1.2 C
Monday, January 15, 2024

A Device To Crack WPA2 Passphrase With PMKID Worth With out Purchasers Or De-Authentication

This program is a software written in Python to get well the pre-shared key of a WPA2 WiFi community with none de-authentication or requiring any purchasers to be on the community. It targets the weak spot of sure entry factors promoting the PMKID worth in EAPOL message 1.

Program Utilization

python pmkidcracker.py -s <SSID> -ap <APMAC> -c <CLIENTMAC> -p <PMKID> -w <WORDLIST> -t <THREADS(Non-compulsory)>

NOTE: apmac, clientmac, pmkid have to be a hexstring, e.g b8621f50edd9

How PMKID is Calculated

The 2 most important formulation to acquire a PMKID are as follows:

  1. Pairwise Grasp Key (PMK) Calculation: passphrase + salt(ssid) => PBKDF2(HMAC-SHA1) of 4096 iterations
  2. PMKID Calculation: HMAC-SHA1[pmk + (“PMK Name” + bssid + clientmac)]

That is only for understanding, each are already applied in find_pw_chunk and calculate_pmkid.

Acquiring the PMKID

Under are the steps to acquire the PMKID manually by inspecting the packets in WireShark.

*You might use Hcxtools or Bettercap to shortly receive the PMKID with out the beneath steps. The handbook approach is for understanding.

To acquire the PMKID manually from wireshark, put your wi-fi antenna in monitor mode, begin capturing all packets with airodump-ng or comparable instruments. Then connect with the AP utilizing an invalid password to seize the EAPOL 1 handshake message. Observe the following 3 steps to acquire the fields wanted for the arguments.

Open the pcap in WireShark:

  • Filter with wlan_rsna_eapol.keydes.msgnr == 1 in WireShark to show solely EAPOL message 1 packets.
  • In EAPOL 1 pkt, Increase IEEE 802.11 QoS Information Discipline to acquire AP MAC, Shopper MAC
  • In EAPOL 1 pkt, Increase 802.1 Authentication > WPA Key Information > Tag: Vendor Particular > PMKID is beneath

If entry level is weak, you need to see the PMKID worth just like the beneath screenshot:

Demo Run


This software is for instructional and testing functions solely. Don’t use it to use the vulnerability on any community that you don’t personal or have permission to check. The authors of this script aren’t accountable for any misuse or injury brought on by its use.

Latest news
Related news


Please enter your comment!
Please enter your name here