work to do), I'll put put focus on EAP.
BTW: The crypto stuff inside of hcxdumptool, hcxpcapngtool and hcxhashtool is the first step into EAP direction.
Ok ! I have already found something, don't know if it"s a bug, don't know if it's multicapconverter or hcxpcapngtool. Using both tools at latest version as of Jan 7 2020 https://pastebin.com/n0qEnLWy TL;DR: hcxpcapngtool find a WPA*02 while multicapconverter find nothing because it considers that the packet is unauthenticated. How does hcxpcapngtool handle unauthenticated packet?
Good investigation. I'm interested in that cap file. Can you please attach it, to perform an analysis?
Handling of handshakes and PMKIDs depend on the selected options: examples: $ hcxpcapngtool -o test.22000 in.pcapng convert the best handshake with lowest EAPOL TIME, matching RC, valid AKM, valid cypher suite) once for every MAC_AP(MAC_STA/ESSID combination. We do not take care about message pair (authenticated not authenticated)
$ hcxpcapngtool --do-not-clean -o test.22000 in.pcapng convert the all(!) handshakes with low EAPOL TIME, matching RC, valid AKM, valid cypher suite) once for every MAC_AP(MAC_STA/ESSID combination. We do not take care about message pair (authenticated not authenticated)
$ hcxpcapngtool -ignore-ie -o test.22000 in.pcapng convert the best handshake with lowest EAPOL TIME, matching RC) once for every MAC_AP(MAC_STA/ESSID combination. We do not take care about message pair (authenticated not authenticated)
$ hcxpcapngtool --nonce-error-corrections=8 -o test.22000 in.pcapng convert the best handshake with lowest EAPOL TIME, RC GAP +/- 8, valid AKM, valid cypher suite) once for every MAC_AP(MAC_STA/ESSID combination. We do not take care about message pair (authenticated not authenticated)
$ hcxpcapngtool --max-essids=2 -o test.22000 in.pcapng convert the best handshake with lowest EAPOL TIME, matching RC, valid AKM, valid cypher suite) once for every MAC_AP(MAC_STA/ESSID combination. Allow one ESSID change in case of user defined ESSID change during capture time and/or damaged ESSID). We do not take care about message pair (authenticated not authenticated)
All options can be cascaded!
The more option - hcxpcapngtool will become more "non-restrict". It will convert more hashes, but some/many/lots of them are not recover able (like an E-function). But some of them are recover able due to nonce error corrections of hashcat. hcxpcangtool will tell hascat that, using the message pair field and hashcat activate/deactive NC.
multicapconverter now about this and will take correct MP, too.
BTW: Contrary to the other tools, hcxdumptool/hcxtools is not interested to to distinguish between not authenticated (M1M2) and authenticated (M1M4, M2M3, M4M4) message pairs. I have good reasons for that.
I've just sent the cap file on your email. Thanks for the details. Will try.
Hi Zerbea, Are you able to help me in compiling hcxtools statically ? Or provide static binaries ? I cannot install librairies on the server I want to use, so I cannot install some dependencies like libcrypto. Thanks a lot.
I edit the Makefile to add "-static" at the end of this line:
CFLAGS ?= -O3 -Wall -Wextra -static
But I have this error on Ubuntu 18: https://pastebin.com/Dngzd87R