Page 1 of 23

(Aircrack)Yet another WEP cracking tool for Linux

PostPosted: Thu Jul 29, 2004 10:16 am
by devine
Hey folks,

I'm glad to announce the first release of aircrack - a program similar to David Hulton's dwepcrack and TopoLB's weplab.

The source can be downloaded at http://www.cr0.net:8040/code/network/ - any feedback will be greatly appreciated.

-- Christophe

aircrack 1.1 released

PostPosted: Wed Aug 11, 2004 6:10 am
by devine
From the freshmeat announcement -


This release adds multi-processor support, improves the fudge calculation algorithm, and fixes a major bug in the BSSID check code. It also introduces a new tool (aireplay) that can be used to generate traffic on a WEP-encrypted wireless LAN without knowing the key, thereby reducing the amount of time needed to gather a sufficient number of encrypted data packets.

PostPosted: Wed Aug 11, 2004 3:52 pm
by kleptophobiac
generates more traffic on the network.... I'll have to check that one out!

PostPosted: Wed Aug 11, 2004 6:03 pm
by KoreK
Devine, check out my post (the one with the little demo) in the Mac OS section. You might find it interesting :cool:

PostPosted: Thu Aug 12, 2004 2:03 am
by devine
KoreK wrote:Devine, check out my post (the one with the little demo) in the Mac OS section. You might find it interesting :cool:


Indeed! The new attacks you've developped look awesome, and I'm generating some stats right now for each keybyte of different keys in order to see what may be the best attack strategy. This could lead to a very fast WEP cracking tool. :p

PostPosted: Thu Aug 12, 2004 6:36 am
by sylvain
do you know if your tool is compliant with aironet cisco card ?

it seems to the case..one great thing that weplab can not do is to select the bssid of the network !!

PostPosted: Thu Aug 12, 2004 6:37 am
by sylvain
devine wrote:Indeed! The new attacks you've developped look awesome, and I'm generating some stats right now for each keybyte of different keys in order to see what may be the best attack strategy. This could lead to a very fast WEP cracking tool. :p



do you plan to develop this WEP cracking tool ;)

PostPosted: Thu Aug 12, 2004 6:53 am
by devine
sylvain wrote:do you know if your tool is compliant with aironet cisco card ?


airodump should be compatible with any wireless card that can be put in Monitor mode. At the moment it has only been tested with Prism2 cards, but I intend to borrow some Orinoco/Aironet/PrismGT/Atheros cards to make sure it works ok with those chipsets.

AFAIK aircrack works with any 802.11 pcap file.

aireplay is, at the moment, only compatible with Prism2 cards using the patched HostAP driver.

PostPosted: Thu Aug 12, 2004 6:53 am
by devine
[quote="sylvain"]do you plan to develop this WEP cracking tool ]

Sure, actually that's what I'm doing right now :)

PostPosted: Thu Aug 12, 2004 7:01 am
by sylvain
you are right aircrack is working with pcap file generated with kismet/aironet

do you plan to develop aireplay for other cards than Prism2 ?

PostPosted: Thu Aug 12, 2004 7:23 am
by devine
sylvain wrote:you are right aircrack is working with pcap file generated with kismet/aironet

do you plan to develop aireplay for other cards than Prism2 ?


Yep, once I get a hold on the aforementioned cards I'll try to see which ones can be used for WEP packets re-injection. Could take a few weeks though, if not months.

PostPosted: Thu Aug 12, 2004 7:29 am
by sylvain
that will be a good idea to add aironet as cisco cards are often used by professional auditors...

PostPosted: Thu Aug 12, 2004 12:56 pm
by devine
devine wrote:Sure, actually that's what I'm doing right now :)


Ok, I've just finished implementing KoreK's attacks into the development version of aircrack. The preliminary results are very good - I've been able to crack in less than one minute a 104-bit WEP key with as few as 800k unique IVs; the previous version of aircrack fails with so few IVs.

PostPosted: Thu Aug 12, 2004 11:41 pm
by sylvain
can you send me the development version ?

en fait on va pouvoir le faire en français aussi ;-)

PostPosted: Fri Aug 13, 2004 1:37 am
by devine
[quote="sylvain"]can you send me the development version ?

en fait on va pouvoir le faire en français aussi ]

I'd rather stick with english, as most people here don't speak french ;-)

You can download a patch that implements the KoreK attacks at [deleted]

The results I have so far are astounding; if lucky, aircrack can now recover a 104-bit WEP key with only 500k IVs in about 5 minutes. With 1M IVs the key is found almost instantly :cool:. This is a huge improvement from the standard FMS attack, and it leaves other tools such as airsnort dead in the water :p

post-edit: patch no longer present on the web server so removed the url.