Hashcat capture file (old version): JavaScript parsing library

Native format of Hashcat password "recovery" utility.

A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap

Application

["Hashcat", "aircrack-ng"]

File extension

hccap

KS implementation details

License: Unlicense

This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Usage

Runtime library

All parsing code for JavaScript generated by Kaitai Struct depends on the JavaScript runtime library. You have to install it before you can parse data.

The JavaScript runtime library is available at npm:

npm install kaitai-struct

Code

See the usage examples in the JavaScript notes.

Parse structure from an ArrayBuffer:

var arrayBuffer = ...;
var data = new Hccap(new KaitaiStream(arrayBuffer));

After that, one can get various attributes from the structure by accessing fields or properties like:

data.records // => get records

JavaScript source code to parse Hashcat capture file (old version)

Hccap.js

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

(function (root, factory) {
  if (typeof define === 'function' && define.amd) {
    define(['kaitai-struct/KaitaiStream'], factory);
  } else if (typeof module === 'object' && module.exports) {
    module.exports = factory(require('kaitai-struct/KaitaiStream'));
  } else {
    root.Hccap = factory(root.KaitaiStream);
  }
}(typeof self !== 'undefined' ? self : this, function (KaitaiStream) {
/**
 * Native format of Hashcat password "recovery" utility.
 * 
 * A sample of file for testing can be downloaded from
 * <https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap>
 * @see {@link https://hashcat.net/wiki/doku.php?id=hccap|Source}
 */

var Hccap = (function() {
  function Hccap(_io, _parent, _root) {
    this._io = _io;
    this._parent = _parent;
    this._root = _root || this;

    this._read();
  }
  Hccap.prototype._read = function() {
    this.records = [];
    var i = 0;
    while (!this._io.isEof()) {
      this.records.push(new HccapRecord(this._io, this, this._root));
      i++;
    }
  }

  var HccapRecord = Hccap.HccapRecord = (function() {
    function HccapRecord(_io, _parent, _root) {
      this._io = _io;
      this._parent = _parent;
      this._root = _root || this;

      this._read();
    }
    HccapRecord.prototype._read = function() {
      this.essid = this._io.readBytes(36);
      this.macAp = this._io.readBytes(6);
      this.macStation = this._io.readBytes(6);
      this.nonceStation = this._io.readBytes(32);
      this.nonceAp = this._io.readBytes(32);
      this._raw_eapolBuffer = this._io.readBytes(256);
      var _io__raw_eapolBuffer = new KaitaiStream(this._raw_eapolBuffer);
      this.eapolBuffer = new EapolDummy(_io__raw_eapolBuffer, this, this._root);
      this.lenEapol = this._io.readU4le();
      this.keyver = this._io.readU4le();
      this.keymic = this._io.readBytes(16);
    }
    Object.defineProperty(HccapRecord.prototype, 'eapol', {
      get: function() {
        if (this._m_eapol !== undefined)
          return this._m_eapol;
        var io = this.eapolBuffer._io;
        var _pos = io.pos;
        io.seek(0);
        this._m_eapol = io.readBytes(this.lenEapol);
        io.seek(_pos);
        return this._m_eapol;
      }
    });

    /**
     * The BSSID (MAC address) of the access point
     */

    /**
     * The MAC address of a client connecting to the access point
     */

    /**
     * Nonce (random salt) generated by the client connecting to the access point.
     */

    /**
     * Nonce (random salt) generated by the access point.
     */

    /**
     * Buffer for EAPOL data, only first `len_eapol` bytes are used
     */

    /**
     * Size of EAPOL data
     */

    /**
     * The flag used to distinguish WPA from WPA2 ciphers. Value of
     * 1 means WPA, other - WPA2.
     */

    /**
     * The final hash value. MD5 for WPA and SHA-1 for WPA2
     * (truncated to 128 bit).
     */

    return HccapRecord;
  })();

  var EapolDummy = Hccap.EapolDummy = (function() {
    function EapolDummy(_io, _parent, _root) {
      this._io = _io;
      this._parent = _parent;
      this._root = _root || this;

      this._read();
    }
    EapolDummy.prototype._read = function() {
    }

    return EapolDummy;
  })();

  return Hccap;
})();
return Hccap;
}));