Table of Contents



Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key. All this is done without your intervention.

There are two primary papers “The Fragmentation Attack in Practice” by Andrea Bittau and “The Final Nail in WEP's Coffin” by Andrea Bittau, Mark Handley and Josua Lockey which are of interest. See the the links page for these papers and more. The papers referenced provide excellent background information if you would like to understand the underlying methodologies. The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.

In order to access the wireless network without knowing the WEP key, we have the AP itself decrypt the packets. This is achieved by having a “buddy” process running on a server accessible on the Internet. The “buddy” server echoes back the decrypted packets to the system running easside-ng. This imposes a number of critical requirements for easside-ng to work:

There are two overall phases:

Each phase will be described in more detail in the following sections.

Establish Connectivity

Here are the steps which essside-ng performs during the establishing connectivity phase:

  1. Channel hops looking for a WEP network.
  2. Once a network is found, it tries to authenticate.
  3. Once the program has successfully authenticated then it associates with the AP.
  4. After sniffing a single data packet, it proceeds to discover at least 1504 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. This technique is known as the fragmentation attack. The PRGA is written to the prga.log file.
  5. It then decrypts the IP network by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. By decrypting the ARP request, the network number scheme can be determined. This is used to build the ARP request which is used for subsequent injection. Easside-ng can also use an IP packet to determine the IP network as well, it just takes a bit longer.
  6. It creates a permanent TCP connection with the “buddy” server and verifies connectivity.
  7. ARPs to get the MAC addresses for the router and source IP. The defaults are .1 for the router and .123 for the client IP.
  8. It then tests connectivity via the access point and determines the Internet IP address that the AP uses. It also lists the round trip time of the test packets. This gives you an idea of the quality of connection.
  9. The TAP interface is then created.

At this point, you run “ifconfig at0 up” and you are now able to communicate with any host on the wifi network via this TAP interface. Notice that you don't need a WEP key to do this! The TAP interface is a virtual interface that acts as if it were the wifi interface with the correct WEP key configured. You can assign an IP, use DHCP with it and so on.

What role does the buddy server play?

The following is a simplistic description. A very detailed description of the steps to decrypt packets is included in later sections.

Communication with the WIFI network

The following describes this diagram in more detail.

So you may be asking “What is the magic? How can you access the WIFI network without knowing the WEP key?”. The method is quite simple yet ingenious.

Lets look at the details of sending and receiving packets via the at0 TAP interface.

Sending packets:

Receiving packets:

Fragmentation Technique

This section provides a brief explanation of the fragmentation technique used in easside-ng.

This technique, when successful, can obtain 1504 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to encrypt packets you want to transmit. It requires at least one data packet to be received from the access point in order to initiate the attack.

Basically, the program obtains a small amount of keying material from the packet then attempts to send packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. This cycle is repeated several times until 1504 bytes of PRGA are obtained.

The original paper, The Fragmentation Attack in Practice, by Andrea Bittau provides a much more detailed technical description of the technique. A local copy is located here. A local copy of the presentation slides is located here. Also see the paper “The Final Nail in WEP's Coffin” on this page.

Linear Keystream Expansion Technique

This section provides a brief explanation of the linear keystream expansion technique used in easside-ng.

So you may also be asking “What is the linear keystream expansion technique?”. The foundation is the fact that packets like an encrypted ARP request can easily be identified combined with the fact that the start of it has known plain text.

The program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments. The first fragment is one more byte than the known PRGA and the PRGA is guessed for the extra byte. These guesses are sent and the program listens to see which one is replayed by the AP. The replayed packet has the correct PRGA and this value was included in the destination multicast address. Now that we know the correct PRGA, one more byte can be decrypted in the original ARP request. This process is repeated until the sending IP in the original ARP request is decrypted. It takes a maximum of 256 guesses to determine the correct PRGA for a particular byte and on average only 128 guesses.

The linear keystream expansion technique (Arbaugh inductive) is reverse chopchop. Chopchop decrypts packets from back to the front. Linear decrypts packets from the front to the back. Actually, chopchop is reverse Arbaugh.

Easside-ng compared to Wesside-ng

The companion aircrack-ng suite program to easside-ng is wesside-ng. Here is a brief comparison of the two tools:

Stability of the programStableProof of concept
Finds a MAC address to spoofNoYes
Fake Authentication to APYesYes
Can use ARP packets for fragmentationYesYes
Can use IP packets for fragmentationYesNo
Fragmentation attack to obtain PRGAYesYes
Linear Keystream Expansion TechniqueYesYes
Communication with wifi network without WEP keyYesNo
Network ARP request floodingNoYes
Aircrack-ng PTW attackNoYes
Recovers WEP keyNoYes

Why easside-ng when aircrack-ng has PTW?

Why release easside-ng when aircrack-ng has PTW?


Usage: easside-ng <args>


Usage: buddy-ng

NOTE: There are no parameters for buddy-ng. Once invoked, it listens on TCP port 6969 and UDP port 6969. TCP is used for the permanent connection between esside-ng and buddy-ng. UDP is used to receive decrypted packets from the AP.

When you run easside-ng, it creates a file automatically in the current directory:

It is very important to delete this file prior to starting the program when you change target access point.


Specific AP Usage Example

Be sure to use airmon-ng to put your card into monitor mode.

First, you need to start a buddy server. This needs to be located on the Internet and be accessible from the system running easside-ng via TCP. It must also be accessible from the AP via UDP. Port 6969 cannot be firewalled on it.

You start the buddy sever:


It responds:

 Waiting for connexion

When easside-ng connects, it responds similar to:

 Got connection from
 Handshake complete
 Inet check by 1

The IP above is the IP of the system running easside-ng.

Now run easside-ng:

 easside-ng -f ath0 -v 00:14:6C:7E:40:80 -c 9  -s


The system responds:

 Setting tap MTU
 Sorting out wifi MAC
 MAC is 00:08:D4:86:7E:98
 Setting tap MAC
 [14:40:06.596419] Ownin...
 SSID teddy Chan 9 Mac 00:14:6C:7E:40:80
 Sending auth request
 Sending assoc request
 Associated: 1
 Assuming ARP 54
 [14:40:13.537842] Got 22 bytes of PRGA IV [4B:02:00]
 [14:40:13.545021] Got 58 bytes of PRGA IV [4C:02:00]
 [14:40:13.648670] Got 166 bytes of PRGA IV [4D:02:00]
 [14:40:13.753087] Got 490 bytes of PRGA IV [4E:02:00]
 [14:40:13.863819] Got 1462 bytes of PRGA IV [4F:02:00]
 [14:40:13.966753] Got 1504 bytes of PRGA IV [50:02:00]
 Assuming ARP 36
 [15:23:42.047332] Guessing prga byte 22 with 16
 ARP IP so far: 192
 [15:23:42.749330] Guessing prga byte 23 with 3F
 ARP IP so far: 192.168
 [15:23:43.815329] Guessing prga byte 24 with 60
 ARP IP so far: 192.168.1
 My IP
 Rtr IP
 Sending who has tell
 Rtr MAC 00:14:6C:7E:40:80
 Trying to connect to buddy:
 Handshake compl33t
 Checking for internet... 1
 Internet w0rx.  Public IP
 Rtt 77ms

At this point, you need to bring up the TAP interface:

 ifconfig at0 up

Now you can send and receive packets to and from the AP network which in this case is via the at0 interface. Notice that you don't need a WEP key to do this! The TAP interface is a virtual interface that acts as if it were the wifi interface with the correct WEP key configured. You can assign an IP, use DHCP with it and so on. By default, the at0 interface is assigned the network obtained at the start plus “.123”.

Scanning for APs Usage Example

The “Specific AP Usage Example” is for targeting a single Access Point on a specific channel. You can also let easside-ng scan for APs by using “easside-ng -f ath0 -s”.

Usage Tips

Combining easside-ng and wesside-ng

As you may know, wesside-ng is a proof-of-concept tool which is rich in functionality, but is not as stable and bug-free compared to easside-ng. You can combine the strengths of wesside-ng and easside-ng together.

First run easside-ng to obtain the prga file. Then run wesside-ng to flood the network and obtain the WEP key. It is really that simple!

Playfully, this is known as Besside-ng.

Demonstrating Insecurity!

IMPORTANT: You must have written permission from the owner of the AP prior to using the instructions in this section. It is illegal to access networks which do not belong to you.

A clever way to demonstrate the insecurity of WEP networks and access points:

Test Setup

This section will discuss what works and what does not work with regards to testing easside-ng against your own wireless LAN.

6969 is the standard port used by easside-ng and buddy-ng. If you change it, then of course, use the revised port number in all references below.

First, some simple assumptions about your wireless LAN:

Assumptions about your buddy-ng server:

Assumptions about the system running easside-ng;

The easiest way to test connectivity to the buddy-ng server is by using telnet. Be sure to start your buddy server process prior to doing this test! Otherwise it will fail for sure.


 telnet <ip of buddy server> 6969

The system should respond:

 Trying <ip of buddy server>...
 Connected to <ip of buddy server>.
 Escape character is '^]'.

The buddy server should look like this:

 Waiting for connexion
 Got connection from <ip of the easside-ng system>

When you terminate the telnet session, it should look like this:

 That was it
 Waiting for connexion

The above examples show a successful test. If your test fails then use tcpdump or wireshark on the source and destination systems to sniff port 6969. Determine the problem with these tools and others then correct the root problem.

If you are running easside-ng and buddy-ng on the same system then the system must have a routeable Internet IP address. You cannot be on a LAN behind a firewall which does network address translation (NAT).

The ideal situation is to have the buddy-ng server running on a separate system someplace on the Internet. Then have a second system with easside-ng running with a routeable IP address.

Tap interface under Windows

To obtain a tap interface in a MS Windows environment, install OpenVPN.

Usage Troubleshooting