NetStumbler.org Forums

Go Back   NetStumbler.org Forums > Software > Unix/Linux
Reload this Page Bugreports for the Aircrack suite, version 2.2betaX
Register Search Today's Posts Mark Forums Read

Reply
Page 2 of 8 < 1 2 34 > Last »
 
LinkBack Thread Tools Display Modes
Old 07-09-2005   #16 (permalink)
devine
Emergence
 
Join Date: Jul 2004
Location: Paris
Posts: 389
Quote:
Originally Posted by grcore
I noticed that the -3 "classic" attack now requires an associated client MAC (-h), I would not think that this is necessary, rather it should be optional.
Actually, aircrack can't just guess the MAC of a valid, associated station, because the source MAC in the ARP request often comes from a machine on the wired side. Hence the need for -h.

Quote:
Originally Posted by grcore
It seems the -1 fake association does not work an many APs, and with some it reports successful association but no ARPs are generated.
Sure, you need some traffic on the wired side so that the AP will re-transmit broadcast packets (such as arp requests).

Quote:
Originally Posted by grcore
With the -0 "deauth" function, it would be nice to be able to specify a single AP or BSSID to focus on.
That's option -a, although it doesn't disable the AP/station auto-detection.

Quote:
Originally Posted by grcore
nice work though!
Thanks!
Last edited by devine : 07-09-2005 at 12:35 PM.
devine is offline   Reply With Quote
Old 07-09-2005   #17 (permalink)
2marshall8
Registered Member
 
Join Date: Dec 2004
Posts: 14
Quote:
"Code 13 means, "Responding station does not support the specified authentication algorithm". The target AP probably requires shared-key authentication."
So you can't use this option on a wap that has encryption? What is the point then, That voids the whole purpose of this option. I must be missing something here.


Quote:
Make sure you have RTC support. Also, beta5 (to be released shortly) will have support for injection in monitor mode on hostap, perhaps it'll fix your rate problem.
I prefer using the wlanng drivers but I guess I will try the hostap when you release beta 5.
2marshall8 is offline   Reply With Quote
Old 07-09-2005   #18 (permalink)
Dutch
Humourless EuroMod.
 
Dutch's Avatar
 
Join Date: Mar 2004
Location: City of Mermaids, Denmark
Posts: 6,813
Quote:
Originally Posted by 2marshall8
So you can't use this option on a wap that has encryption? What is the point then, That voids the whole purpose of this option. I must be missing something here.
Yes you can, no it doesn't, and yes you are.

Read up on Open, and Shared key authentication in the 802.11 specs. You can run encryption with either Open authentication (which is the more secure of the two), Shared key authentication, and on most AP's with automatic Open or Shared key authentication.
The authentication procedure is seperate from the encryption procedure.

Dutch
__________________
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
Dutch is offline   Reply With Quote
Old 07-09-2005   #19 (permalink)
grcore
Member at large
 
grcore's Avatar
 
Join Date: Aug 2004
Posts: 121
I have tried beta5 with the hostap drivers with a smc2532w-b card. It's working pretty good, the IV rate I can get is much higher some of the time. Other times the IV rate is back to 100/sec (typically against some 802.11G APs). With my 802.11B AP the IVs fly.

With the fake association, is it supposed to reset every 30 seconds no matter what? Once association is successful, retries interrupt IV generation until another successful association. After a successful fake association, I stop it with
ctrl-c and IV generation continues without interruption. (this is without any other clients associated).

Aircrack now uses bruteforce on the last two keybytes, and in my experience this slows the process down, perhaps make this optional? Or add an option to bruteforce specific keybyte(s) (such as the first only, or 2&3 etc).

I also get the occasional error during aireplay:
open(/dev/rtc) failed: Device or resource busy
And the occasional segfault during aircrack.
thanks

g
Last edited by grcore : 07-10-2005 at 04:17 AM.
grcore is offline   Reply With Quote
Old 07-10-2005   #20 (permalink)
devine
Emergence
 
Join Date: Jul 2004
Location: Paris
Posts: 389
Quote:
Originally Posted by grcore
With the fake association, is it supposed to reset every 30 seconds no matter what? Once association is successful, retries interrupt IV generation until another successful association. After a successful fake association, I stop it with ctrl-c and IV generation continues without interruption. (this is without any other clients associated).
Ok, I guess I'll just disable the timeout and not reassociate every 30s.

Quote:
Originally Posted by grcore
Aircrack now uses bruteforce on the last two keybytes, and in my experience this slows the process down, perhaps make this optional? Or add an option to bruteforce specific keybyte(s) (such as the first only, or 2&3 etc).
This is a n-ary tree search, so fast bruteforcing can only be done efficiently on the last 1 or 2 keybytes (note that the votes depend on the last chosen keybytes, so you can't just bruteforce, for example, keybyte 0 -- thus the whole fudge factor thingy). You can disable bruteforcing with -x, but in my experience bruteforcing the last keybytes leads to higher success rates.

Quote:
Originally Posted by grcore
I also get the occasional error during aireplay: open(/dev/rtc) failed: Device or resource busy
This is probably not a major problem, attacks 0 and 1 don't require rtc anyway.

Quote:
Originally Posted by grcore
And the occasional segfault during aircrack.
Some people reported it, but I couldn't reproduce :/. Could you start:

gdb --args ./aircrack [options] my_dump.cap

Then type run, and when it segfaults type "where". Also have a look at variables and such.

Thanks!

-- Christophe
devine is offline   Reply With Quote
Old 07-10-2005   #21 (permalink)
kimbell
Registered Member
 
Join Date: Jan 2005
Posts: 38
I have been testing aircrack beta 4 and 5 with a nl-2511 and a wg511 on linux kernel 2.6.11. I find when starting airodump and aireplay -1 with my nl-2511 card it will never associate and I get "fwrite failed, no such file or directory". This only happens when I try the association attack and it happens if I start aireplay 1st then airodump or viceversa. Also, the wg511 with the same command will associate and the fwrite error is never seen. Not sure if this is a known issue or not. The nl-2511 now does the same thing with hostap driver and the wlanng driver.
__________________
kimbell is offline   Reply With Quote
Old 07-10-2005   #22 (permalink)
grcore
Member at large
 
grcore's Avatar
 
Join Date: Aug 2004
Posts: 121
Quote:
Originally Posted by devine
Ok, I guess I'll just disable the timeout and not reassociate every 30s.
Maybe just add an option for reassociate timeout value from the command line.
Quote:
Originally Posted by devine
Some people reported it, but I couldn't reproduce :/. Could you start:

gdb --args ./aircrack [options] my_dump.cap

Then type run, and when it segfaults type "where". Also have a look at variables and such. Thanks!
-- Christophe
Code:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218036816 (LWP 5171)]
0x0804a45d in ?? ()
(gdb) where
#0  0x0804a45d in ?? ()
#1  0xb7664008 in ?? ()
#2  0x0000000f in ?? ()
#3  0x0000006a in ?? ()
#4  0x0003129f in ?? ()
#5  0x0f000000 in ?? ()
#6  0x365757de in ?? ()
#7  0x0001004a in ?? ()
#8  0x0000000c in ?? ()
(gdb)
Another one
Code:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218434128 (LWP 5320)]
0x0804a380 in ?? ()
(gdb) where
#0  0x0804a380 in ?? ()
#1  0xb7603008 in ?? ()
#2  0x0000000f in ?? ()
#3  0x0000007f in ?? ()
#4  0x000937f6 in ?? ()
#5  0x0f000000 in ?? ()
#6  0x5e7272a3 in ?? ()
(gdb)
Last edited by grcore : 07-10-2005 at 12:45 PM.
grcore is offline   Reply With Quote
Old 07-10-2005   #23 (permalink)
Dutch
Humourless EuroMod.
 
Dutch's Avatar
 
Join Date: Mar 2004
Location: City of Mermaids, Denmark
Posts: 6,813
Quote:
Originally Posted by grcore
Code:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218036816 (LWP 5171)]
0x0804a45d in ?? ()
(gdb) where
#0  0x0804a45d in ?? ()
#1  0xb7664008 in ?? ()
#2  0x0000000f in ?? ()
#3  0x0000006a in ?? ()
#4  0x0003129f in ?? ()
#5  0x0f000000 in ?? ()
#6  0x365757de in ?? ()
#7  0x0001004a in ?? ()
#8  0x0000000c in ?? ()
(gdb)
I don't think that will be very helpfull.. Did you install aircrack via make install ? If that is the case, you have stripped the debugging info available.

Change to the directory where you have compiled the beta source, then enter the gdb command as devine listed it, and try again.
That should give a more informative gdb output.

Dutch
__________________
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
Dutch is offline   Reply With Quote
Old 07-10-2005   #24 (permalink)
devine
Emergence
 
Join Date: Jul 2004
Location: Paris
Posts: 389
Quote:
Originally Posted by Dutch
I don't think that will be very helpfull.. Did you install aircrack via make install ? If that is the case, you have stripped the debugging info available.
My bad, I removed the -g option from the Makefile in beta5. grcore, could you recompile aircrack with this option ? (change "CFLAGS = -s -W -Wall -O2" to "CFLAGS = -g -W -Wall -O2" in the Makefile).
devine is offline   Reply With Quote
Old 07-10-2005   #25 (permalink)
Dutch
Humourless EuroMod.
 
Dutch's Avatar
 
Join Date: Mar 2004
Location: City of Mermaids, Denmark
Posts: 6,813
Quote:
Originally Posted by devine
My bad, I removed the -g option from the Makefile in beta5. grcore, could you recompile aircrack with this option ? (change "CFLAGS = -s -W -Wall -O2" to "CFLAGS = -g -W -Wall -O2" in the Makefile).
/Slaps devine over the fingers with a wooden ruler, and makes him write 100 times on the blackboard: "I shall not remove debugging support from public betas."

Dutch
__________________
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
Dutch is offline   Reply With Quote
Old 07-10-2005   #26 (permalink)
devine
Emergence
 
Join Date: Jul 2004
Location: Paris
Posts: 389
Quote:
Originally Posted by Dutch
/Slaps devine over the fingers with a wooden ruler, and makes him write 100 times on the blackboard: "I shall not remove debugging support from public betas."
Yea, I know I shouldn't have released that beta while being drunk.
devine is offline   Reply With Quote
Old 07-10-2005   #27 (permalink)
grcore
Member at large
 
grcore's Avatar
 
Join Date: Aug 2004
Posts: 121
Quote:
Originally Posted by Dutch
I don't think that will be very helpfull.. Did you install aircrack via make install ? If that is the case, you have stripped the debugging info available.

Change to the directory where you have compiled the beta source, then enter the gdb command as devine listed it, and try again.
That should give a more informative gdb output.

Dutch
I ran gdb from the directory aircrack was compiled in, and I get similar results.

(Im not a programmer, so I dont know what gdb is, just trying to help).

g
grcore is offline   Reply With Quote
Old 07-10-2005   #28 (permalink)
Dutch
Humourless EuroMod.
 
Dutch's Avatar
 
Join Date: Mar 2004
Location: City of Mermaids, Denmark
Posts: 6,813
Quote:
Originally Posted by grcore
I ran gdb from the directory aircrack was compiled in, and I get similar results.

(Im not a programmer, so I dont know what gdb is, just trying to help).

g
See devines post above.. He had removed the gcc switch that enables debugging information in the compiled executable. Follow his instructions then run gdb as you did before.

(gcc = Gnu C Compiler, gdb = Gnu DeBugger)

Dutch
__________________
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
Dutch is offline   Reply With Quote
Old 07-10-2005   #29 (permalink)
grcore
Member at large
 
grcore's Avatar
 
Join Date: Aug 2004
Posts: 121
Code:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218036816 (LWP 5774)]
crack_wep_thread (arg=0x0) at linux/aircrack.c:923
923                 o1 = wep.ivbuf[xv + 3] ^ 0xAA; io1 = Si[o1]; S1 = S[1];
(gdb) where
#0  crack_wep_thread (arg=0x0) at linux/aircrack.c:923
#1  0xb7fccb3c in start_thread () from /lib/tls/libpthread.so.0
#2  0xb7f6793a in clone () from /lib/tls/libc.so.6
(gdb)
I missed devine's other instructions, thanks for pointing that out..

g
grcore is offline   Reply With Quote
Old 07-10-2005   #30 (permalink)
devine
Emergence
 
Join Date: Jul 2004
Location: Paris
Posts: 389
[quote=grcore]
Code:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218036816 (LWP 5774)]
crack_wep_thread (arg=0x0) at linux/aircrack.c:923
923                 o1 = wep.ivbuf[xv + 3] ^ 0xAA; io1 = Si[o1]; S1 = S[1];
(gdb) where
#0  crack_wep_thread (arg=0x0) at linux/aircrack.c:923
#1  0xb7fccb3c in start_thread () from /lib/tls/libpthread.so.0
#2  0xb7f6793a in clone () from /lib/tls/libc.so.6
(gdb)
Ok, something wrong is happening with the global IV buffer. Can this segfault be reproduced in a deterministic manner ? If so, could you send me your pcap input files.
devine is offline   Reply With Quote
Reply
Page 2 of 8 < 1 2 34 > Last »

« Aircrack Site Down? | Aircrack Aircrack Aircrack Aircrack Aircrack »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Google
 
Web NetStumbler.org

All times are GMT -7. The time now is 03:32 PM.

Contact Us - NetStumbler.org - NetStumbler.com - Online Backup - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0 ©2007, Crawlability, Inc.


All messages express the views of the author and are for entertainment purposes only. Netstumbler.org cannot be held responsible for the authenticity of the content or the actions of its members. By using this site and its services, you warrant that you will not post any messages that are discriminating, obscene, hateful, threatening, or otherwise violates any laws and you release Netstumbler.org from any future claims of any kind whatsoever including, but not limited to, addiction and loss of productivity. All forum messages, private messages and any other content are properties of Netstumbler.org. Even if publicly available, personal or copyrighted information are not to be posted without the consent of the owner. Distribution of licensed and copyrighted materials in any way not endorsed by the copyright owner is strictly prohibited. You may not use this site and its resources to spam other sites or individuals or perform any action that violates any law. Items sold or bought in the For Sale forum are sold as is and no warranty or insurance of any kind is provided. Netstumbler.org cannot be held responsible for the outcome of any transactions and no warranty of any kind is provided, either express or implied. Vulgar words are not allowed in the subject lines ; they may be used in the message body in any forum. The Administrator, Super Moderators and Moderators of Netstumbler.org have the right to remove, edit, move or close any thread for any reason and to reveal your identity and other known information in the event of a complaint or legal action arising from any message posted by you.