summaryrefslogtreecommitdiff
path: root/net-wireless/cowpatty
diff options
context:
space:
mode:
Diffstat (limited to 'net-wireless/cowpatty')
-rw-r--r--net-wireless/cowpatty/Manifest7
-rw-r--r--net-wireless/cowpatty/cowpatty-4.3-r2.ebuild28
-rw-r--r--net-wireless/cowpatty/cowpatty-4.6-r4.ebuild28
-rw-r--r--net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch221
-rw-r--r--net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch12
-rw-r--r--net-wireless/cowpatty/files/cowpatty-4.6-fixup14.patch346
6 files changed, 642 insertions, 0 deletions
diff --git a/net-wireless/cowpatty/Manifest b/net-wireless/cowpatty/Manifest
new file mode 100644
index 00000000..d7e9de0a
--- /dev/null
+++ b/net-wireless/cowpatty/Manifest
@@ -0,0 +1,7 @@
+AUX cowpatty-4.3-fixup2.patch 7550 RMD160 7b8bbb2266b69cf12290ac825f06efaf59b7c39c SHA1 0a42824828f3a91bb8a072b7210d9015205c096a SHA256 a5f1ea5429afd3a6cfc3509fdc564490f85f006258d11c5dc8b515d9490524e2
+AUX cowpatty-4.3-hashfix.patch 518 RMD160 7056eb376306bd086e7af8ca63f60799e5630cbf SHA1 10ee4c3796664c3f0a421e5f4901086d5985fd27 SHA256 a32d8dc367d858dda7bf557a9c01a5b9509aad04f4d0491100a1e42fdf749c72
+AUX cowpatty-4.6-fixup14.patch 12727 RMD160 fb2c3d60b5f07a9be4a25d7380ee1f33fc95a082 SHA1 635c09a981f30c9604f56497e71a451f00cc37f8 SHA256 49671af83ba4f6551e5b6e96e8036b0fba8929eda5917856c96643a1062a3db4
+DIST cowpatty-4.3.tgz 103720 RMD160 3eff935f1532f84c60bfd576801be4d6911964d1 SHA1 8b7cb2015d0534031827f2f06135bf5cf5929d35 SHA256 b82154c9183fed3c26226c124f5e50ef38adaaafc84c5a13d9256b1ebd489bca
+DIST cowpatty-4.6.tgz 104979 RMD160 643e9e675ec06f606c99729289692654ddcbe3b4 SHA1 2dc09d725e4131a68a33c8717d3a7317e5616df2 SHA256 cd3fc113e5052d3ee08ab71aa87edf772d044f760670c73fde5d5581d7803bc2
+EBUILD cowpatty-4.3-r2.ebuild 719 RMD160 7e905574beb66550f4d28e686e36cbed6d59927f SHA1 58524b3354f7a85684c27a9161bcadcfe13fc673 SHA256 816e5ed329658a9ff09d142a70015e879537022aef63ad4e1eb2b0d1d18227ff
+EBUILD cowpatty-4.6-r4.ebuild 670 RMD160 873dfed750509f50a4d7777cea257d72c078550e SHA1 61a4620a6f8568beaab0ea66cde4828de258533a SHA256 b9cf08fa1d839e9ba25e8ea65d20e208122b5ea7b397d3a2f323b48f23c4ccf0
diff --git a/net-wireless/cowpatty/cowpatty-4.3-r2.ebuild b/net-wireless/cowpatty/cowpatty-4.3-r2.ebuild
new file mode 100644
index 00000000..c60c8302
--- /dev/null
+++ b/net-wireless/cowpatty/cowpatty-4.3-r2.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+inherit eutils
+
+DESCRIPTION="WLAN tools for bruteforcing 802.11 WPA/WPA2 keys"
+HOMEPAGE="http://www.willhackforsushi.com/Cowpatty.html"
+SRC_URI="http://www.willhackforsushi.com/code/${PN}/${PV}/${P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE=""
+DEPEND="dev-libs/openssl
+ net-libs/libpcap"
+RDEPEND="${DEPEND}"
+
+src_compile() {
+ epatch "${FILESDIR}"/cowpatty-4.3-fixup2.patch
+ epatch "${FILESDIR}"/cowpatty-4.3-hashfix.patch
+ emake -j1 || die "emake failed"
+}
+
+src_install() {
+ dobin cowpatty genpmk || die "dobin failed"
+ dodoc AUTHORS CHANGELOG FAQ INSTALL README TODO dict *.dump
+}
diff --git a/net-wireless/cowpatty/cowpatty-4.6-r4.ebuild b/net-wireless/cowpatty/cowpatty-4.6-r4.ebuild
new file mode 100644
index 00000000..7beab82e
--- /dev/null
+++ b/net-wireless/cowpatty/cowpatty-4.6-r4.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+inherit eutils
+
+DESCRIPTION="WLAN tools for bruteforcing 802.11 WPA/WPA2 keys"
+HOMEPAGE="http://www.willhackforsushi.com/?page_id=50"
+SRC_URI="http://www.willhackforsushi.com/code/${PN}/${PV}/${P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE=""
+
+DEPEND="dev-libs/openssl
+ net-libs/libpcap"
+RDEPEND="${DEPEND}"
+
+src_compile() {
+ epatch "${FILESDIR}"/cowpatty-4.6-fixup14.patch
+ emake -j1 || die "emake failed"
+}
+
+src_install() {
+ dobin cowpatty genpmk || die "dobin failed"
+ dodoc AUTHORS CHANGELOG FAQ INSTALL README TODO dict *.dump
+}
diff --git a/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch b/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch
new file mode 100644
index 00000000..3ac75910
--- /dev/null
+++ b/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch
@@ -0,0 +1,221 @@
+diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-fixup2/cowpatty.c
+--- cowpatty-4.3/cowpatty.c 2008-03-20 09:49:38.000000000 -0700
++++ cowpatty-4.3-fixup2/cowpatty.c 2009-05-21 23:38:17.970291072 -0700
+@@ -71,7 +71,7 @@
+ void cleanup();
+ void parseopts(struct user_opt *opt, int argc, char **argv);
+ void closepcap(struct capture_data *capdata);
+-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata);
++void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt);
+ void dump_all_fields(struct crack_data cdata);
+ void printstats(struct timeval start, struct timeval end,
+ unsigned long int wordcount);
+@@ -389,7 +389,7 @@
+ return (ret);
+ }
+
+-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata)
++void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt)
+ {
+ struct ieee8021x *dot1xhdr;
+ struct wpa_eapol_key *eapolkeyhdr;
+@@ -415,8 +415,8 @@
+ cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK;
+ index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK;
+
+- /* Check for EAPOL version 1, type EAPOL-Key */
+- if (dot1xhdr->version != 1 || dot1xhdr->type != 3) {
++ /* Check for type EAPOL-Key */
++ if (dot1xhdr->type != 3) {
+ return;
+ }
+
+@@ -427,59 +427,78 @@
+
+ if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
+ /* Check for WPA key, and pairwise key type */
+- if (eapolkeyhdr->type != 254 ||
++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) ||
+ (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) {
+ return;
+ }
+ } else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+- if (eapolkeyhdr->type != 2 ||
++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) ||
+ (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) {
+ return;
+ }
+ }
+
++ if (opt->verbose > 2) {
++ printf ("WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: %d\n", WPA_KEY_INFO_TYPE_HMAC_MD5_RC4);
++ printf ("WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: %d\n", WPA_KEY_INFO_TYPE_HMAC_SHA1_AES);
++ printf ("key version: %d\n", cdata->ver);
++ printf ("eapol key header type: %d\n", eapolkeyhdr->type);
++ }
++
++ /* Check for frame 1 of the 4-way handshake */
++ if ((key_info & WPA_KEY_INFO_MIC) == 0
++ && (key_info & WPA_KEY_INFO_ACK)
++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) {
++ /* All we need from this frame is the authenticator nonce */
++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
++ sizeof(cdata->anonce));
++ cdata->anonceset = 1;
++
+ /* Check for frame 2 of the 4-way handshake */
+- if ((key_info & WPA_KEY_INFO_MIC) && (key_info & WPA_KEY_INFO_ACK) == 0
+- && (key_info & WPA_KEY_INFO_INSTALL) == 0
+- && eapolkeyhdr->key_data_length > 0) {
+- /* All we need from this frame is the authenticator nonce */
+- memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
+- sizeof(cdata->snonce));
+- cdata->snonceset = 1;
++ } else if ((key_info & WPA_KEY_INFO_MIC)
++ && (key_info & WPA_KEY_INFO_INSTALL) == 0
++ && (key_info & WPA_KEY_INFO_ACK) == 0
++ && eapolkeyhdr->key_data_length > 0) {
+
+- } else if ( /* Check for frame 3 of the 4-way handshake */
+- (key_info & WPA_KEY_INFO_MIC)
+- && (key_info & WPA_KEY_INFO_INSTALL)
+- && (key_info & WPA_KEY_INFO_ACK)) {
++ cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 )
++ + packet[capdata->dot1x_offset + 3] + 4;
+
+ memcpy(cdata->spa, &packet[capdata->dstmac_offset],
+- sizeof(cdata->spa));
+- memcpy(cdata->aa, &packet[capdata->srcmac_offset],
+- sizeof(cdata->aa));
+- memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+- sizeof(cdata->anonce));
+- cdata->aaset = 1;
+- cdata->spaset = 1;
+- cdata->anonceset = 1;
+- /* We save the replay counter value in the 3rd frame to match
+- against the 4th frame of the four-way handshake */
+- memcpy(cdata->replay_counter, eapolkeyhdr->replay_counter, 8);
+-
+- } else if ( /* Check for frame 4 of the four-way handshake */
+- (key_info & WPA_KEY_INFO_MIC)
+- && (key_info & WPA_KEY_INFO_ACK) == 0
+- && (key_info & WPA_KEY_INFO_INSTALL) == 0
+- &&
+- (memcmp
+- (cdata->replay_counter, eapolkeyhdr->replay_counter,
+- 8) == 0)) {
++ sizeof(cdata->spa));
++ memcpy(cdata->aa, &packet[capdata->srcmac_offset],
++ sizeof(cdata->aa));
++ memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
++ sizeof(cdata->snonce));
++ cdata->aaset = 1;
++ cdata->spaset = 1;
++ cdata->snonceset = 1;
+
+ memcpy(cdata->keymic, eapolkeyhdr->key_mic,
+- sizeof(cdata->keymic));
++ sizeof(cdata->keymic));
+ memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset],
+- sizeof(cdata->eapolframe));
++ cdata->eapolframe_size);
++
+ cdata->keymicset = 1;
+ cdata->eapolframeset = 1;
++
++ /* Check for frame 3 of the 4-way handshake */
++ } else if ((key_info & WPA_KEY_INFO_MIC)
++ && (key_info & WPA_KEY_INFO_ACK)
++ && (key_info & WPA_KEY_INFO_INSTALL)) {
++ /* All we need from this frame is the authenticator nonce */
++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
++ sizeof(cdata->anonce));
++ cdata->anonceset = 1;
++
++ }
++
++ if (opt->verbose > 2) {
++ printf("aaset: %d\n",cdata->aaset);
++ printf("spaset: %d\n",cdata->spaset);
++ printf("snonceset: %d\n",cdata->snonceset);
++ printf("keymicset: %d\n",cdata->keymicset);
++ printf("eapolframeset: %d\n",cdata->eapolframeset);
++ printf("anonceset: %d\n", cdata->anonceset);
+ }
+ }
+
+@@ -507,8 +526,7 @@
+ printf("\n");
+
+ printf("eapolframe is:");
+- lamont_hdump(cdata.eapolframe, 99); /* Bug in lamont_hdump makes this look
+- wrong, only shows 98 bytes */
++ lamont_hdump(cdata.eapolframe, cdata.eapolframe_size);
+ printf("\n");
+
+ }
+@@ -706,7 +724,7 @@
+ }
+
+ hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe,
+- sizeof(cdata->eapolframe), keymic);
++ cdata->eapolframe_size, keymic);
+
+ if (opt->verbose > 2) {
+ printf("Calculated MIC with \"%s\" is", passphrase);
+@@ -815,7 +833,7 @@
+ }
+
+ hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe,
+- sizeof(cdata->eapolframe), keymic);
++ cdata->eapolframe_size, keymic);
+
+ if (opt->verbose > 2) {
+ printf("Calculated MIC with \"%s\" is", passphrase);
+@@ -874,7 +892,7 @@
+ 0 && (h->len >
+ capdata.l2type_offset + sizeof(struct wpa_eapol_key))) {
+ /* It's a dot1x frame, process it */
+- handle_dot1x(&cdata, &capdata);
++ handle_dot1x(&cdata, &capdata, &opt);
+ if (cdata.aaset && cdata.spaset && cdata.snonceset &&
+ cdata.anonceset && cdata.keymicset
+ && cdata.eapolframeset) {
+@@ -909,7 +927,6 @@
+ eapkeypacket =
+ (struct wpa_eapol_key *)&cdata.eapolframe[EAPDOT1XOFFSET];
+ memset(&eapkeypacket->key_mic, 0, sizeof(eapkeypacket->key_mic));
+- eapkeypacket->key_data_length = 0;
+
+ printf("Starting dictionary attack. Please be patient.\n");
+ fflush(stdout);
+diff -uNr cowpatty-4.3/cowpatty.h cowpatty-4.3-fixup2/cowpatty.h
+--- cowpatty-4.3/cowpatty.h 2008-03-20 09:49:38.000000000 -0700
++++ cowpatty-4.3-fixup2/cowpatty.h 2009-05-21 23:37:52.533281370 -0700
+@@ -94,7 +94,7 @@
+ u16 length;
+ } __attribute__ ((packed));
+
+-#define MAXPASSLEN 63
++#define MAXPASSLEN 64
+ #define MEMORY_DICT 0
+ #define STDIN_DICT 1
+ #define EAPDOT1XOFFSET 4
+@@ -166,7 +166,8 @@
+ u8 spa[6];
+ u8 snonce[32];
+ u8 anonce[32];
+- u8 eapolframe[99]; /* Length the same for all packets? */
++ u8 eapolframe[99];
++ u8 eapolframe2[125];
+ u8 keymic[16];
+ u8 aaset;
+ u8 spaset;
+@@ -177,6 +178,7 @@
+ u8 replay_counter[8];
+
+ int ver; /* Hashing algo, MD5 or AES-CBC-MAC */
++ int eapolframe_size;
+ };
+
+ struct hashdb_head {
diff --git a/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch b/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch
new file mode 100644
index 00000000..2ae6fcd2
--- /dev/null
+++ b/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch
@@ -0,0 +1,12 @@
+diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-hashfix/cowpatty.c
+--- cowpatty-4.3/cowpatty.c 2008-03-20 09:49:38.000000000 -0700
++++ cowpatty-4.3-hashfix/cowpatty.c 2008-10-19 23:29:22.000000000 -0700
+@@ -202,7 +202,7 @@
+ }
+
+ /* Test that the files specified exist and are greater than 0 bytes */
+- if (!IsBlank(opt->hashfile)) {
++ if (!IsBlank(opt->hashfile) && strncmp(opt->hashfile, "-", 1) != 0) {
+ if (stat(opt->hashfile, &teststat)) {
+ usage("Could not stat hashfile. Check file path.");
+ exit(-1);
diff --git a/net-wireless/cowpatty/files/cowpatty-4.6-fixup14.patch b/net-wireless/cowpatty/files/cowpatty-4.6-fixup14.patch
new file mode 100644
index 00000000..c27e2b18
--- /dev/null
+++ b/net-wireless/cowpatty/files/cowpatty-4.6-fixup14.patch
@@ -0,0 +1,346 @@
+diff -uNr cowpatty-4.6/cowpatty.c cowpatty-4.6-fixup14/cowpatty.c
+--- cowpatty-4.6/cowpatty.c 2009-07-03 08:15:50.000000000 -0700
++++ cowpatty-4.6-fixup14/cowpatty.c 2009-07-17 19:16:21.792816008 -0700
+@@ -94,8 +94,7 @@
+ "\t-d \tHash file (genpmk)\n"
+ "\t-r \tPacket capture file\n"
+ "\t-s \tNetwork SSID (enclose in quotes if SSID includes spaces)\n"
+- "\t-2 \tUse frames 1 and 2 or 2 and 3 for key attack (nonstrict mode)\n"
+- "\t-c \tCheck for valid 4-way frames, does not crack\n"
++ "\t-c \tCheck for valid 4-way frames, does not crack\n"
+ "\t-h \tPrint this help information and exit\n"
+ "\t-v \tPrint verbose information (more -v for more verbosity)\n"
+ "\t-V \tPrint program version and exit\n" "\n");
+@@ -151,7 +150,7 @@
+
+ int c;
+
+- while ((c = getopt(argc, argv, "f:r:s:d:c2nhvV")) != EOF) {
++ while ((c = getopt(argc, argv, "f:r:s:d:cnhvV")) != EOF) {
+ switch (c) {
+ case 'f':
+ strncpy(opt->dictfile, optarg, sizeof(opt->dictfile));
+@@ -166,9 +165,6 @@
+ strncpy(opt->hashfile, optarg, sizeof(opt->hashfile));
+ break;
+ case 'n':
+- case '2':
+- opt->nonstrict++;
+- break;
+ case 'c':
+ opt->checkonly++;
+ break;
+@@ -435,21 +431,11 @@
+ cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK;
+ index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK;
+
+- if (opt->nonstrict == 0) {
+-
+- /* Check for EAPOL version 1, type EAPOL-Key */
+- if (dot1xhdr->version != 1 || dot1xhdr->type != 3) {
+- return;
+- }
+-
+- } else {
+-
+- /* Check for type EAPOL-Key */
+- if (dot1xhdr->type != 3) {
+- return;
+- }
+-
++ /* Check for type EAPOL-Key */
++ if (dot1xhdr->type != 3) {
++ return;
+ }
++
+ if (cdata->ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
+ cdata->ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+ return;
+@@ -457,12 +443,12 @@
+
+ if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
+ /* Check for WPA key, and pairwise key type */
+- if (eapolkeyhdr->type != 254 ||
++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) ||
+ (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) {
+ return;
+ }
+ } else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+- if (eapolkeyhdr->type != 2 ||
++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) ||
+ (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) {
+ return;
+ }
+@@ -472,19 +458,22 @@
+
+ /* Check for frame 2 of the 4-way handshake */
+ if ((key_info & WPA_KEY_INFO_MIC)
+- && (key_info & WPA_KEY_INFO_ACK) == 0
+- && (key_info & WPA_KEY_INFO_INSTALL) == 0
+- && eapolkeyhdr->key_data_length > 0) {
++ && (key_info & WPA_KEY_INFO_ACK) == 0
++ && (key_info & WPA_KEY_INFO_INSTALL) == 0
++ && eapolkeyhdr->key_data_length > 0) {
+
+ /* All we need from this frame is the authenticator nonce */
+ memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
+ sizeof(cdata->snonce));
+ cdata->snonceset = 1;
++ memcpy(cdata->replay_counter1,
++ eapolkeyhdr->replay_counter, 8);
++ cdata->replay_counter1[7] = cdata->replay_counter1[7] + 1;
+
+ /* Check for frame 3 of the 4-way handshake */
+ } else if ((key_info & WPA_KEY_INFO_MIC)
+- && (key_info & WPA_KEY_INFO_INSTALL)
+- && (key_info & WPA_KEY_INFO_ACK)) {
++ && (key_info & WPA_KEY_INFO_INSTALL)
++ && (key_info & WPA_KEY_INFO_ACK)) {
+
+ memcpy(cdata->spa, &packet[capdata->dstmac_offset],
+ sizeof(cdata->spa));
+@@ -497,15 +486,17 @@
+ cdata->anonceset = 1;
+ /* We save the replay counter value in the 3rd frame to match
+ against the 4th frame of the four-way handshake */
+- memcpy(cdata->replay_counter,
++ memcpy(cdata->replay_counter2,
+ eapolkeyhdr->replay_counter, 8);
+
+ /* Check for frame 4 of the four-way handshake */
+ } else if ((key_info & WPA_KEY_INFO_MIC)
+- && (key_info & WPA_KEY_INFO_ACK) == 0
+- && (key_info & WPA_KEY_INFO_INSTALL) == 0
+- && (memcmp (cdata->replay_counter,
+- eapolkeyhdr->replay_counter, 8) == 0)) {
++ && (key_info & WPA_KEY_INFO_ACK) == 0
++ && (key_info & WPA_KEY_INFO_INSTALL) == 0
++ && (memcmp (cdata->replay_counter1,
++ cdata->replay_counter2, 8) == 0)
++ && (memcmp (cdata->replay_counter2,
++ eapolkeyhdr->replay_counter, 8) == 0)) {
+
+ memcpy(cdata->keymic, eapolkeyhdr->key_mic,
+ sizeof(cdata->keymic));
+@@ -513,57 +504,76 @@
+ sizeof(cdata->eapolframe));
+ cdata->keymicset = 1;
+ cdata->eapolframeset = 1;
++ cdata->counters = 1;
+ }
+- } else {
+-
+- /* Check for frame 1 of the 4-way handshake */
+- if ((key_info & WPA_KEY_INFO_MIC) == 0
+- && (key_info & WPA_KEY_INFO_ACK)
+- && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) {
+- /* All we need from this frame is the authenticator nonce */
+- memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+- sizeof(cdata->anonce));
+- cdata->anonceset = 1;
+-
+- /* Check for frame 2 of the 4-way handshake */
+- } else if ((key_info & WPA_KEY_INFO_MIC)
+- && (key_info & WPA_KEY_INFO_INSTALL) == 0
+- && (key_info & WPA_KEY_INFO_ACK) == 0
+- && eapolkeyhdr->key_data_length > 0) {
+
+- cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 )
+- + packet[capdata->dot1x_offset + 3] + 4;
+-
+- memcpy(cdata->spa, &packet[capdata->dstmac_offset],
+- sizeof(cdata->spa));
+- cdata->spaset = 1;
+-
+- memcpy(cdata->aa, &packet[capdata->srcmac_offset],
+- sizeof(cdata->aa));
+- cdata->aaset = 1;
+-
+- memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
+- sizeof(cdata->snonce));
+- cdata->snonceset = 1;
++ } else {
+
+- memcpy(cdata->keymic, eapolkeyhdr->key_mic,
+- sizeof(cdata->keymic));
+- cdata->keymicset = 1;
++ /* Check for frame 1 of the 4-way handshake */
++ if ((key_info & WPA_KEY_INFO_MIC) == 0
++ && (key_info & WPA_KEY_INFO_ACK)
++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) {
++
++ /* All we need from this frame is the authenticator nonce */
++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
++ sizeof(cdata->anonce));
++ cdata->anonceset = 1;
++
++ memcpy(cdata->replay_counter1,
++ eapolkeyhdr->replay_counter, 8);
++ cdata->replay_counter1[7] = cdata->replay_counter1[7] + 1;
++
++ /* Check for frame 2 or 4 of the 4-way handshake */
++ } else if ((key_info & WPA_KEY_INFO_MIC)
++ && (key_info & WPA_KEY_INFO_INSTALL) == 0
++ && (key_info & WPA_KEY_INFO_ACK) == 0) {
++
++ cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 )
++ + packet[capdata->dot1x_offset + 3] + 4;
++
++ memcpy(cdata->spa, &packet[capdata->dstmac_offset],
++ sizeof(cdata->spa));
++ cdata->spaset = 1;
++
++ memcpy(cdata->aa, &packet[capdata->srcmac_offset],
++ sizeof(cdata->aa));
++ cdata->aaset = 1;
++
++ memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
++ sizeof(cdata->snonce));
++ cdata->snonceset = 1;
++
++ memcpy(cdata->keymic, eapolkeyhdr->key_mic,
++ sizeof(cdata->keymic));
++ cdata->keymicset = 1;
++
++ memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset],
++ cdata->eapolframe_size);
++ cdata->eapolframeset = 1;
+
+- memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset],
+- cdata->eapolframe_size);
+- cdata->eapolframeset = 1;
++ memcpy(cdata->replay_counter2,
++ eapolkeyhdr->replay_counter, 8);
++ cdata->replay_counter2[7] = cdata->replay_counter2[7] + 1;
++ memcpy(cdata->replay_counter3,
++ eapolkeyhdr->replay_counter, 8);
++ cdata->replay_counter3[7] = cdata->replay_counter3[7] + 2;
++
++ /* Check for frame 3 of the 4-way handshake */
++ } else if ((key_info & WPA_KEY_INFO_MIC)
++ && (key_info & WPA_KEY_INFO_ACK)
++ && (key_info & WPA_KEY_INFO_INSTALL)) {
++
++ /* All we need from this frame is the authenticator nonce */
++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
++ sizeof(cdata->anonce));
++ cdata->anonceset = 1;
++
++ memcpy(cdata->replay_counter4,
++ eapolkeyhdr->replay_counter, 8);
++ cdata->replay_counter4[7] = cdata->replay_counter4[7] + 1;
+
++ }
+
+- /* Check for frame 3 of the 4-way handshake */
+- } else if ((key_info & WPA_KEY_INFO_MIC)
+- && (key_info & WPA_KEY_INFO_ACK)
+- && (key_info & WPA_KEY_INFO_INSTALL)) {
+- /* All we need from this frame is the authenticator nonce */
+- memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+- sizeof(cdata->anonce));
+- cdata->anonceset = 1;
+- }
+ }
+ }
+
+@@ -982,10 +992,82 @@
+ }
+ }
+
++ if (!(cdata.aaset && cdata.spaset && cdata.snonceset &&
++ cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) {
++
++ cdata.aaset = 0;
++ cdata.spaset = 0;
++ cdata.snonceset = 0;
++ cdata.anonceset = 0;
++ cdata.keymicset = 0;
++ cdata.eapolframeset = 0;
++
++ opt.nonstrict = 1;
++
++ memset(&capdata, 0, sizeof(struct capture_data));
++ memset(&cdata, 0, sizeof(struct crack_data));
++ memset(&eapolkey_nomic, 0, sizeof(eapolkey_nomic));
++
++ /* Populate capdata struct */
++ strncpy(capdata.pcapfilename, opt.pcapfile,
++ sizeof(capdata.pcapfilename));
++ if (openpcap(&capdata) != 0) {
++ printf("Unsupported or unrecognized pcap file.\n");
++ exit(-1);
++ }
++
++ /* populates global *packet */
++ while (getpacket(&capdata) > 0) {
++ if (opt.verbose > 2) {
++ lamont_hdump(packet, h->len);
++ }
++ /* test packet for data that we are looking for */
++ if (memcmp(&packet[capdata.l2type_offset], DOT1X_LLCTYPE, 2) ==
++ 0 && (h->len >capdata.l2type_offset + sizeof(struct wpa_eapol_key))) {
++ /* It's a dot1x frame, process it */
++ handle_dot1x(&cdata, &capdata, &opt);
++
++ if (cdata.aaset && cdata.spaset && cdata.snonceset
++ && cdata.anonceset && cdata.keymicset
++ && cdata.eapolframeset) {
++
++ if (cdata.replay_counter1 != 0
++ && cdata.replay_counter2 != 0) {
++
++ if (memcmp (cdata.replay_counter1,
++ cdata.replay_counter2, 8) == 0) {
++
++ cdata.counters = 1;
++ /* We've collected everything we need. */
++ break;
++
++ }
++
++ }
++
++ if (cdata.replay_counter3 != 0
++ && cdata.replay_counter4 != 0) {
++
++ if (memcmp (cdata.replay_counter3,
++ cdata.replay_counter4, 8) == 0) {
++
++ cdata.counters = 1;
++ /* We've collected everything we need. */
++ break;
++
++ }
++
++ }
++
++ }
++ }
++ }
++ }
++
+ closepcap(&capdata);
+
+ if (!(cdata.aaset && cdata.spaset && cdata.snonceset &&
+- cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) {
++ cdata.anonceset && cdata.keymicset && cdata.eapolframeset && cdata.counters)) {
+ printf("End of pcap capture file, incomplete four-way handshake "
+ "exchange. Try using a\ndifferent capture.\n");
+ exit(-1);
+diff -uNr cowpatty-4.6/cowpatty.h cowpatty-4.6-fixup14/cowpatty.h
+--- cowpatty-4.6/cowpatty.h 2009-06-04 06:24:16.000000000 -0700
++++ cowpatty-4.6-fixup14/cowpatty.h 2009-07-17 16:16:58.043152023 -0700
+@@ -178,7 +178,11 @@
+ u8 anonceset;
+ u8 keymicset;
+ u8 eapolframeset;
+- u8 replay_counter[8];
++ u8 replay_counter1[8];
++ u8 replay_counter2[8];
++ u8 replay_counter3[8];
++ u8 replay_counter4[8];
++ u8 counters;
+
+ int ver; /* Hashing algo, MD5 or AES-CBC-MAC */
+ int eapolframe_size;