WiFi Password Recoverywifipassword.org
Modern unified format

WPA-PBKDF2-PMKID+EAPOL — Hashcat Mode 22000

TL;DR — Mode 22000 is the modern unified format for WPA/WPA2 password hashes. It replaces the older modes 2500 (EAPOL) and 16800 (PMKID) by accepting both forms in a single .hc22000 hash file. The cipher and KDF are unchanged from earlier WPA: AES-CCMP with PBKDF2-HMAC-SHA1 (4096 iterations). Recovery feasibility depends entirely on password strength.

What mode 22000 unifies

Before 2020, WPA recovery used two different Hashcat modes: 2500 for the classic 4-way EAPOL handshake captured during client association, and 16800 for the PMKID extracted directly from the access point. Both encoded the same underlying WPA secret but in different hash formats.

Mode 22000 (introduced in Hashcat 6.0) accepts both forms in a single .hc22000 file. Each line carries a marker indicating PMKID or EAPOL plus the encoded data. This simplification reduced common workflow errors and made recovery tooling more uniform.

The cryptographic core is unchanged: WPA/WPA2-Personal uses PBKDF2-HMAC-SHA1 with 4096 iterations to derive the Pairwise Master Key (PMK) from the passphrase + SSID. The PMK is then used in the 4-way handshake or PMKID computation.

  • Hashcat mode: 22000 (replaces 2500 and 16800)
  • File format: .hc22000
  • KDF: PBKDF2-HMAC-SHA1, 4096 iterations
  • Salt: SSID (network name)
  • Cipher: AES-CCMP (in actual data transit)
  • Default for WPA/WPA2-Personal in IEEE 802.11i

Why 4096 iterations matter

WPA's 4096-iteration PBKDF2 was a deliberate cost choice in IEEE 802.11i (2004). At the time, it was meaningfully slow on consumer CPUs. By 2026, modern GPUs verify 1-3 million WPA candidates per second per high-end card.

This means dictionary attacks against common passwords complete in minutes. Brute-force against short alphanumeric passwords (8-9 chars) is feasible on multi-GPU clusters within hours to days.

Strong random passphrases (12+ characters from a wide character set) are not realistically recoverable on any feasible compute budget. This is the standard 'password strength matters' line.

PMKID vs EAPOL

PMKID is a single 16-byte hash transmitted by the AP in the first message of association. It can be captured passively without any client traffic, making collection much simpler than the full handshake.

EAPOL handshake is the full 4-message exchange between client and AP during association. Capturing requires either witnessing a client connection or sending deauthentication frames to force re-association.

Mode 22000 accepts both in the same hash file. From a recovery perspective, both verify the same underlying WPA passphrase — there's no preference once you have either form.

Recovery realism

WPA/WPA2 recovery follows the modern 'password strength matters' pattern. Common consumer router default passwords (often 8-character random alphanumeric) are within reach of multi-GPU brute force. Personal passwords with predictable patterns (birthdays, kid names, common phrases) are recoverable via dictionary or pattern attacks.

Strong passphrases — 14+ characters with mixed character classes, unrelated to common patterns — are practically secure. We honestly assess based on password expectations.

For your own home network where you simply forgot the password, the recovery path depends on what you set: a simple personal password is recoverable; a long random password from your router setup wizard probably isn't.

WPA3-Personal differences

WPA3-Personal uses Simultaneous Authentication of Equals (SAE) instead of PSK. SAE is resistant to offline dictionary attacks — captured handshakes don't leak material that an attacker can verify against candidate passwords. Mode 22000 doesn't apply to WPA3.

Most consumer networks in 2026 still use WPA2-Personal due to client device compatibility. WPA3 adoption is increasing but not dominant. If your network is WPA3-only, recovery is fundamentally harder — typically only via the router admin interface.

Frequently Asked Questions

Is recovering my own home WiFi password legal?
Yes — recovering a password to your own network from a captured handshake is legal in every Tier 1 jurisdiction. Unauthorised access to someone else's network is illegal regardless of technique.
Why was mode 22000 introduced if 2500/16800 worked?
Workflow simplification. Having a single hash format reduces tool errors and makes recovery pipelines uniform whether the input is PMKID or EAPOL. Hashcat 6.0+ recommends 22000 for new captures.
Can I run mode 22000 myself with hashcat?
Yes. Capture a handshake with hcxdumptool or similar, convert to .hc22000 with hcxpcapngtool, run hashcat -m 22000. Time and electricity are the constraints — multi-GPU systems are vastly more effective than single GPUs.
What's the difference between mode 22000 and 22001?
Mode 22001 is PMKID-only (without EAPOL fallback). Mode 22000 accepts both. For most uses, 22000 is the right choice.
Will my router log my recovery attempt?
Routers don't usually log detailed handshake captures — they're passive radio observations. Some routers log unusual deauth frames if you forced re-association during capture. If concerned about audit trails, use entirely passive PMKID capture instead.
Are recovery rates published anywhere?
We don't publish service-specific rates. Independent academic research on WPA password strength distributions (e.g., crackstation surveys) provides general patterns: short alphanumeric and dictionary-derived passwords dominate real-world deployments and are typically recoverable.

Related references

m2500Deprecated — use 22000m22001PMK pre-computedModern protocol

Have a handshake to recover?

Upload your .hc22000 (or .pcap/.cap/.hccapx and we'll convert) for a free analysis. Pay only if recovery succeeds.

Run a free WPA analysis