An invalid "valid" handshake with only 2 first EAPOL messages (same authentication sequence and replay counter)

[serious-angel]

Issue type

• Defect - Incorrect value displayed/received/stored

System information

• OS: Wifislax 2.3
• CPU: i7 630 M
• Wireless card and chipset (if relevant): rt2800usb (Ralink Technology, Corp. RT2870/RT3070)

Aircrack-ng version

• Version: 1.6
• Commit Revision hash: 8908600

Pyrit version:

• Version: 0.5.1 (2015)

Defect

The page online says:

However, aircrack-ng is able to work successfully with just 2 packets. EAPOL packets (2 and 3) or packets (3 and 4) are considered a full handshake.

While testing the tool, a temporary personal Wi-Fi hotspot was created and we tried to connect to it with and without correct PSK. The connection sequences were captured using airodump-ng - two captures.

• AP SSID: WiFi
• AP BSSID: 7e:b2:7d:d4:6d:45
• Client BSSID: 34:1c:f0:cf:27:ae

1. The first captured sequence includes 1, 2 and 3 EAPOL messages where 2 and 3 should be sufficient according to the key derivation system.
2. The second includes only 1 and 2 (repeated 4 times). These should be insufficient for a valid handshake file.

The issue

aircrack-ng indicated 1 Handshake for both captures.
pyrit indicated 1 handshake only in the first one.

The first full capture (valid PSK):

The second full capture (valid PSK):

The output of aircrack-ng and pyrit analyzations of full and cleaned versions (pyrit and wpaclean; more below):

Aircrack-ng

Notice: all "valid" handshakes

# aircrack-ng capture_1_full_1.cap                               
Reading packets, please wait...
Opening capture_1_full_1.cap
Read 1022 packets.

   #  BSSID              ESSID                     Encryption

   1  7E:B2:7D:D4:6D:45  WiFi                      WPA (1 handshake)

Choosing first network as target.

Reading packets, please wait...
Opening capture_1_full_1.cap
Read 1022 packets.

1 potential targets

Please specify a dictionary (option -w).

# aircrack-ng capture_1_wpaclean_cleaned_1.cap 
Reading packets, please wait...
Opening capture_1_wpaclean_cleaned_1.cap
Read 3 packets.

   #  BSSID              ESSID                     Encryption

   1  7E:B2:7D:D4:6D:45  WiFi                      WPA (1 handshake)

Choosing first network as target.

Reading packets, please wait...
Opening capture_1_wpaclean_cleaned_1.cap
Read 3 packets.

1 potential targets

Please specify a dictionary (option -w).

# aircrack-ng capture_1_pyrit_cleaned_1.cap 
Reading packets, please wait...
Opening capture_1_pyrit_cleaned_1.cap
Read 4 packets.

   #  BSSID              ESSID                     Encryption

   1  7E:B2:7D:D4:6D:45  WiFi                      WPA (1 handshake)

Choosing first network as target.

Reading packets, please wait...
Opening capture_1_pyrit_cleaned_1.cap
Read 4 packets.

1 potential targets

Please specify a dictionary (option -w).



# aircrack-ng capture_2_full_1.cap 
Reading packets, please wait...
Opening capture_2_full_1.cap
Read 474 packets.

   #  BSSID              ESSID                     Encryption

   1  7E:B2:7D:D4:6D:45  WiFi                      WPA (1 handshake)

Choosing first network as target.

Reading packets, please wait...
Opening capture_2_full_1.cap
Read 474 packets.

1 potential targets

Please specify a dictionary (option -w).

# aircrack-ng capture_2_pyrit_cleaned_1.cap 
Reading packets, please wait...
Opening capture_2_pyrit_cleaned_1.cap
Read 9 packets.

   #  BSSID              ESSID                     Encryption

   1  7E:B2:7D:D4:6D:45  WiFi                      WPA (1 handshake)

Choosing first network as target.

Reading packets, please wait...
Opening capture_2_pyrit_cleaned_1.cap
Read 9 packets.

1 potential targets

Please specify a dictionary (option -w).

# aircrack-ng capture_2_wpaclean_cleaned_1.cap 
Reading packets, please wait...
Opening capture_2_wpaclean_cleaned_1.cap
Read 3 packets.

   #  BSSID              ESSID                     Encryption

   1  7E:B2:7D:D4:6D:45  WiFi                      WPA (1 handshake)

Choosing first network as target.

Reading packets, please wait...
Opening capture_2_wpaclean_cleaned_1.cap
Read 3 packets.

1 potential targets

Please specify a dictionary (option -w).

Pyrit

Notice: only the first is valid and cleaned with pyrit, too. Cleaned with wpaclean fails, though.

# pyrit -r capture_1_full_1.cap analyze
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+

Parsing file 'capture_1_full_1.cap' (1/1)...
Parsed 253 packets (253 802.11-packets), got 1 AP(s)

#1: AccessPoint 7e:b2:7d:d4:6d:45 ('WiFi'):
  #1: Station 34:1c:f0:cf:27:ae, 1 handshake(s):
    #1: HMAC_SHA1_AES, good, spread 1

# pyrit -r capture_1_pyrit_cleaned_1.cap analyze
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+

Parsing file 'capture_1_pyrit_cleaned_1.cap' (1/1)...
Parsed 4 packets (4 802.11-packets), got 1 AP(s)

#1: AccessPoint 7e:b2:7d:d4:6d:45 ('WiFi'):
  #1: Station 34:1c:f0:cf:27:ae, 1 handshake(s):
    #1: HMAC_SHA1_AES, good, spread 1

# pyrit -r capture_1_wpaclean_cleaned_1.cap analyze
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+

Parsing file 'capture_1_wpaclean_cleaned_1.cap' (1/1)...
Parsed 3 packets (3 802.11-packets), got 1 AP(s)

#1: AccessPoint 7e:b2:7d:d4:6d:45 ('WiFi'):
  #1: Station 34:1c:f0:cf:27:ae, 1 handshake(s):
    #1: HMAC_SHA1_AES, bad, spread 1



# pyrit -r capture_2_full_1.cap analyze
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+

Parsing file 'capture_2_full_1.cap' (1/1)...
Parsed 74 packets (74 802.11-packets), got 1 AP(s)

#1: AccessPoint 7e:b2:7d:d4:6d:45 ('WiFi'):
  #1: Station 34:1c:f0:cf:27:ae, 3 handshake(s):
    #1: HMAC_SHA1_AES, bad, spread 1
    #2: HMAC_SHA1_AES, bad, spread 1
    #3: HMAC_SHA1_AES, bad, spread 1

# pyrit -r capture_2_pyrit_cleaned_1.cap analyze
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+

Parsing file 'capture_2_pyrit_cleaned_1.cap' (1/1)...
Parsed 9 packets (9 802.11-packets), got 1 AP(s)

#1: AccessPoint 7e:b2:7d:d4:6d:45 ('WiFi'):
  #1: Station 34:1c:f0:cf:27:ae, 3 handshake(s):
    #1: HMAC_SHA1_AES, bad, spread 3
    #2: HMAC_SHA1_AES, bad, spread 3
    #3: HMAC_SHA1_AES, bad, spread 5

# pyrit -r capture_2_wpaclean_cleaned_1.cap analyze
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+

Parsing file 'capture_2_wpaclean_cleaned_1.cap' (1/1)...
Parsed 3 packets (3 802.11-packets), got 1 AP(s)

#1: AccessPoint 7e:b2:7d:d4:6d:45 ('WiFi'):
  #1: Station 34:1c:f0:cf:27:ae, 1 handshake(s):
    #1: HMAC_SHA1_AES, bad, spread 1

Cleaning

# pyrit -r /root/Desktop/captures_1/capture_1_full_1.cap -o -o /root/Desktop/captures_1/capture_1_pyrit_cleaned_1.cap strip
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+

Parsing file '/root/Desktop/captures_1/capture_1_full_1.cap' (1/1)...
Parsed 253 packets (253 802.11-packets), got 1 AP(s)

#1: AccessPoint 7e:b2:7d:d4:6d:45 ('WiFi')
  #0: Station 34:1c:f0:cf:27:ae, 1 handshake(s)
    #1: HMAC_SHA1_AES, good, spread 1

New pcap-file '/root/Desktop/captures_1/capture_1_pyrit_cleaned_1.cap' written (4 out of 253 packets)

# pyrit -r /root/Desktop/captures_1/capture_2_full_1.cap -o /root/Desktop/captures_1/capture_2_pyrit_cleaned_1>
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+

Parsing file '/root/Desktop/captures_1/capture_2_full_1.cap' (1/1)...
Parsed 74 packets (74 802.11-packets), got 1 AP(s)

#1: AccessPoint 7e:b2:7d:d4:6d:45 ('WiFi')
  #0: Station 34:1c:f0:cf:27:ae, 3 handshake(s)
    #1: HMAC_SHA1_AES, bad, spread 1
    #2: HMAC_SHA1_AES, bad, spread 1
    #3: HMAC_SHA1_AES, bad, spread 1

New pcap-file '/root/Desktop/captures_1/capture_2_pyrit_cleaned_1.cap' written (9 out of 74 packets)



# wpaclean capture_1_wpaclean_cleaned_1.cap capture_1_full_1.cap 
Pwning capture_1_full_1.cap (1/1 100%)
Net 7e:b2:7d:d4:6d:45 WiFi
Done

# wpaclean capture_2_wpaclean_cleaned_1.cap capture_2_full_1.cap 
Pwning capture_2_full_1.cap (1/1 100%)
Net 7e:b2:7d:d4:6d:45 WiFi
Done

It's worth to mention:

1. wpaclean tool also removes the 3th EAPOL message from the first capture preserving only 1 and 2 (this invalidates a handshake).
2. pyrit saves a Beacon and all 3 first EAPOL messages, but everything else from the first capture.

It's also worth to mention that a cleaning via both tools (wpaclean and pyrit) resulted in EAPOL messages times change and their shift:

The first cleaned capture (valid PSK):

pyrit (2nd EAPOL message is now 3rd):

wpaclean (notice removed 3th EAPOL message and the negative time of the 1st one):

The second cleaned capture (invalid PSK):

pyrit (notice the message reorder and time messing):

wpaclean (notice the negative time of the 1st EAPOL message) :

Related information:

The archive which includes all captures: captures.zip

The archive includes:

1. capture_1_full_1.cap - Full first capture.
2. capture_2_full_1.cap - Full second capture
3. capture_1_pyrit_clean_1.cap - Cleaned first capture (pyrit)
4. capture_2_pyrit_clean_1.cap - Cleaned second capture (pyrit)
5. capture_1_wpaclean_clean_1.cap - Cleaned first capture (wpaclean)
6. capture_2_wpaclean_clean_1.cap - Cleaned second capture (wpaclean)

[ZerBea]

Pyrit is a little bit old (and deprecated), but hcxtools can confirm this behavior, too (and some other problems).

Please notice:
I'm not a friend of cleaned or filtered dump files. So only the two "full capture" files are tested.

$ hcxpcapngtool -o test.22000 *full*.*
reading from capture_1_full_1.cap...

summary capture file
--------------------
file name................................: capture_1_full_1.cap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 10.06.2021 10:41:00
timestamp maximum (GMT)..................: 10.06.2021 10:42:11
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11 (105)
endianess (capture system)...............: little endian
packets inside...........................: 1022
BEACON (total)...........................: 1
ACTION (total)...........................: 5
PROBEREQUEST (directed)..................: 5
PROBERESPONSE............................: 7
DEAUTHENTICATION (total).................: 1
AUTHENTICATION (total)...................: 2
AUTHENTICATION (OPEN SYSTEM).............: 2
ASSOCIATIONREQUEST (total)...............: 3
ASSOCIATIONREQUEST (PSK).................: 3
WPA encrypted............................: 64
EAPOL messages (total)...................: 3
EAPOL RSN messages.......................: 3
ESSID (total unique).....................: 1
EAPOLTIME gap (measured maximum usec)....: 24586
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 1
EAPOL M2 messages (total)................: 1
EAPOL M3 messages (total)................: 1
EAPOL pairs (total)......................: 2
EAPOL pairs (best).......................: 1
EAPOL pairs written to combi hash file...: 1 (RC checked)
EAPOL M32E2 (authorized).................: 1

Warning: out of sequence timestamps!
This dump file contains frames with out of sequence timestamps.
That is a bug of the capturing tool.

Warning: missing frames!
This dump file does not contain undirected proberequest frames.
An undirected proberequest may contain information about the PSK.
It always happens if the capture file was cleaned or
it could happen if filter options are used during capturing.
That makes it hard to recover the PSK.

Warning: missing frames!
This dump file does not contain enough EAPOL M1 frames.
It always happens if the capture file was cleaned or
it could happen if filter options are used during capturing.
That makes it impossible to calculate nonce-error-correction values.

reading from capture_2_full_1.cap...

summary capture file
--------------------
file name................................: capture_2_full_1.cap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 10.06.2021 11:02:00
timestamp maximum (GMT)..................: 10.06.2021 12:13:37
used capture interfaces..................: 1
link layer header type...................: DLT_IEEE802_11 (105)
endianess (capture system)...............: little endian
packets inside...........................: 474
BEACON (total)...........................: 1
PROBEREQUEST (directed)..................: 8
PROBERESPONSE............................: 5
DEAUTHENTICATION (total).................: 1
AUTHENTICATION (total)...................: 2
AUTHENTICATION (OPEN SYSTEM).............: 2
ASSOCIATIONREQUEST (total)...............: 1
ASSOCIATIONREQUEST (PSK).................: 1
WPA encrypted............................: 6
EAPOL messages (total)...................: 8
EAPOL RSN messages.......................: 8
ESSID (total unique).....................: 1
EAPOLTIME gap (measured maximum usec)....: 25088
EAPOL ANONCE error corrections (NC)......: not detected
REPLAYCOUNT gap (measured maximum).......: 3
EAPOL M1 messages (total)................: 3
EAPOL M2 messages (total)................: 5
EAPOL pairs (total)......................: 3
EAPOL pairs (best).......................: 1
EAPOL pairs written to combi hash file...: 1 (RC checked)
EAPOL M12E2 (challenge)..................: 1

Warning: out of sequence timestamps!
This dump file contains frames with out of sequence timestamps.
That is a bug of the capturing tool.

Warning: missing frames!
This dump file does not contain undirected proberequest frames.
An undirected proberequest may contain information about the PSK.
It always happens if the capture file was cleaned or
it could happen if filter options are used during capturing.
That makes it hard to recover the PSK.


session summary
---------------
processed cap files...................: 2

Unfortunately it looks like the "Full capture" dump files are cleaned somehow by the dumper, too (ESSID or BSSID filter in use?)
Additional, the timestamp sequence is broken.

$ hcxhashtool -i test.22000 --info=stdout
SSID.......: WiFi
MAC_AP.....: 7eb27dd46d45 (unknown)
MAC_CLIENT.: 341cf0cf27ae (Xiaomi Communications Co Ltd)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 0
RC INFO....: NC not required
MP M2M3 E2.: authorized
MIC........: c8c515cce104709aff4c4f5d8f38840e
HASHLINE...: WPA*02*c8c515cce104709aff4c4f5d8f38840e*7eb27dd46d45*341cf0cf27ae*57694669*62f344e3d4c9438ebe20be9a8fb85af7492dac8bb8dbc6fa9a37586e44934c2e*0103007502010a00000000000000000000d90df6868bce8c6f41add41ecc3b2111f89ff473182a80dd311be4174c97e82f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000*02

SSID.......: WiFi
MAC_AP.....: 7eb27dd46d45 (unknown)
MAC_CLIENT.: 341cf0cf27ae (Xiaomi Communications Co Ltd)
VERSION....: 802.1X-2001 (1)
KEY VERSION: WPA2
REPLAYCOUNT: 4
RC INFO....: NC not required
MP M1M2 E2.: challenge
MIC........: 827b3c4254d6b5f8eb5fea1ffc3a5b2c
HASHLINE...: WPA*02*827b3c4254d6b5f8eb5fea1ffc3a5b2c*7eb27dd46d45*341cf0cf27ae*57694669*dc4234e7421d862e9093044369cc788fe9b2393f8b604bc50e1d0eb8b58772bd*0103007502010a000000000000000000048ecc9c5adeb4aae9c79aefc32e7c776c41d29338f4bf124a56975bcee11d48ed000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000*00

[ZerBea]

To verify that the EAPOL messages are converted to valid MESSAGE PAIRS, it would be nice to comment the the correct password and the "false" password, too.

[serious-angel]

To verify that the EAPOL messages are converted to valid MESSAGE PAIRS, it would be nice to comment the the correct password and the "false" password, too.

How would you make use of it? I mean, what are the exact steps to process the operation you mentioned?

[ZerBea]

Commands to verify that the passwords can be recovered from all (M2M3 from first with correct password and M1M2 from second with false password) converted hashes:

$ hcxpcapngtool -o test.22000 *full*.cap
$ echo "password1" > wordlist    -> the correct password (on which we can try M2M3 from the first full capture)
$ echo "password2" >> wordlist   -> the false one (on which we can try M1M2 from the second full capture)
$ hashcat -m 22000 test.22000 wordlist

If hascat is able to recover both passwords (correct one and false one) from the converted hashes, we know that the conversion process worked as expected.
If we do not have both passwords, it is impossible to determine that the conversion process (M2M3 - authenticated on the first capture and M1M2 - challenge on the second capture) was ok!

BTW:
It is a big difference between

1. an invalid handshake (false MESSAGE PAIR by conversion process)
2. a challenge M1M2 (correct M1 M2 MESSAGE PAIR)
3. an authenticated handshake, confirmed by AP (M2 M3 MESSAGE PAIR)
4. an authenticated handshake, confirmed by CLIENT (M3 M4 or M1 M4 MESSAGE PAIR - if M4 SNONCE is not zeroed)
5. a PMKID, transmitted by AP (M1)
6. a PMKID, transmitted by CLIENT (M2)
7. a PMKID, transmitted by CLIENT (REASSOCIATIONREQUEST)

We can recover
a password of the CLIENT from 2 and 6 (may not be the password of your target NETWORK),
the password of your target NETWORK from 3, 4 (if SNONCE of M4 is not zeroed), 5 and 7,
but we are not able to recover a password from 1, because the converted MESSAGE PAIR is invalid.

Pyrit is an ancient tool, at least 6 hears old and no longer maintained. It shouldn't be used as reference any longer.

Cleaning of dump files is not necessary and very dangerous, because it will remove some important frames.
If you need to reduce size, use gzip to compress the dump file.
If you really need to remove unwanted frames, use tshark:
$ tshark -r capture_1_full_1.cap -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcap -w test.cap

@aircrack-ng please consider to remove wpaclean because it is not longer necessary and cleaned dump files are mostly undesirable or not accepted, e.g.:
https://forum.hashkiller.io/index.php?threads/any-help-to-crack-cap-file.32720/#post-210091
https://xiaopan.co/forums/threads/wpa-wpa2-auditing-service.3739/page-174#post-71580
https://www.xiaopan.co/forums/threads/gpuhash-me-common-dictonary.6748/page-3#post-59812
https://forums.hak5.org/topic/41183-pyrit-vs-hashcat-gpu-proper-logging-of-successfailure/#elControls_292553_menu
https://hashcat.net/forum/thread-6583-post-35048.html#pid35048
https://www.reddit.com/r/pwnagotchi/comments/do23bm/sort/f5krlca/?utm_source=reddit&utm_medium=web2x&context=3
https://wpa-sec.stanev.org/