aircrack-ng-archive icon indicating copy to clipboard operation
aircrack-ng-archive copied to clipboard

Published 20 hours ago verified publisher icon aircrack-ng

International charset not recognized by airodump-ng

Open joh1686 opened this issue 8 years ago • 10 comments

Hi guys,

I am using aircrack-ng 1.2-rc3 on Ubuntu Linux 16.04. I noticed that when using airodump-ng it displays international charsets as bad/unknown characters (BF/EF/BD).

For example: CH 2 ][ Elapsed: 6 s ][ 2017-02-27 10:00

BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

8C:3A:E3:3F:DA:56 -28 8 3 1 11 54e WPA2 CCMP PSK �.�.�.�.?
B4:C7:99:59:E7:23 -32 10 0 0 1 54 . WPA2 CCMP PSK <length: 1>
B4:C7:99:59:E7:22 -34 9 0 0 1 54 . WPA2 CCMP PSK <length: 1>

It's supposed to be מההה? in Hebrew. I did not find a solution in google or anyone mentioning this issue.

joh1686 avatar Feb 27 '17 22:02 joh1686

Is your terminal able to display hebrew? https://askubuntu.com/questions/458856/hebrew-font-in-terminal-ubuntu-12-10

Mister-X- avatar Feb 27 '17 22:02 Mister-X-

Yes it can display hebrew: $ cat name.txt �.�.�.�.? מהההה? The first line is the one I copied from aircrack and the second one is one I wrote myself using vi. And in Hex: $ hexdump name.txt 0000000 bfef 2ebd bfef 2ebd bfef 2ebd bfef 2ebd 0000010 0a3f 9ed7 94d7 94d7 94d7 94d7 0a3f
000001e

When logged in to wifi network מההה? I see via iwconfig wlan0 IEEE 802.11bgn ESSID:"\xD7\x9E\xD7\x94\xD7\x94\xD7\x94?"

I also tried some symbols that are not hebrew (Indian Rupee sign ₹): 8C:3A:E3:3F:DA:56 -33 25 0 0 11 54e WPA2 CCMP PSK �.��.��.��.�¤¤¤
The 3 right squareish symbols are correct but the rest are displayed as bad chars. Via iwconfig I can see: wlan0 IEEE 802.11bgn ESSID:"\xE2\x82\xB9\xE2\x82\xB9\xE2\x82\xB9\xE2\x82\xB9\xC2\xA4\xC2\xA4\xC2\xA4"

joh1686 avatar Feb 28 '17 11:02 joh1686

essid char is limit:

  1. i f( ( ap_cur->essid[i] > 0 && ap_cur->essid[i] < 32 ) ||( ap_cur->essid[i] > 126 && ap_cur->essid[i] < 160 ) ) ap_cur->essid[i] = '.';

  2. if( c == 0 || ( c > 126 && c < 160 ) ) c = '.'; //could also check ||(c>0 && c<32)

GnaixLin avatar Feb 28 '17 12:02 GnaixLin

@GnaixLin Thanks. This explains why the \x9e and \x94 are turned into a dot char, but not the \xd7 char. Looks like airodump treats chars as one byte while UTF-8 is usually multi-byte.

joh1686 avatar Feb 28 '17 16:02 joh1686

Apparently, the standard allows UTF-8 but it is a special case. Would it be possible to have a PCAP file with just a beacon, a probe request+response and association request?

"When the UTF-8 SSID subfield of the Extended Capabilities element is equal to 1 in the frame that includes the SSID element, the SSID is interpreted using UTF-8 encoding."

Mister-X- avatar Feb 28 '17 18:02 Mister-X-

I captured a beacon frame. I hope you don't mind I edited the bssid. https://ufile.io/b0d141

joh1686 avatar Mar 01 '17 07:03 joh1686

Yep, that's OK.

Thanks

Mister-X- avatar Mar 01 '17 21:03 Mister-X-

That AP doesn't seem to follow the spec when it comes to UTF8.

It's a complex issue, it affects a lot of tools, not only airodump-ng, anything where you specify an ESSID or processes SSID. It affects airodump-ng in several ways: displaying and saving to files (and also the different file formats that might handle it in a different way). It's gonna take some time to fix it.

Mister-X- avatar Mar 02 '17 02:03 Mister-X-

It's an LG D802 but not the first time they don't follow spec. It looks like Ubuntu's net manager is able to correctly display the essid. Thanks for the prompt response.

joh1686 avatar Mar 02 '17 11:03 joh1686

I also encountered this problem when the SSID is not in English.

Will this be fixed?

samiux avatar Dec 20 '17 01:12 samiux