Tuesday, May 10, 2022

Aircrack-ng 1.7

TL;DR: Downloads over here.

We broke the 4000 commits barrier.

After more than 2 years and more than 400 commits since 1.6, we are making a release with a decently large amount of fixes, improvements, and additions. 

Noticeable changes and fixes are present in a number of tools: airodump-ng, aircrack-ng, airdecap-ng, airmon-ng, aireplay-ng, airgraph-ng, besside-ng. And also in osdep, our os-dependent interface for Wi-Fi capture and injection.

In airodump-ng, we fixed the blank encryption field when the AP uses TKIP, and in the command line, the encryption filter (-t/--encrypt) now has filters for WPA3 and OWE. It now allows the use of Wi-Fi 6E channels. It gets a number of smaller noticeable fixes. A check for discarding LLC NULL frames (to avoid polluting PCAP) which unintentionally dropped management with zeroed timestamps, is now resolved. Another fix is for a minor sorting issue, where when going through the different choices for sorting, it sometimes started with the second sorting option, instead of the first one. Finally, we fixed a crash on 4K linux console.

Aircrack-ng kept processing the wordlist until the end of the file, which is now fixed. It can detect Apple M1 CPUs. It sees a fix for WEP display, and one for spurious EXIT messages. It also gets a bunch of improvements with WPA (1/2/3) handshakes: we reworked replay counter logic, better/stricter handling of EAPOL timeouts, which will lead to better handshakes, as it will more accurately choose the frames of the handshake.

Airdecap-ng gets a few bug fixes for endianess issues, and it now outputs PCAP in little endian.

Airmon-ng sees a rewrite for stopping services, fixes killing avahi, and a bunch of smaller changes and improvements: codestyle, RPi detection, 8812au driver fixes, iwlwifi firmware information formatting, removal of broken KVM detection, shellcheck fixes, warning for broken radiotap headers (in kernel 5.15 to 5.15.4 included), and display of regulatory domain in verbose mode. Although Ubuntu 22.04 says it uses 5.15.0 with uname, it is actually more recent version (5.15.30 at the time of writing), and thus doesn't have the bug. It doesn't follow the Debian way for kernel versioning and you can check the actual version of the kernel in /proc/version_signature.

In aireplay-ng, we fixed incorrectly rewritten loops that affected fragmentation attack, and also when doing fake authentication against Shared Authentication (WEP). We also fixed a bunch of instances where packets incorrectly had their duration field updated instead of the sequence number. Test mode (-9/--test) now detects tampering of the sequence number by the driver/firmware.

Airgraph-ng was broken due to a package name conflict, which is now fixed, along with a fix for the OUI file download with Python 3.

Besside-ng now supports and detects all channels in 5GHz in Auto-Channel mode.

OSdep, our "OS dependent" interface used by all the tools doing capture or injection (such as airodump-ng or aireplay-ng), now searches additional Information Element (IE) in management frames for channel information, in case the usual ones are not present. This fixes failures with AP/clients in the 5GHz band for the most part. There is also a fix for Android.

On the less visible side, we get a number of improvements and fixes as well. We did code refactoring, deduplication, cleanup, code style fixes, as well as miscellaneous improvements. We also fixed a bunch of typos, spelling, and wording issues across the board. We fixed cross-compilation issues and compilation with GCC 10 and 11. We fixed a number of issues reported by different static analysis tools we use, among others, PVS-Studio, Coverity Scan, Infer.

README.md gets a few updates: fixing typos/spelling issues, updates in package dependencies lists, added details regarding CI/CD, added hints for building on Apple M1, and a bunch of small changes.

WPE patches for freeradius and hostapd have been updated for 3.2.0 and 2.10 respectively. We also added docker containers to help speed up the creation of these patches in the future.

Behind the scenes, we continuously update our buildbots, using newer OS versions, and tools (we switched from Intel ICC to Intel oneAPI). That means deprecating old ones, and building new buildbots.

In autotools, we added initial support for Link Time Optimization (LTO) builds and a maintainer mode (--enable-maintainer-mode) which displays additional warnings when compiling. They are useful, not only for us, but also for anybody working on Pull Requests (PR).

Another big change is the transition from AppVeyor (Windows CI), and TravisCI (Linux and macOS CI), to GitHub Actions. GitHub Actions allows us to consolidate all the CI/CD in a single place. It includes Linux, macOS, and Windows CI, that we had before. If you want to see how this is done, the source for the different workflows can be found in the .github/workflows directory.

Needless to say, we will be expanding our use of GitHub Actions.

For those using packages on PackageCloud.io, we now support any distribution that can handle .deb or .rpm packages, current and future. However, you will have to reinstall the package to keep receiving updates. More details in this blog post.

Last, but not least, we now have VScode devcontainers. They allow for a rapid development environment set-up: when starting VScode, if it finds a .devcontainers directory in the project, it will prompt (usually at the bottom right) to reopen the project in a container, which will build the development container the first time around. You can find some instruction in the README.md.

And finally, the full changelog:

  • Airdecap-ng: Endianness fixes
  • Airdecap-ng: Output PCAP as little endian
  • Airodump-ng: Fixed blank encryption field when APs have TKIP (and/or CCMP) with WPA2
  • Airodump-ng: Updated encryption filter (-t/--encrypt) for WPA3 and OWE
  • Airodump-ng: Fixed out-of-order timestamp captures
  • Airodump-ng: Ignore NULL PMKID
  • Airodump-ng: Fixed dropping management frames with zeroed timestamp
  • Airodump-ng: Fixed sorting where sometimes it started with a different field
  • Airodump-ng: Allow setting colors only in AP selection mode
  • Airodump-ng: Fix crash on 4K Linux console
  • Airodump-ng: Fixed issue where existing clients not linked to an AP become hidden when hitting 'o'
  • Airodump-ng: Allow use of WiFi 6E 6GHz frequencies
  • Airodump-ng: Look for oui.txt in /usr/share/hwdata
  • Airgraph-ng: Fixed graphviz package conflict
  • Airgraph-ng: Fixed downloading OUI with python3
  • Airgraph-ng: Ensure support/ directory is created when installing
  • Aircrack-ng: Fixed static compilation
  • Aircrack-ng: Fix handshake replay counter logic
  • Aircrack-ng: Handle timeout when parsing EAPOL
  • Aircrack-ng: Fixed WEP display
  • Aircrack-ng: Fixed spurious EXIT messages
  • Aircrack-ng: Improved handshake selection by fixing EAPOL timing and clearing state
  • Aircrack-ng: Ignore NULL PMKID
  • Aircrack-ng: Added Apple M1 detection
  • Aireplay-ng: In test mode, detect tampering of sequence number by firmware/driver
  • Aireplay-ng: Fixed incorrectly rewritten loops affecting fragmentation attack, and in some cases, SKA fake auth
  • Aireplay-ng: Fixed a bunch of instances where packets had their duration updated instead of the sequence number
  • Airmon-ng: Fix avahi killing
  • Airmon-ng: rewrite service stopping entirely
  • Airmon-ng: Codestyle fixes and code cleanup
  • Airmon-ng: Added a few Raspberry Pi hardware revisions
  • Airmon-ng: Fixes for 8812au driver
  • Airmon-ng: Fix iwlwifi firmware formatting
  • Airmon-ng: Remove broken KVM detection
  • Airmon-ng: Show regdomain in verbose mode
  • Airmon-ng: Updated Raspberry Pi hardware revisions
  • Airmon-ng: Document frequency usage
  • Airmon-ng: Add a sleep to help predictable names due to udev sometimes renaming interface
  • Airmon-ng: Added warning for broken radiotap headers in kernel 5.15 to 5.15.4
  • Airmon-ng: shellcheck fixes
  • Airmon-ng: support systemctl as some systems don't support 'service' anymore
  • Airmon-ng: Fixes for pciutils 3.8, backward compatible
  • Airbase-ng: use enum for frame type/subtype
  • Airbase-ng: remove a few IE in association responses
  • Besside-ng: Support and detect all channels in 5GHz in Auto-Channel mode
  • OSdep: Search additional IE for channel information
  • OSdep: Android macro fixes
  • Patches: Add missing patches that were on https://patches.aircrack-ng.org but not in repo
  • Patches: Updated freeradius-wpe patch for v3.2.0
  • Patches: Updated hostapd-wpe patch for v2.10
  • Patches: Added docker containers to test WPE patches
  • Autotools: make dist now creates VERSION file
  • Autotools: Added maintainer mode
  • Autotools: Initial support for Link Time Optimization (LTO) builds
  • Integration tests: Added a new test, and improved some existing ones
  • Airgraph-ng: switch airodump-join to Python 3
  • Manpages: Fixes (typos, tools name, etc.) and improvements
  • README: Updated dependencies and their installation on various distros in README.md and INSTALLING
  • README: Fixed typos and spelling in README.md and INSTALLING
  • Packages: Packages on PackageCloud now support any distro using .deb and .rpm, however, it requires reinstalling repo (BREAKING CHANGE)
  • General: Fix compilation with LibreSSL 3.5
  • General: Fix issues reported by Infer
  • General: Updated buildbots
  • General: Add Linux uclibc support
  • General: Compilation fixes on macOS with the Apple M1 CPU
  • General: Removed TravisCI and AppVeyor
  • General: Use Github Actions for CI (Linux, Win, macOS, code style, and PVS-Studio)
  • General: Added vscode devcontainer and documentation
  • General: Fix warnings from PVS-Studio and build with pedantic (See PR2174)
  • General: Shell script fixes thanks to shellcheck
  • General: Fixes for GCC 10 and 11
  • General: Fixed cross-compilation
  • General: Code refactoring, deduplication, cleanup, and misc code improvements
  • General: Coverity Scan fixes, which includes memory leaks, race conditions, division by 0, and other issues
  • General: PVS Studio improvements,fixes and updates
  • General: Code formatting/style fixes
  • General: Various fixes and improvements (code, CI, integration tests, coverity)
  • General: Update bug reporting template and update the process

Wednesday, April 13, 2022

PackageCloud.io 'any/any' change

We have been building every commit in git and every release for different Linux distributions for a while. If you want to read about it, we have more details in a previous blog post.


Long story short, we compile them statically so they will work on any Linux system, and there no need for us to compile for each of distribution specifically (and figure out all the dependencies). Afterward, we have to build a simple .deb and .rpm packages, then tag them for each distribution we want to offer them for in PackageCloud.


However, whenever a new distribution was released, there was a delay before it became available in PackageCloud, so, from time to time, we miss one.


We recently noticed in the PackageCloud documentation that we can tag them with any/any for .deb, and rpm_any/rpm_any for .rpm instead. This matches ALL current distributions, future distributions, and future distributions releases, so we won't have to worry about adding new ones.


We have committed the change in our GitHub repository, and the first packages using it are the ones in the PackageCloud git repository. The release repository will follow when we release the next version.


What does that mean for you?


If you were using our packages before, then you will have to reinstall it (and likely remove the PackageCloud entry in your repository configuration first).


If you want to use our packages, as long as your distribution can handle .deb or .rpm, it will work.


Important note: If you use packages in the PackageCloud release repository (stable releases), don't make the switch quite yet. We will let you remind you when we release, in a future blog post.