Commit d0aabea4 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 1.1

parents
Thomas d'Otreppe <tdotreppe@aircrack-ng.org>
\ No newline at end of file
This diff is collapsed.
=== Requirements ===
* OpenSSL development package
* If you want to use airolib-ng and '-r' option in aircrack-ng,
SQLite development package >= 3.3.17 (3.6.X version or better is recommended):
- libsqlite3-devel
* On windows, cygwin has to be used and it also requires w32api and gcc-4 package.
* If you want to use Airpcap, the 'developer' directory from the CD is required.
=== Compilating ===
* Compilation:
make
* Strip debugging symbols:
make strip
* Installing:
make install
* Uninstall:
make uninstall
==== Makefile flags ====
When compile and installing, the following flags can be used and combined
to compile and install the suite:
* sqlite: needed to compile airolib-ng and add support for airolib-ng
databases in aircrack-ng.
On cygwin: SQLite has to be compiled manually. See next section.
* airpcap: needed for supporting airpcap devices on windows (cygwin only)
REQUIREMENT: Copy 'developers' directory from Airpcap CD one
level below this INSTALLING file
Note: Not working yet.
* unstable: needed to compile tkiptun-ng, easside-ng (and buddy-ng) and
wesside-ng
Example:
* Compiling:
make sqlite=true unstable=true
* Installing:
make sqlite=true unstable=true install
=== Using precompiled binaries ===
Linux/BSD:
* Use your package manager to download aircrack-ng
* In most cases, they have an old version.
Windows:
* Install the appropriate "monitor" driver for your card (standard drivers doesn't work for capturing data).
* aircrack-ng suite is command line tools. So, you have to open a commandline
(Start menu -> Run... -> cmd.exe) then use them
* Run the executables without any parameters to have help
This diff is collapsed.
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
need := 3.81
ok := $(filter $(need),$(firstword $(sort $(MAKE_VERSION) \
$(need))))
ifndef ok
$(error fatal error... Need make $(need) but using $(MAKE_VERSION), please upgrade)
endif
AC_ROOT = .
include $(AC_ROOT)/common.mak
DOCFILES = ChangeLog INSTALLING README LICENSE AUTHORS VERSION
default: all
all:
$(MAKE) -C src $(@)
aircrack-ng-opt-prof_gen: all
mkdir -p prof
$(MAKE) -C src $(@)
aircrack-ng-opt-prof_use:
$(MAKE) -C src $(@)
install:
$(MAKE) -C src $(@)
$(MAKE) -C scripts $(@)
$(MAKE) -C manpages $(@)
@echo " "
@echo "[*] Run 'airodump-ng-oui-update' as root (or with sudo) to install or update Airodump-ng OUI file (Internet connection required)."
uninstall:
$(MAKE) -C src $(@)
-rm -fr $(DESTDIR)$(docdir)
$(MAKE) -C manpages $(@)
$(MAKE) -C scripts $(@)
strip:
$(MAKE) -C src $(@)
doc:
install -d $(DESTDIR)$(docdir)
install -m 644 $(DOCFILES) $(DESTDIR)$(docdir)
clean:
$(MAKE) -C src $(@)
distclean: clean
check:
$(MAKE) -C src $(@)
Documentation, tutorials, ... can be found on http://www.aircrack-ng.org
See also manpages and the forum.
Installing
==========
This version now requires more libraries than 0.X versions to be compiled.
See INSTALLING file for more information
OpenWrt Devices
===============
You can use airodump-ng on OpenWrt devices. You'll have to use specify
prism0 as interface. Airodump-ng will automatically create it.
Rq: Aireplay DOESN'T work on OpenWrt (2.4 kernel) with broadcom chipset since the driver doesn't support injection. It *may* work with 2.6 kernels >= 2.6.24 (kamikaze 8.09+ custom-built).
Known bugs:
===========
Drivers
-------
Madwifi-ng
----------
The cause of most of these problems (1, 2 and 3) is that Madwifi-ng cannot easily change the rate in monitor mode.
Technically, when changing rate while in monitor mode, the raw socket gets invalidated and we have to get it again.
Madwifi-ng is getting replaced by several drivers: ath5k, ath9k and ar9170.
Problem 1: No client can associate to an airbase soft AP.
Solution 1: None at this time.
Problem 2: When changing rate while you are capturing packet makes airodump-ng stall
Solution 2: Restart airodump-ng or change rate before starting it.
Problem 3: After some time it stops capturing packets and you're really sure no network manager are running at all.
Solution 3: That's a known bug in the driver, it may happen at any time (the time before it fails can vary a lot:
from 5 minutes to 50 or even more). Try (as root) unloading completely the driver with 'madwifi-unload'
and then run 'modprobe ath_pci autocreate=monitor'.
Problem 4: When creating a new VAP airodump-ng takes up to 10-15 seconds to see the first packet
Solution 4: It's the behaviour of madwifi-ng, don't worry (... be happy ;)).
Orinoco
-------
Problem: BSSID is not reported correctly or is 00:00:00:00:00:00 or signal is not reported correctly.
Solution: None. Consider replacing your card, orinoco is really really old.
Aircrack-ng
-----------
Aireplay-ng
-----------
Problem: Fakeauth on a WRT54G with WEP (shared authentication) doesn't work.
Solution: None at this time (we'll try to fix it for next release).
Airolib-ng
----------
Problem: On windows only, opening/creating a database doesn't work when airolib-ng is in directories containing
special characters like 'ç', 'é', 'è', 'à', ... (directories containing spaces are not affected).
Reason: It's a SQLite issue.
Solution: Rename the directory or move the database into another directory.
Airbase-ng
----------
Problem: SSID are not displayed correctly (when scanning for networks) when using airbase-ng with r8187 driver.
Reason: Beacons are truncated (the beginning is missing) when sent in the air.
Solution: None at this time (we'll try to fix it for next release)
Airodump-ng
-----------
Problem: Airodump-ng stop working after some time.
Solution 1: You may have a network manager running that puts back the card in managed mode.
You'll have to disable it (the fastest solution is killing the process) then restart airodump-ng.
Solution 2: See Problem 3 of Madwifi-ng.
Problem: On windows, it doesn't display a list of adapters like the old 0.X
Solution: It requires you to develop your own DLL.
Aircrack-ng
-----------
Problem: Aircrack-ng can't use dictionnaries/wordlists bigger than 2GB
Solution: Split your files. Cleaning can also help because WPA only use passphrases of 8 to 63 characters.
Sample files
============
wep.open.system.authentication.cap:
It show a connexion (authentication then association) to a WEP network (open authentication).
wep.shared.key.authentication.cap:
It shows a connexion (authentication then association to a WEP network (shared authentication).
The difference with open authentication is that the client has to encrypt a challenge text
and send it back (encrypted) to the AP to prove it has the right key.
wpa.cap:
This is a sample file with a WPA handshake. It is located in the test/ directory of the install files.
The passphrase is 'biscotte'. Use the password file (password.lst) which is in the same directory.
wpa2.eapol.cap:
This is a sample file with a WPA2 handshake.
It is located in the test/ directory of the install files.
The passphrase is '12345678'. Use the password file (password.lst) which is in the same directory.
test.ivs (http://download.aircrack-ng.org/wiki-files/other/test.ivs):
This is a 128 bit WEP key file.
The key is AE:5B:7F:3A:03:D0:AF:9B:F6:8D:A5:E2:C7.
ptw.cap (http://dl.aircrack-ng.org/ptw.cap):
This is a 64 bit WEP key file suitable for the PTW method.
The key is '1F:1F:1F:1F:1F'.
password.lst
This is a sample wordlist for WPA key cracking. More wordlists can be found at
http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists
password.db
This is a sample airolib-ng database for WPA key cracking.
1.1
\ No newline at end of file
ifndef TOOL_PREFIX
TOOL_PREFIX =
endif
ifndef OSNAME
OSNAME = $(shell uname -s | sed -e 's/.*CYGWIN.*/cygwin/g')
endif
ifndef SQLITE
SQLITE = false
endif
ifndef LIBAIRPCAP
LIBAIRPCAP =
endif
ifeq ($(OSNAME), cygwin)
EXE = .exe
PIC =
SQLITE = false
else
EXE =
PIC = -fPIC
ifndef SQLITE
SQLITE = true
endif
endif
COMMON_CFLAGS =
ifeq ($(OSNAME), cygwin)
COMMON_CFLAGS += -DCYGWIN
endif
ifeq ($(SQLITE), true)
COMMON_CFLAGS += -I/usr/local/include -DHAVE_SQLITE
else
ifeq ($(sqlite), true)
COMMON_CFLAGS += -I/usr/local/include -DHAVE_SQLITE
else
ifeq ($(SQLITE), TRUE)
COMMON_CFLAGS += -I/usr/local/include -DHAVE_SQLITE
else
ifeq ($(sqlite), TRUE)
COMMON_CFLAGS += -I/usr/local/include -DHAVE_SQLITE
endif
endif
endif
endif
ifeq ($(airpcap), true)
AIRPCAP = true
endif
ifeq ($(AIRPCAP), true)
LIBAIRPCAP = -DHAVE_AIRPCAP -I$(AC_ROOT)/../developers/Airpcap_Devpack/include
endif
ifeq ($(OSNAME), cygwin)
CC = $(TOOL_PREFIX)gcc-4
else
CC = $(TOOL_PREFIX)gcc
endif
RANLIB = $(TOOL_PREFIX)ranlib
AR = $(TOOL_PREFIX)ar
REVISION = $(shell $(AC_ROOT)/evalrev)
REVFLAGS = -D_REVISION=$(REVISION)
OPTFLAGS = -D_FILE_OFFSET_BITS=64
CFLAGS ?= -g -W -Wall -Werror -O3
CFLAGS += $(OPTFLAGS) $(REVFLAGS) $(COMMON_CFLAGS)
prefix = /usr/local
bindir = $(prefix)/bin
sbindir = $(prefix)/sbin
mandir = $(prefix)/man/man1
datadir = $(prefix)/share
docdir = $(datadir)/doc/aircrack-ng
libdir = $(prefix)/lib
etcdir = $(prefix)/etc/aircrack-ng
\ No newline at end of file
#!/bin/sh
if [ ! -d ".svn/" ]
then
echo "0"
exit ;
fi
REVISION="`svnversion 2> /dev/null | sed 's/[^0-9]*//g'`"
if [ x$REVISION = "x" ]
then
REVISION="`svn info 2> /dev/null | grep -i revision | sed 's/[^0-9]*//g'`"
fi
if [ x$REVISION = "x" ]
then
if [ -f ".svn/entries" ]
then
REVISION="`cat .svn/entries | grep -i revision | head -n 1 | sed 's/[^0-9]*//g'`"
fi
fi
if [ x$REVISION = "x" ]
then
REVISION="-1"
fi
echo $REVISION
AC_ROOT = ..
include $(AC_ROOT)/common.mak
MP_FILES = aircrack-ng.1 airdecap-ng.1 airdriver-ng.1 aireplay-ng.1 \
airmon-ng.1 airodump-ng.1 airserv-ng.1 airtun-ng.1 \
ivstools.1 kstats.1 makeivs-ng.1 airbase-ng.1 \
packetforge-ng.1 airdecloak-ng.1
ifeq ($(SQLITE), true)
MP_FILES += airolib-ng.1
else
ifeq ($(sqlite), true)
MP_FILES += airolib-ng.1
else
ifeq ($(SQLITE), TRUE)
MP_FILES += airolib-ng.1
else
ifeq ($(sqlite), TRUE)
MP_FILES += airolib-ng.1
endif
endif
endif
endif
ifeq ($(UNSTABLE), true)
MP_FILES += wesside-ng.1 tkiptun-ng.1 buddy-ng.1 easside-ng.1
else
ifeq ($(unstable), true)
MP_FILES += wesside-ng.1 tkiptun-ng.1 buddy-ng.1 easside-ng.1
else
ifeq ($(UNSTABLE), TRUE)
MP_FILES += wesside-ng.1 tkiptun-ng.1 buddy-ng.1 easside-ng.1
else
ifeq ($(unstable), TRUE)
MP_FILES += wesside-ng.1 tkiptun-ng.1 buddy-ng.1 easside-ng.1
endif
endif
endif
endif
default: all
all:
@echo Nothing to do
install: uninstall
install -d $(DESTDIR)$(mandir)
install -m 644 $(MP_FILES) $(DESTDIR)$(mandir)
uninstall:
@-$(foreach CUR_MP,$(MP_FILES), rm -f $(DESTDIR)$(mandir)/$(CUR_MP); echo rm -f $(DESTDIR)$(mandir)/$(CUR_MP); )
-rm -f $(DESTDIR)$(mandir)/airolib-ng.1
-rm -f $(DESTDIR)$(mandir)/wesside-ng.1
-rm -f $(DESTDIR)$(mandir)/tkiptun-ng.1
-rm -f $(DESTDIR)$(mandir)/buddy-ng.1
-rm -f $(DESTDIR)$(mandir)/easside-ng.1
This diff is collapsed.
.TH AIRCRACK-NG 1 "April 2010" "Version 1.1"
.SH NAME
aircrack-ng - a 802.11 WEP / WPA-PSK key cracker
.SH SYNOPSIS
.B aircrack-ng
[options] <.cap / .ivs file(s)>
.SH DESCRIPTION
.BI aircrack-ng
is an 802.11 WEP and WPA/WPA2-PSK key cracking program.
.br
It can recover the WEP key once enough encrypted packets have been captured with airodump-ng. This part of the aircrack-ng suite determines the WEP key using two fundamental methods. The first method is via the PTW approach (Pyshkin, Tews, Weinmann). The main advantage of the PTW approach is that very few data packets are required to crack the WEP key. The second method is the FMS/KoreK method. The FMS/KoreK method incorporates various statistical attacks to discover the WEP key and uses these in combination with brute forcing.
.br
Additionally, the program offers a dictionary method for determining the WEP key. For cracking WPA/WPA2 pre-shared keys, a wordlist (file or stdin) or an airolib-ng has to be used.
.SH OPTIONS
.TP
.I -H, --help
Shows the help screen.
.PP
.TP
.B Common options:
.TP
.I -a <amode>
Force the attack mode, 1 or wep for WEP and 2 or wpa for WPA-PSK.
.TP
.I -e <essid>
Select the target network based on the ESSID. This option is also required for WPA cracking if the SSID is cloacked. For SSID containing special characters, see http://www.aircrack-ng.org/doku.php?id=faq#how_to_use_spaces_double_quote_and_single_quote_etc._in_ap_names
.TP
.I -b <bssid>
Select the target network based on the access point MAC address.
.TP
.I -p <nbcpu>
Set this option to the number of CPUs to use (only available on SMP systems). By default, it uses all available CPUs
.TP
.I -q
If set, no status information is displayed.
.TP
.I -C <macs>
Merges all those APs MAC (separated by a comma) into a virtual one.
.TP
.I -l <file>
Write the key into a file.
.PP
.TP
.B Static WEP cracking options:
.TP
.I -c
Search alpha-numeric characters only.
.TP
.I -t
Search binary coded decimal characters only.
.TP
.I -h
Search the numeric key for Fritz!BOX
.TP
.I -d <mask>
Specify mask of the key. For example: A1:XX:CF
.TP
.I -m <maddr>
Only keep the IVs coming from packets that match this MAC address. Alternatively, use \-m ff:ff:ff:ff:ff:ff to use all and every IVs, regardless of the network (this disables ESSID and BSSID filtering).
.TP
.I -n <nbits>
Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc., until 512 bits of length. The default value is 128.
.TP
.I -i <index>
Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index in the packet, and use the IV regardless.
.TP
.I -f <fudge>
By default, this parameter is set to 2. Use a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelihood of success.
.TP
.I -k <korek>
There are 17 KoreK attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try \-k 1, \-k 2, ... \-k 17 to disable each attack selectively.
.TP
.I -x or -x0
Disable last keybytes bruteforce (not advised).
.TP
.I -x1
Enable last keybyte bruteforcing (default)
.TP
.I -x2
Enable last two keybytes bruteforcing.
.TP
.I -X
Disable bruteforce multithreading (SMP only).
.TP
.I -s
Shows ASCII version of the key at the right of the screen.
.TP
.I -y
This is an experimental single brute-force attack which should only be used when the standard attack mode fails with more than one million IVs.
.TP
.I -z
Uses PTW (Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann) attack (default attack).
.TP
.I -P <num>
PTW debug: 1 Disable klein, 2 PTW.
.TP
.I -K
Use KoreK attacks instead of PTW.
.TP
.I -D
WEP decloak mode.
.TP
.I -1
Run only 1 try to crack key with PTW.
.TP
.I -M <num>
Specify maximum number of IVs to use.
.PP