Re: [Announce] Cleven - an aircrack gui
 

Yes, I'm looking at the code already for a couple of days now. (BTW, there is no connection to aircrack at all; the guys in the thread you mention use it to turn on the monitor mode.)

Nevertheless, it fits Cleven's concept and I would like to add it. Let's see if I find the time though.

More or less the same answer goes for the rest of the requests.
Sorry szopin..

Re: [Announce] Cleven - an aircrack gui
 

Latest update is that I have managed to glue in cleven the wpscrack.py and correct some of the errors I got. Eventually I got stuck with python-scapy since the script needs some more recent version of that in our repos. It needs 2.2.0

My tests with my own more recent build was not that good and I have asked the original maintainer if he would like to post an update. Maybe I did something wrong there.

to be continued .. :)

Re: [Announce] Cleven - an aircrack gui
 

Any chance on p0841 attack? This would just require running aircrack-ng with different option. Also, reaver is working, if someone ups it to repos you could just add it as dependency, though keeping it python would probably be best.

Re: [Announce] Cleven - an aircrack gui
 

Just a placeholder for later: alternate_solution

no promises though..

Yes, push people to up it. Changing the UI and passing the arguments it needs is a 30' job for me.

Cheers.

Re: [Announce] Cleven - an aircrack gui
 

interesting info:

from http://code.google.com/p/reaver-wps/...etail?id=62#c4

Re: [Announce] Cleven - an aircrack gui
 

So, we're going to have it integrated *before* mainline? Cool :) I see those headlines on script ki.... erm, "hacking" sites, about how N900 is getting even more hackish thanks to aircrack-ng and Reaver integrated into one GUI* ;)

/Estel

*disclaimer: i know "integrated" isn't best word here - I just try to imagine how "they" will write about it in blogs notes ;)

// Edit

If you manage to properly integrate it into Cleven, i'll be officially in Love with You. Eternally. Heck, I even can consider to stop grilling You for no WEP broadcast deauthentication ;)

Re: [Announce] Cleven - an aircrack gui
 

WARNING:
I saw that during testing the router locked up several times and stopped responding occasionally.
Please use it ethically, i.e. on your router, and not against other people's work/pleasure.



In the extras-devel (only) you will find Cleven-experimental 2.3-4

Changes:
** EXPERIMENTAL VERSION: Conflicts with Cleven. Please uninstall Cleven before installing this..

• NEW: Added wpscrack from http://sviehb.wordpress.com/2011/12/...vulnerability/
• NEW: Added reaver and walsh 1.3 binary compiled from http://code.google.com/p/reaver-wps/
  * added reaver --eap-terminate
  * created symlink to /etc/reaver; session information is stored in ~/.reaver and question to restore/continue is asked on start.
• CHANGE: Modification on action buttons:
  * they become hidden or visible depending on state
  * added deauthentication button for WEP
  * added buttons for WPScrack and Reaver

Things not working:

• wpscrack gives errors; needs scapy 2.2.0 or higher - not available for maemo.
• walsh does not give any sensible results; not included in the ui.

Re: [Announce] Cleven - an aircrack gui
 

where is it? I can not find it? thank you for your work:)

Re: [Announce] Cleven - an aircrack gui
 

ok, I found. version 2.3.7. thanks

Re: [Announce] Cleven - an aircrack gui
 

Using Cleven-Experimental 2.3.7, every time I use "reaver" button for WPS-compliant network, new terminal window just open and close immediately. Of course, same happens for non WPS-compliant APs.

Same goes for WPScrack, but that is expected, as you noted that it doesn't work yet.

Thanks for WEP deauthenticate button! this alone makes it worth the upgrade ;)

totally non-critical suggestion p I know it's experimental version, but that doesn't entirelly mean it can;t have Cleven icon, both in any application manager, and as .desktop icon, does it? ;)

/Estel

Re: [Announce] Cleven - an aircrack gui
 

Reaver binary seems to be missing. You can try copying the one from reaver thread to where Cleven expects it.

Re: [Announce] Cleven - an aircrack gui
 

Sorry guys..

The autobuilder refuses to build the package with reaver and walsh binaries included.
(I must have sent since yesterday around 10 different version and all failed)

The current version is without those binaries. You will need manually to add them in its directory and execute a script included to create all the links and folders needed (only once) before the first use.

The instructions are simple:
Add reaver and walsh binaries in /opt/cleven-experimental/ and execute as root the connect_reaver.sh

That is, cd to the folder you have reaver and walsh and type:
The script will create the needed symbolic links and folders.

The good news is that with the extra work done to understand the autobuilder problem this version of cleven-experimental does not conflict with the normal cleven and you could have both installed at the same time.

Here is the announcement of the current version too:

Cleven-experimental 2.3-7

** EXPERIMENTAL version of Cleven.

• NEW: Added wpscrack from http://sviehb.wordpress.com/2011/12/...vulnerability/
• NEW: Added code to handle reaver (works with version 1.3 binary compiled from http://code.google.com/p/reaver-wps/)
  * call reaver with options: -b, -c, -e, --eap-terminate and -vv
  * created symlink to /etc/reaver; session information is stored in ~/.reaver and question to restore/continue is asked on start.
• CHANGE: Modification on action buttons:
  * they become hidden or visible depending on state
  * added deauthentication button for WEP
  * added buttons for WPScrack and Reaver

** INSTRUCTIONS:

• Add reaver and walsh binaries in /opt/cleven-experimental/ and execute as root the connect_reaver.sh

Re: [Announce] Cleven - an aircrack gui
 

- the first and second part is answered above.
- hope deauthentication is useful. Please dont start a revolution on the next feature you would like :)
- icon is coming in next version (~30 mins); minor hiccup with the file names.

Re: [Announce] Cleven - an aircrack gui
 

Just for the record - sorry, if WEP deauthentication sounded like "revolution". If I remember correctly, You went ahead and promised "special" version that will include it, some times ago - which was responded with quite high amount of posts from other people, that would like to also have it. then, you commented about 'grilling', so I picked up this joke (no real grilling intended) for further writing.

In any case, thanks for wonderful work You've done on Cleven,

/Estel

Re: [Announce] Cleven - an aircrack gui
 

Finally a Deauthencate button :) Not only Estel wanted it but me too, except I am more a silent reader than screaming things, just different personalities. Seems like I need to upgrade...

Anyway, Thanks Saturn.

Re: [Announce] Cleven - an aircrack gui
 

Thanks Saturn, after following steps you've described, everything works fine.

Little suggestion - what about calling reaver with -a and -s also specified? Or, even better, settings option (that doesn't force users to use it - just giving possibility ;) ) to specify own commands for reaver?

I know, that Cleven tries to be as simple and config-less as possible, but wps cracking - at this point - is quite specific thing, that needs fine tuning of parameters to be usable at all (probably, mainly due to mess in WPS implementations amongst APs). This may change in future, but for now, specifying custom commands seems essential. And, having it as custom settings field, one can still benefit from Cleven "one button press" philosophy, instead of writing it by hand every time, or scrolling via ash_history.

/Estel

Re: [Announce] Cleven - an aircrack gui
 

got walsh and reaver.tar.gz , done code:

tar -xzvf reaver.tar.gz same with walsh copied reaver & walsh as per instructions above executed: connect_reaver.sh but I am getting:

/bin/sh: connect_reaver.sh: not found

am I missing/done something wrong, please help

(if I have the wrong reaver and walsh binaries files could someone post the right ones please)

Re: [Announce] Cleven - an aircrack gui
 

most probably you mistyped the last command.
try to use the tab for auto-completion..


also do a
to see if you have the files there where it should be..

EDIT: note there was a mistake (typo) in the original commands. Now it is corrected.

Re: [Announce] Cleven - an aircrack gui
 

my apologies I was running the command "connect_reaver.sh" from /opt/cleven-experimental/ instead of "root" /home/user/

works now, thank you for your hard work on improving cleven gets better day by day :D

Re: [Announce] Cleven - an aircrack gui
 

Since you included reaver and walsh in cleven. walsh is fixed now I compiled it and it works(see reaver thread for compiled binary): http://code.google.com/p/reaver-wps/.../detail?id=100

anyway, I would wait a bit before porting all this to maemo. Reaver will probably be included in the aircrack-ng suite, so if it's ready we only need to update aircrack-ng in the repos

http://code.google.com/p/reaver-wps/issues/detail?id=99

Re: [Announce] Cleven - an aircrack gui
 

Can't agree. "Probably will be included" isn't too precise, and I don't see any reasons why we shouldn't have Maemo version available. then, if it ever gets incorporated into aircrack-ng + it would end up being updated in our repositories + it would works great, we can always replace current packages by dummy ones.

/Estel

Re: [Announce] Cleven - an aircrack gui
 

Uploaded Cleven 2.4-1 in extras-devel:

** Merge with EXPERIMENTAL version of Cleven.

• CHANGE: Removed wpscrack.py and related dependencies.
• CHANGE: Removed connect_reaver.sh; not needed any more.
• NEW: If during installation, upgrade or start up of the application it finds reaver and/or walsh in the folder /home/user/.reaver then it makes copies and links them with the program.
• CHANGE: Added in the call for reaver option "-a"; it will restore previous session automatically.
• CHANGE: Modification of the Capture UI.
• NEW: Addition of a WPS button; the option will become available if walsh is operational, otherwise the option will be hidden.
• NEW: If walsh is available it will be used to sort WPS compliant APs only;
• NEW: If reaver is available and operational the option to test AP with will become visible.

** INSTRUCTIONS for new features:

• Add reaver and walsh binaries in /home/user/.reaver/ and re-start Cleven for the links to be created.

EDIT:
The code implemented in Cleven version up to 2.4-x works with version 1.3 of reaver and walsh.
At least walsh 1.4 does not work due to change of output format.

Re: [Announce] Cleven - an aircrack gui
 

Time to replace Cleven-experimental with dummy package, depending on Cleven? It's quite confusing for new users now, as we have cleven-experimental 2.3.8, and Cleven (basic) 2.4.1 = higher version number.

/Estel

// Edit

Minor issue - icon is missing, again.

Re: [Announce] Cleven - an aircrack gui
 

That would be a catastrophe waiting to happen when I will want to test something else in experimental.

New users should stay away from devel..


EDIT:

I think it is there, maybe you just need to reboot.

Re: [Announce] Cleven - an aircrack gui
 

Hm, despite adding reaver binary to /home/user/.reaver/ and restarting Cleven, (I think Cleven recognized it, as now it shows "Reaver" button - before that, button was absent) as soon as I use Reaver button, empty terminal window pops up and closes.

As for icon, rebooting doesn't solve the problem (and it shouldn't, as for quite some time hildon-desktop is refreshed upon installation of new packages. At least, using fapman). Yet, changing Icon line in cleven.desktop to:
... Solves the issue (partially, is it's shown properly in desktop, but not in menu). I have no idea why - icon is indeed sitting on 64x64/apps.

/Estel

Re: [Announce] Cleven - an aircrack gui
 

Check if reaver is in /opt/cleven/ and has executable rights.
Then start cleven from terminal.
maybe you see something interesting.

Re: [Announce] Cleven - an aircrack gui
 

I have since always code in the post install package to refresh the desktop icons. This doesn't work always, you can search in this forum for the reason.
The cleven.desktop file is correct. It uses relative paths.

Did you reboot?

Re: [Announce] Cleven - an aircrack gui
 

I had no problem reinstalling new v. of cleven works for me including the icon (not fully tested yet).

Re: [Announce] Cleven - an aircrack gui
 

Thanks for this very nice application - just used it for the first time to crack my home network :)

A few suggestions:

1. Ability to set the dictionaries folder - you might not want to use /opt since space is very low there usually. i currently use links to dictionary files in MyDocs folder.

2. Quiet mode enable/disable. i found that disabling the console output runs ~25% faster (i used ">/dev/null" to the end of decryption commands of /home/opt/cleven/clevenHelper.sh since adding "-q" doesn't work good)

A question - i tried searching the net for the reason that brute force (not dictionaries) is not possible for WPA but couldn't find it. i'd appereciate if someone who knows can explain this.

One more suggestion for all the crackers out here - use the N900 to decrypt keys only if you don't have a choice - i used 4 cores intel CPU machine which works 100 times faster.

Thanks again for this application!

Re: [Announce] Cleven - an aircrack gui
 

I had no problem reinstalling new v. of cleven works for me including the icon (not fully tested yet).

Re: [Announce] Cleven - an aircrack gui
 

Failed to open connection to "session" message bus: (null)

what does it mean ???

Re: [Announce] Cleven - an aircrack gui
 

Of course, I would not write that reboot doesn't solve it, otherwise. Anyway, after changing it to manual path, refreshing, then changing it to "Icon=cleven" again and refreshing, it seems to be working fine both in desktop and menu. Strange, because - as I've said - rebooting haven't solved the issue - but, it's working fine now, so it's probably something on my device side.
---
As for non-working reaver button - 'ls -al /opt/cleven/reaver':
(should I chown user:users it?)

After running cleven from terminal:
It's same for every cleven start - by the way, it's necessary for Cleven to copy reaver every time? I know it isn't big file, but why additional wear&tear, not to mention little slower starting time? Or is it doing it only once, and then just checking + throwing same message?

Anyway, while I try to use Reaver via button:
...and nothing more. Of course, real network name was replaced by wps_reavertest.

Now, i'm going to try chown'ing reaver binary, and will report back.

/Estel

Re: [Announce] Cleven - an aircrack gui
 

Did you read the intro here ? I think it answers your question.
Check also the calculator included there for extra fun :)

Re: [Announce] Cleven - an aircrack gui
 

Just little update - chown user:users /home/user/.reaver/reaver and restarting cleven doesn't help. Before checking, I also confirmed, that now 'ls -al /opt/cleven/reaver' result in:
So, still no joy.

/Estel

Re: [Announce] Cleven - an aircrack gui
 

It was fine; root should own it and be executable.
Could you please show the output of



EDIT:

that is the problem.. New version soon

to fix it manually if you cannot wait..

as root type

Re: [Announce] Cleven - an aircrack gui
 

Uploaded Cleven 2.4-2 in extras-devel:

FIX: Correction for missing symbolic links creation for reaver and walsh.


EDIT:
The code implemented in Cleven version up to 2.4-x works with version 1.3 of reaver and walsh.
At least walsh 1.4 does not work due to change of output format.

Re: [Announce] Cleven - an aircrack gui
 

Yes - i already did, but still didn't understand that - what is the difference between entering a word from a dictionary or words generated at runtime according to certain algorithm? i mean - why the later isn't possible also?

Re: [Announce] Cleven - an aircrack gui
 

On purpose you choose algorithms that are very expensive (i.e. need many steps and complex calculations) so that even powerful CPUs need a considerable amount of time. Then you can slow down enough a generate-try attack.

The dictionaries are calculated with optimised parallel processing in hardware (FPGA) that is a fraction of what a CPU would need.

oversimplified answer - but i hope it gives you some directions to where to search.

Re: [Announce] Cleven - an aircrack gui
 

When exactly did you get this?

It has something to do with priviledges..

Re: [Announce] Cleven - an aircrack gui
 

even more oversimplified answer - trying to brute force a captured WPA2 handshake is possible, but it would take billions of years at best, so no one care ;)

As for dictionary/rainbow tables/whatever, it is also not effective, if passphrase isn'r even resembling any dictionary word (i.e. dictionary word + nubmers and special characters - or, with some letters replaced with numbers, like 'e' with '3' - *is* possible to crack using good dictionary, but random set of characters, numbers, and special characters isn't).

Generally, cracking so secure algorithms is done using security flaws vectors - be it flaw in implementation, or 'user flaw' - not plain bruteforce. for example, it's quite predictable, that user may use 'l33t' instead of 'leet', so dictionaries have it with high priority. also, it's quite predictable, that You'll find 32652365 of ''air", "home", or "skynet" named network, so - considering, that part of handshake is derived from network SSID - rainbow tables make use of it. It' also flaw, but rather in user's actions.

/Estel

// edit

Saturn, thanks for fixing issue. I'll update and report back, if found any bug.

/Estel