Ticket #158 (closed defect: fixed)

Opened 3 years ago

Last modified 8 weeks ago

airdecap-ng fails to properly decrypt wpa traffic

Reported by: darkAudax Owned by:
Priority: minor Milestone: 0.9
Component: airdecap-ng Version: 0.7
Keywords: airdecap-ng wpa Cc:

Description (last modified by misterx) (diff)

Thread message:  http://tinyshell.be/aircrackng/forum/index.php?topic=365.msg7720#msg7720

Hi.

I have a question for IEEE802.11 header in capture. I tried to airdecap-ng but it do not work, using: 1) Atheros chip wireless MiniPCI card
2) madwifi-ng driver from svn with patch
3) aircrack-0.7 or svn version

results: 

# (captured wireless packet from STA association using airodump-ng)
# airdecap-ng -p passphrase -b 00:03:2f:77:73:14 -e 'E02SA-WPA' tkip_micerr-03.cap
Total number of packets read          2512
Total number of WEP data packets         0
Total number of WPA data packets        20
Number of plaintext data packets         0
Number of decrypted WEP  packets         0
Number of decrypted WPA  packets        16

I checked output file, only group key exchange has decrypted successfull, and 'Total number of WPA data packets 20' tells airdecap does not detect WPA packets from capture file.

So I modified IEEE802.11 header offset to airdecap getting bssid from each frame.

It worked well, is that something wrong for capture or decrypt? 

diff -cr aircrack-ng-0.7/src/airdecap-ng.c aircrack-ng-0.7-00/src/airdecap-ng.c
*** aircrack-ng-0.7/src/airdecap-ng.c   2007-01-04 06:50:40.000000000 +0900
--- aircrack-ng-0.7-00/src/airdecap-ng.c        2007-04-02 01:19:04.000000000 +0900
***************
*** 941,947 ****

          /* check the BSSID */

!         switch( h80211[0] & 3 )
          {
              case  0: memcpy( bssid, h80211 + 16, 6 ); break;
              case  1: memcpy( bssid, h80211 +  4, 6 ); break;
--- 941,947 ----

          /* check the BSSID */

!         switch( h80211[1] & 3 )
          {
              case  0: memcpy( bssid, h80211 + 16, 6 ); break;
              case  1: memcpy( bssid, h80211 +  4, 6 ); break;

results: 

# airdecap-ng -p passphrase -b 00:03:2f:77:73:14 -e 'E02SA-WPA' tkip_micerr-03.cap
Total number of packets read          2512
Total number of WEP data packets         0
Total number of WPA data packets       799
Number of plaintext data packets         0
Number of decrypted WEP  packets         0
Number of decrypted WPA  packets       494

Attachments

tkip_micerr-03.zip Download (194.7 KB) - added by S.Shiota 3 years ago.
here is capture and pre-shared key.

Change History

Changed 3 years ago by hirte

r255 should fix it

Changed 3 years ago by hirte

r258 fixes 3 more...

Changed 3 years ago by S.Shiota

here is capture and pre-shared key.

Changed 3 years ago by darkAudax

S.Shiota added a patch:  http://tinyshell.be/aircrackng/forum/index.php?topic=1536.0

Still trying to determine if this is a new bug or a patch to the original bug.

Changed 3 years ago by misterx

  • description modified (diff)

Changed 3 years ago by misterx

  • status changed from new to closed
  • resolution set to fixed

Changed 3 years ago by misterx

  • milestone changed from 0.8.1 to 0.9

Milestone 0.8.1 deleted

Add/Change #158 (airdecap-ng fails to properly decrypt wpa traffic)

Author


E-mail address and user name can be saved in the Preferences.


Action
as closed
The resolution will be deleted. Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.