Home > Products > Network passwords > Wireless Password Recovery > Screenshots > Reading hashes > Network dump files
Loading WPA-PSK hashes from network dump files
11.12.2018
Office password recovery tools
Support for new devices, some speedup when recovering MS Office 2013-2019 passwords using AMD GPUs, bugs fixups
06.12.2018
Windows Password Recovery 11.6
Support for new GPU devices, GPU health monitor, LM password recovery speedup
27.11.2018
Reset Windows Password v9.0.1
Enhanced support for newer browsers when recovering internet passwords
26.11.2018
Wireless Password Recovery v5.0.2
Minor improvements and bug fixes

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Wireless Password Recovery - loading WPA hashes from network dump files


Loading WPA hashes from dump files

Finally, you can load WPA-PSK hashes to project by importing them from other applications or from network traffic dumps. The following formats are supported:

  • TCPDUMP (*.cap, *.pcap, *.tcpdump, *.txt, *.rar, *.zip) - de-facto standard among packet sniffers, designed for intercepting, parsing and storing TCP IP and other packets sent over the network. The following popular solutions can export network packets to TCPDUMP file: airodump-ng, CommView for Wi-Fi, OmniPeek, Sniffer Global, Wireless Snif, Wireshark, etc. Network packets to be loaded must contain authentication data (authentication handshake) between access point and client. RAR and ZIP packed dumps are supported as well.
  • Tamosoft CommView dump file (*.ncf) - this file format is used by CommView for Wi-Fi.
  • WPA-PSK PMK hash files by InsidePro (*.txt). This format is similar to a PWDUMP-like text file and is used in InsidePro. It may have problems with some SSID names.
  • Elcomsoft EWSA project files (*.wkp). This format is used by Elcomsoft Wireless Security Auditor.
  • WPA-PSK hashes in the HashCat (*.hccap, *.hccapx) format are used in Hashcat.
  • WPA-PSK textual dumps in John the Ripper format.
  • WIFIPR export files (*.wifiprdump). This text container is a native format of the Wireless Password Recovery and is used for exporting and importing WPA-PSK hashes. Properly handles non-standard SSID names.
  • Textual files with PMKID - files in hashcat format that holds PMKID entries.
TCPDUMP and CommView dumps have also support for PMKID in addition to regular handshakes.

Additionally, the program has a couple of options (available for some formats only) for more accurate load:
  1. Skip duplicate handshakes, if any.  If set, the option guarantees to load only unique handshakes in a file scope. Duplicate items will be ignored. It is recommended for this option to be set on always.
  2. Load all possible handshake combination. Sometimes it is very difficult to extract valid handshakes out of a capture file, especially when the WPA-PSK 4-way handshake is suppressed by and massively alternate with deauthentication packets or when the source file is broken. Unfortunately, there's no way to determine whether a handshake is valid or not. When this option is set, the program guaranteed extracts at least one valid handshake, if one exists. The backside of this option is that hundreds or even thousands trash handshakes might be generated along with valid items. Thus, it is highly recommended to use it in conjunction with multimode (simultaneous recovery all handshakes with the same SSID) only.
 
Upon importing hashes, the program automatically launches the Preliminary recovery on the first valid hash. This action is optional and can be disabled in the general settings. The default state is enabled.