Tuesday, May 10, 2022

Aircrack-ng 1.7

TL;DR: Downloads over here.

We broke the 4000 commits barrier.

After more than 2 years and more than 400 commits since 1.6, we are making a release with a decently large amount of fixes, improvements, and additions. 

Noticeable changes and fixes are present in a number of tools: airodump-ng, aircrack-ng, airdecap-ng, airmon-ng, aireplay-ng, airgraph-ng, besside-ng. And also in osdep, our os-dependent interface for Wi-Fi capture and injection.

In airodump-ng, we fixed the blank encryption field when the AP uses TKIP, and in the command line, the encryption filter (-t/--encrypt) now has filters for WPA3 and OWE. It now allows the use of Wi-Fi 6E channels. It gets a number of smaller noticeable fixes. A check for discarding LLC NULL frames (to avoid polluting PCAP) which unintentionally dropped management with zeroed timestamps, is now resolved. Another fix is for a minor sorting issue, where when going through the different choices for sorting, it sometimes started with the second sorting option, instead of the first one. Finally, we fixed a crash on 4K linux console.

Aircrack-ng kept processing the wordlist until the end of the file, which is now fixed. It can detect Apple M1 CPUs. It sees a fix for WEP display, and one for spurious EXIT messages. It also gets a bunch of improvements with WPA (1/2/3) handshakes: we reworked replay counter logic, better/stricter handling of EAPOL timeouts, which will lead to better handshakes, as it will more accurately choose the frames of the handshake.

Airdecap-ng gets a few bug fixes for endianess issues, and it now outputs PCAP in little endian.

Airmon-ng sees a rewrite for stopping services, fixes killing avahi, and a bunch of smaller changes and improvements: codestyle, RPi detection, 8812au driver fixes, iwlwifi firmware information formatting, removal of broken KVM detection, shellcheck fixes, warning for broken radiotap headers (in kernel 5.15 to 5.15.4 included), and display of regulatory domain in verbose mode. Although Ubuntu 22.04 says it uses 5.15.0 with uname, it is actually more recent version (5.15.30 at the time of writing), and thus doesn't have the bug. It doesn't follow the Debian way for kernel versioning and you can check the actual version of the kernel in /proc/version_signature.

In aireplay-ng, we fixed incorrectly rewritten loops that affected fragmentation attack, and also when doing fake authentication against Shared Authentication (WEP). We also fixed a bunch of instances where packets incorrectly had their duration field updated instead of the sequence number. Test mode (-9/--test) now detects tampering of the sequence number by the driver/firmware.

Airgraph-ng was broken due to a package name conflict, which is now fixed, along with a fix for the OUI file download with Python 3.

Besside-ng now supports and detects all channels in 5GHz in Auto-Channel mode.

OSdep, our "OS dependent" interface used by all the tools doing capture or injection (such as airodump-ng or aireplay-ng), now searches additional Information Element (IE) in management frames for channel information, in case the usual ones are not present. This fixes failures with AP/clients in the 5GHz band for the most part. There is also a fix for Android.

On the less visible side, we get a number of improvements and fixes as well. We did code refactoring, deduplication, cleanup, code style fixes, as well as miscellaneous improvements. We also fixed a bunch of typos, spelling, and wording issues across the board. We fixed cross-compilation issues and compilation with GCC 10 and 11. We fixed a number of issues reported by different static analysis tools we use, among others, PVS-Studio, Coverity Scan, Infer.

README.md gets a few updates: fixing typos/spelling issues, updates in package dependencies lists, added details regarding CI/CD, added hints for building on Apple M1, and a bunch of small changes.

WPE patches for freeradius and hostapd have been updated for 3.2.0 and 2.10 respectively. We also added docker containers to help speed up the creation of these patches in the future.

Behind the scenes, we continuously update our buildbots, using newer OS versions, and tools (we switched from Intel ICC to Intel oneAPI). That means deprecating old ones, and building new buildbots.

In autotools, we added initial support for Link Time Optimization (LTO) builds and a maintainer mode (--enable-maintainer-mode) which displays additional warnings when compiling. They are useful, not only for us, but also for anybody working on Pull Requests (PR).

Another big change is the transition from AppVeyor (Windows CI), and TravisCI (Linux and macOS CI), to GitHub Actions. GitHub Actions allows us to consolidate all the CI/CD in a single place. It includes Linux, macOS, and Windows CI, that we had before. If you want to see how this is done, the source for the different workflows can be found in the .github/workflows directory.

Needless to say, we will be expanding our use of GitHub Actions.

For those using packages on PackageCloud.io, we now support any distribution that can handle .deb or .rpm packages, current and future. However, you will have to reinstall the package to keep receiving updates. More details in this blog post.

Last, but not least, we now have VScode devcontainers. They allow for a rapid development environment set-up: when starting VScode, if it finds a .devcontainers directory in the project, it will prompt (usually at the bottom right) to reopen the project in a container, which will build the development container the first time around. You can find some instruction in the README.md.

And finally, the full changelog:

  • Airdecap-ng: Endianness fixes
  • Airdecap-ng: Output PCAP as little endian
  • Airodump-ng: Fixed blank encryption field when APs have TKIP (and/or CCMP) with WPA2
  • Airodump-ng: Updated encryption filter (-t/--encrypt) for WPA3 and OWE
  • Airodump-ng: Fixed out-of-order timestamp captures
  • Airodump-ng: Ignore NULL PMKID
  • Airodump-ng: Fixed dropping management frames with zeroed timestamp
  • Airodump-ng: Fixed sorting where sometimes it started with a different field
  • Airodump-ng: Allow setting colors only in AP selection mode
  • Airodump-ng: Fix crash on 4K Linux console
  • Airodump-ng: Fixed issue where existing clients not linked to an AP become hidden when hitting 'o'
  • Airodump-ng: Allow use of WiFi 6E 6GHz frequencies
  • Airodump-ng: Look for oui.txt in /usr/share/hwdata
  • Airgraph-ng: Fixed graphviz package conflict
  • Airgraph-ng: Fixed downloading OUI with python3
  • Airgraph-ng: Ensure support/ directory is created when installing
  • Aircrack-ng: Fixed static compilation
  • Aircrack-ng: Fix handshake replay counter logic
  • Aircrack-ng: Handle timeout when parsing EAPOL
  • Aircrack-ng: Fixed WEP display
  • Aircrack-ng: Fixed spurious EXIT messages
  • Aircrack-ng: Improved handshake selection by fixing EAPOL timing and clearing state
  • Aircrack-ng: Ignore NULL PMKID
  • Aircrack-ng: Added Apple M1 detection
  • Aireplay-ng: In test mode, detect tampering of sequence number by firmware/driver
  • Aireplay-ng: Fixed incorrectly rewritten loops affecting fragmentation attack, and in some cases, SKA fake auth
  • Aireplay-ng: Fixed a bunch of instances where packets had their duration updated instead of the sequence number
  • Airmon-ng: Fix avahi killing
  • Airmon-ng: rewrite service stopping entirely
  • Airmon-ng: Codestyle fixes and code cleanup
  • Airmon-ng: Added a few Raspberry Pi hardware revisions
  • Airmon-ng: Fixes for 8812au driver
  • Airmon-ng: Fix iwlwifi firmware formatting
  • Airmon-ng: Remove broken KVM detection
  • Airmon-ng: Show regdomain in verbose mode
  • Airmon-ng: Updated Raspberry Pi hardware revisions
  • Airmon-ng: Document frequency usage
  • Airmon-ng: Add a sleep to help predictable names due to udev sometimes renaming interface
  • Airmon-ng: Added warning for broken radiotap headers in kernel 5.15 to 5.15.4
  • Airmon-ng: shellcheck fixes
  • Airmon-ng: support systemctl as some systems don't support 'service' anymore
  • Airmon-ng: Fixes for pciutils 3.8, backward compatible
  • Airbase-ng: use enum for frame type/subtype
  • Airbase-ng: remove a few IE in association responses
  • Besside-ng: Support and detect all channels in 5GHz in Auto-Channel mode
  • OSdep: Search additional IE for channel information
  • OSdep: Android macro fixes
  • Patches: Add missing patches that were on https://patches.aircrack-ng.org but not in repo
  • Patches: Updated freeradius-wpe patch for v3.2.0
  • Patches: Updated hostapd-wpe patch for v2.10
  • Patches: Added docker containers to test WPE patches
  • Autotools: make dist now creates VERSION file
  • Autotools: Added maintainer mode
  • Autotools: Initial support for Link Time Optimization (LTO) builds
  • Integration tests: Added a new test, and improved some existing ones
  • Airgraph-ng: switch airodump-join to Python 3
  • Manpages: Fixes (typos, tools name, etc.) and improvements
  • README: Updated dependencies and their installation on various distros in README.md and INSTALLING
  • README: Fixed typos and spelling in README.md and INSTALLING
  • Packages: Packages on PackageCloud now support any distro using .deb and .rpm, however, it requires reinstalling repo (BREAKING CHANGE)
  • General: Fix compilation with LibreSSL 3.5
  • General: Fix issues reported by Infer
  • General: Updated buildbots
  • General: Add Linux uclibc support
  • General: Compilation fixes on macOS with the Apple M1 CPU
  • General: Removed TravisCI and AppVeyor
  • General: Use Github Actions for CI (Linux, Win, macOS, code style, and PVS-Studio)
  • General: Added vscode devcontainer and documentation
  • General: Fix warnings from PVS-Studio and build with pedantic (See PR2174)
  • General: Shell script fixes thanks to shellcheck
  • General: Fixes for GCC 10 and 11
  • General: Fixed cross-compilation
  • General: Code refactoring, deduplication, cleanup, and misc code improvements
  • General: Coverity Scan fixes, which includes memory leaks, race conditions, division by 0, and other issues
  • General: PVS Studio improvements,fixes and updates
  • General: Code formatting/style fixes
  • General: Various fixes and improvements (code, CI, integration tests, coverity)
  • General: Update bug reporting template and update the process

Wednesday, April 13, 2022

PackageCloud.io 'any/any' change

We have been building every commit in git and every release for different Linux distributions for a while. If you want to read about it, we have more details in a previous blog post.

Long story short, we compile them statically so they will work on any Linux system, and there no need for us to compile for each of distribution specifically (and figure out all the dependencies). Afterward, we have to build a simple .deb and .rpm packages, then tag them for each distribution we want to offer them for in PackageCloud.

However, whenever a new distribution was released, there was a delay before it became available in PackageCloud, so, from time to time, we miss one.

We recently noticed in the PackageCloud documentation that we can tag them with any/any for .deb, and rpm_any/rpm_any for .rpm instead. This matches ALL current distributions, future distributions, and future distributions releases, so we won't have to worry about adding new ones.

We have committed the change in our GitHub repository, and the first packages using it are the ones in the PackageCloud git repository. The release repository will follow when we release the next version.

What does that mean for you?

If you were using our packages before, then you will have to reinstall it (and likely remove the PackageCloud entry in your repository configuration first).

If you want to use our packages, as long as your distribution can handle .deb or .rpm, it will work.

Important note: If you use packages in the PackageCloud release repository (stable releases), don't make the switch quite yet. We will let you remind you when we release, in a future blog post.

Saturday, January 25, 2020

Aircrack-ng 1.6

It's been more than a year since the last release, and this one brings a ton of improvements.

The most noticeable change are the rate display in Airodump-ng. Previously, it went up to 54Mbit. Now, it takes into account the complexity of 802.11n/ac and calculates the maximum rate that can be achieved on the AP. Expect 802.11ax rates in the next release. We brought basic UTF-8 support for ESSID and if you ever come across WPA3 or OWE, this will be displayed correctly as well. Airodump-ng has had the ability to read PCAP files for quite some time, which can be handy to generate one of the CSV/netxml or other output formats available. However, signal levels were not displayed; this has now been fixed. A new option has been added to read the files in realtime, instead of reading all at once.

Huge improvements have been done under the hood as well. Code has been cleaned up, deduplicated (Pull Request 2010), reorganized (Pull Request 2032), which lead to a lot of fixes.

This reorganization also updated the build system, which now requires automake 1.14+. This was a problem on CentOS 7, but we provide a script to install these requirements from source to solve the issue; although automake 1.14 (and other dependencies) have been released 6+ years ago, CentOS is the only distribution that doesn't have it, and it was decided to provide a script to install the requirements was a small price to pay to improve and simplify the build system.

Other tools received fixes as well:
  • Along with a few fixes, Airmon-ng now handles more network managers, and persistent ones; no need to run airmon-ng check kill a few times for the network managers that keep restarting.
  • Airdecap-ng can now decrypt both sides of the conversation when WDS is in use.
  • As usual, we updated WPE patches for freeradius and HostAPd.
  • Python 2 is dead as of January 1st, and now all our scripts support Python 3. If you are still running Python 2, don't worry, they are still backward compatible.
  • Aircrack-ng contains fixes for a few crashes and other regressions, as well as improved CPU detection in some cases (-u option).

We have been working on our infrastructure and have a buildbot server with quite a few systems. If you head up to our buildbot landing page, you can see the extent of the build system: 14 systems to test build on top of AppVeyor, TravisCI, and Coverity Scan, plus one to automatically package it and upload packages to packagecloud.io. It gets triggered every time we push code to our GitHub repository and you can see the details of each build for each commit on GitHub. We have an earlier blog post where you can find some details of our CI/CD.
We are currently working on bringing Mac infrastructure as well.

We keep working on our automated tests, and a few have been added; this release also brings integration tests (16 for now) to automatically test different features of airodump-ng, aireplay-ng, airbase-ng and others.

In case you find security issues in Aircrack-ng or our domains, we recently added a security policy to explain how to report them. It is on GitHub, on our website, as well as security.txt.

And finally, what you've been waiting for, the full changelog:
  • Aircrack-ng: Added support for MidnightBSD
  • Aircrack-ng: Fixed ARM processors display with -u
  • Aircrack-ng: Fixed AVX-512F support
  • Aircrack-ng: Fixed cracking speed calculation
  • Aircrack-ng: Fixed cracking WEP beyond 10k IVS
  • Aircrack-ng: Fixed creating new session and added test case
  • Aircrack-ng: Fixed encryption display in some cases when prompting for network to crack
  • Aircrack-ng: Fixed exiting Aircrack-ng in some cases
  • Aircrack-ng: Fixed logical and physical processor count detection
  • Aircrack-ng: Fixed PMKID length check
  • Aircrack-ng: Various fixes and improvements to WPA cracking engine and its performance
  • Airdecap-ng: Decrypt both directions when WDS is in use
  • Airdecap-ng: Fixed decrypting WPA PCAP when BSSID changes
  • Airgraph-ng: Added support for WPA3
  • Airgraph-ng: Switch to argparse
  • Airmon-ng: Added detection for wicd, Intel Wireless Daemon (iwd), net_applet
  • Airmon-ng: Handle case when avahi keeps getting restarted
  • Airmon-ng: Indicates when interface doesn't exist
  • Airodump-ng: Added autocolorization interactive key
  • Airodump-ng: Added option to read PCAP in realtime (-T)
  • Airodump-ng: Added PMKID detection
  • Airodump-ng: Added support for GMAC
  • Airodump-ng: Added support for WPA3 and OWE (Enhanced Open)
  • Airodump-ng: Basic UTF-8 support
  • Airodump-ng: Checked management frames are complete before processing IE to avoid switch from WEP to WPA
  • Airodump-ng: Display signal when reading from PCAP
  • Airodump-ng: Fixed netxml output with hidden SSID
  • Airodump-ng: Improved rates calculation for 802.11n/ac
  • Airtun-ng: Fixed using -p with -e
  • Autoconf: Fixed order of ssl and crypto libraries
  • dcrack: Fixed client reporting benchmark
  • dcrack: Now handles chunked encoding when communicating (default in Python3)
  • Freeradius-WPE: Updated patch for v3.0.20
  • General: Added NetBSD endianness support
  • General: Added python3 support to scripts
  • General: Added script to update autotools on CentOS 7
  • General: Added security policy to report security issues
  • General: Reorganizing filesystem layout (See PR 2032), and switch to automake 1.14+
  • General: Convert to non-recursive make (part of PR 2032)
  • General: Deduplicating functions and code cleanups
  • General: Fixed packaging on cygwin due to openssl library name change
  • General: Fixed SPARC build on Solaris 11
  • General: Removed coveralls.io
  • General: Updated dependencies in README.md/INSTALLING
  • General: Use upstream radiotap libary, as a sub-tree
  • General: various fixes and improvements (code, CI, integration tests, coverity)
  • HostAPd-WPE: Updated for v2.9
  • Manpages: Fixes and improvements
  • Tests: Added Integration tests for aireplay-ng, airodump-ng, aircrack-ng, airbase-ng, and others
  • Tests: Added tests for airdecap-ng, aircrack-ng

Sunday, December 9, 2018

Aircrack-ng 1.5.2

This is a smaller release than the previous one but we did want to release the fixes and improvements before the holidays so it will be available for Shmoocon next month in your favorite distro.

Small issues were found in 1.5 and then in 1.5.1, which is why we ended up with 1.5.2. Respectively, a crash when running aircrack-ng without any arguments and 1.5.1 was still displaying 1.5 as the version number.

Among visible fixes, the slip issue in airodump-ng when selecting an AP in interactive mode is solved, the cursor will stay on the selected BSSID when the list moves around. By rewriting the queues handling wordlists in aircrack-ng, some cracking issues and intermittent failures are fixed. We also have a new output file for GPS logging called logcsv. A few cosmetic issues have been fixed.

There are also code quality improvements, a few new tests, improved and updated Raspberry Pis detection (nexmon), revamped GPS logging functionality in airodump-ng, fixes for Big Endian and building/cross-compiling on various OSes and last but not least, building packages for Ubuntu 18.10.


  • Airodump-ng: Fixed AP selection slip in interactive mode
  • Airodump-ng: Revamped GPS logging functionality and added new logging format (logcsv)
  • Aircrack-ng: Only load the maximum supported and available crypto engine
  • Aircrack-ng: Reworked wordlist producer/consumer queue
  • Airserv-ng: Fixed communication between platforms with different size int
  • Airmon-ng: Improved detection of Raspberry Pis
  • General: Signed and unsigned comparison fixes
  • Package: Added package for Ubuntu 18.10 (Cosmic)
  • General: Code cleanups
  • General: Added more tests
  • General: Compilation improvements/fixes in autotools
  • General: Big endian fixes
  • General: Fixed building on FreeBSD and OpenBSD
  • General: Added instructions to compile on DragonflyBSD and OpenBSD
  • General: Fixed spelling errors

Wednesday, November 7, 2018

Continuous Integration/Contious Delivery

As mentioned a few times in the changelog and quite a bit in the commits, we have been using a bunch of tools to improve our code quality. And fine tuning them to do more and give us better information. We also use static analysis tools but that step is often done manually.

GitHub has been making it fairly easy to integrate with tools, even custom ones. Their marketplace offers a number of tools to help for development. On top of that, some companies offer to use theirs for free on open source project, which is a great way to improve code quality.

Let's walk through our current CI/CD infrastructure.

We first used Coverity Scan to do static analysis. Even though there are false positives here and there, it's a useful tool. Every single item reported by Coverity explains the path taken that leads to issue. In some cases the complexity of the path is impressive, going through more than 100 conditions. Although it can be integrated with GitHub, it works independently in our case and submitting up to two times a day if there are changes since the last time a build was submitted.

Later on, we added Travis CI. It offers Ubuntu 14.04 and OSX and in both instances, we test using GCC and clang, as well as with gcrypt or openSSL.

We then added AppVeyor to build on Windows. We currently build on cygwin 32 and 64 bit as well as MSYS64 and it builds a package for Windows. With the exception of the package, it tries compiling with GCC and clang in all cases.

If you haven't started doing CI/CD and need to build for Windows, consider using Travis as well as it now supports it.

We then added buildbots. Our buildbots cover current stable versions of:
  • Alpine Linux
  • Kali Linux
  • Kali Linux armel
  • Kali Linux armhf
  • FreeBSD
  • CentOS
We also added a buildbot to test with Intel C++ Compiler.

They all run on the same system with the exception of armel, armhf and FreeBSD that are separate.

And very recently, we added another one to build packages for a number of Linux distributions. It also automatically builds release packages when a new release is tagged in GitHub and it builds git packages whenever code is committed in our repository.

We are now planning to have our own buildbot server to consolidate, simplify and make it easier to manage our buildbot infrastructure. We'll add more systems and possibly use qemu to emulate specific CPUs.

Monday, October 15, 2018

To BE or not to BE? Using Qemu to run a Big Endian Debian system

An issue was reported on a Big Endian system. And, if memory serves right, we had Big Endian bugs a few times in the past.

For readability, we'll refer to Big Endian as BE and Little Endian as LE.

The reason we didn't catch the bug in the first place is, despite the fact that we have extensive testing on multiple OSes, using different compilers and across different CPUs, all our test systems are LE.

Endianness is, basically, the way bytes are organized in memory. We started a long time ago with BE, then got LE systems. Some of them are Bi-endian and can do either BE and LE. Wikipedia has more details if you'd like to read about it

There is a number of CPUs that can run in BE: SPARC, MIPS, PowerPC, ARM and a few others. Like our x86 CPUs, our favorite ARM boards all run in LE but they can also run Big Endian. It was probably easier to run them in LE, less maintenance to do which means developers can focus on the important things: stability and improving hardware support

We could blindly fix the bug in our tests, but being able to test it ourselves would be better and possibly easier. That could possibly open the door to a new buildbot.

Finding a Linux (or BSD) that support it is not easy. Other option for a usable, recent Linux supporting BE is Gentoo, CLFS and possibly Arch. Embedded OS such as OpenWrt is apparently another possibility but it is limited in terms of packages. Unfortunately, Debian dropped support for PowerPC (BE) 2 years ago.

FYI, if you are looking for cheap hardware for a native Big Endian system, look for a Power Mac G5 (or G4) and install FreeBSD powerpc.

That's where qemu is great, as you can see in a previous post. The advantage of doing it in software versus getting physical hardware is that it we can run it along the rest of the buildbots with existing hardware and thus we avoid having to spend extra to power dedicated hardware, its maintenance and rack space.

Initial set-up

First, we need to install qemu and its utilities. We'll use the MIPS architecture in this case, on an Ubuntu 22.04 64 bit host. If you want to try the PPC architecture, this post is a good starting point.

apt install qemu-system-mips qemu-utils

Now, we need to get the appropriate kernel and initrd to do a netboot. You might need to adjust the URL to download the initrd and kernel in the future.


  • The mips architecture is BE. If we wanted to do LE, we would go with mipsel or mips64el. Same goes for PowerPC, however Debian only offers PPC in LE (ppc64el). All ARM on Debian is LE.
  • Buster is the last Debian release that offers MIPS Big Endian images. Bullseye no longer does.

wget http://ftp.debian.org/debian/dists/buster/main/installer-mips/current/images/malta/netboot/initrd.gz
wget http://ftp.debian.org/debian/dists/buster/main/installer-mips/current/images/malta/netboot/vmlinux-4.19.0-21-4kc-malta

Now, let's create a qcow2 disk image:

user@ubuntu:~$ qemu-img create -f qcow2 disk.img 25G
Formatting 'disk.img', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=26843545600 lazy_refcounts=off refcount_bits=16


  • -f qcow2 specifies the format, qcow2
  • disk.img is the resulting file
  • 25G is the maximum size of the disk inside the image. That size is not allocated immediately, the file will keep growing as changes are done (additions/deletion).
We are allocating much more than we actually need so we have room to install other packages later on. A base installation would be fine with 2Gb.


Now, let's install Debian on the guest. Bear in mind that the installation will take about an hour on a recent CPU:

qemu-system-mips -hda disk.img -kernel vmlinux-4.19.0-21-4kc-malta -initrd initrd.gz -nographic -m 256m

  • -hda points to the disk image
  • -kernel points to the kernel we downloaded
  • -initrd points to the netboot install initrd
  • -nographic will not open a graphic interface and display output in the current console
  • -m 256m gives 256Mb of memory to the guest. 32 bit kernels are limited to 256Mb of RAM (if unspecified, default for qemu is 128Mb). 64 Bit MIPS qemu can get up to 2047Mb but there isn't any Debian for that. If you were to use more than 256Mb, adding "mem=256m@0x0 mem=XXXm@0x90000000" to -append (where XXX is the amount in -m minus 256Mb) might be needed

Note: mips64 would have been preferable because it can support more RAM but Debian doesn't offer that architecture.

It will start in the console. Simply follow the instructions like you would install a regular Debian system. The only two important choices that were made here, were to install all files in a single partition (and use the simple guided process when partitioning) and not install any X system due to the low memory.

At the end of the installation, a warning windows will be displayed mentioning there is no bootloader installed. It is expected, so it's fine.

A few moments later, Debian will let you know the installation is done. It will not shutdown but reboot (and restart with the netinstall if we let it). Interrupt the process by closing the terminal window (or hit Ctrl + a, c then input the command 'quit' to stop it).


The initrd we downloaded earlier is for netinstall only it won't work to boot our system. We'll need to grab the one generated during the installation. For this, we'll mount the qcow2 image we just installed, disk.img. One way to mount it is to use the tools included with qemu.

We first need to load nbd module:

sudo modprobe nbd

Then we connect the image to /dev/nbd0 and mount its first partition (because we installed all the files in a single partition) somewhere on our host:

mkdir qcow
sudo qemu-nbd --connect=/dev/nbd0 disk.img
sudo mount /dev/nbd0p1 qcow

From there, we'll copy the initrd from /boot then unmount it and disconnect the image:

cp qcow/boot/initrd.img-4.19.0-21-4kc-malta .
sudo umount qcow
sudo qemu-nbd --disconnect /dev/nbd0

rmdir qcow

Now, let's update our above command line to run our newly installed system:

sudo qemu-system-mips -hda disk.img -kernel vmlinux-4.19.0-21-4kc-malta -initrd initrd.img-4.19.0-21-4kc-malta -append "root=/dev/sda1" -nographic -m 256m -net user,hostfwd=tcp::1022-:22 -net nic

We also added forwarding to access SSH on the system. Refer to the previous blog post for more details about it.

After booting, we're greeted with a familiar prompt:

Debian GNU/Linux 10 debian ttyS0

debian login:

After logging in with the credentials we configured during the installation, running lscpu will give the following result:

root@debian:~# lscpu
Architecture:          mips
Byte Order:            Big Endian
CPU(s):                1
On-line CPU(s) list:   0
Thread(s) per core:    1
Core(s) per socket:    1
Socket(s):             1
BogoMIPS:              1228.80

Which confirms it's a BE system. There are a number of other ways to determine that.

If updating the system will bring a new kernel, and we'll simply have to follow the same procedure as described above when we copied the initrd. In this case, get both the new kernel and its corresponding initrd then adjust the qemu command line once again for the next time we boot it (update both -kernel an -initrd entries).

Note: Compiling Aircrack-ng will take about an hour with a recent CPU. Just running tests (make check) will take longer the the compilation itself.


The qcow2 image will keep growing even if we remove packages or delete files. Reclaiming free space is just a matter of zero'ing the disk space left in the guest then recompressing the image on the host after powering it off.

The first step is to fill the disk with zero's in the guest using dd then deleting the file. Make sure you have enough disk space on the host before you do that:

dd if=/dev/zero of=zerofile
rm -f zerofile

Deleting the file is very important or you may end up with an unbootable system. If that happens, just mount the qcow2 image like shown above and delete the file.

When done, shut the guest down. If you look at the file, disk.img, on the host, it will take the amount of space we initialized it with, 25Gb. Now, recompress it:

mv disk.img disk.img.bak
qemu-img convert -O qcow2 disk.img.bak disk.img

After installation and updates, it took approximately 1.8Gb and recompressed, 1.6Gb, saving roughly 200Mb.

Now, enjoy your new MIPS Big Endian system. Compiling aircrack-ng inside is exactly the same procedure as you would do on a regular x86 Debian system.

Saturday, October 6, 2018

Aircrack-ng packages

As mentioned in our 1.4 release blog post, we are now providing packages (repositories) for a "few" Linux distributions (and sometimes multiple version of each of them):
  • Debian
  • Ubuntu
  • Mint
  • SLES
  • OpenSuse
  • Fedora
  • RHEL
  • CentOS
  • Amazon Linux
  • Elementary OS
TL;DR: if all you want is to install the package, head over here.


Packages are an easy and convenient way to install software compared to compiling it.

All you have to worry about, after installing a package, is to make sure your system is up to date and there is no need to worry about each individual piece of software anymore. Today's distributions often even check automatically and notify if updates are available.

Another reason is that most Linux distributions often have old versions of Aircrack-ng in their repository and sometimes are a few years old.

It can be a problem for us when providing support. We often end up telling people to uninstall and recompile the latest release or try the current development code where the bug they're experiencing is fixed.

If you're a software developer, it's not too hard to figure out how to compile a piece of software, as long as the software is current and is documented. However, in some cases, it can get complicated.
And if you're not a developer, it is a daunting task.

We recently decided to tackle this issue and provide recent versions via packages, and for multiple OSs.

Why not a snap or a flatpak?

There are more than just those two possibilities as you can see in this post and all of those software are still not widely adopted yet. We may, in the future, offer snaps, flatpaks, or AppImage.


For CI/CD, we have been using buildbots on top of Travis CI and AppVeyor to automatically build Aircrack-ng on multiple platforms and multiple distros. It happens to every commit done to the master branch in our GitHub repository

We recently added a packages building bot to the buildbots for all the distributions mentioned on top.

Building packages and dependencies

Creating packages for that many distributions is not easy and if we did it the same way package managers do, we would have to keep spending a considerable amount of time and resources. So, the decision was made that the best route was to statically compile latest version of the dependencies into Aircrack-ng.

Basically, all the dependencies needed for each binary are built into each of them and what that means practically is that you can take the executable and just copy and paste it on another distro, no matter what packages are installed on that distro and how old or outdated it is, it would just work.

It wasn't an easy feat.

There is a drawback, our statically compiled binaries are larger than if they were coming from the distribution itself (or if you were compiling them yourself with the default options), because in distributions they are dynamically linked to their dependencies, which are sometimes shared with other software.

There is also a huge advantage. As mentioned above, we can support multiple OS and multiple versions of each of these OS easily and as a bonus, you will always have the latest version of the dependencies which are, most of the time, newer than what your distribution is providing. Added bonus: it sometimes fix bugs found in the library available in the distro.



Maintaining repositories to distribute the packages was another issue, we could have gotten an Ubuntu PPA repository, our own repository for Debian, the different derivatives of SuSe and RedHat but maintaining repositories for different distributions is a time and resources consuming task. So, we went with PackageCloud.io to handle it.

They provides instructions on how to add each of the repositories, either manually or automatically via their script. Afterward, it is just a matter of installing or updating Aircrack-ng via your package manager.

As mentioned, two flavors are available:
  • release: Any release published on our website, starting from this release, 1.4
  • git: for the most adventurous, built from each commit in our GitHub repository, with the latest features and bug fixes. While our repository is fairly stable, it may sometimes have bugs
Providing packages also means our package is a drop-in replacement for the existing Aircrack-ng package available from your distro and it will still be working with any package that requires it as a dependency.


Windows doesn't have any package manager we can leverage. Development binaries for Windows, built from our GitHub repository, are available on AppVeyor. On that link, select the last target, pkg, then click on the Artifacts tab.


To make our life easier so we can focus on the development, it is, like all the CI/CD, automated thanks to our buildbots. The magic sauce is in packages.yaml in build/pipelines.


If your distribution is providing an up to date package of Aircrack-ng, we recommend to use it instead of our packages. That is, unless you are using the git packages.

If your distribution isn't in the list of supported ones but uses DEB or RPM packages, you can try overriding the distribution in PackageCloud installation script.

If you have any question about it, please head to our forum.