(Aircrack)Yet another WEP cracking tool for Linux

devine · 07-29-2004

Hey folks,

I'm glad to announce the first release of aircrack - a program similar to David Hulton's dwepcrack and TopoLB's weplab.

The source can be downloaded at http://www.cr0.net:8040/code/network/ - any feedback will be greatly appreciated.

-- Christophe

devine · 08-11-2004

From the freshmeat announcement -

Quote:

This release adds multi-processor support, improves the fudge calculation algorithm, and fixes a major bug in the BSSID check code. It also introduces a new tool (aireplay) that can be used to generate traffic on a WEP-encrypted wireless LAN without knowing the key, thereby reducing the amount of time needed to gather a sufficient number of encrypted data packets.

kleptophobiac · 08-11-2004

generates more traffic on the network.... I'll have to check that one out!

KoreK · 08-11-2004

Devine, check out my post (the one with the little demo) in the Mac OS section. You might find it interesting

devine · 08-12-2004

Quote:

Originally Posted by KoreK

Devine, check out my post (the one with the little demo) in the Mac OS section. You might find it interesting

Indeed! The new attacks you've developped look awesome, and I'm generating some stats right now for each keybyte of different keys in order to see what may be the best attack strategy. This could lead to a very fast WEP cracking tool.

sylvain · 08-12-2004

do you know if your tool is compliant with aironet cisco card ?

it seems to the case..one great thing that weplab can not do is to select the bssid of the network !!

sylvain · 08-12-2004

Quote:

Originally Posted by devine

Indeed! The new attacks you've developped look awesome, and I'm generating some stats right now for each keybyte of different keys in order to see what may be the best attack strategy. This could lead to a very fast WEP cracking tool.

do you plan to develop this WEP cracking tool

devine · 08-12-2004

Quote:

Originally Posted by sylvain

do you know if your tool is compliant with aironet cisco card ?

airodump should be compatible with any wireless card that can be put in Monitor mode. At the moment it has only been tested with Prism2 cards, but I intend to borrow some Orinoco/Aironet/PrismGT/Atheros cards to make sure it works ok with those chipsets.

AFAIK aircrack works with any 802.11 pcap file.

aireplay is, at the moment, only compatible with Prism2 cards using the patched HostAP driver.

devine · 08-12-2004

Quote:

Originally Posted by sylvain

do you plan to develop this WEP cracking tool

Sure, actually that's what I'm doing right now

sylvain · 08-12-2004

you are right aircrack is working with pcap file generated with kismet/aironet

do you plan to develop aireplay for other cards than Prism2 ?

devine · 08-12-2004

Quote:

Originally Posted by sylvain

you are right aircrack is working with pcap file generated with kismet/aironet

do you plan to develop aireplay for other cards than Prism2 ?

Yep, once I get a hold on the aforementioned cards I'll try to see which ones can be used for WEP packets re-injection. Could take a few weeks though, if not months.

sylvain · 08-12-2004

that will be a good idea to add aironet as cisco cards are often used by professional auditors...

devine · 08-12-2004

Quote:

Originally Posted by devine

Sure, actually that's what I'm doing right now

Ok, I've just finished implementing KoreK's attacks into the development version of aircrack. The preliminary results are very good - I've been able to crack in less than one minute a 104-bit WEP key with as few as 800k unique IVs; the previous version of aircrack fails with so few IVs.

sylvain · 08-13-2004

can you send me the development version ?

en fait on va pouvoir le faire en français aussi ;-)

devine · 08-13-2004

Quote:

Originally Posted by sylvain

can you send me the development version ?

en fait on va pouvoir le faire en français aussi ;-)

I'd rather stick with english, as most people here don't speak french ;-)

You can download a patch that implements the KoreK attacks at [deleted]

The results I have so far are astounding; if lucky, aircrack can now recover a 104-bit WEP key with only 500k IVs in about 5 minutes. With 1M IVs the key is found almost instantly

. This is a huge improvement from the standard FMS attack, and it leaves other tools such as airsnort dead in the water

post-edit: patch no longer present on the web server so removed the url.

07-29-2004	#1 (permalink)
devine Emergence Join Date: Jul 2004 Location: Paris Posts: 389	(Aircrack)Yet another WEP cracking tool for Linux Hey folks, I'm glad to announce the first release of aircrack - a program similar to David Hulton's dwepcrack and TopoLB's weplab. The source can be downloaded at http://www.cr0.net:8040/code/network/ - any feedback will be greatly appreciated. -- Christophe Last edited by devine : 07-30-2004 at 04:03 AM.

08-12-2004	#6 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	do you know if your tool is compliant with aironet cisco card ? it seems to the case..one great thing that weplab can not do is to select the bssid of the network !! Last edited by sylvain : 08-12-2004 at 07:58 AM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-11-2004	#3 (permalink)
kleptophobiac Registered Member Join Date: Sep 2002 Posts: 310	generates more traffic on the network.... I'll have to check that one out!

08-11-2004	#4 (permalink)
KoreK Banned in DC Join Date: Jul 2004 Posts: 102	Devine, check out my post (the one with the little demo) in the Mac OS section. You might find it interesting

08-12-2004	#10 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	you are right aircrack is working with pcap file generated with kismet/aironet do you plan to develop aireplay for other cards than Prism2 ?

08-12-2004	#12 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	that will be a good idea to add aironet as cisco cards are often used by professional auditors...

08-13-2004	#14 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	can you send me the development version ? en fait on va pouvoir le faire en français aussi ;-)