Monday, September 7, 2009

Aircrack-ng 1.0

Yes, 1.0 final, finally :)

There are not much changes compared to the 1.0rc4, just a few fixes. Here is the changelog:

- airserv-ng: Now works fine between 32 and 64bit OSes.
- wesside-ng: Fixed some endianness bugs
- airodump-ng-oui-update: Make sure the user is root when updating the file.
- airmon-ng: Updated iw download link (0.9.17).
- All: Fixed compilation with some gcc.
- patches: Added missing patches from patches.aircrack-ng.org: mac80211_2.6.28-rc4-wl_frag+ack_v3.patch
- manpage: Updated aireplay-ng manpage.
- INSTALLING: Removed (now) useless requirement for OSX installation.
- GUI (windows): Fixed 2nd selection of a capture file.

For those who use subversion, the sources are not in sync with the trunk. The reason is that svn commit is currently broken.

It broke during a Debian update and we're still trying to figure out how to fix it (It should be fixed by the end of September in one way or another). We've pinpointed the issue and found that the reason is because of the authentication but since we did not change anything to the configuration, I have no idea why it suddenly broke. If anybody knows how to fix it, that would be great.

Last but not least, we're also launching the new website (and logo) as explained in a previous post: New Stuff. Feedback is welcome.

Friday, September 4, 2009

Contests @ Brucon Wireless workshops

UPDATE (Brucon): Please don't crack networks where you were not given permission to crack, thank you.

Brucon is getting closer :)

As I said, I'll give a workshop friday (17h00) and saturday (09h00, I know, it's early) and there will be 2 contests (one each day). The winner will receive an ALFA AWUS036E with a 5dbi antenna:

ALFA AWUS036E + 5dbi antenna

They will be run during the workshop and for both of them you need a laptop and a wireless card. You can use the tools of your choice.
- The first one, friday, you'll have to find an access point outside the convention area.
- And saturday, you'll have to crack the key of an access point (I haven't decided yet if it will be WEP or WPA).

More details will be given during the workshops.

Friday, August 7, 2009

New stuff

Hello everybody,

sorry for not posting anything since some time now, but we have been really busy these days and we got new stuff for you:
- 1.0 rc4 last week
- 1.0 final release date
- Planned features in 1.1
- New logo
- New website

I guess you saw there was a release, 1.0rc4 a bit more than a week ago.
This fixes a lot of stuff (and add some new). It fixes compilation not only on linux but also on BSD plateforms (OpenBSD compilation is fixed) and others ...
The changelog speaks by itself ;)

Here are some planned features for 1.1:
- Be able to use directly cowpatty tables in aircrack-ng (without having to convert them to airolib-ng).
- OSX capture (and maybe injection) with some adapters (Ticket #653).
- Improved WPA handshake detection.
- Bug fixes (of course)
- ...

We also have been working on a new website. Here is a preview: http://www.aircrack-ng.org/new_index.html.
The goal of this new design is to be able to reduce the traffic on the website, currently around 1Tb each month and also to be give a quick access to important information.
As explained in an earlier post, it will not replace the wiki, it will just be the home page and be next to the wiki (you can keep all your bookmarks).
If you (still) have any remark (or improvements) about the new design, you can still post them in the forum (you don't need to register to post).

The logo contest is over and we have a new logo. Here is a preview (winner: segini75). We will also sell t-shirts soon (I know a good website for europe but I still have to find one for the US).


Last but not least, the new website (and new logo) will be launched at the same time as the 1.0 final release in a week or two if no big bugs are found in rc4 :)

Saturday, April 25, 2009

Finding the author of the DoS

As I said, I know the IP address of the author of the DoS on our website and since he's located in Europe (Spain), it shouldn't be really hard to solve the case with the Computer Crime Unit.

However, I would like to try to solve it with him first. I just want him to contact me (tdotreppe@aircrack-ng.org) within 2 weeks to reimburse the bandwidth he generated and explain why he did it and I promise there will be no consequence, no complaint registered.

Thanks a lot

Good news, the website is now up thanks to all donations.

Even if I really like to work on aircrack-ng, it is really great to see a lot of people helping us, and I really want thank them a lot ;)

The other good news is that we now have enough to pay hosting until July (if this kind of DoS doesn't happen again) but please continue, that would be wonderful if donations could cover hosting costs every month.

Last but not least, I promise that I'll try to make that guy pay the traffic he generated.

Thursday, April 23, 2009

Paying the bill

I finally found who is the responsible or at least the IP address of the author of this DoS (if generating 1.5Tb of traffic in 2 days and making the monthly traffic exceed thus making the website down is not a DoS, then what is it?) and you can be sure that this guy will have to pay the traffic, sooner or later.

Administrative stuff is taking too long so I think it will be easier to pay the bill now to have the website back up.

Aircrack-ng cost me around 60 euro per month (+ domain names that have to be renewed each year, wireless cards, traffic, ...) and although we have around 30K unique visitors each day, unfortunatly donations are quite low (the total for last year was around 80 euro). The reason why I'm writing this post is to ask for donations to pay that bill (around 130 euro).

So, any donation to tdotreppe@aircrack-ng.org (paypal) is really welcome.

Saturday, April 18, 2009

Website down

Unfortunatly, the website is down due to an error in traffic calculation.

We usually use 30-40Gbytes per day and we have 1200Gbytes of traffic per month, so enough for each month.
But the 14 and 15 April, their system say we use 688 and 884Gb (= more than 10Mbytes/sec for 24 hours) of traffic (so 20-30 times what we usually use) thus exceeding the allowed traffic per month.

I'm contacting them to try to fix it as soon as possible.

Edit:
Here is an update: http://aircrack-ng.blogspot.com/2009/04/paying-bill.html

Thursday, April 9, 2009

Workshop at Brucon 2009

I'll be giving a workshop at Brucon 2009 (18-19 September 2009).

Abstract:

During this workshop, I'll tackle different scenarios that could happen during an audit of WiFi networks (Open, WEP and WPA), including the use of CUDA and FPGA to accelerate cracking.

Aircrack-ng is not only meant for auditing wireless networks, it can also be used for site surveys and different tools based on it will be presented:
- Airgraph-ng, graphing wireless networks and its integration in Maltego.
- GISKismet, representing wireless networks in Google earth.
- And more...

There will also be a contest. More details will follow.

Wednesday, April 1, 2009

Airodump-ng with native wireless driver on Windows

EDIT: This was an April Fool :)

Altought this is not a final version (a work in progress), here is a version of airodump-ng that works on windows with the native drivers of your wireless card.

Here is a screenshot of the application:



Download link: airodump-ng-win-native-drivers.zip

Nearly all drivers in windows XP are NDIS. So, to allow/enable monitor mode in the drivers, you have to install a special "driver". Because MS may not like it, I prefer to distribute is via bittorrent: native_rfmon_winxp.torrent

Note: It was tested on Windows XP and with an Intel Pro/Set Wireless 2200. And it requires .NET 2.0.
Note 2: If your wireless card isn't listed, it means the adapter is disabled and you'll have to enable it and restart the application (Right click on "My Network Place" then select "Properties". In the list, right click on your wireless adapter and click on "Enable"). In the final version, it will be fixed and will only list wireless interfaces.

Edit: Here is the video (sorry for the quality, it's not easy to record the screen with a camera).

Thursday, March 26, 2009

Aircrack-ng 1.0rc3 released

It is finally released :)

Download links:

Here is a summary of the changes:
  • tkiptun-ng, easside-ng (and buddy-ng) and wesside-ng are not compiled by default, you have to append 'unstable=true' when compiling and installing
  • CSV file extension has changed and has now .CSV as extension
  • Kismet CSV file extension is now .kismet.csv
  • Airodump-ng can generate kismet newcore NetXML files (.kismet.netxml) and thus should be compatible with GISkismet (however using GPSd currently cause corruption pcap corruption; that will be fixed in the next release).
  • Fixed compiling on 64 bit.
  • There's a patch for OSX (intel). You must apply it or aircrack-ng will not work correctly (instructions can be found in INSTALLING file).
  • Added Active scanning simulation in airodump-ng.
  • Various fixes.

Here is the complete changelog:
  • airodump-ng: Added Active Scanning Simulation.
  • airodump-ng: Added support for kismet-newcore netxml files (DTD v3.1.0)
  • airodump-ng: Changed file extensions for CSV (.csv instead of .txt) and for kismet CSV (.kismet.csv instead of .csv).
  • airodump-ng: Fixed WPA tag parsing and added QoS detection based on direction.
  • airodump-ng: Added option to only disable capture file; all other files (CSV, kismet CSV, kismet netxml, GPS) will be created.
  • aircrack-ng: Fixed -w with WEP.
  • aircrack-ng: Fixed useless memory allocation.
  • aircrack-ng: Fixed compilation with gcc 2.95.
  • aircrack-ng: Fixed compilation on 64 bit (SHA-SSE2).
  • aircrack-ng: Fixed errors when compiling on OS X 10.5.6 PPC.
  • aircrack-ng: Added an option to write the key to a file.
  • airolib-ng: Fixed a bug where database is created even if parameters are not correct.
  • airmon-ng: Added wifibox to the list of network managers.
  • airmon-ng: Updated iw download link (0.9.11).
  • airmon-ng and airdriver-ng: Move them in script/ directory.
  • airmon-ng: Bypass interface checks when ps command returns an error. Needed for BusyBox limited ps command.
  • airdriver-ng: Update legacy RT73 driver to use rt73-k2wrlz v3.0.2
  • tkiptun-ng: Allow padded arp packets to the client.
  • airserv-ng & osdep: Fixed compilation on FreeBSD 7.1
  • easside-ng & wesside-ng: Fixing again "Error Wrote 39 out of 30" error message.
  • manpages: Fixed manpages titles.
  • Makefile: Only compile and install wesside-ng, easside-ng, buddy-ng and tkiptun-ng with "make unstable=true".
  • patches: Updated sqlite (v3.6.11) patch for cygwin.
  • patches: Added patch for aircrack-ng on MacOSX
  • scripts: Added a script to automatically patch and install SQLite in cygwin.

Wednesday, March 25, 2009

Forum up

The forum is finally up and everything is working fine:
  • DNS updated
  • Redirection works fine: all your bookmarks (and links in the forum) with the old address should redirect to the new one automatically (I was surprised to see new posts announced on IRC that still has the old RSS feed address). Technically, the old URL rewrite the URL to point to the new location with the parameters and uses a 301 to do that.
  • Links (URLs, RSS) are updated on the wiki.
  • No more glitches on the server. However if it happens, don't hesitate to send a mail to tdotreppe@aircrack-ng.org to tell me (with details).

Last but not least, the 1.0rc3 release should be done tomorrow if everything goes well (I told Murphy to leave me alone at least for a few days) :)

Monday, March 23, 2009

Forum down

As you saw, the forum has been down since a few hours, around 6pm GMT+1.

The reason is that the database size is really close to the allowed disk space and the hoster stopped it automatically. I moved it to another place (where we have much more space) and there are just a few things to do before it's back up:
- DNS needs to be updated
- a few glitches on the server have to be fixed
- A script has to be written to redirect all requests from forum.tinyshell.be to the new URL (so that any link to it will still work).

The good news is that nothing was lost and it should be faster than before.

Ah yeah, ... It should be back up tomorrow evening and the release of 1.0rc3 will be done the next day :).

Sunday, March 22, 2009

New release really soon: 1.0rc3

There will be a new release in a day or 2. It will fix a lot of bugs (including the compiling issue of rc2 on 64 bit) and add one new feature: creation of kismet newcore netxml files (so that it can work with GISkismet). Some programs (wesside-ng, easside-ng, tkiptun-ng) were marked as unstable and you need to append the flag 'unstable=true' when running make and make install

Here is the current changelog:
  • airodump-ng: Added Active Scanning Simulation.
  • airodump-ng: Added support for kismet-newcore netxml files (DTD v3.1.0)
  • airodump-ng: Changed file extensions for CSV (.csv instead of .txt) and for kismet CSV (.kismet.csv instead of .csv).
  • airodump-ng: Fixed WPA tag parsing and added QoS detection based on direction.
  • airodump-ng: Added option to only disable capture file; all other files (CSV, kismet CSV, kismet netxml, GPS) will be created.
  • aircrack-ng: Fixed -w with WEP.
  • aircrack-ng: Fixed useless memory allocation.
  • aircrack-ng: Fixed compilation with gcc 2.95.
  • aircrack-ng: Fixed compilation on 64 bit (SHA-SSE2).
  • aircrack-ng: Fixed errors when compiling on OS X 10.5.6 PPC.
  • aircrack-ng: Added an option to write the key to a file.
  • airolib-ng: Fixed a bug where database is created even if parameters are not correct.
  • airmon-ng: Added wifibox to the list of network manager.
  • airmon-ng: Updated iw download link (0.9.9).
  • airmon-ng and airdriver-ng: Move them in script/ directory.
  • airmon-ng: Bypass interface checks when ps command returns an error. Needed for BusyBox limited ps command.
  • airdriver-ng: Update legacy RT73 driver to use rt73-k2wrlz v3.0.2
  • tkiptun-ng: Allow padded arp packets to the client.
  • airserv-ng & osdep: Fixed compilation on FreeBSD 7.1
  • easside-ng & wesside-ng: Fixing again "Error Wrote 39 out of 30" error message.
  • manpages: Fixed manpages titles.
  • Makefile: Only compile and install wesside-ng, easside-ng, buddy-ng and tkiptun-ng with "make unstable=true".
  • patches: Updated sqlite (v3.6.11) patch for cygwin.
  • patches: Added patch for aircrack-ng on MacOSX

Tuesday, March 17, 2009

Aircrack-ng.org new main page design

We are currently working on a new website, and more precisely on the entry of www.aircrack-ng.org.

This is not meant to replace the wiki but it is meant to give a quicker access to the most used things on the main page of the wiki and a better overview of the important things.

It will be installed next to the wiki and thus nothing will change for you (you won't have to change your bookmarks).


What do you think about the new main page?

Saturday, March 14, 2009

ASCII WEP key

I often see people who cracked a WEP key and who wanted to convert it to ASCII.

My question is why do you want to convert it?
Maybe because it is easier to remember? Mmmh ... not always, especially if it's 13 random characters like this: $5@r6m2be_rEX
Maybe for network managers (command line/graphical, Linux/Windows)? No, they don't care if it's ASCII or hex. And an incomplete conversion would be unusable.

And, btw, if it was convertible, aircrack-ng would have given you the ASCII version :)