Hashcat capture file (old version): C++/STL parsing library

Native format of Hashcat password "recovery" utility.

A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap

Application

["Hashcat", "aircrack-ng"]

File extension

hccap

KS implementation details

License: Unlicense

This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Usage

Using Kaitai Struct in C++/STL usually consists of 3 steps.

  1. We need to create an STL input stream (std::istream). One can open local file for that, or use existing std::string or char* buffer.
    #include <fstream>
    
    std::ifstream is("path/to/local/file.hccap", std::ifstream::binary);
    #include <sstream>
    
    std::istringstream is(str);
    #include <sstream>
    
    const char buf[] = { ... };
    std::string str(buf, sizeof buf);
    std::istringstream is(str);
  2. We need to wrap our input stream into Kaitai stream:
    #include <kaitai/kaitaistream.h>
    
    kaitai::kstream ks(&is);
  3. And finally, we can invoke the parsing:
    hccap_t data(&ks);

After that, one can get various attributes from the structure by invoking getter methods like:

data.records() // => get records

C++/STL source code to parse Hashcat capture file (old version)

hccap.h

#ifndef HCCAP_H_
#define HCCAP_H_

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

#include "kaitai/kaitaistruct.h"

#include <stdint.h>
#include <vector>

#if KAITAI_STRUCT_VERSION < 7000L
#error "Incompatible Kaitai Struct C++/STL API: version 0.7 or later is required"
#endif

/**
 * Native format of Hashcat password "recovery" utility.
 * 
 * A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
 * \sa Source
 */

class hccap_t : public kaitai::kstruct {

public:
    class hccap_record_t;
    class eapol_dummy_t;

    hccap_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent = 0, hccap_t* p__root = 0);

private:
    void _read();

public:
    ~hccap_t();

    class hccap_record_t : public kaitai::kstruct {

    public:

        hccap_record_t(kaitai::kstream* p__io, hccap_t* p__parent = 0, hccap_t* p__root = 0);

    private:
        void _read();

    public:
        ~hccap_record_t();

    private:
        bool f_eapol;
        std::string m_eapol;

    public:
        std::string eapol();

    private:
        std::string m_essid;
        std::string m_mac_ap;
        std::string m_mac_station;
        std::string m_nonce_station;
        std::string m_nonce_ap;
        eapol_dummy_t* m_eapol_buffer;
        uint32_t m_len_eapol;
        uint32_t m_keyver;
        std::string m_keymic;
        hccap_t* m__root;
        hccap_t* m__parent;
        std::string m__raw_eapol_buffer;
        kaitai::kstream* m__io__raw_eapol_buffer;

    public:
        std::string essid() const { return m_essid; }

        /**
         * The BSSID (MAC address) of the access point
         */
        std::string mac_ap() const { return m_mac_ap; }

        /**
         * The MAC address of a client connecting to the access point
         */
        std::string mac_station() const { return m_mac_station; }

        /**
         * Nonce (random salt) generated by the client connecting to the access point.
         */
        std::string nonce_station() const { return m_nonce_station; }

        /**
         * Nonce (random salt) generated by the access point.
         */
        std::string nonce_ap() const { return m_nonce_ap; }

        /**
         * Buffer for EAPOL data, only first `len_eapol` bytes are used
         */
        eapol_dummy_t* eapol_buffer() const { return m_eapol_buffer; }

        /**
         * Size of EAPOL data
         */
        uint32_t len_eapol() const { return m_len_eapol; }

        /**
         * The flag used to distinguish WPA from WPA2 ciphers. Value of
         * 1 means WPA, other - WPA2.
         */
        uint32_t keyver() const { return m_keyver; }

        /**
         * The final hash value. MD5 for WPA and SHA-1 for WPA2
         * (truncated to 128 bit).
         */
        std::string keymic() const { return m_keymic; }
        hccap_t* _root() const { return m__root; }
        hccap_t* _parent() const { return m__parent; }
        std::string _raw_eapol_buffer() const { return m__raw_eapol_buffer; }
        kaitai::kstream* _io__raw_eapol_buffer() const { return m__io__raw_eapol_buffer; }
    };

    class eapol_dummy_t : public kaitai::kstruct {

    public:

        eapol_dummy_t(kaitai::kstream* p__io, hccap_t::hccap_record_t* p__parent = 0, hccap_t* p__root = 0);

    private:
        void _read();

    public:
        ~eapol_dummy_t();

    private:
        hccap_t* m__root;
        hccap_t::hccap_record_t* m__parent;

    public:
        hccap_t* _root() const { return m__root; }
        hccap_t::hccap_record_t* _parent() const { return m__parent; }
    };

private:
    std::vector<hccap_record_t*>* m_records;
    hccap_t* m__root;
    kaitai::kstruct* m__parent;

public:
    std::vector<hccap_record_t*>* records() const { return m_records; }
    hccap_t* _root() const { return m__root; }
    kaitai::kstruct* _parent() const { return m__parent; }
};

#endif  // HCCAP_H_

hccap.cpp

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

#include "hccap.h"



hccap_t::hccap_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent, hccap_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = this;
    _read();
}

void hccap_t::_read() {
    m_records = new std::vector<hccap_record_t*>();
    {
        int i = 0;
        while (!m__io->is_eof()) {
            m_records->push_back(new hccap_record_t(m__io, this, m__root));
            i++;
        }
    }
}

hccap_t::~hccap_t() {
    for (std::vector<hccap_record_t*>::iterator it = m_records->begin(); it != m_records->end(); ++it) {
        delete *it;
    }
    delete m_records;
}

hccap_t::hccap_record_t::hccap_record_t(kaitai::kstream* p__io, hccap_t* p__parent, hccap_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = p__root;
    f_eapol = false;
    _read();
}

void hccap_t::hccap_record_t::_read() {
    m_essid = m__io->read_bytes(36);
    m_mac_ap = m__io->read_bytes(6);
    m_mac_station = m__io->read_bytes(6);
    m_nonce_station = m__io->read_bytes(32);
    m_nonce_ap = m__io->read_bytes(32);
    m__raw_eapol_buffer = m__io->read_bytes(256);
    m__io__raw_eapol_buffer = new kaitai::kstream(m__raw_eapol_buffer);
    m_eapol_buffer = new eapol_dummy_t(m__io__raw_eapol_buffer, this, m__root);
    m_len_eapol = m__io->read_u4le();
    m_keyver = m__io->read_u4le();
    m_keymic = m__io->read_bytes(16);
}

hccap_t::hccap_record_t::~hccap_record_t() {
    delete m__io__raw_eapol_buffer;
    delete m_eapol_buffer;
    if (f_eapol) {
    }
}

std::string hccap_t::hccap_record_t::eapol() {
    if (f_eapol)
        return m_eapol;
    kaitai::kstream *io = eapol_buffer()->_io();
    std::streampos _pos = io->pos();
    io->seek(0);
    m_eapol = io->read_bytes(len_eapol());
    io->seek(_pos);
    f_eapol = true;
    return m_eapol;
}

hccap_t::eapol_dummy_t::eapol_dummy_t(kaitai::kstream* p__io, hccap_t::hccap_record_t* p__parent, hccap_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = p__root;
    _read();
}

void hccap_t::eapol_dummy_t::_read() {
}

hccap_t::eapol_dummy_t::~eapol_dummy_t() {
}