Merge pull request #208 from RealEnder/master

port hcxgrep.py to python3

Author: ZerBea

Diff for: README.md

@@ -63,7 +63,7 @@ Detailed description
 | hcxhashcattool | Convert old hashcat (<= 5.1.0) separate potfile (2500 and/or 16800) to new potfile format                              |
 
 
-Work flow
+Workflow
 --------------
 
 hcxdumptool -> hcxpcapngtool -> hcxhashtool (additional hcxpsktool/hcxeiutool) -> hashcat or JtR
@@ -106,13 +106,15 @@ Or install via packet manager of your distribution
 [Arch Linux ARM ](https://archlinuxarm.org/) 
 `pacman -S hcxtools`
 
-### Black Arch
+### BlackArch
 [Black Arch](https://blackarch.org/) is an Arch Linux-based penetration testing distribution for penetration testers and security researchers  
 `pacman -S hcxtools`
 
 ### Kali Linux
 `apt install hcxtools`
 
+### OpenWRT
+`opkg install hcxtools`
 
 ### macOS
 [Homebrew](https://brew.sh/) is 3-rd party package manager for macOS  
@@ -123,47 +125,31 @@ Requirements
 --------------
 
 * knowledge of radio technology
-
 * knowledge of electromagnetic-wave engineering
-
 * detailed knowledge of 802.11 protocol
-
 * detailed knowledge of key derivation functions
-
 * detailed knowledge of Linux
-
 * Linux (recommended Arch Linux, but other distros should work, too (no support for other distributions).
-
 * gcc >= 11 recommended (deprecated versions are not supported: https://gcc.gnu.org/)
-
 * libopenssl and openssl-dev installed
-
 * librt and librt-dev installed (should be installed by default)
-
 * zlib and zlib-dev installed (for gzip compressed cap/pcap/pcapng files)
-
 * libcurl and curl-dev installed (used by whoismac and wlancap2wpasec)
-
 * libpthread and pthread-dev installed (used by hcxhashcattool)
-
 * pkg-config installed
 
 To install requirements on Kali use the following 'apt-get install pkg-config libcurl4-openssl-dev libssl-dev zlib1g-dev'
 
 If you decide to compile latest git head, make sure that your distribution is updated on latest version.
 
-
-
-
-
 Useful scripts
 --------------
 
 | Script       | Description                                              |
 | ------------ | -------------------------------------------------------- |
 | piwritecard  | Example script to restore SD-Card                        |
 | piwreadcard  | Example script to backup SD-Card                         |
-| hcxgrep.py   | Extract records from hccapx/pmkid file based on regexp   |
+| hcxgrep.py   | Extract records from m22000 hashline/hccapx/pmkid file based on regexp   |
 
 
 Notice
@@ -187,11 +173,11 @@ bit 0-2
 
 010 = M2+M3, EAPOL from M2 (authorized)
 
-011 = M2+M3, EAPOL from M3 (authorized) - unused"
+011 = M2+M3, EAPOL from M3 (authorized) - unused
 
-100 = M3+M4, EAPOL from M3 (authorized) - unused"
+100 = M3+M4, EAPOL from M3 (authorized) - unused
 
-101 = M3+M4, EAPOL from M4 if not zeroed (authorized)"
+101 = M3+M4, EAPOL from M4 if not zeroed (authorized)
 
 3: reserved
 

Diff for: usefulscripts/hcxgrep.py

@@ -1,15 +1,14 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python3
 '''
 greps inside hccapx/pmkid structs by essid, mac_ap or mac_sta
 
-This software is Copyright (c) 2019-2020, Alex Stanev <alex at stanev.org> and it is
-hereby released to the general public under the following terms:
+This software is Copyright (c) 2019-2022, Alex Stanev <alex at stanev.org>
+and it is hereby released to the general public under the following terms:
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted.
 '''
 
-from __future__ import print_function
 import argparse
 import os
 import sys
@@ -18,10 +17,8 @@
 import re
 import sre_constants
 
-try:
-    from string import maketrans
-except ImportError:
-    maketrans = bytearray.maketrans  # pylint: disable=no-member
+maketrans = bytearray.maketrans
+
 
 def parse_hccapx(hccapx):
     '''hccapx decompose
@@ -46,28 +43,25 @@ def parse_hccapx(hccapx):
     } __attribute__((packed));
     '''
 
-    hccapx_fmt = '< 4x 4x B B 32s B 16s 6s 32s 6s 32s H 256s'
+    hccapx_fmt = '< 4x 4x x B 32s x 16x 6s 32x 6s 32x 2x 256x'
 
     try:
-        (message_pair,
-         essid_len, essid,
-         keyver, keymic,
-         mac_ap, nonce_ap, mac_sta, nonce_sta,
-         eapol_len, eapol) = struct.unpack(hccapx_fmt, hccapx)
-    except struct.error as ex:
-        sys.stderr.write(str(ex + '\n'))
-        exit(1)
+        (essid_len, essid,
+         mac_ap, mac_sta) = struct.unpack(hccapx_fmt, hccapx)
+    except struct.error:
+        sys.stderr.write('Can\'t parse hcccapx struct!\n')
+        sys.exit(1)
 
     # fixup
-    res = ''
     if args.t == 'essid':
-        res = essid[:essid_len]
-    elif args.t == 'mac_ap':
-        res = binascii.hexlify(mac_ap).zfill(12)
-    elif args.t == 'mac_sta':
-        res = binascii.hexlify(mac_sta).zfill(12)
+        return essid[:essid_len]
+    if args.t == 'mac_ap':
+        return binascii.hexlify(mac_ap).zfill(12)
+    if args.t == 'mac_sta':
+        return binascii.hexlify(mac_sta).zfill(12)
+
+    return None
 
-    return res
 
 def parse_pmkid(pmkid):
     '''pmkid decompose
@@ -77,20 +71,20 @@ def parse_pmkid(pmkid):
     '''
 
     arr = pmkid.split(b'*', 4)
-    res = ''
     if len(arr) == 4:
         try:
             if args.t == 'essid':
-                res = binascii.unhexlify(arr[3].strip())
-            elif args.t == 'mac_ap':
-                res = arr[1]
-            elif args.t == 'mac_sta':
-                res = arr[2]
-        except TypeError as ex:
-            sys.stderr.write(str(ex + '\n'))
-            exit(1)
+                return binascii.unhexlify(arr[3].strip())
+            if args.t == 'mac_ap':
+                return arr[1]
+            if args.t == 'mac_sta':
+                return arr[2]
+        except TypeError:
+            sys.stderr.write('Can\'t decode: {}\n'.format(arr[3].strip().decode()))
+            sys.exit(1)
+
+    return None
 
-    return res
 
 def parse_combined(hashline):
     '''m22000 hashline decompose
@@ -100,25 +94,23 @@ def parse_combined(hashline):
     '''
 
     arr = hashline.split(b'*', 9)
-    res = ''
     if len(arr) == 9:
         try:
             if args.t == 'essid':
-                res = binascii.unhexlify(arr[5].strip())
-            elif args.t == 'mac_ap':
-                res = arr[3]
-            elif args.t == 'mac_sta':
-                res = arr[4]
-        except TypeError as ex:
-            sys.stderr.write(str(ex + '\n'))
-            exit(1)
+                return binascii.unhexlify(arr[5].strip())
+            if args.t == 'mac_ap':
+                return arr[3]
+            if args.t == 'mac_sta':
+                return arr[4]
+        except TypeError:
+            sys.stderr.write('Can\'t decode: {}\n'.format(arr[5].strip().decode()))
+            sys.exit(1)
 
-    return res
+    return None
 
 if __name__ == "__main__":
     parser = argparse.ArgumentParser(
-        description='Extract records from wpa combined hashline/hccapx/pmkid file based on regexp')
-    #group = parser.add_mutually_exclusive_group(required=True)
+        description='Extract records from m22000 hashline/hccapx/pmkid file with regexp')
     parser.add_argument(
         '-f', '--file', type=argparse.FileType('r'),
         help='Obtain patterns from FILE, one per line.')
@@ -130,7 +122,8 @@ def parse_combined(hashline):
         '-v', '--invert-match', dest='v', action='store_true',
         help='Invert the sense of matching, to select non-matching nets')
     parser.add_argument(
-        '-t', '--type', dest='t', choices=['essid','mac_ap','mac_sta'], default='essid',
+        '-t', '--type', dest='t',
+        choices=['essid', 'mac_ap', 'mac_sta'], default='essid',
         help='Field to apply matching, default essid')
     parser.add_argument(
         'infile', type=str, nargs='?',
@@ -141,11 +134,6 @@ def parse_combined(hashline):
     except IOError as ex:
         parser.error(str(ex))
 
-    # workaround encoding issues with python2
-    if sys.version_info[0] == 2:
-        reload(sys)                         # pylint: disable=undefined-variable
-        sys.setdefaultencoding('utf-8')     # pylint: disable=no-member
-
     # shift parameters
     if args.file and args.PATTERNS:
         args.infile = args.PATTERNS
@@ -155,50 +143,42 @@ def parse_combined(hashline):
     if args.PATTERNS is None and args.file is None:
         parser.print_help(sys.stderr)
         sys.stderr.write('You must provide PATTERNS or -f FILE\n')
-        exit(1)
+        sys.exit(1)
 
     # read patterns from file
     if args.PATTERNS is None:
         args.PATTERNS = '|'.join('(?:{0})'.format(x.strip()) for x in args.file)
 
     try:
         regexp = re.compile(args.PATTERNS)
-    except sre_constants.error as e:
-        sys.stderr.write('Wrong regexp {0}: {1} \n'.format(args.PATTERNS, e))
-        exit(1)
+    except sre_constants.error as ex:
+        sys.stderr.write('Wrong regexp {0}: {1} \n'.format(args.PATTERNS, ex))
+        sys.exit(1)
 
     if args.infile is not None and os.path.isfile(args.infile):
         fd = open(args.infile, 'rb')
     else:
         fd = sys.stdin
-    
-    structformat = ''
+
     while True:
         buf = fd.read(4)
-        if buf == 'WPA*':
+        if buf == b'WPA*':
             buf = buf + fd.readline()
-            structformat = 'combined'
-        elif buf == 'HCPX':
+            target = parse_combined(buf)
+        elif buf == b'HCPX':
             buf = buf + fd.read(393 - 4)
-            structformat = 'hccapx'
+            target = parse_hccapx(buf)
         else:
             buf = buf + fd.readline()
-            structformat = 'pmkid'
+            target = parse_pmkid(buf)
 
         if not buf:
             break
 
-        if structformat == 'combined':
-            target = parse_combined(buf)
-        elif structformat == 'hccapx':
-            target = parse_hccapx(buf)
-        elif structformat == 'pmkid':
-            target = parse_pmkid(buf)
-        else:
+        if target is None:
             sys.stderr.write('Unrecognized input format\n')
-            exit(1)
+            sys.exit(1)
 
         res = regexp.search(str(target))
         if (res is not None and not args.v) or (res is None and args.v):
-            sys.stdout.write(buf)
-
+            sys.stdout.buffer.write(buf)