Hashcat capture file (old version): PHP parsing library

Native format of Hashcat password "recovery" utility.

A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap

Application

["Hashcat", "aircrack-ng"]

File extension

hccap

KS implementation details

License: Unlicense

This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

PHP source code to parse Hashcat capture file (old version)

Hccap.php

<?php
// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

/**
 * Native format of Hashcat password "recovery" utility.
 * 
 * A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
 */

namespace {
    class Hccap extends \Kaitai\Struct\Struct {
        public function __construct(\Kaitai\Struct\Stream $_io, \Kaitai\Struct\Struct $_parent = null, \Hccap $_root = null) {
            parent::__construct($_io, $_parent, $_root);
            $this->_read();
        }

        private function _read() {
            $this->_m_records = [];
            $i = 0;
            while (!$this->_io->isEof()) {
                $this->_m_records[] = new \Hccap\HccapRecord($this->_io, $this, $this->_root);
                $i++;
            }
        }
        protected $_m_records;
        public function records() { return $this->_m_records; }
    }
}

namespace Hccap {
    class HccapRecord extends \Kaitai\Struct\Struct {
        public function __construct(\Kaitai\Struct\Stream $_io, \Hccap $_parent = null, \Hccap $_root = null) {
            parent::__construct($_io, $_parent, $_root);
            $this->_read();
        }

        private function _read() {
            $this->_m_essid = $this->_io->readBytes(36);
            $this->_m_macAp = $this->_io->readBytes(6);
            $this->_m_macStation = $this->_io->readBytes(6);
            $this->_m_nonceStation = $this->_io->readBytes(32);
            $this->_m_nonceAp = $this->_io->readBytes(32);
            $this->_m__raw_eapolBuffer = $this->_io->readBytes(256);
            $_io__raw_eapolBuffer = new \Kaitai\Struct\Stream($this->_m__raw_eapolBuffer);
            $this->_m_eapolBuffer = new \Hccap\EapolDummy($_io__raw_eapolBuffer, $this, $this->_root);
            $this->_m_lenEapol = $this->_io->readU4le();
            $this->_m_keyver = $this->_io->readU4le();
            $this->_m_keymic = $this->_io->readBytes(16);
        }
        protected $_m_eapol;
        public function eapol() {
            if ($this->_m_eapol !== null)
                return $this->_m_eapol;
            $io = $this->eapolBuffer()->_io();
            $_pos = $io->pos();
            $io->seek(0);
            $this->_m_eapol = $io->readBytes($this->lenEapol());
            $io->seek($_pos);
            return $this->_m_eapol;
        }
        protected $_m_essid;
        protected $_m_macAp;
        protected $_m_macStation;
        protected $_m_nonceStation;
        protected $_m_nonceAp;
        protected $_m_eapolBuffer;
        protected $_m_lenEapol;
        protected $_m_keyver;
        protected $_m_keymic;
        protected $_m__raw_eapolBuffer;
        public function essid() { return $this->_m_essid; }

        /**
         * The BSSID (MAC address) of the access point
         */
        public function macAp() { return $this->_m_macAp; }

        /**
         * The MAC address of a client connecting to the access point
         */
        public function macStation() { return $this->_m_macStation; }

        /**
         * Nonce (random salt) generated by the client connecting to the access point.
         */
        public function nonceStation() { return $this->_m_nonceStation; }

        /**
         * Nonce (random salt) generated by the access point.
         */
        public function nonceAp() { return $this->_m_nonceAp; }

        /**
         * Buffer for EAPOL data, only first `len_eapol` bytes are used
         */
        public function eapolBuffer() { return $this->_m_eapolBuffer; }

        /**
         * Size of EAPOL data
         */
        public function lenEapol() { return $this->_m_lenEapol; }

        /**
         * The flag used to distinguish WPA from WPA2 ciphers. Value of
         * 1 means WPA, other - WPA2.
         */
        public function keyver() { return $this->_m_keyver; }

        /**
         * The final hash value. MD5 for WPA and SHA-1 for WPA2
         * (truncated to 128 bit).
         */
        public function keymic() { return $this->_m_keymic; }
        public function _raw_eapolBuffer() { return $this->_m__raw_eapolBuffer; }
    }
}

namespace Hccap {
    class EapolDummy extends \Kaitai\Struct\Struct {
        public function __construct(\Kaitai\Struct\Stream $_io, \Hccap\HccapRecord $_parent = null, \Hccap $_root = null) {
            parent::__construct($_io, $_parent, $_root);
            $this->_read();
        }

        private function _read() {
        }
    }
}