(Aircrack)Yet another WEP cracking tool for Linux - Page 16

renderman · 12-22-2004

Quote:

Originally Posted by devine

1. When Airodump is collecting packets, it says that the packets it is collecting are WPA encoded (I am sure they are WEP only)

Yeah. known bug.

2. 100K, 250K, 600K packets: No amount seems to get past the 12th KB in the crack. (I know it's not an exact science)

128 bit WEP = 3 bytes IV + 13 bytes key. Aircrack actually computes votes for the 13th keybyte but the info disappears just after being printed.

Deftronic: it is normal, you're capturing beacons (unencrypted frames sent by the AP to make itself known).

Ah, OK, I'm not crazy.

Still have'nt been able to crack it, need to fiddle with the data coming across and get some better packets.

Thanks Devine

2marshall8 · 12-30-2004

I see version 2.1 on the aircrack site. Is this the final version of Aircrack being released? Has this worked out all the bugs? Devine what kind of setup do you need to increase packet generation using Aireplay? I'm planning on buying a Senao NL-2511 CD Plus EXT2 and wondered if I can use this card to Multiply packets and sniff them in order to increase IV capture? This card has the two antennas so I wasn't sure how possible that was.

thanks
marshall

baskin · 01-12-2005

Although Senao NL-2511 CD Plus EXT2 works perfect with aircrack, you will need two cards to increase packet generation from the AP. You need one card to inject ARP packets and another one to sniff. The two antennas work in diversity mode. That means that they can not be used each one for different applications.

Re@liTy · 01-30-2005

Can anyone tell me what the "PWR" column in Airodump is actually reporting??
Please don't say "PoWeR" !! Of what !?!? In what unit of measurement?
I mean *exactly* to what does the figure reported pertain??

(with some cards i get "-1" & some give "216" etc)

Thanks.

devine · 01-30-2005

Quote:

Originally Posted by Re@liTy

Can anyone tell me what the "PWR" column in Airodump is actually reporting?? Please don't say "PoWeR" !! Of what !?!? In what unit of measurement? I mean *exactly* to what does the figure reported pertain??

I have no idea. It's the signal power reported by your wireless driver. Could be anything (dB, mw, ...). Read the driver source if available, disassemble the firmware, or ask the person who wrote it.

Quote:

Originally Posted by Re@liTy

(with some cards i get "-1"

This means your wireless driver does not give out signal power information. If you use hostap, try "iwpriv wlan0 monitor_type 1" to enable the prism2 header.

warp_be · 02-07-2005

If i launch aircrack without specifying the number of bits of the key (by default 12 i think) ,
does it find it itself,
or do i have to force the number of bits before lauching aircrakc ?

sylvain · 02-07-2005

contrary to weplab, you do not have to specify the key length

seboslaw · 03-21-2005

Hey,

when I start aircrack in a console under linux with

aircrack test.cap

all I get is an empty console screen. There is no output whatsoever. Is the -q option enabled by default now? When I do a "top" I can see that aircrack is running with 99% CPU. What's wrong?

Regards,

Sebastian

_metro_ · 03-22-2005

Quote:

Originally Posted by seboslaw

when I start aircrack in a console under linux with
aircrack test.cap

all I get is an empty console screen. There is no output whatsoever. Is the -q option enabled by default now? When I do a "top" I can see that aircrack is running with 99% CPU. What's wrong?

Just add the -q 3 to see full details, or -q 2, or -q 1

renderman · 05-03-2005

Did a presentation last night showing off several wireless tools including Aircrack (the gasps at a 2 second crack were alot of fun, thanks Devine!)

Had one question that got me thinking.

The person had asked if Aircrack would shortcut and check if someone had punched in a really crappy manual key. ie. 12:34:56:78:90 or 11:11:11:11:11, etc.

Since there's no real way for the program to know to 'guess' those keys, they would take as long as normal.

Got me thinking that perhaps Aircrack 2.2 should have a switch to run against a dictionary of test keys first, before going about the brute force. Perhaps shortcutting the need for X number of IV's.

Just a thought.

streaker69 · 05-03-2005

Quote:

Originally Posted by renderman

Did a presentation last night showing off several wireless tools including Aircrack (the gasps at a 2 second crack were alot of fun, thanks Devine!)

Had one question that got me thinking.

The person had asked if Aircrack would shortcut and check if someone had punched in a really crappy manual key. ie. 12:34:56:78:90 or 11:11:11:11:11, etc.

Since there's no real way for the program to know to 'guess' those keys, they would take as long as normal.

Got me thinking that perhaps Aircrack 2.2 should have a switch to run against a dictionary of test keys first, before going about the brute force. Perhaps shortcutting the need for X number of IV's.

Just a thought.

Are you channeling newbs?

http://www.netstumbler.org/showthrea...830#post118830

CobraGT2000 · 06-18-2005

Just wonder "ddin't see it in the thread tho" but can you use aircrack, airoplay and airodump with the Prism 2.5 and 3 type cards? Thanks.

devine · 06-23-2005

Quote:

Originally Posted by renderman

Did a presentation last night showing off several wireless tools including Aircrack (the gasps at a 2 second crack were alot of fun, thanks Devine!)

You're welcome.

One a side note, I released a preliminary beta version of aircrack 2.2. It's available at http://www.cr0.net:8040/code/network/

Quote:

Originally Posted by renderman

Got me thinking that perhaps Aircrack 2.2 should have a switch to run against a dictionary of test keys first, before going about the brute force. Perhaps shortcutting the need for X number of IV's.

Sure, I'll think about it.

_metro_ · 06-24-2005

Quote:

Originally Posted by devine

One a side note, I released a preliminary beta version of aircrack 2.2. It's available at http://www.cr0.net:8040/code/network/

Excellent version!
The prompt for the target network, identification of WPA/WEP, # of IVs works great!

The WPA cracking seems to work fine, i'd made a small WPA-pcap file just for fun and then found the test/wpa.cap there. Nice touch.

Just curious abour the w32 gui that you mentioned early, there's any screenshot to peek?

Again, thks a lot for this excellent app!

devine · 06-26-2005

Quote:

Originally Posted by _metro_

Excellent version!
The prompt for the target network, identification of WPA/WEP, # of IVs works great! The WPA cracking seems to work fine, i'd made a small WPA-pcap file just for fun and then found the test/wpa.cap there. Nice touch.

Thanks! Also, the WPA cracking code is about 4 times faster than cowpatty on x86 hardware, thanks to a fine tuned SHA-1 MMX implementation. By the way, I've left a couple of easter eggs in the aircrack source code

Quote:

Originally Posted by _metro_

Just curious abour the w32 gui that you mentioned early, there's any screenshot to peek?

As of now, I haven't started hacking the Win32 code. I'm rather focusing on fully automating the attacks in aireplay, especially the ARP replay attack. The basic idea is, for each captured ARP request, to resend it and check if it generates some IVs - if not, try another ARP request, etc. This way, no user intervention at all is required.

Here's a summary of the attacks that are being implemented:

Code:

"      -0 delay  : deauthenticate all stations\n"
"      -1 essid  : fake authentication with AP\n"
"      -2        : interactive frame selection\n"
"      -3        : standard ARP-request replay\n"
"      -4        : decrypt/chopchop WEP packet\n"

About the Win32 GUI, I guess I'll just use the MFC. It should be a good compromise between portability and simplicity of the code

(And before someone asks again, there will not be a port of aireplay on Windows -- because the WildPackets driver doesn't support injection, and I don't have the time or skills to develop an Atheros/Prism2/Prism54 WDM driver).

01-30-2005	#229 (permalink)
Re@liTy Registered Member Join Date: Jul 2004 Location: Brighton - U.K. Posts: 65	Can anyone tell me what the "PWR" column in Airodump is actually reporting?? Please don't say "PoWeR" !! Of what !?!? In what unit of measurement? I mean exactly to what does the figure reported pertain?? (with some cards i get "-1" & some give "216" etc) Thanks. __________________ I started out with nothing..............and I've still got most of it left.....

02-07-2005	#231 (permalink)
warp_be Registered Member Join Date: Feb 2005 Posts: 1	Does aircrack finds itself the n bits for WEP key ? If i launch aircrack without specifying the number of bits of the key (by default 12 i think) , does it find it itself, or do i have to force the number of bits before lauching aircrakc ?

03-21-2005	#233 (permalink)
seboslaw Registered Member Join Date: Mar 2005 Posts: 3	no output in aircrack Hey, when I start aircrack in a console under linux with aircrack test.cap all I get is an empty console screen. There is no output whatsoever. Is the -q option enabled by default now? When I do a "top" I can see that aircrack is running with 99% CPU. What's wrong? Regards, Sebastian Last edited by seboslaw : 03-21-2005 at 08:45 AM.

05-03-2005	#235 (permalink)
renderman Drunken Stumbler Join Date: Jun 2002 Location: Anywhere but Utah Posts: 1,803	Crappy keys? Did a presentation last night showing off several wireless tools including Aircrack (the gasps at a 2 second crack were alot of fun, thanks Devine!) Had one question that got me thinking. The person had asked if Aircrack would shortcut and check if someone had punched in a really crappy manual key. ie. 12:34:56:78:90 or 11:11:11:11:11, etc. Since there's no real way for the program to know to 'guess' those keys, they would take as long as normal. Got me thinking that perhaps Aircrack 2.2 should have a switch to run against a dictionary of test keys first, before going about the brute force. Perhaps shortcutting the need for X number of IV's. Just a thought. __________________ Never drink anything larger than your head! Scaramental Wine Taster for the Church Of WiFi Buy our books! "I reject your reality, and substitute my own!" – Adam Savage CoWF WPA Hash Tables

06-18-2005	#237 (permalink)
CobraGT2000 Registered Member Join Date: Mar 2004 Location: KC, Mo Posts: 8	Prism Types Just wonder "ddin't see it in the thread tho" but can you use aircrack, airoplay and airodump with the Prism 2.5 and 3 type cards? Thanks.

12-30-2004	#227 (permalink)
2marshall8 Registered Member Join Date: Dec 2004 Posts: 14	I see version 2.1 on the aircrack site. Is this the final version of Aircrack being released? Has this worked out all the bugs? Devine what kind of setup do you need to increase packet generation using Aireplay? I'm planning on buying a Senao NL-2511 CD Plus EXT2 and wondered if I can use this card to Multiply packets and sniff them in order to increase IV capture? This card has the two antennas so I wasn't sure how possible that was. thanks marshall

01-12-2005	#228 (permalink)
baskin Registered Member Join Date: Oct 2004 Posts: 1	Although Senao NL-2511 CD Plus EXT2 works perfect with aircrack, you will need two cards to increase packet generation from the AP. You need one card to inject ARP packets and another one to sniff. The two antennas work in diversity mode. That means that they can not be used each one for different applications.

02-07-2005	#232 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	contrary to weplab, you do not have to specify the key length

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode