1- First I have to load the modified wl12 drivers in xterminal.
sh load.sh
2- Then I have to load faircrack in xterminal.
sh launch.sh
Which is very good because you get to see all 3 processes at the same time. Most times, packet injection will stop, so just monitor the packet injection window. If it closes by itself, just touch Packet Injection again without having to launch faircrack again.
3- you really need another wifi device to start a deauth session. The N900 by itself will most likely never deauth a AP.
4-After the faircrack session, to reestablish normal wifi , just unload the modified wl drivers
sh unload.sh
First, a big ty for FRuMMaGe for making this app ^^
If anyone has the link for WEPCrackGUI, please do share.
I wanted to ask regarding the WEP process. As I see, there is capture, authenticate and injection - 3 steps.
Are step 2 and 3 (authenticate and injection) really necessary?
I tried to capture 20k packets (#data) and decrypt straight away and I was able to get the WEP password. Can someone explain why would I need to authenticate and inject?
(Also, I can connect to the network but there is no internet connectivity - ill try to use one of the mac address, from the capture window - just fyi if its somehow related)
Thanks in advance for those who will answer my doubts.
You really do not need these 2 steps, if the AP you are attacking has a lot of wifi traffic, like if other clients are connected to the AP at the same time and those clients are active, like downloading or torrenting. But if these clients are idle or the AP doesnt have any clients attached, it would take a long time to capture enough packets for Aircrack to decrypt.
Its like if you attack a AP in a shopping mall, you wouldnt have to inject and authenticize. But if you were in a desert attacking a AP without any clients, you would have to inject. Think about like your N900 doing 2 jobs at the same time, a normal client and the attacker.
You really do not need these 2 steps, if the AP you are attacking has a lot of wifi traffic, like if other clients are connected to the AP at the same time and those clients are active, like downloading or torrenting. But if these clients are idle or the AP doesnt have any clients attached, it would take a long time to capture enough packets for Aircrack to decrypt.
Its like if you attack a AP in a shopping mall, you wouldnt have to inject and authenticize. But if you were in a desert attacking a AP without any clients, you would have to inject. Think about like your N900 doing 2 jobs at the same time, a normal client and the attacker.
I see, thanks alot.
Now I can try authenticate and inject when im having no activity. Though some WEP APs do not even respond to the authenticate (AID etc).... what do to then?
at other times i get AID: 1 but 0 ARPs at the injection part. when i look back at the capture screen, #data is still zero :S
i guess its the third step which actually creates the #data packets (assuming im the only client connected).
Thats why I use another wifi device to kick the capture process. It would be great if you have a cheap wifi device like a old wifi phone or a PSP, etc. It doesnt even have to connect to the AP, only try to communicate. As the device tries to connect and the AP rejects the unauthorized device, your N900 will start capturing a lot of packets. When it stops recieving packetsm then kick start the AP again with your WIFI device. Most routers will be rejecting unauthorized devices like for around 2 minutes. enough time to collect around 10,000 IVS. Most of the time youll need at least 20,000 IVS so that Aircrack calculates a pattern of keys. If your N900 is showing a AID=1 sucessful, then injection is working OK, problem is that N900 is a little weak wifi hardware wise. (Seems like a temperature issue).
Anyway, try testing with a known router, start with 64 bit encryption, and there on.
Also, many recent routers wont respond to a random auth packet, it will reject without any negociation between it and unauthorized clients. Those routers have the Secure mode button, very hard to attack.
Sure youll look either like a super geek or a super FBI agent pressing screens on 2 devices but hey, its called testing, right?
