User Tools

Site Tools


aircrack-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
aircrack-ng [2009/10/08 20:47]
darkaudax Updated to reflect v1.0 changes
aircrack-ng [2018/03/11 18:58] (current)
mister_x Updated link to ticket
Line 4: Line 4:
 Aircrack-ng is an 802.11 WEP and WPA/​WPA2-PSK key cracking program. Aircrack-ng is an 802.11 WEP and WPA/​WPA2-PSK key cracking program.
  
-Aircrack-ng can recover the WEP key once enough encrypted packets have been captured with [[airodump-ng]]. This part of the aircrack-ng suite determines the WEP key using two fundamental methods. ​ The first method is via the PTW approach (Pyshkin, Tews, Weinmann). ​ The default cracking method is PTW.  This is done in two phases. ​ In the first phase, aircrack-ng only uses ARP packets. ​ If the key is not found, then it uses all the packets in the capture. ​ Please remember that not all packets can be used for the PTW method. ​ This [[supported_packets|Tutorial:​ Packets Supported for the PTW Attack page]] provides details. ​ The main advantage of the PTW approach is that very few data packets are required to crack the WEP key.  The second method is the FMS/KoreK method. ​ The FMS/KoreK method incorporates various statistical attacks to discover the WEP key and uses these in combination with brute forcing.+Aircrack-ng can recover the WEP key once enough encrypted packets have been captured with [[airodump-ng]]. This part of the aircrack-ng suite determines the WEP key using two fundamental methods. ​ The first method is via the PTW approach (Pyshkin, Tews, Weinmann). ​ The default cracking method is PTW.  This is done in two phases. ​ In the first phase, aircrack-ng only uses ARP packets. ​ If the key is not found, then it uses all the packets in the capture. ​ Please remember that not all packets can be used for the PTW method. ​ This [[supported_packets|Tutorial:​ Packets Supported for the PTW Attack page]] provides details.  ​An important limitation is that the PTW attack currently can only crack 40 and 104 bit WEP keys. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key.  The second method is the FMS/KoreK method. ​ The FMS/KoreK method incorporates various statistical attacks to discover the WEP key and uses these in combination with brute forcing.
  
 Additionally,​ the program offers a dictionary method for determining the WEP key. Additionally,​ the program offers a dictionary method for determining the WEP key.
Line 24: Line 24:
 ==== How does it work? ==== ==== How does it work? ====
  
-The first method is the PTW method (Pyshkin, Tews, Weinmann). The PTW method is fully described in the paper found on  [[http://​www.cdc.informatik.tu-darmstadt.de/​aircrack-ptw/​|this web site]]. ​ In 2005, Andreas Klein presented another analysis of the RC4 stream cipher. Klein showed that there are more correlations between the RC4 keystream and the key than the ones found by Fluhrer, Mantin, and Shamir and these may be additionally used to break WEP.  The PTW method extends Klein'​s attack and optimizes it for usage against WEP.  It essentially uses enhanced FMS techniques described in the following section. ​ One particularly important constraint is that it only works with arp request/​reply packets and cannot be employed against other traffic.+The first method is the PTW method (Pychkine, Tews, Weinmann). The PTW method is fully described in the paper found on  [[http://​www.cdc.informatik.tu-darmstadt.de/​aircrack-ptw/​|this web site]]. ​ In 2005, Andreas Klein presented another analysis of the RC4 stream cipher. Klein showed that there are more correlations between the RC4 keystream and the key than the ones found by Fluhrer, Mantin, and Shamir and these may be additionally used to break WEP.  The PTW method extends Klein'​s attack and optimizes it for usage against WEP.  It essentially uses enhanced FMS techniques described in the following section. ​ One particularly important constraint is that it only works with arp request/​reply packets and cannot be employed against other traffic.
  
 The second method is the FMS/Korek method which incorporates multiple techniques. ​ The  [[links#​technique_papers|Techniques Papers]] on the links page lists many papers which describe these techniques in more detail and the mathematics behind them. The second method is the FMS/Korek method which incorporates multiple techniques. ​ The  [[links#​technique_papers|Techniques Papers]] on the links page lists many papers which describe these techniques in more detail and the mathematics behind them.
Line 85: Line 85:
   aircrack-ng [options] <capture file(s)>   aircrack-ng [options] <capture file(s)>
  
-You can specify multiple input files (either in .cap or .ivs format). Also, you can run both [[airodump-ng]] and aircrack-ng at the same time: aircrack-ng will auto-update when new IVs are available.+You can specify multiple input files (either in .cap or .ivs format) ​or use file name wildcarding See [[aircrack-ng#​other_tips|Other Tips]] for examples.  ​Also, you can run both [[airodump-ng]] and aircrack-ng at the same time: aircrack-ng will auto-update when new IVs are available.
  
 Here's a summary of all available options: Here's a summary of all available options:
Line 91: Line 91:
 ^Option^Param.^Description^ ^Option^Param.^Description^
 |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/​WPA2-PSK).| |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/​WPA2-PSK).|
-|-b|bssid|Long version --bssid. Select the target network based on the access point'​s MAC address.|+|-b|bssid|Long version - -bssid. Select the target network based on the access point'​s MAC address.|
 |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/​WPA2-PSK cracking if the ESSID is not broadcasted (hidden).| |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/​WPA2-PSK cracking if the ESSID is not broadcasted (hidden).|
 |-p|nbcpu|On SMP systems: # of CPU to use.  This option is invalid on non-SMP systems.| |-p|nbcpu|On SMP systems: # of CPU to use.  This option is invalid on non-SMP systems.|
Line 104: Line 104:
 |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.| |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.|
 |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.| |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.|
-|-H|//​none//​|Long version --help. ​ Output help information.| +|-H|//​none//​|Long version - -help. ​ Output help information.| 
-|-l|file name|(Lowercase L, ell) logs the key to the file specified.| +|-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists.| 
-|-K|//​none//​|Invokes the Korek WEP cracking method.|+|-K|//​none//​|Invokes the Korek WEP cracking method. ​(Default in v0.x)|
 |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.| |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.|
 |-p|threads|Allow the number of threads for cracking even if you have a non-SMP computer.| |-p|threads|Allow the number of threads for cracking even if you have a non-SMP computer.|
-|-r|database|Utilizes a database generated by airolib-ng as input to determine the WEP key.  Outputs an error message if aircrack-ng has not been compiled with sqlite support.|+|-r|database|Utilizes a database generated by airolib-ng as input to determine the WPA key.  Outputs an error message if aircrack-ng has not been compiled with sqlite support.|
 |-x/​-x0|//​none//​|(WEP cracking) Disable last keybytes brutforce.| |-x/​-x0|//​none//​|(WEP cracking) Disable last keybytes brutforce.|
 |-x1|//​none//​|(WEP cracking) Enable last keybyte bruteforcing (default).| |-x1|//​none//​|(WEP cracking) Enable last keybyte bruteforcing (default).|
Line 115: Line 115:
 |-X|//​none//​|(WEP cracking) Disable bruteforce multithreading (SMP only).| |-X|//​none//​|(WEP cracking) Disable bruteforce multithreading (SMP only).|
 |-y|//​none//​|(WEP cracking) Experimental single bruteforce attack which should only be used when the standard attack mode fails with more than one million IVs| |-y|//​none//​|(WEP cracking) Experimental single bruteforce attack which should only be used when the standard attack mode fails with more than one million IVs|
-|-u|//​none//​|Long form --cpu-detect. ​ Provide information on the number of CPUs and MMX support. ​ Example responses to "​aircrack-ng --cpu-detect"​ are "Nb CPU detected: 2" or "Nb CPU detected: 1  (MMX available)"​.|+|-u|//​none//​|Long form - -cpu-detect. ​ Provide information on the number of CPUs and MMX support. ​ Example responses to "​aircrack-ng - -cpu-detect"​ are "Nb CPU detected: 2" or "Nb CPU detected: 1  (MMX available)"​.|
 |-w|words|(WPA cracking) Path to a wordlist or "​-"​ without the quotes for standard in (stdin).| |-w|words|(WPA cracking) Path to a wordlist or "​-"​ without the quotes for standard in (stdin).|
-|-z|//​none//​|Invokes the PTW WEP cracking method.| +|-z|//​none//​|Invokes the PTW WEP cracking method. ​(Default in v1.x)
-|-P|//​none//​|Long version --ptw-debug. ​ Invokes the PTW debug mode.| +|-P|//​none//​|Long version - -ptw-debug. ​ Invokes the PTW debug mode.| 
-|-C|MACs|Long version --combine. ​ Merge the given APs to a virtual one.| +|-C|MACs|Long version - -combine. ​ Merge the given APs to a virtual one.| 
-|-D|//​none//​|Long version --wep-decloak. ​ Run in WEP decloak mode.| +|-D|//​none//​|Long version - -wep-decloak. ​ Run in WEP decloak mode.| 
-|-V|//​none//​|Long version --visual-inspection. ​ Run in visual inspection mode.| +|-V|//​none//​|Long version - -visual-inspection. ​ Run in visual inspection mode.| 
-|-1|//​none//​|Long version --oneshot. ​ Run in oneshot mode.| +|-1|//​none//​|Long version - -oneshot. ​ Run in oneshot mode.| 
- +|-S|//​none//​|WPA cracking speed test.| 
 +|-s|//​none//​|Show the key in ASCII while cracking| 
 +|-E|file>​|(WPA cracking) Create EWSA Project file v3| 
 +|-J|file|(WPA cracking) Create Hashcat Capture file|
 ===== Usage Examples ===== ===== Usage Examples =====
 ==== WEP ==== ==== WEP ====
Line 218: Line 220:
         Probability:​ 100%         Probability:​ 100%
  
-Lets look at a PTW attack example. ​ Remember that this method requires arp request/​reply packets as input. It must be the full packet and not just the IVs, meaning that the "- - ivs" option cannot be used when running airodump-ng. As well, it only works for 64 and 128 bit WEP encryption.+Lets look at a PTW attack example. ​ Remember that this method requires arp request/​reply packets as input. It must be the full packet and not just the IVs, meaning that the "-''''​- ivs" option cannot be used when running airodump-ng. As well, it only works for 64 and 128 bit WEP encryption.
  
 Enter the following command: Enter the following command:
Line 225: Line 227:
  
 Where: Where:
-  * -z means use the PTW methodology to crack the wep key.+  * -z means use the PTW methodology to crack the wep key. //Note:// in v1.x, this is the default attack mode; use -K to revert to Korek.
   * ptw*.cap are the capture files to use.   * ptw*.cap are the capture files to use.
  
Line 302: Line 304:
 ===== Usage Tips ===== ===== Usage Tips =====
 ==== General approach to cracking WEP keys ==== ==== General approach to cracking WEP keys ====
 +
 +//FIXME This needs updating for v1.x!//
  
 Clearly, the simplest approach is just to enter "​aircrack-ng captured-data.cap"​ and let it go.  Having said that, there are some techniques to improve your chances of finding the WEP key quickly. ​ There is no single magic set of steps. ​ The following describes some approaches which tend to  yield the key faster. ​ Unless you are comfortable with experimentation,​ leave well enough alone and stick to the simple approach. Clearly, the simplest approach is just to enter "​aircrack-ng captured-data.cap"​ and let it go.  Having said that, there are some techniques to improve your chances of finding the WEP key quickly. ​ There is no single magic set of steps. ​ The following describes some approaches which tend to  yield the key faster. ​ Unless you are comfortable with experimentation,​ leave well enough alone and stick to the simple approach.
  
-If you are capturing arp request/​reply packets, then the fastest approach is to use "​aircrack-ng -z <data packet capture files>"​. ​ You can then skip the balance of this section since it will find the key very quickly assuming you have collected sufficient arp request/​reply packets!+If you are capturing arp request/​reply packets, then the fastest approach is to use "​aircrack-ng -z <data packet capture files>"​. ​ You can then skip the balance of this section since it will find the key very quickly assuming you have collected sufficient arp request/​reply packets! ​//NOTE:// -z is the default attack mode in aircrack-ng v1.x; use -K to revert to the attack mode used in previous versions.
  
 The overriding technique is capture as much data as possible. ​ That is the single most important task.  The number of initialization vectors (IVs) that you need to determine the WEP key varies dramatically by key length and access point. ​ Typically you need 250,000 or more unique IVs for 64 bit keys and 1.5 million or more for 128 bit keys.  Clearly a lot more for longer key bit lengths. ​ Then there is luck.  There will be times that the WEP key can be determined with as few as 50,000 IVs although this is rare.  Conversely, there will be times when you will need mulitple millions of IVs to crack the WEP key.  The number of IVs is extremely hard to predict since some access points are very good at eliminating IVs that lead the WEP key. The overriding technique is capture as much data as possible. ​ That is the single most important task.  The number of initialization vectors (IVs) that you need to determine the WEP key varies dramatically by key length and access point. ​ Typically you need 250,000 or more unique IVs for 64 bit keys and 1.5 million or more for 128 bit keys.  Clearly a lot more for longer key bit lengths. ​ Then there is luck.  There will be times that the WEP key can be determined with as few as 50,000 IVs although this is rare.  Conversely, there will be times when you will need mulitple millions of IVs to crack the WEP key.  The number of IVs is extremely hard to predict since some access points are very good at eliminating IVs that lead the WEP key.
Line 395: Line 399:
 Although it is not part of aircrack-ng,​ it is worth mentioning an interesting piece of work is by SuD.  It is basically a wep hex dictionary already prepared and the program to run it: Although it is not part of aircrack-ng,​ it is worth mentioning an interesting piece of work is by SuD.  It is basically a wep hex dictionary already prepared and the program to run it:
  
-   ​http://​tv.latinsud.com/​wepdict/​+   ​http://​www.latinsud.com/pub/wepdict/ 
 + 
 + 
 +==== Tools to split capture files ==== 
 + 
 +There are times when you want to split capture files into smaller pieces. ​ For example, files with a large number of IVs can sometimes cause the PTW attack to fail.  In this case, it is worth splitting the file into smaller pieces and retrying the PTW attack. 
 + 
 +So here are two tools to split capture files: 
 + 
 +  * http://​www.badpenguin.co.uk/​files/​pcap-util 
 +  * http://​www.badpenguin.co.uk/​files/​pcap-util2 
 + 
 +Another technique is to use Wireshark / tshark. ​ You can mark packets then same them to a separate file. 
 + 
 + 
 +==== How to extract WPA handshake from large capture files ==== 
 + 
 +Sometimes you have a very large capture file and would like to extract the WPA/WPA2 handshake packets from it to a separate file.  The can be done with "​tshark"​ which is a command line version of the Wireshark suite. ​ Installing the linux version of the [[http://​www.wireshark.org|Wireshark suite]] on your system should also install tshark. 
 + 
 +The following command will extract all handshake and beacon packets from your pcap capture file and create a separate file with just those packets: 
 + 
 +   ​tshark -r <input file name> -R "eapol || wlan.fc.type_subtype == 0x08" -w <output file name> 
 + 
 +Remember you must use a pcap file as input, not an IVs file.
  
 ==== Other Tips ==== ==== Other Tips ====
Line 459: Line 486:
 So just use -e "<​REAL_ESSID>"​ instead of -e ""​ and aircrack-ng should find the passphrase. So just use -e "<​REAL_ESSID>"​ instead of -e ""​ and aircrack-ng should find the passphrase.
  
- 
- 
-You have successfully captured a handshake then when you run aircrack-ng,​ you get similar output: 
- 
-   ​Opening wpa.cap 
-   Read 4 packets. 
-    
-            #     ​BSSID ​                     ESSID                   ​ENCRYPTION 
-            1     ​00:​13:​10:​F1:​15:​86 ​                               WPA (1) handshake 
-   ​Choosing first network as target. 
-    
-   An ESSID is required. Try option -e. 
- 
-Solution: You need to specify the real essid, otherwise the key cannot be calculated, as the essid is used as salt when generating the pairwise master key (PMK) out of the pre-shared key (PSK). 
- 
-So just use -e "<​REAL_ESSID>"​ instead of -e ""​ and aircrack-ng should find the passphrase. 
  
 ==== The PTW method does not work ==== ==== The PTW method does not work ====
  
-One particularly important constraint is that it only works against arp request/​reply packets. ​ It cannot be used against any other data packets. ​ So even if your data capture file contains a large number of data packets, if there insufficient arp request/​reply packets, it will not work.  Using this technique, 64-bit WEP can be cracked with as few as 20,000 data packets and 128-bit WEP with 40,000 data packets. ​ As well, it requires the full packet to be captured. ​ Meaning you cannot use the "- - ivs" option when running airodump-ng. ​ It also only works for 64 and 128 bit WEP encryption.+One particularly important constraint is that it only works against arp request/​reply packets. ​ It cannot be used against any other data packets. ​ So even if your data capture file contains a large number of data packets, if there insufficient arp request/​reply packets, it will not work.  Using this technique, 64-bit WEP can be cracked with as few as 20,000 data packets and 128-bit WEP with 40,000 data packets. ​ As well, it requires the full packet to be captured. ​ Meaning you cannot use the "-''''​- ivs" option when running airodump-ng. ​ It also only works for 64 and 128 bit WEP encryption.
  
-==== Error message "fixed channel" ====+==== Error message "read(file header) failed: Success" ====
  
-Notice ​the message "fixed channel wlan08" ​on the first line below on the right-hand side It references channel 8 but the channel on the left says 9.+If you get the error message ​"read(file header) failedSuccess" ​or similar when running aircrack-ng, there is likely an input file with zero (0) bytesThe input file could be a .cap or .ivs file.
  
-   ​CH ​ 9 ][ Elapsed28 s ][ 2007-09-03 13:23 ][ fixed channel wlan0: 8                                          +This is most likely to happen with wildcard input of many files such as:
-                                                                                                                  +
-    BSSID              PWR RXQ  Beacons ​   #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID +
-                                                                                                                  +
-    00:​14:​6C:​7E:​40:​80 ​  ​64 ​ 73      208        0    0   ​9 ​ 11  WEP  WEP         ​teddy ​                            +
-                                                                                                                  +
-    BSSID              STATION ​           PWR   ​Rate ​ Lost  Packets ​ Probes ​+
  
-In the case where you start airodump-ng with a fixed channel (not channel hopping) and then you or some process changes the wireless channel, then this message appears. ​ This will lead to problems since you are now on a different channel then what you want.+   ​aircrack-ng -z -b XX:​XX:​XX:​XX:​XX:​XX *.cap
  
-An example of starting airodump-ng on a fixed channel is as follows:+Simply delete the files with zero bytes and run the command again.
  
-   ​airodump-ng --channel 9 wlan0 or airodump-ng -c 9 wlan0 
  
-To resolve this, first identify what changed the wireless channel. ​ The most common problem is having one or more network connection managers running. ​ Be sure to stop all of them.  As well, you could have manually changed the channel with iwconfig, airodump-ng,​ etc.+==== WPA/WPA2 Handshake Analysis Fails ====
  
-Once the problem has been resolved, reset the channel ​to the correct one and restart airodump-ng.+Capturing WPA/WPA2 handshakes can be very tricky. ​ A capture file may end up containing a subset of packets from various handshake attempts and/or handshakes from more then one client. ​ Currently aircrack-ng can sometimes fail to parse out the handshake properly. ​ What this means is that aircrack-ng will fail to find a handshake in the capture file even though one exists.
  
-==== Error message "read(file header) failed: Success"​ ====+If you are sure your capture ​file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets.
  
-If you get the error message - "​read(file header) failedSuccess"​ or similar when running ​aircrack-ng, there is likely an input file with zero (0) bytes. The input file could be a .cap or .ivs file.+There is an open [[https://​github.com/​aircrack-ng/​aircrack-ng/​issues/​651|GitHub issue]] to correct this incorrect behavior.
  
-This is most likely to happen with wildcard input of many files such as: 
- 
-   ​aircrack-ng -z -b XX:​XX:​XX:​XX:​XX:​XX *.cap 
- 
-Simply delete the files with zero bytes and run the command again. 
aircrack-ng.1255027668.txt.gz · Last modified: 2009/10/08 20:47 by darkaudax