MacOS and aircrack & aireplay

ddwyer50 · 03-24-2005

Hello All,

I have been doing some research into wireless sniffing and packet analysis. I have a 12" PowerBook with an AirPort Extreme card (waste). I just picked up a D-Link DWL-122, which worked like a champ on my system. I have installed KisMAC, Ethereal (with Fink), and have also come across a aircrack binary for PPC. Nice.

I can't seem to get a (precompiled) copy of aireplay or chopchop for PPC. I dowloaded the source and tried to 'make' but that didn't work. So my question is this: is there a PPC precompiled binary out there somewhere? Is it possible for me to compile it myself? If so, how?

Thanks!

Kronk · 03-25-2005

Unless we get wireless driver support, aireplay w/ chopchop won't work under MacOS X. The latest aireplay beta works well under LinuxPPC (Yellowdog Linux), so you could give that a try.

Also, give the latest alpha of KisMAC (0.2r60). It is currenly only available in source form, but here is a link to the compiled version.

http://www.macunix.net/KisMAC_Alpha/

It has the same functionality as Aircrack 2.1 plus you only need a single Prism2 device to perform reinjection attacks. Since the original Aircrack code made it into this version of KisMAC, adding chopchop should be easy as well.

ddwyer50 · 03-25-2005

Thanks for the info. The new version looks cool.

I am wondering though...Lets say I fire up Kismac, and it starts scanning. I find a couple of networks. Great. Now, I decide to double click on my network, to get more detailed info about it.

From here, I can see packet being logged. The "Unique IV's" start counting. However, the "Inj. Packets" stays at zero. I click "Deauthenticate" and then "Inj. Packets" starts to go up. Is this packet injection? I didn't think Deauthenticate would affect Injected Packets.

Then I click Inject. What I thought was that when I did this, the "Unique IV's" would start accumulating at a much higher rate, due to the packet injection. This does not happen. In fact, I get no indication that the packet injection is even happening. Can I verify this? Isn't injection supposed to make Unique IV's climb at a faster rate? I have looked into Kismac's documentation, but it's a little sketchy.

Thanks!

Kronk · 03-26-2005

The current packet injection in KisMAC is based on ARP replay. The injectable packets correspond to possible ARP packets, based on the size of the packet. When an AP client reauthenticates, an ARP packet is generated during the IP address assignment process, usually DHCP.

On most APs, especially those with Windows clients, you shouldn't have to deauthenticate. I usually see a dozen or so injectable packets within a few minutes. Not all APs are susceptable to this attack and what you are seeing may mean the AP is not susceptable to a replay attack or you haven't captured the right injectable packets. You just have to test it. KisMAC may also still have some bugs, so you may need to quit and restart it a few times during the process.

In my tests, once I had the right injectable packet the Unique IVs climbed at a tremendous rate. I had enough packets to crack the WEP key in about 15 minutes.

The susceptability to ARP replay attacks is exactly why chopchop is used. You use this tool to brute force crack a single packet, get the IP and data information and forge your own injectable packet.

ddwyer50 · 03-26-2005

Kronk, you are the man.

I partitioned my PowerBook last night and am going to install Linux on it today (Ubuntu or YellowDog I think) so I can use more wireless tools.

Thanks.

catherineburlow · 03-28-2005

Sorry I'm only an advanced macosx user but I'm still unable to use an entire linux system.... Just a question since I cannot use another thing than kismac. Do yu mean it i posible to reinject packets with only an apple airprt card. Are you sure you don't use airport+pmcia???

Just wanting to try to inject packets to see if I'm able to crack the wep. Eager to do it.

Special kisses from barcelona city
Catherine

Dutch · 03-28-2005

Quote:

Originally Posted by catherineburlow

Special kisses from barcelona city
Catherine

I've experienced and know what French Kissing is, but Spanish Kissing ? Using the tongue on a bull ?

Dutch

Barry · 03-28-2005

Quote:

Originally Posted by Dutch

I've experienced and know what French Kissing is, but Spanish Kissing ? Using the tongue on a bull ?

Dutch

Hey, hey! I've seen what happens to the bull. No Spanish kisses for me!!

Dutch · 03-28-2005

Quote:

Originally Posted by Barry

Hey, hey! I've seen what happens to the bull. No Spanish kisses for me!!

I once went to Spain on vacation, and actually ate at a very good restaurant just next to a bullfighting arena.
They served a very good dish, called "Cojones Del Toro" or something like that. Two big and very tender pieces of meat, in an absolutely fabulous sauce.
The second time I went to that restaurant, and ordered the same meal, I was severely disappointed though. The pieces of meat were only a quarter size compared to the first time.

When I complained, the waiter just looked and me and said : "Senor, the bull doesn't allways loose..."

Dutch

Tullebukk · 04-04-2005

I now why we can`t use airplay on a mac. but dose anybody have a version of aircrack, the program to break the wep key for os X. you dont need a driver to run that.

streaker69 · 04-04-2005

Quote:

Originally Posted by Tullebukk

I now why we can`t use airplay on a mac. but dose anybody have a version of aircrack, the program to break the wep key for os X. you dont need a driver to run that.

Working on a school project for cracking WEP?

Dutch · 04-04-2005

Quote:

Originally Posted by streaker69

Working on a school project for cracking WEP?

Damn you.. Fifth keyboard this week. You are doing it on purpose *sigh*

Dutch

03-24-2005	#1 (permalink)
ddwyer50 Registered Member Join Date: Mar 2005 Posts: 3	MacOS and aircrack & aireplay Hello All, I have been doing some research into wireless sniffing and packet analysis. I have a 12" PowerBook with an AirPort Extreme card (waste). I just picked up a D-Link DWL-122, which worked like a champ on my system. I have installed KisMAC, Ethereal (with Fink), and have also come across a aircrack binary for PPC. Nice. I can't seem to get a (precompiled) copy of aireplay or chopchop for PPC. I dowloaded the source and tried to 'make' but that didn't work. So my question is this: is there a PPC precompiled binary out there somewhere? Is it possible for me to compile it myself? If so, how? Thanks! Last edited by ddwyer50 : 03-24-2005 at 11:18 PM.

03-28-2005	#6 (permalink)
catherineburlow Registered Member Join Date: Jul 2004 Posts: 4	About injection Sorry I'm only an advanced macosx user but I'm still unable to use an entire linux system.... Just a question since I cannot use another thing than kismac. Do yu mean it i posible to reinject packets with only an apple airprt card. Are you sure you don't use airport+pmcia??? Just wanting to try to inject packets to see if I'm able to crack the wep. Eager to do it. Special kisses from barcelona city Catherine

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

03-25-2005	#2 (permalink)
Kronk Registered Member Join Date: Jul 2004 Posts: 13	Unless we get wireless driver support, aireplay w/ chopchop won't work under MacOS X. The latest aireplay beta works well under LinuxPPC (Yellowdog Linux), so you could give that a try. Also, give the latest alpha of KisMAC (0.2r60). It is currenly only available in source form, but here is a link to the compiled version. http://www.macunix.net/KisMAC_Alpha/ It has the same functionality as Aircrack 2.1 plus you only need a single Prism2 device to perform reinjection attacks. Since the original Aircrack code made it into this version of KisMAC, adding chopchop should be easy as well.

03-25-2005	#3 (permalink)
ddwyer50 Registered Member Join Date: Mar 2005 Posts: 3	Thanks for the info. The new version looks cool. I am wondering though...Lets say I fire up Kismac, and it starts scanning. I find a couple of networks. Great. Now, I decide to double click on my network, to get more detailed info about it. From here, I can see packet being logged. The "Unique IV's" start counting. However, the "Inj. Packets" stays at zero. I click "Deauthenticate" and then "Inj. Packets" starts to go up. Is this packet injection? I didn't think Deauthenticate would affect Injected Packets. Then I click Inject. What I thought was that when I did this, the "Unique IV's" would start accumulating at a much higher rate, due to the packet injection. This does not happen. In fact, I get no indication that the packet injection is even happening. Can I verify this? Isn't injection supposed to make Unique IV's climb at a faster rate? I have looked into Kismac's documentation, but it's a little sketchy. Thanks!

03-26-2005	#4 (permalink)
Kronk Registered Member Join Date: Jul 2004 Posts: 13	The current packet injection in KisMAC is based on ARP replay. The injectable packets correspond to possible ARP packets, based on the size of the packet. When an AP client reauthenticates, an ARP packet is generated during the IP address assignment process, usually DHCP. On most APs, especially those with Windows clients, you shouldn't have to deauthenticate. I usually see a dozen or so injectable packets within a few minutes. Not all APs are susceptable to this attack and what you are seeing may mean the AP is not susceptable to a replay attack or you haven't captured the right injectable packets. You just have to test it. KisMAC may also still have some bugs, so you may need to quit and restart it a few times during the process. In my tests, once I had the right injectable packet the Unique IVs climbed at a tremendous rate. I had enough packets to crack the WEP key in about 15 minutes. The susceptability to ARP replay attacks is exactly why chopchop is used. You use this tool to brute force crack a single packet, get the IP and data information and forge your own injectable packet.

03-26-2005	#5 (permalink)
ddwyer50 Registered Member Join Date: Mar 2005 Posts: 3	Kronk, you are the man. I partitioned my PowerBook last night and am going to install Linux on it today (Ubuntu or YellowDog I think) so I can use more wireless tools. Thanks.

04-04-2005	#10 (permalink)
Tullebukk Registered Member Join Date: Apr 2005 Posts: 1	I now why we can`t use airplay on a mac. but dose anybody have a version of aircrack, the program to break the wep key for os X. you dont need a driver to run that.