(Aircrack)Yet another WEP cracking tool for Linux - Page 2

sylvain · 08-13-2004

I don't see how I can apply the patch. can you give the command for that ?

that's ok...forget my question

devine · 08-13-2004

Here's the procedure:

Quote:

wget http://www.cr0.net:8040/code/network/aircrack-1.1.tgz
wget http://www.cr0.net:8040/code/network/aircrack-1.1-korek_0.patch.gz
tar -xvzf aircrack-1.1.tgz
cd aircrack-1.1
gzip -d -c ../aircrack-1.1-korek_0.patch.gz | patch -Np1
make

firefighter99 · 08-14-2004

hi there. just been trying your tool (including the new patch) with 2 million IV's, but it didnt got cracked. all key parts did match except of the last 2 bytes. nice job though

devine · 08-14-2004

Quote:

Originally Posted by firefighter99

hi there. just been trying your tool (including the new patch) with 2 million IV's, but it didnt got cracked. all key parts did match except of the last 2 bytes. nice job though

Thanks

I just fixed a bug in my implementation of KoreK's attack #6 which prevented some false posivites from being rejected. I also improved the fudging code quite a bit. The new patch (to be applied against stock 1.1) is at [deleted]

Now that attack #6 is working, the results are even better: with 500k IVs, there's a ~60% chance the WEP key will be found; and with 1000k IVs there a ~95% probability you'll succeed in cracking the key

post-edit: patch no longer present on the web server so removed the url.

firefighter99 · 08-14-2004

Quote:

Originally Posted by devine

Thanks

I just fixed a bug in my implementation of KoreK's attack #6 which prevented some false posivites from being rejected. I also improved the fudging code quite a bit. The new patch (to be applied against stock 1.1) is at http://www.cr0.net:8040/code/network...rek_1.patch.gz

Now that attack #6 is working, the results are even better: with 500k IVs, there's a ~60% chance the WEP key will be found; and with 1000k IVs there a ~95% probability you'll succeed in cracking the key

well done. Installed your new version and with the 2 million packets -> "KEY FOUND"

PS: 1 million wasn't enough -> "no luck, sorry", now trying 1,5 million packets..... key found

devine · 08-15-2004

Quote:

Originally Posted by firefighter99

well done. Installed your new version and with the 2 million packets -> "KEY FOUND"

PS: 1 million wasn't enough -> "no luck, sorry", now trying 1,5 million packets..... key found

neat

It's true that sometimes you can have bad luck, in that case more packets or some deeper fudging is required.

KoreK · 08-16-2004

Did not feel like starting a new thread. So here comes chopper.

Like the README says, I don't plan working on it. Avoid stupid questions, like is there a windows version/it does not work.

devine · 08-16-2004

Quote:

Originally Posted by KoreK

Did not feel like starting a new thread. So here comes chopper.

Like the README says, I don't plan working on it. Avoid stupid questions, like is there a windows version/it does not work.

Thanks very much for sharing the code with us

Your work is very impressive, did you consider writing a whitepaper or something about the WEP attacks you've developed ? Especially regarding each attack stability & probability of success, and the theory behind it.

post-edit: did some more testing with wep_gen and chopper, got mindblowing results - managed to crack a 104-bit WEP key with as few as 100k IVs !! This stuff is unbelievable

kleptophobiac · 08-16-2004

I would greatly appreciate said document.

KoreK · 08-16-2004

Well it is quite long (and boring, and fastidious) to describe. I'll have a go at it, but don't bet on it.

PS:
md5sum chopper-0.1.zip
9834093acff96e05db9f23c888635abc chopper-0.1.zip

topolb · 08-17-2004

Cracking a 104-bit key with 100k IV. Amazing!

I will do my best to implement these attacks on weplab (and understand them).

Great work!

devine · 08-17-2004

Quote:

Originally Posted by topolb

Cracking a 104-bit key with 100k IV. Amazing!

I will do my best to implement these attacks on weplab (and understand them).

Great work!

Yeah

BTW, aircrack 1.2 with the full set of KoreK's attacks has just been released, grab it at http://www.cr0.net:8040/code/network/

agentgrn · 08-17-2004

Based on the example in the README, it looks like this relies on a very low number of weak IVs, which is very interesting.

Gonna try this on the engineering lab later this week.

Kronk · 08-17-2004

I patched version 1.1 yesterday with the KoreK patch posted here and was able to crack the 104 bit WEP key with the following results:

2.2 Million IVs - 13 seconds
1.2 Million IVs - 52 seconds
500K IVs - 8 seconds

Using the newest version, 1.2, released today with the same capture files I was only able to crack the WEP key using 2.2 Million IVs. All data was captured using kismet. What changed from yesterday's patch to release 1.2?

devine · 08-17-2004

Quote:

Originally Posted by Kronk

I patched version 1.1 yesterday with the KoreK patch posted here and was able to crack the 104 bit WEP key with the following results:

2.2 Million IVs - 13 seconds
1.2 Million IVs - 52 seconds
500K IVs - 8 seconds

Using the newest version, 1.2, released today with the same capture files I was only able to crack the WEP key using 2.2 Million IVs. All data was captured using kismet. What changed from yesterday's patch to release 1.2?

Mostly, new attacks were added. Could you copy&paste here the screen dump of aircrack 1.1 + 2nd korek patch and also aircrack 1.2, both ran against 500k IVs and a fudge factor of 1 (doesn't matter if it says "No luck", I'm intested in the votes it founds). If possible, enlarge your xterm so that it shows more votes.

08-13-2004	#16 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	I don't see how I can apply the patch. can you give the command for that ? that's ok...forget my question Last edited by sylvain : 08-13-2004 at 03:04 AM.

08-17-2004	#28 (permalink)
agentgrn KB1JQO - Packin' Heat Join Date: May 2002 Location: Worcester, MA Posts: 517	Looks interesting. Based on the example in the README, it looks like this relies on a very low number of weak IVs, which is very interesting. Gonna try this on the engineering lab later this week. __________________ -A.G.-

08-17-2004	#29 (permalink)
Kronk Registered Member Join Date: Jul 2004 Posts: 13	Works Great - But What Changed Since the Patch I patched version 1.1 yesterday with the KoreK patch posted here and was able to crack the 104 bit WEP key with the following results: 2.2 Million IVs - 13 seconds 1.2 Million IVs - 52 seconds 500K IVs - 8 seconds Using the newest version, 1.2, released today with the same capture files I was only able to crack the WEP key using 2.2 Million IVs. All data was captured using kismet. What changed from yesterday's patch to release 1.2?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-14-2004	#18 (permalink)
firefighter99 Registered Member Join Date: Apr 2004 Posts: 17	hi there. just been trying your tool (including the new patch) with 2 million IV's, but it didnt got cracked. all key parts did match except of the last 2 bytes. nice job though

08-16-2004	#24 (permalink)
kleptophobiac Registered Member Join Date: Sep 2002 Posts: 310	I would greatly appreciate said document.

08-16-2004	#25 (permalink)
KoreK Banned in DC Join Date: Jul 2004 Posts: 102	Well it is quite long (and boring, and fastidious) to describe. I'll have a go at it, but don't bet on it. PS: md5sum chopper-0.1.zip 9834093acff96e05db9f23c888635abc chopper-0.1.zip

08-17-2004	#26 (permalink)
topolb Registered Member Join Date: Jun 2004 Posts: 67	Cracking a 104-bit key with 100k IV. Amazing! I will do my best to implement these attacks on weplab (and understand them). Great work!