Fix WPA/WPA2 incorrectly reports cracked passwords in some cases

2025-01-11 00:01:16 +00:00 · 2017-02-27 09:30:02 +01:00 · 2017-02-27 09:30:02 +01:00 · d2e95d5e1b
commit d2e95d5e1b
parent c13f851a52
3 changed files with 32 additions and 3 deletions
--- a/include/interface.h
+++ b/include/interface.h
@ -1741,6 +1741,7 @@ int check_old_hccap (const char *hashfile);
 void to_hccapx_t (hashcat_ctx_t *hashcat_ctx, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos);

 void wpa_essid_reuse      (hashcat_ctx_t *hashcat_ctx);
+void wpa_essid_reuse_next (hashcat_ctx_t *hashcat_ctx, const u32 salt_idx_cracked);

 int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_len, const u32 salt_pos, const u32 digest_pos);

--- a/src/hashes.c
+++ b/src/hashes.c
@ -375,6 +375,11 @@ int check_cracked (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param,
        }
      }

+      if (hashconfig->hash_mode == 2500)
+      {
+        wpa_essid_reuse_next (hashcat_ctx, salt_pos);
+      }
+
      if (hashes->salts_done == hashes->salts_cnt) mycracked (hashcat_ctx);

      check_hash (hashcat_ctx, device_param, &cracked[i]);
--- a/src/interface.c
+++ b/src/interface.c
@ -14928,12 +14928,12 @@ void wpa_essid_reuse (hashcat_ctx_t *hashcat_ctx)

  hashes_t *hashes = hashcat_ctx->hashes;

-  u32 salts_cnt = hashes->salts_cnt;
-
  salt_t *salts_buf = hashes->salts_buf;

  wpa_t *esalts_buf = hashes->esalts_buf;

+  const u32 salts_cnt = hashes->salts_cnt;
+
  for (u32 salt_idx = 1; salt_idx < salts_cnt; salt_idx++)
  {
    if (memcmp ((char *) salts_buf[salt_idx].salt_buf, (char *) salts_buf[salt_idx - 1].salt_buf, salts_buf[salt_idx].salt_len) == 0)
@ -14943,6 +14943,29 @@ void wpa_essid_reuse (hashcat_ctx_t *hashcat_ctx)
  }
 }

+void wpa_essid_reuse_next (hashcat_ctx_t *hashcat_ctx, const u32 salt_idx_cracked)
+{
+  // the first essid salt has been cracked, but it's possible others with the same essid are not
+  // thus we have to update essid_reuse to find the next uncracked salt with the same essid
+
+  hashes_t *hashes = hashcat_ctx->hashes;
+
+  salt_t *salts_buf = hashes->salts_buf;
+
+  wpa_t *esalts_buf = hashes->esalts_buf;
+
+  const u32 salts_cnt = hashes->salts_cnt;
+
+  const u32 salts_idx_next = salt_idx_cracked + 1;
+
+  if (salts_idx_next == salts_cnt) return;
+
+  if (memcmp ((char *) salts_buf[salts_idx_next].salt_buf, (char *) salts_buf[salt_idx_cracked].salt_buf, salts_buf[salts_idx_next].salt_len) == 0)
+  {
+    esalts_buf[salts_idx_next].essid_reuse = 0;
+  }
+}
+
 int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_len, const u32 salt_pos, const u32 digest_pos)
 {
  const hashconfig_t *hashconfig = hashcat_ctx->hashconfig;