PDA

View Full Version : Wep0ff - Wireless WEP Key Cracker Tool



drpepperONE
01-26-2008, 01:33 AM
Hi to all Did someone use this tool??


From README file


This tool can be used to mount fake access point attack against WEP-based wireless clients.
Using Atheros wireless cards in Linux.

For details check attached client-side-wep.pdf (Russian)

Written by Sergey Gordeychik <gordey (at) ptsecurity (dot) com>
Released under a BSD Licence

This code tested patched madwifi-old drivers with athraw support,
but also works with madwifi-ng. With madwifi-ng you need to create two virtual
interfaces: one in master mode (for fake AP) and second in monitor mode (to listen on).


How to Use:

1. Setup fake AP with KARMA tools or iwconfig

iwpriv ath0 mode 2
iwconfig ath0 mode master essid foo enc 1122334455 channel 7
echo 1 > /proc/sys/dev/ath0/rawdev
echo 1 > /proc/sys/dev/ath0/rawdev_type
ifconfig ath0 up
ifconfig ath0raw up

2. Start this program (./wep0ff ath0raw 00:01:02:03:04:05)
3. Wait until client connect to fake access point
4. Launch airodump-ng to collect packets
5. Launch aircrack-ng to recover WEP key

How to Compile:
--gcc -o wep0ff wep0ff.c

This code based on following works and POCs:

thc-ipv6
http://www.thc.org/thc-ipv6/
aircrack-ng
http://www.aircrack-ng.org
wesside by sorbo
http://www.cs.ucl.ac.uk/staff/a.bittau/frag-0.1.tgz
fakeaps by by Evan Jones
http://evanjones.ca/software/fakeaps.html

Thanks for your excellent works.
Special thank to Alexander Anisimov.

Download:

http://www.ptsecurity.ru/download/wepoff.tar.gz