Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Incomplete TKIP four-way exchange every time!

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    3

    Default Incomplete TKIP four-way exchange every time!

    I was hoping to dabble with cracking WPA2. There are plenty of tutorials out there and it seems pretty straightforward. All you have to have is something to capture the handshake such as airodump or wireshark, aircrack, and a good dictionary file.

    I started by using airolib-ng to create a relatively small rainbow table. It had lots of entries, including specifically my SSID and my PSK. I can supposedly capture the handshake with airodump by using aireplay to deauth my machine, or by simply connecting another machine to the network.

    After the packet is captured, I used aircrack to start chewing on it and after a very short time it quit, saying that the password is not in the dictionary, yet it hadn't hardly even touched the dictionary. I used airolib to create a table with a single SSID and a single PSK, both known values. When I attempt to use aircrack I get the exact same result! It doesn't matter how I capture the packets, be it airodump or wireshark, I get the same thing.

    I used airolib to export my dictionary to cowpatty and tried to crack it that way. Cowpatty then gives me "incomplete TKIP four-way exchange." Every time. I thought at first that the problem might be some quirk of my netgear router, so I did some packet capturing at work which uses Cisco equipment.

    I get the same problem every time. Wireshark and / or airodump will THINK that they have captured a handshake, yet cowpatty says it's incomplete.

    What am I missing?

  2. #2

    Default

    Does wireshark show that you have captured the 4 way EAPOL handshake? If not, it will never crack. If you don't have the 4 EAPOL packets from the session, your monitoring wireless interface may be channel hopping and missing the entire conversation. Try to set the channel on your monitoring interface via command line (iwconfig ath0 channel 6 for example) and then force the rekey and see if you have captured the complete session. If so, you should be able to crack the key with cowpatty. Good Luck.

  3. #3
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    I used airolib to export my dictionary to cowpatty and tried to crack it that way. Cowpatty then gives me "incomplete TKIP four-way exchange." Every time. I thought at first that the problem might be some quirk of my netgear router, so I did some packet capturing at work which uses Cisco equipment.
    Are you using WPA/TKIP or WPA/AES? As far as I know Cowpatty will still not recognize a handshake when the WPA encryption implements AES, so this might be the source of your problem.
    -Monkeys are like nature's humans.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    2

    Default i second that

    i have the same problem

  5. #5
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    10

    Default

    I also have this issue. Tried it on two networks. Here's one:

    BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
    00:16:B6A:A1:8F, 2008-10-19 15:41:12, 2008-10-19 15:42:39, 8, 48, WPA , CCMP TKIP,PSK, 35, 849, 509, 0. 0. 0. 0, 8, testnet,

    Aircrack-ng tries to crack it fine, but cowPatty shows:

    End of pcap capture file, incomplete TKIP four-way exchange. Try using a different capture.

  6. #6
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    10

    Default

    Hmm, just found this:

    trac dot aircrack-ng dot org/ticket/490

    Seems as though Aircrack-ng doesn't need the full handshake somehow.

    As a final note, Wireshark shows the 4 part EAPOL handshake. I.E. when filtering I see the 4 lines with times milliseconds apart alternating between the AP and the host.

  7. #7
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    4

    Default

    I have had this same problem with cowpatty. It frustrated me enough I created my own patch for cowpatty. It adds an option to cowpatty, -n, to make it accept handshakes like aircrack-ng. I did it as an option, because for some handshakes cowpatty's original method is better.

    proton.cygnusx-1.org/~edgan/cowpatty/cowpatty-4.3-nonstrict.patch

    Yet another patch I created for cowpatty to make it accept hashes, from say pyrit, via stdin.

    proton.cygnusx-1.org/~edgan/cowpatty/cowpatty-4.3-hashfix.patch

    I have submitted these patches to the cowpaty author/maintainer.

    Removed it.

    I have fixed even more bugs in cowpatty now. The latest two are a off by 1 for 63 character passwords, and failure on wpa2-aes packets. The patch is updated in place, so same url.

    I have improved my patch even further, and removed the need for a special mode. Hence no more -n. I removed the old mode, and made mine the new default. It now surpasses aircrack-ng's latest svn in handshake detection.

    proton.cygnusx-1.org/~edgan/cowpatty/cowpatty-4.3-fixup.patch

  8. #8
    Just burned his ISO
    Join Date
    Mar 2006
    Posts
    3

    Default

    Can you or someone else please post your patch here! The link seems to be down atm

  9. #9
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    9

    Default

    Thank you for your patches. They are very appreciated.

  10. #10
    Yeeshkull
    Guest

    Default

    Quote Originally Posted by =Tron= View Post
    Are you using WPA/TKIP or WPA/AES? As far as I know Cowpatty will still not recognize a handshake when the WPA encryption implements AES, so this might be the source of your problem.
    Tron,

    I'm getting the same error in Cowpatty with a WPA2 CCMP capture file.

    -Yeesh

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •