Aircrack - Fast Wep Cracking Tool, got it built, need to start testing Options

[speculatrix]

Hmm, a low memory version aircrack would be nice.

I'm not sure it's doable without a major rewrite - it has to store each IV, which is five bytes (I think, according to a previous post). Either you'd have to mmap the file and do a huge number of seeks, or extract the IVs into some sort of hashing DB... whether that's possible I don't know.

What would be really nice would be some really REALLY high speed SDRAM cards in a CF format, a true RAM disk. Or solder some more RAM into your Z. (whoosh, off on a dream again. these Zs are *so* addictive for playing "what-if" ).

[offroadgeek]

I put an 80mb swapfile on my SD card and aircrack works great now...

I don't normally have wep setup on my home AP since it's outside of my firewall and I like to share my wifi with my neighbors, etc.... but I wanted to see aircrack in action so I setup 128bit WEP on the AP and have my laptop connected to it (downloading ISOs). I've started wellenreiter and my stop watch to see about how long it would take to get 500,000 packets. I also have the capture file set on my SD card with about 600mb free, so it should have enough space

We'll see what happens

[offroadgeek]

so after 6 hours and 15 minutes of wellenreiter running it captured 25,217 packets to a 2.2mb file. I was expecting the file to be much larger. I'm wondering if I did something wrong or didn't have some of the wellenreiter settings set up correctly.

either way, I had aircrack running for over an hour, and for some reason my 1000 went to sleep by itself. I've changed some settings in the light and power app to hopefully prevent it from going to sleep (unless I make it), and left the wifi on (in case the active network will keep it alive too). I'll see if it cracks the wep in the morning.

P.S. I'm impressed that I haven't had any memory issues so far with it

[charlesa]

We'll see what happens

Yes I got it running on a 64mb swap.

Try running aircrack with a fudge factor of 4 (ref: http://www.securityfocus.com/infocus/1814). You may get a better/faster result.

C.

[offroadgeek]

We'll see what happens

Yes I got it running on a 64mb swap.

Try running aircrack with a fudge factor of 4 (ref: http://www.securityfocus.com/infocus/1814). You may get a better/faster result.

C.

Thanks, I might try that on my next run. It's been running for just 9 hours, and it hasn't finished. Let's hope it won't take 60 hours, I was hoping to use my Z this weekend

[Olivier]

I have a sharp rom C3000 with same aircrack error.

To solve the issue I have created a swap file (128 MB) as following on my hardisk ( for c6000 or other, I think same can be done one a CF memory card) :

open a terminal as supervisor and then type following commands :

dd if=/dev/zero of=/hdd3/swapfile bs=1048576 count=128
mkswap /hdd3/swapfile
swapon /hdd3/swapfile

to check swap is activated type : cat /proc/swaps

error on aircrack should have now disappeared.

[Siftah]

Ummmm.

You could just use the Zaurus to create the capture files, then use aircrack on a normal desktop machine/laptop to actually break the wep key.

You'll need a fairly large chunk of data to get the WEP key broken, for a 128bit key then something like a gig of data may need to have passed over the WLAN in order for enough IV's to be captured to break the WEP key.

Also, using airodump and setting it to just store IV's will greatly reduce the data stored, you can then easily transfer this back to a desktop machine to run aircrack on it, etc

HTH.

[born2wonder]

so after 6 hours and 15 minutes of wellenreiter running it captured 25,217 packets to a 2.2mb file.  I was expecting the file to be much larger.  I'm wondering if I did something wrong or didn't have some of the wellenreiter settings set up correctly.

Recommendations:

Aircrack-ptw: Using aircrack-ng, 64 bit wep needs around 400,000 IV's and 128 bit needs a cool million. That being said, you should try to use aircrack-ptw (can google it for info) which needs as less as 20,000-40,000 IVS to crack wep. Ive used it many times and is a great program. If using airodump to capture dont use the --ivs as aircrack-ptw need full capture file.

Injection: Most of the time, you will need to inject packets into the network to generate alot of IVS fast. You will need a wlan cf card capable of injection (AFAIK all prism2/prisim3 cf cards support it). U also need drivers supporting injection such as Hostap. Aireplay-ng is the tool i use to inject and replay packets. Attacks available for client-connected networks as well as client-less ones. I collect 40,000 Ivs in less than 10 minutes on my LifeBook P1510 (1 kg tablet) running backtrack.

I am buying a c1000 (still deciding on supplier) in a few days; if i manage to crack a wep network, i will post a little step-by-step how-to. Hope this helps.

[Capn_Fish]

so after 6 hours and 15 minutes of wellenreiter running it captured 25,217 packets to a 2.2mb file.  I was expecting the file to be much larger.  I'm wondering if I did something wrong or didn't have some of the wellenreiter settings set up correctly.

Recommendations:

Aircrack-ptw: Using aircrack-ng, 64 bit wep needs around 400,000 IV's and 128 bit needs a cool million. That being said, you should try to use aircrack-ptw (can google it for info) which needs as less as 20,000-40,000 IVS to crack wep. Ive used it many times and is a great program. If using airodump to capture dont use the --ivs as aircrack-ptw need full capture file.

Aircrack-ng 0.9.x has the PTW attack. I just broke my WEP key with under 30000 IVs using 0.9 on my Z.