I was playing around with some wireless attack tools today, Mostly with cuda based tools such as pyrit.

I wanted to check my new Core i7 PC and GPU cracking capabilities and speed on my UBUNTU 10.04 64bit OS.

Pyrit supports WPA cracking with Cowpatty, At first i decided to do some benchmarking for different tools with and without cuda.

I fired up airodump-ng, Captured my own router handshake and tried to crack it using cowpatty with a dictionary file.
everytime i tried to crack it i got the following error:

root@BlackBox:/tmp/cowpatty#./cowpatty -f passwords.txt -r black.cap-01.cap -s Blackstar
cowpatty 4.6 - WPA-PSK dictionary attack.
End of pcap capture file, incomplete four-way handshake exchange. Try using a
different capture.

At first i thought something went wrong with the handshake capture so i tried capturing it several time, but no luck with cowpatty, I checked the capture file using pyrit and wireshark just to make sure the handshake was captured correctly (although it did worked fine with aircrack-ng).

root@BlackBox:/tmp/cowpatty# pyrit -r black.cap-01.cap analyze
Pyrit 0.3.0 (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Parsing file 'black.cap-01.cap' (1/1)...
297 packets (297 802.11-packets), 1 APs
#1: AccessPoint 00:23:69:c0:be:ce ('Blackstar')
#0: Station 00:23:76:ad:54:00, handshake found
#1: Station 01:00:5e:7f:ff:fa

After some googling I found a patch to fix this cowpatty issue here: http://proton.cygnusx-1.org/~edgan/cowpatty/

Applying the patch is simple, Just follow these steps:

1. Apply the patch

root@BlackBox:/tmp/cowpatty#patch < cowpatty-4.6-fixup16.patch
patching file cowpatty.c
patching file cowpatty.h

2. Compile Cowpatty

root@BlackBox:/tmp/cowpatty#make
cc -pipe -Wall -DOPENSSL  -O2 -g3 -ggdb   -c -o cowpatty.o cowpatty.c
cowpatty.c: In function ‘dictfile_attack’:
cowpatty.c:908: warning: format ‘%u’ expects type ‘unsigned int’, but argument 3 has type ‘size_t’
cowpatty.c: In function ‘main’:
cowpatty.c:1133: warning: dereferencing pointer ‘eapkeypacket’ does break strict-aliasing rules
cowpatty.c:1129: note: initialized from here
cc -pipe -Wall -DOPENSSL  -O2 -g3 -ggdb cowpatty.c -o cowpatty utils.o md5.o sha1.o -lpcap -lcrypto
cowpatty.c: In function ‘dictfile_attack’:
cowpatty.c:908: warning: format ‘%u’ expects type ‘unsigned int’, but argument 3 has type ‘size_t’
cowpatty.c: In function ‘main’:
cowpatty.c:1133: warning: dereferencing pointer ‘eapkeypacket’ does break strict-aliasing rules
cowpatty.c:1129: note: initialized from here
cc -pipe -Wall -DOPENSSL  -O2 -g3 -ggdb genpmk.c -o genpmk utils.o sha1.o -lpcap -lcrypto
genpmk.c: In function ‘main’:
genpmk.c:250: warning: format ‘%u’ expects type ‘unsigned int’, but argument 3 has type ‘size_t’

root@BlackBox:/tmp/cowpatty#make install
install -d /usr/local/bin
install -m 755 cowpatty genpmk /usr/local/bin

3. Testing the compiled cowpatty binaries

root@BlackBox:/tmp/cowpatty#./cowpatty -f passwords.txt -r black.cap-01.cap -s Blackstar
cowpatty 4.6 - WPA-PSK dictionary attack.
Collected all necessary data to mount crack against WPA2/PSK passphrase.
Starting dictionary attack.  Please be patient.
key no. 1000: achalasia
key no. 2000: admittable
key no. 3000: aglipayan
key no. 4000: allokurtic
key no. 5000: amphicytula
.....

Works fine…

Get Cowpatty and the patch here: