[kismac] Re: kismac crash/hang

  • From: Michael Rossberg <mick@xxxxxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Fri, 21 Feb 2003 09:46:34 +0100


>>> I collected roughly 2 mil packets with kismac and running the wep
>>> crack (the
>>> "both" option) it hangs and sometimes crashes my whole machine.
>>> I'm trying the same .kismac file on the new .03c version.
>>> Has anyone else had similar results?  Also what exactly does the
>>> .kismac
>>> file save?  (The .kismac I've been trying to run the wep crack on is
>>> only
>>> ~10 mb.
>> the 10 mb is ok. kismac only logs 4 byte for each weak packet. is  
>> there
>> a chance that you can send me this file for further analysis?
> I'm pretty sure i still have the file (from .03b) and I could send it  
> to you
> if you have an ftp or somwhere I could dump it?  My email would  
> certainly
> deny 10 mb file, and unless it's a weekend I dont have access to a  
> network
> that isn't behind a firewall which makes it hard to use aim/icq/dcc  
> file
> transfers.  Just let me know :)

i ll send you infos on a sftp account later on.

>>> Last question, if I had a computer that is allowed on a wlan (the wep
>>> code
>>> has been stored on the machine)  and another computer not allowed on
>>> the
>>> network.  I'm wondering if I save a pcap file from the machine  
>>> allowed
>>> on
>>> the wlan, can i load that into kismac and then use the wep crack to
>>> figure
>>> out the wep code?
>> well there are possible attacks on such a scenario. since you know  
>> what
>> one computer is sending the other one could build up a dictionary for
>> each iv. the file would be around 24 gb big. however no program that i
>> know of uses such an attack, but it would also work on networks, that
>> do not produce weak ivs! i was thinking of such a dictionary attack in
>> order to break eap-tls, but it did not require a computer in the same
>> wifi-network, but somewhere in the internet.
>> if it is a mac, you are aware of the keychain feature?
> The machine is a windows laptop.  Specifically an IBM thinkpad, not  
> sure
> what model but nothing special.  I would think that it would be easier  
> to
> break the encryption of the stored key on the laptop itself rather  
> than have
> a 24 gb dictionary file.  I remember seeing windows password uncovering
> programs (lets you see what's behind the ***** when typing a password)  
> but
> that was years ago.

4 years ago, i wrote a tool which did that for 2000 boxes, because all  
others did not work anymore. it is still working. a mirror is  
passfinder2k_sources.zip but you will need a VC compiler.

>   It uses the Orinoco Client Manager Software which has a
> spot to enter 4 keys (options include: 40 bit hex or ascii, 104 bit
> hex/ascii) and a drop down to choose which key to use.  I don't quite
> understand this feature.  If I change the drop box from using Key 1 to  
> Key 2
> it functions just as it was before.  Anyone have any ideas?

the 4 keys are usually alternatives, so you can have different user  
groups. but i have never seen a driver, which made this actually work.


Other related posts: