Updated on 10 Dec, 2005 on Windows XP

Aircrack-2.3 Windows (Wireless WEP crack)

Aircrack is a set of tools for auditing wireless networks:

  • airodump: 802.11 packet capture program
  • aireplay: 802.11 packet injection program
  • aircrack: static WEP and WPA-PSK key cracker
  • airdecap: decrypts WEP/WPA capture files

    Wireless Card Installation

    1. Download Aircrack from http://100h.org/wlan/aircrack/
    2. Read the documentation (README.html) and follow. It has the most comprehensive explanation.
    3. I have a CISCO Aironet 350 and PrismGT card (Corega WLCB-54GT) but only CISCO works fine on Windows. PrismGT does not work on Windows. Aironet 350 works for 11b network.

    How to capture (airodump)

    1. Search WLANs. 0 to hop between channels. 
      > airodump.exe
         airodump 2.3 - (C) 2004,2005 Christophe Devine

  usage: airodump     [ivs only flag]

  Known network adapters:

  18  Cisco Systems 350 Series PCMCIA Wireless LAN Adapter
   2  Intel(R) PRO/100 VE Network Connection
   3  1394 Net Adapter

  Network interface index number  -> 18

  Interface types:  'o' = HermesI/Realtek
                    'a' = Aironet/Atheros

  Network interface type (o/a)  -> a

  Channel(s): 1 to 14, 0 = all  -> 0

  (note: if you specify the same output prefix, airodump will resume
   the capture session by appending data to the existing capture file)

  Output filename prefix        -> out

  (note: to save space and only store the captured WEP IVs, press y.
   The resulting capture file will only be useful for WEP cracking)

  Only write WEP IVs (y/n)      -> y
    2. From this screen, you select the channel 
       BSSID              PWR  Beacons   # Data  CH  MB  ENC   ESSID

 00:0D:0B:98:96:7F   48        2        0  11  54  WEP?  4B18E8C83ABD
 00:A0:B0:40:5C:84   87       13       16   1  54  WEP   HOGE

 BSSID              STATION            PWR  Packets  ESSID

 00:A0:B0:40:5C:84  00:04:23:52:80:41   86        4  HOGE
    3. Press Ctl+c. Next we will capture only channel 1 (ESSID HOGE), and specify only caturing unique WEP IVs. It saves space. 
       BSSID              PWR  Beacons   # Data  CH  MB  ENC   ESSID

 00:A0:B0:40:5C:84   87       36       48   1  54  WEP   HOGE

 BSSID              STATION            PWR  Packets  ESSID

 00:A0:B0:40:5C:84   00:04:23:52:80:41   87       38  HOGE

    How to crack (aircrack)

    1. Open a new console, and type following command. Aircrack can read the updated file automatically so you can run airodump and aircrack at the same time. 
      # aircrack.exe -x -0 out.ivs
    2. For 104bit WEP needs about one million IVs. You may need one day or more time to capture the packets. However if you use aireplay by airocrack on Linux and inject, you need only few hours.
    3. This is the result. It needed only a quarter a million. Aircrack can also run on Windows but aireplay is not supported though.

    Note: In my experience, using Aircrack is the best tool compare to others. Aircrack on Linux supports packet injection which means we can increase the traffic, so we need only few hours to capture sufficient packets. Otherwise you will need several days.

    Here is other my reports.

    Tool OS CPU usage Encryption 802. NIC Support Packet injection My recommendation
    Airsnort
    (note)    		 Windows High WEP 11b? Few Not supported Low
    Airsnort
    (note)    		 Linux High WEP 11b? Few Not supported Low
    Aircrack Windows Low WEP, WPA 11a/b/g Many Not supported Mid
    Aircrack
    (note)    		 Linux Low WEP, WPA 11a/b/g Many Supported! Recommended!
    Back - Support