From c47f9d4b3eddd25b79dee6e9562c4c9b2cd8fc03 Mon Sep 17 00:00:00 2001 From: jsteube Date: Tue, 28 Feb 2017 10:20:46 +0100 Subject: [PATCH] Fix a bug in wpa_essid_reuse_next() destroying reuse PBKDF2 intermediate keys if duplicate essid logic --- src/interface.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/interface.c b/src/interface.c index ebaee6345..7390c2d30 100644 --- a/src/interface.c +++ b/src/interface.c @@ -14952,25 +14952,30 @@ void wpa_essid_reuse (hashcat_ctx_t *hashcat_ctx) void wpa_essid_reuse_next (hashcat_ctx_t *hashcat_ctx, const u32 salt_idx_cracked) { - // the first essid salt has been cracked, but it's possible others with the same essid are not - // thus we have to update essid_reuse to find the next uncracked salt with the same essid - hashes_t *hashes = hashcat_ctx->hashes; salt_t *salts_buf = hashes->salts_buf; wpa_t *esalts_buf = hashes->esalts_buf; + // the first essid salt has been cracked? + // since there's always just one with essid_reuse == 0 (which is always the first uncracked of N handshakes) + // we can do the following check: + + if (esalts_buf[salt_idx_cracked].essid_reuse != 0) return; + + // it's possible more handshakes with the same essid are following, + // thus we have to update the next essid_reuse with the same essid + const u32 salts_cnt = hashes->salts_cnt; const u32 salts_idx_next = salt_idx_cracked + 1; if (salts_idx_next == salts_cnt) return; - if (memcmp ((char *) salts_buf[salts_idx_next].salt_buf, (char *) salts_buf[salt_idx_cracked].salt_buf, salts_buf[salts_idx_next].salt_len) == 0) - { - esalts_buf[salts_idx_next].essid_reuse = 0; - } + if (memcmp ((char *) salts_buf[salts_idx_next].salt_buf, (char *) salts_buf[salt_idx_cracked].salt_buf, salts_buf[salts_idx_next].salt_len)) return; + + esalts_buf[salts_idx_next].essid_reuse = 0; } int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_len, const u32 salt_pos, const u32 digest_pos)