Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
I recently ran into a weird aircrack segmentation fault during a wireless engagement. I thought I’d share my fix for when someone else runs into it in the future.
The Aircrack Segmentation Fault
First, for those of you who are unfamiliar, Aircrack-ng is “a complete suite of tools to assess WiFi network security.”
During a wireless engagement recently, I had a few different .cap files containing a various amount of data packets. I was trying to crack a WEP key, so I stopped the collection a few times to try again/move my equipment around.
When I attempted to crack multiple .cap files at once, I received the segmentation fault.
root@kali:~# aircrack-ng s_wep_outputNEW-01.cap serta_wep_outputNEW-02.cap Opening s_wep_outputNEW-01.cap Opening s_wep_outputNEW-02.cap Segmentation fault
Attempting to crack these files one by one worked, but I needed to combine the IVs from all of them.
Debugging and Attempting to Merge
At first, I wondered if one of the files I was using was corrupt, so I ran file to make sure nothing came back weird.
root@kali:~# file s_wep_outputNEW-0*.cap s_wep_outputNEW-01.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535) s_wep_outputNEW-02.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535) s_wep_outputNEW-03.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535)
Since nothing seemed to work, I decided to just run mergecap. This combines multiple capture files into one, so I figured I would no longer get the segmentation fault.
Unfortunately, this seemed to segfault with the same files as well…
root@kali:~# mergecap -F pcap s_wep_outputNEW-01.cap s_wep_outputNEW-02.cap -w combined.cap Segmentation fault
Ivs Files and a Proper Combine
Next, I decided to use ivstools to convert each pcap into an ivs file.
This worked, though I was still only able to crack one of these files at a time.
root@kali:~# ivstools --convert s_wep_outputNEW-01.cap s1.ivs Opening s_wep_outputNEW-01.cap Creating s1.ivs Read 7998874 packets. Written 8274 IVs. root@kali:~# ivstools --convert s_wep_outputNEW-02.cap s2.ivs Opening s_wep_outputNEW-02.cap Creating s2.ivs Read 2170930 packets. Written 2182 IVs.
Finally, I used the merge command and was able to successfully combine all of my original pcaps into one file!
root@kali:~# ivstools --merge s1.ivs s2.ivs combined.ivs Creating combined.ivs Opening s1.ivs 249120 bytes written Opening s2.ivs 314823 bytes written
Cracking the Key
With the files combined, I was able to run combined.ivs through aircrack and get the proper number of IVs.
root@kali:~# aircrack-ng combined.ivs Opening combined.ivs Read 10458 packets. # BSSID ESSID Encryption 1 FC:xx:xx:xx:xx:xx Unbreakable WEP (10435 IVs) Choosing first network as target. Opening combined.ivs Attack will be restarted every 5000 captured ivs. Starting PTW attack with 10435 ivs. Aircrack-ng 1.2 rc4 [00:00:02] Tested 150553 keys (got 10435 IVs) KB depth byte(vote) 0 84/ 85 F8(11264) 3E(11192) 47(11044) 09(11008) 12(11008) 1 15/ 1 88(13312) 1A(13092) 41(13056) 80(13056) E8(13020) 2 39/ 2 B7(12068) 0F(12032) 14(12032) 53(12032) 7E(12032) 3 2/ 7 37(15360) 52(14848) 58(14848) D9(14336) 43(14080) 4 7/ 18 D1(14336) 57(13824) A5(13604) 61(13568) 1F(13312) Failed. Next try with 15000 IVs.
Unfortunately, I was never able to crack this network, even with over 240k IVs.
Aircrack Segmentation Fault – Conclusion
Unfortunately, I was never able to figure out the cause of the actual segmentation faults. If you know, or if you’ve fixed this a different way, then please let me know!
I wish I could have cracked into the network, as it was for an engagement, but at least I got a workaround in place.
Stay tuned for some more tips, tricks, and gadgets I picked up during some recent wireless engagements!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
2 Comments
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Hello
Did you find a solution to the problem?
I have a problem with Aircrack when I’m cracking wep. Although I have 1000000 over Ivs I can not get the password.
Hi Eren,
As far as the segmentation fault is concerned, I was able to fix that by merging the files.
If you have over 1 million IVs, then some of them may be invalid or the key is too complex. Do you know the strength of the key that you are trying to crack?