I encountered a problem with performing the WEP SKA (Shared Key Authentication) attack using the aircrack-ng suite. Everytime I try to capture the SKA the header of airodump-ng shows me:
And no .xor file is generated, which airodump-ng should do after capturing a successful SKA.
CH 1 ][ Elapsed: 32 s ][ 2010-06-30 11:59 ][ Broken SKA: 00:0E:XX:XX:XX:XX
The de-authentication of the client works fine, the client gets disconnected and reconnects successfully after it. Also all of the other attacks with aireplay-ng work fine as well as WPA handshake capturing and aireplay -9 does not show any problems.
Here is the list of the things I tried to resolve this problem:
Tried different accesspoints:
- WRT54G v2
- ASUS WL300G
Tried different network cards to capture
- Comfast CWUSB-500HG USB - Realtek 8187 Chipset
- Acer Aspire One internal card - Atheros chipset
Tried different network card drivers
Tried different client hardware and network cards
- Apple MacBook Pro - OUI 00:22:41 - Apple, Inc
- Acer Aspire One - OUI 00:22:69 - Hon Hai Precision Ind. Co., Ltd.
Tried different client OS
- Windows XP
- Windows 7
Tried different BackTrack versions
- BackTrack 4 Final VMware - Fresh install
- BackTrack 4 Final VMware - Fully upgraded (apt-get update && apt-get update && apt-get dist-upgrade)
- BackTrack 4 Final HDD install
Tried different aircrack-ng versions
- 1.0 (included in BackTrack 4)
- 1.1 (downloaded from aircrack website)
Tried active and passive attacks on capturing the SKA.
None of approaches above changed anything, the message always is "Broken SKA".
I have been searching quite a lot on this problem and I found some people encountering the same problems, but no solution is provided anywhere.
One of the most useful links I found is someone else with the same problem: Wifu Aireplay-ng SKA attack problem with Linksys WAP54G
And a ticket on the aircrack site: #703 (Airodump-ng reports broken SKA even if the AP accept it and does not create a xor file)
However, but of them also do not solve anything. So, my question is, does anyone have any idea why this attack fails and what a possible solution would be?
Just to make clear: Yes, I own all the hardware myself, and I am currently doing the WiFu course.