WiFi Cracking
Documentation | Protocol | Attacks | Reference | Cheat Sheet
Complete technical reference for WPA/WPA2 PSK security analysis.
Covers the full pipeline from IEEE 802.11i protocol internals to practical hash extraction and cracking. Built from primary sources: IEEE specs, hashcat/hcxtools source code, and hands-on testing against real captures.
- Protocol -- WPA key hierarchy, 4-way handshake, all PSK variants (AKM 2/4/6)
- Attacks -- PMKID and EAPOL attack vectors, the 12-to-6-to-3 hash collapse, N#E# message pair naming
- Algorithms -- Step-by-step math for PBKDF2, PRF, KDF, FT-PSK key derivation chain
- Reference -- Hash line formats (mode 22000/37100), EAPOL frame structure, capture requirements, tool gap analysis
- Tools -- hcxpcapngtool options and behavior, hashcat modes and salt grouping, tshark commands, cracking workflow
The full guide is also available as a single markdown file: WPA_PSK_CRACKING_GUIDE.md
This material is intended for authorized security testing, research, and education only. You must have explicit written permission from the network owner before capturing or cracking WPA handshakes. Unauthorized access to computer networks is illegal. The authors are not responsible for any misuse.
Built from IEEE 802.11i-2004, IEEE 802.11r-2008, hashcat, and hcxtools source code.