Searching for Aircrack Howto!
 

Hi,

looks like a nice forum here!

Ok, now my question. I would like to try out aircrack here at my home network. Who can help me with this? A short step by step howto would be great.

Re: Searching for Aircrack Howto!
 

I think, long story short, aircrack will not work properly on a 770. I know, I was bummed too.

Re: Searching for Aircrack Howto!
 

The main problem with the aircrack-ng suite on the N800 (and the N770 to afaik) is that you can't do packet injection. This means that to crack a WEP key you have to wait around until enough traffic passes over the WEP protected link to crack the WEP key. If injection did work, you could effectively create the traffic you need yourself in a few minutes.

But you can use the suite. Try this after installing aircrack-ng
start Xterm, and become root.

Then enter:
airodump-ng wlan0

This will show you what networks are around, and the MAC addresses of the access points and computers which are connected, and what channels they are operating on. Make a note of the channel of the access point you want to test (ie your own one)

Now quit airodump-ng by doing a control c , then restart it by typing

airodump-ng -c X -w mycapture --ivs wlan0

but change the X for the channel number of your access point. This will start capturing data which you will use to crack the WEP key, in a file called mycapture-01.ivs in your home directory

Now you have to wait for a while, till you have captured enough data to crack the WEP key. If the access point is busy then you might not have to wait too long.

Anyway, after an hour or so, you can try cracking it.

Type:

aircrack-ng mycapture-01.ivs

and hope for the best.

aircrack will try to crack the key, and if you have enough data captured it should crack the key eventually. If not, it will keep trying, as you gather more and more data, until you are successful (or never if you are unlucky, or if there is not enough traffic on the network)

The latest version of aircrack-ng (0.9.1 I think) has been compiled for the N770 / N800 and this includes the new PTW wep attack. The PTW attack, which you activate by using the -z option when you use aircrack-ng, can crack keys with far far less captured traffic than the default attacks that aircrack-ng uses without the -z option, but sadly it only works on traffic captured as a result of a certain method of packet injection, and as the Nokias don;t support packet injection you can't use it.

(If you want to test it on the N800, use a capture file generated by traffic injection from another computer. If you have such a capture file, say injection.cap, you can transfer it to the Nokia tablet and test it by typing:

aircrack-ng -z injection.cap

and you should get the key very swiftly indeed)

Hope this helps, and think very hard before cracking someone else's access point as this could get you in trouble in many countries.

EDIT: Make sure you have wirelesstools installed too - see post later in this thread

Re: Searching for Aircrack Howto!
 

Thats an awesome explanation. Thank you much!

Re: Searching for Aircrack Howto!
 

What a great tutorial, finally, a clear and simple guide to basic packet capture.

Sadly, I can't seem to get airodump-ng to display a list of networks, does not seem to get recognized as a valid entry and displays the list of available command line options (-c -w ....)

The aircrack part of the tutorial works great. Since I couldn't generate a packet dump with airodump, I've used Kismet, but I really hate having to reboot after it's usage (fearing a WSOD), and would much prefer if I could get airodum to function.

Re: Searching for Aircrack Howto!
 

oprion - that's very strange that airodump-ng doesn't work. You definately seem to be typing the right command.

Just as a matter of interest, if you type ifconfig does wlan0 show up?

airodump-ng on the N800 is a little flakey anyway - I think because of driver issues you tend to get phantom APs as well as real ones showing up, and it will sometimes misdiagnose WEP protected APs as WPA2 etc etc. I don't know if the same is true on a N770

Re: Searching for Aircrack Howto!
 

Hey Mfresh, I too am having the same problem getting airodump-ng to work. Gaining root is no problem, and I have tried a number of airodump commands all which return the same error... "Can't find wireless tools, exiting." And if I just type airodump-ng wlan0 I get the same command list that opiorn gets.

Soo.... i tried the ifconfig and wlan is nowhere to be found. just lo. Any ideas? PS, thanks for your help.

Re: Searching for Aircrack Howto!
 

open xterm
sudo gainroot
apt-get install wirelesstools

Re: Searching for Aircrack Howto!
 

DUDE, THAT WORKED... brendan, THANK YOU!

Re: Searching for Aircrack Howto!
 

Nice one brendan

Re: Searching for Aircrack Howto!
 

Yep... I had the same probs... but not any more. :) Thank you!!!

Re: Searching for Aircrack Howto!
 

So I get airodump to capture packets, but the # packets under "data" does not match the #IV's aircrack claims I collected. For example, I ran a short test and airodump claimed to capture 5300 IV's and Aircrack claimed I only captured 73. I am running the following script:
airodump-ng -c 6 -w zack --bssid **:**:**:**:**:** --ivs wlan0

** astericks are instead of actual MAC address.

If anyone could please shed some light on the discrepancy between programs.

Oh and one more thing, how do you write to a previously created file (in this case zack-01.ivs).

Re: Searching for Aircrack Howto!
 

Could somebody define the steps if I wanted to use Kismet to gather the packets and use Aircrack for the procedure?

Re: Searching for Aircrack Howto!
 

Installed wireless tools. wlan0 now shows up in ifconfig.

airodump-ng wlan0 -still displays a list of available command-line options.

Re: Searching for Aircrack Howto!
 

if you do the following it sort of works:

airodump-ng -w mycapture --ivs wlan0

this gives you all the data from all channels in a file. then you can go back and run the statement again with the -c X thing that he mentioned earlier.

Re: Searching for Aircrack Howto!
 

This doesn't work for me.
This does work, I just put channel 11, my AP channel.
I left it on overnight, but woke up to it saying "SIGALRM". Which might mean the unit went to sleep (too!) and didn't wake.

Is there a way to tell it to not sleep?

Re: Searching for Aircrack Howto!
 

awesome, this thread got me up and running.

Re: Searching for Aircrack Howto!
 

Cracking Wep on a 770 is useless in real sircumstances as wifi drivers don't support injection but for studing purposes its cool. It would be great if we had good drivers - 770 would be the great key breaking device.

Re: Searching for Aircrack Howto!
 

i start airodump-ng and after some minutes i get "read failed: Network is down".does anybody knows something?
Also i only get 1 to 6 ivs
Help me please

Re: Searching for Aircrack Howto!
 

"airodump-ng -w mycapture --ivs wlan0" worked for me. Get all the data in the file. But here is my uber-noob question:

How do I know just by looking at a mac address that this is the wireless for which I want the key ? :(

Re: Searching for Aircrack Howto!
 

Uh, actually it shows the ssid.

Re: Searching for Aircrack Howto!
 

I am new to WEP cracking so I found this thread informative. I tried out the setup and got airodump-ng to work.

However, after killing airodump, when I tried to select a connection from the desktop, I couldn't find any networks any more. I had to reboot in order for it to find my default network - which it connected automatically.

Is there something I could have done to reset the "search" without having to reboot?

thanks.

Re: Searching for Aircrack Howto!
 

I think this might be what you looking for:

https://garage.maemo.org/projects/resetwlan/

Re: Searching for Aircrack Howto!
 

....and be sure to place your Nokia Internet Tablet in one of those silicone sleeves PRIOR to putting it into promiscuous mode. ;)

Re: Searching for Aircrack Howto!
 

For those of you failing to understand my sense of humor, look here. Covering your N800 in rubber protects it while it is in promiscuous mode.

http://cgi.ebay.com/Nokia-800-N800-S...QQcmdZViewItem

I hope that clarifies it.
.

Re: Searching for Aircrack Howto!
 

Hello EveryOne.. I have the same problem that he has.. when I star airodumo-ng in some minutes I get the error that that the Network is down.. can someone tell me what is wrong..?:confused:

Re: Searching for Aircrack Howto!
 

The wireless manager is taking it out of monitor mode.

Re: Searching for Aircrack Howto!
 

but why always it does that..?? every time I do it. It says that same thing.. :confused:

Re: Searching for Aircrack Howto!
 

change the wireless settings to search never instead of every 10 minutes.. .. that seemed to fix it for me
oh and if you have os2008 and want to get current networking tools add repo to package manager:

http://www.mulliner.org/nokia770/repository/
chinook
free

Re: Searching for Aircrack Howto!
 

Hello there! How can I change the wireless settings to search never instead of every 10 Minutes...???:confused:

Re: Searching for Aircrack Howto!
 

I have a nokia n800 and I am brand new to Linux and do not completely understand xterm. When I enter sudo gainroot, it asks me to enable rd mode. What is rd mode and how do I enable it.
Thank You
Steve

Re: Searching for Aircrack Howto!
 

same problem here.... enable rd mode...

Re: Searching for Aircrack Howto!
 

Do you have either the becomeroot or rootsh packages installed? I would install rootsh instead of becomeroot. After you install rootsh then typing sudo gainroot will give you root.

Re: Searching for Aircrack Howto!
 

No... unfortunately there isn't :/

root
 

I went to gronmayer downloaded the eko one package, which has become root, then went to aplication manager done the red pill thing.. then went to the x-term and did.. sudo gainroot.. but still says enable rd mode.. any suggestion??

Re: Searching for Aircrack Howto!
 

So you decide how much data is collected? or airodump stops automatically after enough data collected for cracking?

Re: Searching for Aircrack Howto!
 

is it looking at the #data to c whether the data collected in enough??

# Data -- Number of captured data packets (if WEP, unique IV count), including data broadcast packets.

Re: Searching for Aircrack Howto!
 

hallo i just like to share my experience...
N900 how to crack a WEP key with it... Today i have success of crackin my own WEP key ... exact commands
Ifconfig wlan0 down
iwconfig wlan0 mode monitor
if config wlan0 up
aireplay wlan0 -9 (note the MAC adress)
airodump-ng -w (what ever you want filename) -c (channel)
--bssid (noted mac adress) wlan0
after 1hour and 12 minutes i had 50 000 packages
ctrl+c (ctrl on the screen) aircrack-ng (name of the file you typed .cap) 1 minute after that =) i haved the correct key
Note: all that is with root access
if you do it with notebook dont use wlan0 in my ubuntu is mon0 after makin a monitor mode ... oh and there is a aireplay -0 1 -a mac adress wlan0 for deauth but if you dont know what that is you can simply w8 share your experience after tryin this ... and btw i saw that some guys in the forum says that they need some drivers for injection or something ... LIE ... maybe you ned it for WPA but no for WEP ...

Re: Searching for Aircrack Howto!
 

[QUOTE=

airodump-ng -w (what ever you want filename) -c (channel)
--bssid (noted mac adress) wlan0

...[/QUOTE]

im gettin stuck at this point just gettin airodump ng help any ideas whats wrong .

many thanks

Re: Searching for Aircrack Howto!
 

What error do you get?

Try running as root.