Home > Information > Forum > Show Topic
Show thread topic
OneNote password recovery v3.4
Support for Microsoft Office 365
Reset Windows Password v14.2
Telegram data recovery, Photo Database and Media Player investigation tools, and some more
Office password recovery tools
Resetting VBA passwords
New blog post
Dumping the history of users' IP addresses in Windows

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

New algorithm for loading WPA handshakes from capture files

Passcape_Admin, 10:16:13 31.05.2017 Rating: 0 #1

New algorithm for loading WPA handshakes from capture files  

The main trouble extracting handshakes from capture/dump files is that there is no way to determine if a handshake valid or not. Every WPA handshake consists of data that reside in at least two authentication packets (out of 4 authentication messages between an access point and a client). The data can be sent in different packets. For instance, in the first and second message, third and fourth, and so on.
The validation problem is complicated by the following:
- Authentication packets can be sent several times. For example: MSG1, MSG2, MSG1, MSG4.
- Authentication packets can be interleaved with the deauthentication message that is often used to force re-associating a client and an access point. For instance, MSG1, DEAUTH, MSG2. Once the deauthentication message is met, the access point predictably considers such a handshake invalid and rejects authentication, inspite the fact it contains 'valid' data.

Many programs handle such situations differently. In the most complex cases, the only way to tackle this issue is to manually sort out trash and select certain packets for building valid handshakes. WIFIPR now comes with a brand-new algorithm for exhaustive handshake generation that guarantees the presence of at least one valid handshake. The significant disadvantage of this method is that valid handshakes are generated along with a lot of junk (invalid) records. Hundreds or even thousands of them, depending on the source file. Therefore, this option should be used exclusively with the multi-mode that allows handling handshakes with identical SSID’s simultaneously.

Well anyway this algorithm is good enough for certain cases to ensure that you have at least one valid handshake.
Entries 1 to 1 from 1  [ <<  1  >> ]