[kismac] Re: problems trying to get a WEP key

  • From: Beat Zahnd <beat.zahnd@xxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Mon, 27 Feb 2006 08:44:22 +0100

Geoffrey Kruse wrote:

I have been able to crack wep with 350,000 ivs. I have only been able to do this using a usb adaptor, using the airport extreme passive mode, I have never cracked a 128 bit key no matter how many ivs I collect!

I cracked several 104 bit keys. Usualy I collect with kismac and crack with aircrack. A recent aircrack has much more options i.e. only using printable characters or the so called fudge factor:

$ ./aircrack

  Common options:

      -a <amode> : force attack mode (1/WEP, 2/WPA-PSK)
      -e <essid> : target selection: network identifier
      -b <bssid> : target selection: access point's MAC
      -p <nbcpu> : SMP support: # of processes to start
      -q         : enable quiet mode (no status output)
      -w <words> : path to a dictionary file

  Static WEP cracking options:

      -c         : search alpha-numeric characters only
      -t         : search binary coded decimal chr only
      -d <start> : debug - specify beginning of the key
      -m <maddr> : MAC address to filter usable packets
      -n <nbits> : WEP key length: 64 / 128 / 152 / 256
      -i <index> : WEP key index (1 to 4), default: any
      -f <fudge> : bruteforce fudge factor,  default: 2
      -k <korek> : disable one attack method  (1 to 17)
      -x         : do bruteforce the  last two keybytes
      -y         : experimental  single bruteforce mode

  aircrack 2.4 - (C) 2004,2005 Christophe Devine

usage: aircrack [options] <.cap / .ivs file(s)>

One 128-bit wep net I cracked after collecting ~350'000 ivs. But as this is a statistical method cracking works only in 1 of 10 cases using this meager packet base. So you have to keep trying ...

Greetings, Beat

Physics Institute
University of Bern                   phone  +41 31 631 3466
Sidlerstrasse 5                      fax    +41 31 631 4405
CH-3012 Bern (Switzerland)  mailto:beat.zahnd@xxxxxxxxxxxxx

Other related posts: