User Tools

Site Tools


wesside-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
wesside-ng [2007/06/19 18:34] – fixed typo mister_xwesside-ng [2018/03/11 18:57] (current) – Updated links to tickets mister_x
Line 1: Line 1:
 ====== Wesside-ng ====== ====== Wesside-ng ======
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
- 
-This functionality will be available in a future release. It is NOT available currently. 
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
- 
  
 ===== Description ===== ===== Description =====
Line 16: Line 5:
 Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes.  It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme, reinject ARP requests and finally determine the WEP key.  All this is done without your intervention. Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes.  It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme, reinject ARP requests and finally determine the WEP key.  All this is done without your intervention.
  
-The original wesside tool was written by Andrea Bittau and was a proof-of-concept program to accompany two published papers.  The two papers are "The Fragmentation Attack in Practice"  by Andrea Bittau and "The Final Nail in WEP's Coffin" by Andrea Bittau, Mark Handley and Josua Lockey.  See the the [[http://aircrack-ng.org/doku.php?id=links|links page]] for these papers and more.  The papers referenced provide excellent background information if you would like to understand the underlying methodologies.  The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.+The original wesside tool was written by Andrea Bittau and was a proof-of-concept program to accompany two published papers.  The two papers are "The Fragmentation Attack in Practice"  by Andrea Bittau and "The Final Nail in WEP's Coffin" by Andrea Bittau, Mark Handley and Josua Lockey.  See the the [[links|links page]] for these papers and more.  The papers referenced provide excellent background information if you would like to understand the underlying methodologies.  The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.
  
-For you trivia buffs, who knows where the name "wesside" came from?  As it turns out, it comes from tupac the rapper (2Pac / Tupac Shakur).+For you trivia buffs, who knows where the program name "wesside" came from?  As it turns out, it comes from tupac the rapper (2Pac / Tupac Shakur).
  
 Wesside-ng has been updated to reflect advances in determining the WEP key.  Here are the steps which wesside-ng takes: Wesside-ng has been updated to reflect advances in determining the WEP key.  Here are the steps which wesside-ng takes:
Line 28: Line 17:
   - After it sniffs an ARP request, it decrypts the IP  address by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique.  By decrypting the ARP request, the network number scheme can be determined plus the source IP of ARP request.  This is used to build the ARP request which is used for subsequent injection.   - After it sniffs an ARP request, it decrypts the IP  address by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique.  By decrypting the ARP request, the network number scheme can be determined plus the source IP of ARP request.  This is used to build the ARP request which is used for subsequent injection.
   - It floods the network with ARP requests for the decrypted IP address.   - It floods the network with ARP requests for the decrypted IP address.
-  - Launches the [[http://aircrack-ng.org/doku.php?id=aircrack-ng|aircrack-ng PTW attack]] to determine the WEP key.  +  - Launches the [[aircrack-ng|aircrack-ng PTW attack]] to determine the WEP key.  
  
 So you may be asking "What is the linear keystream expansion technique?" The foundation is the fact that packets like an encrypted ARP request can easily be identified combined with the fact that the start of it has known plain text.  So the program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments.  The first fragment is one more byte then the know PRGA and the PRGA is guessed for the extra byte.  These guesses are sent and the program listens to see which one is replayed by the AP.  The replayed packet has the correct PRGA and this value was included in the destination multicast address.  Now that we know the correct PRGA, one more byte can be decrypted in the original ARP request.  This process is repeated until the sending IP in the original ARP request is decrypted.  It takes a maximum of 256 guesses to determine the correct PRGA for a particular byte and on average only 128 guesses. So you may be asking "What is the linear keystream expansion technique?" The foundation is the fact that packets like an encrypted ARP request can easily be identified combined with the fact that the start of it has known plain text.  So the program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments.  The first fragment is one more byte then the know PRGA and the PRGA is guessed for the extra byte.  These guesses are sent and the program listens to see which one is replayed by the AP.  The replayed packet has the correct PRGA and this value was included in the destination multicast address.  Now that we know the correct PRGA, one more byte can be decrypted in the original ARP request.  This process is repeated until the sending IP in the original ARP request is decrypted.  It takes a maximum of 256 guesses to determine the correct PRGA for a particular byte and on average only 128 guesses.
  
 There are a few known limitations: There are a few known limitations:
-  * Only open authentication is support. Shared key authentication is not supported.+  * Only open authentication is supported. Shared key authentication is not supported.
   * Only B and G networks are supported.   * Only B and G networks are supported.
   * Fake MAC functionality is broken if there is a lot of traffic on the network.   * Fake MAC functionality is broken if there is a lot of traffic on the network.
  
-Please remember that this is still basically a proof-of-concept tool so you can expect to find bugs. Plus you will find features that don't quite work as expected.+Please remember that this is still basically a proof-of-concept tool so you can expect to find bugs. Plus you will find features that don't quite work as expected. Consider using [[easside-ng]] as an alternative or a companion program.  Easside-ng is considered relatively stable software.
  
  
Line 49: Line 38:
   *-a             Source MAC address (Optional)   *-a             Source MAC address (Optional)
   *-c              Do not start aircrack-ng.  Simply capture the packets until control-C is hit to stop the program!  (Optional)   *-c              Do not start aircrack-ng.  Simply capture the packets until control-C is hit to stop the program!  (Optional)
-  *-p              Determines the minimum number of bytes of PRGA which is gathered.  Defaults to 128 bytes.  (Optional) 
-  *-v              Wireless access point MAC address  (Optional) 
-  *-t              For each number of IVs specified, restart the airecrack-ng PTW engine. (Optional) 
   *-f              Allows the highest channel for scanning to be defined.  Defaults to channel 11. (Optional)   *-f              Allows the highest channel for scanning to be defined.  Defaults to channel 11. (Optional)
 +  *-k              Ignores ACKs since some cards/drivers do not report them.  It will therefore automatically retransmit X times.  That is, -k 1 will transmit once and assume the packet gets there.  -k 2 will retransmit twice, and so on.  Note: The higher the -k value, the slower transmission rate will be due to the many retransmits.  (Optional)
 +  *-p              Determines the minimum number of bytes of PRGA which are gathered.  Defaults to 128 bytes.  (Optional)
 +  *-t              For each number of IVs specified, restart the airecrack-ng PTW engine. (Optional)
 +  *-v              Wireless access point MAC address  (Optional)
 +
  
-When you run wesside-ng, it creates three files automatically in the current directory when run the program:+When you run wesside-ng, it creates three files automatically in the current directory:
  
   * wep.cap - The packet capture file.  It contains the full packet, not just the IVs.   * wep.cap - The packet capture file.  It contains the full packet, not just the IVs.
-  * prga.log - Contains the PRGA obtained through the fragmentation attack.  This can be used as input to other aircrack-ng suite tools which require PRGA as input.  You can also use the PRGA from other tools for this file.+  * prga.log - Contains the PRGA obtained through the fragmentation attack.  The following is NOT correct.  It is a future feature: "This can be used as input to other aircrack-ng suite tools which require PRGA as input.  You can also use the PRGA from other tools for this file."
   * key.log - Contains the WEP key when it is found.   * key.log - Contains the WEP key when it is found.
  
Line 137: Line 128:
 ===== Usage Tips ===== ===== Usage Tips =====
  
-None at this time.+==== Using the -k option ====
  
 +Some cards/drivers do not properly report ACKs.  The "-k" option allows ACKs to be ignored and forces wesside-ng to retransmit the packets the number of times specified.  It will therefore automatically retransmit X times.  That is, -k 1 will transmit once and assume the packet gets there.  -k 2 will retransmit twice, and so on.  Note: The higher the -k value, the slower transmission rate will be due to the many retransmits.
 +
 +Some specific cases:
 +
 +  * If you get MAX retransmits error, try -k 1.
 +  * If you have a poor connection, try -k 3.
 +
 +In general, you can experiment with different values to determine if it resolves the problem.  There is no right or wrong value.
  
  
 ===== Usage Troubleshooting ===== ===== Usage Troubleshooting =====
 +
 +==== General ====
  
 Make sure your card is in monitor mode. Make sure your card is in monitor mode.
  
-Make sure your card can inject by testing it with the [[http://aircrack-ng.org/doku.php?id=injection_test|aireplay-ng injection test]].  Also specifically ensure you can communicate with the AP in question.+Make sure your card can inject by testing it with the [[injection_test|aireplay-ng injection test]].  Also specifically ensure you can communicate with the AP in question.
  
 Make sure your card supports the fragmentation attack.  Again, this can be confirmed with the aireplay-ng injection test. Make sure your card supports the fragmentation attack.  Again, this can be confirmed with the aireplay-ng injection test.
Line 152: Line 153:
  
 There are a few known limitations: There are a few known limitations:
-  * Only open authentication is support.  Shared key authentication is not supported.+  * Only open authentication is supported.  Shared key authentication is not supported.
   * Only B and G networks are supported.   * Only B and G networks are supported.
   * Fake MAC functionality is broken if there is a lot of traffic on the network.   * Fake MAC functionality is broken if there is a lot of traffic on the network.
  
 +==== "ERROR Max retransmits" message ====
 +
 +You get an error similar to the following while running the program:
 +
 +[18:23:49] ERROR Max retransmits for (30 bytes):
 +B0 00 FF 7F 00 1A 70 51 B0 70 00 0E 2E C5 81 D3 00 1A 70 51 B0 70 00 00 00 00 01 00 00 00 
 +
 +This can be caused if the AP does not acknowledge the the packets you are sending.  Try getting closer to the AP.
 +
 +Another reason is that the internal state machine of wesside-ng is confused.  This typically happens when there are other wireless packets picked up and the state machine does not properly interpret them.  Remember, this is still proof-of-concept code and not completely stable.  Just try rerunning wesside-ng.
 +
 +
 +==== RT73 chipset and "ERROR Max retransmits" message ====
 +
 +If you are using the RT73 chipset, try adding the "-k 1" option.  The driver for this chipset does not properly report ACKs.  Using the "-k 1" option gets around this.
 +
 +
 +==== Known Bugs ====
 +
 +There are a variety of known bugs which are outlined below.  Additionally, the state engine is known to be broken and this leads to unpredictable results.
 +
 +  * [[https://github.com/aircrack-ng/aircrack-ng/issues/306|Errors in wesside-ng with madwifi-ng]]
 +  * [[https://github.com/aircrack-ng/aircrack-ng/issues/303|"Error Wrote 39 out of 30" error message from wesside-ng]]
 +  * [[https://github.com/aircrack-ng/aircrack-ng/issues/295|wesside-ng finds, and attempts to process, WPA APs]]
wesside-ng.1182270841.txt.gz · Last modified: 2007/06/19 18:34 by mister_x