├── CapConverter.exe
├── CommonDialogs.bas
├── Form1.frm
├── Form1.frx
├── Form2.frm
├── Form2.frx
├── Module1.bas
├── Project1.vbp
├── Project1.vbw
├── README.md
├── ReadCAP.bas
├── ReadHCCAP.bas
├── RegistryModule.bas
├── WriteCAP.bas
├── WriteHCCAP.bas
├── dlls.zip
├── manifest.res
├── screenshot.png
└── vgafix.fon
/CapConverter.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wpatoolkit/Cap-Converter/61dfcf4d980c61e6ed869aac7840b86e142d29bf/CapConverter.exe
--------------------------------------------------------------------------------
/CommonDialogs.bas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wpatoolkit/Cap-Converter/61dfcf4d980c61e6ed869aac7840b86e142d29bf/CommonDialogs.bas
--------------------------------------------------------------------------------
/Form1.frm:
--------------------------------------------------------------------------------
1 | VERSION 5.00
2 | Begin VB.Form Form1
3 | Caption = "Cap Converter"
4 | ClientHeight = 10335
5 | ClientLeft = 120
6 | ClientTop = 450
7 | ClientWidth = 7635
8 | Icon = "Form1.frx":0000
9 | LinkTopic = "Form1"
10 | MaxButton = 0 'False
11 | OLEDropMode = 1 'Manual
12 | ScaleHeight = 10335
13 | ScaleWidth = 7635
14 | StartUpPosition = 2 'CenterScreen
15 | Begin VB.CommandButton btnPrev
16 | Caption = "<"
17 | Enabled = 0 'False
18 | BeginProperty Font
19 | Name = "Courier New"
20 | Size = 15.75
21 | Charset = 0
22 | Weight = 700
23 | Underline = 0 'False
24 | Italic = 0 'False
25 | Strikethrough = 0 'False
26 | EndProperty
27 | Height = 375
28 | Left = 6120
29 | TabIndex = 24
30 | Top = 375
31 | Width = 495
32 | End
33 | Begin VB.CommandButton btnNext
34 | Caption = ">"
35 | Enabled = 0 'False
36 | BeginProperty Font
37 | Name = "Courier New"
38 | Size = 15.75
39 | Charset = 0
40 | Weight = 700
41 | Underline = 0 'False
42 | Italic = 0 'False
43 | Strikethrough = 0 'False
44 | EndProperty
45 | Height = 375
46 | Left = 6600
47 | TabIndex = 23
48 | Top = 375
49 | Width = 495
50 | End
51 | Begin VB.CommandButton btnWriteCAP
52 | Caption = "Save As CAP..."
53 | Height = 645
54 | Left = 3810
55 | TabIndex = 2
56 | Top = 9465
57 | Width = 1770
58 | End
59 | Begin VB.CommandButton btnReadHCCAP
60 | Caption = "Open HCCAP..."
61 | Height = 645
62 | Left = 2010
63 | TabIndex = 1
64 | Top = 9465
65 | Width = 1770
66 | End
67 | Begin VB.CommandButton btnWriteHCCAP
68 | Caption = "Save As HCCAP..."
69 | Height = 645
70 | Left = 5610
71 | TabIndex = 3
72 | Top = 9465
73 | Width = 1770
74 | End
75 | Begin VB.CommandButton btnReadCAP
76 | Caption = "Open CAP..."
77 | Height = 645
78 | Left = 210
79 | TabIndex = 0
80 | Top = 9465
81 | Width = 1770
82 | End
83 | Begin VB.Frame Frame1
84 | Caption = " HCCAP Info "
85 | Height = 9045
86 | Left = 240
87 | OLEDropMode = 1 'Manual
88 | TabIndex = 4
89 | Top = 225
90 | Width = 7125
91 | Begin VB.TextBox txtKEYMIC
92 | BeginProperty Font
93 | Name = "Fixedsys"
94 | Size = 9
95 | Charset = 0
96 | Weight = 400
97 | Underline = 0 'False
98 | Italic = 0 'False
99 | Strikethrough = 0 'False
100 | EndProperty
101 | Height = 405
102 | Left = 240
103 | MaxLength = 47
104 | TabIndex = 22
105 | Top = 8370
106 | Width = 6615
107 | End
108 | Begin VB.TextBox txtKEYVER
109 | BeginProperty Font
110 | Name = "Fixedsys"
111 | Size = 9
112 | Charset = 0
113 | Weight = 400
114 | Underline = 0 'False
115 | Italic = 0 'False
116 | Strikethrough = 0 'False
117 | EndProperty
118 | Height = 405
119 | Left = 240
120 | MaxLength = 5
121 | TabIndex = 20
122 | Top = 7650
123 | Width = 6615
124 | End
125 | Begin VB.TextBox txtEAPOLSIZE
126 | BeginProperty Font
127 | Name = "Fixedsys"
128 | Size = 9
129 | Charset = 0
130 | Weight = 400
131 | Underline = 0 'False
132 | Italic = 0 'False
133 | Strikethrough = 0 'False
134 | EndProperty
135 | Height = 405
136 | Left = 240
137 | MaxLength = 3
138 | TabIndex = 18
139 | Top = 6930
140 | Width = 6615
141 | End
142 | Begin VB.TextBox txtEAPOL
143 | BeginProperty Font
144 | Name = "Fixedsys"
145 | Size = 9
146 | Charset = 0
147 | Weight = 400
148 | Underline = 0 'False
149 | Italic = 0 'False
150 | Strikethrough = 0 'False
151 | EndProperty
152 | Height = 1965
153 | Left = 240
154 | MaxLength = 782
155 | MultiLine = -1 'True
156 | ScrollBars = 2 'Vertical
157 | TabIndex = 16
158 | Top = 4650
159 | Width = 6615
160 | End
161 | Begin VB.TextBox txtANONCE
162 | BeginProperty Font
163 | Name = "Fixedsys"
164 | Size = 9
165 | Charset = 0
166 | Weight = 400
167 | Underline = 0 'False
168 | Italic = 0 'False
169 | Strikethrough = 0 'False
170 | EndProperty
171 | Height = 645
172 | Left = 240
173 | MaxLength = 96
174 | MultiLine = -1 'True
175 | TabIndex = 14
176 | Top = 3690
177 | Width = 6615
178 | End
179 | Begin VB.TextBox txtSNONCE
180 | BeginProperty Font
181 | Name = "Fixedsys"
182 | Size = 9
183 | Charset = 0
184 | Weight = 400
185 | Underline = 0 'False
186 | Italic = 0 'False
187 | Strikethrough = 0 'False
188 | EndProperty
189 | Height = 645
190 | Left = 240
191 | MaxLength = 96
192 | MultiLine = -1 'True
193 | TabIndex = 12
194 | Top = 2730
195 | Width = 6615
196 | End
197 | Begin VB.TextBox txtSTA
198 | BeginProperty Font
199 | Name = "Fixedsys"
200 | Size = 9
201 | Charset = 0
202 | Weight = 400
203 | Underline = 0 'False
204 | Italic = 0 'False
205 | Strikethrough = 0 'False
206 | EndProperty
207 | Height = 405
208 | Left = 240
209 | MaxLength = 17
210 | TabIndex = 10
211 | Top = 2010
212 | Width = 6615
213 | End
214 | Begin VB.TextBox txtBSSID
215 | BeginProperty Font
216 | Name = "Fixedsys"
217 | Size = 9
218 | Charset = 0
219 | Weight = 400
220 | Underline = 0 'False
221 | Italic = 0 'False
222 | Strikethrough = 0 'False
223 | EndProperty
224 | Height = 405
225 | Left = 240
226 | MaxLength = 17
227 | TabIndex = 8
228 | Top = 1290
229 | Width = 6615
230 | End
231 | Begin VB.TextBox txtESSID
232 | BeginProperty Font
233 | Name = "Fixedsys"
234 | Size = 9
235 | Charset = 0
236 | Weight = 400
237 | Underline = 0 'False
238 | Italic = 0 'False
239 | Strikethrough = 0 'False
240 | EndProperty
241 | Height = 405
242 | Left = 240
243 | MaxLength = 36
244 | TabIndex = 6
245 | Top = 570
246 | Width = 6615
247 | End
248 | Begin VB.Label lblCounter
249 | Alignment = 1 'Right Justify
250 | Caption = "0"
251 | Height = 195
252 | Left = 2760
253 | TabIndex = 25
254 | Top = 255
255 | Visible = 0 'False
256 | Width = 2895
257 | End
258 | Begin VB.Label lblKEYMIC
259 | AutoSize = -1 'True
260 | Caption = "Key MIC (16 bytes) (Bytes 376 to 391):"
261 | Height = 195
262 | Left = 240
263 | TabIndex = 21
264 | Top = 8130
265 | Width = 2715
266 | End
267 | Begin VB.Label lblKEYVER
268 | AutoSize = -1 'True
269 | Caption = "Key Version (4 bytes) (Bytes 372 to 375):"
270 | Height = 195
271 | Left = 240
272 | TabIndex = 19
273 | Top = 7410
274 | Width = 2865
275 | End
276 | Begin VB.Label lblEAPOLSIZE
277 | AutoSize = -1 'True
278 | Caption = "EAPOL Size (4 bytes) (Bytes 368 to 371):"
279 | Height = 195
280 | Left = 240
281 | TabIndex = 17
282 | Top = 6690
283 | Width = 2895
284 | End
285 | Begin VB.Label lblEAPOL
286 | AutoSize = -1 'True
287 | Caption = "EAPOL (256 bytes) (Bytes 112 to 367):"
288 | Height = 195
289 | Left = 240
290 | TabIndex = 15
291 | Top = 4410
292 | Width = 2730
293 | End
294 | Begin VB.Label lblANONCE
295 | AutoSize = -1 'True
296 | Caption = "ANONCE (32 bytes) (Bytes 80 to 111):"
297 | Height = 195
298 | Left = 240
299 | TabIndex = 13
300 | Top = 3450
301 | Width = 2700
302 | End
303 | Begin VB.Label lblSNONCE
304 | AutoSize = -1 'True
305 | Caption = "SNONCE (32 bytes) (Bytes 48 to 79):"
306 | Height = 195
307 | Left = 240
308 | TabIndex = 11
309 | Top = 2490
310 | Width = 2610
311 | End
312 | Begin VB.Label lblSTA
313 | AutoSize = -1 'True
314 | Caption = "STATION MAC (6 bytes) (Bytes 42 to 47):"
315 | Height = 195
316 | Left = 240
317 | TabIndex = 9
318 | Top = 1770
319 | Width = 2940
320 | End
321 | Begin VB.Label lblBSSID
322 | AutoSize = -1 'True
323 | Caption = "BSSID (6 bytes) (Bytes 36 to 41):"
324 | Height = 195
325 | Left = 240
326 | TabIndex = 7
327 | Top = 1050
328 | Width = 2325
329 | End
330 | Begin VB.Label lblESSID
331 | AutoSize = -1 'True
332 | Caption = "ESSID (36 bytes) (Bytes 0 to 35):"
333 | Height = 195
334 | Left = 240
335 | TabIndex = 5
336 | Top = 330
337 | Width = 2325
338 | End
339 | End
340 | Begin VB.Menu mnuPopUp
341 | Caption = "PopUp"
342 | Visible = 0 'False
343 | Begin VB.Menu mnuAlwaysOnTop
344 | Caption = "Always on top"
345 | End
346 | Begin VB.Menu mnuAddHCCAPContext
347 | Caption = "Add to context menu of .HCCAP files"
348 | End
349 | Begin VB.Menu mnuAddCAPContext
350 | Caption = "Add to context menu of .CAP files"
351 | End
352 | Begin VB.Menu mnuMakeHCCAPDefault
353 | Caption = "Set as default application for .HCCAP files"
354 | End
355 | Begin VB.Menu mnuMakeCAPDefault
356 | Caption = "Set as default application for .CAP files"
357 | End
358 | End
359 | End
360 | Attribute VB_Name = "Form1"
361 | Attribute VB_GlobalNameSpace = False
362 | Attribute VB_Creatable = False
363 | Attribute VB_PredeclaredId = True
364 | Attribute VB_Exposed = False
365 | Option Explicit
366 |
367 | Private Sub btnNext_Click()
368 | If (num_hccap_records > 1) Then
369 | current_index = current_index + 1
370 | lblCounter.caption = current_index + 1 & "/" & num_hccap_records
371 | If num_hccap_records - 1 > current_index Then
372 | btnNext.Enabled = True
373 | Else
374 | btnNext.Enabled = False
375 | End If
376 | If 0 < current_index Then
377 | btnPrev.Enabled = True
378 | Else
379 | btnPrev.Enabled = False
380 | End If
381 | txtESSID.Text = tmp_hccap_records(current_index).ESSID
382 | txtBSSID.Text = tmp_hccap_records(current_index).BSSID
383 | txtSTA.Text = tmp_hccap_records(current_index).STATION_MAC
384 | txtSNONCE.Text = tmp_hccap_records(current_index).SNONCE
385 | txtANONCE.Text = tmp_hccap_records(current_index).ANONCE
386 | txtEAPOL.Text = tmp_hccap_records(current_index).EAPOL
387 | txtEAPOLSIZE.Text = tmp_hccap_records(current_index).EAPOL_SIZE
388 | txtKEYVER.Text = tmp_hccap_records(current_index).KEY_VERSION
389 | txtKEYMIC.Text = tmp_hccap_records(current_index).KEY_MIC
390 | End If
391 | End Sub
392 |
393 | Private Sub btnPrev_Click()
394 | If (num_hccap_records > 1) Then
395 | current_index = current_index - 1
396 | lblCounter.caption = current_index + 1 & "/" & num_hccap_records
397 | If num_hccap_records - 1 > current_index Then
398 | btnNext.Enabled = True
399 | Else
400 | btnNext.Enabled = False
401 | End If
402 | If 0 < current_index Then
403 | btnPrev.Enabled = True
404 | Else
405 | btnPrev.Enabled = False
406 | End If
407 | txtESSID.Text = tmp_hccap_records(current_index).ESSID
408 | txtBSSID.Text = tmp_hccap_records(current_index).BSSID
409 | txtSTA.Text = tmp_hccap_records(current_index).STATION_MAC
410 | txtSNONCE.Text = tmp_hccap_records(current_index).SNONCE
411 | txtANONCE.Text = tmp_hccap_records(current_index).ANONCE
412 | txtEAPOL.Text = tmp_hccap_records(current_index).EAPOL
413 | txtEAPOLSIZE.Text = tmp_hccap_records(current_index).EAPOL_SIZE
414 | txtKEYVER.Text = tmp_hccap_records(current_index).KEY_VERSION
415 | txtKEYMIC.Text = tmp_hccap_records(current_index).KEY_MIC
416 | End If
417 | End Sub
418 |
419 | Private Sub btnWriteCAP_Click()
420 | If txtBSSID.Text = "" Then
421 | MsgBox "BSSID cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
422 | txtBSSID.SetFocus
423 | Exit Sub
424 | ElseIf txtSTA.Text = "" Then
425 | MsgBox "STATION MAC cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
426 | txtSTA.SetFocus
427 | Exit Sub
428 | ElseIf txtSNONCE.Text = "" Then
429 | MsgBox "SNONCE cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
430 | txtSNONCE.SetFocus
431 | Exit Sub
432 | ElseIf txtANONCE.Text = "" Then
433 | MsgBox "ANONCE cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
434 | txtANONCE.SetFocus
435 | Exit Sub
436 | ElseIf txtEAPOL.Text = "" Then
437 | MsgBox "EAPOL cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
438 | txtEAPOL.SetFocus
439 | Exit Sub
440 | ElseIf txtEAPOLSIZE.Text = "" Then
441 | MsgBox "EAPOL Size cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
442 | txtEAPOLSIZE.SetFocus
443 | Exit Sub
444 | ElseIf txtKEYMIC.Text = "" Then
445 | MsgBox "Key MIC cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
446 | txtKEYMIC.SetFocus
447 | Exit Sub
448 | End If
449 | Dim file_to_save As String
450 | file_to_save = ShowSaveFileDialog(Me.hwnd, "Save CAP As")
451 | Call write_this_cap(file_to_save)
452 | End Sub
453 |
454 | Private Sub write_this_cap(file_to_save As String)
455 | If (file_to_save <> "") Then
456 | Dim msgbox_result As VbMsgBoxResult
457 | If is_file(file_to_save) = True Then
458 | msgbox_result = MsgBox("A file named """ & Left$(file_to_save, lstrlen(StrPtr(file_to_save))) & """ already exists. Replace?", vbExclamation + vbYesNo, "Warning")
459 | If (msgbox_result = vbNo) Then
460 | Call btnWriteCAP_Click
461 | Exit Sub
462 | End If
463 | End If
464 | If (num_hccap_records > 1) Then
465 | msgbox_result = MsgBox(current_file & " contains multiple handshakes." & vbCrLf & "Would you like to save all of them to a single CAP file?" & vbCrLf & vbCrLf & "YES: will save all handshakes to a single cap file" & vbCrLf & "NO: will save only the currently selected handshake" & vbCrLf & "CANCEL: will not save anything", vbQuestion + vbYesNoCancel, "Create multi cap?")
466 | If (msgbox_result = vbYes) Then
467 | Call WriteCAP(file_to_save, txtESSID.Text, txtBSSID.Text, txtSTA.Text, txtSNONCE.Text, txtANONCE.Text, txtEAPOL.Text, txtEAPOLSIZE.Text, txtKEYVER.Text, txtKEYMIC.Text, False)
468 | ElseIf (msgbox_result = vbNo) Then
469 | Call WriteCAP(file_to_save, txtESSID.Text, txtBSSID.Text, txtSTA.Text, txtSNONCE.Text, txtANONCE.Text, txtEAPOL.Text, txtEAPOLSIZE.Text, txtKEYVER.Text, txtKEYMIC.Text, True)
470 | End If
471 | Else
472 | Call WriteCAP(file_to_save, txtESSID.Text, txtBSSID.Text, txtSTA.Text, txtSNONCE.Text, txtANONCE.Text, txtEAPOL.Text, txtEAPOLSIZE.Text, txtKEYVER.Text, txtKEYMIC.Text, True)
473 | End If
474 | End If
475 | End Sub
476 |
477 | Private Sub read_this_cap(file_to_open As String)
478 | If (file_to_open <> "") Then
479 | btnReadCAP.Enabled = False
480 | btnReadHCCAP.Enabled = False
481 | btnWriteCAP.Enabled = False
482 | btnWriteHCCAP.Enabled = False
483 | current_file = get_file_from_path(file_to_open)
484 | tmp_hccap_records = ReadCAP(file_to_open)
485 | If (num_hccap_records > 0) Then
486 | lblCounter.Visible = True
487 | txtESSID.Text = tmp_hccap_records(0).ESSID
488 | txtBSSID.Text = tmp_hccap_records(0).BSSID
489 | txtSTA.Text = tmp_hccap_records(0).STATION_MAC
490 | txtSNONCE.Text = tmp_hccap_records(0).SNONCE
491 | txtANONCE.Text = tmp_hccap_records(0).ANONCE
492 | txtEAPOL.Text = tmp_hccap_records(0).EAPOL
493 | txtEAPOLSIZE.Text = tmp_hccap_records(0).EAPOL_SIZE
494 | txtKEYVER.Text = tmp_hccap_records(0).KEY_VERSION
495 | txtKEYMIC.Text = tmp_hccap_records(0).KEY_MIC
496 | End If
497 | current_index = 0
498 | lblCounter.caption = current_index + 1 & "/" & num_hccap_records
499 | If ((current_index = 0) And (num_hccap_records = 1)) Or (num_hccap_records = 0) Then
500 | lblCounter.Visible = False
501 | End If
502 | If num_hccap_records > 1 Then
503 | btnNext.Enabled = True
504 | btnPrev.Enabled = False
505 | Else
506 | btnNext.Enabled = False
507 | btnPrev.Enabled = False
508 | End If
509 | btnReadCAP.Enabled = True
510 | btnReadHCCAP.Enabled = True
511 | btnWriteCAP.Enabled = True
512 | btnWriteHCCAP.Enabled = True
513 | btnWriteHCCAP.SetFocus
514 | End If
515 | End Sub
516 |
517 | Private Sub btnReadCAP_Click()
518 | Dim file_to_open As String
519 | file_to_open = ShowOpenFileDialog(Me.hwnd, "Choose CAP File")
520 | Call read_this_cap(file_to_open)
521 | End Sub
522 |
523 | Private Sub read_this_hccap(file_to_open As String)
524 | If (file_to_open <> "") Then
525 | current_file = get_file_from_path(file_to_open)
526 | tmp_hccap_records = ReadHCCAP(file_to_open)
527 | If (num_hccap_records > 0) Then
528 | lblCounter.Visible = True
529 | txtESSID.Text = tmp_hccap_records(0).ESSID
530 | txtBSSID.Text = tmp_hccap_records(0).BSSID
531 | txtSTA.Text = tmp_hccap_records(0).STATION_MAC
532 | txtSNONCE.Text = tmp_hccap_records(0).SNONCE
533 | txtANONCE.Text = tmp_hccap_records(0).ANONCE
534 | txtEAPOL.Text = tmp_hccap_records(0).EAPOL
535 | txtEAPOLSIZE.Text = tmp_hccap_records(0).EAPOL_SIZE
536 | txtKEYVER.Text = tmp_hccap_records(0).KEY_VERSION
537 | txtKEYMIC.Text = tmp_hccap_records(0).KEY_MIC
538 | End If
539 | current_index = 0
540 | lblCounter.caption = current_index + 1 & "/" & num_hccap_records
541 | If ((current_index = 0) And (num_hccap_records = 1)) Or (num_hccap_records = 0) Then
542 | lblCounter.Visible = False
543 | End If
544 | If num_hccap_records > 1 Then
545 | btnNext.Enabled = True
546 | btnPrev.Enabled = False
547 | Else
548 | btnNext.Enabled = False
549 | btnPrev.Enabled = False
550 | End If
551 | btnWriteCAP.SetFocus
552 | End If
553 | End Sub
554 |
555 | Private Sub btnReadHCCAP_Click()
556 | Dim file_to_open As String
557 | file_to_open = ShowOpenFileDialog(Me.hwnd, "Choose HCCAP File")
558 | Call read_this_hccap(file_to_open)
559 | End Sub
560 |
561 | Private Sub btnWriteHCCAP_Click()
562 | If txtBSSID.Text = "" Then
563 | MsgBox "BSSID cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
564 | txtBSSID.SetFocus
565 | Exit Sub
566 | ElseIf txtSTA.Text = "" Then
567 | MsgBox "STATION MAC cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
568 | txtSTA.SetFocus
569 | Exit Sub
570 | ElseIf txtSNONCE.Text = "" Then
571 | MsgBox "SNONCE cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
572 | txtSNONCE.SetFocus
573 | Exit Sub
574 | ElseIf txtANONCE.Text = "" Then
575 | MsgBox "ANONCE cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
576 | txtANONCE.SetFocus
577 | Exit Sub
578 | ElseIf txtEAPOL.Text = "" Then
579 | MsgBox "EAPOL cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
580 | txtEAPOL.SetFocus
581 | Exit Sub
582 | ElseIf txtEAPOLSIZE.Text = "" Then
583 | MsgBox "EAPOL Size cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
584 | txtEAPOLSIZE.SetFocus
585 | Exit Sub
586 | ElseIf txtKEYMIC.Text = "" Then
587 | MsgBox "Key MIC cannot be blank.", vbCritical + vbOKOnly, "Invalid Input"
588 | txtKEYMIC.SetFocus
589 | Exit Sub
590 | End If
591 | Dim file_to_save As String
592 | file_to_save = ShowSaveFileDialog(Me.hwnd, "Save HCCAP As")
593 | Call write_this_hccap(file_to_save)
594 | End Sub
595 |
596 | Private Sub write_this_hccap(file_to_save As String)
597 | If (file_to_save <> "") Then
598 | Dim msgbox_result As VbMsgBoxResult
599 | If is_file(file_to_save) = True Then
600 | msgbox_result = MsgBox("A file named """ & Left$(file_to_save, lstrlen(StrPtr(file_to_save))) & """ already exists. Replace?", vbExclamation + vbYesNo, "Warning")
601 | If (msgbox_result = vbNo) Then
602 | Call btnWriteHCCAP_Click
603 | Exit Sub
604 | End If
605 | End If
606 | If (num_hccap_records > 1) Then
607 | msgbox_result = MsgBox(current_file & " contains multiple handshakes." & vbCrLf & "Would you like to save all of them to a single HCCAP file?" & vbCrLf & vbCrLf & "YES: will save all handshakes to a single multi hccap file" & vbCrLf & "NO: will save only the currently selected handshake" & vbCrLf & "CANCEL: will not save anything", vbQuestion + vbYesNoCancel, "Create multi hccap?")
608 | If (msgbox_result = vbYes) Then
609 | Call WriteHCCAP(file_to_save, txtESSID.Text, txtBSSID.Text, txtSTA.Text, txtSNONCE.Text, txtANONCE.Text, txtEAPOL.Text, txtEAPOLSIZE.Text, txtKEYVER.Text, txtKEYMIC.Text, False)
610 | ElseIf (msgbox_result = vbNo) Then
611 | Call WriteHCCAP(file_to_save, txtESSID.Text, txtBSSID.Text, txtSTA.Text, txtSNONCE.Text, txtANONCE.Text, txtEAPOL.Text, txtEAPOLSIZE.Text, txtKEYVER.Text, txtKEYMIC.Text, True)
612 | End If
613 | Else
614 | Call WriteHCCAP(file_to_save, txtESSID.Text, txtBSSID.Text, txtSTA.Text, txtSNONCE.Text, txtANONCE.Text, txtEAPOL.Text, txtEAPOLSIZE.Text, txtKEYVER.Text, txtKEYMIC.Text, True)
615 | End If
616 | End If
617 | End Sub
618 |
619 | Private Sub Form_Load()
620 | On Error Resume Next
621 | 'txtESSID.Text = "hashcat.net"
622 | 'txtBSSID.Text = "B0:48:7A:D6:76:E2"
623 | 'txtSTA.Text = "00:25:CF:2D:B4:89"
624 | 'txtSNONCE.Text = "70 00 3E 0A D1 1B C0 A9 E4 86 79 45 9E BC BF FD" & vbNewLine & "7E E7 56 97 62 8C 37 13 65 D7 A0 5E 1B 35 D7 D8"
625 | 'txtANONCE.Text = "2F 0F 76 4C 66 32 D5 57 9C 57 C3 A9 FE 06 7A 84" & vbNewLine & "5E 22 D6 43 59 41 C1 84 38 45 DB 34 A2 F8 0D DE"
626 | 'txtEAPOL.Text = "01 03 00 75 02 01 0A 00 00 00 00 00 00 00 00 00" & vbNewLine & "01 70 00 3E 0A D1 1B C0 A9 E4 86 79 45 9E BC BF" & vbNewLine & "FD 7E E7 56 97 62 8C 37 13 65 D7 A0 5E 1B 35 D7" & vbNewLine & "D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" & vbNewLine & "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" & vbNewLine & "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" & vbNewLine & "00 00 16 30 14 01 00 00 0F AC 04 01 00 00 0F AC" & vbNewLine & "04 01 00 00 0F AC 02 00 00"
627 | 'txtEAPOLSIZE.Text = "121"
628 | 'txtKEYVER.Text = "2"
629 | 'txtKEYMIC.Text = "D9 F3 B5 B6 F7 44 C6 62 51 84 58 AC 6C C7 9F 11"
630 |
631 | RemoveMenu GetSystemMenu(Me.hwnd, 0), 2, &H400& 'prevent resizing
632 |
633 | If GetSetting("CapConverter", "Preferences", "AlwaysOnTop", "") = "1" Then
634 | mnuAlwaysOnTop.Checked = True
635 | SetWindowPos Me.hwnd, -1&, 0&, 0&, 0&, 0&, 2& Or 1&
636 | End If
637 |
638 | mnuAddHCCAPContext.Checked = IIf(RegKeyExists(HKEY_CLASSES_ROOT, ".hccap\shell\Open With Cap Converter"), True, False)
639 | mnuAddCAPContext.Checked = IIf(RegKeyExists(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\Open With Cap Converter") Or RegKeyExists(HKEY_CLASSES_ROOT, ".cap\shell\Open With Cap Converter"), True, False)
640 | mnuMakeHCCAPDefault.Checked = IIf(RegKeyExists(HKEY_CLASSES_ROOT, ".hccap\shell\open"), True, False)
641 | mnuMakeCAPDefault.Checked = IIf(RegKeyExists(HKEY_CLASSES_ROOT, ".pcap\shell\open") Or RegValueExists(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open\command", "bak"), True, False)
642 |
643 | 'open file passed on command line
644 | If (Command$ <> "") Then
645 | Dim cmdline_file As String
646 | cmdline_file = Command$
647 | If Mid$(cmdline_file, 1, 1) = """" Then
648 | cmdline_file = Mid$(cmdline_file, 2) 'remove starting quote
649 | End If
650 | If Mid$(cmdline_file, Len(cmdline_file), 1) = """" Then
651 | cmdline_file = Mid$(cmdline_file, 1, Len(cmdline_file) - 1) 'remove ending quote
652 | End If
653 | If (is_file(cmdline_file)) Then 'file exists
654 | If Right$(cmdline_file, 6) = ".hccap" Then
655 | Call read_this_hccap(cmdline_file)
656 | ElseIf Right$(cmdline_file, 4) = ".cap" Or Right$(cmdline_file, 5) = ".pcap" Or Right$(cmdline_file, 4) = ".dmp" Then
657 | Call read_this_cap(cmdline_file)
658 | End If
659 | End If
660 | End If
661 |
662 | End Sub
663 |
664 | Private Sub Form_MouseDown(Button As Integer, Shift As Integer, X As Single, Y As Single)
665 | If Button = vbRightButton Then
666 | PopupMenu mnuPopUp, vbPopupMenuRightButton
667 | End If
668 | End Sub
669 |
670 | Private Sub Frame1_OLEDragDrop(Data As DataObject, Effect As Long, Button As Integer, Shift As Integer, X As Single, Y As Single)
671 | Call Form_OLEDragDrop(Data, Effect, Button, Shift, X, Y)
672 | End Sub
673 |
674 | Private Sub Form_OLEDragDrop(Data As DataObject, Effect As Long, Button As Integer, Shift As Integer, X As Single, Y As Single)
675 | If Data.GetFormat(vbCFFiles) Then
676 | Dim fso As Scripting.FileSystemObject
677 | Set fso = New Scripting.FileSystemObject
678 | Dim sFilename As String
679 | Do While Data.Files.Count > 0
680 | If Right$(Data.Files.Item(Data.Files.Count), 6) = ".hccap" Then
681 | Call read_this_hccap(Data.Files.Item(Data.Files.Count))
682 | Call write_this_cap(fso.GetParentFolderName(Data.Files.Item(Data.Files.Count)) & "\" & fso.GetBaseName(Data.Files.Item(Data.Files.Count)) & ".cap")
683 | ElseIf Right$(Data.Files.Item(Data.Files.Count), 4) = ".cap" Or Right$(Data.Files.Item(Data.Files.Count), 5) = ".pcap" Or Right$(Data.Files.Item(Data.Files.Count), 4) = ".dmp" Then
684 | Call read_this_cap(Data.Files.Item(Data.Files.Count))
685 | Call write_this_hccap(fso.GetParentFolderName(Data.Files.Item(Data.Files.Count)) & "\" & fso.GetBaseName(Data.Files.Item(Data.Files.Count)) & ".hccap")
686 | ElseIf is_folder(Data.Files.Item(Data.Files.Count)) = True Then 'folder
687 | sFilename = Dir(Data.Files.Item(Data.Files.Count) & "\")
688 | Do While sFilename > ""
689 | If Right$(sFilename, 6) = ".hccap" Then
690 | Call read_this_hccap(Data.Files.Item(Data.Files.Count) & "\" & sFilename)
691 | If is_file(Data.Files.Item(Data.Files.Count) & "\" & fso.GetBaseName(sFilename) & ".cap") = False Then
692 | Call write_this_cap(Data.Files.Item(Data.Files.Count) & "\" & fso.GetBaseName(sFilename) & ".cap")
693 | End If
694 | ElseIf Right$(sFilename, 4) = ".cap" Or Right$(sFilename, 5) = ".pcap" Or Right$(sFilename, 4) = ".dmp" Then
695 | Call read_this_cap(Data.Files.Item(Data.Files.Count) & "\" & sFilename)
696 | Call write_this_hccap(Data.Files.Item(Data.Files.Count) & "\" & fso.GetBaseName(sFilename) & ".hccap")
697 | End If
698 | sFilename = Dir()
699 | Loop
700 | End If
701 | Call Data.Files.Remove(Data.Files.Count)
702 | Loop
703 | Set fso = Nothing
704 | End If
705 | End Sub
706 |
707 | Private Sub Frame1_MouseDown(Button As Integer, Shift As Integer, X As Single, Y As Single)
708 | If Button = vbRightButton Then
709 | PopupMenu mnuPopUp, vbPopupMenuRightButton
710 | End If
711 | End Sub
712 |
713 | 'Add to context menu of .HCCAP files
714 | Private Sub mnuAddHCCAPContext_Click()
715 | mnuAddHCCAPContext.Checked = Not mnuAddHCCAPContext.Checked
716 | 'remove context menu
717 | If (mnuAddHCCAPContext.Checked = False) And (RegKeyExists(HKEY_CLASSES_ROOT, ".hccap\shell\Open With Cap Converter") = True) Then
718 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".hccap\shell\Open With Cap Converter\command")
719 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".hccap\shell\Open With Cap Converter")
720 | 'add context menu
721 | ElseIf (mnuAddHCCAPContext.Checked = True) Then
722 | Dim path As String
723 | path = App.path
724 | If Right$(path, 1) <> "\" Then path = path & "\"
725 | path = path & App.EXEName & ".exe"
726 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".hccap\shell\Open With Cap Converter", "", ValString, "&Open With Cap Converter")
727 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".hccap\shell\Open With Cap Converter\command", "", ValString, """" & path & """" & " %1")
728 | End If
729 | End Sub
730 |
731 | 'Add to context menu of .CAP files
732 | Private Sub mnuAddCAPContext_Click()
733 | mnuAddCAPContext.Checked = Not mnuAddCAPContext.Checked
734 | Dim path As String
735 | path = App.path
736 | If Right$(path, 1) <> "\" Then path = path & "\"
737 | path = path & App.EXEName & ".exe"
738 | 'wireshark is installed
739 | If RegKeyExists(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell") = True Then
740 | 'remove context menu
741 | If (mnuAddCAPContext.Checked = False) And (RegKeyExists(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\Open With Cap Converter") = True) Then
742 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".cap\shell\Open With Cap Converter\command")
743 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".cap\shell\Open With Cap Converter")
744 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".pcap\shell\Open With Cap Converter\command")
745 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".pcap\shell\Open With Cap Converter")
746 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\Open With Cap Converter\command")
747 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\Open With Cap Converter")
748 | 'add context menu
749 | ElseIf (mnuAddCAPContext.Checked = True) Then
750 | Call WriteRegistry(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\Open With Cap Converter", "", ValString, "&Open With Cap Converter")
751 | Call WriteRegistry(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\Open With Cap Converter\command", "", ValString, """" & path & """" & " %1")
752 | End If
753 | 'wireshark is not installed
754 | Else
755 | 'remove context menu
756 | If (mnuAddCAPContext.Checked = False) And (RegKeyExists(HKEY_CLASSES_ROOT, ".cap\shell\Open With Cap Converter") = True) Then
757 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".cap\shell\Open With Cap Converter\command")
758 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".cap\shell\Open With Cap Converter")
759 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".pcap\shell\Open With Cap Converter\command")
760 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".pcap\shell\Open With Cap Converter")
761 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\Open With Cap Converter\command")
762 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\Open With Cap Converter")
763 | 'add context menu
764 | ElseIf (mnuAddCAPContext.Checked = True) Then
765 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".cap\shell\Open With Cap Converter", "", ValString, "&Open With Cap Converter")
766 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".cap\shell\Open With Cap Converter\command", "", ValString, """" & path & """" & " %1")
767 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".pcap\shell\Open With Cap Converter", "", ValString, "&Open With Cap Converter")
768 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".pcap\shell\Open With Cap Converter\command", "", ValString, """" & path & """" & " %1")
769 | End If
770 | End If
771 | End Sub
772 |
773 | Private Sub mnuAlwaysOnTop_Click()
774 | If (mnuAlwaysOnTop.Checked = False) Then 'make the window topmost
775 | mnuAlwaysOnTop.Checked = True
776 | SetWindowPos Me.hwnd, -1&, 0&, 0&, 0&, 0&, 2& Or 1&
777 | SaveSetting "CapConverter", "Preferences", "AlwaysOnTop", "1"
778 | ElseIf (mnuAlwaysOnTop.Checked = True) Then
779 | mnuAlwaysOnTop.Checked = False
780 | SetWindowPos Me.hwnd, -2&, 0&, 0&, 0&, 0&, 2& Or 1&
781 | DeleteSetting "CapConverter"
782 | 'DeleteSetting "CapConverter", "Preferences", "AlwaysOnTop"
783 | End If
784 | End Sub
785 |
786 | 'Set as default application for .HCCAP files
787 | Private Sub mnuMakeHCCAPDefault_Click()
788 | mnuMakeHCCAPDefault.Checked = Not mnuMakeHCCAPDefault.Checked
789 | 'remove association
790 | If (mnuMakeHCCAPDefault.Checked = False) And (RegKeyExists(HKEY_CLASSES_ROOT, ".hccap\shell\open") = True) Then
791 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".hccap\shell\open\command")
792 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".hccap\shell\open")
793 | 'add association
794 | ElseIf (mnuMakeHCCAPDefault.Checked = True) Then
795 | Dim path As String
796 | path = App.path
797 | If Right$(path, 1) <> "\" Then path = path & "\"
798 | path = path & App.EXEName & ".exe"
799 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".hccap\shell\open", "", ValString, "")
800 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".hccap\shell\open\command", "", ValString, """" & path & """" & " %1")
801 | End If
802 | End Sub
803 |
804 | 'Set as default application for .CAP files
805 | Private Sub mnuMakeCAPDefault_Click()
806 | mnuMakeCAPDefault.Checked = Not mnuMakeCAPDefault.Checked
807 | Dim prev_value As String
808 | Dim path As String
809 | path = App.path
810 | If Right$(path, 1) <> "\" Then path = path & "\"
811 | path = path & App.EXEName & ".exe"
812 |
813 | 'wireshark is installed
814 | If RegKeyExists(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell") = True Then
815 | 'remove association
816 | If (mnuMakeCAPDefault.Checked = False) And (RegKeyExists(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open") = True) Then
817 | prev_value = ReadRegistry(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open\command", "bak")
818 | If (Len(prev_value) > 3) Then
819 | Call WriteRegistry(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open\command", "", ValString, prev_value)
820 | Call DeleteValue(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open\command", "bak")
821 | End If
822 | 'add association
823 | ElseIf (mnuMakeCAPDefault.Checked = True) Then
824 | 'back up previous value
825 | prev_value = ReadRegistry(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open\command", vbNullString)
826 | If (Len(prev_value) > 3) Then
827 | Call WriteRegistry(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open\command", "bak", ValString, prev_value)
828 | End If
829 | Call WriteRegistry(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open", "", ValString, "")
830 | Call WriteRegistry(HKEY_CLASSES_ROOT, "wireshark-capture-file\Shell\open\command", "", ValString, """" & path & """" & " %1")
831 | End If
832 | 'wireshark is not installed
833 | Else
834 | 'remove context menu
835 | If (mnuMakeCAPDefault.Checked = False) And (RegKeyExists(HKEY_CLASSES_ROOT, ".cap\shell\open") = True) Then
836 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".cap\shell\open\command")
837 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".cap\shell\open")
838 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".pcap\shell\open\command")
839 | Call RegDeleteSubKey(HKEY_CLASSES_ROOT, ".pcap\shell\open")
840 | 'add context menu
841 | ElseIf (mnuMakeCAPDefault.Checked = True) Then
842 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".cap\shell\open", "", ValString, "")
843 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".cap\shell\open\command", "", ValString, """" & path & """" & " %1")
844 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".pcap\shell\open", "", ValString, "")
845 | Call WriteRegistry(HKEY_CLASSES_ROOT, ".pcap\shell\open\command", "", ValString, """" & path & """" & " %1")
846 | End If
847 | End If
848 |
849 | End Sub
850 |
851 | Private Sub txtEAPOL_LostFocus()
852 | Dim eapol_len As Long
853 | eapol_len = Len(hex_digits_only(txtEAPOL.Text))
854 | If eapol_len Mod 2 <> 0 Then
855 | eapol_len = eapol_len + 1
856 | End If
857 | txtEAPOLSIZE.Text = eapol_len / 2
858 | txtEAPOL.Text = UCase$(txtEAPOL.Text)
859 | End Sub
860 |
861 | Private Sub txtEAPOLSIZE_LostFocus()
862 | If Val(txtEAPOLSIZE.Text) > 256 Then
863 | txtEAPOLSIZE.Text = "256"
864 | End If
865 | End Sub
866 |
867 | Private Sub txtESSID_KeyDown(KeyCode As Integer, Shift As Integer)
868 | If Shift = 2 And KeyCode = 65 Then
869 | txtESSID.SelStart = 0
870 | txtESSID.SelLength = Len(txtESSID.Text)
871 | End If
872 | End Sub
873 |
874 | Private Sub txtBSSID_KeyDown(KeyCode As Integer, Shift As Integer)
875 | If Shift = 2 And KeyCode = 65 Then
876 | txtBSSID.SelStart = 0
877 | txtBSSID.SelLength = Len(txtBSSID.Text)
878 | End If
879 | End Sub
880 |
881 | Private Sub txtBSSID_LostFocus()
882 | txtBSSID.Text = UCase$(txtBSSID.Text)
883 | End Sub
884 |
885 | Private Sub txtSTA_KeyDown(KeyCode As Integer, Shift As Integer)
886 | If Shift = 2 And KeyCode = 65 Then
887 | txtSTA.SelStart = 0
888 | txtSTA.SelLength = Len(txtSTA.Text)
889 | End If
890 | End Sub
891 |
892 | Private Sub txtSTA_LostFocus()
893 | txtSTA.Text = UCase$(txtSTA.Text)
894 | End Sub
895 |
896 | Private Sub txtSNONCE_KeyDown(KeyCode As Integer, Shift As Integer)
897 | If Shift = 2 And KeyCode = 65 Then
898 | txtSNONCE.SelStart = 0
899 | txtSNONCE.SelLength = Len(txtSNONCE.Text)
900 | End If
901 | End Sub
902 |
903 | Private Sub txtSNONCE_LostFocus()
904 | txtSNONCE.Text = UCase$(txtSNONCE.Text)
905 | End Sub
906 |
907 | Private Sub txtANONCE_KeyDown(KeyCode As Integer, Shift As Integer)
908 | If Shift = 2 And KeyCode = 65 Then
909 | txtANONCE.SelStart = 0
910 | txtANONCE.SelLength = Len(txtANONCE.Text)
911 | End If
912 | End Sub
913 |
914 | Private Sub txtANONCE_LostFocus()
915 | txtANONCE.Text = UCase$(txtANONCE.Text)
916 | End Sub
917 |
918 | Private Sub txtEAPOL_KeyDown(KeyCode As Integer, Shift As Integer)
919 | If Shift = 2 And KeyCode = 65 Then
920 | txtEAPOL.SelStart = 0
921 | txtEAPOL.SelLength = Len(txtEAPOL.Text)
922 | End If
923 | End Sub
924 |
925 | Private Sub txtEAPOLSIZE_KeyDown(KeyCode As Integer, Shift As Integer)
926 | If Shift = 2 And KeyCode = 65 Then
927 | txtEAPOLSIZE.SelStart = 0
928 | txtEAPOLSIZE.SelLength = Len(txtEAPOLSIZE.Text)
929 | End If
930 | End Sub
931 |
932 | Private Sub txtEAPOLSIZE_KeyPress(KeyAscii As Integer)
933 | If ((KeyAscii < 48) Or (KeyAscii > 57)) And (KeyAscii <> 8) Then
934 | KeyAscii = 0
935 | End If
936 | End Sub
937 |
938 | Private Sub txtKEYVER_KeyPress(KeyAscii As Integer)
939 | If ((KeyAscii < 48) Or (KeyAscii > 57)) And (KeyAscii <> 8) Then
940 | KeyAscii = 0
941 | End If
942 | End Sub
943 |
944 | Private Sub txtKEYVER_KeyDown(KeyCode As Integer, Shift As Integer)
945 | If Shift = 2 And KeyCode = 65 Then
946 | txtKEYVER.SelStart = 0
947 | txtKEYVER.SelLength = Len(txtKEYVER.Text)
948 | End If
949 | End Sub
950 |
951 | Private Sub txtKEYMIC_KeyDown(KeyCode As Integer, Shift As Integer)
952 | If Shift = 2 And KeyCode = 65 Then
953 | txtKEYMIC.SelStart = 0
954 | txtKEYMIC.SelLength = Len(txtKEYMIC.Text)
955 | End If
956 | End Sub
957 |
958 | Private Sub txtKEYMIC_LostFocus()
959 | txtKEYMIC.Text = UCase$(txtKEYMIC.Text)
960 | End Sub
961 |
--------------------------------------------------------------------------------
/Form1.frx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wpatoolkit/Cap-Converter/61dfcf4d980c61e6ed869aac7840b86e142d29bf/Form1.frx
--------------------------------------------------------------------------------
/Form2.frm:
--------------------------------------------------------------------------------
1 | VERSION 5.00
2 | Begin VB.Form Form2
3 | Caption = "Cap Converter"
4 | ClientHeight = 8115
5 | ClientLeft = 60
6 | ClientTop = 450
7 | ClientWidth = 6900
8 | Icon = "Form2.frx":0000
9 | LinkTopic = "Form2"
10 | MaxButton = 0 'False
11 | ScaleHeight = 8115
12 | ScaleWidth = 6900
13 | StartUpPosition = 2 'CenterScreen
14 | Begin VB.CommandButton btnExit
15 | Caption = "E&xit"
16 | Height = 735
17 | Left = 3720
18 | TabIndex = 10
19 | Top = 6990
20 | Width = 2295
21 | End
22 | Begin VB.CommandButton btnConvert
23 | Caption = "&Convert"
24 | Default = -1 'True
25 | Height = 735
26 | Left = 960
27 | TabIndex = 9
28 | Top = 6990
29 | Width = 2295
30 | End
31 | Begin VB.CommandButton btnOutputFile
32 | Caption = "..."
33 | Height = 375
34 | Left = 6120
35 | TabIndex = 8
36 | Top = 1410
37 | Width = 495
38 | End
39 | Begin VB.TextBox txtOutputFile
40 | Height = 375
41 | Left = 360
42 | TabIndex = 7
43 | Top = 1440
44 | Width = 5655
45 | End
46 | Begin VB.CommandButton btnInputFile
47 | Caption = "..."
48 | Height = 375
49 | Left = 6120
50 | TabIndex = 5
51 | Top = 690
52 | Width = 495
53 | End
54 | Begin VB.TextBox txtInputFile
55 | Height = 375
56 | Left = 360
57 | TabIndex = 4
58 | Top = 720
59 | Width = 5655
60 | End
61 | Begin VB.Label lblOutputFile
62 | Caption = "Output File:"
63 | Height = 195
64 | Left = 360
65 | TabIndex = 6
66 | Top = 1200
67 | Width = 2730
68 | End
69 | Begin VB.Label lblDirectoryMode
70 | Alignment = 1 'Right Justify
71 | AutoSize = -1 'True
72 | Caption = "Directory Mode"
73 | BeginProperty Font
74 | Name = "Arial"
75 | Size = 9.75
76 | Charset = 0
77 | Weight = 700
78 | Underline = -1 'True
79 | Italic = 0 'False
80 | Strikethrough = 0 'False
81 | EndProperty
82 | ForeColor = &H00FF0000&
83 | Height = 255
84 | Left = 3405
85 | TabIndex = 2
86 | Top = 210
87 | Width = 1455
88 | End
89 | Begin VB.Label lblSpace
90 | Alignment = 1 'Right Justify
91 | AutoSize = -1 'True
92 | Caption = " | "
93 | BeginProperty Font
94 | Name = "Arial"
95 | Size = 9.75
96 | Charset = 0
97 | Weight = 700
98 | Underline = 0 'False
99 | Italic = 0 'False
100 | Strikethrough = 0 'False
101 | EndProperty
102 | Height = 255
103 | Left = 2985
104 | TabIndex = 1
105 | Top = 240
106 | Width = 255
107 | End
108 | Begin VB.Label lblFileMode
109 | Alignment = 1 'Right Justify
110 | AutoSize = -1 'True
111 | Caption = "File Mode"
112 | BeginProperty Font
113 | Name = "Arial"
114 | Size = 9.75
115 | Charset = 0
116 | Weight = 700
117 | Underline = 0 'False
118 | Italic = 0 'False
119 | Strikethrough = 0 'False
120 | EndProperty
121 | Height = 255
122 | Left = 1935
123 | TabIndex = 0
124 | Top = 210
125 | Width = 975
126 | End
127 | Begin VB.Label lblInputFile
128 | Caption = "Input File:"
129 | Height = 195
130 | Left = 360
131 | TabIndex = 3
132 | Top = 480
133 | Width = 2370
134 | End
135 | End
136 | Attribute VB_Name = "Form2"
137 | Attribute VB_GlobalNameSpace = False
138 | Attribute VB_Creatable = False
139 | Attribute VB_PredeclaredId = True
140 | Attribute VB_Exposed = False
141 | Option Explicit
142 |
143 | 'Output Options:
144 | '[ ] Extract first found handshake only
145 | '[ ] Combine all found handshakes into single hccap
146 | '[ ] Create separate hccaps for each found handshake
147 | '
148 | 'File Association Options:
149 | '[ ] Add to context menu of .HCCAP files
150 | '[ ] Add to context menu of .CAP files
151 | '[ ] Set as default application for .HCCAP files
152 | '[ ] Set as default application for .CAP files
153 |
154 | Private Sub btnInputFile_Click()
155 | If lblFileMode.ForeColor = &H80000012 Then 'Browse for File
156 | Dim file_to_open As String
157 | Dim OFN As OPENFILENAME
158 | OFN.lStructSize = Len(OFN)
159 | OFN.hwndOwner = Me.hwnd
160 | OFN.hInstance = App.hInstance
161 | OFN.lpstrTitle = "Choose Input File"
162 | OFN.lpstrFilter = "CAP Files (*.cap;*.pcap;*.dmp)" & Chr$(0) & "*.cap;*.pcap;*.dmp" & Chr$(0) & "HCCAP Files (*.hccap)" & Chr$(0) & "*.hccap" & Chr$(0) & "All files (*.*)" & Chr$(0) & "*.*" & Chr$(0)
163 | OFN.lpstrDefExt = "cap"
164 | OFN.nFilterIndex = 1
165 | OFN.lpstrFile = String(257, 0)
166 | OFN.nMaxFile = Len(OFN.lpstrFile) - 1
167 | OFN.lpstrFileTitle = OFN.lpstrFile
168 | OFN.nMaxFileTitle = OFN.nMaxFile
169 | OFN.lpstrInitialDir = IIf((last_path <> ""), last_path, App.path)
170 | OFN.flags = 0
171 | If GetOpenFileName(OFN) Then
172 | last_path = get_path_from_file(Trim$(OFN.lpstrFile))
173 | file_to_open = IIf(is_file(Trim$(OFN.lpstrFile)), Trim$(OFN.lpstrFile), "")
174 | End If
175 | If (file_to_open <> "") Then
176 | txtInputFile.Text = file_to_open
177 | Dim fso As Scripting.FileSystemObject
178 | Set fso = New Scripting.FileSystemObject
179 | last_path = fso.GetParentFolderName(txtInputFile.Text)
180 | txtOutputFile.Text = fso.GetParentFolderName(txtInputFile.Text) & "\" & fso.GetBaseName(txtInputFile.Text) & "." & IIf(fso.GetExtensionName(txtInputFile.Text) = "hccap", "cap", "hccap")
181 | Set fso = Nothing
182 | End If
183 | Else 'Browse for Directory
184 | Dim tBrowseInfo As BrowseInfo
185 | tBrowseInfo.hwndOwner = Me.hwnd
186 | tBrowseInfo.lpszTitle = lstrcat("Choose Input Directory", "")
187 | tBrowseInfo.ulFlags = 1 + 2 + &H4&
188 | Dim tmpLong As Long
189 | tmpLong = SHBrowseForFolder(tBrowseInfo)
190 | If (tmpLong) Then
191 | Dim sBuffer As String
192 | sBuffer = Space(260)
193 | SHGetPathFromIDList tmpLong, sBuffer
194 | sBuffer = Left(sBuffer, InStr(sBuffer, vbNullChar) - 1)
195 | txtInputFile.Text = sBuffer
196 | txtOutputFile.Text = txtInputFile.Text & IIf(Right$(txtInputFile.Text, 1) <> "\", "\", "") & "HCCAPS"
197 | End If
198 | End If
199 | End Sub
200 |
201 | Private Sub btnOutputFile_Click()
202 | If lblFileMode.ForeColor = &H80000012 Then 'Browse for File
203 | Dim file_to_save As String
204 | Dim OFN As OPENFILENAME
205 | OFN.lStructSize = Len(OFN)
206 | OFN.hwndOwner = Me.hwnd
207 | OFN.hInstance = App.hInstance
208 | OFN.lpstrTitle = "Save File As"
209 | OFN.lpstrFilter = "HCCAP Files (*.hccap)" & Chr$(0) & "*.hccap" & Chr$(0) & "CAP Files (*.cap;*.pcap;*.dmp)" & Chr$(0) & "*.cap;*.pcap;*.dmp" & Chr$(0) & "All files (*.*)" & Chr$(0) & "*.*" & Chr$(0)
210 | OFN.lpstrDefExt = "hccap"
211 | OFN.nFilterIndex = 1
212 | OFN.lpstrFile = String(257, 0)
213 | OFN.nMaxFile = Len(OFN.lpstrFile) - 1
214 | OFN.lpstrFileTitle = OFN.lpstrFile
215 | OFN.nMaxFileTitle = OFN.nMaxFile
216 | OFN.lpstrInitialDir = IIf((last_path <> ""), last_path, App.path)
217 | OFN.flags = 0
218 | If GetSaveFileName(OFN) Then
219 | last_path = get_path_from_file(Trim$(OFN.lpstrFile))
220 | file_to_save = Trim$(OFN.lpstrFile)
221 | End If
222 | If (file_to_save <> "") Then
223 | txtOutputFile.Text = file_to_save
224 | Dim fso As Scripting.FileSystemObject
225 | Set fso = New Scripting.FileSystemObject
226 | last_path = fso.GetParentFolderName(file_to_save)
227 | Set fso = Nothing
228 | End If
229 | Else
230 | Dim tBrowseInfo As BrowseInfo
231 | tBrowseInfo.hwndOwner = Me.hwnd
232 | tBrowseInfo.lpszTitle = lstrcat("Choose Output Directory", "")
233 | tBrowseInfo.ulFlags = 1 + 2 + &H4&
234 | Dim tmpLong As Long
235 | tmpLong = SHBrowseForFolder(tBrowseInfo)
236 | If (tmpLong) Then
237 | Dim sBuffer As String
238 | sBuffer = Space(260)
239 | SHGetPathFromIDList tmpLong, sBuffer
240 | sBuffer = Left(sBuffer, InStr(sBuffer, vbNullChar) - 1)
241 | txtOutputFile.Text = sBuffer
242 | End If
243 | End If
244 | End Sub
245 |
246 | Private Sub Form_Load()
247 | RemoveMenu GetSystemMenu(Me.hwnd, 0), 2, &H400& 'prevent resizing
248 |
249 | 'command line args
250 | If (Command$ <> "") Then
251 | Dim cmdline_file As String
252 | cmdline_file = Command$
253 | If Mid$(cmdline_file, 1, 1) = """" Then
254 | cmdline_file = Mid$(cmdline_file, 2) 'remove starting quote
255 | End If
256 | If Mid$(cmdline_file, Len(cmdline_file), 1) = """" Then
257 | cmdline_file = Mid$(cmdline_file, 1, Len(cmdline_file) - 1) 'remove ending quote
258 | End If
259 | If InStr(cmdline_file, "\") = 0 Then
260 | cmdline_file = App.path & IIf(Right$(App.path, 1) <> "\", "\", "") & cmdline_file 'prefix starting path
261 | End If
262 | If (is_file(cmdline_file)) Then 'file exists
263 | Dim tmp_hccap_record As hccap_record
264 | Dim fso As Scripting.FileSystemObject
265 | Set fso = New Scripting.FileSystemObject
266 | If Right$(cmdline_file, 6) = ".hccap" Then
267 | txtInputFile.Text = cmdline_file
268 | txtOutputFile.Text = fso.GetParentFolderName(txtInputFile.Text) & "\" & fso.GetBaseName(txtInputFile.Text) & ".cap"
269 | ElseIf Right$(cmdline_file, 4) = ".cap" Or Right$(cmdline_file, 5) = ".pcap" Or Right$(cmdline_file, 4) = ".dmp" Then
270 | txtInputFile.Text = cmdline_file
271 | txtOutputFile.Text = fso.GetParentFolderName(txtInputFile.Text) & "\" & fso.GetBaseName(txtInputFile.Text) & ".hccap"
272 | End If
273 | Set fso = Nothing
274 | End If
275 | End If
276 | End Sub
277 |
278 | Private Sub lblDirectoryMode_Click()
279 | If lblDirectoryMode.ForeColor = &HFF0000 Then 'blue
280 | lblDirectoryMode.ForeColor = &H80000012 'black
281 | lblDirectoryMode.FontUnderline = False
282 | lblFileMode.ForeColor = &HFF0000 'blue
283 | lblFileMode.FontUnderline = True
284 | lblInputFile.caption = "Input Directory:"
285 | lblOutputFile.caption = "Output Directory:"
286 | Dim fso As Scripting.FileSystemObject
287 | Set fso = New Scripting.FileSystemObject
288 | If (is_file(txtInputFile.Text) = True) Then
289 | txtInputFile.Text = fso.GetParentFolderName(txtInputFile.Text)
290 | End If
291 | If (is_folder(txtInputFile.Text) = True) Then
292 | txtOutputFile.Text = txtInputFile.Text & IIf(Right$(txtInputFile.Text, 1) <> "\", "\", "") & "HCCAPS"
293 | End If
294 | Set fso = Nothing
295 | End If
296 | End Sub
297 |
298 | Private Sub lblFileMode_Click()
299 | If lblFileMode.ForeColor = &HFF0000 Then 'blue
300 | lblFileMode.ForeColor = &H80000012 'black
301 | lblFileMode.FontUnderline = False
302 | lblDirectoryMode.ForeColor = &HFF0000 'blue
303 | lblDirectoryMode.FontUnderline = True
304 | lblInputFile.caption = "Input File:"
305 | lblOutputFile.caption = "Output File:"
306 | txtInputFile.Text = ""
307 | txtOutputFile.Text = ""
308 | End If
309 | End Sub
310 |
311 | Private Sub lblDirectoryMode_MouseMove(Button As Integer, Shift As Integer, X As Single, Y As Single)
312 | If lblDirectoryMode.ForeColor = &HFF0000 Then
313 | SetCursor LoadCursor(0, 32649&)
314 | End If
315 | End Sub
316 |
317 | Private Sub lblFileMode_MouseMove(Button As Integer, Shift As Integer, X As Single, Y As Single)
318 | If lblFileMode.ForeColor = &HFF0000 Then
319 | SetCursor LoadCursor(0, 32649&)
320 | End If
321 | End Sub
322 |
323 | Private Sub btnExit_Click()
324 | Unload Me
325 | End Sub
326 |
--------------------------------------------------------------------------------
/Form2.frx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wpatoolkit/Cap-Converter/61dfcf4d980c61e6ed869aac7840b86e142d29bf/Form2.frx
--------------------------------------------------------------------------------
/Module1.bas:
--------------------------------------------------------------------------------
1 | Attribute VB_Name = "Module1"
2 | Option Explicit
3 | Public Declare Function InitCommonControlsEx Lib "comctl32.dll" (iccex As tagInitCommonControlsEx) As Boolean
4 | Public Declare Function GetSystemMenu Lib "user32" (ByVal hwnd As Long, ByVal bRevert As Long) As Long
5 | Public Declare Function RemoveMenu Lib "user32" (ByVal hMenu As Long, ByVal nPosition As Long, ByVal wFlags As Long) As Long
6 | Public Declare Function SetCursor Lib "user32" (ByVal hCursor As Long) As Long
7 | Public Declare Function LoadCursor Lib "user32" Alias "LoadCursorA" (ByVal hInstance As Long, ByVal lpCursorName As Long) As Long
8 | Public Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal X As Long, ByVal Y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
9 |
10 | Public Type tagInitCommonControlsEx
11 | lngSize As Long
12 | lngICC As Long
13 | End Type
14 |
15 | Public Type hccap_record
16 | ESSID As String
17 | BSSID As String
18 | STATION_MAC As String
19 | SNONCE As String
20 | ANONCE As String
21 | EAPOL As String
22 | EAPOL_SIZE As String
23 | KEY_VERSION As String
24 | KEY_MIC As String
25 | End Type
26 |
27 | Public last_path As String
28 | Public num_hccap_records As Long
29 | Public tmp_hccap_records() As hccap_record
30 | Public current_index As Long
31 | Public current_file As String
32 |
33 | Public Sub Main()
34 | On Error Resume Next
35 | Dim iccex As tagInitCommonControlsEx
36 | iccex.lngSize = LenB(iccex)
37 | iccex.lngICC = &H200
38 | InitCommonControlsEx iccex
39 | Load Form1
40 | Form1.Show
41 | 'Load Form2
42 | 'Form2.Show
43 | End Sub
44 |
45 | Public Function hex_digits_only(input_str As String) As String
46 | Dim output_str As String
47 | Dim c As String
48 | If Len(input_str) > 0 Then
49 | Dim i As Integer
50 | For i = 1 To Len(input_str)
51 | c = UCase$(Mid$(input_str, i, 1))
52 | If c = "0" Or c = "1" Or c = "2" Or c = "3" Or c = "4" Or c = "5" Or c = "6" Or c = "7" Or c = "8" Or c = "9" Or c = "A" Or c = "B" Or c = "C" Or c = "D" Or c = "E" Or c = "F" Then
53 | output_str = output_str & c
54 | End If
55 | Next
56 | End If
57 | hex_digits_only = output_str
58 | End Function
59 |
60 | Public Function dec2hex(d As Byte) As String
61 | dec2hex = Right$("0" & Hex$(d), 2)
62 | End Function
63 |
64 | Public Function hex2dec(h As String) As Byte
65 | hex2dec = IIf(Len(h) > 0, CByte("&H" & h), 0)
66 | End Function
67 |
68 | Public Function hex2dec_lng(h As String) As Long
69 | hex2dec_lng = IIf(Len(h) > 0, CLng("&H" & h), 0)
70 | End Function
71 |
72 | Public Function bytes2num(LoByte As Byte, HiByte As Byte) As Long
73 | If HiByte And &H80 Then
74 | bytes2num = ((HiByte * &H100&) Or LoByte) Or &HFFFF0000
75 | Else
76 | bytes2num = (HiByte * &H100) Or LoByte
77 | End If
78 | 'bytes2num = CLng("&H" & Right$("0" & Hex$(LoByte), 2) & Right$("0" & Hex$(HiByte), 2))
79 | End Function
80 |
--------------------------------------------------------------------------------
/Project1.vbp:
--------------------------------------------------------------------------------
1 | Type=Exe
2 | Reference=*\G{420B2830-E718-11CF-893D-00A0C9054228}#1.0#0#..\..\..\Windows\SysWOW64\scrrun.dll#Microsoft Scripting Runtime
3 | Form=Form1.frm
4 | Module=Module1; Module1.bas
5 | Module=Write_CAP; WriteCAP.bas
6 | Module=Read_CAP; ReadCAP.bas
7 | Module=Read_HCCAP; ReadHCCAP.bas
8 | Module=Write_HCCAP; WriteHCCAP.bas
9 | Form=Form2.frm
10 | Module=RegistryModule; RegistryModule.bas
11 | Module=CommonDialogs; CommonDialogs.bas
12 | ResFile32="manifest.res"
13 | IconForm="Form1"
14 | Startup="Sub Main"
15 | HelpFile=""
16 | Title="Cap Converter"
17 | ExeName32="CapConverter.exe"
18 | Command32=""
19 | Name="CapConverter"
20 | HelpContextID="0"
21 | CompatibleMode="0"
22 | MajorVer=1
23 | MinorVer=4
24 | RevisionVer=0
25 | AutoIncrementVer=0
26 | ServerSupportFiles=0
27 | CompilationType=0
28 | OptimizationType=0
29 | FavorPentiumPro(tm)=0
30 | CodeViewDebugInfo=0
31 | NoAliasing=0
32 | BoundsCheck=0
33 | OverflowCheck=0
34 | FlPointCheck=0
35 | FDIVCheck=0
36 | UnroundedFP=0
37 | StartMode=0
38 | Unattended=0
39 | Retained=0
40 | ThreadPerObject=0
41 | MaxNumberOfThreads=1
42 | DebugStartupOption=0
43 |
44 | [MS Transaction Server]
45 | AutoRefresh=1
46 |
--------------------------------------------------------------------------------
/Project1.vbw:
--------------------------------------------------------------------------------
1 | Form1 = 196, 61, 1106, 784, , 5, 6, 813, 818, C
2 | Module1 = 75, 75, 729, 692,
3 | Write_CAP = 88, 116, 923, 604,
4 | Read_CAP = 132, 174, 967, 662,
5 | Read_HCCAP = 22, 29, 857, 517,
6 | Write_HCCAP = 132, 174, 967, 662,
7 | Form2 = 22, 29, 857, 517, , 0, 0, 856, 812, C
8 | RegistryModule = 175, 175, 829, 792,
9 | CommonDialogs = 44, 58, 854, 546,
10 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Cap-Converter
2 | 
3 | This is a small GUI tool for Windows that can open, edit and save WPA hash information from CAP and HCCAP files. It can...
4 |
5 | 1. Convert CAP files to HCCAP files
6 | 2. Convert HCCAP files back to CAP files
7 | 3. Preview and edit the contents of an HCCAP file
8 |
9 | It does not require any external programs or dependencies to be installed (such as Wireshark, WinPcap or libpcap). It directly reads and writes the raw bytes of the files.
10 |
11 | Before converting it is recommended that you clean your caps first manually using Wireshark or with pyrit using the command...
12 |
13 | `pyrit -r INPUT.CAP -o OUTPUT.CAP strip`
14 |
15 | to only contain one handshake for one network but even if you don't this program will still make it's best attempt at extracting the correct WPA handshake information.
16 |
17 | How to Convert CAP to HCCAP
18 | 1. Press the "Open CAP..." button to open a .CAP file
19 | 2. Verify the hash information looks correct in the "HCCAP Info" box
20 | 3. Press the "Save As HCCAP..." button to save the information to an .HCCAP file
21 |
22 | How to Convert HCCAP to CAP
23 | 1. Press the "Open HCCAP..." button to open a .HCCAP file
24 | 2. Verify the hash information looks correct in the "HCCAP Info" box
25 | 3. Press the "Save As CAP..." button to save the information to a .CAP file
26 |
27 | Background
28 | Cracking WPA/WPA2 with oclHashcat requires the use of an HCCAP file which is a custom file format designed specifically for hashcat. Typically this file is created using aircrack-ng (v1.2-beta1 or later) using the command...
29 |
30 | `aircrack-ng -J HCCAP_FILE CAP_FILE.CAP`
31 |
32 | or by using this online converter (which is powered by cap2hccap). However if you aren't comfortable with either of those options this program allows you to perform your CAP-to-HCCAP conversions offline with a familiar Windows interface.
33 |
34 | This program effectively merges together the functionality and adds a GUI to these existing projects:
35 | 1. analyze_hccap
36 | 2. craft_hccap
37 | 3. hccap2cap
38 |
39 | VB6 Runtimes
40 | This program was written in Visual Basic 6 which means it should work on any modern version of Windows but just in case you need to download the VB6 runtimes you can do so from here:
41 |
42 | https://www.microsoft.com/en-us/download/details.aspx?id=24417
43 |
--------------------------------------------------------------------------------
/ReadCAP.bas:
--------------------------------------------------------------------------------
1 | Attribute VB_Name = "Read_CAP"
2 | Option Explicit
3 |
4 | Public Function ReadCAP(filepath As String) As hccap_record()
5 | On Error GoTo read_cap_error
6 |
7 | Dim tmp_hccap_records() As hccap_record
8 | Dim unique_bssids As String
9 | Dim unique_bssids_count As Long
10 | Dim bssid_index As Long
11 | num_hccap_records = 0
12 |
13 | Dim ibytes() As Byte
14 | Dim use_little_endian As Boolean
15 | Dim total_bytes As Long
16 | Dim max_packet_length As Long
17 | Dim packet_length As Long
18 | Dim packet_count As Long
19 | Dim current_byte As Long
20 | Dim tmp_bssid As String
21 | Dim ssid_is_blank As Boolean
22 | Dim essid_has_been_set As Boolean
23 | Dim bssid_has_been_set As Boolean
24 | Dim sta_mac_has_been_set As Boolean
25 | Dim eapol_has_been_set As Boolean
26 | Dim anonce_has_been_set As Boolean
27 | Dim non_qos_offset As Integer
28 | Dim eapol_length_to_use As Long
29 | Dim i As Long, j As Long, k As Long
30 |
31 | 'read in file to byte array
32 | Dim iFile As Integer
33 | iFile = FreeFile
34 | Open filepath For Binary Access Read As #iFile
35 | total_bytes = LOF(iFile)
36 | If (total_bytes < 1) Then
37 | Close #iFile
38 | MsgBox "File is empty!", vbCritical + vbOKOnly, "Invalid File"
39 | Exit Function
40 | End If
41 | ReDim ibytes(0 To total_bytes - 1 + 100) As Byte
42 | Get #iFile, 1, ibytes
43 | Close #iFile
44 |
45 | If (total_bytes <= 40) Then
46 | MsgBox "Invalid CAP file!", vbCritical + vbOKOnly, "Invalid File"
47 | Exit Function
48 | End If
49 |
50 | 'If (total_bytes > 10240) Then
51 | ' MsgBox "This program can only accept .CAP files that are <10kb in size." & vbNewLine & vbNewLine & "Please use pyrit to clean/strip your cap:" & vbNewLine & "pyrit -r IN.CAP -o OUT.CAP strip" & vbNewLine & vbNewLine & "Or use Wireshark by following this tutorial:" & vbNewLine & "http://hackforums.net/showthread.php?tid=2974396", vbCritical + vbOKOnly, "File Too Large"
52 | ' btnReadCAP.Enabled = True
53 | ' Exit Sub
54 | 'End If
55 |
56 | 'If (total_bytes > UBound(ibytes) + 1) Then
57 | ' total_bytes = UBound(ibytes) + 1
58 | 'End If
59 |
60 | '------------------------------------------------------------------------------------------------------
61 | 'GLOBAL HEADER (24 bytes)
62 | '------------------------------------------------------------------------------------------------------
63 | 'bytes 0 to 3 (magic_number) (global header) (4 bytes) (ex. D4 C3 B2 A1)
64 | 'D4 C3 B2 A1 = WinDump (winpcap) capture file (Windows) (little endian)
65 | '4D 3C B2 A1 = WinDump (winpcap) capture file (Windows) (nanosecond-resolution) (little endian)
66 | 'A1 B2 C3 D4 = tcpdump (libpcap) capture file (Linux/Unix) (big endian)
67 | 'A1 B2 3C 4D = tcpdump (libpcap) capture file (Linux/Unix) (nanosecond-resolution) (big endian)
68 | '34 CD B2 A1 = Extended tcpdump (libpcap) capture file (Linux/Unix) (big endian)
69 | 'A1 B2 CD 34 = Extended tcpdump (libpcap) capture file (Linux/Unix) (big endian)
70 | If ibytes(0) = 212 And ibytes(1) = 195 And ibytes(2) = 178 And ibytes(3) = 161 Then 'D4 C3 B2 A1
71 | ElseIf ibytes(0) = 77 And ibytes(1) = 60 And ibytes(2) = 178 And ibytes(3) = 161 Then '4D 3C B2 A1
72 | ElseIf ibytes(0) = 161 And ibytes(1) = 178 And ibytes(2) = 195 And ibytes(3) = 212 Then 'A1 B2 C3 D4
73 | ElseIf ibytes(0) = 161 And ibytes(1) = 178 And ibytes(2) = 60 And ibytes(3) = 77 Then 'A1 B2 3C 4D
74 | ElseIf ibytes(0) = 52 And ibytes(1) = 205 And ibytes(2) = 178 And ibytes(3) = 161 Then '34 CD B2 A1
75 | ElseIf ibytes(0) = 161 And ibytes(1) = 178 And ibytes(2) = 205 And ibytes(3) = 52 Then 'A1 B2 CD 34
76 | Else
77 | MsgBox "Invalid file signature!", vbCritical + vbOKOnly, "Invalid File"
78 | Exit Function
79 | End If
80 |
81 | If (ibytes(0) = 212 And ibytes(1) = 195 And ibytes(2) = 178 And ibytes(3) = 161) Or (ibytes(0) = 77 And ibytes(1) = 60 And ibytes(2) = 178 And ibytes(3) = 161) Then
82 | use_little_endian = True
83 | Else
84 | use_little_endian = False
85 | End If
86 |
87 | 'bytes 4 to 5 (version_major) (global header) (2 bytes) (ex. 02 00)
88 |
89 | 'bytes 6 to 7 (version_minor) (global header) (2 bytes) (ex. 04 00)
90 |
91 | 'bytes 8 to 11 (thiszone) (GMT to local correction) (global header) (4 bytes) (ex. 00 00 00 00)
92 |
93 | 'bytes 12 to 15 (sigfigs) (accuracy of timestamps) (global header) (4 bytes) (ex. 00 00 00 00)
94 |
95 | 'bytes 16 to 19 (snaplen) (max length of captured packets) (global header) (4 bytes) (ex. FF FF 00 00)
96 |
97 | If (use_little_endian = True) Then
98 | max_packet_length = hex2dec_lng(dec2hex(ibytes(16)) & dec2hex(ibytes(17)))
99 | Else
100 | max_packet_length = hex2dec_lng(dec2hex(ibytes(18)) & dec2hex(ibytes(19)))
101 | End If
102 |
103 | 'bytes 20 to 23 (network) (Link-Layer Header Type) (global header) (4 bytes) (ex. 69 00 00 00)
104 | '69 (hex) = 105 (dec) = IEEE 802.11 wireless LAN
105 | '77 (hex) = 119 (dec) = Prism monitor mode information followed by an 802.11 header
106 | '7F (hex) = 127 (dec) = Radiotap link-layer information followed by an 802.11 header
107 | 'A3 (hex) = 163 (dec) = AVS monitor mode information followed by an 802.11 header
108 | If ((use_little_endian = True) And (ibytes(20) = 105)) Or ((use_little_endian = False) And (ibytes(23) = 105)) Then
109 | ElseIf ((use_little_endian = True) And (ibytes(20) = 119)) Or ((use_little_endian = False) And (ibytes(23) = 119)) Then
110 | ElseIf ((use_little_endian = True) And (ibytes(20) = 127)) Or ((use_little_endian = False) And (ibytes(23) = 127)) Then
111 | ElseIf ((use_little_endian = True) And (ibytes(20) = 163)) Or ((use_little_endian = False) And (ibytes(23) = 163)) Then
112 | Else
113 | MsgBox "Invalid Link Layer!" & vbNewLine & vbNewLine & "This program only accepts IEEE 802.11 wireless LAN .cap files.", vbCritical + vbOKOnly, "Invalid File"
114 | Exit Function
115 | End If
116 |
117 | '------------------------------------------------------------------------------------------------------
118 | 'COUNT UNIQUE BSSIDS
119 | '------------------------------------------------------------------------------------------------------
120 | current_byte = 24
121 | Do While (current_byte < total_bytes)
122 | If (use_little_endian = True) Then
123 | packet_length = bytes2num(ibytes(current_byte + 8), ibytes(current_byte + 9))
124 | Else
125 | packet_length = bytes2num(ibytes(current_byte + 10), ibytes(current_byte + 11))
126 | End If
127 | current_byte = current_byte + 16 'jump to packet data
128 | If (packet_length > 0) Then
129 | 'BEACON FRAME
130 | If ibytes(current_byte) = 128 Then 'byte 1 = 80 (hex) 128 (dec)
131 | tmp_bssid = dec2hex(ibytes(current_byte + 15 + 1)) & ":" & dec2hex(ibytes(current_byte + 15 + 2)) & ":" & dec2hex(ibytes(current_byte + 15 + 3)) & ":" & dec2hex(ibytes(current_byte + 15 + 4)) & ":" & dec2hex(ibytes(current_byte + 15 + 5)) & ":" & dec2hex(ibytes(current_byte + 15 + 6)) & ","
132 | If InStr(unique_bssids, tmp_bssid) = 0 Then
133 | unique_bssids = unique_bssids & tmp_bssid
134 | unique_bssids_count = unique_bssids_count + 1
135 | ReDim Preserve tmp_hccap_records(0 To unique_bssids_count - 1) As hccap_record
136 | tmp_hccap_records(unique_bssids_count - 1).BSSID = Left$(tmp_bssid, 17)
137 | End If
138 | End If
139 | 'PROBE RESPONSE
140 | If ibytes(current_byte) = 80 Then 'byte 1 = 50 (hex) 80 (dec)
141 | tmp_bssid = dec2hex(ibytes(current_byte + 15 + 1)) & ":" & dec2hex(ibytes(current_byte + 15 + 2)) & ":" & dec2hex(ibytes(current_byte + 15 + 3)) & ":" & dec2hex(ibytes(current_byte + 15 + 4)) & ":" & dec2hex(ibytes(current_byte + 15 + 5)) & ":" & dec2hex(ibytes(current_byte + 15 + 6)) & ","
142 | If InStr(unique_bssids, tmp_bssid) = 0 Then
143 | unique_bssids = unique_bssids & tmp_bssid
144 | unique_bssids_count = unique_bssids_count + 1
145 | ReDim Preserve tmp_hccap_records(0 To unique_bssids_count - 1) As hccap_record
146 | tmp_hccap_records(unique_bssids_count - 1).BSSID = Left$(tmp_bssid, 17)
147 | End If
148 | End If
149 | 'MESSAGE 1 of 4
150 | If (ibytes(current_byte) = 136 And ((ibytes(current_byte + 1) = 2) Or (ibytes(current_byte + 1) = 10)) And ibytes(current_byte + 32) = 136 And ibytes(current_byte + 33) = 142) Or (ibytes(current_byte) = 8 And ((ibytes(current_byte + 1) = 2) Or (ibytes(current_byte + 1) = 10)) And ibytes(current_byte + 30) = 136 And ibytes(current_byte + 31) = 142) Then
151 | tmp_bssid = dec2hex(ibytes(current_byte + 9 + 1)) & ":" & dec2hex(ibytes(current_byte + 9 + 2)) & ":" & dec2hex(ibytes(current_byte + 9 + 3)) & ":" & dec2hex(ibytes(current_byte + 9 + 4)) & ":" & dec2hex(ibytes(current_byte + 9 + 5)) & ":" & dec2hex(ibytes(current_byte + 9 + 6)) & ","
152 | If InStr(unique_bssids, tmp_bssid) = 0 Then
153 | unique_bssids = unique_bssids & tmp_bssid
154 | unique_bssids_count = unique_bssids_count + 1
155 | ReDim Preserve tmp_hccap_records(0 To unique_bssids_count - 1) As hccap_record
156 | tmp_hccap_records(unique_bssids_count - 1).BSSID = Left$(tmp_bssid, 17)
157 | End If
158 | 'Message 2 of 4
159 | ElseIf (ibytes(current_byte) = 136 And ((ibytes(current_byte + 1) = 1) Or (ibytes(current_byte + 1) = 9)) And ibytes(current_byte + 32) = 136 And ibytes(current_byte + 33) = 142) Or (ibytes(current_byte) = 8 And ((ibytes(current_byte + 1) = 1) Or (ibytes(current_byte + 1) = 9)) And ibytes(current_byte + 30) = 136 And ibytes(current_byte + 31) = 142) Then
160 | tmp_bssid = dec2hex(ibytes(current_byte + 3 + 1)) & ":" & dec2hex(ibytes(current_byte + 3 + 2)) & ":" & dec2hex(ibytes(current_byte + 3 + 3)) & ":" & dec2hex(ibytes(current_byte + 3 + 4)) & ":" & dec2hex(ibytes(current_byte + 3 + 5)) & ":" & dec2hex(ibytes(current_byte + 3 + 6)) & ","
161 | If InStr(unique_bssids, tmp_bssid) = 0 Then
162 | unique_bssids = unique_bssids & tmp_bssid
163 | unique_bssids_count = unique_bssids_count + 1
164 | ReDim Preserve tmp_hccap_records(0 To unique_bssids_count - 1) As hccap_record
165 | tmp_hccap_records(unique_bssids_count - 1).BSSID = Left$(tmp_bssid, 17)
166 | End If
167 | End If
168 | current_byte = current_byte + packet_length 'move to next packet
169 | End If
170 | Loop
171 | If (unique_bssids_count = 0) Then
172 | MsgBox "No BSSIDs found!", vbCritical + vbOKOnly, "Invalid File"
173 | Exit Function
174 | End If
175 | num_hccap_records = unique_bssids_count
176 | '------------------------------------------------------------------------------------------------------
177 |
178 | current_byte = 24
179 | Do While (current_byte < total_bytes)
180 | '------------------------------------------------------------------------------------------------------
181 | 'PACKET HEADER (16 bytes)
182 | '------------------------------------------------------------------------------------------------------
183 | 'current_byte+0 to current_byte+3 (ts_sec) (timestamp seconds) (packet header) (4 bytes) (ex. C2 F1 68 55)
184 | 'current_byte+4 to current_byte+7 (ts_usec) (timestamp microseconds) (packet header) (4 bytes) (ex. 28 48 07 00)
185 | 'current_byte+8 to current_byte+11 (incl_len) (saved packet length in bytes) (packet header) (4 bytes) (ex. F8 00 00 00)
186 | 'current_byte+12 to current_byte+15 (orig_len) (actual packet length in bytes) (packet header) (4 bytes) (ex. F8 00 00 00)
187 | packet_count = packet_count + 1
188 | If (use_little_endian = True) Then
189 | packet_length = bytes2num(ibytes(current_byte + 8), ibytes(current_byte + 9))
190 | Else
191 | packet_length = bytes2num(ibytes(current_byte + 10), ibytes(current_byte + 11))
192 | End If
193 |
194 | current_byte = current_byte + 16
195 | '------------------------------------------------------------------------------------------------------
196 | 'PACKET DATA (variable length)
197 | '------------------------------------------------------------------------------------------------------
198 | If (packet_length > 0) Then
199 |
200 | 'beacon frame
201 | If ibytes(current_byte) = 128 Then 'byte 1 = 80 (hex) 128 (dec)
202 | 'grab BSSID
203 | tmp_bssid = dec2hex(ibytes(current_byte + 15 + 1)) & ":" & dec2hex(ibytes(current_byte + 15 + 2)) & ":" & dec2hex(ibytes(current_byte + 15 + 3)) & ":" & dec2hex(ibytes(current_byte + 15 + 4)) & ":" & dec2hex(ibytes(current_byte + 15 + 5)) & ":" & dec2hex(ibytes(current_byte + 15 + 6))
204 | 'find this BSSIDs index in the array
205 | For k = 0 To unique_bssids_count - 1
206 | If (tmp_hccap_records(k).BSSID = tmp_bssid) Then
207 | bssid_index = k
208 | Exit For
209 | End If
210 | Next
211 | 'grab SSID
212 | If ibytes(current_byte + 37) > 0 And ibytes(current_byte + 37) <= 36 Then 'valid SSID length (1-36)
213 | ssid_is_blank = True
214 | For i = 1 To ibytes(current_byte + 37)
215 | If ibytes(current_byte + 37 + i) <> 0 Then
216 | ssid_is_blank = False
217 | Exit For
218 | End If
219 | Next
220 | If (ssid_is_blank = False) Then
221 | If (tmp_hccap_records(bssid_index).ESSID = "") Then
222 | For i = 1 To ibytes(current_byte + 37)
223 | tmp_hccap_records(bssid_index).ESSID = tmp_hccap_records(bssid_index).ESSID & Chr(ibytes(current_byte + 37 + i))
224 | Next
225 | End If
226 | End If
227 | End If
228 | End If
229 |
230 | 'probe response
231 | If ibytes(current_byte) = 80 Then 'byte 1 = 50 (hex) 80 (dec)
232 | 'grab BSSID
233 | tmp_bssid = dec2hex(ibytes(current_byte + 15 + 1)) & ":" & dec2hex(ibytes(current_byte + 15 + 2)) & ":" & dec2hex(ibytes(current_byte + 15 + 3)) & ":" & dec2hex(ibytes(current_byte + 15 + 4)) & ":" & dec2hex(ibytes(current_byte + 15 + 5)) & ":" & dec2hex(ibytes(current_byte + 15 + 6))
234 | 'find this BSSIDs index in the array
235 | For k = 0 To unique_bssids_count - 1
236 | If (tmp_hccap_records(k).BSSID = tmp_bssid) Then
237 | bssid_index = k
238 | Exit For
239 | End If
240 | Next
241 | 'grab SSID
242 | If ibytes(current_byte + 37) > 0 And ibytes(current_byte + 37) <= 36 Then 'valid SSID length (1-36)
243 | If (tmp_hccap_records(bssid_index).ESSID = "") Then
244 | For i = 1 To ibytes(current_byte + 37)
245 | tmp_hccap_records(bssid_index).ESSID = tmp_hccap_records(bssid_index).ESSID & Chr(ibytes(current_byte + 37 + i))
246 | Next
247 | End If
248 | End If
249 | End If
250 |
251 | 'Message 1 of 4
252 | 'Frame Control Field: 0x8802 QoS Data (AP -> STA) (bytes 1 + 2)
253 | 'Frame Type: 802.1X Authentication (0x888e) (bytes 33 + 34)
254 | 'or
255 | 'Frame Control Field: 0x0802 Data (AP -> STA) (bytes 1 + 2)
256 | 'Frame Type: 802.1X Authentication (0x888e) (bytes 31 + 32)
257 | If (ibytes(current_byte) = 136 And ((ibytes(current_byte + 1) = 2) Or (ibytes(current_byte + 1) = 10)) And ibytes(current_byte + 32) = 136 And ibytes(current_byte + 33) = 142) Or (ibytes(current_byte) = 8 And ((ibytes(current_byte + 1) = 2) Or (ibytes(current_byte + 1) = 10)) And ibytes(current_byte + 30) = 136 And ibytes(current_byte + 31) = 142) Then
258 | If ibytes(current_byte) = 8 Then
259 | non_qos_offset = 2
260 | Else
261 | non_qos_offset = 0
262 | End If
263 | 'BSSID (bytes 11 to 16)
264 | tmp_bssid = dec2hex(ibytes(current_byte + 9 + 1)) & ":" & dec2hex(ibytes(current_byte + 9 + 2)) & ":" & dec2hex(ibytes(current_byte + 9 + 3)) & ":" & dec2hex(ibytes(current_byte + 9 + 4)) & ":" & dec2hex(ibytes(current_byte + 9 + 5)) & ":" & dec2hex(ibytes(current_byte + 9 + 6))
265 | 'find this BSSIDs index in the array
266 | For k = 0 To unique_bssids_count - 1
267 | If (tmp_hccap_records(k).BSSID = tmp_bssid) Then
268 | bssid_index = k
269 | Exit For
270 | End If
271 | Next
272 | 'Station Address
273 | 'Receiver Address (bytes 5 to 10)
274 | If (tmp_hccap_records(bssid_index).STATION_MAC = "") Then
275 | tmp_hccap_records(bssid_index).STATION_MAC = dec2hex(ibytes(current_byte + 3 + 1)) & ":" & dec2hex(ibytes(current_byte + 3 + 2)) & ":" & dec2hex(ibytes(current_byte + 3 + 3)) & ":" & dec2hex(ibytes(current_byte + 3 + 4)) & ":" & dec2hex(ibytes(current_byte + 3 + 5)) & ":" & dec2hex(ibytes(current_byte + 3 + 6))
276 | End If
277 | 'ANONCE
278 | If (ibytes(current_byte + 51) = 0) And (ibytes(current_byte + 52) = 0) And (ibytes(current_byte + 53) = 0) And (ibytes(current_byte + 54) = 0) And (ibytes(current_byte + 55) = 0) And (ibytes(current_byte + 56) = 0) And (ibytes(current_byte + 57) = 0) And (ibytes(current_byte + 58) = 0) And (ibytes(current_byte + 59) = 0) And (ibytes(current_byte + 60) = 0) And (ibytes(current_byte + 61) = 0) And (ibytes(current_byte + 62) = 0) And (ibytes(current_byte + 63) = 0) And (ibytes(current_byte + 64) = 0) And (ibytes(current_byte + 65) = 0) And (ibytes(current_byte + 66) = 0) And (ibytes(current_byte + 67) = 0) And (ibytes(current_byte + 68) = 0) And (ibytes(current_byte + 69) = 0) And (ibytes(current_byte + 70) = 0) And (ibytes(current_byte + 71) = 0) And (ibytes(current_byte + 72) = 0) And (ibytes(current_byte + 73) = 0) And (ibytes(current_byte + 74) = 0) And (ibytes(current_byte + 75) = 0) And (ibytes(current_byte + 76) = 0) And (ibytes(current_byte + 77) = 0) _
279 | And (ibytes(current_byte + 78) = 0) And (ibytes(current_byte + 79) = 0) And (ibytes(current_byte + 80) = 0) And (ibytes(current_byte + 81) = 0) And (ibytes(current_byte + 82) = 0) Then
280 | Else
281 | If (tmp_hccap_records(bssid_index).ANONCE = "") Then
282 | For i = 1 To 32
283 | 'ANONCE (bytes 52 to 83)
284 | tmp_hccap_records(bssid_index).ANONCE = tmp_hccap_records(bssid_index).ANONCE & dec2hex(ibytes(current_byte + 50 - non_qos_offset + i))
285 | If (i = 16) Then
286 | tmp_hccap_records(bssid_index).ANONCE = tmp_hccap_records(bssid_index).ANONCE & vbNewLine
287 | ElseIf (i < 32) Then
288 | tmp_hccap_records(bssid_index).ANONCE = tmp_hccap_records(bssid_index).ANONCE & " "
289 | End If
290 | Next
291 | End If
292 | End If
293 | 'Message 2 of 4
294 | 'Frame Control Field: 0x8801 QoS Data (STA -> AP) (bytes 1 + 2)
295 | 'Frame Type: 802.1X Authentication (0x888e) (bytes 33 + 34)
296 | 'or
297 | 'Frame Control Field: 0x0801 Data (AP -> STA) (bytes 1 + 2)
298 | 'Frame Type: 802.1X Authentication (0x888e) (bytes 31 + 32)
299 | ElseIf (ibytes(current_byte) = 136 And ((ibytes(current_byte + 1) = 1) Or (ibytes(current_byte + 1) = 9)) And ibytes(current_byte + 32) = 136 And ibytes(current_byte + 33) = 142) Or (ibytes(current_byte) = 8 And ((ibytes(current_byte + 1) = 1) Or (ibytes(current_byte + 1) = 9)) And ibytes(current_byte + 30) = 136 And ibytes(current_byte + 31) = 142) Then
300 | If ibytes(current_byte) = 8 Then
301 | non_qos_offset = 2
302 | Else
303 | non_qos_offset = 0
304 | End If
305 | 'BSSID (bytes 5 to 10)
306 | tmp_bssid = dec2hex(ibytes(current_byte + 3 + 1)) & ":" & dec2hex(ibytes(current_byte + 3 + 2)) & ":" & dec2hex(ibytes(current_byte + 3 + 3)) & ":" & dec2hex(ibytes(current_byte + 3 + 4)) & ":" & dec2hex(ibytes(current_byte + 3 + 5)) & ":" & dec2hex(ibytes(current_byte + 3 + 6))
307 | 'find this BSSIDs index in the array
308 | For k = 0 To unique_bssids_count - 1
309 | If (tmp_hccap_records(k).BSSID = tmp_bssid) Then
310 | bssid_index = k
311 | Exit For
312 | End If
313 | Next
314 | If (ibytes(current_byte + 51 - non_qos_offset) = 0) And (ibytes(current_byte + 52 - non_qos_offset) = 0) And (ibytes(current_byte + 53 - non_qos_offset) = 0) And (ibytes(current_byte + 54 - non_qos_offset) = 0) And (ibytes(current_byte + 55 - non_qos_offset) = 0) And (ibytes(current_byte + 56 - non_qos_offset) = 0) And (ibytes(current_byte + 57 - non_qos_offset) = 0) And (ibytes(current_byte + 58 - non_qos_offset) = 0) And (ibytes(current_byte + 59 - non_qos_offset) = 0) And (ibytes(current_byte + 60 - non_qos_offset) = 0) And (ibytes(current_byte + 61 - non_qos_offset) = 0) And (ibytes(current_byte + 62 - non_qos_offset) = 0) And (ibytes(current_byte + 63 - non_qos_offset) = 0) And (ibytes(current_byte + 64 - non_qos_offset) = 0) And (ibytes(current_byte + 65 - non_qos_offset) = 0) And (ibytes(current_byte + 66 - non_qos_offset) = 0) _
315 | And (ibytes(current_byte + 67 - non_qos_offset) = 0) And (ibytes(current_byte + 68 - non_qos_offset) = 0) And (ibytes(current_byte + 69 - non_qos_offset) = 0) And (ibytes(current_byte + 70 - non_qos_offset) = 0) And (ibytes(current_byte + 71 - non_qos_offset) = 0) And (ibytes(current_byte + 72 - non_qos_offset) = 0) And (ibytes(current_byte + 73 - non_qos_offset) = 0) And (ibytes(current_byte + 74 - non_qos_offset) = 0) And (ibytes(current_byte + 75 - non_qos_offset) = 0) And (ibytes(current_byte + 76 - non_qos_offset) = 0) And (ibytes(current_byte + 77 - non_qos_offset) = 0) And (ibytes(current_byte + 78 - non_qos_offset) = 0) And (ibytes(current_byte + 79 - non_qos_offset) = 0) And (ibytes(current_byte + 80 - non_qos_offset) = 0) And (ibytes(current_byte + 81 - non_qos_offset) = 0) And (ibytes(current_byte + 82 - non_qos_offset) = 0) Then
316 | Else
317 | 'EAPOL
318 | If packet_length > (34 - non_qos_offset) Then
319 | 'SNONCE
320 | If (tmp_hccap_records(bssid_index).SNONCE = "") Then
321 | For i = 1 To 32
322 | 'SNONCE (bytes 52 to 83)
323 | tmp_hccap_records(bssid_index).SNONCE = tmp_hccap_records(bssid_index).SNONCE & dec2hex(ibytes(current_byte + 50 - non_qos_offset + i))
324 | If (i = 16) Then
325 | tmp_hccap_records(bssid_index).SNONCE = tmp_hccap_records(bssid_index).SNONCE & vbNewLine
326 | ElseIf (i < 32) Then
327 | tmp_hccap_records(bssid_index).SNONCE = tmp_hccap_records(bssid_index).SNONCE & " "
328 | End If
329 | Next
330 | tmp_hccap_records(bssid_index).EAPOL_SIZE = hex2dec_lng(dec2hex(ibytes(current_byte + 36 - non_qos_offset)) & dec2hex(ibytes(current_byte + 37 - non_qos_offset))) + 4
331 | 'tmp_hccap_records(bssid_index).EAPOL_SIZE = packet_length - (34 - non_qos_offset)
332 | If CLng(tmp_hccap_records(bssid_index).EAPOL_SIZE) > 0 Then
333 | eapol_length_to_use = CLng(tmp_hccap_records(bssid_index).EAPOL_SIZE)
334 | Else
335 | eapol_length_to_use = packet_length - (34 - non_qos_offset)
336 | End If
337 | tmp_hccap_records(bssid_index).EAPOL = ""
338 | tmp_hccap_records(bssid_index).KEY_MIC = ""
339 | For i = 1 To eapol_length_to_use
340 | 'Key Version
341 | If (i = 7) Then
342 | tmp_hccap_records(bssid_index).KEY_VERSION = hex2dec_lng(dec2hex(ibytes(current_byte + 33 - non_qos_offset + i - 1)) & dec2hex(ibytes(current_byte + 33 - non_qos_offset + i))) And 7
343 | End If
344 | 'Key MIC
345 | If (i > 81) And (i < 98) Then
346 | tmp_hccap_records(bssid_index).EAPOL = tmp_hccap_records(bssid_index).EAPOL & "00"
347 | tmp_hccap_records(bssid_index).KEY_MIC = tmp_hccap_records(bssid_index).KEY_MIC & dec2hex(ibytes(current_byte + 33 - non_qos_offset + i))
348 | If (i < 97) Then
349 | tmp_hccap_records(bssid_index).KEY_MIC = tmp_hccap_records(bssid_index).KEY_MIC & " "
350 | End If
351 | Else
352 | tmp_hccap_records(bssid_index).EAPOL = tmp_hccap_records(bssid_index).EAPOL & dec2hex(ibytes(current_byte + 33 - non_qos_offset + i))
353 | End If
354 |
355 | If (i Mod 16 = 0) Then
356 | tmp_hccap_records(bssid_index).EAPOL = tmp_hccap_records(bssid_index).EAPOL & vbNewLine
357 | ElseIf i < eapol_length_to_use Then
358 | tmp_hccap_records(bssid_index).EAPOL = tmp_hccap_records(bssid_index).EAPOL & " "
359 | End If
360 | Next
361 | End If
362 | End If
363 | End If
364 | End If
365 |
366 | current_byte = current_byte + packet_length 'move to next packet
367 | End If
368 | Loop
369 |
370 | ReadCAP = tmp_hccap_records
371 | Exit Function
372 | read_cap_error:
373 | MsgBox "The following error occured: " & vbNewLine & "Error # " & Err.Number & vbNewLine & Err.Description, vbCritical, "Error"
374 | End Function
375 |
--------------------------------------------------------------------------------
/ReadHCCAP.bas:
--------------------------------------------------------------------------------
1 | Attribute VB_Name = "Read_HCCAP"
2 | Option Explicit
3 |
4 | Public Function ReadHCCAP(filepath As String) As hccap_record()
5 | On Error GoTo read_hccap_error
6 |
7 | Dim tmp_hccap_records() As hccap_record
8 |
9 | Dim ibytes() As Byte
10 | Dim total_bytes As Long
11 | Dim i As Long, j As Long, offset As Long
12 | num_hccap_records = 0
13 |
14 | 'read in file to byte array
15 | Dim iFile As Integer
16 | iFile = FreeFile
17 | Open filepath For Binary Access Read As #iFile
18 | total_bytes = LOF(iFile)
19 | If (total_bytes < 1) Then
20 | Close #iFile
21 | MsgBox "File is empty!", vbCritical + vbOKOnly, "Invalid File"
22 | Exit Function
23 | End If
24 | ReDim ibytes(0 To total_bytes - 1) As Byte
25 | Get #iFile, 1, ibytes
26 | Close #iFile
27 |
28 | If (total_bytes <= 391) Or (total_bytes Mod 392 <> 0) Then
29 | MsgBox "Invalid HCCAP file!", vbCritical + vbOKOnly, "Invalid File"
30 | Exit Function
31 | End If
32 |
33 | num_hccap_records = total_bytes / 392
34 | ReDim tmp_hccap_records(0 To num_hccap_records - 1) As hccap_record
35 | offset = 0
36 |
37 | For j = 0 To num_hccap_records - 1
38 |
39 | 'bytes 0 to 35 = essid (36 bytes) - the essid (name) of the access point
40 | tmp_hccap_records(j).ESSID = ""
41 | For i = 0 To 35
42 | If (ibytes(i + offset) <> 0) Then
43 | tmp_hccap_records(j).ESSID = tmp_hccap_records(j).ESSID & Chr(ibytes(i + offset))
44 | End If
45 | Next
46 |
47 | 'bytes 36 to 41 = mac1 (6 bytes) - the bssid (MAC) of the access point
48 | tmp_hccap_records(j).BSSID = ""
49 | For i = 36 To 41
50 | tmp_hccap_records(j).BSSID = tmp_hccap_records(j).BSSID & dec2hex(ibytes(i + offset))
51 | If (i < 41) Then
52 | tmp_hccap_records(j).BSSID = tmp_hccap_records(j).BSSID & ":"
53 | End If
54 | Next
55 |
56 | 'bytes 42 to 47 = mac2 (6 bytes) - the MAC address of a client connecting to the access point
57 | tmp_hccap_records(j).STATION_MAC = ""
58 | For i = 42 To 47
59 | tmp_hccap_records(j).STATION_MAC = tmp_hccap_records(j).STATION_MAC & dec2hex(ibytes(i + offset))
60 | If (i < 47) Then
61 | tmp_hccap_records(j).STATION_MAC = tmp_hccap_records(j).STATION_MAC & ":"
62 | End If
63 | Next
64 |
65 | 'bytes 48 to 79 = snonce (32 bytes) - random salt used for handshake by both parties
66 | tmp_hccap_records(j).SNONCE = ""
67 | For i = 48 To 79
68 | tmp_hccap_records(j).SNONCE = tmp_hccap_records(j).SNONCE & dec2hex(ibytes(i + offset))
69 | If (i <> 63) And (i <> 79) Then
70 | tmp_hccap_records(j).SNONCE = tmp_hccap_records(j).SNONCE & " "
71 | End If
72 | If (i = 63) Then
73 | tmp_hccap_records(j).SNONCE = tmp_hccap_records(j).SNONCE & vbNewLine
74 | End If
75 | Next
76 |
77 | 'bytes 80 to 111 = anonce (32 bytes) - random salt used for handshake by both parties
78 | tmp_hccap_records(j).ANONCE = ""
79 | For i = 80 To 111
80 | tmp_hccap_records(j).ANONCE = tmp_hccap_records(j).ANONCE & dec2hex(ibytes(i + offset))
81 | If (i <> 95) And (i <> 111) Then
82 | tmp_hccap_records(j).ANONCE = tmp_hccap_records(j).ANONCE & " "
83 | End If
84 | If (i = 95) Then
85 | tmp_hccap_records(j).ANONCE = tmp_hccap_records(j).ANONCE & vbNewLine
86 | End If
87 | Next
88 |
89 | 'bytes 112 to 367 = eapol (256 bytes) - EAPOL
90 | Dim EAPOL_SIZE As Long
91 | EAPOL_SIZE = bytes2num(ibytes(368 + offset), ibytes(369 + offset))
92 | tmp_hccap_records(j).EAPOL = ""
93 | For i = 112 To 367
94 | If ((i - 111) <= EAPOL_SIZE) Then
95 | tmp_hccap_records(j).EAPOL = tmp_hccap_records(j).EAPOL & dec2hex(ibytes(i + offset))
96 | If (i <> 127) And (i <> 143) And (i <> 159) And (i <> 175) And (i <> 191) And (i <> 207) And (i <> 223) And (i <> 239) And (i <> 255) And (i <> 271) And (i <> 287) And (i <> 303) And (i <> 319) And (i <> 335) And (i <> 351) And (i <> 367) And ((i - 111) <> EAPOL_SIZE) Then
97 | tmp_hccap_records(j).EAPOL = tmp_hccap_records(j).EAPOL & " "
98 | End If
99 | If (i = 127) Or (i = 143) Or (i = 159) Or (i = 175) Or (i = 191) Or (i = 207) Or (i = 223) Or (i = 239) Or (i = 255) Or (i = 271) Or (i = 287) Or (i = 303) Or (i = 319) Or (i = 335) Or (i = 351) Then
100 | tmp_hccap_records(j).EAPOL = tmp_hccap_records(j).EAPOL & vbNewLine
101 | End If
102 | End If
103 | Next
104 |
105 | 'bytes 368 to 371 = eapol_size (4 bytes) - size of eapol
106 | tmp_hccap_records(j).EAPOL_SIZE = EAPOL_SIZE
107 |
108 | 'bytes 372 to 375 = keyver (4 bytes) - the flag used to distinguish WPA from WPA2 ciphers. Value of 1 means WPA, other - WPA2
109 | tmp_hccap_records(j).KEY_VERSION = ibytes(372 + offset)
110 |
111 | 'bytes 376 to 391 = keymic (16 bytes) - the final hash value. MD5 for WPA and SHA-1 for WPA2 (truncated to 128 bit)
112 | tmp_hccap_records(j).KEY_MIC = ""
113 | For i = 376 To 391
114 | tmp_hccap_records(j).KEY_MIC = tmp_hccap_records(j).KEY_MIC & dec2hex(ibytes(i + offset))
115 | If (i <> 391) Then
116 | tmp_hccap_records(j).KEY_MIC = tmp_hccap_records(j).KEY_MIC & " "
117 | End If
118 | Next
119 |
120 | offset = offset + 392 'move to next record
121 |
122 | Next
123 |
124 | ReadHCCAP = tmp_hccap_records
125 | Exit Function
126 | read_hccap_error:
127 | MsgBox "The following error occured: " & vbNewLine & "Error # " & Err.Number & vbNewLine & Err.Description, vbCritical, "Error"
128 | End Function
129 |
--------------------------------------------------------------------------------
/RegistryModule.bas:
--------------------------------------------------------------------------------
1 | Attribute VB_Name = "RegistryModule"
2 | Option Explicit
3 |
4 | Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
5 | Public Declare Function RegConnectRegistry Lib "advapi32.dll" Alias "RegConnectRegistryA" (ByVal lpMachineName As String, ByVal hKey As Long, phkResult As Long) As Long
6 | Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
7 | Public Declare Function RegCreateKeyEx Lib "advapi32.dll" Alias "RegCreateKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions As Long, ByVal samDesired As Long, ByVal lpSecurityAttributes As Long, phkResult As Long, lpdwDisposition As Long) As Long
8 | Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
9 | Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
10 | Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long
11 | Public Declare Function RegEnumKeyEx Lib "advapi32.dll" Alias "RegEnumKeyExA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, lpcbName As Long, lpReserved As Long, ByVal lpClass As String, lpcbClass As Long, lpftLastWriteTime As FILETIME) As Long
12 | Public Declare Function RegEnumValue Lib "advapi32.dll" Alias "RegEnumValueA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpValueName As String, lpcbValueName As Long, lpReserved As Long, lpType As Long, lpData As Byte, lpcbData As Long) As Long
13 | Public Declare Function RegFlushKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
14 | Public Declare Function RegGetKeySecurity Lib "advapi32.dll" (ByVal hKey As Long, ByVal SecurityInformation As Long, pSecurityDescriptor As SECURITY_DESCRIPTOR, lpcbSecurityDescriptor As Long) As Long
15 | Public Declare Function RegLoadKey Lib "advapi32.dll" Alias "RegLoadKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal lpFile As String) As Long
16 | Public Declare Function RegNotifyChangeKeyValue Lib "advapi32.dll" (ByVal hKey As Long, ByVal bWatchSubtree As Long, ByVal dwNotifyFilter As Long, ByVal hEvent As Long, ByVal fAsynchronus As Long) As Long
17 | Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
18 | Public Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
19 | Public Declare Function RegQueryInfoKey Lib "advapi32.dll" Alias "RegQueryInfoKeyA" (ByVal hKey As Long, ByVal lpClass As String, lpcbClass As Long, lpReserved As Long, lpcSubKeys As Long, lpcbMaxSubKeyLen As Long, lpcbMaxClassLen As Long, lpcValues As Long, lpcbMaxValueNameLen As Long, lpcbMaxValueLen As Long, lpcbSecurityDescriptor As Long, lpftLastWriteTime As FILETIME) As Long
20 | Public Declare Function RegQueryValue Lib "advapi32.dll" Alias "RegQueryValueA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal lpValue As String, lpcbValue As Long) As Long
21 | Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long
22 | Public Declare Function RegReplaceKey Lib "advapi32.dll" Alias "RegReplaceKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal lpNewFile As String, ByVal lpOldFile As String) As Long
23 | Public Declare Function RegRestoreKey Lib "advapi32.dll" Alias "RegRestoreKeyA" (ByVal hKey As Long, ByVal lpFile As String, ByVal dwFlags As Long) As Long
24 | Public Declare Function RegSaveKey Lib "advapi32.dll" Alias "RegSaveKeyA" (ByVal hKey As Long, ByVal lpFile As String, lpSecurityAttributes As SECURITY_ATTRIBUTES) As Long
25 | Public Declare Function RegSetKeySecurity Lib "advapi32.dll" (ByVal hKey As Long, ByVal SecurityInformation As Long, pSecurityDescriptor As SECURITY_DESCRIPTOR) As Long
26 | Public Declare Function RegSetValue Lib "advapi32.dll" Alias "RegSetValueA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
27 | Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
28 | Public Declare Function RegSetValueExString Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
29 | Public Declare Function RegSetValueExLong Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Long, ByVal cbData As Long) As Long
30 | Public Declare Function RegUnLoadKey Lib "advapi32.dll" Alias "RegUnLoadKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
31 |
32 | 'Possible registry data types
33 | Public Enum InTypes
34 | ValNull = 0
35 | ValString = 1
36 | ValXString = 2
37 | ValBinary = 3
38 | ValDWord = 4
39 | ValLink = 6
40 | ValMultiString = 7
41 | ValResList = 8
42 | End Enum
43 |
44 | Public Type FILETIME
45 | dwLowDateTime As Long
46 | dwHighDateTime As Long
47 | End Type
48 |
49 | Public Type ACL
50 | AclRevision As Byte
51 | Sbz1 As Byte
52 | AclSize As Integer
53 | AceCount As Integer
54 | Sbz2 As Integer
55 | End Type
56 |
57 | Public Type SECURITY_DESCRIPTOR
58 | Revision As Byte
59 | Sbz1 As Byte
60 | Control As Long
61 | Owner As Long
62 | Group As Long
63 | Sacl As ACL
64 | Dacl As ACL
65 | End Type
66 |
67 | Public Type SECURITY_ATTRIBUTES
68 | nLength As Long
69 | lpSecurityDescriptor As Long
70 | bInheritHandle As Long
71 | End Type
72 |
73 | 'Reg Create Type Values
74 | Public Const REG_OPTION_RESERVED As Long = 0 ' Parameter is reserved
75 | Public Const REG_OPTION_NON_VOLATILE As Long = 0 ' Key is preserved when system is rebooted
76 | Public Const REG_OPTION_VOLATILE As Long = 1 ' Key is not preserved when system is rebooted
77 | Public Const REG_OPTION_CREATE_LINK As Long = 2 ' Created key is a symbolic link
78 | Public Const REG_OPTION_BACKUP_RESTORE As Long = 4 ' open for backup or restore
79 |
80 | 'Reg Data Types
81 | Public Const REG_NONE As Long = 0 ' No value type
82 | Public Const REG_SZ As Long = 1 ' Unicode nul terminated string
83 | Public Const REG_EXPAND_SZ As Long = 2 ' Unicode nul terminated string
84 | Public Const REG_BINARY As Long = 3 ' Free form binary
85 | Public Const REG_DWORD As Long = 4 ' 32-bit number
86 | Public Const REG_DWORD_LITTLE_ENDIAN As Long = 4 ' 32-bit number (same as REG_DWORD)
87 | Public Const REG_DWORD_BIG_ENDIAN As Long = 5 ' 32-bit number
88 | Public Const REG_LINK As Long = 6 ' Symbolic Link (unicode)
89 | Public Const REG_MULTI_SZ As Long = 7 ' Multiple Unicode strings
90 | Public Const REG_RESOURCE_LIST As Long = 8 ' Resource list in the resource map
91 | Public Const REG_FULL_RESOURCE_DESCRIPTOR As Long = 9 ' Resource list in the hardware description
92 | Public Const REG_RESOURCE_REQUIREMENTS_LIST As Long = 10
93 | Public Const REG_CREATED_NEW_KEY As Long = &H1 ' New Registry Key created
94 | Public Const REG_OPENED_EXISTING_KEY As Long = &H2 ' Existing Key opened
95 | Public Const REG_WHOLE_HIVE_VOLATILE As Long = &H1 ' Restore whole hive volatile
96 | Public Const REG_REFRESH_HIVE As Long = &H2 ' Unwind changes to last flush
97 | Public Const REG_NOTIFY_CHANGE_NAME As Long = &H1 ' Create or delete (child)
98 | Public Const REG_NOTIFY_CHANGE_ATTRIBUTES As Long = &H2
99 | Public Const REG_NOTIFY_CHANGE_LAST_SET As Long = &H4 ' Time stamp
100 | Public Const REG_NOTIFY_CHANGE_SECURITY As Long = &H8
101 | Public Const REG_LEGAL_CHANGE_FILTER As Long = (REG_NOTIFY_CHANGE_NAME Or REG_NOTIFY_CHANGE_ATTRIBUTES Or REG_NOTIFY_CHANGE_LAST_SET Or REG_NOTIFY_CHANGE_SECURITY)
102 | Public Const REG_LEGAL_OPTION As Long = (REG_OPTION_RESERVED Or REG_OPTION_NON_VOLATILE Or REG_OPTION_VOLATILE Or REG_OPTION_CREATE_LINK Or REG_OPTION_BACKUP_RESTORE)
103 |
104 | 'Security Mask constants
105 | Public Const DELETE = &H10000
106 | Public Const READ_CONTROL = &H20000
107 | Public Const WRITE_DAC = &H40000
108 | Public Const WRITE_OWNER = &H80000
109 | Public Const SYNCHRONIZE = &H100000
110 | Public Const STANDARD_RIGHTS_READ = (READ_CONTROL)
111 | Public Const STANDARD_RIGHTS_WRITE = (READ_CONTROL)
112 | Public Const STANDARD_RIGHTS_EXECUTE = (READ_CONTROL)
113 | Public Const STANDARD_RIGHTS_REQUIRED = &HF0000
114 | Public Const STANDARD_RIGHTS_ALL = &H1F0000
115 | Public Const SPECIFIC_RIGHTS_ALL = &HFFFF
116 |
117 | 'Reg Key Security Options
118 | Public Const KEY_QUERY_VALUE = &H1
119 | Public Const KEY_SET_VALUE = &H2
120 | Public Const KEY_CREATE_SUB_KEY = &H4
121 | Public Const KEY_ENUMERATE_SUB_KEYS = &H8
122 | Public Const KEY_NOTIFY = &H10
123 | Public Const KEY_CREATE_LINK = &H20
124 | Public Const KEY_READ = ((STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY) And (Not SYNCHRONIZE))
125 | Public Const KEY_WRITE = ((STANDARD_RIGHTS_WRITE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY) And (Not SYNCHRONIZE))
126 | Public Const KEY_EXECUTE = (KEY_READ)
127 | Public Const KEY_ALL_ACCESS = ((STANDARD_RIGHTS_ALL Or KEY_QUERY_VALUE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY Or KEY_CREATE_LINK) And (Not SYNCHRONIZE))
128 | 'Public Const KEY_EXECUTE = ((KEY_READ) And (Not SYNCHRONIZE))
129 |
130 | 'Registry section definitions
131 | Public Const HKEY_CLASSES_ROOT = &H80000000
132 | Public Const HKEY_CURRENT_USER = &H80000001
133 | Public Const HKEY_LOCAL_MACHINE = &H80000002
134 | Public Const HKEY_USERS = &H80000003
135 | Public Const HKEY_PERFORMANCE_DATA = &H80000004
136 | Public Const HKEY_CURRENT_CONFIG = &H80000005
137 | Public Const HKEY_DYN_DATA = &H80000006
138 |
139 | 'Codes returned by Reg API calls
140 | Public Const ERROR_SUCCESS = 0&
141 | Public Const ERROR_NONE = 0
142 | Public Const ERROR_BADDB = 1
143 | Public Const ERROR_BADKEY = 2
144 | Public Const ERROR_CANTOPEN = 3
145 | Public Const ERROR_CANTREAD = 4
146 | Public Const ERROR_CANTWRITE = 5
147 | Public Const ERROR_OUTOFMEMORY = 6
148 | Public Const ERROR_INVALID_PARAMETER = 7
149 | Public Const ERROR_ACCESS_DENIED = 8
150 | Public Const ERROR_INVALID_PARAMETERS = 87
151 | Public Const ERROR_NO_MORE_ITEMS = 259
152 |
153 | 'Wrapper for the RegDeleteKey Win32 API
154 | Public Sub RegDeleteSubKey(ByVal Group As Long, ByVal section As String)
155 | On Error GoTo RegDeleteSubKeyError
156 | Dim RC As Long, hKey As Long
157 | RC = RegOpenKeyEx(Group, vbNullChar, 0&, KEY_ALL_ACCESS, hKey)
158 | RC = RegDeleteKey(hKey, section)
159 | RC = RegCloseKey(hKey)
160 | Exit Sub
161 | RegDeleteSubKeyError:
162 | Call DisplayRegError(RC, "RegDeleteSubKey")
163 | End Sub
164 |
165 | 'Wrapper for the RegDeleteValue Win32 API
166 | Public Sub DeleteValue(ByVal Group As Long, ByVal section As String, ByVal Key As String)
167 | On Error GoTo DeleteValueError
168 | Dim RC As Long, hKey As Long
169 | RC = RegOpenKey(Group, section, hKey)
170 | RC = RegDeleteValue(hKey, Key)
171 | RC = RegCloseKey(hKey)
172 | Exit Sub
173 | DeleteValueError:
174 | Call DisplayRegError(RC, "DeleteValue")
175 | End Sub
176 |
177 | 'Wrapper for the RegOpenKeyEx and RegCloseKey Win32 API
178 | Public Function RegKeyExists(ByVal RootKey As Long, ByVal SubKey As String) As Boolean
179 | On Error GoTo RegKeyExistsError
180 | Dim RC As Long 'return code
181 | Dim hKey As Long 'key handle
182 | RC = RegOpenKeyEx(RootKey, SubKey, 0&, KEY_QUERY_VALUE, hKey)
183 | If RC = ERROR_NONE Then
184 | Call RegCloseKey(hKey)
185 | RegKeyExists = True
186 | Exit Function
187 | ElseIf RC = ERROR_BADKEY Then
188 | Call RegCloseKey(hKey)
189 | RegKeyExists = False
190 | Exit Function
191 | Else
192 | Call DisplayRegError(RC, "RegOpenKeyEx")
193 | End If
194 | Exit Function
195 | RegKeyExistsError:
196 | Call DisplayRegError(RC, "RegKeyExists")
197 | End Function
198 |
199 | 'Wrapper for the RegOpenKeyEx, RegQueryValueEx, and RegCloseKey Win32 API
200 | Public Function RegValueExists(ByVal RootKey As Long, ByVal SubKey As String, ByVal ValueName As String) As Boolean
201 | On Error GoTo RegValueExistsError
202 | If (RegKeyExists(RootKey, SubKey) = False) Then
203 | RegValueExists = False
204 | Exit Function
205 | End If
206 | Dim RC As Long 'return code
207 | Dim hKey As Long 'key handle
208 | Dim lDataTypeValue As Long
209 | Dim sValue As String
210 | Dim lValueLength As Long
211 | RC = RegOpenKeyEx(RootKey, SubKey, 0&, KEY_QUERY_VALUE, hKey)
212 | If RC = ERROR_NONE Then
213 | RC = RegQueryValueEx(hKey, ValueName, 0&, lDataTypeValue, sValue, lValueLength)
214 | If RC = ERROR_NONE Then
215 | Call RegCloseKey(hKey)
216 | RegValueExists = True
217 | Exit Function
218 | ElseIf RC = ERROR_BADKEY Then
219 | Call RegCloseKey(hKey)
220 | RegValueExists = False
221 | Exit Function
222 | Else
223 | Call DisplayRegError(RC, "RegQueryValueEx")
224 | Call RegCloseKey(hKey)
225 | Exit Function
226 | End If
227 | Call RegCloseKey(hKey)
228 | Else
229 | Call DisplayRegError(RC, "RegOpenKeyEx")
230 | Call RegCloseKey(hKey)
231 | End If
232 | Exit Function
233 | RegValueExistsError:
234 | Call DisplayRegError(RC, "RegValueExists")
235 | RegValueExists = False
236 | End Function
237 |
238 | 'Wrapper for the RegCreateKeyEx and RegSetValueEx Win32 API
239 | Public Sub WriteRegistry(ByVal Group As Long, ByVal section As String, ByVal Key As String, ByVal ValType As InTypes, ByVal Value As String)
240 | On Error GoTo WriteRegistryError
241 | Dim RC As Long
242 | Dim hKey As Long
243 | Dim lDisp As Long
244 | RC = RegCreateKeyEx(Group, section, 0&, vbNullString, 0&, KEY_ALL_ACCESS, 0&, hKey, lDisp)
245 | If RC <> 0 Then GoTo WriteRegistryError
246 | RC = RegSetValueExString(hKey, Key, 0&, REG_SZ, ByVal Value, Len(Value))
247 | If RC <> 0 Then GoTo WriteRegistryError
248 | Exit Sub
249 | WriteRegistryError:
250 | Call DisplayRegError(RC, "WriteRegistry")
251 | End Sub
252 |
253 | 'Wrapper for the RegOpenKey, RegQueryValueEx, and RegCloseKey Win32 API
254 | Public Function ReadRegistry(ByVal Group As Long, ByVal section As String, ByVal Key As String) As String
255 | On Error Resume Next
256 | Dim RC As Long, hKey As Long, lDataTypeValue As Long, lValueLength As Long, sValue As String, td As Double
257 | Dim TStr1 As String, TStr2 As String
258 | Dim i As Integer
259 | RC = RegOpenKey(Group, section, hKey)
260 | If (RC = 0) And (Err.Number = 0) Then
261 | sValue = Space$(2048)
262 | lValueLength = Len(sValue)
263 | RC = RegQueryValueEx(hKey, Key, 0&, lDataTypeValue, sValue, lValueLength)
264 | If (RC = 0) And (Err.Number = 0) Then
265 | If lDataTypeValue = REG_DWORD Then
266 | td = Asc(Mid$(sValue, 1, 1)) + &H100& * Asc(Mid$(sValue, 2, 1)) + &H10000 * Asc(Mid$(sValue, 3, 1)) + &H1000000 * CDbl(Asc(Mid$(sValue, 4, 1)))
267 | sValue = Format$(td, "000")
268 | End If
269 | If lDataTypeValue = REG_BINARY Then
270 | 'Return a binary field as a hex string (2 chars per byte)
271 | TStr2 = ""
272 | For i = 1 To lValueLength
273 | TStr1 = Hex(Asc(Mid(sValue, i, 1)))
274 | If Len(TStr1) = 1 Then TStr1 = "0" & TStr1
275 | TStr2 = TStr2 + TStr1
276 | Next
277 | sValue = TStr2
278 | Else
279 | sValue = Left$(sValue, lValueLength - 1)
280 | End If
281 | Else
282 | sValue = ""
283 | End If
284 | End If
285 | RC = RegCloseKey(hKey)
286 | ReadRegistry = sValue
287 | End Function
288 |
289 | Public Sub DisplayRegError(ByVal errNum As Integer, ByVal func As String)
290 | Select Case errNum
291 | Case 0
292 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_NONE" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
293 | Case 1
294 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_BADDB" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
295 | Case 2
296 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_BADKEY" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
297 | Case 3
298 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_CANTOPEN" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
299 | Case 4
300 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_CANTREAD" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
301 | Case 5
302 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_CANTWRITE" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
303 | Case 6
304 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_OUTOFMEMORY" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
305 | Case 7
306 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_INVALID_PARAMETER" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
307 | Case 8
308 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_ACCESS_DENIED" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
309 | Case 87
310 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_INVALID_PARAMETERS" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
311 | Case 259
312 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: ERROR_NO_MORE_ITEMS" & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
313 | Case Else
314 | MsgBox "Error Accessing the Registry." & vbNewLine & vbNewLine & "Error Number: " & errNum & vbNewLine & "Error Description: Unknown." & vbNewLine & "Calling Function: " & func, vbExclamation + vbOKOnly
315 | End Select
316 | End Sub
317 |
--------------------------------------------------------------------------------
/WriteCAP.bas:
--------------------------------------------------------------------------------
1 | Attribute VB_Name = "Write_CAP"
2 | Option Explicit
3 |
4 | Public Sub WriteCAP(filepath As String, ESSID As String, BSSID As String, STA As String, SNONCE As String, ANONCE As String, EAPOL As String, EAPOL_SIZE As String, KEY_VERSION As String, KEYMIC As String, Optional write_single As Boolean = False)
5 | On Error GoTo write_cap_error
6 |
7 | Dim obytes() As Byte
8 | Dim i As Long, j As Long, offset As Long, current_byte As Long, max_record As Long
9 | offset = 0
10 |
11 | Dim ssid_length As Long
12 | Dim eapol_length As Long
13 | Dim actual_eapol_len As Long
14 | Dim mac1 As String
15 | Dim mac2 As String
16 | Dim ANONCE_clean As String
17 | Dim EAPOL_clean As String
18 | Dim KEYMIC_clean As String
19 |
20 | ssid_length = Len(ESSID)
21 | actual_eapol_len = Len(hex_digits_only(EAPOL))
22 | If actual_eapol_len Mod 2 <> 0 Then
23 | actual_eapol_len = actual_eapol_len + 1
24 | End If
25 | eapol_length = actual_eapol_len / 2
26 | 'eapol_length = CInt(EAPOL_SIZE)
27 | mac1 = hex_digits_only(BSSID)
28 | mac2 = hex_digits_only(STA)
29 | ANONCE_clean = hex_digits_only(ANONCE)
30 | EAPOL_clean = hex_digits_only(EAPOL)
31 | KEYMIC_clean = Left$(hex_digits_only(KEYMIC) & "00000000000000000000000000000000", 32)
32 |
33 | If (num_hccap_records > 0) And (write_single = False) Then
34 | max_record = num_hccap_records - 1
35 | Dim byte_tally As Long
36 | byte_tally = 24 'Global Header = 24 bytes
37 | For j = 0 To max_record
38 | ssid_length = Len(tmp_hccap_records(j).ESSID)
39 | actual_eapol_len = Len(hex_digits_only(tmp_hccap_records(j).EAPOL))
40 | If actual_eapol_len Mod 2 <> 0 Then
41 | actual_eapol_len = actual_eapol_len + 1
42 | End If
43 | eapol_length = actual_eapol_len / 2
44 | 'eapol_length = CInt(tmp_hccap_records(j).EAPOL_SIZE)
45 | byte_tally = byte_tally + 16 'PACKET #1 HEADER Beacon Frame = 16 bytes
46 | byte_tally = byte_tally + 130 + ssid_length 'PACKET #1 DATA Beacon Frame = 130 + ssid_length bytes
47 | byte_tally = byte_tally + 16 'PACKET #2 HEADER Message 1 of 4 = 16 bytes
48 | byte_tally = byte_tally + 133 'PACKET #2 DATA Message 1 of 4 = 133 bytes
49 | byte_tally = byte_tally + 16 'PACKET #3 HEADER Message 2 of 4 = 16 bytes
50 | byte_tally = byte_tally + 34 + eapol_length 'PACKET #3 DATA Message 2 of 4 = 34 + eapol_length bytes
51 | Next
52 | ReDim obytes(0 To byte_tally - 1) As Byte
53 | Else
54 | max_record = 0
55 | ReDim obytes(0 To 369 + ssid_length + eapol_length - 1) As Byte
56 | End If
57 |
58 | '------------------------------------------------------------------------------------------------------
59 | 'GLOBAL HEADER (24 bytes)
60 | '------------------------------------------------------------------------------------------------------
61 | 'bytes 0 to 3 (magic_number) (global header) (4 bytes) (ex. D4 C3 B2 A1)
62 | 'D4 C3 B2 A1 = WinDump (winpcap) capture file (Windows) (little endian)
63 | '4D 3C B2 A1 = WinDump (winpcap) capture file (Windows) (nanosecond-resolution) (little endian)
64 | 'A1 B2 C3 D4 = tcpdump (libpcap) capture file (Linux/Unix) (big endian)
65 | 'A1 B2 3C 4D = tcpdump (libpcap) capture file (Linux/Unix) (nanosecond-resolution) (big endian)
66 | '34 CD B2 A1 = Extended tcpdump (libpcap) capture file (Linux/Unix) (big endian)
67 | 'A1 B2 CD 34 = Extended tcpdump (libpcap) capture file (Linux/Unix) (big endian)
68 | obytes(0) = 212 'D4
69 | obytes(1) = 195 'C3
70 | obytes(2) = 178 'B2
71 | obytes(3) = 161 'A1
72 |
73 | 'bytes 4 to 5 (version_major) (global header) (2 bytes) (ex. 02 00)
74 | obytes(4) = 2
75 | obytes(5) = 0
76 |
77 | 'bytes 6 to 7 (version_minor) (global header) (2 bytes) (ex. 04 00)
78 | obytes(6) = 4
79 | obytes(7) = 0
80 |
81 | 'bytes 8 to 11 (thiszone) (GMT to local correction) (global header) (4 bytes) (ex. 00 00 00 00)
82 | obytes(8) = 0
83 | obytes(9) = 0
84 | obytes(10) = 0
85 | obytes(11) = 0
86 |
87 | 'bytes 12 to 15 (sigfigs) (accuracy of timestamps) (global header) (4 bytes) (ex. 00 00 00 00)
88 | obytes(12) = 0
89 | obytes(13) = 0
90 | obytes(14) = 0
91 | obytes(15) = 0
92 |
93 | 'bytes 16 to 19 (snaplen) (max length of captured packets) (global header) (4 bytes) (ex. FF FF 00 00)
94 | obytes(16) = 255 'FF
95 | obytes(17) = 255 'FF
96 | obytes(18) = 0
97 | obytes(19) = 0
98 |
99 | 'bytes 20 to 23 (network) (Link-Layer Header Type) (global header) (4 bytes) (ex. 69 00 00 00)
100 | '69 (hex) = 105 (dec) = IEEE 802.11 wireless LAN
101 | '77 (hex) = 119 (dec) = Prism monitor mode information followed by an 802.11 header
102 | '7F (hex) = 127 (dec) = Radiotap link-layer information followed by an 802.11 header
103 | 'A3 (hex) = 163 (dec) = AVS monitor mode information followed by an 802.11 header
104 | obytes(20) = 105 'IEEE 802.11 wireless LAN
105 | obytes(21) = 0
106 | obytes(22) = 0
107 | obytes(23) = 0
108 |
109 | For j = 0 To max_record
110 | If (num_hccap_records > 0) And (write_single = False) Then
111 | ESSID = tmp_hccap_records(j).ESSID
112 | BSSID = tmp_hccap_records(j).BSSID
113 | STA = tmp_hccap_records(j).STATION_MAC
114 | SNONCE = tmp_hccap_records(j).SNONCE
115 | ANONCE = tmp_hccap_records(j).ANONCE
116 | EAPOL = tmp_hccap_records(j).EAPOL
117 | EAPOL_SIZE = tmp_hccap_records(j).EAPOL_SIZE
118 | KEY_VERSION = tmp_hccap_records(j).KEY_VERSION
119 | KEYMIC = tmp_hccap_records(j).KEY_MIC
120 | ssid_length = Len(ESSID)
121 | actual_eapol_len = Len(hex_digits_only(EAPOL))
122 | If actual_eapol_len Mod 2 <> 0 Then
123 | actual_eapol_len = actual_eapol_len + 1
124 | End If
125 | eapol_length = actual_eapol_len / 2
126 | 'eapol_length = CInt(EAPOL_SIZE)
127 | mac1 = hex_digits_only(BSSID)
128 | mac2 = hex_digits_only(STA)
129 | ANONCE_clean = hex_digits_only(ANONCE)
130 | EAPOL_clean = hex_digits_only(EAPOL)
131 | KEYMIC_clean = Left$(hex_digits_only(KEYMIC) & "00000000000000000000000000000000", 32)
132 | End If
133 |
134 | '------------------------------------------------------------------------------------------------------
135 | 'PACKET #1 HEADER - Beacon Frame (16 bytes)
136 | '------------------------------------------------------------------------------------------------------
137 | 'bytes 24 to 27 (ts_sec) (timestamp seconds) (packet header) (4 bytes) (ex. C2 F1 68 55)
138 | obytes(24 + offset) = 0
139 | obytes(25 + offset) = 0
140 | obytes(26 + offset) = 0
141 | obytes(27 + offset) = 0
142 |
143 | 'bytes 28 to 31 (ts_usec) (timestamp microseconds) (packet header) (4 bytes) (ex. 28 48 07 00)
144 | obytes(28 + offset) = 0
145 | obytes(29 + offset) = 0
146 | obytes(30 + offset) = 0
147 | obytes(31 + offset) = 0
148 |
149 | 'bytes 32 to 35 (incl_len) (saved packet length in bytes) (packet header) (4 bytes) (ex. F8 00 00 00)
150 | obytes(32 + offset) = 130 + ssid_length
151 | obytes(33 + offset) = 0
152 | obytes(34 + offset) = 0
153 | obytes(35 + offset) = 0
154 |
155 | 'bytes 36 to 39 (orig_len) (actual packet length in bytes) (packet header) (4 bytes) (ex. F8 00 00 00)
156 | obytes(36 + offset) = 130 + ssid_length
157 | obytes(37 + offset) = 0
158 | obytes(38 + offset) = 0
159 | obytes(39 + offset) = 0
160 |
161 | '------------------------------------------------------------------------------------------------------
162 | 'PACKET #1 DATA - Beacon Frame (130 + ssid_length bytes) (130 + 11 = 141)
163 | '------------------------------------------------------------------------------------------------------
164 | obytes(40 + offset) = 128 'Beacon frame
165 | obytes(41 + offset) = 0 'Flags: 0x00
166 | obytes(42 + offset) = 0 'Duration: 0 microseconds
167 | obytes(43 + offset) = 0 'Duration: 0 microseconds
168 | obytes(44 + offset) = 255 'Receiver Address (byte 1)
169 | obytes(45 + offset) = 255 'Receiver Address (byte 2)
170 | obytes(46 + offset) = 255 'Receiver Address (byte 3)
171 | obytes(47 + offset) = 255 'Receiver Address (byte 4)
172 | obytes(48 + offset) = 255 'Receiver Address (byte 5)
173 | obytes(49 + offset) = 255 'Receiver Address (byte 6)
174 |
175 | 'Trasmitter Address (BSSID) (bytes 1 to 6)
176 | For i = 50 To 55
177 | If Len(mac1) >= ((i - 50) + (i - 50) + 2) Then
178 | obytes(i + offset) = hex2dec(Mid$(mac1, (i - 50) + (i - 50) + 1, 2))
179 | End If
180 | Next
181 |
182 | 'BSSID (bytes 1 to 6)
183 | For i = 56 To 61
184 | If Len(mac1) >= ((i - 56) + (i - 56) + 2) Then
185 | obytes(i + offset) = hex2dec(Mid$(mac1, (i - 56) + (i - 56) + 1, 2))
186 | End If
187 | Next
188 |
189 | obytes(62 + offset) = 32 'Fragment Number: 0 Sequence Number: 1282
190 | obytes(63 + offset) = 80 'Fragment Number: 0 Sequence Number: 1282
191 | obytes(64 + offset) = 0 'Timestamp 0x00
192 | obytes(65 + offset) = 0 'Timestamp 0x00
193 | obytes(66 + offset) = 148 'Timestamp 0x94
194 | obytes(67 + offset) = 17 'Timestamp 0x11
195 | obytes(68 + offset) = 125 'Timestamp 0x7D
196 | obytes(69 + offset) = 0 'Timestamp 0x00
197 | obytes(70 + offset) = 0 'Timestamp 0x00
198 | obytes(71 + offset) = 0 'Timestamp 0x00
199 | obytes(72 + offset) = 100 'Beacon Interval 0x64
200 | obytes(73 + offset) = 0 'Beacon Interval 0x00
201 | obytes(74 + offset) = 17 'Capabilities Information 0x11
202 | obytes(75 + offset) = 4 'Capabilities Information 0x04
203 | obytes(76 + offset) = 0 'Tag Number: SSID Parameter Set (0)
204 |
205 | 'ESSID
206 | obytes(77 + offset) = ssid_length 'Tag Length: 11 (SSID LENGTH)
207 | current_byte = 77 + offset
208 | If (ESSID <> "") Then
209 | For i = 0 To 35
210 | If Len(ESSID) >= (i + 1) Then
211 | obytes(current_byte + 1 + i) = Asc(Mid$(ESSID, (i + 1), 1))
212 | End If
213 | Next
214 | End If
215 | current_byte = current_byte + ssid_length
216 |
217 | obytes(current_byte + 1) = 1 'Supported Rates (1)
218 | obytes(current_byte + 2) = 8 'Tag Length: 8
219 | obytes(current_byte + 3) = 130 'Supported Rates: 1(B) (0x82)
220 | obytes(current_byte + 4) = 132 'Supported Rates: 2(B) (0x84)
221 | obytes(current_byte + 5) = 139 'Supported Rates: 5.5(B) (0x8B)
222 | obytes(current_byte + 6) = 150 'Supported Rates: 11(B) (0x96)
223 | obytes(current_byte + 7) = 36 'Supported Rates: 18 (0x24)
224 | obytes(current_byte + 8) = 48 'Supported Rates: 24 (0x30)
225 | obytes(current_byte + 9) = 72 'Supported Rates: 36 (0x48)
226 | obytes(current_byte + 10) = 108 'Supported Rates: 54 (0x6C)
227 | obytes(current_byte + 11) = 3 'Tag Number: DS Parameter Set (3)
228 | obytes(current_byte + 12) = 1 'Tag length: 1
229 | obytes(current_byte + 13) = 1 'Current Channel: 1
230 | obytes(current_byte + 14) = 5 'Tag Number: Traffic Indication Map (TIM) (5)
231 | obytes(current_byte + 15) = 4 'Tag length: 4
232 | obytes(current_byte + 16) = 0 'DTIM Count: 0
233 | obytes(current_byte + 17) = 1 'DTIM Period: 1
234 | obytes(current_byte + 18) = 0 'Bitmap Control: 0x00
235 | obytes(current_byte + 19) = 0 'Partial Virtual Bitmap: 00
236 | obytes(current_byte + 20) = 42 'ERP Information (42)
237 | obytes(current_byte + 21) = 1 'Tag length: 1
238 | obytes(current_byte + 22) = 0 'ERP Information: 0x00
239 | obytes(current_byte + 23) = 47 'Tag Number: ERP Information (47)
240 | obytes(current_byte + 24) = 1 'Tag Length: 1
241 | obytes(current_byte + 25) = 0 'ERP Information: 0x00
242 | obytes(current_byte + 26) = 50 'Tag Number: Extended Supported Rates (50)
243 | obytes(current_byte + 27) = 4 'Tag Length: 4
244 | obytes(current_byte + 28) = 12 'Extended Supported Rates: 6 (0x0C)
245 | obytes(current_byte + 29) = 18 'Extended Supported Rates: 9 (0x12)
246 | obytes(current_byte + 30) = 24 'Extended Supported Rates: 12 (0x18)
247 | obytes(current_byte + 31) = 96 'Extended Supported Rates: 48 (0x60)
248 | obytes(current_byte + 32) = 221 'Tag Number: Vendor Specific (221)
249 | obytes(current_byte + 33) = 9 'Tag Length: 9
250 | obytes(current_byte + 34) = 0 'OUI: 00-10-18 (Broadcom)
251 | obytes(current_byte + 35) = 16 'OUI: 00-10-18 (Broadcom)
252 | obytes(current_byte + 36) = 24 'OUI: 00-10-18 (Broadcom)
253 | obytes(current_byte + 37) = 2 'Vendor Specific Data: 0200f0000000
254 | obytes(current_byte + 38) = 0 'Vendor Specific Data: 0200f0000000
255 | obytes(current_byte + 39) = 240 'Vendor Specific Data: 0200f0000000
256 | obytes(current_byte + 40) = 0 'Vendor Specific Data: 0200f0000000
257 | obytes(current_byte + 41) = 0 'Vendor Specific Data: 0200f0000000
258 | obytes(current_byte + 42) = 0 'Vendor Specific Data: 0200f0000000
259 | obytes(current_byte + 43) = 221 'Tag Number: Vendor Specific (221)
260 | obytes(current_byte + 44) = 22 'Tag Length: 22
261 | obytes(current_byte + 45) = 1 'OUI: 01-00-00 (00:00:00)
262 | obytes(current_byte + 46) = 0 'OUI: 01-00-00 (00:00:00)
263 | obytes(current_byte + 47) = 0 'OUI: 01-00-00 (00:00:00)
264 | obytes(current_byte + 48) = 15 'Vendor Specific Data 0x0F
265 | obytes(current_byte + 49) = 172 'Vendor Specific Data 0xAC
266 | obytes(current_byte + 50) = 4 'Vendor Specific Data 0x04
267 | obytes(current_byte + 51) = 1 'Vendor Specific Data 0x01
268 | obytes(current_byte + 52) = 0 'Vendor Specific Data 0x00
269 | obytes(current_byte + 53) = 0 'Vendor Specific Data 0x00
270 | obytes(current_byte + 54) = 15 'Vendor Specific Data 0x0F
271 | obytes(current_byte + 55) = 172 'Vendor Specific Data 0xAC
272 | obytes(current_byte + 56) = 4 'Vendor Specific Data 0x04
273 | obytes(current_byte + 57) = 1 'Vendor Specific Data 0x01
274 | obytes(current_byte + 58) = 0 'Vendor Specific Data 0x00
275 | obytes(current_byte + 59) = 0 'Vendor Specific Data 0x00
276 | obytes(current_byte + 60) = 15 'Vendor Specific Data 0x0F
277 | obytes(current_byte + 61) = 172 'Vendor Specific Data 0xAC
278 | obytes(current_byte + 62) = 2 'Vendor Specific Data 0x02
279 | obytes(current_byte + 63) = 0 'Vendor Specific Data 0x00
280 | obytes(current_byte + 64) = 0 'Vendor Specific Data 0x00
281 | obytes(current_byte + 65) = 12 'Vendor Specific Data 0x0C
282 | obytes(current_byte + 66) = 0 'Vendor Specific Data 0x00
283 | obytes(current_byte + 67) = 221 'Tag Number: Vendor Specific (221)
284 | obytes(current_byte + 68) = 24 'Tag Length: 24
285 | obytes(current_byte + 69) = 1 'OUI: 01-00-00 (00:00:00)
286 | obytes(current_byte + 70) = 0 'OUI: 01-00-00 (00:00:00)
287 | obytes(current_byte + 71) = 0 'OUI: 01-00-00 (00:00:00)
288 | obytes(current_byte + 72) = 2 'Vendor Specific Data 0x02
289 | obytes(current_byte + 73) = 1 'Vendor Specific Data 0x01
290 | obytes(current_byte + 74) = 1 'Vendor Specific Data 0x01
291 | obytes(current_byte + 75) = 128 'Vendor Specific Data 0x80
292 | obytes(current_byte + 76) = 0 'Vendor Specific Data 0x00
293 | obytes(current_byte + 77) = 3 'Vendor Specific Data 0x03
294 | obytes(current_byte + 78) = 164 'Vendor Specific Data 0xA4
295 | obytes(current_byte + 79) = 0 'Vendor Specific Data 0x00
296 | obytes(current_byte + 80) = 0 'Vendor Specific Data 0x00
297 | obytes(current_byte + 81) = 39 'Vendor Specific Data 0x27
298 | obytes(current_byte + 82) = 164 'Vendor Specific Data 0xA4
299 | obytes(current_byte + 83) = 0 'Vendor Specific Data 0x00
300 | obytes(current_byte + 84) = 0 'Vendor Specific Data 0x00
301 | obytes(current_byte + 85) = 66 'Vendor Specific Data 0x42
302 | obytes(current_byte + 86) = 67 'Vendor Specific Data 0x43
303 | obytes(current_byte + 87) = 94 'Vendor Specific Data 0x5E
304 | obytes(current_byte + 88) = 0 'Vendor Specific Data 0x00
305 | obytes(current_byte + 89) = 98 'Vendor Specific Data 0x62
306 | obytes(current_byte + 90) = 50 'Vendor Specific Data 0x32
307 | obytes(current_byte + 91) = 47 'Vendor Specific Data 0x2F
308 | obytes(current_byte + 92) = 0 'Vendor Specific Data 0x00
309 |
310 | '------------------------------------------------------------------------------------------------------
311 | 'PACKET #2 HEADER - Message 1 of 4 (16 bytes)
312 | '------------------------------------------------------------------------------------------------------
313 | 'bytes 181 to 184 (ts_sec) (timestamp seconds) (packet header) (4 bytes) (ex. C2 F1 68 55)
314 | obytes(current_byte + 93) = 0
315 | obytes(current_byte + 94) = 0
316 | obytes(current_byte + 95) = 0
317 | obytes(current_byte + 96) = 0
318 |
319 | 'bytes 185 to 188 (ts_usec) (timestamp microseconds) (packet header) (4 bytes) (ex. 28 48 07 00)
320 | obytes(current_byte + 97) = 0
321 | obytes(current_byte + 98) = 0
322 | obytes(current_byte + 99) = 0
323 | obytes(current_byte + 100) = 0
324 |
325 | 'bytes 189 to 192 (incl_len) (saved packet length in bytes) (packet header) (4 bytes) (ex. F8 00 00 00)
326 | obytes(current_byte + 101) = 133
327 | obytes(current_byte + 102) = 0
328 | obytes(current_byte + 103) = 0
329 | obytes(current_byte + 104) = 0
330 |
331 | 'bytes 193 to 196 (orig_len) (actual packet length in bytes) (packet header) (4 bytes) (ex. F8 00 00 00)
332 | obytes(current_byte + 105) = 133
333 | obytes(current_byte + 106) = 0
334 | obytes(current_byte + 107) = 0
335 | obytes(current_byte + 108) = 0
336 |
337 | '------------------------------------------------------------------------------------------------------
338 | 'PACKET #2 DATA - Message 1 of 4 (133 bytes)
339 | '------------------------------------------------------------------------------------------------------
340 | obytes(current_byte + 109) = 136 'QoS Data
341 | obytes(current_byte + 110) = 2 'Flags: 0x02
342 | obytes(current_byte + 111) = 58 'Duration: 314 microseconds
343 | obytes(current_byte + 112) = 1 'Duration: 314 microseconds
344 |
345 | current_byte = current_byte + 112
346 |
347 | 'STATION ADDRESS (bytes 1 to 6)
348 | For i = 0 To 5
349 | If Len(mac2) >= ((i - 0) + (i - 0) + 2) Then
350 | obytes(current_byte + 1 + i) = hex2dec(Mid$(mac2, (i - 0) + (i - 0) + 1, 2))
351 | End If
352 | Next
353 | current_byte = current_byte + 6
354 |
355 | 'Transmitter Address (BSSID) (bytes 1 to 6)
356 | For i = 0 To 5
357 | If Len(mac1) >= ((i - 0) + (i - 0) + 2) Then
358 | obytes(current_byte + 1 + i) = hex2dec(Mid$(mac1, (i - 0) + (i - 0) + 1, 2))
359 | End If
360 | Next
361 | current_byte = current_byte + 6
362 |
363 | 'Source Address (BSSID) (bytes 1 to 6)
364 | For i = 0 To 5
365 | If Len(mac1) >= ((i - 0) + (i - 0) + 2) Then
366 | obytes(current_byte + 1 + i) = hex2dec(Mid$(mac1, (i - 0) + (i - 0) + 1, 2))
367 | End If
368 | Next
369 | current_byte = current_byte + 7
370 |
371 | obytes(current_byte) = 0 'Fragment Number: 0
372 | obytes(current_byte + 1) = 0 'Sequence Number: 0
373 | obytes(current_byte + 2) = 0 'QoS Control: 0x0000
374 | obytes(current_byte + 3) = 0 'QoS Control: 0x0000
375 | obytes(current_byte + 4) = 170 'DSAP: SNAP (0xAA)
376 | obytes(current_byte + 5) = 170 'SSAP: SNAP (0xAA)
377 | obytes(current_byte + 6) = 3 'Control field: U, func=UI (0x03)
378 | obytes(current_byte + 7) = 0 'Organization Code: Encapsulated Ethernet (0x000000)
379 | obytes(current_byte + 8) = 0 'Organization Code: Encapsulated Ethernet (0x000000)
380 | obytes(current_byte + 9) = 0 'Organization Code: Encapsulated Ethernet (0x000000)
381 | obytes(current_byte + 10) = 136 'Type: 802.1X Authentication (0x888e)
382 | obytes(current_byte + 11) = 142 'Type: 802.1X Authentication (0x888e)
383 | obytes(current_byte + 12) = 2 'Version: 802.1X-2004 (2)
384 | obytes(current_byte + 13) = 3 'Type: Key (3)
385 | obytes(current_byte + 14) = 0 'Length: 95
386 | obytes(current_byte + 15) = 95 'Length: 95
387 | obytes(current_byte + 16) = 2 'Key Descriptor Type: EAPOL RSN Key (2)
388 |
389 | 'KEYVER (Value of 1 means WPA, else WPA2)
390 | If (Trim$(KEY_VERSION) = "1") Then 'WPA
391 | obytes(current_byte + 17) = 0 'Key Information (byte 1) 0x0089 = RC4 Cipher, HMAC-MD5 MIC (1)
392 | obytes(current_byte + 18) = 137 'Key Information (byte 2)
393 | Else 'WPA2
394 | obytes(current_byte + 17) = 0 'Key Information (byte 1) 0x008a or 0x010a = AES Cipher, HMAC-SHA1 MIC (2)
395 | obytes(current_byte + 18) = 138 'Key Information (byte 2)
396 | End If
397 |
398 | obytes(current_byte + 19) = 0 'Length: 32
399 | obytes(current_byte + 20) = 32 'Length: 32
400 | obytes(current_byte + 21) = 0 'Replay Counter: 1
401 | obytes(current_byte + 22) = 0 'Replay Counter: 1
402 | obytes(current_byte + 23) = 0 'Replay Counter: 1
403 | obytes(current_byte + 24) = 0 'Replay Counter: 1
404 | obytes(current_byte + 25) = 0 'Replay Counter: 1
405 | obytes(current_byte + 26) = 0 'Replay Counter: 1
406 | obytes(current_byte + 27) = 0 'Replay Counter: 1
407 | obytes(current_byte + 28) = 1 'Replay Counter: 1
408 |
409 | current_byte = current_byte + 28
410 |
411 | 'ANONCE (32 bytes) - random salt used for handshake by both parties
412 | For i = 0 To 31
413 | If Len(ANONCE_clean) >= ((i - 0) + (i - 0) + 2) Then
414 | obytes(current_byte + 1 + i) = hex2dec(Mid$(ANONCE_clean, (i - 0) + (i - 0) + 1, 2))
415 | End If
416 | Next
417 | current_byte = current_byte + 33
418 |
419 | obytes(current_byte) = 0 'Key IV: 00000000000000000000000000000000
420 | obytes(current_byte + 1) = 0 'Key IV: 00000000000000000000000000000000
421 | obytes(current_byte + 2) = 0 'Key IV: 00000000000000000000000000000000
422 | obytes(current_byte + 3) = 0 'Key IV: 00000000000000000000000000000000
423 | obytes(current_byte + 4) = 0 'Key IV: 00000000000000000000000000000000
424 | obytes(current_byte + 5) = 0 'Key IV: 00000000000000000000000000000000
425 | obytes(current_byte + 6) = 0 'Key IV: 00000000000000000000000000000000
426 | obytes(current_byte + 7) = 0 'Key IV: 00000000000000000000000000000000
427 | obytes(current_byte + 8) = 0 'Key IV: 00000000000000000000000000000000
428 | obytes(current_byte + 9) = 0 'Key IV: 00000000000000000000000000000000
429 | obytes(current_byte + 10) = 0 'Key IV: 00000000000000000000000000000000
430 | obytes(current_byte + 11) = 0 'Key IV: 00000000000000000000000000000000
431 | obytes(current_byte + 12) = 0 'Key IV: 00000000000000000000000000000000
432 | obytes(current_byte + 13) = 0 'Key IV: 00000000000000000000000000000000
433 | obytes(current_byte + 14) = 0 'Key IV: 00000000000000000000000000000000
434 | obytes(current_byte + 15) = 0 'Key IV: 00000000000000000000000000000000
435 | obytes(current_byte + 16) = 0 'WPA Key RSC: 0000000000000000
436 | obytes(current_byte + 17) = 0 'WPA Key RSC: 0000000000000000
437 | obytes(current_byte + 18) = 0 'WPA Key RSC: 0000000000000000
438 | obytes(current_byte + 19) = 0 'WPA Key RSC: 0000000000000000
439 | obytes(current_byte + 20) = 0 'WPA Key RSC: 0000000000000000
440 | obytes(current_byte + 21) = 0 'WPA Key RSC: 0000000000000000
441 | obytes(current_byte + 22) = 0 'WPA Key RSC: 0000000000000000
442 | obytes(current_byte + 23) = 0 'WPA Key RSC: 0000000000000000
443 | obytes(current_byte + 24) = 0 'WPA Key ID: 0000000000000000
444 | obytes(current_byte + 25) = 0 'WPA Key ID: 0000000000000000
445 | obytes(current_byte + 26) = 0 'WPA Key ID: 0000000000000000
446 | obytes(current_byte + 27) = 0 'WPA Key ID: 0000000000000000
447 | obytes(current_byte + 28) = 0 'WPA Key ID: 0000000000000000
448 | obytes(current_byte + 29) = 0 'WPA Key ID: 0000000000000000
449 | obytes(current_byte + 30) = 0 'WPA Key ID: 0000000000000000
450 | obytes(current_byte + 31) = 0 'WPA Key ID: 0000000000000000
451 | obytes(current_byte + 32) = 0 'WPA Key MIC: 00000000000000000000000000000000
452 | obytes(current_byte + 33) = 0 'WPA Key MIC: 00000000000000000000000000000000
453 | obytes(current_byte + 34) = 0 'WPA Key MIC: 00000000000000000000000000000000
454 | obytes(current_byte + 35) = 0 'WPA Key MIC: 00000000000000000000000000000000
455 | obytes(current_byte + 36) = 0 'WPA Key MIC: 00000000000000000000000000000000
456 | obytes(current_byte + 37) = 0 'WPA Key MIC: 00000000000000000000000000000000
457 | obytes(current_byte + 38) = 0 'WPA Key MIC: 00000000000000000000000000000000
458 | obytes(current_byte + 39) = 0 'WPA Key MIC: 00000000000000000000000000000000
459 | obytes(current_byte + 40) = 0 'WPA Key MIC: 00000000000000000000000000000000
460 | obytes(current_byte + 41) = 0 'WPA Key MIC: 00000000000000000000000000000000
461 | obytes(current_byte + 42) = 0 'WPA Key MIC: 00000000000000000000000000000000
462 | obytes(current_byte + 43) = 0 'WPA Key MIC: 00000000000000000000000000000000
463 | obytes(current_byte + 44) = 0 'WPA Key MIC: 00000000000000000000000000000000
464 | obytes(current_byte + 45) = 0 'WPA Key MIC: 00000000000000000000000000000000
465 | obytes(current_byte + 46) = 0 'WPA Key MIC: 00000000000000000000000000000000
466 | obytes(current_byte + 47) = 0 'WPA Key MIC: 00000000000000000000000000000000
467 | obytes(current_byte + 48) = 0 'WPA Key Data Length: 0
468 | obytes(current_byte + 49) = 0 'WPA Key Data Length: 0
469 |
470 | '------------------------------------------------------------------------------------------------------
471 | 'PACKET #3 HEADER - Message 2 of 4 (16 bytes)
472 | '------------------------------------------------------------------------------------------------------
473 | 'bytes 330 to 333 (ts_sec) (timestamp seconds) (packet header) (4 bytes) (ex. C2 F1 68 55)
474 | obytes(current_byte + 50) = 0
475 | obytes(current_byte + 51) = 0
476 | obytes(current_byte + 52) = 0
477 | obytes(current_byte + 53) = 0
478 |
479 | 'bytes 334 to 337 (ts_usec) (timestamp microseconds) (packet header) (4 bytes) (ex. 28 48 07 00)
480 | obytes(current_byte + 54) = 0
481 | obytes(current_byte + 55) = 0
482 | obytes(current_byte + 56) = 0
483 | obytes(current_byte + 57) = 0
484 |
485 | 'bytes 338 to 341 (incl_len) (saved packet length in bytes) (packet header) (4 bytes) (ex. F8 00 00 00)
486 | obytes(current_byte + 58) = 34 + eapol_length
487 | obytes(current_byte + 59) = 0
488 | obytes(current_byte + 60) = 0
489 | obytes(current_byte + 61) = 0
490 |
491 | 'bytes 342 to 345 (orig_len) (actual packet length in bytes) (packet header) (4 bytes) (ex. F8 00 00 00)
492 | obytes(current_byte + 62) = 34 + eapol_length
493 | obytes(current_byte + 63) = 0
494 | obytes(current_byte + 64) = 0
495 | obytes(current_byte + 65) = 0
496 |
497 | '------------------------------------------------------------------------------------------------------
498 | 'PACKET #3 DATA - Message 2 of 4 (34 + eapol_length bytes) (34 + 121 = 155)
499 | '------------------------------------------------------------------------------------------------------
500 | obytes(current_byte + 66) = 136 'QoS Data
501 | obytes(current_byte + 67) = 1 'Flags: 0x01
502 | obytes(current_byte + 68) = 58 'Duration: 314 microseconds
503 | obytes(current_byte + 69) = 1 'Duration: 314 microseconds
504 |
505 | current_byte = current_byte + 69
506 |
507 | 'Receiver Address (BSSID) (bytes 1 to 6)
508 | For i = 0 To 5
509 | If Len(mac1) >= ((i - 0) + (i - 0) + 2) Then
510 | obytes(current_byte + 1 + i) = hex2dec(Mid$(mac1, (i - 0) + (i - 0) + 1, 2))
511 | End If
512 | Next
513 | current_byte = current_byte + 6
514 |
515 | 'Transmitter Address (STATION ADDRESS) (bytes 1 to 6)
516 | For i = 0 To 5
517 | If Len(mac2) >= ((i - 0) + (i - 0) + 2) Then
518 | obytes(current_byte + 1 + i) = hex2dec(Mid$(mac2, (i - 0) + (i - 0) + 1, 2))
519 | End If
520 | Next
521 | current_byte = current_byte + 6
522 |
523 | 'Destination Address (BSSID) (bytes 1 to 6)
524 | For i = 0 To 5
525 | If Len(mac1) >= ((i - 0) + (i - 0) + 2) Then
526 | obytes(current_byte + 1 + i) = hex2dec(Mid$(mac1, (i - 0) + (i - 0) + 1, 2))
527 | End If
528 | Next
529 | current_byte = current_byte + 7
530 |
531 | obytes(current_byte) = 0 'Fragment Number: 0
532 | obytes(current_byte + 1) = 0 'Sequence Number: 0
533 | obytes(current_byte + 2) = 0 'QoS Control: 0x0000
534 | obytes(current_byte + 3) = 0 'QoS Control: 0x0000
535 | obytes(current_byte + 4) = 170 'DSAP: SNAP (0xaa)
536 | obytes(current_byte + 5) = 170 'SSAP: SNAP (0xaa)
537 | obytes(current_byte + 6) = 3 'Control field: U, func=UI (0x03)
538 | obytes(current_byte + 7) = 0 'Organization Code: Encapsulated Ethernet (0x000000)
539 | obytes(current_byte + 8) = 0 'Organization Code: Encapsulated Ethernet (0x000000)
540 | obytes(current_byte + 9) = 0 'Organization Code: Encapsulated Ethernet (0x000000)
541 | obytes(current_byte + 10) = 136 '802.1X Authentication (0x888e)
542 | obytes(current_byte + 11) = 142 '802.1X Authentication (0x888e)
543 |
544 | current_byte = current_byte + 11
545 |
546 | 'EAPOL (bytes 1 to 256)
547 | For i = 0 To 255
548 | If (i >= 81) And (i < 97) Then 'fill in keymic
549 | If Len(KEYMIC_clean) >= ((i - 81) + (i - 81) + 2) Then
550 | obytes(current_byte + 1 + i) = hex2dec(Mid$(KEYMIC_clean, (i - 81) + (i - 81) + 1, 2))
551 | End If
552 | Else 'EAPOL
553 | If Len(EAPOL_clean) >= ((i - 0) + (i - 0) + 2) Then
554 | obytes(current_byte + 1 + i) = hex2dec(Mid$(EAPOL_clean, (i - 0) + (i - 0) + 1, 2))
555 | End If
556 | End If
557 | Next
558 |
559 | 'PACKET #1 HEADER - Beacon Frame (16 bytes)
560 | 'PACKET #1 DATA - Beacon Frame (130 + ssid_length bytes)
561 | 'PACKET #2 HEADER - Message 1 of 4 (16 bytes)
562 | 'PACKET #2 DATA - Message 1 of 4 (133 bytes)
563 | 'PACKET #3 HEADER - Message 2 of 4 (16 bytes)
564 | 'PACKET #3 DATA - Message 2 of 4 (34 + eapol_length bytes)
565 | offset = offset + 16 + 130 + ssid_length + 16 + 133 + 16 + 34 + eapol_length
566 |
567 | Next
568 |
569 | 'write byte array to file
570 | If is_file(filepath) Then
571 | Kill filepath
572 | End If
573 | Dim iFile As Integer
574 | iFile = FreeFile
575 | Open filepath For Binary Access Write As #iFile
576 | Put #iFile, 1, obytes
577 | Close #iFile
578 |
579 | Exit Sub
580 | write_cap_error:
581 | MsgBox "The following error occured: " & vbNewLine & "Error # " & Err.Number & vbNewLine & Err.Description, vbCritical, "Error"
582 | End Sub
583 |
--------------------------------------------------------------------------------
/WriteHCCAP.bas:
--------------------------------------------------------------------------------
1 | Attribute VB_Name = "Write_HCCAP"
2 | Option Explicit
3 |
4 | Public Sub WriteHCCAP(filepath As String, ESSID As String, BSSID As String, STA As String, SNONCE As String, ANONCE As String, EAPOL As String, EAPOL_SIZE As String, KEY_VERSION As String, KEYMIC As String, Optional write_single As Boolean = False)
5 | On Error GoTo write_hccap_error
6 |
7 | Dim obytes() As Byte
8 | Dim i As Long, j As Long, offset As Long, max_record As Long
9 | offset = 0
10 |
11 | If (num_hccap_records > 0) And (write_single = False) Then
12 | ReDim obytes(0 To (num_hccap_records * 392) - 1) As Byte
13 | max_record = num_hccap_records - 1
14 | Else
15 | ReDim obytes(0 To 391) As Byte
16 | max_record = 0
17 | End If
18 |
19 | For j = 0 To max_record
20 |
21 | If (num_hccap_records > 0) And (write_single = False) Then
22 | ESSID = tmp_hccap_records(j).ESSID
23 | BSSID = tmp_hccap_records(j).BSSID
24 | STA = tmp_hccap_records(j).STATION_MAC
25 | SNONCE = tmp_hccap_records(j).SNONCE
26 | ANONCE = tmp_hccap_records(j).ANONCE
27 | EAPOL = tmp_hccap_records(j).EAPOL
28 | EAPOL_SIZE = tmp_hccap_records(j).EAPOL_SIZE
29 | KEY_VERSION = tmp_hccap_records(j).KEY_VERSION
30 | KEYMIC = tmp_hccap_records(j).KEY_MIC
31 | End If
32 |
33 | 'bytes 0 to 35 = essid (36 bytes) - the essid (name) of the access point
34 | If (ESSID <> "") Then
35 | For i = 0 To 35
36 | If Len(ESSID) >= (i + 1) Then
37 | obytes(i + offset) = Asc(Mid$(ESSID, (i + 1), 1))
38 | End If
39 | Next
40 | End If
41 |
42 | 'bytes 36 to 41 = mac1 (6 bytes) - the bssid (MAC) of the access point
43 | If (BSSID <> "") Then
44 | Dim mac1 As String
45 | mac1 = hex_digits_only(BSSID)
46 | For i = 36 To 41
47 | If Len(mac1) >= ((i - 36) + (i - 36) + 2) Then
48 | obytes(i + offset) = hex2dec(Mid$(mac1, (i - 36) + (i - 36) + 1, 2))
49 | End If
50 | Next
51 | End If
52 |
53 | 'bytes 42 to 47 = mac2 (6 bytes) - the MAC address of a client connecting to the access point
54 | If (STA <> "") Then
55 | Dim mac2 As String
56 | mac2 = hex_digits_only(STA)
57 | For i = 42 To 47
58 | If Len(mac2) >= ((i - 42) + (i - 42) + 2) Then
59 | obytes(i + offset) = hex2dec(Mid$(mac2, (i - 42) + (i - 42) + 1, 2))
60 | End If
61 | Next
62 | End If
63 |
64 | 'bytes 48 to 79 = snonce (32 bytes) - random salt used for handshake by both parties
65 | If (SNONCE <> "") Then
66 | Dim SNONCE_clean As String
67 | SNONCE_clean = hex_digits_only(SNONCE)
68 | For i = 48 To 79
69 | If Len(SNONCE_clean) >= ((i - 48) + (i - 48) + 2) Then
70 | obytes(i + offset) = hex2dec(Mid$(SNONCE_clean, (i - 48) + (i - 48) + 1, 2))
71 | End If
72 | Next
73 | End If
74 |
75 | 'bytes 80 to 111 = anonce (32 bytes) - random salt used for handshake by both parties
76 | If (ANONCE <> "") Then
77 | Dim ANONCE_clean As String
78 | ANONCE_clean = hex_digits_only(ANONCE)
79 | For i = 80 To 111
80 | If Len(ANONCE_clean) >= ((i - 80) + (i - 80) + 2) Then
81 | obytes(i + offset) = hex2dec(Mid$(ANONCE_clean, (i - 80) + (i - 80) + 1, 2))
82 | End If
83 | Next
84 | End If
85 |
86 | 'bytes 112 to 367 = eapol (256 bytes) - EAPOL
87 | If (EAPOL <> "") Then
88 | Dim EAPOL_clean As String
89 | EAPOL_clean = hex_digits_only(EAPOL)
90 | For i = 112 To 367
91 | If Len(EAPOL_clean) >= ((i - 112) + (i - 112) + 2) Then
92 | obytes(i + offset) = hex2dec(Mid$(EAPOL_clean, (i - 112) + (i - 112) + 1, 2))
93 | End If
94 | Next
95 | End If
96 |
97 | 'bytes 368 to 371 = eapol_size (4 bytes) - size of eapol
98 | If (EAPOL_SIZE <> "") Then
99 | obytes(368 + offset) = CInt(EAPOL_SIZE) And &HFF&
100 | obytes(369 + offset) = (CInt(EAPOL_SIZE) And &HFF00&) / 256
101 | End If
102 |
103 | 'bytes 372 to 375 = keyver (4 bytes) - the flag used to distinguish WPA from WPA2 ciphers. Value of 1 means WPA, other - WPA2
104 | If (KEY_VERSION <> "") Then
105 | obytes(372 + offset) = IIf(KEY_VERSION = "1", 1, 2)
106 | End If
107 |
108 | 'bytes 376 to 391 = keymic (16 bytes) - the final hash value. MD5 for WPA and SHA-1 for WPA2 (truncated to 128 bit)
109 | If (KEYMIC <> "") Then
110 | Dim KEYMIC_clean As String
111 | KEYMIC_clean = hex_digits_only(KEYMIC)
112 | For i = 376 To 391
113 | If Len(KEYMIC_clean) >= ((i - 376) + (i - 376) + 2) Then
114 | obytes(i + offset) = hex2dec(Mid$(KEYMIC_clean, (i - 376) + (i - 376) + 1, 2))
115 | End If
116 | Next
117 | End If
118 |
119 | offset = offset + 392 'move to next record
120 | Next
121 |
122 | 'write byte array to file
123 | If is_file(filepath) Then
124 | Kill filepath
125 | End If
126 | Dim iFile As Integer
127 | iFile = FreeFile
128 | Open filepath For Binary Access Write As #iFile
129 | Put #iFile, 1, obytes
130 | Close #iFile
131 |
132 | Exit Sub
133 | write_hccap_error:
134 | MsgBox "The following error occured: " & vbNewLine & "Error # " & Err.Number & vbNewLine & Err.Description, vbCritical, "Error"
135 | End Sub
136 |
--------------------------------------------------------------------------------
/dlls.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wpatoolkit/Cap-Converter/61dfcf4d980c61e6ed869aac7840b86e142d29bf/dlls.zip
--------------------------------------------------------------------------------
/manifest.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wpatoolkit/Cap-Converter/61dfcf4d980c61e6ed869aac7840b86e142d29bf/manifest.res
--------------------------------------------------------------------------------
/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wpatoolkit/Cap-Converter/61dfcf4d980c61e6ed869aac7840b86e142d29bf/screenshot.png
--------------------------------------------------------------------------------
/vgafix.fon:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wpatoolkit/Cap-Converter/61dfcf4d980c61e6ed869aac7840b86e142d29bf/vgafix.fon
--------------------------------------------------------------------------------