diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-fixup2/cowpatty.c
--- cowpatty-4.3/cowpatty.c	2008-03-20 09:49:38.000000000 -0700
+++ cowpatty-4.3-fixup2/cowpatty.c	2009-05-21 23:38:17.970291072 -0700
@@ -71,7 +71,7 @@
 void cleanup();
 void parseopts(struct user_opt *opt, int argc, char **argv);
 void closepcap(struct capture_data *capdata);
-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata);
+void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt);
 void dump_all_fields(struct crack_data cdata);
 void printstats(struct timeval start, struct timeval end,
 		unsigned long int wordcount);
@@ -389,7 +389,7 @@
 	return (ret);
 }
 
-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata)
+void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt)
 {
 	struct ieee8021x *dot1xhdr;
 	struct wpa_eapol_key *eapolkeyhdr;
@@ -415,8 +415,8 @@
 	cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK;
 	index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK;
 
-	/* Check for EAPOL version 1, type EAPOL-Key */
-	if (dot1xhdr->version != 1 || dot1xhdr->type != 3) {
+	/* Check for type EAPOL-Key */
+	if (dot1xhdr->type != 3) {
 		return;
 	}
 
@@ -427,59 +427,78 @@
 
 	if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
 		/* Check for WPA key, and pairwise key type */
-		if (eapolkeyhdr->type != 254 || 
+		if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || 
 				(key_info & WPA_KEY_INFO_KEY_TYPE) == 0) {
 			return;
 		}
 	} else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
-		if (eapolkeyhdr->type != 2 ||
+		if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) ||
 				(key_info & WPA_KEY_INFO_KEY_TYPE) == 0) {
 			return;
 		}
 	}
 
+	if (opt->verbose > 2) {
+		printf ("WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: %d\n", WPA_KEY_INFO_TYPE_HMAC_MD5_RC4);
+		printf ("WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: %d\n", WPA_KEY_INFO_TYPE_HMAC_SHA1_AES);
+		printf ("key version: %d\n", cdata->ver);
+		printf ("eapol key header type: %d\n", eapolkeyhdr->type);
+	}
+
+	/* Check for frame 1 of the 4-way handshake */
+	if ((key_info & WPA_KEY_INFO_MIC) == 0 
+	   && (key_info & WPA_KEY_INFO_ACK)
+	   && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) {
+                /* All we need from this frame is the authenticator nonce */
+		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+			sizeof(cdata->anonce));
+		cdata->anonceset = 1;
+ 
 	/* Check for frame 2 of the 4-way handshake */
-	if ((key_info & WPA_KEY_INFO_MIC) && (key_info & WPA_KEY_INFO_ACK) == 0
-	    && (key_info & WPA_KEY_INFO_INSTALL) == 0
-	    && eapolkeyhdr->key_data_length > 0) {
-		/* All we need from this frame is the authenticator nonce */
-		memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
-		       sizeof(cdata->snonce));
-		cdata->snonceset = 1;
+	} else if ((key_info & WPA_KEY_INFO_MIC)
+	  && (key_info & WPA_KEY_INFO_INSTALL) == 0
+	  && (key_info & WPA_KEY_INFO_ACK) == 0
+	  && eapolkeyhdr->key_data_length > 0) {
 
-	} else if (		/* Check for frame 3 of the 4-way handshake */
-			  (key_info & WPA_KEY_INFO_MIC)
-			  && (key_info & WPA_KEY_INFO_INSTALL)
-			  && (key_info & WPA_KEY_INFO_ACK)) {
+		cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 )
+				+   packet[capdata->dot1x_offset + 3] + 4;
 
 		memcpy(cdata->spa, &packet[capdata->dstmac_offset],
-		       sizeof(cdata->spa));
-		memcpy(cdata->aa, &packet[capdata->srcmac_offset],
-		       sizeof(cdata->aa));
-		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
-		       sizeof(cdata->anonce));
-		cdata->aaset = 1;
-		cdata->spaset = 1;
-		cdata->anonceset = 1;
-		/* We save the replay counter value in the 3rd frame to match
-		   against the 4th frame of the four-way handshake */
-		memcpy(cdata->replay_counter, eapolkeyhdr->replay_counter, 8);
-
-	} else if (		/* Check for frame 4 of the four-way handshake */
-			  (key_info & WPA_KEY_INFO_MIC)
-			  && (key_info & WPA_KEY_INFO_ACK) == 0
-			  && (key_info & WPA_KEY_INFO_INSTALL) == 0
-			  &&
-			  (memcmp
-			   (cdata->replay_counter, eapolkeyhdr->replay_counter,
-			    8) == 0)) {
+			sizeof(cdata->spa));
+       	        memcpy(cdata->aa, &packet[capdata->srcmac_offset],
+			sizeof(cdata->aa));
+		memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
+			 sizeof(cdata->snonce));
+                cdata->aaset = 1;
+                cdata->spaset = 1;
+		cdata->snonceset = 1;
 
 		memcpy(cdata->keymic, eapolkeyhdr->key_mic,
-		       sizeof(cdata->keymic));
+			sizeof(cdata->keymic));
 		memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset],
-		       sizeof(cdata->eapolframe));
+			cdata->eapolframe_size);
+
 		cdata->keymicset = 1;
 		cdata->eapolframeset = 1;
+
+	/* Check for frame 3 of the 4-way handshake */
+	}  else if ((key_info & WPA_KEY_INFO_MIC)
+		   && (key_info & WPA_KEY_INFO_ACK)
+		   && (key_info & WPA_KEY_INFO_INSTALL)) {
+		/* All we need from this frame is the authenticator nonce */
+		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+			sizeof(cdata->anonce));
+		cdata->anonceset = 1;
+
+	}
+
+	if (opt->verbose > 2) {
+		printf("aaset: %d\n",cdata->aaset);
+		printf("spaset: %d\n",cdata->spaset);
+		printf("snonceset: %d\n",cdata->snonceset);
+	        printf("keymicset: %d\n",cdata->keymicset);
+	        printf("eapolframeset: %d\n",cdata->eapolframeset);
+	        printf("anonceset: %d\n", cdata->anonceset);
 	}
 }
 
@@ -507,8 +526,7 @@
 	printf("\n");
 
 	printf("eapolframe is:");
-	lamont_hdump(cdata.eapolframe, 99);	/* Bug in lamont_hdump makes this look
-						   wrong, only shows 98 bytes */
+		lamont_hdump(cdata.eapolframe, cdata.eapolframe_size);
 	printf("\n");
 
 }
@@ -706,7 +724,7 @@
 		}
 
 		hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe,
-			 sizeof(cdata->eapolframe), keymic);
+			cdata->eapolframe_size, keymic);
 
 		if (opt->verbose > 2) {
 			printf("Calculated MIC with \"%s\" is", passphrase);
@@ -815,7 +833,7 @@
 		}
 
 		hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe,
-			 sizeof(cdata->eapolframe), keymic);
+			cdata->eapolframe_size, keymic);
 
 		if (opt->verbose > 2) {
 			printf("Calculated MIC with \"%s\" is", passphrase);
@@ -874,7 +892,7 @@
 		    0 && (h->len >
 			capdata.l2type_offset + sizeof(struct wpa_eapol_key))) {
 			/* It's a dot1x frame, process it */
-			handle_dot1x(&cdata, &capdata);
+			handle_dot1x(&cdata, &capdata, &opt);
 			if (cdata.aaset && cdata.spaset && cdata.snonceset &&
 			    cdata.anonceset && cdata.keymicset
 			    && cdata.eapolframeset) {
@@ -909,7 +927,6 @@
 	eapkeypacket =
 	    (struct wpa_eapol_key *)&cdata.eapolframe[EAPDOT1XOFFSET];
 	memset(&eapkeypacket->key_mic, 0, sizeof(eapkeypacket->key_mic));
-	eapkeypacket->key_data_length = 0;
 
 	printf("Starting dictionary attack.  Please be patient.\n");
 	fflush(stdout);
diff -uNr cowpatty-4.3/cowpatty.h cowpatty-4.3-fixup2/cowpatty.h
--- cowpatty-4.3/cowpatty.h	2008-03-20 09:49:38.000000000 -0700
+++ cowpatty-4.3-fixup2/cowpatty.h	2009-05-21 23:37:52.533281370 -0700
@@ -94,7 +94,7 @@
 	u16 length;
 } __attribute__ ((packed));
 
-#define MAXPASSLEN 63
+#define MAXPASSLEN 64
 #define MEMORY_DICT 0
 #define STDIN_DICT 1
 #define EAPDOT1XOFFSET 4
@@ -166,7 +166,8 @@
 	u8 spa[6];
 	u8 snonce[32];
 	u8 anonce[32];
-	u8 eapolframe[99];	/* Length the same for all packets? */
+	u8 eapolframe[99];
+	u8 eapolframe2[125];
 	u8 keymic[16];
 	u8 aaset;
 	u8 spaset;
@@ -177,6 +178,7 @@
 	u8 replay_counter[8];
 
 	int ver; /* Hashing algo, MD5 or AES-CBC-MAC */
+	int eapolframe_size;
 };
 
 struct hashdb_head {