Hashcat capture file (old version): Go parsing library

Native format of Hashcat password "recovery" utility.

A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap

Application

["Hashcat", "aircrack-ng"]

File extension

hccap

KS implementation details

License: Unlicense

This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Go source code to parse Hashcat capture file (old version)

hccap.go

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

import (
	"github.com/kaitai-io/kaitai_struct_go_runtime/kaitai"
	"bytes"
	"io"
)


/**
 * Native format of Hashcat password "recovery" utility.
 * 
 * A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
 * @see <a href="https://hashcat.net/wiki/doku.php?id=hccap">Source</a>
 */
type Hccap struct {
	Records []*Hccap_HccapRecord
	_io *kaitai.Stream
	_root *Hccap
	_parent interface{}
}
func NewHccap() *Hccap {
	return &Hccap{
	}
}

func (this *Hccap) Read(io *kaitai.Stream, parent interface{}, root *Hccap) (err error) {
	this._io = io
	this._parent = parent
	this._root = root

	for i := 1;; i++ {
		tmp1, err := this._io.EOF()
		if err != nil {
			return err
		}
		if tmp1 {
			break
		}
		tmp2 := NewHccap_HccapRecord()
		err = tmp2.Read(this._io, this, this._root)
		if err != nil {
			return err
		}
		this.Records = append(this.Records, tmp2)
	}
	return err
}
type Hccap_HccapRecord struct {
	Essid []byte
	MacAp []byte
	MacStation []byte
	NonceStation []byte
	NonceAp []byte
	EapolBuffer *Hccap_EapolDummy
	LenEapol uint32
	Keyver uint32
	Keymic []byte
	_io *kaitai.Stream
	_root *Hccap
	_parent *Hccap
	_raw_EapolBuffer []byte
	_f_eapol bool
	eapol []byte
}
func NewHccap_HccapRecord() *Hccap_HccapRecord {
	return &Hccap_HccapRecord{
	}
}

func (this *Hccap_HccapRecord) Read(io *kaitai.Stream, parent *Hccap, root *Hccap) (err error) {
	this._io = io
	this._parent = parent
	this._root = root

	tmp3, err := this._io.ReadBytes(int(36))
	if err != nil {
		return err
	}
	tmp3 = tmp3
	this.Essid = tmp3
	tmp4, err := this._io.ReadBytes(int(6))
	if err != nil {
		return err
	}
	tmp4 = tmp4
	this.MacAp = tmp4
	tmp5, err := this._io.ReadBytes(int(6))
	if err != nil {
		return err
	}
	tmp5 = tmp5
	this.MacStation = tmp5
	tmp6, err := this._io.ReadBytes(int(32))
	if err != nil {
		return err
	}
	tmp6 = tmp6
	this.NonceStation = tmp6
	tmp7, err := this._io.ReadBytes(int(32))
	if err != nil {
		return err
	}
	tmp7 = tmp7
	this.NonceAp = tmp7
	tmp8, err := this._io.ReadBytes(int(256))
	if err != nil {
		return err
	}
	tmp8 = tmp8
	this._raw_EapolBuffer = tmp8
	_io__raw_EapolBuffer := kaitai.NewStream(bytes.NewReader(this._raw_EapolBuffer))
	tmp9 := NewHccap_EapolDummy()
	err = tmp9.Read(_io__raw_EapolBuffer, this, this._root)
	if err != nil {
		return err
	}
	this.EapolBuffer = tmp9
	tmp10, err := this._io.ReadU4le()
	if err != nil {
		return err
	}
	this.LenEapol = uint32(tmp10)
	tmp11, err := this._io.ReadU4le()
	if err != nil {
		return err
	}
	this.Keyver = uint32(tmp11)
	tmp12, err := this._io.ReadBytes(int(16))
	if err != nil {
		return err
	}
	tmp12 = tmp12
	this.Keymic = tmp12
	return err
}
func (this *Hccap_HccapRecord) Eapol() (v []byte, err error) {
	if (this._f_eapol) {
		return this.eapol, nil
	}
	thisIo := this.EapolBuffer._io
	_pos, err := thisIo.Pos()
	if err != nil {
		return nil, err
	}
	_, err = thisIo.Seek(int64(0), io.SeekStart)
	if err != nil {
		return nil, err
	}
	tmp13, err := thisIo.ReadBytes(int(this.LenEapol))
	if err != nil {
		return nil, err
	}
	tmp13 = tmp13
	this.eapol = tmp13
	_, err = thisIo.Seek(_pos, io.SeekStart)
	if err != nil {
		return nil, err
	}
	this._f_eapol = true
	this._f_eapol = true
	return this.eapol, nil
}

/**
 * The BSSID (MAC address) of the access point
 */

/**
 * The MAC address of a client connecting to the access point
 */

/**
 * Nonce (random salt) generated by the client connecting to the access point.
 */

/**
 * Nonce (random salt) generated by the access point.
 */

/**
 * Buffer for EAPOL data, only first `len_eapol` bytes are used
 */

/**
 * Size of EAPOL data
 */

/**
 * The flag used to distinguish WPA from WPA2 ciphers. Value of
 * 1 means WPA, other - WPA2.
 */

/**
 * The final hash value. MD5 for WPA and SHA-1 for WPA2
 * (truncated to 128 bit).
 */
type Hccap_EapolDummy struct {
	_io *kaitai.Stream
	_root *Hccap
	_parent *Hccap_HccapRecord
}
func NewHccap_EapolDummy() *Hccap_EapolDummy {
	return &Hccap_EapolDummy{
	}
}

func (this *Hccap_EapolDummy) Read(io *kaitai.Stream, parent *Hccap_HccapRecord, root *Hccap) (err error) {
	this._io = io
	this._parent = parent
	this._root = root

	return err
}