Skip to content

Docs License

WiFi Cracking

Complete technical reference for WPA/WPA2 PSK security analysis.

Covers the full pipeline from IEEE 802.11i protocol internals to practical hash extraction and cracking. Built from primary sources: IEEE specs, hashcat/hcxtools source code, and hands-on testing against real captures.

Sections

  • Protocol -- WPA key hierarchy, 4-way handshake, all PSK variants (AKM 2/4/6)
  • Attacks -- PMKID and EAPOL attack vectors, the 12-to-6-to-3 hash collapse, N#E# message pair naming
  • Algorithms -- Step-by-step math for PBKDF2, PRF, KDF, FT-PSK key derivation chain
  • Reference -- Hash line formats, EAPOL frame structure, capture requirements, tool gap analysis
  • Tools -- hcxpcapngtool options, hashcat modes, salt grouping, cracking workflow
  • Cheat Sheet -- Quick reference for capture, convert, and crack

Single-file version

The full guide is also available as a single markdown file: WPA_PSK_CRACKING_GUIDE.md

Disclaimer

This material is intended for authorized security testing, research, and education only. You must have explicit written permission from the network owner before capturing or cracking WPA handshakes. Unauthorized access to computer networks is illegal.

Credits

Built from IEEE 802.11i-2004, IEEE 802.11r-2008, hashcat, and hcxtools source code.