(Aircrack)Yet another WEP cracking tool for Linux

(Aircrack)Yet another WEP cracking tool for Linux

Postby devine » Thu Jul 29, 2004 10:16 am

Hey folks,

I'm glad to announce the first release of aircrack - a program similar to David Hulton's dwepcrack and TopoLB's weplab.

The source can be downloaded at http://www.cr0.net:8040/code/network/ - any feedback will be greatly appreciated.

-- Christophe
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

aircrack 1.1 released

Postby devine » Wed Aug 11, 2004 6:10 am

From the freshmeat announcement -


This release adds multi-processor support, improves the fudge calculation algorithm, and fixes a major bug in the BSSID check code. It also introduces a new tool (aireplay) that can be used to generate traffic on a WEP-encrypted wireless LAN without knowing the key, thereby reducing the amount of time needed to gather a sufficient number of encrypted data packets.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby kleptophobiac » Wed Aug 11, 2004 3:52 pm

generates more traffic on the network.... I'll have to check that one out!
kleptophobiac
Mini Stumbler
 
Posts: 310
Joined: Sun Sep 01, 2002 8:32 am

Postby KoreK » Wed Aug 11, 2004 6:03 pm

Devine, check out my post (the one with the little demo) in the Mac OS section. You might find it interesting :cool:
User avatar
KoreK
 
Posts: 102
Joined: Wed Jul 21, 2004 5:25 pm

Postby devine » Thu Aug 12, 2004 2:03 am

KoreK wrote:Devine, check out my post (the one with the little demo) in the Mac OS section. You might find it interesting :cool:


Indeed! The new attacks you've developped look awesome, and I'm generating some stats right now for each keybyte of different keys in order to see what may be the best attack strategy. This could lead to a very fast WEP cracking tool. :p
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby sylvain » Thu Aug 12, 2004 6:36 am

do you know if your tool is compliant with aironet cisco card ?

it seems to the case..one great thing that weplab can not do is to select the bssid of the network !!
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby sylvain » Thu Aug 12, 2004 6:37 am

devine wrote:Indeed! The new attacks you've developped look awesome, and I'm generating some stats right now for each keybyte of different keys in order to see what may be the best attack strategy. This could lead to a very fast WEP cracking tool. :p



do you plan to develop this WEP cracking tool ;)
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby devine » Thu Aug 12, 2004 6:53 am

sylvain wrote:do you know if your tool is compliant with aironet cisco card ?


airodump should be compatible with any wireless card that can be put in Monitor mode. At the moment it has only been tested with Prism2 cards, but I intend to borrow some Orinoco/Aironet/PrismGT/Atheros cards to make sure it works ok with those chipsets.

AFAIK aircrack works with any 802.11 pcap file.

aireplay is, at the moment, only compatible with Prism2 cards using the patched HostAP driver.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby devine » Thu Aug 12, 2004 6:53 am

[quote="sylvain"]do you plan to develop this WEP cracking tool ]

Sure, actually that's what I'm doing right now :)
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby sylvain » Thu Aug 12, 2004 7:01 am

you are right aircrack is working with pcap file generated with kismet/aironet

do you plan to develop aireplay for other cards than Prism2 ?
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby devine » Thu Aug 12, 2004 7:23 am

sylvain wrote:you are right aircrack is working with pcap file generated with kismet/aironet

do you plan to develop aireplay for other cards than Prism2 ?


Yep, once I get a hold on the aforementioned cards I'll try to see which ones can be used for WEP packets re-injection. Could take a few weeks though, if not months.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby sylvain » Thu Aug 12, 2004 7:29 am

that will be a good idea to add aironet as cisco cards are often used by professional auditors...
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby devine » Thu Aug 12, 2004 12:56 pm

devine wrote:Sure, actually that's what I'm doing right now :)


Ok, I've just finished implementing KoreK's attacks into the development version of aircrack. The preliminary results are very good - I've been able to crack in less than one minute a 104-bit WEP key with as few as 800k unique IVs; the previous version of aircrack fails with so few IVs.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby sylvain » Thu Aug 12, 2004 11:41 pm

can you send me the development version ?

en fait on va pouvoir le faire en français aussi ;-)
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby devine » Fri Aug 13, 2004 1:37 am

[quote="sylvain"]can you send me the development version ?

en fait on va pouvoir le faire en français aussi ]

I'd rather stick with english, as most people here don't speak french ;-)

You can download a patch that implements the KoreK attacks at [deleted]

The results I have so far are astounding; if lucky, aircrack can now recover a 104-bit WEP key with only 500k IVs in about 5 minutes. With 1M IVs the key is found almost instantly :cool:. This is a huge improvement from the standard FMS attack, and it leaves other tools such as airsnort dead in the water :p

post-edit: patch no longer present on the web server so removed the url.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Next

Return to Unix/Linux

Who is online

Users browsing this forum: No registered users and 2 guests