(Aircrack)Yet another WEP cracking tool for Linux - Page 15

msure · 11-12-2004

Hi all.A question,is there any way if having wep to find thepassphrase ?

madjerk · 11-13-2004

Hi,

I'm running airodump/aircrack on an orinoco oem without problems, really good work

But I have problems with a prism based pci card. I'm using the hostap driver version 0.2.4. When I start airodump, I just get the status bar (essid etc.) but nothing else. The cursor runs from left to right, that's all. I have to terminate airodump with ctrl+c. Then I get a segmentation fault.
I set the monitor mode as follows:
iwconfig wlan0 mode Monitor channel 9
iwpriv wlan0 monitor_type 1

Capturing with kismet works fine. So I don't think the driver or the firmware is the reason. Any ideas?

Thanks in advance.
madjerk

Basilisk · 11-15-2004

I've been testing various WEP cracking tools -- set up an AP and a few laptops to move traffic while one sniffs. I've seen excellent results from wepcrack -- cracks a 64-bit WEP key in under a second -- with or without a word list. Aircrack seems much slower -- takes 10 minutes or more (this is all using over a packetfile of over 10k packets).

Is anyone familiar enough with the these two to understand why wepcrack seems so much faster?

Haven't been able to get wepattack to work poperly to see how it compares.

devine · 11-15-2004

Aircrack seems much slower -- takes 10 minutes or more (this is all using over a packetfile of over 10k packets).

You can't crack WEP using a statistical attack with so few packets. For 64-bit WEP you'll need around 100k IVs. Otherwise you're doing it by brute force.

_watcher · 11-22-2004

Hey Devine. Just wanted to tell you again that I think your program is amazing. I was able to get a key in a matter of 30 minutes or so. (The guy was moving tons of traffic through the network.)

My question for you though is... packet injecting. I've been testing this out but can't seem to get any IV's to generate from using this. Maybe i'm just not using it correctly. What is a good packet injecting program for linux? Packit is pretty cool, that's what i've been using.

What kind of packet do you have to inject to generate iv's? I've tried ARP and TCP. Bah, help me out man!

_watcher · 12-03-2004

Hey Devine. When is the next aircrack expected to be out? Also, do you plan on making a version of aireplay compatible with the wlan drivers?

-w

devine · 12-03-2004

When is the next aircrack expected to be out?

I can't give a precise release date. Hopefully before 2006.

oLie · 12-06-2004

hello,

i'm using aircrack for windows (ver2.1) and i want to know if aircrack can find a 128bits WEP key ?

because all i see about aircrack is it can crack a 40bits / 102 (or maybe104) wep key !

Thx

oLie - Paris

madjerk · 12-08-2004

Hi,

104 bit shared key + 24 bit iv = 128 bit wep key.
Therefore 128 bit actually means 104 bit.

madjerk

oLie · 12-08-2004

'lo,

thx for the answer.

it was a bit stupid to ask you with this question because first: if i had read the read-me file, the answer of me Q were in it

And two because the day of my Q, i've try it on my AP (128bits) and he find the key after 7sec of search and 2hours of capture (1000000 IVs, imagine i was downloading a 1Go file from pc-to-pc in my lan !! lol)

anyway, thx

Ricochet25x · 12-10-2004

I'm trying to get Aircrack to get me a WEP but am clueless as to where to begin? Please help. Thanks in advance.

itsnotme · 12-11-2004

May I suggest you use google.com or the search button up there.

Either one will give you veritable results.

(there! I've used my word of the day!

)

Deftronic · 12-22-2004

Using airodump the normal way. Not creating traffic and no packet injection. As software using Slackware 10.1 and not patched hostap drivers. As hardware Senao prism 2.5 with two pigtails.

The setup gave me in the first hour 64975 IVs with around 200k of packets. Two days later I'm around the 1000k of packets and still 64975 IVs. Is this normal. Can anyone tell me what the prob could be?

renderman · 12-22-2004

Just trying to crack a test setup here at the office.

AP is a WRT54G, latest firmware, and a client was a Linksys Wireless B webcam, also latest firmware (lotsa traffic)

Setup for 128 Bit WEP, Captured varying amounts of packets and ran the crack.

2 Interesting things I noticed:

1. When Airodump is collecting packets, it says that the packets it is collecting are WPA encoded (I am sure they are WEP only)

2. 100K, 250K, 600K packets: No amount seems to get past the 12th KB in the crack. (I know it's not an exact science)

I'm curious if anyone else has noticed this, or if the newer firmwares are doing something tricky.

devine · 12-22-2004

1. When Airodump is collecting packets, it says that the packets it is collecting are WPA encoded (I am sure they are WEP only)

Yeah. known bug.

2. 100K, 250K, 600K packets: No amount seems to get past the 12th KB in the crack. (I know it's not an exact science)

128 bit WEP = 3 bytes IV + 13 bytes key. Aircrack actually computes votes for the 13th keybyte but the info disappears just after being printed.

Deftronic: it is normal, you're capturing beacons (unencrypted frames sent by the AP to make itself known).

11-12-2004	#211 (permalink)
msure Registered Member Join Date: Sep 2004 Posts: 1	Hi all.A question,is there any way if having wep to find thepassphrase ? Last edited by msure : 11-13-2004 at 07:11 PM. Reason: -

11-15-2004	#213 (permalink)
Basilisk Registered Member Join Date: Nov 2004 Posts: 1	aircrack & wepcrack I've been testing various WEP cracking tools -- set up an AP and a few laptops to move traffic while one sniffs. I've seen excellent results from wepcrack -- cracks a 64-bit WEP key in under a second -- with or without a word list. Aircrack seems much slower -- takes 10 minutes or more (this is all using over a packetfile of over 10k packets). Is anyone familiar enough with the these two to understand why wepcrack seems so much faster? Haven't been able to get wepattack to work poperly to see how it compares.

11-22-2004	#215 (permalink)
_watcher Registered Member Join Date: Oct 2004 Posts: 6	Packet Injecting. Hey Devine. Just wanted to tell you again that I think your program is amazing. I was able to get a key in a matter of 30 minutes or so. (The guy was moving tons of traffic through the network.) My question for you though is... packet injecting. I've been testing this out but can't seem to get any IV's to generate from using this. Maybe i'm just not using it correctly. What is a good packet injecting program for linux? Packit is pretty cool, that's what i've been using. What kind of packet do you have to inject to generate iv's? I've tried ARP and TCP. Bah, help me out man!

12-03-2004	#216 (permalink)
_watcher Registered Member Join Date: Oct 2004 Posts: 6	Aircrack.. New version? Hey Devine. When is the next aircrack expected to be out? Also, do you plan on making a version of aireplay compatible with the wlan drivers? -w

12-10-2004	#221 (permalink)
Ricochet25x Registered Member Join Date: Dec 2004 Posts: 1	Very Newb question (Aircrack related) I'm trying to get Aircrack to get me a WEP but am clueless as to where to begin? Please help. Thanks in advance.

11-13-2004	#212 (permalink)
madjerk Registered Member Join Date: May 2004 Posts: 5	Hi, I'm running airodump/aircrack on an orinoco oem without problems, really good work But I have problems with a prism based pci card. I'm using the hostap driver version 0.2.4. When I start airodump, I just get the status bar (essid etc.) but nothing else. The cursor runs from left to right, that's all. I have to terminate airodump with ctrl+c. Then I get a segmentation fault. I set the monitor mode as follows: iwconfig wlan0 mode Monitor channel 9 iwpriv wlan0 monitor_type 1 Capturing with kismet works fine. So I don't think the driver or the firmware is the reason. Any ideas? Thanks in advance. madjerk

11-15-2004	#214 (permalink)
devine Emergence Join Date: Jul 2004 Location: Paris Posts: 389	Aircrack seems much slower -- takes 10 minutes or more (this is all using over a packetfile of over 10k packets). You can't crack WEP using a statistical attack with so few packets. For 64-bit WEP you'll need around 100k IVs. Otherwise you're doing it by brute force.

12-03-2004	#217 (permalink)
devine Emergence Join Date: Jul 2004 Location: Paris Posts: 389	When is the next aircrack expected to be out? I can't give a precise release date. Hopefully before 2006.

12-06-2004	#218 (permalink)
oLie Registered Member Join Date: Dec 2004 Posts: 2	hello, i'm using aircrack for windows (ver2.1) and i want to know if aircrack can find a 128bits WEP key ? because all i see about aircrack is it can crack a 40bits / 102 (or maybe104) wep key ! Thx oLie - Paris

12-08-2004	#219 (permalink)
madjerk Registered Member Join Date: May 2004 Posts: 5	Hi, 104 bit shared key + 24 bit iv = 128 bit wep key. Therefore 128 bit actually means 104 bit. madjerk

12-08-2004	#220 (permalink)
oLie Registered Member Join Date: Dec 2004 Posts: 2	'lo, thx for the answer. it was a bit stupid to ask you with this question because first: if i had read the read-me file, the answer of me Q were in it And two because the day of my Q, i've try it on my AP (128bits) and he find the key after 7sec of search and 2hours of capture (1000000 IVs, imagine i was downloading a 1Go file from pc-to-pc in my lan !! lol) anyway, thx

12-11-2004	#222 (permalink)
itsnotme Dumbass checker Join Date: Sep 2002 Location: Somewhere below Lake Ontario Posts: 1,076	May I suggest you use google.com or the search button up there. Either one will give you veritable results. (there! I've used my word of the day! )

12-22-2004	#223 (permalink)
Deftronic Registered Member Join Date: Dec 2004 Posts: 1	Using airodump the normal way. Not creating traffic and no packet injection. As software using Slackware 10.1 and not patched hostap drivers. As hardware Senao prism 2.5 with two pigtails. The setup gave me in the first hour 64975 IVs with around 200k of packets. Two days later I'm around the 1000k of packets and still 64975 IVs. Is this normal. Can anyone tell me what the prob could be?

12-22-2004	#224 (permalink)
renderman Drunken Stumbler Join Date: Jun 2002 Location: Anywhere but Utah Posts: 1,803	Odd behaviour Just trying to crack a test setup here at the office. AP is a WRT54G, latest firmware, and a client was a Linksys Wireless B webcam, also latest firmware (lotsa traffic) Setup for 128 Bit WEP, Captured varying amounts of packets and ran the crack. 2 Interesting things I noticed: 1. When Airodump is collecting packets, it says that the packets it is collecting are WPA encoded (I am sure they are WEP only) 2. 100K, 250K, 600K packets: No amount seems to get past the 12th KB in the crack. (I know it's not an exact science) I'm curious if anyone else has noticed this, or if the newer firmwares are doing something tricky. __________________ Never drink anything larger than your head! Scaramental Wine Taster for the Church Of WiFi Buy our books! "I reject your reality, and substitute my own!" – Adam Savage CoWF WPA Hash Tables

12-22-2004	#225 (permalink)
devine Emergence Join Date: Jul 2004 Location: Paris Posts: 389	1. When Airodump is collecting packets, it says that the packets it is collecting are WPA encoded (I am sure they are WEP only) Yeah. known bug. 2. 100K, 250K, 600K packets: No amount seems to get past the 12th KB in the crack. (I know it's not an exact science) 128 bit WEP = 3 bytes IV + 13 bytes key. Aircrack actually computes votes for the 13th keybyte but the info disappears just after being printed. Deftronic: it is normal, you're capturing beacons (unencrypted frames sent by the AP to make itself known).

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode