Dreaming Linux, Use free software Save the World....
Tuesday, 17 June 2008
How to Aircrack-ng 0.9.3 / 1.0 RC1
Aircrack-ng is a set of tools for auditing wireless networks
· airodump: 802.11 packet capture program · aireplay: 802.11 packet injection program · aircrack: static WEP and WPA-PSK key cracker · airdecap: decrypts WEP/WPA capture files
Aircrack-ng is the next generation of aircrack with lots of new features.
How do I crack a static WEP key ?
The basic idea is to capture as much encrypted traffic as possible using airodump.Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack on the resulting capture file. aircrack will then perform a set of statistical attacks developped by a talented hackernamed KoreK.
How do I know my WEP key is correct ?
There are two authentication modes for WEP:
Open-System Authentication: this is the default mode. All clients are accepted by the AP,and the key is never checked: association is always granted. However if your key is incorrectyou won't be able to receive or send packets (because decryption will fail), so DHCP,ping etc will timeout.
Shared-Key Authentication: the client has to encrypt a challenge before association is granted by the AP. This mode is flawed and leads to keystream recovery, so it's never enabled by default.
In summary, just because you seem to have successfully connected to the access point doesn't mean your WEP key is correct ! To check your WEP key, try to decrypt a capture file with the airdecap program.
How many IVs are required to crack WEP ?
WEP cracking is not an exact science. The number of required IVs depends on the WEP key length, and it also depends on your luck. Usually, 40-bit WEP can be cracked with 300.000 IVs,and 104-bit WEP can be cracked with 1.000.000 IVs; if you're out of luck you may need two million IVs, or more.
There's no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, airodump can not report the WEP key length. Thus, it is recommended to run aircrack twice: when you have 250.000 IVs, start aircrack with "-n 64" to crack 40-bit WEP. Then if the key isn't found, restart aircrack (without the -n option) to crack 104-bit WEP.
What's New in 0.9.3 Stable Release:
· This release fixes endianness issues in airodump-ng and aireplay-ng. · There are several small bugfixes. · The rtl8187 patch has been updated.