📄 readme.txt
字号:
-------------------------------------------------------------------------------
aircrack documentation
-------------------------------------------------------------------------------
What is aircrack ?
aircrack is a set of tools for auditing wireless networks:
+ airodump: 802.11 packet capture program
+ aireplay: 802.11 packet injection program
+ aircrack: static WEP and WPA-PSK key cracker
+ airdecap: decrypts WEP/WPA capture files
It says "cygwin1.dll not found" when I start aircrack.exe.
You can download this library from: http://100h.org/wlan/aircrack/.
To use aircrack, drag&drop your .cap or .ivs capture file(s) over
aircrack.exe. If you want to pass options to the program you'll have to
start a shell (cmd.exe) and manually type the command line; there are no
plans to develop a GUI for aircrack.
C:\TEMP> aircrack.exe -n 64 -f 8 out1.cap out2.cap
See below for a list of options.
Note: you can also use Kismet .dump files for WEP cracking.
Where can I download peek.dll ?
Both peek.dll and peek5.sys are provided in Peek.zip. They should be put in
the same directory as airodump.exe. To use airodump, you must check your
hardware compatibility and install a supported driver.
Where to download aircrack ?
The official download location is http://www.cr0.net:8040/code/network/.
However, if you can't access port 8040 for some reason, you may use this
mirror instead: http://100h.org/wlan/aircrack/.
Also check this WEP cracking video, and this other WPA cracking video
(flash required).
Is there an aircrack discussion forum ?
There is no aircrack mailing-list, however you can post your bugreports and
feature requests on the netstumbler Linux forum which I read quite
regularly.
What is the song in that WEP cracking video ?
The name of the song is Moskau, performed by Dschinghis Khan.
How do I crack a static WEP key ?
The basic idea is to capture as much encrypted traffic as possible using
airodump. Each WEP data packet has an associated 3-byte Initialization
Vector (IV): after a sufficient number of data packets have been collected,
run aircrack on the resulting capture file. aircrack will then perform a
set of statistical attacks developped by a talented hacker named KoreK.
How many IVs are required to crack WEP ?
WEP cracking is not an exact science. The number of required IVs depends on
the WEP key length, and it also depends on your luck. Usually, 40-bit WEP
can be cracked with 300.000 IVs, and 104-bit WEP can be cracked with
1.000.000 IVs; if you're out of luck you may need two million IVs, or more.
There's no way to know the WEP key length: this information is kept hidden
and never announced, either in management or data packets; as a
consequence, airodump can not report the WEP key length. Thus, it is
recommended to run aircrack twice: when you have 250.000 IVs, start
aircrack with "-n 64" to crack 40-bit WEP. Then if the key isn't found,
restart aircrack (without the -n option) to crack 104-bit WEP.
I can't seem to capture any IVs !
Possible reasons:
+ You are standing too far from the access point.
+ There is no traffic on the target wireless network.
+ There is some G traffic but you're capturing in B mode.
+ Something is wrong with your card (firmware problem ?)
By the way, beacons are just unencrypted announcement packets. They're
totally useless for WEP cracking.
Why is there no Windows version of aireplay ?
The PEEK driver doesn't support 802.11 packet injection. In fact, there are
no windows drivers supporting injection AT ALL. And I am NOT going to write
one, so don't bother asking me.
Also, the PEEK driver is only compatible with Windows 2000 / XP. It will
not work under Windows 9x.
Is my card compatible with airodump / aireplay ?
First of all, search Google to find which chipset your card has. For
example, if you have a Linksys WPC54G search for "wpc54g chipset linux".
+-------------------------------------------------------------------+
| | Supported by | Supported by | Supported by |
| Chipset | airodump for | airodump for | aireplay for |
| | Windows ? | Linux ? | Linux ? |
|------------+----------------+-------------------+-----------------|
| | YES (Agere | YES (patched | NO (firmware |
| HermesI | driver) | orinoco driver) | corrupts the |
| | | | MAC header) |
|------------+----------------+-------------------+-----------------|
| | | YES (HostAP or | YES (either |
| | NO, but see | wlan-ng driver), | with HostAP or |
| Prism2/3 | LinkFerret for | STA firmware | wlan-ng, driver |
| | an alternative | 1.5.6 or newer | patching |
| | | required | required) |
|------------+----------------+-------------------+-----------------|
| | NO, but see | YES (prism54 | YES (driver |
| PrismGT | LinkFerret for | driver, FullMAC | patching |
| | an alternative | cards only!) | recommended) |
| | (FullMAC only) | | |
|------------+----------------+-------------------+-----------------|
| | YES (Atheros | YES (madwifi | YES (driver |
| Atheros | driver) | driver) | patching |
| | | | required) |
|------------+----------------+-------------------+-----------------|
| | | | YES (driver |
| | YES (Realtek | YES ( | patching |
| RTL8180 | driver) | rtl8180-sa2400 | required), but |
| | | driver) | somewhat |
| | | | unreliable |
|------------+----------------+-------------------+-----------------|
| | YES (Cisco | YES (airo driver, | |
| Aironet | driver) | firmware 4.25.30 | NO |
| | | recommended) | |
|------------+----------------+-------------------+-----------------|
| | | | YES (driver |
| Ralink | NO | YES (rt2500 / | patching |
| | | rt2570 driver) | required for |
| | | | rt2570) |
|------------+----------------+-------------------+-----------------|
| | | PARTIAL: the | |
| Centrino b | NO | ipw2100 driver | NO |
| | | doesn't discard | |
| | | corrupted packets | |
|------------+----------------+-------------------+-----------------|
| Centrino b | NO | YES (ipw2200 | NO (firmware |
| /g | | driver) | drops packets) |
|------------+----------------+-------------------+-----------------|
| | | NO (and by the | |
| Broadcom | YES (BRCM | way, ndiswrapper | NO |
| | driver) | does NOT provide | |
| | | Monitor mode) | |
|------------+----------------+-------------------+-----------------|
| TI (ACX100 | NO | UNKNOWN (acx100 | NO |
| / ACX111) | | driver) | |
+-------------------------------------------------------------------+
The PEEK driver does not recognize my card.
Some cards are not recognized by the Windows drivers above, even though
they have the correct chipset. In this case, open the hardware manager,
select your card, "Update the driver", select "Install from a specific
location", select "Don't search, I will choose the driver to install",
click "Have disk", set the path to where the driver has been unzipped,
uncheck "Show compatible hardware", and finally choose the driver.
I have a Prism2 card, but airodump / aireplay doesn't seem to work !
First step, make sure you aren't using the orinoco driver. If the interface
name is wlan0, then the driver is HostAP or wlan-ng. However if the
interface name is eth0 or eth1, then the driver is orinoco and you must
disable the driver (edit /etc/pcmcia/config and restart cardmgr).
Also, it can be a firmware problem. Old firmwares have trouble with test
mode 0x0A (used by the HostAP / wlan-ng injection patches), so make sure
yours is up to date -- see below for instructions. The recommended station
firmware version is 1.7.4. If it doesn't work well (kismet or airodump
stalls after capturing a couple of packets), try STA 1.5.6 instead.
On a side note, test mode 0x0A is somewhat unstable with wlan-ng. If the
card seems stuck, you will have to reset it, or use HostAP instead.
I have an Atheros card, and the madwifi patch crashes the kernel /
aireplay keeps saying enhanced RTC support isn't available.
There are quite a few problems with some versions of the Linux 2.6 branch
(especially before 2.6.11 was released) that will cause a kernel panic when
injecting with madwifi. Also, on many 2.6 kernels enhanced RTC support is
just broken. Thus, is it highly recommended to use either Linux 2.6.11.x or
preferably Linux >= 2.4.31.
How do I update my Prism2 firmware ?
Make sure you are using patched HostAP (see below for instructions on how
to patch and install HostAP). Alternatively, you may boot the WHAX Live CD!
(which already has patched HostAP) and run the switch-to-hostap script.
Now that HostAP is loaded, you can check your firmware's primary and
station version with this command:
# dmesg | grep wifi
hostap_cs: Registered netdevice wifi0
wifi0: NIC: id=0x800c v1.0.0
wifi0: PRI: id=0x15 v1.1.1 (primary firmware is 1.1.1)
wifi0: STA: id=0x1f v1.7.4 (station firmware is 1.7.4)
wifi0: registered netdevice wlan0
If the NIC id above is between 0x8002 and 0x8008, you have an old Prism2
and MUST use STA firmware version 1.5.6. Otherwise, you should use PRI
1.1.1 / STA 1.7.4 which is the most stable firmware version for newer
Prism2 cards. Do NOT use firmware 1.7.1 or 1.8.x, people have reported
having trouble with them.
To update the firmware, you'll need prism2_srec from the hostap-utils
package; if it's not present on your system, download and compile
hostap-utils:
wget http://100h.org/wlan/linux/prism2/hostap-utils-0.3.7.tar.gz
tar -xvzf hostap-utils-0.3.7.tar.gz
cd hostap-utils-0.3.7
make
Some Prism2 cards have been restricted to a certain set of channels because
of country regulation. You can activate all 14 channels with the following
commands:
./prism2_srec wlan0 -D > pda; cp pda pda.bak
Edit pda and put 3FFF at offset 0104 (line 24)
Finally, download the firmware and flash your card. If the NIC id is
between 0x8002 and 0x8008:
wget http://100h.org/wlan/linux/prism2/sf010506.hex
./prism2_srec -v -f wlan0 sf010506.hex -P pda
Otherwise:
wget http://100h.org/wlan/linux/prism2/pk010101.hex
wget http://100h.org/wlan/linux/prism2/sf010704.hex
./prism2_srec -v -f wlan0 pk010101.hex sf010704.hex -P pda
If you get the message "ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not
supported", the HostAP driver is not loaded and you must install it. If you
get the message "ioctl[PRISM2_IOCTL_DOWNLOAD]: Operation not supported",
then your HostAP driver has not been patched for non-volatile download
support.
Another alternative is to upgrade the firmware with WinUpdate - this
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -