Re: [still new]: aircrack-ng-1.0-beta2
Stuart Henderson wrote: On 2008/03/10 00:15, Stefan Sperling wrote: Uhmmm, well, no... :-) The packet dumping code for OpenBSD is fairly new, maybe it has a bug in it? Have you tried dumping with Kismet instead? Ah, that's a good idea, I'll remember that next time I test it. (i.e. No I haven't :-) Also, keep in mind that this is a beta release, so technically it should not even have been submitted for the main ports tree... Obviously newest beta just for the sake of having the newest code isn't the way to go, but personally: if using a beta release is the best way to get something working well, or it gives real advantages without breaking things, I don't see that as being a problem. Especially for a new port where you don't have existing users to keep happy. Been playing with aircrack-ng-1.0-beta2 for a while on FreeBSD7. Everything I tried worked so far. Just tried active arp injection attack on my own AP with 128bit WEP. it worked fine. Afterwards I scp'ed the capture dump over to OpenBSD 4.2 -stable box, where I've been able to recover the key with manually compiled aircarck-ng beta2. Unfortunately, I don't have a wifi card in that box capture traffic there. In any case, couple pointers: 1) When capturing traffic with airodump-ng, use --ivs switch, that's a requirement for PTW attack. 2) to enable PTW attack with aircrack-ng, use -P 2 switch (this attack is almost instant, google aircrack ptw for details) [EMAIL PROTECTED] ~/aircrack-ng-1.0-beta2] ./src/aircrack-ng -n 128 -P 2 /home/x/home.cap-01.ivs Opening /home/x/home.cap-01.ivs Read 43843 packets. # BSSID ESSID Encryption 1 00:14:95:18:20:99 2WIRE695 Unknown 2 00:13:10:58:47:6E Home Wireless Unknown 3 00:14:BF:71:22:07 xxx WEP (43823 IVs) 4 00:14:95:7B:1C:69 2WIRE966 Unknown 5 00:1B:5B:60:63:11 2WIRE931 Unknown 6 00:0D:72:D1:0A:51 ganz Unknown 7 00:0C:41:D1:C6:4FWEP (12 IVs) 8 00:14:6C:01:06:F8 Peter Unknown Index number of target network ? 3 Opening /home/x/home.cap-01.ivs Attack will be restarted every 5000 captured ivs. Starting PTW attack with 43823 ivs. KEY FOUND! [ 28:71:84:21:C5:79:0C:C3:91:E4:8D:41:95 ] Decrypted correctly: 100% I'll see if i can find a wifi card for openbsd box to test it all there appropriately
Re: [still new]: aircrack-ng-1.0-beta2
On 2008/02/12 18:28, Stefan Sperling wrote: Update for this port I made ages ago. Back than many tools in this suite didn't even compile, but in the 1.0 line, which is still considered experimental, support for OpenBSD has improved quite a bit. E.g. arp injection is possible provided you have a card that can run in monitor mode. Both patches included in this port have already been applied upstream and will be part of future versions. Tested on OpenBSD-current/i386 with a Ralink card. this looks ok, but I wasn't able to recover a key with it after a lot longer and a lot more IV than everything led me to believe would be needed.. did others have better luck?
Re: [still new]: aircrack-ng-1.0-beta2
Hey Stuart, On Sun, Mar 09, 2008 at 10:26:33PM +, Stuart Henderson wrote: On 2008/02/12 18:28, Stefan Sperling wrote: Update for this port I made ages ago. Back than many tools in this suite didn't even compile, but in the 1.0 line, which is still considered experimental, support for OpenBSD has improved quite a bit. E.g. arp injection is possible provided you have a card that can run in monitor mode. Both patches included in this port have already been applied upstream and will be part of future versions. Tested on OpenBSD-current/i386 with a Ralink card. this looks ok, but I wasn't able to recover a key with it after a lot longer and a lot more IV than everything led me to believe would be needed.. did others have better luck? Uhmmm, well, no... I tried cracking a 128bit key that I put on a wifi interface of another openbsd box. I gathered packets for a few hours using aireplay-ng and airodump-ng. aircrack-ng couldn't recover the key on neither OpenBSD nor FreeBSD (I ran it there too cause my FreeBSD box has faster hardware). I figured this was maybe due to OpenBSD's WEP implementation being smarter than the average old router's, e.g. it avoids sending weak IVs altogether. Then I got bored with it. I was going to test a 64bit key as well but never got around to that. So yeah, tested in my original mail was mainly referring to testing the port. Testing the cracking was still in progress when I sent it :) The packet dumping code for OpenBSD is fairly new, maybe it has a bug in it? Have you tried dumping with Kismet instead? I guess comparing the performance of this port to a known-working aircrack-ng install (e.g. a Linux system) might be a good idea. Also, keep in mind that this is a beta release, so technically it should not even have been submitted for the main ports tree... -- stefan http://stsp.name PGP Key: 0xF59D25F0 pgplzBTwtZJdP.pgp Description: PGP signature
Re: [still new]: aircrack-ng-1.0-beta2
On 2008/03/10 00:15, Stefan Sperling wrote: Uhmmm, well, no... :-) The packet dumping code for OpenBSD is fairly new, maybe it has a bug in it? Have you tried dumping with Kismet instead? Ah, that's a good idea, I'll remember that next time I test it. (i.e. No I haven't :-) Also, keep in mind that this is a beta release, so technically it should not even have been submitted for the main ports tree... Obviously newest beta just for the sake of having the newest code isn't the way to go, but personally: if using a beta release is the best way to get something working well, or it gives real advantages without breaking things, I don't see that as being a problem. Especially for a new port where you don't have existing users to keep happy.
[still new]: aircrack-ng-1.0-beta2
Update for this port I made ages ago. Back than many tools in this suite didn't even compile, but in the 1.0 line, which is still considered experimental, support for OpenBSD has improved quite a bit. E.g. arp injection is possible provided you have a card that can run in monitor mode. Both patches included in this port have already been applied upstream and will be part of future versions. Tested on OpenBSD-current/i386 with a Ralink card. -- stefan http://stsp.name PGP Key: 0xF59D25F0 aircrack-ng-1.0-beta2.tar.gz Description: Binary data pgpFYwm6JjG3V.pgp Description: PGP signature