This is an old revision of the document!
++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++
This functionality will be available in a future release. It is NOT available currently.
++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++
Airolib-ng is a tool for the aircrack-ng suite to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking. The program uses the lightweight sqlite3 database as the storage mechanism which is available on most platforms. The sqlite3 database was selected taking in consideration platform availability plus management, memory and disk overhead.
WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived. Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet's thus the PTK was correct therefore the PMK was correct as well.
Calculating the PMK is very slow since it uses the pbkdf2 algorithm. Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake. Tests on have shown that using this technique in aircrack-ng can check more than 30,000 passwords per second using pre-computed PMK tables.
Computing the PMK is still required, yet we can:
To learn more about WPA/WPA2:
To learn more about coWPAtty:
See the code attached for more info. This is the first version posted and - if accepted - to be included into the tree. there still may be bugs and work to be done before released is marked in the code.
To test the tool get yourself a current 1.0-dev checkout and…
Usage: airolib <database> <operation> [options]
Where:
Here are the valid operations:
Here are usage examples for each operation.
You must be in the directory where you want the database created or specify the fully qualified path name.
Enter:
airolib-ng testdb init
Where:
The system does not respond with any output. You can verify the database was created by doing a directly listing.
Enter:
airolib-ng testdb stats
Where:
The system responds:
statsThere are 2 ESSIDs and 232 passwords in the database. 464 out of 464 possible combinations have been computed (100%). ESSID Priority Done Harkonen 64 100.0 teddy 64 100.0
Coming soon!
To do a basic cleaning, enter:
airolib-ng testdb clean
The system responds:
cleanDeleting invalid ESSIDs and passwords... Deleting unreferenced PMKs... Analysing index structure... Done.
To do a basic cleaning, reduce the file size if possible and run an integrity check., enter:
airolib-ng testdb clean all
The system responds:
cleanDeleting invalid ESSIDs and passwords... Deleting unreferenced PMKs... Analysing index structure... Vacuum-cleaning the database. This could take a while... Checking database integrity... integrity_check ok Query done. 2 rows affected. Done.
Enter:
airolib-ng testdb batch
The system responds:
Computed 464 PMK in 10 seconds (46 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...
IMPORTANT: You must press control-C to terminate this program once it is finished or it will continue to run indefinitely.
To verify a 1000 random PMKs, enter:
airolib-ng testdb verify
The system responds:
verifyChecking ~10.000 randomly chosen PMKs... ESSID CHECKED STATUS Harkonen 233 OK teddy 233 OK
To verify all PMKs, enter:
airolib-ng testdb verify all
The system responds:
verifyChecking all PMKs. This could take a while... ESSID PASSWORD PMK_DB CORRECT
++++++ IMPORTANT ++++++
This functionality will be available in a future release. It is NOT available currently.
++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++
Airolib-ng is a tool for the aircrack-ng suite to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking. The program uses the lightweight sqlite3 database as the storage mechanism which is available on most platforms. The sqlite3 database was selected taking in consideration platform availability plus management, memory and disk overhead.
WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived. Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet's thus the PTK was correct therefore the PMK was correct as well.
Calculating the PMK is very slow since it uses the pbkdf2 algorithm. Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake. Tests on have shown that using this technique in aircrack-ng can check more than 30,000 passwords per second using pre-computed PMK tables.
Computing the PMK is still required, yet we can:
To learn more about WPA/WPA2:
To learn more about coWPAtty:
See the code attached for more info. This is the first version posted and - if accepted - to be included into the tree. there still may be bugs and work to be done before released is marked in the code.
To test the tool get yourself a current 1.0-dev checkout and…
Usage: airolib <database> <operation> [options]
Where:
Here are the valid operations:
Here are usage examples for each operation.
You must be in the directory where you want the database created or specify the fully qualified path name.
Enter:
airolib-ng testdb init
Where:
The system does not respond with any output. You can verify the database was created by doing a directly listing.
Enter:
airolib-ng testdb stats
Where:
The system responds:
statsThere are 2 ESSIDs and 232 passwords in the database. 464 out of 464 possible combinations have been computed (100%). ESSID Priority Done Harkonen 64 100.0 teddy 64 100.0
Coming soon!
To do a basic cleaning, enter:
airolib-ng testdb clean
The system responds:
cleanDeleting invalid ESSIDs and passwords... Deleting unreferenced PMKs... Analysing index structure... Done.
To do a basic cleaning, reduce the file size if possible and run an integrity check., enter:
airolib-ng testdb clean all
The system responds:
cleanDeleting invalid ESSIDs and passwords... Deleting unreferenced PMKs... Analysing index structure... Vacuum-cleaning the database. This could take a while... Checking database integrity... integrity_check ok Query done. 2 rows affected. Done.
Enter:
airolib-ng testdb batch
The system responds:
Computed 464 PMK in 10 seconds (46 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...
IMPORTANT: You must press control-C to terminate this program once it is finished or it will continue to run indefinitely.
Enter:
airolib-ng testdb export cowpatty test cowexportoftest
Where:
The system responds:
exportExporting... Done.
Enter:
airolib-ng testdb import cowpatty cowexportoftest
Where:
The system responds:
importReading header... Reading... Updating references... Writing...
To import an ascii list of SSIDs, enter:
airolib-ng testdb import ascii essid ssidlist.txt
Where:
The system responds:
importReading... Writing... Done.
To import an ascii list of passwords, enter:
airolib-ng testdb import ascii passwd password.lst
Where:
The system responds:
importReading... Writing... read, 1814 invalid lines ignored. Done.
The ultimate objective is to speed up WPA/WPA2 cracking under aircrack-ng. To use the tables you have built using airolib-ng then use the “-r” option to specify the database containing the pre-calculated PMKs.
Enter:
aircrack-ng -r testdb wpa2.eapol.cap
Where:
Note: All the other standard options which are applicable to WPA/WPA2 may also be used. This is a very limited example.
None at this time.
None at this time.