Pyrit unable to find the key

[GoogleCodeExporter]

What steps will reproduce the problem?
1. pyrit -e MOM1 -i pass.txt -r MOM1.cap attack_passthrough

What is the expected output? What do you see instead?
Expected output: right passphrase: MOM12345
Pyrit  didn't find the key (or something like that)

Gives the right result when used with cowpatty, though:
pyrit -e MOM1 -i pass.txt -o - passthrough | cowpatty -d - -r MOM1.cap -s MOM1 

What version of the product are you using? On what operating system?
0.2.5 (bt4) - 0.3.0 (all svn revisions)
Please provide any additional information below.
Pyrit is great, love the idea, thanks for your hard work!
I'm looking forward to your reply! 

Original issue reported on code.google.com by xredneck...@gmail.com on 22 Feb 2010 at 12:45

Attachments:

• MOM1.cap
• pass.txt

[GoogleCodeExporter]

I have to add, that above issue is hardware independent.
Checked on 3 different CPUs (Intel: centrino, pentium 4 with HT, core2duo plus 
gtx275)

Original comment by xredneck...@gmail.com on 22 Feb 2010 at 1:03

[GoogleCodeExporter]

Thanks for reporting. I've tried the capture- and the password-file with 
cowpatty 4.6
and aircrack-ng on two boxes and both tools were not able to detect the 
passphrase.
Therefor the problem is currently not reproducable for me.

Could you please doublecheck the information ?

Original comment by lukas.l...@gmail.com on 22 Feb 2010 at 7:40

[GoogleCodeExporter]

Aircrack-ng 1.0 r1645

aircrack-ng -w pass.txt MOM1.cap             Passphrase not in dictionary

Cowpatty 4.6

cowpatty -f pass.txt -r MOM1.cap -s MOM!     The PSK is "MOM12345".

Pyrit 0.3.0 

pyrit -e MOM1 -r MOM1.cap -i pass.txt attack_passthrough

Password was not found.

Pyrit 0.3.0 in conjunction with cowpatty 4.6

root@bt:~# pyrit -e MOM1 -i pass.txt -o - passthrough | cowpatty -d - -r 
MOM1.cap -s MOM1
cowpatty 4.6 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Collected all necessary data to mount crack against WPA2/PSK passphrase.
Starting dictionary attack.  Please be patient.
Using STDIN for hashfile contents.

The PSK is "MOM12345".

1 passphrases tested in 1.97 seconds:  0.51 passphrases/second

Now I am confused, Strange, that cowpatty cannot find you the right password.

Original comment by xredneck...@gmail.com on 22 Feb 2010 at 9:31

[GoogleCodeExporter]

# cowpatty -f pass.txt -r MOM1.cap -s MOM1
cowpatty 4.6 - WPA-PSK dictionary attack. <jwright@hasborg.com>
End of pcap capture file, incomplete four-way handshake exchange.  Try using a
different capture.

# cowpatty -f pass.txt -r MOM1.cap -s MOM1 -2
cowpatty 4.6 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Collected all necessary data to mount crack against WPA2/PSK passphrase.
Starting dictionary attack.  Please be patient.
Unable to identify the PSK from the dictionary file. Try expanding your
passphrase list, and double-check the SSID.  Sorry it didn't work out.

1 passphrases tested in 0.01 seconds:  87.01 passphrases/second

Original comment by lukas.l...@gmail.com on 22 Feb 2010 at 10:18

[GoogleCodeExporter]

I was now able to spot the error. There are multiple overlapping authentications
between the same AP and station in the capture file. Pyrit picked the wrong 
packet as
second frame which made the task of finding a matching PMK impossible.

I've changed the way Pyrit picks frames and it now honors the frames' replay 
counter.
While this /may/ lead so Pyrit drop valid frames, it currently passes all tests 
and
enables Pyrit to detect the correct passphrase for your test.

May I include the files you posted here as a test-case into Pyrit's 
source-code? They
serve as a guard to prevent regression-bugs...

Original comment by lukas.l...@gmail.com on 22 Feb 2010 at 7:00

• Changed state: Fixed

[GoogleCodeExporter]

Of course, keep the files!
I'm glad you solve this issue, which has been bugging me for quite some time 
now.
Thank you very much!

Original comment by xredneck...@gmail.com on 22 Feb 2010 at 8:56