Native format of Hashcat password "recovery" utility.
A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
<?php
// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
/**
* Native format of Hashcat password "recovery" utility.
*
* A sample of file for testing can be downloaded from
* <https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap>
*/
namespace {
class Hccap extends \Kaitai\Struct\Struct {
public function __construct(\Kaitai\Struct\Stream $_io, \Kaitai\Struct\Struct $_parent = null, \Hccap $_root = null) {
parent::__construct($_io, $_parent, $_root);
$this->_read();
}
private function _read() {
$this->_m_records = [];
$i = 0;
while (!$this->_io->isEof()) {
$this->_m_records[] = new \Hccap\HccapRecord($this->_io, $this, $this->_root);
$i++;
}
}
protected $_m_records;
public function records() { return $this->_m_records; }
}
}
namespace Hccap {
class HccapRecord extends \Kaitai\Struct\Struct {
public function __construct(\Kaitai\Struct\Stream $_io, \Hccap $_parent = null, \Hccap $_root = null) {
parent::__construct($_io, $_parent, $_root);
$this->_read();
}
private function _read() {
$this->_m_essid = $this->_io->readBytes(36);
$this->_m_macAp = $this->_io->readBytes(6);
$this->_m_macStation = $this->_io->readBytes(6);
$this->_m_nonceStation = $this->_io->readBytes(32);
$this->_m_nonceAp = $this->_io->readBytes(32);
$this->_m__raw_eapolBuffer = $this->_io->readBytes(256);
$_io__raw_eapolBuffer = new \Kaitai\Struct\Stream($this->_m__raw_eapolBuffer);
$this->_m_eapolBuffer = new \Hccap\EapolDummy($_io__raw_eapolBuffer, $this, $this->_root);
$this->_m_lenEapol = $this->_io->readU4le();
$this->_m_keyver = $this->_io->readU4le();
$this->_m_keymic = $this->_io->readBytes(16);
}
protected $_m_eapol;
public function eapol() {
if ($this->_m_eapol !== null)
return $this->_m_eapol;
$io = $this->eapolBuffer()->_io();
$_pos = $io->pos();
$io->seek(0);
$this->_m_eapol = $io->readBytes($this->lenEapol());
$io->seek($_pos);
return $this->_m_eapol;
}
protected $_m_essid;
protected $_m_macAp;
protected $_m_macStation;
protected $_m_nonceStation;
protected $_m_nonceAp;
protected $_m_eapolBuffer;
protected $_m_lenEapol;
protected $_m_keyver;
protected $_m_keymic;
protected $_m__raw_eapolBuffer;
public function essid() { return $this->_m_essid; }
/**
* The BSSID (MAC address) of the access point
*/
public function macAp() { return $this->_m_macAp; }
/**
* The MAC address of a client connecting to the access point
*/
public function macStation() { return $this->_m_macStation; }
/**
* Nonce (random salt) generated by the client connecting to the access point.
*/
public function nonceStation() { return $this->_m_nonceStation; }
/**
* Nonce (random salt) generated by the access point.
*/
public function nonceAp() { return $this->_m_nonceAp; }
/**
* Buffer for EAPOL data, only first `len_eapol` bytes are used
*/
public function eapolBuffer() { return $this->_m_eapolBuffer; }
/**
* Size of EAPOL data
*/
public function lenEapol() { return $this->_m_lenEapol; }
/**
* The flag used to distinguish WPA from WPA2 ciphers. Value of
* 1 means WPA, other - WPA2.
*/
public function keyver() { return $this->_m_keyver; }
/**
* The final hash value. MD5 for WPA and SHA-1 for WPA2
* (truncated to 128 bit).
*/
public function keymic() { return $this->_m_keymic; }
public function _raw_eapolBuffer() { return $this->_m__raw_eapolBuffer; }
}
}
namespace Hccap {
class EapolDummy extends \Kaitai\Struct\Struct {
public function __construct(\Kaitai\Struct\Stream $_io, \Hccap\HccapRecord $_parent = null, \Hccap $_root = null) {
parent::__construct($_io, $_parent, $_root);
$this->_read();
}
private function _read() {
}
}
}