1AIRSNORT(1) BSD General Commands Manual AIRSNORT(1)
2
4 airsnort — WEP key cracking tool
5
7 airsnort
8
10 airsnort is a WEP key cracking tool designed to exploit the RC4 schedul‐
11 ing weakness discussed by Fluhrer, Mantin, and Shamir (FMS) and first
12 exploited by Stubblefield et al.
13 - Running AirSnort
15 Once launched, airsnort must be configured to work with your wireless nic
17 and to make crack attempts according to your desires. In order to prop‐
18 erly capture packets, first indicate the name of your wireless networking
19 device in the "Network device" field. This will be something like
20 "wlanX" for cards that use the wlan-ng drivers and "ethX" for other
21 cards. Next select the type of card that you are using in the "Card type"
22 drop down box. Available choices are Prism2, Orinoco, and other. Cisco
23 cards fall into the other category. The purpose if this field is primar‐
24 ily to inform airsnort how to place your nic into monitor mode. In moni‐
25 tor mode a wireless nic gathers all packets indiscriminately, and no
26 association with an access point is required. For wlan-ng and orinoco_cs
27 based nics, monitor mode is entered automatically when the 'Start' button
28 is clicked to initiate a capture session. Other card types must be put
29 into monitor mode outside of airsnort, prior to clicking Start.
30 Choose between "scan" mode to scan through all 11 802.11b channels at a
32 regular interval, or "channel mode to monitor a specific channel. Note
33 that in either case it is quite possible to receive packets that bleed
34 through from neighboring channels.
35 - Capture Details
37 Capture uses the pcap library to receive monitor mode packets. The pack‐
39 ets go through two filters. First, non-encrypted packets are filtered
40 out. Then, if they are encrypted, useless packets (those without a weak
41 IV) are discarded. All non-data packets are discarded with the exception
42 of 802.11b Beacon and probe response packets which are examined in order
43 to obtain access point SSID data.
44 To distinguish encrypted and non-encrypted packets, capture examines the
46 first two bytes of the output. Since unencrypted IP packets have a first
47 pair value of 0xAAAA (part of the SNAP), all of these packets get
48 dropped.
49 For a description of what constitutes an interesting packet please refer
51 to the FMS paper and its discussion of "weak IVs"
52 - Cracking Details
54 Cracking attempts are made in parallel with packet capture. Currently,
56 the cracker attempts to crack the captured packets for both a 40 bit and
57 128 bit key each time 10 new weak IVs are seen for a given access point.
58 Airsnort uses a probabalistic attack, so, the best guess may not be the
59 right one. With limited captured data and enough CPU power, you can per‐
60 form more exaustive searches. The search for a key involves a depth first
61 traversal of an n-ary tree. The depth of tree is 5 for 40 bit key
62 attempts and 13 for 128 bit key attempts. The breadth of the trees is
63 governed by the 40 and 128 bit crack depth fields in the airsnort gui. A
64 breadth parameter of 'n' instructs airsnort to try the n most likely val‐
65 ues at each key position using statistics derived from the IVs that have
66 been collected. Large breadth setting can result in very slow processing
67 time for crack attempts default values of 3 for 40 bit cracks and 2 for
68 128 bit cracks are recommended for starters. If a large number of weak
69 IVs have been gathered (> 1500 if a 40 bit key is suspected, > 3000 if a
70 128 bit key is suspected), you may want to try increasing the breadth
71 values.
72 The number of interesting packets needed to perform a successful crack
74 depends on two things; luck and key length. Assuming that luck is on your
75 side, the key length is the only important factor. For a key length of
76 128 bits, this translates to about 1500 packets. For other key lengths,
77 assume 115 packets per byte of the key. Some keys are more resistant to
78 this technique than others and may require far more packets. If you have
79 a lot of packets and no key, either wait for more packets or try a larger
80 breadth.
81 In any case, if the cracker believes it has a correct password, it checks
83 the checksum of a random packet. If this is successful, the correct pass‐
84 word is printed in ASCII and Hex, and the successful crack is indicated
85 by an 'X' in the leftmost column of the display.
86 When executing the cracking operation, crack operates with a partial key
88 search from the given data. Since it is a probabalistic attack, The best
89 guess may not be the right one, so, with limited captured data and enough
90 CPU power, you can perform more exaustive searches. By setting the
91 breadth parameter, you can specify to search "worse" guesses. It is not
92 suggested that you specify a breadth of more than three or four.
93 - Save and Restore
95 Airsnort saves data in two formats. All packets captured by aisrnort can
97 be saved in pcap dump file format by selecting the "Log to file" option
98 from the File menu. This must be done before a capture session is initi‐
99 ated. Airsnort can also save a much smaller amount of data of data about
100 a capture session in the form of "crack" files. These files represent
101 the minimum amount of data that airsnort maintains for each access point
102 that it discovers. Crack files contain summary data of those packets
103 that airsnort has seen that actually use weak IVs. Airsnort will always
104 ask the user to save data to a crack file whenever the program is termi‐
105 nated. By using save files, airsnort session can effectively be paused
106 and resumed at a later time by first loading the save file, then starting
107 a capture session. Restoration of data from a pcap dump file amounts to
108 replaying the entire capture session from which the dump file was cre‐
109 ated, all statistics will reflect what was seen during the live capture
110 session. Restoration of data from a crack file will only display statis‐
111 tics about packets that use weak IVs, thus packet counts are likely to be
112 much smaller than seen during the live capture. It is possible to load a
113 pcap dump file and create a corresponding crack file in order to reduce
114 the amount of stored data.
115
117 gencases(1) decrypt(1)
118
120 Jeremy Bruestle <melvin@melvin.net>
121 Blake Hegerle <blake@melvin.net>
122 Snax <snax@shmoo.com>
123Linux August 18, 2002 Linux