AirSnort 0.2.7e (WEP Crack)

13/Aug/2006 tested on SUSE10.1 and PrismGT card, and Atheros (madwifi) card

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

Requirment

  1. Wireless NIC

    AirSnort runs under linux, and requires that your wireless nic be capable of rf monitor mode. Cards knows to do this are:

    1. Atheros cards with madwifi driver
    2. Cisco Aironet
    3. Prism2 based cards using patched wlan-ng drivers
    4. Orinoco cards and clones using patched orinoco_cs drivers
  2. Download Airsnort-0.2.7e.tar.gz from http://airsnort.shmoo.com/

Install Madwifi Driver

This installation will install madwifi driver with a patch aircrack.
  • Download driver and patch. First, download the latest patch, and then download the corresponding version of driver. 
    # get http://patches.aircrack-ng.org/madwifi-ng-r1679.patch
# get http://snapshots.madwifi.org/madwifi-ng/madwifi-ng-r1679-20060707.tar.gz
  • Install 
    # tar zxvf madwifi-ng-r1679-20060707.tar.gz
# cd madwifi-ng-r1679-20060707/
# patch -Np1 -i ../madwifi-ng-r1679.patch
# make
# make install
# mod_probe ath_pci
  • Create a new interface from wifi0. This might be required only for madwifi-ng driver. This creates ath1 monitor mode. 
    # wlanconfig ath1 create wlandev wifi0 wlanmode monitor

    • Install Airsnort

  • Install necessary packages. ie install from cdrom 
    # cd /media/cdrom/suse/i586
# rpm -ihv pkgconfig-0.15.0-201.i586.rpm
# rpm -ihv gtk2-devel-2.6.4-6.i586.rpm

  • Perform the following steps. 

    # cd airsnort-0.2.7e.tar.gz /usr/local/src
# cd /usr/local/src
# tar -xzf airsnort-0.2.7e.tar.gz
# cd AirSnort-0.2.1
# ./configure
# make
# make install
    If you see error messages, you need to make sure to be installed necessary packages.

  • Execute airsnort 
    # airsnort
  • For Madwifi driver, select Host AP/Orinoco Driver Type.

    The number of interesting packets needed to perform a successful crack depends on two things; luck and key length. Assuming that luck is on your side, the key length is the only important factor. For a key length of 128 bits, this translates to about 1500 packets. For other key lengths, assume 115 packets per byte of the key.

    When every weak packet has been gathered (13 key bytes * 256 = 3315 packets), there is no point to continuing the capture process. In reality, it takes somewhat fewer packets than this.

    • Note: In my experience, using Aircrack is the best tool compare with other tools. Aircrack on Linux support packet injection which means we can increase the traffic, so we need only few hours to capture sufficient packets.

    Here is other my report.

    Tool OS CPU usage Packet injection My recommendation
    Airsnort on Windows
    (My note)    		 Windows High Not supported Low
    Airsnort on Linux Linux High Not supported Low
    Aircrack on Windows
    (My note)    		 Windows Low Not supported Middle
    Aircrack on Linux
    (My note)    		 Linux Low Supported! Recommended!
    Back