I recently ran into a weird aircrack segmentation fault during a wireless engagement. I thought I’d share my fix for when someone else runs into it in the future.
The Aircrack Segmentation Fault
First, for those of you who are unfamiliar, Aircrack-ng is “a complete suite of tools to assess WiFi network security.”
During a wireless engagement recently, I had a few different .cap files containing a various amount of data packets. I was trying to crack a WEP key, so I stopped the collection a few times to try again/move my equipment around.
When I attempted to crack multiple .cap files at once, I received the segmentation fault.
root@kali:~# aircrack-ng s_wep_outputNEW-01.cap serta_wep_outputNEW-02.cap Opening s_wep_outputNEW-01.cap Opening s_wep_outputNEW-02.cap Segmentation fault
Attempting to crack these files one by one worked, but I needed to combine the IVs from all of them.
Debugging and Attempting to Merge
At first, I wondered if one of the files I was using was corrupt, so I ran file to make sure nothing came back weird.
root@kali:~# file s_wep_outputNEW-0*.cap s_wep_outputNEW-01.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535) s_wep_outputNEW-02.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535) s_wep_outputNEW-03.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535)
Since nothing seemed to work, I decided to just run mergecap. This combines multiple capture files into one, so I figured I would no longer get the segmentation fault.
Unfortunately, this seemed to segfault with the same files as well…
root@kali:~# mergecap -F pcap s_wep_outputNEW-01.cap s_wep_outputNEW-02.cap -w combined.cap Segmentation fault
Ivs Files and a Proper Combine
Next, I decided to use ivstools to convert each pcap into an ivs file.
This worked, though I was still only able to crack one of these files at a time.
root@kali:~# ivstools --convert s_wep_outputNEW-01.cap s1.ivs Opening s_wep_outputNEW-01.cap Creating s1.ivs Read 7998874 packets. Written 8274 IVs. root@kali:~# ivstools --convert s_wep_outputNEW-02.cap s2.ivs Opening s_wep_outputNEW-02.cap Creating s2.ivs Read 2170930 packets. Written 2182 IVs.
Finally, I used the merge command and was able to successfully combine all of my original pcaps into one file!
root@kali:~# ivstools --merge s1.ivs s2.ivs combined.ivs Creating combined.ivs Opening s1.ivs 249120 bytes written Opening s2.ivs 314823 bytes written
Cracking the Key
With the files combined, I was able to run combined.ivs through aircrack and get the proper number of IVs.
root@kali:~# aircrack-ng combined.ivs Opening combined.ivs Read 10458 packets. # BSSID ESSID Encryption 1 FC:xx:xx:xx:xx:xx Unbreakable WEP (10435 IVs) Choosing first network as target. Opening combined.ivs Attack will be restarted every 5000 captured ivs. Starting PTW attack with 10435 ivs. Aircrack-ng 1.2 rc4 [00:00:02] Tested 150553 keys (got 10435 IVs) KB depth byte(vote) 0 84/ 85 F8(11264) 3E(11192) 47(11044) 09(11008) 12(11008) 1 15/ 1 88(13312) 1A(13092) 41(13056) 80(13056) E8(13020) 2 39/ 2 B7(12068) 0F(12032) 14(12032) 53(12032) 7E(12032) 3 2/ 7 37(15360) 52(14848) 58(14848) D9(14336) 43(14080) 4 7/ 18 D1(14336) 57(13824) A5(13604) 61(13568) 1F(13312) Failed. Next try with 15000 IVs.
Unfortunately, I was never able to crack this network, even with over 240k IVs.
Aircrack Segmentation Fault – Conclusion
Unfortunately, I was never able to figure out the cause of the actual segmentation faults. If you know, or if you’ve fixed this a different way, then please let me know!
I wish I could have cracked into the network, as it was for an engagement, but at least I got a workaround in place.
Stay tuned for some more tips, tricks, and gadgets I picked up during some recent wireless engagements!