[kismac] Re: problems trying to get a WEP key

Great info, Beat.  How many other people have had luck on the 104/128 bit
keys?  I'm curious to hear others' experiences with those.  There aren't a
lot of 40 bit APs in my neighborhood (at least in discussing it with my
technical neighbors), so I would assume there isn't as much 40 bit stuff as
their used to be.

On 2/27/06, Beat Zahnd <beat.zahnd@xxxxxxxxxxxxx> wrote:
>
> Geoffrey Kruse wrote:
>
> > I have been able to crack wep with 350,000 ivs.  I have only been  able
> > to do this using a usb adaptor, using the airport extreme  passive mode,
> > I have never cracked a 128 bit key no matter how many  ivs I collect!
>
> I cracked several 104 bit keys. Usualy I collect with kismac and crack
> with aircrack. A recent aircrack has much more options i.e. only using
> printable characters or the so called fudge factor:
>
> > $ ./aircrack
> >
> >   Common options:
> >
> >       -a <amode> : force attack mode (1/WEP, 2/WPA-PSK)
> >       -e <essid> : target selection: network identifier
> >       -b <bssid> : target selection: access point's MAC
> >       -p <nbcpu> : SMP support: # of processes to start
> >       -q         : enable quiet mode (no status output)
> >       -w <words> : path to a dictionary file
> >
> >   Static WEP cracking options:
> >
> >       -c         : search alpha-numeric characters only
> >       -t         : search binary coded decimal chr only
> >       -d <start> : debug - specify beginning of the key
> >       -m <maddr> : MAC address to filter usable packets
> >       -n <nbits> : WEP key length: 64 / 128 / 152 / 256
> >       -i <index> : WEP key index (1 to 4), default: any
> >       -f <fudge> : bruteforce fudge factor,  default: 2
> >       -k <korek> : disable one attack method  (1 to 17)
> >       -x         : do bruteforce the  last two keybytes
> >       -y         : experimental  single bruteforce mode
> >
> >   aircrack 2.4 - (C) 2004,2005 Christophe Devine
> >
> >   usage: aircrack [options] <.cap / .ivs file(s)>
>
> One 128-bit wep net I cracked after collecting ~350'000 ivs. But as this
> is a statistical method cracking works only in 1 of 10 cases using this
> meager packet base. So you have to keep trying ...
>
>
> Greetings, Beat
>
> --
> Beat ZAHND
> Physics Institute
> University of Bern                   phone  +41 31 631 3466
> Sidlerstrasse 5                      fax    +41 31 631 4405
> CH-3012 Bern (Switzerland)  mailto:beat.zahnd@xxxxxxxxxxxxx
>
>


--
Digital things worthwhile:  http://www.digg.com, http://del.icio.us,
http://www.boingboing.net, iTunes, Skype, Bluetooth Headset
Enjoy the documented stupidity at http://beatdown.blogspot.com

Other related posts: