Wesside-ng & Easside-ng, (solved: won't work with hostap, no fragmentation avalaible) Options

[same]

hello,

is wesside-ng (-k option enabled)/easside-ng working (apt-get install aircrack-ng)?

would be the perfect tool for using with zaurus on the road

"Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme, reinject ARP requests and finally determine the WEP key. All this is done without your intervention."

http://www.aircrack-ng.org/doku.php?id=wesside-ng

Thnx for sharing your experience

(EDIT) usage examples:

wesside-ng

CODE

wesside-ng -i wlan0 -v $AP_MAC -c $AP_CHAN

easside-ng

CODE

buddy-ng
easside-ng -f wlan0 -s 127.0.0.1 -v $AP_MAC -c $AP_CHAN

[Capn_Fish]

I don't think we can use it until Yoggun's kernel is patched for HostAP packet injection (I already PM'd him about it and gave him the patch link, so it ought to be in the next realease, thanks 2or0!).

[same]

thnx for the info Capn.

I installed debian some time ago (uboot age), but moved back to pdaxrom. if aircrack-ng beta2 works on debian i'll consider installing eabi again with dualbooting pdaxrom (cause does too many things eabi can't )

[2or0]

I don't think we can use it until Yoggun's kernel is patched for HostAP packet injection (I already PM'd him about it and gave him the patch link, so it ought to be in the next realease, thanks 2or0!).

The kernel was patched for 'HostAP packet injection'. If someone is interested, download and test the modules.
http://yonggun.tistory.com/72

[same]

lol

2oro, you always have it done before we claim! thanx for your work

then, can anyone test wesside-ng?

PS: testing injection

CODE

aireplay-ng -9 wlan0

it should reply something like this:

CODE

16:29:41  wlan0 channel: 9
16:29:41  Trying broadcast probe requests...
16:29:41  Injection is working!
16:29:42  Found 5 APs

16:29:42  Trying directed probe requests...
16:29:42  00:09:5B:5C:CD:2A - channel: 11 - 'NETGEAR'
16:29:48  0/30: 0%
16:29:48  00:14:BF:A8:65:AC - channel: 9 - 'title'
16:29:54  0/30: 0%
16:29:54  00:14:6C:7E:40:80 - channel: 9 - 'teddy'
16:29:55  Ping (min/avg/max): 2.763ms/4.190ms/8.159ms
16:29:55  27/30: 90%
16:29:55  00:C0:49:E2:C4:39 - channel: 11 - 'mossy'
16:30:01  0/30: 0%
16:30:01  00:0F:66:C3:14:4E - channel: 9 - 'tupper'
16:30:07  0/30: 0%

http://www.aircrack-ng.org/doku.php?id=inj...0482eb4a66345ab

[Capn_Fish]

It worked for me (the test), but in real-world testing, it didn't. I'm marking it down to a touchy card.

[same]

It worked for me (the test), but in real-world testing, it didn't. I'm marking it down to a touchy card.

that's good, thanx for replying

¿are you using airoscript for the aircrack-ng suite? it's quite easy to use all-together

on the other hand, by "touchy card" i guess you mean low range? you could try to put a LR03 battery (unloaded is ok, no need to be brand new) on the CF card
 IMG_1317.JPG ( 14.79K ) Number of downloads: 29

easy mod to extend range (mine is a planex GW-CF11H). play with the position of the battery to get the best range.

anyway, would be nice that someone could post the impressions on using wesside-ng & easside-ng on the zaurus, in pdaxrom the wesside-ng version has no -k param, and I always get "ERROR max"

I know I should test it myself, but I had a hard time restoring all my customization of pdaxrom, couldn't fully restore my backup and I need a good reason to reinstall debian, again

[Capn_Fish]

By "touchy" I mean it SHOULD inject, but won't under some OSs and conditions (in pdaX, it needed its MAC changed, in Angstrom, it worked only without changing the MAC).

EDIT: airoscript doesn't work either. I'll run more tests later (it had errors, but closed the terminal windows too fast to read them).

[BarryW]

It worked for me (the test), but in real-world testing, it didn't. I'm marking it down to a touchy card.

that's good, thanx for replying

¿are you using airoscript for the aircrack-ng suite? it's quite easy to use all-together

on the other hand, by "touchy card" i guess you mean low range? you could try to put a LR03 battery (unloaded is ok, no need to be brand new) on the CF card
 IMG_1317.JPG ( 14.79K ) Number of downloads: 29

easy mod to extend range (mine is a planex GW-CF11H). play with the position of the battery to get the best range.

anyway, would be nice that someone could post the impressions on using wesside-ng & easside-ng on the zaurus, in pdaxrom the wesside-ng version has no -k param, and I always get "ERROR max"

I know I should test it myself, but I had a hard time restoring all my customization of pdaxrom, couldn't fully restore my backup and I need a good reason to reinstall debian, again

You've got one of those "gold" stickers on the back of your cell phone too don't you.

[same]

Capn

EDIT: airoscript doesn't work either. I'll run more tests later (it had errors, but closed the terminal windows too fast to read them).

just watch the initial variables of airoscript.sh, you could have to change something.
for closing windows change DEBUG=0 to DEBUG=1, it will hold shell windows to see the error

Barry

You've got one of those "gold" stickers on the back of your cell phone too don't you.

¿have you tried that? i suppose not. the battery is just concentrating the WiFi signal, much as would any metallic item ( nail/screw etc) that acts as a radio antenna.

You don't need a battery- maybe just wrap some wire around the CF card & move it near a window (and keep doing the idiot), but battery is the more portable and does a very good job, at least for my card scheme.

use a program that reports you real time signal values, test things before talkin shit. or just shut up

EDIT: the gold sticker in action, from 3 APs seen to 15 or 20 APs.

[mikeones]

You've got one of those "gold" stickers on the back of your cell phone too don't you.

/me wonders if BarryW is on netstumbler.org forums... :-/

[maemorandum]

Zero:
- You can dismantle the spcelink cf-card to solder a sma-connector for better signals.

First:
- The kernel-driver for hostap is already patched for packet-injection. This seems surprising - but if you know how to test is, you will see,

Second:
- Airoscript works perfect on eabi/yonggun with the patches hostap-drivers. If you know how to use it and how to set the parameters - test it.

Third:
- wesside-ng and easside-ng are absolutely experimental. And important: Both technics won´t work with the hostap-drivers.
You have to use other drivers for it. Unfortunately there are no other patched drivers skipped with this kernel.

Forth:
- Do not play around with wep-cracking-technics if you absulutely don´t know what you are doing!!!!!!!!! Only use them for your own ap - or yours might be the next victim.

[same]

maemorandum thnx for your reply, very helpfull for this topic

as I could read so far:

Hostap Limitations
There are some important limitations with this driver:

Fragmentation attack does not work
...

http://www.aircrack-ng.org/doku.php?id=hostap

as wesside-ng uses fragmentation tech, it's not going to do anything with hostap driver

[zeroc87]

can I install this kernel with uboot bootloader and not with sharp bootloader?thanks

[xamindar]

anyone still messing with these? It looks like yongguns hostap driver doesn't even work at all. I get better luck with the orinoco drivers which don't even have injection. with orinoco "aireplay -9 eth4" at least gives me results that it found APs, but with hostap it just gives three messages about "invalid skb-cb magic" or something and quits.

wesside-ng just scans forever never finding any APs with hostap whereas with orinoco it finds one right away and attempts to crack it.

Is hostap just broken on yongguns kernel or am I missing something?