Incomplete TKIP four-way exchange every time!

[Ahemsa]

I was hoping to dabble with cracking WPA2. There are plenty of tutorials out there and it seems pretty straightforward. All you have to have is something to capture the handshake such as airodump or wireshark, aircrack, and a good dictionary file.

I started by using airolib-ng to create a relatively small rainbow table. It had lots of entries, including specifically my SSID and my PSK. I can supposedly capture the handshake with airodump by using aireplay to deauth my machine, or by simply connecting another machine to the network.

After the packet is captured, I used aircrack to start chewing on it and after a very short time it quit, saying that the password is not in the dictionary, yet it hadn't hardly even touched the dictionary. I used airolib to create a table with a single SSID and a single PSK, both known values. When I attempt to use aircrack I get the exact same result! It doesn't matter how I capture the packets, be it airodump or wireshark, I get the same thing.

I used airolib to export my dictionary to cowpatty and tried to crack it that way. Cowpatty then gives me "incomplete TKIP four-way exchange." Every time. I thought at first that the problem might be some quirk of my netgear router, so I did some packet capturing at work which uses Cisco equipment.

I get the same problem every time. Wireshark and / or airodump will THINK that they have captured a handshake, yet cowpatty says it's incomplete.

What am I missing?

[imported_cybrsnpr]

Does wireshark show that you have captured the 4 way EAPOL handshake? If not, it will never crack. If you don't have the 4 EAPOL packets from the session, your monitoring wireless interface may be channel hopping and missing the entire conversation. Try to set the channel on your monitoring interface via command line (iwconfig ath0 channel 6 for example) and then force the rekey and see if you have captured the complete session. If so, you should be able to crack the key with cowpatty. Good Luck.

[imported_=Tron=]

I used airolib to export my dictionary to cowpatty and tried to crack it that way. Cowpatty then gives me "incomplete TKIP four-way exchange." Every time. I thought at first that the problem might be some quirk of my netgear router, so I did some packet capturing at work which uses Cisco equipment.

Are you using WPA/TKIP or WPA/AES? As far as I know Cowpatty will still not recognize a handshake when the WPA encryption implements AES, so this might be the source of your problem.

[dennismayflower]

i have the same problem

[Fmstrat]

I also have this issue. Tried it on two networks. Here's one:

BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
00:16:B6A:A1:8F, 2008-10-19 15:41:12, 2008-10-19 15:42:39, 8, 48, WPA , CCMP TKIP,PSK, 35, 849, 509, 0. 0. 0. 0, 8, testnet,

Aircrack-ng tries to crack it fine, but cowPatty shows:

End of pcap capture file, incomplete TKIP four-way exchange. Try using a different capture.

[Fmstrat]

Hmm, just found this:

trac dot aircrack-ng dot org/ticket/490

Seems as though Aircrack-ng doesn't need the full handshake somehow.

As a final note, Wireshark shows the 4 part EAPOL handshake. I.E. when filtering I see the 4 lines with times milliseconds apart alternating between the AP and the host.

[edgan]

I have had this same problem with cowpatty. It frustrated me enough I created my own patch for cowpatty. It adds an option to cowpatty, -n, to make it accept handshakes like aircrack-ng. I did it as an option, because for some handshakes cowpatty's original method is better.

proton.cygnusx-1.org/~edgan/cowpatty/cowpatty-4.3-nonstrict.patch

Yet another patch I created for cowpatty to make it accept hashes, from say pyrit, via stdin.

proton.cygnusx-1.org/~edgan/cowpatty/cowpatty-4.3-hashfix.patch

I have submitted these patches to the cowpaty author/maintainer.

Removed it.

I have fixed even more bugs in cowpatty now. The latest two are a off by 1 for 63 character passwords, and failure on wpa2-aes packets. The patch is updated in place, so same url.

I have improved my patch even further, and removed the need for a special mode. Hence no more -n. I removed the old mode, and made mine the new default. It now surpasses aircrack-ng's latest svn in handshake detection.

proton.cygnusx-1.org/~edgan/cowpatty/cowpatty-4.3-fixup.patch

[imported_echo6]

Can you or someone else please post your patch here! The link seems to be down atm

[Maraudir]

Thank you for your patches. They are very appreciated.

[Yeeshkull]

Are you using WPA/TKIP or WPA/AES? As far as I know Cowpatty will still not recognize a handshake when the WPA encryption implements AES, so this might be the source of your problem.

Tron,

I'm getting the same error in Cowpatty with a WPA2 CCMP capture file.

-Yeesh