+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Crack WPA2 (.hc22000 file) with list not completing (/thread-10496.html)
Crack WPA2 (.hc22000 file) with list not completing - Joe_Baker - 12-02-2021
I have a WPA2 hash file .hc22000 (so mode 22000) but when I try to find the password located in a small list of 5 words it just keeps running but doesn't complete it. I let the command run for an hour before closing it, it kept loading on "Initializing backend runtime for device #1. Please be patient...". I'm using the command:
"hashcat -a 0 -m 22000 hashfile.hc22000 wordlist.txt". Does someone have experience with these .hc22000 files or maybe something wrong with my command?
The hash looks like following:
"WPA*02*<bunch of letters and numbers with a * from time to time>*02"
Text file looks like following:
"
RandomWord
anotherRandomWord
password
notMyPassword
another
"
The command is running when I'm in the folder of hashcat (hashcat-6.2.5) and the files used are located in this folder as well. I get no error codes except "nvmlDeviceGetFanSpeed(): Not Supported" but this shouldn't be an issue from what I've read.
I'm using a i7-9750h and RTX2060 so you would expect that it wouldn't take that long to get a hash from a 5 word long list (let alone a huge list like rockyou).
P.S. I'm new to hashcat so it's possible I'm missing some obvious steps.
RE: Crack WPA2 (.hc22000 file) with list not completing - v71221 - 12-08-2021
Try to play with -D option.
At first, to show info about detected backend devices, run
hashcat.exe -IThen choose your device.
In my case
-D 1 means use CPU, works!
-D 2 means use GPU, doesn't work, Device #2: Not enough allocatable device memory for this attack.
For simplicity, you can enter the hash and password directly into the command line.
hashcat.exe -D 1 -a 3 -m 22000 "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***" "hashcat!"It takes about 16 minutes in my case and it works. Status: Cracked
This is an example hash you can find here:
https://hashcat.net/wiki/doku.php?id=example_hashes
or just
hashcat.exe -m 22000 --example-hashesBy the way, I'm also new to hashcat.
I'm using Windows and a 10-year-old laptop with an Intel Celeron CPU and an Intel GPU.
I was not able to use hashcat on Linux. Every time I got an "illegal hardware instruction" error.
Now the fun part.
pmkid-hash (format .hc22000) from real dump (captured by hcxdumptool) is not cracked. Status: Exhausted
eapol-hash (format .hc22000) from the same real dump is cracked. Status: Cracked
So far I have not been able to crack pmkid.
I tried wordlist attack, brute-force attack, different dumpfiles, however result is the same. Status: Exhausted
I can crack eapol-hash, but something wrong with pmkid-hash. May be the main reason is my weak hardware.
Please answer what status you saw when you ran the commands below on your hardware. Cracked or Exhausted ?
hashcat.exe -D 1 -a 3 -m 22000 "WPA*01*f8dc238fb156874627b5ff251b8ab53c*020000000001*020000000020*61703031***" "12345678"
hashcat.exe -D 1 -a 3 -m 22000 "WPA*02*6ec572e97e2ede5a6099bf964fa880fd*020000000001*020000000020*61703031*013ebd2420f2dedcfb7ad5cf967c902c5f40031574352a492e809b58b0e74e4a*0103007502010a00000000000000000000f97e365fcdcfcf2ccb91fa35c25c345eaf34b638c15926eb43a1cc78876d7c86000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac023c00*02" "12345678"Explanation of the hc22000 hash line you can find here
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Please read this post as an example of troubleshooting of dictionary attack.
https://hashcat.net/forum/thread-8602.html
RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-08-2021
Now the fun part.
pmkid-hash (format .hc22000) from real dump (captured by hcxdumptool) is not cracked. Status: Exhausted
eapol-hash (format .hc22000) from the same real dump is cracked. Status: Cracked
Indeed funny, but related to 802.11 attack mode and conversion mode:
PMKID retrieved from ACCESS POINT.
EAPOL MESSAGE PAIR retrieved from CLIENT M2.
It the CLIENT is authorized, the PSK should be the same on both. If not, you'll get two different PSKs. The same will happen if the PSK is changed during capturing time.
(BTW: both MACs look very synthetic - which let me assume that you're running a test environment)
By default hcxdumptool/hcxlabtool attack both (AP and CLIENT) and hcxpcapngtool convert everything.
All tools are analysis tools and it is mandatory that you know what you are doing (choosing the attack vector, converting the hash, selecting the desired hash to feed hashcat). Otherwise the result will be completely unexpected.
RE: Crack WPA2 (.hc22000 file) with list not completing - v71221 - 12-08-2021
@ZerBea
Thank you for your prompt reply. Yes, I am a newcomer, diligently studying hcxdumptool/hcxtools and using a test environment. Three notebooks with wifi-adapters, 1st with Linux and hcxdumptool/hcxtools, 2nd with Windows as wifi access point, and 3rd with Windows as client. For clarity and readability I changed MACs on AP and CLIENT.
AP is created by these commands on Windows 7
netsh wlan set hostednetwork mode=allow ssid=ap01 key=12345678 keyUsage=temporary
netsh wlan start hostednetworkI ran this command to capture AP-CLIENT session.
$ sudo hcxdumptool -i wlan0 -o dump.pcapng --silent --enable_status=127 -c 1I used silent "passive" mode because client hung if I ran hcxdumptool in "active" mode.
Could you kindly provide me with "proper" syntax of hcxdumptool options if I'm targeting PMKID only.
By the way, I noticed that
hcxhash2cap with option "--pmkid=" gives an error "reading hash line 1 failed".
hcxhash2cap with option "--pmkid-eapol=" works fine.
Input file in both cases is the same one-line-file pmkid.22000
$ hcxhash2cap --pmkid=pmkid.22000 -c test.cap
reading hash line 1 failed: WPA*01*f8dc238fb156874627b5ff251b8ab53c*020000000001*020000000020*61703031***
$ hcxhash2cap --pmkid-eapol=pmkid.22000 -c test2.cap
PMKIDs/EAPOL messages written to capfile(s): 1 (0 skipped)RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-08-2021
--pmkid option is for old 16800 hash lines. It will give an ERROR on hc22000 files.
By latest commit:
https://github.com/ZerBea/hcxtools/commit/9e118e11672cd8c3933d2fb194372f342a6f71ad
I added an additional information to --help:
May It Be Voces8 Sheet Music High Quality -
Title: May It Be (Voces8) Sheet Music High Quality: A Choral Masterpiece
Introduction: In the world of choral music, few groups have made as significant an impact as Voces8. This British a cappella octet has been mesmerizing audiences with their lush harmonies and innovative arrangements for over a decade. One of their most beloved performances is their rendition of Enya's "May It Be," a hauntingly beautiful song that showcases the group's vocal range and emotional depth. For those looking to recreate this magic, high-quality sheet music is essential. In this article, we'll explore the world of "May It Be (Voces8) sheet music high quality" and provide insights into finding the best arrangements for your choir.
The Story Behind the Song: "May It Be" was originally written by Enya, Nicky Ryan, and Roma Ryan for the 2001 film "The Lord of the Rings: The Fellowship of the Ring." The song's ethereal quality and poignant lyrics made it an instant classic, and Voces8's arrangement has taken it to new heights. Their performance features intricate vocal harmonies, subtle dynamic shifts, and a sense of longing that resonates deeply with listeners.
Why High-Quality Sheet Music Matters: When it comes to performing a complex piece like "May It Be," having access to high-quality sheet music is crucial. Here are just a few reasons why:
- Accuracy: Professional sheet music ensures that you're singing the correct notes, rhythms, and harmonies, giving your performance an authentic feel.
- Clarity: Well-designed sheet music makes it easy to navigate the arrangement, reducing confusion and mistakes during rehearsals and performances.
- Expression: High-quality sheet music often includes nuanced dynamic markings, articulation, and phrasing suggestions, allowing your choir to bring out the emotional depth of the piece.
Finding the Best Sheet Music: So, where can you find high-quality sheet music for "May It Be (Voces8)"? Here are some options:
- Official Voces8 Website: The group's official website often features sheet music and scores for their arrangements, including "May It Be." Be sure to check for availability and licensing information.
- Music Publishers: Companies like Oxford University Press, Hal Leonard, and Musician's Friend often publish sheet music for popular choral arrangements, including Voces8's.
- Online Marketplaces: Websites like Sheet Music Plus, JW Pepper, and Musicnotes offer a wide range of sheet music arrangements, including "May It Be (Voces8)." Be sure to read reviews and check the seller's ratings before making a purchase.
Tips for Performing "May It Be (Voces8)": To get the most out of your performance, consider the following tips: may it be voces8 sheet music high quality
- Rehearse with a metronome: Voces8's arrangement features complex rhythms and timing changes. Using a metronome can help your choir stay on track.
- Focus on blend and balance: The key to Voces8's signature sound is their blend and balance. Make sure each section is singing with a unified tone and dynamic.
- Experiment with expression: Don't be afraid to add your own interpretation to the piece. Experiment with different dynamics, phrasing, and articulations to find a unique voice.
Conclusion: "May It Be (Voces8)" is a choral masterpiece that continues to inspire and captivate audiences worldwide. With high-quality sheet music, your choir can recreate the magic of Voces8's arrangement and bring this beautiful song to life. Whether you're a seasoned choral director or a music enthusiast, we hope this article has provided valuable insights into finding and performing "May It Be (Voces8)" with excellence.
The VOCES8 arrangement of Enya's "May It Be" from The Lord of the Rings: The Fellowship of the Ring was crafted by Matt Sheeran
. Known for its ethereal, eight-part harmony, this specific version appears on their 2019 album, Enchanted Isle. Sheet Music Availability
While the exact Matt Sheeran arrangement is highly sought after, it is not always widely available as a standalone digital download in the same way as their standard repertoire.
Official VOCES8 Library: You can browse the group's official sheet music collection at the VOCES8 Sheet Music Shop . Title: May It Be (Voces8) Sheet Music High
Transcriptions: High-quality transcriptions that aim to replicate the VOCES8 version, such as the one by Pacis Eusebe Ndoli Ndahiro, can be found on Musicnotes .
Choral Alternatives: The most common high-quality choral version used by many ensembles is the Mark Brymer arrangement available at Hal Leonard or J.W. Pepper . ⭐️ Key Features of the VOCES8 Style
Here’s a useful, high-quality resource guide for finding “May It Be” (Enya) arranged by Voces8 – specifically legal, reliable sheet music sources with the best possible print quality.
1. Executive Summary
This report investigates the availability, quality, and performance requirements of the sheet music for "May It Be" as performed or arranged by the world-renowned vocal ensemble VOCES8. The song, originally by Enya and featured in The Lord of the Rings: The Fellowship of the Ring, is a highly sought-after piece for choral and a cappella groups. This report outlines the official avenues for acquiring the music and analyzes the "high quality" aspects of the score.
2. Background
- The Song: "May It Be" is a Grammy-nominated song composed by Howard Shore and Enya. It features a blend of English and Quenya (Elvish) lyrics. Its ethereal atmosphere makes it ideal for a cappella interpretation.
- The Ensemble: VOCES8 is a leading British vocal ensemble known for their precision, blend, and diverse repertoire. Their rendition of "May It Be" is celebrated for its sensitive arrangement and purity of tone.
Performance tips inspired by Voces8
- Focus on blend before balance: Aim for a homogeneous choral color; then adjust dynamic balance so the melody floats organically.
- Practice small intervals slowly: Some close suspensions and cluster-like harmonies benefit from slow practice with drones or piano to secure tuning.
- Cultivate legato and breath control: Long lines require even airflow and coordinated vowel shaping across sections.
- Use room acoustics: In reverberant spaces, widen vowels slightly and shorten release times; in dry rooms, use tasteful reverbs or let lines carry with a bit more sustain.
1. The Arrangement: Sophisticated Simplicity
The defining feature of high-quality sheet music is the arrangement itself. The VOCES8 version (often attributed to the group's founders, Paul and Barnaby Smith, or their in-house arrangers) understands that the power of the song lies in its Celtic mystery. Finding the Best Sheet Music: So, where can
- Texture vs. Silence: Unlike amateur arrangements that fill every measure with sound, this sheet music utilizes space. The arrangement features transparent textures where the melody (often sung by a solo soprano or the unison upper voices) floats over a sustained, humming foundation.
- Celtic Nuance: The written score captures the idiom of the original Enya recording. It includes specific performance notes on how to handle the rhythmic liberties—the "lilt" required to make the phrasing sound authentic rather than rigid.
2. JW Pepper (The Choir Director’s Choice)
JW Pepper is the industry standard for choral directors. They specialize in educational and ensemble music.
- Format: Physical shipped copy (octavo) or "ePrint" (digital).
- Quality: Flawless. JW Pepper scans directly from the publisher’s engraving files.
- Best for: Directors who want a physical, bound copy to lay on the piano rack.
- Search Tip: Search "May It Be - VOCES8 / Edition Peters" not just the title.
2. JW Pepper (Best for U.S. Choirs)
JW Pepper is the leading retailer for choral sheet music in North America. They stock the VOCES8 arrangement with options for:
- Single copy (for the conductor/pianist).
- Octavo packs (for 10+ singers at a discounted rate).
- ePrint (instant high-quality PDF). Their search algorithm is excellent; simply type "May It Be VOCES8" and filter by "In Stock & Ready."
Why VOCES8’s Arrangement is the Gold Standard
Before diving into where to buy the sheet music, it is critical to understand why the VOCES8 arrangement is the version you want.
VOCES8 is a British vocal ensemble renowned for their flawless blend, precision, and innovative harmonies. Their arrangement of "May It Be" (published by Edition Peters) is not just a transcription of Enya’s melody. It is a reimagining:
- Harmonic Depth: VOCES8 introduces suspensions and false relations that create a "celestial" tension, mirroring the journey through Middle-earth.
- Voice Leading: Unlike piano-reduction pop arrangements, VOCES8 writes idiomatically for the voice. Each part (Soprano, Alto, Tenor, Bass) is singable, memorable, and rewarding.
- The Climax: The arrangement builds masterfully to the word "Mornië" (darkness), using dynamic swells that require professional control.
If you have a high-quality PDF, you will see explicit dynamic markings (p, pp, f, cresc.) and phrasing slurs that are often missing in inferior "free" versions.
If you use --silent, hcxdumptool will become a simple dump tool like tshark, Wireshark, tcpdump. PMKIDs are not requested and a possible packet loss has to be expected.
To request PMKIDs only:
$ sudo hcxdumptool -i INTERFACE -o dump.pcapng --disable_client_attacks --disable_deauthentication --enable_status=95
For sure, some attack modes are extreme aggressive (as hell). They prevent that a CLIENT is able to connect to a NETWORK or they will let a CLIENT crash completely.
BTW:
I'm interested in a dump file from netsh hostednetwork. Can you please add a pcapng file from:
netsh wlan set hostednetwork mode=allow ssid=ap01 key=12345678 keyUsage=temporary
Usually the PMKID and the MIC should be calculated using the same PMK. It looks like this is not the case on netsh, which could be a bug inside of this tool.
From what I read here:
https://stackoverflow.com/questions/23168152/use-netsh-wlan-set-hostednetwork-to-create-a-wifi-hotspot-and-the-authenti
only this types are supported by netsh:
Radio types supported : 802.11n 802.11g 802.11b
By default, PMKID caching is not activated.
RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-08-2021
Great. The dump files are very appreciated.
I'll take a look at them.
Thanks.
RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-08-2021
I have finished the analysis.
The PMKID calculated by netsh is wrong!
Looks like Windows has a problem with PMKIDs (not only on WPA2 Enterprise) since Windows 7:
https://social.technet.microsoft.com/Forums/windows/en-US/c200b4c0-91af-42e9-863b-2b77451a5613/windows-7-not-sending-the-correct-pmkid
Calculated PMKID by netsh (in WPA KEY DATA field packet 29 file 1, packet 27 file 2):
f8dc238fb156874627b5ff251b8ab53c
Calculated PMKID by function:
ca5396d611cf330aebefd48ebbfb0e63
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)Corrected hash line to reproduce that hashcat will not fail:
WPA*01*ca5396d611cf330aebefd48ebbfb0e63*020000000001*020000000020*61703031***To answer your questions:
1. It doesn't matter if you capture PMKIDROGUE or PMKID. Both are suitable for PMKID-attacks.
correct
PMKIDROGUE = PMKID requested by hcxdumptool
PMKID = PMKID captured after CLIENT request
2. In my case, pmkid-hash was not cracked (Status: Exhausted), probably due to a bug.
correct, because netsh calculated a wrong PMKID!!!
Now I have to find a way to detect this garbage.
RE: Crack WPA2 (.hc22000 file) with list not completing - v71221 - 12-09-2021
@ZerBea
I think we should start another thread called "PMKID Attack, Best Practices, Miscellaneous".
In the meantime, could you advise something to the author of the current thread (Joe_Baker) based on your experience?
For educational purposes, it is desirable to calculate PMK and PMKID manually.
I found this link http://jorisvr.nl/wpapsk.html
Could you please share your method. Perhaps you have written your own utility.
Such a utility along with the source code would be a great help for newbies like me.
RE: Crack WPA2 (.hc22000 file) with list not completing - ZerBea - 12-09-2021
"In the meantime, could you advise something to the author of the current thread (Joe_Baker) based on your experience?"
To gain the necessary basic knowledge, hashcat FAQ are very helpful:
https://hashcat.net/wiki/doku.php?id=fre...s#overview
I couldn't explain it better than what is described in this general guide.
BTW:
It makes it very difficult to give an advice, because of missing information about the OS, version of NVIDA driver and version of CUDA SDK.
There is no need to open a new thread, because nearly everything is already explained.
Since Atom persuaded me to publish hcxtools (nearly the same time when hashcat went open source) I started a thread:
https://hashcat.net/forum/thread-6661.html
It describe how to use hcxtools and how to build a WiFi analysis environment.
Another thread followed after we (again thanks to Atom and RealEnder) discovered the PMKID attack:
https://hashcat.net/forum/thread-7717.html
A WPA1/2 basic tutorial is here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Inside this threads are several links to get more background information about the functions "behind the scenes".
My advice is to read this basics and to play around with the examples mentioned above and here:
https://hashcat.net/wiki/doku.php?id=example_hashes
My second advice is to learn and understand Linux step by step:
https://wiki.archlinux.org/title/Installation_guide
BTW:
A successful installation of K A L I by graphical installer is far away from learning and understanding Linux.
That include openssl crypto:
https://www.openssl.org/docs/man3.0/man7/crypto.html
because it provide all functions to calculate and verify PMKs and PMKIDs.
"Perhaps you have written your own utility."
To find out how a PMK is calculated, please take a look at the source code of wlangenpmk (CPU based):
https://github.com/ZerBea/hcxkeys
$ wlangenpmk -e ap01 -p 12345678
essid (networkname)....: ap01
password...............: 12345678
plainmasterkey (SHA1)..: 5577866bc5e9778a3ca3d8730e97f258e2a9ae2afd95bbd63c4f383275c8ba93or wlangenpmkocl (OpenCL based):
$ wlangenpmkocl -e ap01 -p 12345678
using: NVIDIA GeForce GTX 1080 Ti
essid (networkname)....: ap01
password...............: 12345678
plainmasterkey (SHA1)..: 5577866bc5e9778a3ca3d8730e97f258e2a9ae2afd95bbd63c4f383275c8ba93There are similar functions (CPU based) in hcxpcapngtool, hcxhashtool and hcxpmkidtool as well as in hcxdumptool.
RE: Crack WPA2 (.hc22000 file) with list not completing - v71221 - 12-11-2021
@ZerBea
Great! Thanks!
In the meantime, I discovered that the freshly installed Windows 11 Enterprise no longer sends PMKID (in contrast to Windows 7 Enterprise). At least by default. Please see the attachment. If you need dumps, please let me know.
Could you please explain what "2412/1" means in the log of hcxdumptool (v6.2.5).
For example, line like this
22:09:57 2412/1 0015999e54c4 000bf4ad5332 TEST_AP [ROGUE PROBERESPONSE]What's the point of specifying [ROGUE PROBERESPONSE] in the log if hcxdumptool works with the --silent option
From my newcomer point of view, it makes more sense to specify [PROBEREQUEST] instead.