Skip to main content

Posts

Showing posts from January 26, 2009

Airdecloak-ng

Airdecloak-ng is a tool that removes wep cloaking from a pcap file. Some WIPS (actually one) actively “prevent” cracking a WEP key by inserting chaff (fake wep frames) in the air to fool aircrack-ng. In some rare cases, cloaking fails and the key can be recovered without removing this chaff. In the cases where the key cannot be recovered, use this tool to filter out chaff. The program works by reading the input file and selecting packets from a specific network. Each selected packet is put into a list and classified (default status is “unknown”). Filters are then applied (in the order specified by the user) on this list. They will change the status of the packets (unknown, uncloaked, potentially cloaked or cloaked). The order of the filters is really important since each filter will base its analysis amongst other things on the status of the packets and different orders will give different results. Important requirement: The pcap file needs to have all packets (including beacons and al...

Improvements to airbase-ng

Support was added for three new command line parameters: -P : respond to all probes, even when specifying ESSIDs -I interval : sets the beacon interval value in ms -C seconds : enables beaconing of probed ESSID values When using a list of ESSIDs, all ESSIDs will be broadcast with beacons. As extra ESSIDs are added, the beacon interval value is now adjusted based on the number of ESSIDs times the interval value (0x64 is default still). To support "fast" beaconing of a long list of ESSIDs, the -I parameter can be used to set a smaller interval. To get 0x64 interval for N beacons, set the -I parameter to 0x64/N. If this value goes below ~10 or so, the maximum injection rate will be reached and airbase-ng will not be able to reliable handle new clients. Since each card's injection rates are different, the -I parameters allows it to be tuned to a specific setup and injection speed based on the number of beacons. When using one or more...

Aircrack-ng 1.0rc2

Updating is recommended, there was a lot of bug fixes and improvments and 2 new tools were added: airdecloak-ng and tkiptun-ng. On Aircrack-ng, WPA bugs should be fixed and speed was greatly improved for computers that supports SSE2. Latest version of Airgraph-ng and Airoscript were included in this release. Important note: It does not support peek drivers. Changelog: aircrack-ng: Added SSE2 supports (WPA cracking speed is improved a lot) thanks to nx5. aircrack-ng: Fixed detection of the number of CPU (especially with recent CPUs). aircrack-ng: Fixed long lasting WPA bugs: cannot find the key with SMP computers, wasn't exiting correctly, ... aircrack-ng: Fixed usage of a dictionnary with WEP. aircrack-ng: Now only display ASCII WEP keys when 100% of the hex key can be converted to ASCII. aircrack-ng: You can now specify the number of threads for cracking even if you have a non-SMP computer. aircrack-ng: Now output an error message if using -r and it wasn't compiled with sqlite...

MDK3

The new MDK3 uses the osdep injection library from the www.aircrack-ng.org project. The Linux-dependant includes have been removed, mdk3 compiles and runs on FreeBSD and even Windows (Cygwin). For Windows you need special drivers, a possibly illegal DLL file and the cygwin environment. Please see the aircrack-ng website for details. MDK3 has successfully been tested on the new mac80211 stack in kernel version 2.6.23 with the rt2x00 driver and a rt73usb card. If you are a Linux user, just make, make install and have fun. If you are a FreeBSD user, do the same, and report back to me, if it works correctly there. And very important, don't forget to type mdk3 instead of mdk2 now ;) MDK3 is licenced under GPLv2. Features: - Bruteforce MAC Filters - Bruteforce hidden SSIDs (some small SSID wordlists included) - Probe networks for checking if they can hear you - intelligent Authentication-DoS to freeze APs (with checking for success) - Beacon Flooding with channel hopping (can crash NetSt...

RaLink RT2570USB Enhanced Driver

RaLink RT2570USB Enhanced Driver * Prism header can be toggled via iwpriv, no automatic changes which screwed up packet captures! * MAC changing supported * Support for Fragmentation Attack Fragmentation support is now considered as stable. 1.5.0 version has some important fixes for kernel version 2.6.19 and above. For further details on the fragmentation attack see the paper from Andrea Bitteau: http://toorcon.org/2005/slides/abittau/ The serialmonkey CVS repository updated its driver from a new RaLink legacy one. Version 1.6.0 is the modification of this driver with fragmentation support, MAC changing and prism headers enabled by default. This driver seems to fix some threading, some SMP and some endianness issues. So it should be more stable than previous releases. Go get it! Version 1.6.1 works for 2.6.22 kernels and comes with some more stability improvements. AND NOW FINALLY: Version 1.6.2 with a new base version from serialmonkey CVS, all the patches from the previous version an...

RaLink RT73 USB Enhanced Driver

RaLink RT73 USB Enhanced Driver * Support for Fragmentation Attack * Interface is called rausb0 instead of wlan0 to prevent some tools incorrectly detecting it as wlanng or hostap driver * Injection speed can be selected with iwconfig rate command. The default speed yet is 54 MBit. You may want to lower it to 1 MBit before injection with iwconfig rausb0 rate 1M * NEW: ToDS packets aren't dropped by the driver anymore. WPA handshake captures are finally possible! IMPORTANT! Version 3.0.0 is a new fork from the current serialmonkey CVS. It has fixes for 2.6.24 and 2.6.25 and does not need setting a MAC Address before bringing the interface up. This version includes all the enhancement of the 2.0 series of this driver. If you unplug the card while its still in use, it may crash your system. So close all applications accessing it, bring the interface down and then remove the device. IMPROVEMENT! There is a tiny extra in the 3.0.0 driver. Maybe you can find it with iwpriv ;) YOU MAY HA...

Enhanced Injection driver for Intel ipw3945

This is based on a driver made for testing purposes called ipwraw. It allows raw packet Tx/Rx with the Intel PRO/Wireless 3945ABG adapter, it's raw mode only and can't be used for normal connections to the internet. ipwraw doesn't have wireless extensions, so this modification adds some to make it easier to work with programs like aircrack-ng, kismet, mdk, ... New in ipwraw-ng 2.3.4: * Added compatibility fixes for recent kernels (2.6.23 and newer) * Fixed bug when setting 5.5 Mb/s rate with iwconfig * Fixed bugs (I hope) in Makefile - it would report that old firmware versions were adequate and also had some cosmetic glitches * Added set TxPower Wireless Extension. Now TxPower can be set using iwconfig INTERFACE txpower TXPOWER (INTERFACE is normally wifi0, or eth0; TXPOWER is a the value you want to set, min=-12 and max=16) This version includes some fixes ported from ipw3945 driver. It should be more stable now... D...

RT73 Wireless Driver Update Kernel 2.6.27 - better RF sensitivity

There are a considerable number of people using computers with Linux that depend on Ralink RT73 devices for wireles network access. As usage of the advanced kernels increases, legacy wireless drivers lose compatability, and require replacement. The excellent K2WRLZ drivers for Ralink wireless devices are an example, and recently they have ben made compatible with kernel 2.6.27. Follow the procedure below to upgrade the legacy RT73 wireless driver for compatibility with Debian or Slackware based systems (Sidux, Ubuntu, Slax, Bluewhite64, etc) that use kernel 2.6.27. The upgrade process consists of obtaining the source code, then compiling and installing the new driver. From start to finish, no more than fifteen minutes are required of the average person. The author is rather slow, and was successful in the upgrade; anyone who can download files and work in the Linux console (executing a few commands) should have no problem. Start by downloading the latest driver: rt73-k2wrlz-3.0.2.tar.b...