Differences

This shows you the differences between two versions of the page.

--- airdecloak-ng [2008/11/15 00:10] – mister_x
+++ airdecloak-ng [2023/01/17 09:58] (current) – [Options] add note about typo in --disable-base_filter gemesa
@@ Line 13: / Line 13: @@
 ===== Usage =====
-  Airdecloak-ng 1.0 rc1 r1193 - (C) 2008 Thomas d'Otreppe
+  Airdecloak-ng 1.7  - (C) 2008-2022 Thomas d'Otreppe
-  http://www.aircrack-ng.org
+  https://www.aircrack-ng.org
   usage: airdecloak-ng [options]
@@ Line 27: / Line 27: @@
    Optional:
+     -o <file>             : Output packets (valid) file (default: <src>-filtered.pcap)
+     -c <file>             : Output packets (cloaked) file (default: <src>-cloaked.pcap)
+     -u <file>             : Output packets (unknown/ignored) file (default: invalid_status.pcap)
      --filters <filters>   : Apply filters (separated by a comma). Filters:
            signal:               Try to filter based on signal.
@@ Line 47: / Line 50: @@
      --help                : Displays this usage screen
 ==== Options ====
-^Option^Explanation|
+^Option^Param.^Description|
-|-i <input file>|Path to the capture file.|
+|-i|input file|Path to the capture file.|
-|--bssid <BSSID>|BSSID of the network to filter.|
+|--bssid|BSSID|BSSID of the network to filter.|
-|--ssid <ESSID>|ESSID of the network to filter (not yet implemented).|
+|--ssid|ESSID|ESSID of the network to filter (not yet implemented).|
-|--filters <filters>|Apply theses filters in this specific order. They have to be separated by a ','. \\ **Example**: --filters signal,consecutive_sn|
+|--filters|filters|Apply theses filters in this specific order. They have to be separated by a ','. \\ **Example**: --filters signal,consecutive_sn|
-|--null-packets|Assume that null packets can be cloaked (not yet implemented).|
+|--null-packets|-|Assume that null packets can be cloaked (not yet implemented).|
-|--disable-base_filter|Disable the base filter.|
+|--disable-base_filter|-|Disable the base filter. (Note: there is a typo in the usage info, the correct option is: --disable-base-filter)|
-|--drop-frag|Drop all fragmented packets. In most networks, fragmentation is not needed.|
+|--drop-frag|-|Drop all fragmented packets. In most networks, fragmentation is not needed.|
 ==== Tests ====
@@ Line 63: / Line 68: @@
 === Capturing traffic ===
-Destroy all VAP
+Destroy all VAP (only needed for madwifi-ng):
   airmon-ng stop ath0
@@ Line 81: / Line 86: @@
 === Trying to crack the WEP key ===
-  aircrack-ng.exe wep_cloaking_full_speed_dl.pcap -b 00:12:BF:12:32:29 -K -n 64 -d 1F:1F:1F
+  aircrack-ng wep_cloaking_full_speed_dl.pcap -b 00:12:BF:12:32:29 -K -n 64 -d 1F:1F:1F
 {{http://www.aircrack-ng.org/wep_cloaking/crack_without_filter.jpg}}
@@ Line 196: / Line 201: @@
 === Timing ===
-The time needed to receive a cloaked frame could be analysed; compared to its uncloaked equivalent since the sensor receive the real frame then forge a wep cloaked frame with the informations of the real one.
+The time needed to receive a cloaked frame could be analyzed; compared to its uncloaked equivalent since the sensor receives the real frame then forge a wep cloaked frame with the informations of the real one.
 For this, 2 packets are needed (one real and one cloaked) and we have to make sure the "cloaking" status of both packets is accurate (and that the cloaked packet is forged against the real one we have).
@@ Line 226: / Line 231: @@
 {{http://www.aircrack-ng.org/wep_cloaking/low_traffic.jpg}}
-There's a few possibilites to filter out the cloaked packet for 7509/7510:
+There are a few possibilities to filter out the cloaked packet for 7509/7510:
 - both packets can be discarded since they have the same sequence number.
 - use signal/timing to find the cloaked packet.
-For packet 7538/7539, it will be easier, it's easy to find out which one is cloaked, a beacon has the same sequence number as packet 7539; 7539 is cloaked:
+For packet 7538/7539, it will be easier, it's easy to find out which one is cloaked, a beacon has the same sequence numbers as packet 7539; 7539 is cloaked:
@@ Line 246: / Line 251: @@
 ... so other ways have to be used. Beacon will still be used but in another way: since 1319 is a valid sequence number, the previous (1318) and the next (1320) sequence numbers of valid packets are known. It's getting more complicated, these sequence number are both used more than once ;) \\
-Since it is known that wep cloaking copy the attributes (including frame size) of its equivalent real frame, wep cloaked packets can be easily found:
+Since it is known that wep cloaking copies the attributes (including frame size) of its equivalent real frame, wep cloaked packets can be easily found:
 ^Position^Uncloaked^Cloaked^Frame size^Reason|
@@ Line 316: / Line 321: @@
 Remove all duplicate sequence numbers for both the AP and the client (that are close to each other).
-Basically it apply ''duplicate_sn_ap'' and ''duplicate_sn_client'' filters
+Basically it applies ''duplicate_sn_ap'' and ''duplicate_sn_client'' filters
 == consecutive_sn ==
@@ Line 362: / Line 367: @@
 ===== Thanks =====
-Thanks to Alex Hernandez aka alt3kx from [[http://sybsecurity.com|sybsecurity.com]] for the hardware
+Thanks to Alex Hernandez aka alt3kx from [[http://sybsecurity.com|sybsecurity.com]] for the hardware.