(Aircrack)Yet another WEP cracking tool for Linux

Postby devine » Wed Dec 22, 2004 12:06 pm

1. When Airodump is collecting packets, it says that the packets it is collecting are WPA encoded (I am sure they are WEP only)

Yeah. known bug.

2. 100K, 250K, 600K packets: No amount seems to get past the 12th KB in the crack. (I know it's not an exact science)

128 bit WEP = 3 bytes IV + 13 bytes key. Aircrack actually computes votes for the 13th keybyte but the info disappears just after being printed.

Deftronic: it is normal, you're capturing beacons (unencrypted frames sent by the AP to make itself known).
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby renderman » Wed Dec 22, 2004 1:37 pm

devine wrote:1. When Airodump is collecting packets, it says that the packets it is collecting are WPA encoded (I am sure they are WEP only)

Yeah. known bug.

2. 100K, 250K, 600K packets: No amount seems to get past the 12th KB in the crack. (I know it's not an exact science)

128 bit WEP = 3 bytes IV + 13 bytes key. Aircrack actually computes votes for the 13th keybyte but the info disappears just after being printed.

Deftronic: it is normal, you're capturing beacons (unencrypted frames sent by the AP to make itself known).


Ah, OK, I'm not crazy.

Still have'nt been able to crack it, need to fiddle with the data coming across and get some better packets.

Thanks Devine
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah

Postby 2marshall8 » Thu Dec 30, 2004 9:44 am

I see version 2.1 on the aircrack site. Is this the final version of Aircrack being released? Has this worked out all the bugs? Devine what kind of setup do you need to increase packet generation using Aireplay? I'm planning on buying a Senao NL-2511 CD Plus EXT2 and wondered if I can use this card to Multiply packets and sniff them in order to increase IV capture? This card has the two antennas so I wasn't sure how possible that was.

thanks
marshall
2marshall8
Mini Stumbler
 
Posts: 14
Joined: Sun Dec 19, 2004 12:30 pm

Postby baskin » Wed Jan 12, 2005 1:01 am

Although Senao NL-2511 CD Plus EXT2 works perfect with aircrack, you will need two cards to increase packet generation from the AP. You need one card to inject ARP packets and another one to sniff. The two antennas work in diversity mode. That means that they can not be used each one for different applications.
baskin
Mini Stumbler
 
Posts: 1
Joined: Thu Oct 28, 2004 11:01 am

Postby Re@liTy » Sun Jan 30, 2005 7:02 am

Can anyone tell me what the "PWR" column in Airodump is actually reporting??
Please don't say "PoWeR" !! Of what !?!? In what unit of measurement?
I mean *exactly* to what does the figure reported pertain??

(with some cards i get "-1" & some give "216" etc)

Thanks.
I started out with nothing..............and I've still got most of it left.....
User avatar
Re@liTy
Mini Stumbler
 
Posts: 65
Joined: Wed Jul 28, 2004 3:27 pm
Location: Brighton - U.K.

Postby devine » Sun Jan 30, 2005 11:58 am

Re@liTy wrote:Can anyone tell me what the "PWR" column in Airodump is actually reporting?? Please don't say "PoWeR" !! Of what !?!? In what unit of measurement? I mean *exactly* to what does the figure reported pertain??


I have no idea. It's the signal power reported by your wireless driver. Could be anything (dB, mw, ...). Read the driver source if available, disassemble the firmware, or ask the person who wrote it.

Re@liTy wrote:(with some cards i get "-1"


This means your wireless driver does not give out signal power information. If you use hostap, try "iwpriv wlan0 monitor_type 1" to enable the prism2 header.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Does aircrack finds itself the n bits for WEP key ?

Postby warp_be » Mon Feb 07, 2005 3:28 am

If i launch aircrack without specifying the number of bits of the key (by default 12 i think) ,
does it find it itself,
or do i have to force the number of bits before lauching aircrakc ?
warp_be
Mini Stumbler
 
Posts: 1
Joined: Fri Feb 04, 2005 1:38 am

Postby sylvain » Mon Feb 07, 2005 4:43 am

contrary to weplab, you do not have to specify the key length
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

no output in aircrack

Postby seboslaw » Mon Mar 21, 2005 7:11 am

Hey,

when I start aircrack in a console under linux with

aircrack test.cap

all I get is an empty console screen. There is no output whatsoever. Is the -q option enabled by default now? When I do a "top" I can see that aircrack is running with 99% CPU. What's wrong?

Regards,

Sebastian
seboslaw
Mini Stumbler
 
Posts: 3
Joined: Wed Mar 16, 2005 10:53 am

Postby _metro_ » Tue Mar 22, 2005 7:14 am

seboslaw wrote:when I start aircrack in a console under linux with
aircrack test.cap

all I get is an empty console screen. There is no output whatsoever. Is the -q option enabled by default now? When I do a "top" I can see that aircrack is running with 99% CPU. What's wrong?


Just add the -q 3 to see full details, or -q 2, or -q 1
_metro_
Mini Stumbler
 
Posts: 5
Joined: Fri Feb 04, 2005 11:19 am

Crappy keys?

Postby renderman » Tue May 03, 2005 8:29 am

Did a presentation last night showing off several wireless tools including Aircrack (the gasps at a 2 second crack were alot of fun, thanks Devine!)

Had one question that got me thinking.

The person had asked if Aircrack would shortcut and check if someone had punched in a really crappy manual key. ie. 12:34:56:78:90 or 11:11:11:11:11, etc.

Since there's no real way for the program to know to 'guess' those keys, they would take as long as normal.

Got me thinking that perhaps Aircrack 2.2 should have a switch to run against a dictionary of test keys first, before going about the brute force. Perhaps shortcutting the need for X number of IV's.

Just a thought.
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah

Postby streaker69 » Tue May 03, 2005 8:35 am

renderman wrote:Did a presentation last night showing off several wireless tools including Aircrack (the gasps at a 2 second crack were alot of fun, thanks Devine!)

Had one question that got me thinking.

The person had asked if Aircrack would shortcut and check if someone had punched in a really crappy manual key. ie. 12:34:56:78:90 or 11:11:11:11:11, etc.

Since there's no real way for the program to know to 'guess' those keys, they would take as long as normal.

Got me thinking that perhaps Aircrack 2.2 should have a switch to run against a dictionary of test keys first, before going about the brute force. Perhaps shortcutting the need for X number of IV's.

Just a thought.


Are you channeling newbs?

http://www.netstumbler.org/showthread.php?p=118830#post118830
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Prism Types

Postby CobraGT2000 » Sat Jun 18, 2005 10:49 am

Just wonder "ddin't see it in the thread tho" but can you use aircrack, airoplay and airodump with the Prism 2.5 and 3 type cards? Thanks.
CobraGT2000
Mini Stumbler
 
Posts: 8
Joined: Sun Mar 07, 2004 7:30 pm
Location: KC, Mo

Postby devine » Thu Jun 23, 2005 1:56 am

renderman wrote:Did a presentation last night showing off several wireless tools including Aircrack (the gasps at a 2 second crack were alot of fun, thanks Devine!)


You're welcome.

One a side note, I released a preliminary beta version of aircrack 2.2. It's available at http://www.cr0.net:8040/code/network/

renderman wrote:Got me thinking that perhaps Aircrack 2.2 should have a switch to run against a dictionary of test keys first, before going about the brute force. Perhaps shortcutting the need for X number of IV's.


Sure, I'll think about it.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby _metro_ » Fri Jun 24, 2005 7:11 am

devine wrote:One a side note, I released a preliminary beta version of aircrack 2.2. It's available at http://www.cr0.net:8040/code/network/


Excellent version!
The prompt for the target network, identification of WPA/WEP, # of IVs works great!

The WPA cracking seems to work fine, i'd made a small WPA-pcap file just for fun and then found the test/wpa.cap there. Nice touch.

Just curious abour the w32 gui that you mentioned early, there's any screenshot to peek?

Again, thks a lot for this excellent app!
_metro_
Mini Stumbler
 
Posts: 5
Joined: Fri Feb 04, 2005 11:19 am

PreviousNext

Return to Unix/Linux

Who is online

Users browsing this forum: No registered users and 4 guests