Hashcat capture file (old version): C# parsing library

Native format of Hashcat password "recovery" utility.

A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap

Application

["Hashcat", "aircrack-ng"]

File extension

hccap

KS implementation details

License: Unlicense

This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Usage

Parse a local file and get structure in memory:

var data = Hccap.FromFile("path/to/local/file.hccap");

Or parse structure from a byte array:

byte[] someArray = new byte[] { ... };
var data = new Hccap(new KaitaiStream(someArray));

After that, one can get various attributes from the structure by accessing properties like:

data.Records // => get records

C# source code to parse Hashcat capture file (old version)

Hccap.cs

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

using System.Collections.Generic;

namespace Kaitai
{

    /// <summary>
    /// Native format of Hashcat password &quot;recovery&quot; utility.
    /// 
    /// A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
    /// </summary>
    /// <remarks>
    /// Reference: <a href="https://hashcat.net/wiki/doku.php?id=hccap">Source</a>
    /// </remarks>
    public partial class Hccap : KaitaiStruct
    {
        public static Hccap FromFile(string fileName)
        {
            return new Hccap(new KaitaiStream(fileName));
        }

        public Hccap(KaitaiStream p__io, KaitaiStruct p__parent = null, Hccap p__root = null) : base(p__io)
        {
            m_parent = p__parent;
            m_root = p__root ?? this;
            _read();
        }
        private void _read()
        {
            _records = new List<HccapRecord>();
            {
                var i = 0;
                while (!m_io.IsEof) {
                    _records.Add(new HccapRecord(m_io, this, m_root));
                    i++;
                }
            }
        }
        public partial class HccapRecord : KaitaiStruct
        {
            public static HccapRecord FromFile(string fileName)
            {
                return new HccapRecord(new KaitaiStream(fileName));
            }

            public HccapRecord(KaitaiStream p__io, Hccap p__parent = null, Hccap p__root = null) : base(p__io)
            {
                m_parent = p__parent;
                m_root = p__root;
                f_eapol = false;
                _read();
            }
            private void _read()
            {
                _essid = m_io.ReadBytes(36);
                _macAp = m_io.ReadBytes(6);
                _macStation = m_io.ReadBytes(6);
                _nonceStation = m_io.ReadBytes(32);
                _nonceAp = m_io.ReadBytes(32);
                __raw_eapolBuffer = m_io.ReadBytes(256);
                var io___raw_eapolBuffer = new KaitaiStream(__raw_eapolBuffer);
                _eapolBuffer = new EapolDummy(io___raw_eapolBuffer, this, m_root);
                _lenEapol = m_io.ReadU4le();
                _keyver = m_io.ReadU4le();
                _keymic = m_io.ReadBytes(16);
            }
            private bool f_eapol;
            private byte[] _eapol;
            public byte[] Eapol
            {
                get
                {
                    if (f_eapol)
                        return _eapol;
                    KaitaiStream io = EapolBuffer.M_Io;
                    long _pos = io.Pos;
                    io.Seek(0);
                    _eapol = io.ReadBytes(LenEapol);
                    io.Seek(_pos);
                    f_eapol = true;
                    return _eapol;
                }
            }
            private byte[] _essid;
            private byte[] _macAp;
            private byte[] _macStation;
            private byte[] _nonceStation;
            private byte[] _nonceAp;
            private EapolDummy _eapolBuffer;
            private uint _lenEapol;
            private uint _keyver;
            private byte[] _keymic;
            private Hccap m_root;
            private Hccap m_parent;
            private byte[] __raw_eapolBuffer;
            public byte[] Essid { get { return _essid; } }

            /// <summary>
            /// The BSSID (MAC address) of the access point
            /// </summary>
            public byte[] MacAp { get { return _macAp; } }

            /// <summary>
            /// The MAC address of a client connecting to the access point
            /// </summary>
            public byte[] MacStation { get { return _macStation; } }

            /// <summary>
            /// Nonce (random salt) generated by the client connecting to the access point.
            /// </summary>
            public byte[] NonceStation { get { return _nonceStation; } }

            /// <summary>
            /// Nonce (random salt) generated by the access point.
            /// </summary>
            public byte[] NonceAp { get { return _nonceAp; } }

            /// <summary>
            /// Buffer for EAPOL data, only first `len_eapol` bytes are used
            /// </summary>
            public EapolDummy EapolBuffer { get { return _eapolBuffer; } }

            /// <summary>
            /// Size of EAPOL data
            /// </summary>
            public uint LenEapol { get { return _lenEapol; } }

            /// <summary>
            /// The flag used to distinguish WPA from WPA2 ciphers. Value of
            /// 1 means WPA, other - WPA2.
            /// </summary>
            public uint Keyver { get { return _keyver; } }

            /// <summary>
            /// The final hash value. MD5 for WPA and SHA-1 for WPA2
            /// (truncated to 128 bit).
            /// </summary>
            public byte[] Keymic { get { return _keymic; } }
            public Hccap M_Root { get { return m_root; } }
            public Hccap M_Parent { get { return m_parent; } }
            public byte[] M_RawEapolBuffer { get { return __raw_eapolBuffer; } }
        }
        public partial class EapolDummy : KaitaiStruct
        {
            public static EapolDummy FromFile(string fileName)
            {
                return new EapolDummy(new KaitaiStream(fileName));
            }

            public EapolDummy(KaitaiStream p__io, Hccap.HccapRecord p__parent = null, Hccap p__root = null) : base(p__io)
            {
                m_parent = p__parent;
                m_root = p__root;
                _read();
            }
            private void _read()
            {
            }
            private Hccap m_root;
            private Hccap.HccapRecord m_parent;
            public Hccap M_Root { get { return m_root; } }
            public Hccap.HccapRecord M_Parent { get { return m_parent; } }
        }
        private List<HccapRecord> _records;
        private Hccap m_root;
        private KaitaiStruct m_parent;
        public List<HccapRecord> Records { get { return _records; } }
        public Hccap M_Root { get { return m_root; } }
        public KaitaiStruct M_Parent { get { return m_parent; } }
    }
}