Hashcat capture file (old version): JavaScript parsing library

Native format of Hashcat password "recovery" utility.

A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap

Application

["Hashcat", "aircrack-ng"]

File extension

hccap

KS implementation details

License: Unlicense

This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Usage

See the usage examples in the JavaScript notes.

Parse structure from an ArrayBuffer:

var arrayBuffer = ...;
var data = new Hccap(new KaitaiStream(arrayBuffer));

After that, one can get various attributes from the structure by accessing fields or properties like:

data.records // => get records

JavaScript source code to parse Hashcat capture file (old version)

Hccap.js

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

(function (root, factory) {
  if (typeof define === 'function' && define.amd) {
    define(['kaitai-struct/KaitaiStream'], factory);
  } else if (typeof module === 'object' && module.exports) {
    module.exports = factory(require('kaitai-struct/KaitaiStream'));
  } else {
    root.Hccap = factory(root.KaitaiStream);
  }
}(this, function (KaitaiStream) {
/**
 * Native format of Hashcat password "recovery" utility.
 * 
 * A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
 * @see {@link https://hashcat.net/wiki/doku.php?id=hccap|Source}
 */

var Hccap = (function() {
  function Hccap(_io, _parent, _root) {
    this._io = _io;
    this._parent = _parent;
    this._root = _root || this;

    this._read();
  }
  Hccap.prototype._read = function() {
    this.records = [];
    var i = 0;
    while (!this._io.isEof()) {
      this.records.push(new HccapRecord(this._io, this, this._root));
      i++;
    }
  }

  var HccapRecord = Hccap.HccapRecord = (function() {
    function HccapRecord(_io, _parent, _root) {
      this._io = _io;
      this._parent = _parent;
      this._root = _root || this;

      this._read();
    }
    HccapRecord.prototype._read = function() {
      this.essid = this._io.readBytes(36);
      this.macAp = this._io.readBytes(6);
      this.macStation = this._io.readBytes(6);
      this.nonceStation = this._io.readBytes(32);
      this.nonceAp = this._io.readBytes(32);
      this._raw_eapolBuffer = this._io.readBytes(256);
      var _io__raw_eapolBuffer = new KaitaiStream(this._raw_eapolBuffer);
      this.eapolBuffer = new EapolDummy(_io__raw_eapolBuffer, this, this._root);
      this.lenEapol = this._io.readU4le();
      this.keyver = this._io.readU4le();
      this.keymic = this._io.readBytes(16);
    }
    Object.defineProperty(HccapRecord.prototype, 'eapol', {
      get: function() {
        if (this._m_eapol !== undefined)
          return this._m_eapol;
        var io = this.eapolBuffer._io;
        var _pos = io.pos;
        io.seek(0);
        this._m_eapol = io.readBytes(this.lenEapol);
        io.seek(_pos);
        return this._m_eapol;
      }
    });

    /**
     * The BSSID (MAC address) of the access point
     */

    /**
     * The MAC address of a client connecting to the access point
     */

    /**
     * Nonce (random salt) generated by the client connecting to the access point.
     */

    /**
     * Nonce (random salt) generated by the access point.
     */

    /**
     * Buffer for EAPOL data, only first `len_eapol` bytes are used
     */

    /**
     * Size of EAPOL data
     */

    /**
     * The flag used to distinguish WPA from WPA2 ciphers. Value of
     * 1 means WPA, other - WPA2.
     */

    /**
     * The final hash value. MD5 for WPA and SHA-1 for WPA2
     * (truncated to 128 bit).
     */

    return HccapRecord;
  })();

  var EapolDummy = Hccap.EapolDummy = (function() {
    function EapolDummy(_io, _parent, _root) {
      this._io = _io;
      this._parent = _parent;
      this._root = _root || this;

      this._read();
    }
    EapolDummy.prototype._read = function() {
    }

    return EapolDummy;
  })();

  return Hccap;
})();
return Hccap;
}));