Results 1 to 8 of 8

Thread: coWPAtty segmentation fault error

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default coWPAtty segmentation fault error

    Hi All,

    I have just tested new BT4 beta and found bug in coWPAtty 4.3. After capturing wireless packets (with handshake) with MADWIFI drivers, I try to find the key using coWPAtty. coWPAtty returns segmentation fault error when opening the PCAP file.
    I have also tested coWPAtty on different systems (BT3, FC9, FC10) with different libPCAP libreries, tcpdump and tshark versions and coWPAtty still returns the same error. Ath5k driver doesn’t solve the problem as well.
    Does anybody have idea what makes the problem?

    BR,

    michal

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by michal View Post
    Hi All,

    I have just tested new BT4 beta and found bug in coWPAtty 4.3. After capturing wireless packets (with handshake) with MADWIFI drivers, I try to find the key using coWPAtty. coWPAtty returns segmentation fault error when opening the PCAP file.
    I have also tested coWPAtty on different systems (BT3, FC9, FC10) with different libPCAP libreries, tcpdump and tshark versions and coWPAtty still returns the same error. Ath5k driver doesn’t solve the problem as well.
    Does anybody have idea what makes the problem?

    BR,

    michal
    If you believe the problem is specific to cowpatty and not BT4, I recommend you contact the author and ask him.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Although this thread has nothing to do with backtrack, I just have been exchanging emails with Josh on this matter.


    First of all you need to be sure you are using the cowpatty in the /pentest/oc directory.

    Second of all here is what Josh told me: When grabbing a hand shake the actual password is transmitted from the client to the AP in frames one and two so if you get those then aircrack will work becasue it only looks at frame 1 and 2. Cowpatty however uses frame 4 because that's where the AP verifies the password. If you only use frame 1 and 2 then aircrack doeant know if the password that the client tried to authenticate with is valid or not.

    So most likely you have a incomplete 4 way hand shake even if it works with aircrack.

    If you would like to send me the .cap Ill take a look at it and test it out. I have been doing extensive work in this area lately.

  4. #4
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default

    Hi All,

    I have checked that PCAP file contain all 4 packets from 4-way handshake. Even if no handhsake is in PCAP file coWPAtty should return error like 'incomplete 4-way handshake' not 'segmentation fault' error. I have tested BT4 and coWPAtty with diffrent WPA versions, like WPA1-PSK TKIP, WPA2-PSK AES. In my PCAP files I had full handshake and no handshake which doesn't change anything. I have also used diffrent APs.

    The strange thing is that PCAPs with handshakes captured on old systems like FC6 or BT2 work on coWPAtty 4.3 from BT4. IMHO sth is wrong with libraries or modules used form capturing wireless data. I have checked different libPCAPs version but it doesn't help. I have no idea what makes the problem but it has to be connected to the data capturing.

    BTW i was using all coWPAtty's version which I could found on BT4.

    I know that problem is more universal then BT4 however I hope that sombeody can help me.

    BR,

    Michal

  5. #5
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    @pureh@te--

    In your opinion, does this lead you to believe that coWPAtty does a better job handling the .cap file in which a 4-way is captured?

    As you stated, the same .cap file opened with aircrack-ng and by coWPAtty can give different results(i.e. aircrack-ng sees a 4-way, coWPAtty does not).

    Clearly this has big implications in the success of a crack attempt.

    Thoughts?

    Quote Originally Posted by pureh@te View Post
    Although this thread has nothing to do with backtrack, I just have been exchanging emails with Josh on this matter.


    First of all you need to be sure you are using the cowpatty in the /pentest/oc directory.

    Second of all here is what Josh told me: When grabbing a hand shake the actual password is transmitted from the client to the AP in frames one and two so if you get those then aircrack will work becasue it only looks at frame 1 and 2. Cowpatty however uses frame 4 because that's where the AP verifies the password. If you only use frame 1 and 2 then aircrack doeant know if the password that the client tried to authenticate with is valid or not.

    So most likely you have a incomplete 4 way hand shake even if it works with aircrack.

    If you would like to send me the .cap Ill take a look at it and test it out. I have been doing extensive work in this area lately.
    You. Are. Doing. It. Wrong.
    -Gitsnik

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Well the way Josh explained it was if a client authenticated with the wrong password then aircrack would not know because I guess the confirmation from the AP hasn't happened. SO like if the password was backtrack but I try to authenticate with windows_rawks! then aircrack would fail but you would really never know. This is the reason Josh said he choose to make cowpatty look at the 4th frame. To be totally honest I'm still researching and trying to fully grasp the subject but that is the dummy version I was given

  7. #7

    Default

    Quote Originally Posted by michal View Post
    Hi All,

    I have just tested new BT4 beta and found bug in coWPAtty 4.3. After capturing wireless packets (with handshake) with MADWIFI drivers, I try to find the key using coWPAtty. coWPAtty returns segmentation fault error when opening the PCAP file.
    I have also tested coWPAtty on different systems (BT3, FC9, FC10) with different libPCAP libreries, tcpdump and tshark versions and coWPAtty still returns the same error. Ath5k driver doesn’t solve the problem as well.
    Does anybody have idea what makes the problem?

    BR,

    michal
    Try the cowpatty version in bt4's /pentest/password/openciphers directory. I've noticed that that version seems to work better. Also, as purehate pointed out, a bad password attempt will still have the 4 EAPOL handshake packets and will appear complete and correct.

  8. #8
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default

    Hi,

    I have just found that disabling all radiotap and prism headers in MADWIFI driver (echo '801' > /proc/sys/net/ath0/dev_type) solves the "segmentation fault" error. However coWPAtty in this case doesn't see handshake which Aircrack-ng does.
    I have no idea what about ath5k drivers which are now more popular.
    BR,

    Michal

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •