From 96f15b85b8084e51e135327c847521f5c7c4584e Mon Sep 17 00:00:00 2001
From: = <=>
Date: Thu, 5 Sep 2024 13:48:39 +0200
Subject: [PATCH] LE/BE workaround

---
 hcxhashtool.c   |  8 ++++----
 hcxpcapngtool.c | 19 ++++++++++---------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/hcxhashtool.c b/hcxhashtool.c
index 14720f708..0886fdfdd 100644
--- a/hcxhashtool.c
+++ b/hcxhashtool.c
@@ -1319,10 +1319,10 @@ if(zeiger->type == HCX_TYPE_EAPOL)
 	rc = wpak->replaycount;
 	#endif
 	fprintf(fh_pmkideapol, "REPLAYCOUNT: %" PRIu64 "\n", rc);
-	if((zeiger->mp & 0xf0) == 0x10) fprintf(fh_pmkideapol, "NC INFO....: ROGUE attack / NC deactivated\n");
-	else if((zeiger->mp & 0xf0) == 0x20) fprintf(fh_pmkideapol, "NC INFO....: little endian router detected / NC on LE\n");
-	else if((zeiger->mp & 0xf0) == 0x40) fprintf(fh_pmkideapol, "NC INFO....: big endian router detected / NC on BE\n");
-	else if((zeiger->mp & 0xf0) == 0x80) fprintf(fh_pmkideapol, "NC INFO....: hashcat default NC activated\n");
+	if((zeiger->mp & 0x20) == 0x20) fprintf(fh_pmkideapol, "ROUTER TYPE: little endian (LE)\n");
+	else if((zeiger->mp & 0x40) == 0x40) fprintf(fh_pmkideapol, "ROUTER TYPE: big endian (BE)\n");
+	if((zeiger->mp & 0xf0) == 0x10) fprintf(fh_pmkideapol, "NC INFO....: NC deactivated\n");
+	else if((zeiger->mp & 0x80) == 0x80) fprintf(fh_pmkideapol, "NC INFO....: hashcat default NC activated\n");
 	else fprintf(fh_pmkideapol, "NC INFO....: NC not detected\n");
 	keyinfo = (getkeyinfo(ntohs(wpak->keyinfo)));
 	fprintf(fh_pmkideapol, "EAPOL MSG..: %d\n", keyinfo);
diff --git a/hcxpcapngtool.c b/hcxpcapngtool.c
index 3236d411d..84d94ad19 100644
--- a/hcxpcapngtool.c
+++ b/hcxpcapngtool.c
@@ -2162,7 +2162,8 @@ for(zeigerhs = zeigerhsakt; zeigerhs < handshakelistptr; zeigerhs++)
 		if((zeigerhs->status &7) == ST_M34E4) eapolm34e4count++;
 		if((zeigerhs->status & ST_ENDIANESS) != 0)
 			{
-			zeigerhs->status &= ~(1 << 7);
+			zeigerhs->status |= 0x80;
+//			zeigerhs->status &= ~(1 << 7);
 			}
 		wpak = (wpakey_t*)(zeigerhs->eapol +EAPAUTH_SIZE);
 		keyvertemp = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK;
@@ -3460,13 +3461,13 @@ for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++)
 			eapolnccount++;
 			if(memcmp(&zeiger->nonce[30], &wpak->nonce[30], 2) != 0)
 				{
-				zeiger->status = ST_LE;
-				(messagelist +MESSAGELIST_MAX)->status = ST_LE;
+				zeiger->status = ST_LE +ST_NC;
+				(messagelist +MESSAGELIST_MAX)->status = ST_LE +ST_NC;
 				}
 			else if(memcmp(&zeiger->nonce[28], &wpak->nonce[28], 2) != 0)
 				{
-				zeiger->status = ST_BE;
-				(messagelist +MESSAGELIST_MAX)->status = ST_BE;
+				zeiger->status = ST_BE +ST_NC;
+				(messagelist +MESSAGELIST_MAX)->status = ST_BE +ST_NC;
 				}
 			}
 		}
@@ -3853,13 +3854,13 @@ for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX +1; zeiger++)
 		eapolnccount++;
 		if(memcmp(&zeiger->nonce[30], &wpak->nonce[30], 2) != 0)
 			{
-			zeiger->status = ST_LE;
-			(messagelist +MESSAGELIST_MAX)->status = ST_LE;
+			zeiger->status = ST_LE +ST_NC;
+			(messagelist +MESSAGELIST_MAX)->status = ST_LE +ST_NC;
 			}
 		else if(memcmp(&zeiger->nonce[28], &wpak->nonce[28], 2) != 0)
 			{
-			zeiger->status = ST_BE;
-			(messagelist +MESSAGELIST_MAX)->status = ST_BE;
+			zeiger->status = ST_BE +ST_NC;
+			(messagelist +MESSAGELIST_MAX)->status = ST_BE +ST_NC;
 			}
 		}
 	}