Slitaz Aircrack-ng Distribution

The “Slitaz Aircrack-ng Distribution” is the base Slitaz cooking version plus the latest Aircrack-ng SVN version, wireless drivers patched for injection and other related tools. The custom distribution is especially tuned for the Acer Aspire One netbooks but will work well on virtually all desktops, notebooks and netbooks. It is extremely small (75meg), requires minimal memory and includes a rich set of programs.

This distribution is not intended to be all things to all people. Especially with respect to patched wireless drivers. Only a limited set of patched wireless drivers are included. These are for cards which are personally owned and are known to work well. There are no plans to expand this list. If your particular card is not included then use Back Track which includes an exceedingly large number of patched drivers.

Slitaz home: http://www.slitaz.org/en/

The foundation is SliTaz which is a free micro GNU/Linux distro using BusyBox, a Linux kernel, and GNU free software. The goal of SliTaz is to have a GNU/Linux distro working in memory (RAM). Installable to a hard disk, with good support for French language web, it offers reliability, high performance and PC recycling. SliTaz boots with Syslinux and provides more than 200 Linux commands, the LightTPD web server, SQLite database, rescue tools, IRC client, SSH client/server powered by Dropbear, X window system, JWM (Joe's Window Manager), gFTP, Geany IDE, Mozilla Firefox, Alsaplayer, Gparted, a sound file editor and much more.

Summary of What Is Included:

* Aircrack-ng 1.0 rc2 r1373 including sqlite airolib-ng support
* madwifi-hal r3901 patched for injection (The new official HAL (0.10.5.6) supports AR5007EG (and AR5006EG) on 32 and 64 bit systems.)
* madwifi-ng r3850 patched for injection
* rt73 (ASPj rt73-k2wrlz-3.0.2) patched for injection
* r8187 (rtl8187_linux_26.1010 for RTL8187L) patched for injection
* Wireshark
* NMAP
* Midnight Commander
* General tools / compilers to do software development

Airdecloak-ng

Airdecloak-ng is a tool that removes wep cloaking from a pcap file. Some WIPS (actually one) actively “prevent” cracking a WEP key by inserting chaff (fake wep frames) in the air to fool aircrack-ng. In some rare cases, cloaking fails and the key can be recovered without removing this chaff. In the cases where the key cannot be recovered, use this tool to filter out chaff.

The program works by reading the input file and selecting packets from a specific network. Each selected packet is put into a list and classified (default status is “unknown”). Filters are then applied (in the order specified by the user) on this list. They will change the status of the packets (unknown, uncloaked, potentially cloaked or cloaked). The order of the filters is really important since each filter will base its analysis amongst other things on the status of the packets and different orders will give different results.

Important requirement: The pcap file needs to have all packets (including beacons and all other “useless” packets) for the analysis (and if possible, prism/radiotap headers).

Improvements to airbase-ng

Support was added for three new command line parameters:

-P : respond to all probes, even when specifying ESSIDs
-I interval : sets the beacon interval value in ms
-C seconds : enables beaconing of probed ESSID values
When using a list of ESSIDs, all ESSIDs will be broadcast with beacons. As extra ESSIDs are added, the beacon interval value is now adjusted based on the number of ESSIDs times the interval value (0x64 is default still). To support "fast" beaconing of a long list of ESSIDs, the -I parameter can be used to set a smaller interval. To get 0x64 interval for N beacons, set the -I parameter to 0x64/N. If this value goes below ~10 or so, the maximum injection rate will be reached and airbase-ng will not be able to reliable handle new clients. Since each card's injection rates are different, the -I parameters allows it to be tuned to a specific setup and injection speed based on the number of beacons.

When using one or more ESSIDs, the -P parameter causes airbase to reply to ALL probe requests. Without -P, the old behavior of ignoring probes for non-matching ESSIDs will be used.

When running in the default mode (no ESSIDs) or with the -P parameter, the -C option can be used to enable beacon broadcasting of the ESSIDs seen by the directed probes. This allows one client which is probing for a network to result in a beacon for the same network for a brief period of time (the -C parameter, which is the number of seconds to broadcast new probe requests). This works well when some clients are sending directed probes, while others listen passively for beacons. A client which does directed probes results in a beacon which wakes up the passive client and causes the passive client to joint he network as well. This is especially useful with Vista clients (which listens passively for beacons in many cases) which share the same WiFi? network as Linux/Mac OS X clients which send directed probes.

Aircrack-ng 1.0rc2

Updating is recommended, there was a lot of bug fixes and improvments and 2 new tools were added: airdecloak-ng and tkiptun-ng. On Aircrack-ng, WPA bugs should be fixed and speed was greatly improved for computers that supports SSE2. Latest version of Airgraph-ng and Airoscript were included in this release.

Important note: It does not support peek drivers.

Changelog:

aircrack-ng: Added SSE2 supports (WPA cracking speed is improved a lot) thanks to nx5.
aircrack-ng: Fixed detection of the number of CPU (especially with recent CPUs).
aircrack-ng: Fixed long lasting WPA bugs: cannot find the key with SMP computers, wasn't exiting correctly, ...
aircrack-ng: Fixed usage of a dictionnary with WEP.
aircrack-ng: Now only display ASCII WEP keys when 100% of the hex key can be converted to ASCII.
aircrack-ng: You can now specify the number of threads for cracking even if you have a non-SMP computer.
aircrack-ng: Now output an error message if using -r and it wasn't compiled with sqlite support. It was a problem on some ubuntu.
airdecloak-ng: New tool to remove wep cloaked frames from a pcap file. For more details see http://www.aircrack-ng.org/doku.php?id=airdecloak-ng
airodump-ng: Added kismet csv output support.
airodump-ng: Fixed power value display (for ath interface with a high number, more than 99).
airodump-ng: Can work on the new frequencies (allowed by frequency Chaos patch).
airodump-ng: Now display if the network has QoS enabled.
aireplay-ng: Fixed crash with too short packets (seen with zd1211).
aireplay-ng: Fixed STP usage in fragmentation attack.
aireplay-ng: Fixed bug with deauth attack.
airtun-ng: Fixed STP conversion.
airolib-ng: Added sample database in test/ directory.
tkip-tun: New tool to inject on WPA1 with QoS enabled networks. Full description: decrypt packets comming from the AP in a TKIP network, which uses QoS (ieee802.11e). It also breaks the MIC Key for sending packets towards the Client correctly encrypted and signed. Stores plaintext packet and keystream in seperate files.
airbase-ng: Several improvments ( See http://trac.aircrack-ng.org/ticket/466 ).
airbase-ng: Added compatibility with some clients. added random source IPs and MACs for cfrag attack (-N) to evade simple flood protection.
airmon-ng: Fixed some 'unary operator expected' errors.
airmon-ng: Fixed channel number setting with mac80211 drivers.
airmon-ng: Recognition of 4 new chipsets: acx1xx, at76_usb, adm8211 and AR9001U (otus).
airmon-ng: Fixed some chipset naming inconsistencies between ieee80211 and mac80211 drivers.
airmon-ng: Fixed display of "airmon-ng check".
airmon-ng: Improved mac80211 driver handling.
airdriver-ng: Fixed madwifi-ng driver download URL.
airdriver-ng: Updated openSuse information.
wesside-ng: Fixed open() with O_CREAT that needs 3 arguments.
osdep: Added TAP/TUN MTU getter.
manpages: Fixed misspelled airserv-ng manpage filename.
manpages: Added Airbase-ng, Tkiptun-ng manpages.
manpages: Updated description of all manpages.
Makefile: Fixed errors when compiling on OSX 10.5.
Makefile: Now ensure that make 3.81 or higher (mandatory) is used when compiling on OSX 10.4.
Makefile: Only install airolib-ng manpage if airolib-ng is installed.
Makefile: Added 'make check' that tests key cracking against files given in test/ directory.
general: Fixed 'evalrev' on Solaris.
general: Fixed compilation on Sun SPARC.
general: Fixed compilation on some distribution (with a recent version of gcc) due to warnings (because of not getting the return value of some functions).
general: Several compilation fixes.
patches: Updated ath5k patches
patches: Added rt2570 patch (kernel 2.6.24).
patches: Updated madwifi-ng patch for r3745.
patches: Updated mac80211 patches.
patches: Added zd1211rw patch for 2.6.26, b43/b43legacy for 2.6.26-wl.
patches: rt73, r8187 patches for fedora kernels (should work on 2.6.27).
patches: Added Defcon 16 patch (more frequencies than the usuals) for ath5k called frequency Chaos.
patches: Added injection patch for rtl8187 (mac80211).
patches: Added a universal mac80211 fragmentation and injection speed patch.
GUI (windows): Fixed: Windows GUI gives "please specify dictionnary".