crackIt: aircrack-ng automated

I was playing around with my wireless network early today and realized I didn’t have the key written down near by where I was working. Rather than expending the effort of getting up and moving, I decided I’d just crack it.

After starting up airodump-ng I was looking at aircrack-ng’s man page. Trying to decide which options would make it crack most effectively. After browsing the man page for half an hour or so I decided that they should be run in a certain order for best effect. Still being lazy, I began to script this up. I added some ‘fluff’ and called it crackIt.

crackIt uses 20 different permutations of aircrack-ng. These different configurations are run from fastest targetted, least reliable to slow, broad, sure-fire methods. I chose to order it this way because in my experience, the targeted, least reliable method is effective in a large number of cases.

crackIt begins using aircrack’s standard configuration with the fudge factor lowered to 1. The fudge factor is used to determine how many votes should required for a key to be ‘valid’. The largest number of votes for each key, the key in the left most position’s parenthesis value, is divided by the fudge factor. The result is the minimum number of votes required to be ‘valid.’ By reducing this to one, we provide a very targeted, quick method of attack. This method is prone to false positives or failing.

Next, crackIt uses the standard configuration of aircrack, raising the fudge factor back to the default 2. It then moves onward to try again with each of the 17 Korek attacks omitted. The Korek attacks are prone to large numbers of false positives. In the event both the fast-crack and default modes in aircrack fail, odds are good that one of these is to blame.

Finally, crackIt uses “an experimental single brute-force attack which should only be used when the standard attack mode fails with more than one million IVs.” aircrack won’t even let you run this method without 780,000 IVs. If you’ve left airodump-ng running, by the time it gets to this mode, we should have atleast that.

Technical details, usage, and future plans can be found in the fully commented code here.

References:

aircrack-ng man page

http://www.aircrack-ng.org/doku.php?id=aircrack-ng

About samurai

I like computers... A lot. So I tend to spend a lot of time doing varied things with them. Often you'll find me playing with Python or PHP, fighting with operating systems, ranting about some off-the-wall concept, or preparing for zombies.
This entry was posted in SamuraiNet Archive and tagged , , , , , , , . Bookmark the permalink.

4 Responses to crackIt: aircrack-ng automated

  1. Daniel says:

    Code link is dead…

  2. admin says:

    Oops. Was cleaning up the server and forgot I had a link to this. Fixed now :)

  3. richo says:

    FWIW, aircrack bundles two scripts called wesside-ng and easside-ng to do just this. They released them about a week before I did something similar.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>