Hashcat capture file (old version): Lua parsing library

Native format of Hashcat password "recovery" utility.

A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap

Application

["Hashcat", "aircrack-ng"]

File extension

hccap

KS implementation details

License: Unlicense

This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Lua source code to parse Hashcat capture file (old version)

hccap.lua

-- This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
--
-- This file is compatible with Lua 5.3

local class = require("class")
require("kaitaistruct")
local stringstream = require("string_stream")

-- 
-- Native format of Hashcat password "recovery" utility.
-- 
-- A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
-- See also: Source (https://hashcat.net/wiki/doku.php?id=hccap)
Hccap = class.class(KaitaiStruct)

function Hccap:_init(io, parent, root)
  KaitaiStruct._init(self, io)
  self._parent = parent
  self._root = root or self
  self:_read()
end

function Hccap:_read()
  self.records = {}
  local i = 0
  while not self._io:is_eof() do
    self.records[i + 1] = Hccap.HccapRecord(self._io, self, self._root)
    i = i + 1
  end
end


Hccap.HccapRecord = class.class(KaitaiStruct)

function Hccap.HccapRecord:_init(io, parent, root)
  KaitaiStruct._init(self, io)
  self._parent = parent
  self._root = root or self
  self:_read()
end

function Hccap.HccapRecord:_read()
  self.essid = self._io:read_bytes(36)
  self.mac_ap = self._io:read_bytes(6)
  self.mac_station = self._io:read_bytes(6)
  self.nonce_station = self._io:read_bytes(32)
  self.nonce_ap = self._io:read_bytes(32)
  self._raw_eapol_buffer = self._io:read_bytes(256)
  local _io = KaitaiStream(stringstream(self._raw_eapol_buffer))
  self.eapol_buffer = Hccap.EapolDummy(_io, self, self._root)
  self.len_eapol = self._io:read_u4le()
  self.keyver = self._io:read_u4le()
  self.keymic = self._io:read_bytes(16)
end

Hccap.HccapRecord.property.eapol = {}
function Hccap.HccapRecord.property.eapol:get()
  if self._m_eapol ~= nil then
    return self._m_eapol
  end

  local _io = self.eapol_buffer._io
  local _pos = _io:pos()
  _io:seek(0)
  self._m_eapol = _io:read_bytes(self.len_eapol)
  _io:seek(_pos)
  return self._m_eapol
end

-- 
-- The BSSID (MAC address) of the access point.
-- 
-- The MAC address of a client connecting to the access point.
-- 
-- Nonce (random salt) generated by the client connecting to the access point.
-- 
-- Nonce (random salt) generated by the access point.
-- 
-- Buffer for EAPOL data, only first `len_eapol` bytes are used.
-- 
-- Size of EAPOL data.
-- 
-- The flag used to distinguish WPA from WPA2 ciphers. Value of
-- 1 means WPA, other - WPA2.
-- 
-- The final hash value. MD5 for WPA and SHA-1 for WPA2
-- (truncated to 128 bit).

Hccap.EapolDummy = class.class(KaitaiStruct)

function Hccap.EapolDummy:_init(io, parent, root)
  KaitaiStruct._init(self, io)
  self._parent = parent
  self._root = root or self
  self:_read()
end

function Hccap.EapolDummy:_read()
end