better handling of FT using PSK PMKIDs in really really crappy dump files

= · = · commit cba739bad54c · 2024-09-20T08:39:20.000+02:00
diff --git a/hcxpcapngtool.c b/hcxpcapngtool.c
@@ -2309,6 +2309,10 @@ for(zeigerpmkid = zeigerpmkidakt; zeigerpmkid < pmkidlistptr; zeigerpmkid++)
 	{
 	tvhs = zeigerpmkid->timestamp /1000000000;
 	strftime(timestringhs, 32, "%d.%m.%Y %H:%M:%S", localtime(&tvhs));
+	if(((zeigerpmkid->status &PMKID_APPSK256) == PMKID_APPSK256) && ((zeigermac->akm &TAK_PSKSHA256) != TAK_PSKSHA256))
+		{
+		if(ignoreieflag == false) continue;
+		}
 	if(donotcleanflag == false)
 		{
 		if(memcmp(&mac_broadcast, zeigerpmkid->client, 6) == 0) continue;
@@ -3881,7 +3885,7 @@ if(authlen >= (int)(WPAKEY_SIZE +PMKID_SIZE))
 	{
 	pmkid = (pmkid_t*)(wpakptr +WPAKEY_SIZE);
 	if(pmkid->id != TAG_VENDOR) return;
-	if((pmkid->len == 0x14) && (pmkid->type == 0x04) && keyver != 3)
+	if((pmkid->len == 0x14) && (pmkid->type == 0x04))
 		{
 		zeiger->message |= HS_PMKID;
 		if(memcmp(&zeroed32, pmkid->pmkid, 16) == 0)
@@ -3906,7 +3910,8 @@ if(authlen >= (int)(WPAKEY_SIZE +PMKID_SIZE))
 					}
 				}
 			memcpy(zeiger->pmkid, pmkid->pmkid, 16);
-			addpmkid(eaptimestamp, macclient, macsrc, pmkid->pmkid, PMKID_AP);
+			if(keyver != 3) addpmkid(eaptimestamp, macclient, macsrc, pmkid->pmkid, PMKID_AP);
+			else addpmkid(eaptimestamp, macclient, macsrc, pmkid->pmkid, PMKID_AP | PMKID_APPSK256);
 			}
 		}
 	else pmkiduselesscount++;
diff --git a/include/hcxpcapngtool.h b/include/hcxpcapngtool.h
@@ -365,6 +365,7 @@ struct pmkidlist_s
  uint64_t		timestamp;
  uint8_t		status;
 #define PMKID_AP	0x01
+#define PMKID_APPSK256	0x02
 #define PMKID_CLIENT	0x10
  uint8_t		ap[6];
  uint8_t		client[6];

Original file line number	Diff line number	Diff line change
`@@ -2309,6 +2309,10 @@ for(zeigerpmkid = zeigerpmkidakt; zeigerpmkid < pmkidlistptr; zeigerpmkid++)`
`2309`	`2309`	`{`
`2310`	`2310`	`tvhs = zeigerpmkid->timestamp /1000000000;`
`2311`	`2311`	`strftime(timestringhs, 32, "%d.%m.%Y %H:%M:%S", localtime(&tvhs));`
	`2312`	`+ if(((zeigerpmkid->status &PMKID_APPSK256) == PMKID_APPSK256) && ((zeigermac->akm &TAK_PSKSHA256) != TAK_PSKSHA256))`
	`2313`	`+ {`
	`2314`	`+ if(ignoreieflag == false) continue;`
	`2315`	`+ }`
`2312`	`2316`	`if(donotcleanflag == false)`
`2313`	`2317`	`{`
`2314`	`2318`	`if(memcmp(&mac_broadcast, zeigerpmkid->client, 6) == 0) continue;`
`@@ -3881,7 +3885,7 @@ if(authlen >= (int)(WPAKEY_SIZE +PMKID_SIZE))`
`3881`	`3885`	`{`
`3882`	`3886`	`pmkid = (pmkid_t*)(wpakptr +WPAKEY_SIZE);`
`3883`	`3887`	`if(pmkid->id != TAG_VENDOR) return;`
`3884`		`- if((pmkid->len == 0x14) && (pmkid->type == 0x04) && keyver != 3)`
	`3888`	`+ if((pmkid->len == 0x14) && (pmkid->type == 0x04))`
`3885`	`3889`	`{`
`3886`	`3890`	`zeiger->message \|= HS_PMKID;`
`3887`	`3891`	`if(memcmp(&zeroed32, pmkid->pmkid, 16) == 0)`
`@@ -3906,7 +3910,8 @@ if(authlen >= (int)(WPAKEY_SIZE +PMKID_SIZE))`
`3906`	`3910`	`}`
`3907`	`3911`	`}`
`3908`	`3912`	`memcpy(zeiger->pmkid, pmkid->pmkid, 16);`
`3909`		`- addpmkid(eaptimestamp, macclient, macsrc, pmkid->pmkid, PMKID_AP);`
	`3913`	`+ if(keyver != 3) addpmkid(eaptimestamp, macclient, macsrc, pmkid->pmkid, PMKID_AP);`
	`3914`	`+ else addpmkid(eaptimestamp, macclient, macsrc, pmkid->pmkid, PMKID_AP \| PMKID_APPSK256);`
`3910`	`3915`	`}`
`3911`	`3916`	`}`
`3912`	`3917`	`else pmkiduselesscount++;`