You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action
New algorithm for loading WPA handshakes from capture files
New algorithm for loading WPA handshakes from capture files
The main trouble extracting handshakes from capture/dump files is that there is no way to determine if a handshake valid or not. Every WPA handshake consists of data that reside in at least two authentication packets (out of 4 authentication messages between an access point and a client). The data can be sent in different packets. For instance, in the first and second message, third and fourth, and so on.
The validation problem is complicated by the following:
- Authentication packets can be sent several times. For example: MSG1, MSG2, MSG1, MSG4.
- Authentication packets can be interleaved with the deauthentication message that is often used to force re-associating a client and an access point. For instance, MSG1, DEAUTH, MSG2. Once the deauthentication message is met, the access point predictably considers such a handshake invalid and rejects authentication, inspite the fact it contains 'valid' data.
Many programs handle such situations differently. In the most complex cases, the only way to tackle this issue is to manually sort out trash and select certain packets for building valid handshakes. WIFIPR now comes with a brand-new algorithm for exhaustive handshake generation that guarantees the presence of at least one valid handshake. The significant disadvantage of this method is that valid handshakes are generated along with a lot of junk (invalid) records. Hundreds or even thousands of them, depending on the source file. Therefore, this option should be used exclusively with the multi-mode that allows handling handshakes with identical SSID’s simultaneously.
Well anyway this algorithm is good enough for certain cases to ensure that you have at least one valid handshake.