Notices
Reply
Thread Tools
StefanL's Avatar
StefanL is offline StefanL
2012-01-05 , 17:53
Posts: 298 | Thanked: 341 times | Joined on Aug 2010 @ This world :)
#1
This is similar to reaver, however needs some more work since it is the researcher of the exploit's 'fast and dirty' proof of concept code.

Managed to get it mostly working, however need to get home to my AP to test properly. After making the following change in line 480, it runs, but is stuck in the infinite loop at pin 0000 (similar to other reports on the internet):

Code:
elif (self.rcved.is_set() is False):

to

elif (self.rcved.set() is False):
When running, there is a warning message about IPv6, this one can safely be ignored. It is generated by python-scapy and correctly indicates that the N900 is not running IPv6.

Will post more on requirements and tutorials etc. later.

Requirements:
Python
Python-Scapy (as per readme)
PyCrypto (as per readme)
tcpdump
sudser (suggested to be able to run as root without being root)

Running It:
Set the N900 wireless connection to monitor mode:
Code:
ifconfig wlan0 down
iwconfig wlan0 mode Monitor
ifconfig wlan0 up
Run the program from the directory wpscrack.py is located in. You need to be root to run this properly (seems like it is a requirement for tcpdump to work properly on my set-up):

Code:
sudo python wpscrack.py -i wlan0 -c XX:XX:XX:XX:XX:XX -b XX:XX:XX:XX:XX:XX -s AP_SSID -v
Loads of reports on the internet (as well as from the readme itself ) that python-scapy 2.2.0 is required to make this script work (latest Maemo version is 2.0.0 or something), however I downloaded and installed 2.2.0 from the source, without an improvement. I contacted the packager for the Maemo version Yves-Alexis Perez, but he replied that he will not be able to help anymore:

> Is it possible for you to provide a deb for the latest version (2.2.0) for maemo?

Same reply as for Christos Zamantzas. I don't have my n900 anymore and doesn't have any build architecture ready, so not really. Regards,-- Yves-Alexis

If anybody is interested in making a deb package from the Debian source, Yves-Alexis provides the following hint:

Afair (it was a long time ago), what I did was just to pick the Debian source package, remove the libatm-dev build-dependencies and rebuild in scratchbox, then upload. Regards,-- Yves-Alexis

Update:
Managed to properly install scapy from the source as per the following. Download from the previous link and untar in your favourite location, change to the newly created scapy directory, build the package and then install
Code:
tar -xzvf scapy-latest.tar.gz
cd scapy
python setup.py build
sudo python setup.py install
Now the program runs with only the IPv6 Warning Message but is still stuck in the infinite loop at pin 0000 (small steps ).
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working : Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much : WPScrack (Maemo5)
Last edited by StefanL; 2012-01-23 at 12:05. Reason: Additional info added
 

The Following 7 Users Say Thank You to StefanL For This Useful Post:
Saturn's Avatar
Saturn is offline Saturn
2012-01-08 , 13:02
Posts: 1,648 | Thanked: 2,122 times | Joined on Mar 2007 @ UNKLE's Never Never Land
#2
Yes I mentioned in the other thread that I contacted him.

Anyway, just for info:

check the bdist_maemo option.

Code:
~/scapy-2.2.0 $ python setup.py --help-commands
Standard commands:
  build            build everything needed to install
  build_py         "build" pure Python modules (copy to build directory)
  build_ext        build C/C++ extensions (compile/link to build directory)
  build_clib       build C/C++ libraries used by Python extensions
  build_scripts    "build" scripts (copy and fixup #! line)
  clean            clean up temporary files from 'build' command
  install          install everything from build directory
  install_lib      install all Python modules (extensions and pure Python)
  install_headers  install C/C++ header files
  install_scripts  install scripts (Python or otherwise)
  install_data     install data files
  sdist            create a source distribution (tarball, zip file, etc.)
  register         register the distribution with the Python package index
  bdist            create a built (binary) distribution
  bdist_dumb       create a "dumb" built distribution
  bdist_maemo      Package for distribution on Maemo platform
  bdist_rpm        create an RPM distribution
  bdist_wininst    create an executable installer for MS Windows

usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
   or: setup.py --help [cmd1 cmd2 ...]
   or: setup.py --help-commands
   or: setup.py cmd --help
also:

Code:
~/scapy-2.2.0 $ python setup.py bdist_maemo --help
Common commands: (see '--help-commands' for more)

  setup.py build      will build the package underneath 'build/'
  setup.py install    will install the package

Global options:
  --verbose (-v)  run verbosely (default)
  --quiet (-q)    run quietly (turns verbosity off)
  --dry-run (-n)  don't actually do anything
  --help (-h)     show detailed help message

Options for 'bdist_maemo' command:
  --name          Package name
  --section       Section (Only 'user/*' will display in AI usually)
  --priority      Priority
  --architecture  Architecture
  --depends       Other Debian package dependencies (comma separated)

usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
   or: setup.py --help [cmd1 cmd2 ...]
   or: setup.py --help-commands
   or: setup.py cmd --help

I was able to create a deb with that, but something else was not working for me there. So i gave up since i dont have time to play more with this.

hope it helps.
__________________
Packages: elGR Locale, SMSCON Editor, Swappolube, CSSU Features Configuration, Snuggle, YAMAS, Cleven
 Garage: SMSCON, Swappolube, CSSU Features Configuration, Snuggle
Wiki: SMSCON, SMSCON Editor, Swappolube, CSSU Features Configuration, Cleven
 

The Following 3 Users Say Thank You to Saturn For This Useful Post:
te37v is offline te37v
2012-01-27 , 16:47
Posts: 137 | Thanked: 34 times | Joined on Jul 2010 @ United States
#3
Wpscrack uses the wlan0 interface rather than Mon0?
__________________
Sent via my Verizon crapPhone.
Last edited by te37v; 2012-01-27 at 16:48. Reason: speelling
 
StefanL's Avatar
StefanL is offline StefanL
2012-01-31 , 16:56
Posts: 298 | Thanked: 341 times | Joined on Aug 2010 @ This world :)
#4
Originally Posted by te37v View Post
Wpscrack uses the wlan0 interface rather than Mon0?
I am not sure it makes a difference, to get the mon0 interface you need to run something like
Code:
airmon-ng start wlan
.
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working : Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much : WPScrack (Maemo5)
 

The Following User Says Thank You to StefanL For This Useful Post:
te37v is offline te37v
2012-02-01 , 00:50
Posts: 137 | Thanked: 34 times | Joined on Jul 2010 @ United States
#5
You're right. I haven't manually done that in a while
__________________
Sent via my Verizon crapPhone.
 
Reply

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 13:12.

Contact Us - Home - Archive - Top