Aircrack Segmentation Fault and Combining .cap Files

I recently ran into a weird aircrack segmentation fault during a wireless engagement. I thought I’d share my fix for when someone else runs into it in the future.

The Aircrack Segmentation Fault

First, for those of you who are unfamiliar, Aircrack-ng is “a complete suite of tools to assess WiFi network security.”

During a wireless engagement recently, I had a few different .cap files containing a various amount of data packets. I was trying to crack a WEP key, so I stopped the collection a few times to try again/move my equipment around.

When I attempted to crack multiple .cap files at once, I received the segmentation fault.

root@kali:~# aircrack-ng s_wep_outputNEW-01.cap serta_wep_outputNEW-02.cap
Opening s_wep_outputNEW-01.cap
Opening s_wep_outputNEW-02.cap
Segmentation fault

Attempting to crack these files one by one worked, but I needed to combine the IVs from all of them.

Debugging and Attempting to Merge

At first, I wondered if one of the files I was using was corrupt, so I ran file to make sure nothing came back weird.

root@kali:~# file s_wep_outputNEW-0*.cap
s_wep_outputNEW-01.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535)
s_wep_outputNEW-02.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535)
s_wep_outputNEW-03.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535)

Since nothing seemed to work, I decided to just run mergecap. This combines multiple capture files into one, so I figured I would no longer get the segmentation fault.

Unfortunately, this seemed to segfault with the same files as well…

root@kali:~# mergecap -F pcap s_wep_outputNEW-01.cap s_wep_outputNEW-02.cap -w combined.cap
Segmentation fault

Ivs Files and a Proper Combine

Next, I decided to use ivstools to convert each pcap into an ivs file.

This worked, though I was still only able to crack one of these files at a time.

root@kali:~# ivstools --convert s_wep_outputNEW-01.cap s1.ivs
Opening s_wep_outputNEW-01.cap
Creating s1.ivs
Read 7998874 packets.
Written 8274 IVs.
root@kali:~# ivstools --convert s_wep_outputNEW-02.cap s2.ivs
Opening s_wep_outputNEW-02.cap
Creating s2.ivs
Read 2170930 packets.
Written 2182 IVs.

Finally, I used the merge command and was able to successfully combine all of my original pcaps into one file!

root@kali:~# ivstools --merge s1.ivs s2.ivs combined.ivs
Creating combined.ivs
Opening s1.ivs
249120 bytes written
Opening s2.ivs
314823 bytes written

Cracking the Key

With the files combined, I was able to run combined.ivs through aircrack and get the proper number of IVs.

root@kali:~# aircrack-ng combined.ivs 
Opening combined.ivs
Read 10458 packets.

   #  BSSID              ESSID                     Encryption

   1  FC:xx:xx:xx:xx:xx  Unbreakable               WEP (10435 IVs)

Choosing first network as target.

Opening combined.ivs
Attack will be restarted every 5000 captured ivs.
Starting PTW attack with 10435 ivs.

                                 Aircrack-ng 1.2 rc4

                 [00:00:02] Tested 150553 keys (got 10435 IVs)

   KB    depth   byte(vote)
    0   84/ 85   F8(11264) 3E(11192) 47(11044) 09(11008) 12(11008) 
    1   15/  1   88(13312) 1A(13092) 41(13056) 80(13056) E8(13020) 
    2   39/  2   B7(12068) 0F(12032) 14(12032) 53(12032) 7E(12032) 
    3    2/  7   37(15360) 52(14848) 58(14848) D9(14336) 43(14080) 
    4    7/ 18   D1(14336) 57(13824) A5(13604) 61(13568) 1F(13312) 

Failed. Next try with 15000 IVs.

Unfortunately, I was never able to crack this network, even with over 240k IVs.

Aircrack Segmentation Fault – Conclusion

Unfortunately, I was never able to figure out the cause of the actual segmentation faults. If you know, or if you’ve fixed this a different way, then please let me know!

I wish I could have cracked into the network, as it was for an engagement, but at least I got a workaround in place.

Stay tuned for some more tips, tricks, and gadgets I picked up during some recent wireless engagements!

doyler on Githubdoyler on Twitter

Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for SecureWorks. His previous position was a Senior Penetration Tester for a major financial institution.

When he’s not figuring out what cert to get next (OSCE?!) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

ERROR: si-captcha.php plugin: GD image support not detected in PHP!

Contact your web host and ask them to enable GD image support for PHP.

ERROR: si-captcha.php plugin: imagepng function not detected in PHP!

Contact your web host and ask them to enable imagepng for PHP.