Native format of Hashcat password "recovery" utility.
A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
All parsing code for C++11/STL generated by Kaitai Struct depends on the C++/STL runtime library. You have to install it before you can parse data.
For C++, the easiest way is to clone the runtime library sources and build them along with your project.
Using Kaitai Struct in C++/STL usually consists of 3 steps.
std::istream
). One can open local file for that, or use existing std::string
or char*
buffer.
#include <fstream>
std::ifstream is("path/to/local/file.hccap", std::ifstream::binary);
#include <sstream>
std::istringstream is(str);
#include <sstream>
const char buf[] = { ... };
std::string str(buf, sizeof buf);
std::istringstream is(str);
#include "kaitai/kaitaistream.h"
kaitai::kstream ks(&is);
hccap_t data(&ks);
After that, one can get various attributes from the structure by invoking getter methods like:
data.records() // => get records
#pragma once
// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
#include "kaitai/kaitaistruct.h"
#include <stdint.h>
#include <memory>
#include <vector>
#if KAITAI_STRUCT_VERSION < 9000L
#error "Incompatible Kaitai Struct C++/STL API: version 0.9 or later is required"
#endif
/**
* Native format of Hashcat password "recovery" utility.
*
* A sample of file for testing can be downloaded from
* <https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap>
* \sa https://hashcat.net/wiki/doku.php?id=hccap Source
*/
class hccap_t : public kaitai::kstruct {
public:
class hccap_record_t;
class eapol_dummy_t;
hccap_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent = nullptr, hccap_t* p__root = nullptr);
private:
void _read();
void _clean_up();
public:
~hccap_t();
class hccap_record_t : public kaitai::kstruct {
public:
hccap_record_t(kaitai::kstream* p__io, hccap_t* p__parent = nullptr, hccap_t* p__root = nullptr);
private:
void _read();
void _clean_up();
public:
~hccap_record_t();
private:
bool f_eapol;
std::string m_eapol;
public:
std::string eapol();
private:
std::string m_essid;
std::string m_mac_ap;
std::string m_mac_station;
std::string m_nonce_station;
std::string m_nonce_ap;
std::unique_ptr<eapol_dummy_t> m_eapol_buffer;
uint32_t m_len_eapol;
uint32_t m_keyver;
std::string m_keymic;
hccap_t* m__root;
hccap_t* m__parent;
std::string m__raw_eapol_buffer;
std::unique_ptr<kaitai::kstream> m__io__raw_eapol_buffer;
public:
std::string essid() const { return m_essid; }
/**
* The BSSID (MAC address) of the access point
*/
std::string mac_ap() const { return m_mac_ap; }
/**
* The MAC address of a client connecting to the access point
*/
std::string mac_station() const { return m_mac_station; }
/**
* Nonce (random salt) generated by the client connecting to the access point.
*/
std::string nonce_station() const { return m_nonce_station; }
/**
* Nonce (random salt) generated by the access point.
*/
std::string nonce_ap() const { return m_nonce_ap; }
/**
* Buffer for EAPOL data, only first `len_eapol` bytes are used
*/
eapol_dummy_t* eapol_buffer() const { return m_eapol_buffer.get(); }
/**
* Size of EAPOL data
*/
uint32_t len_eapol() const { return m_len_eapol; }
/**
* The flag used to distinguish WPA from WPA2 ciphers. Value of
* 1 means WPA, other - WPA2.
*/
uint32_t keyver() const { return m_keyver; }
/**
* The final hash value. MD5 for WPA and SHA-1 for WPA2
* (truncated to 128 bit).
*/
std::string keymic() const { return m_keymic; }
hccap_t* _root() const { return m__root; }
hccap_t* _parent() const { return m__parent; }
std::string _raw_eapol_buffer() const { return m__raw_eapol_buffer; }
kaitai::kstream* _io__raw_eapol_buffer() const { return m__io__raw_eapol_buffer.get(); }
};
class eapol_dummy_t : public kaitai::kstruct {
public:
eapol_dummy_t(kaitai::kstream* p__io, hccap_t::hccap_record_t* p__parent = nullptr, hccap_t* p__root = nullptr);
private:
void _read();
void _clean_up();
public:
~eapol_dummy_t();
private:
hccap_t* m__root;
hccap_t::hccap_record_t* m__parent;
public:
hccap_t* _root() const { return m__root; }
hccap_t::hccap_record_t* _parent() const { return m__parent; }
};
private:
std::unique_ptr<std::vector<std::unique_ptr<hccap_record_t>>> m_records;
hccap_t* m__root;
kaitai::kstruct* m__parent;
public:
std::vector<std::unique_ptr<hccap_record_t>>* records() const { return m_records.get(); }
hccap_t* _root() const { return m__root; }
kaitai::kstruct* _parent() const { return m__parent; }
};
// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
#include "hccap.h"
hccap_t::hccap_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent, hccap_t* p__root) : kaitai::kstruct(p__io) {
m__parent = p__parent;
m__root = this;
m_records = nullptr;
_read();
}
void hccap_t::_read() {
m_records = std::unique_ptr<std::vector<std::unique_ptr<hccap_record_t>>>(new std::vector<std::unique_ptr<hccap_record_t>>());
{
int i = 0;
while (!m__io->is_eof()) {
m_records->push_back(std::move(std::unique_ptr<hccap_record_t>(new hccap_record_t(m__io, this, m__root))));
i++;
}
}
}
hccap_t::~hccap_t() {
_clean_up();
}
void hccap_t::_clean_up() {
}
hccap_t::hccap_record_t::hccap_record_t(kaitai::kstream* p__io, hccap_t* p__parent, hccap_t* p__root) : kaitai::kstruct(p__io) {
m__parent = p__parent;
m__root = p__root;
m_eapol_buffer = nullptr;
m__io__raw_eapol_buffer = nullptr;
f_eapol = false;
_read();
}
void hccap_t::hccap_record_t::_read() {
m_essid = m__io->read_bytes(36);
m_mac_ap = m__io->read_bytes(6);
m_mac_station = m__io->read_bytes(6);
m_nonce_station = m__io->read_bytes(32);
m_nonce_ap = m__io->read_bytes(32);
m__raw_eapol_buffer = m__io->read_bytes(256);
m__io__raw_eapol_buffer = std::unique_ptr<kaitai::kstream>(new kaitai::kstream(m__raw_eapol_buffer));
m_eapol_buffer = std::unique_ptr<eapol_dummy_t>(new eapol_dummy_t(m__io__raw_eapol_buffer.get(), this, m__root));
m_len_eapol = m__io->read_u4le();
m_keyver = m__io->read_u4le();
m_keymic = m__io->read_bytes(16);
}
hccap_t::hccap_record_t::~hccap_record_t() {
_clean_up();
}
void hccap_t::hccap_record_t::_clean_up() {
if (f_eapol) {
}
}
std::string hccap_t::hccap_record_t::eapol() {
if (f_eapol)
return m_eapol;
kaitai::kstream *io = eapol_buffer()->_io();
std::streampos _pos = io->pos();
io->seek(0);
m_eapol = io->read_bytes(len_eapol());
io->seek(_pos);
f_eapol = true;
return m_eapol;
}
hccap_t::eapol_dummy_t::eapol_dummy_t(kaitai::kstream* p__io, hccap_t::hccap_record_t* p__parent, hccap_t* p__root) : kaitai::kstruct(p__io) {
m__parent = p__parent;
m__root = p__root;
_read();
}
void hccap_t::eapol_dummy_t::_read() {
}
hccap_t::eapol_dummy_t::~eapol_dummy_t() {
_clean_up();
}
void hccap_t::eapol_dummy_t::_clean_up() {
}