About Rogue AP attack

[Rozin14]

I've got a + in 2, which should mean that a rogue ap attack was done successfully. I'm curious about its working. May i request you to fully explain the working of rogue ap/client attack of Hcxdumptool?

[ZerBea]

To recover a PSK, hashcat and JtR need this information:

ESSID
MAC AP
MAC CLIENT
NONCE AP
EAPOL M2 CLIENT

Usually you get this information if you capture a 4way handshake and at least one management frame that contain the ESSID.

In case a an EAPOL M1M2 ROGUE attack hcxdumptool takes on the task of the AP
Once this is done (the CLIENT respond by transmitting an EAPOL M2), hcxpcapngtool is able to calculate a valid MESSAGE PAIR, the GPU crackers can work on.
In every case this calculated MESSAGE PAIR is valid but it is possible that the calculated PSK does not belong to the desired (target) NETWORK.