From d2e95d5e1b7e15f3d06407aaca2a7bf251b7012a Mon Sep 17 00:00:00 2001
From: jsteube <jens.steube@gmail.com>
Date: Mon, 27 Feb 2017 09:30:02 +0100
Subject: [PATCH] Fix WPA/WPA2 incorrectly reports cracked passwords in some
 cases

---
 include/interface.h |  3 ++-
 src/hashes.c        |  5 +++++
 src/interface.c     | 27 +++++++++++++++++++++++++--
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/include/interface.h b/include/interface.h
index 8ad75b20c..53c28b30b 100644
--- a/include/interface.h
+++ b/include/interface.h
@@ -1740,7 +1740,8 @@ char *strparser   (const u32 parser_status);
 int check_old_hccap (const char *hashfile);
 void to_hccapx_t (hashcat_ctx_t *hashcat_ctx, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos);
 
-void wpa_essid_reuse (hashcat_ctx_t *hashcat_ctx);
+void wpa_essid_reuse      (hashcat_ctx_t *hashcat_ctx);
+void wpa_essid_reuse_next (hashcat_ctx_t *hashcat_ctx, const u32 salt_idx_cracked);
 
 int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_len, const u32 salt_pos, const u32 digest_pos);
 
diff --git a/src/hashes.c b/src/hashes.c
index 8af825f5b..9752c5ffc 100644
--- a/src/hashes.c
+++ b/src/hashes.c
@@ -375,6 +375,11 @@ int check_cracked (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param,
         }
       }
 
+      if (hashconfig->hash_mode == 2500)
+      {
+        wpa_essid_reuse_next (hashcat_ctx, salt_pos);
+      }
+
       if (hashes->salts_done == hashes->salts_cnt) mycracked (hashcat_ctx);
 
       check_hash (hashcat_ctx, device_param, &cracked[i]);
diff --git a/src/interface.c b/src/interface.c
index 4950412b3..40c3e550c 100644
--- a/src/interface.c
+++ b/src/interface.c
@@ -14928,12 +14928,12 @@ void wpa_essid_reuse (hashcat_ctx_t *hashcat_ctx)
 
   hashes_t *hashes = hashcat_ctx->hashes;
 
-  u32 salts_cnt = hashes->salts_cnt;
-
   salt_t *salts_buf = hashes->salts_buf;
 
   wpa_t *esalts_buf = hashes->esalts_buf;
 
+  const u32 salts_cnt = hashes->salts_cnt;
+
   for (u32 salt_idx = 1; salt_idx < salts_cnt; salt_idx++)
   {
     if (memcmp ((char *) salts_buf[salt_idx].salt_buf, (char *) salts_buf[salt_idx - 1].salt_buf, salts_buf[salt_idx].salt_len) == 0)
@@ -14943,6 +14943,29 @@ void wpa_essid_reuse (hashcat_ctx_t *hashcat_ctx)
   }
 }
 
+void wpa_essid_reuse_next (hashcat_ctx_t *hashcat_ctx, const u32 salt_idx_cracked)
+{
+  // the first essid salt has been cracked, but it's possible others with the same essid are not
+  // thus we have to update essid_reuse to find the next uncracked salt with the same essid
+
+  hashes_t *hashes = hashcat_ctx->hashes;
+
+  salt_t *salts_buf = hashes->salts_buf;
+
+  wpa_t *esalts_buf = hashes->esalts_buf;
+
+  const u32 salts_cnt = hashes->salts_cnt;
+
+  const u32 salts_idx_next = salt_idx_cracked + 1;
+
+  if (salts_idx_next == salts_cnt) return;
+
+  if (memcmp ((char *) salts_buf[salts_idx_next].salt_buf, (char *) salts_buf[salt_idx_cracked].salt_buf, salts_buf[salts_idx_next].salt_len) == 0)
+  {
+    esalts_buf[salts_idx_next].essid_reuse = 0;
+  }
+}
+
 int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_len, const u32 salt_pos, const u32 digest_pos)
 {
   const hashconfig_t *hashconfig = hashcat_ctx->hashconfig;