Aircrack-ng fails to crack handshake within QoS data packet

[limitlessouljah@…]

Source thread:  http://tinyshell.be/aircrackng/forum/index.php?topic=4054.0

Aircrack-ng 1.0rc1 (and rc2) fails to find passphrase for the capture "WPA_eapol_filtered.cap" and the passphrase list borrowed from John-the-Ripper 1.7.2, "password.lst"

SSID: Red Apple
passphrase: password

This is due to QoS (2 bytes field at the end of 802.11 header), all information is shifted by 2 bytes.

[limitlessouljah@…]

Capture of just the handshake

[limitlessouljah@…]

Dictionary file used (passphrase is included, linux format)

[saxdax2@…]

same problem here with aircrack-ng rc1 on a Turion64 x2. No problem with 0.9.1 on an Athlon 4 Xp.

Going to test both versions inverted on pc's.

I can send you .cap and dictionary with passphrase if you need.

saxdax

[saxdax2@…]

Windows Vista with Turion64x2. Windows XP with Athlon 4.

[saxdax2@…]

made more tests. Results:

1)AMD Turion64x2 with Windows Vista: both 1.0rc2 and 0.9.1 fail to retrieve the password

2)AMD Athlon XP 4 with Windows XP: 2.a) 0.9.1 can find the password 2.b) 1.0rc2 doesn't.

Precompiled .exe used in both cases.

[misterx]

saxdax, your capture does not contain any QoS data packet, that's a different bug.

[misterx]

After checking, I don't think QoS is a problem. I'll have to investigate more to see what's wrong (and test with JTR).

[anonymous]

Replying to saxdax2@…:

same problem here with aircrack-ng rc1 on a Turion64 x2. No problem with 0.9.1 on an Athlon 4 Xp. Going to test both versions inverted on pc's. I can send you .cap and dictionary with passphrase if you need. saxdax