MacOS and aircrack & aireplay

MacOS and aircrack & aireplay

Postby ddwyer50 » Thu Mar 24, 2005 5:08 pm

Hello All,

I have been doing some research into wireless sniffing and packet analysis. I have a 12" PowerBook with an AirPort Extreme card (waste). I just picked up a D-Link DWL-122, which worked like a champ on my system. I have installed KisMAC, Ethereal (with Fink), and have also come across a aircrack binary for PPC. Nice.

I can't seem to get a (precompiled) copy of aireplay or chopchop for PPC. I dowloaded the source and tried to 'make' but that didn't work. So my question is this: is there a PPC precompiled binary out there somewhere? Is it possible for me to compile it myself? If so, how?

Thanks!
ddwyer50
Mini Stumbler
 
Posts: 3
Joined: Thu Mar 24, 2005 4:45 pm

Postby Kronk » Fri Mar 25, 2005 12:14 pm

Unless we get wireless driver support, aireplay w/ chopchop won't work under MacOS X. The latest aireplay beta works well under LinuxPPC (Yellowdog Linux), so you could give that a try.

Also, give the latest alpha of KisMAC (0.2r60). It is currenly only available in source form, but here is a link to the compiled version.

http://www.macunix.net/KisMAC_Alpha/

It has the same functionality as Aircrack 2.1 plus you only need a single Prism2 device to perform reinjection attacks. Since the original Aircrack code made it into this version of KisMAC, adding chopchop should be easy as well.
Kronk
Mini Stumbler
 
Posts: 13
Joined: Tue Jul 06, 2004 11:44 am

Postby ddwyer50 » Fri Mar 25, 2005 7:09 pm

Thanks for the info. The new version looks good.

I am trying to "Reinject Packets" on my network. My understanding is that when I reinject, more IV's will be found and the capture of this will crack the key more easily. I have set up a random WEP Key and am curious how long it takes KisMAC (or any other software) to crack it. When I click on Reinject Packets in Kismac, it says "Waiting for interesting Packets." How many interesting packets am I waiting on? This is the fastest way to generate IV's?

Thanks
ddwyer50
Mini Stumbler
 
Posts: 3
Joined: Thu Mar 24, 2005 4:45 pm

Postby ddwyer50 » Fri Mar 25, 2005 8:46 pm

Thanks for the info. The new version looks cool.

I am wondering though...Lets say I fire up Kismac, and it starts scanning. I find a couple of networks. Great. Now, I decide to double click on my network, to get more detailed info about it.

From here, I can see packet being logged. The "Unique IV's" start counting. However, the "Inj. Packets" stays at zero. I click "Deauthenticate" and then "Inj. Packets" starts to go up. Is this packet injection? I didn't think Deauthenticate would affect Injected Packets.

Then I click Inject. What I thought was that when I did this, the "Unique IV's" would start accumulating at a much higher rate, due to the packet injection. This does not happen. In fact, I get no indication that the packet injection is even happening. Can I verify this? Isn't injection supposed to make Unique IV's climb at a faster rate? I have looked into Kismac's documentation, but it's a little sketchy.

Thanks!
ddwyer50
Mini Stumbler
 
Posts: 3
Joined: Thu Mar 24, 2005 4:45 pm

Postby Kronk » Sat Mar 26, 2005 4:18 am

The current packet injection in KisMAC is based on ARP replay. The injectable packets correspond to possible ARP packets, based on the size of the packet. When an AP client reauthenticates, an ARP packet is generated during the IP address assignment process, usually DHCP.

On most APs, especially those with Windows clients, you shouldn't have to deauthenticate. I usually see a dozen or so injectable packets within a few minutes. Not all APs are susceptable to this attack and what you are seeing may mean the AP is not susceptable to a replay attack or you haven't captured the right injectable packets. You just have to test it. KisMAC may also still have some bugs, so you may need to quit and restart it a few times during the process.

In my tests, once I had the right injectable packet the Unique IVs climbed at a tremendous rate. I had enough packets to crack the WEP key in about 15 minutes.

The susceptability to ARP replay attacks is exactly why chopchop is used. You use this tool to brute force crack a single packet, get the IP and data information and forge your own injectable packet.
Kronk
Mini Stumbler
 
Posts: 13
Joined: Tue Jul 06, 2004 11:44 am

Postby ddwyer50 » Sat Mar 26, 2005 7:37 am

Kronk, you are the man.

I partitioned my PowerBook last night and am going to install Linux on it today (Ubuntu or YellowDog I think) so I can use more wireless tools.

Thanks.
ddwyer50
Mini Stumbler
 
Posts: 3
Joined: Thu Mar 24, 2005 4:45 pm

About injection

Postby catherineburlow » Mon Mar 28, 2005 11:52 am

Sorry I'm only an advanced macosx user but I'm still unable to use an entire linux system.... Just a question since I cannot use another thing than kismac. Do yu mean it i posible to reinject packets with only an apple airprt card. Are you sure you don't use airport+pmcia???

Just wanting to try to inject packets to see if I'm able to crack the wep. Eager to do it.

Special kisses from barcelona city
Catherine
catherineburlow
Mini Stumbler
 
Posts: 4
Joined: Mon Jul 12, 2004 5:48 am

Postby Dutch » Mon Mar 28, 2005 12:22 pm

catherineburlow wrote:Special kisses from barcelona city
Catherine


I've experienced and know what French Kissing is, but Spanish Kissing ? Using the tongue on a bull ? ;)

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby Barry » Mon Mar 28, 2005 2:59 pm

[quote="Dutch"]I've experienced and know what French Kissing is, but Spanish Kissing ? Using the tongue on a bull ? ]


Hey, hey! I've seen what happens to the bull. No Spanish kisses for me!! :eek:
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

Postby Dutch » Mon Mar 28, 2005 3:07 pm

Barry wrote:Hey, hey! I've seen what happens to the bull. No Spanish kisses for me!! :eek:

I once went to Spain on vacation, and actually ate at a very good restaurant just next to a bullfighting arena.
They served a very good dish, called "Cojones Del Toro" or something like that. Two big and very tender pieces of meat, in an absolutely fabulous sauce.
The second time I went to that restaurant, and ordered the same meal, I was severely disappointed though. The pieces of meat were only a quarter size compared to the first time.

When I complained, the waiter just looked and me and said : "Senor, the bull doesn't allways loose..."

:D

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby 3dafx » Mon Mar 28, 2005 4:36 pm

Dutch wrote:I once went to Spain on vacation, and actually ate at a very good restaurant just next to a bullfighting arena.
They served a very good dish, called "Cojones Del Toro" or something like that. Two big and very tender pieces of meat, in an absolutely fabulous sauce.
The second time I went to that restaurant, and ordered the same meal, I was severely disappointed though. The pieces of meat were only a quarter size compared to the first time.

When I complained, the waiter just looked and me and said : "Senor, the bull doesn't allways loose..."

:D

Dutch



That just spoiled my microwave dinner.
3dafx
Mini Stumbler
 
Posts: 19
Joined: Tue Apr 16, 2002 5:39 am

Postby Tullebukk » Mon Apr 04, 2005 7:02 am

I now why we can`t use airplay on a mac. but dose anybody have a version of aircrack, the program to break the wep key for os X. you dont need a driver to run that.
Tullebukk
Mini Stumbler
 
Posts: 1
Joined: Mon Apr 04, 2005 2:54 am

Postby streaker69 » Mon Apr 04, 2005 7:13 am

Tullebukk wrote:I now why we can`t use airplay on a mac. but dose anybody have a version of aircrack, the program to break the wep key for os X. you dont need a driver to run that.


Working on a school project for cracking WEP?
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby Dutch » Mon Apr 04, 2005 7:17 am

streaker69 wrote:Working on a school project for cracking WEP?

Damn you.. Fifth keyboard this week. You are doing it on purpose *sigh*

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark


Return to Mac OS

Who is online

Users browsing this forum: No registered users and 1 guest

cron