| Both sides previous revisionPrevious revisionNext revision | Previous revision | 
| airolib-ng [2008/07/31 01:40]  – Added pre-made test database darkaudax | airolib-ng [2019/04/15 19:07] (current)  – Updated links to cowpatty mister_x | 
|---|
| ====== Airolib-ng ====== | ====== Airolib-ng ====== | 
|  |  | 
| ++++++ IMPORTANT ++++++\\ |  | 
| ++++++ IMPORTANT ++++++\\ |  | 
| ++++++ IMPORTANT ++++++\\ |  | 
|  |  | 
| This functionality will be available in a future release. It is NOT available currently. |  | 
|  |  | 
| ++++++ IMPORTANT ++++++\\ |  | 
| ++++++ IMPORTANT ++++++\\ |  | 
| ++++++ IMPORTANT ++++++\\ |  | 
|  |  | 
| ===== Description ===== | ===== Description ===== | 
|  |  | 
| Airolib-ng is a tool for the aircrack-ng suite to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking.  The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms.  The SQLite3 database was selected taking in consideration platform availability plus management, memory and disk overhead. | Airolib-ng is an aircrack-ng suite tool designed to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking.  The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms.  The SQLite3 database was selected taking in consideration platform availability plus management, memory and disk overhead. | 
|  |  | 
| WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived.   Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet's thus the PTK was correct therefore the PMK was correct as well. | WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived.   Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet's thus the PTK was correct therefore the PMK was correct as well. | 
|  |  | 
| Calculating the PMK is very slow since it uses the pbkdf2 algorithm.  Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake.  Tests on have shown that using this technique in [[aircrack-ng]] can check more than 30,000 passwords per second using pre-computed PMK tables. | Calculating the PMK is very slow since it uses the pbkdf2 algorithm.  Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake.  Tests have shown that using this technique in [[aircrack-ng]] can check more than 50 000 passwords per second using pre-computed PMK tables. | 
|  |  | 
| Computing the PMK is still required, yet we can: | Computing the PMK is still required, yet we can: | 
| To learn more about coWPAtty: | To learn more about coWPAtty: | 
|  |  | 
| * [[http://www.churchofwifi.org/default.asp?PageLink=Project_Display.asp?PID=95|Church of Wifi CoWPAtty]] | * [[https://www.willhackforsushi.com/?page_id=50|Will Hack For SUSHI > CoWPAtty]] | 
| * [[http://www.wirelessdefence.org/Contents/coWPAttyMain.htm|Wireless Defense CoWPAtty writeup]] | * [[https://web.archive.org/web/20081217032421/http://www.wirelessdefence.org/Contents/coWPAttyMain.htm|Wireless Defense CoWPAtty writeup]] | 
|  |  | 
| As stated above, this program requires the SQLite3 database environment.  You must be running version 3.3.17 or above.  You may obtain the latest version from the [[http://www.sqlite.org/download.html|SQLite download page]]. | As stated above, this program requires the SQLite3 database environment.  You must be running version 3.3.17 or above.  You may obtain the latest version from the [[http://www.sqlite.org/download.html|SQLite download page]]. | 
|  |  | 
|  |  | 
| ===== Usage ===== | ===== Usage ===== | 
|  |  | 
|  |  | 
|  | ===== Usage Tips ===== | 
|  |  | 
|  | ==== Creating your own database example ==== | 
| ===== Usage Tips ===== |  | 
|  |  | 
| To test the tool yourself... | To test the tool yourself... | 
| Done. | Done. | 
|  |  | 
| * start the batch process ("airolib-ng testdb --batch"), wait for it to run out of work, kill it | * start the batch process ("airolib-ng testdb --batch"), wait for it to run out of work or pause it with Ctrl-C | 
|  |  | 
| Computed 1 PMK in 0 seconds (1 PMK/s, 0 in buffer). All ESSID processed. | Computed 1 PMK in 0 seconds (1 PMK/s, 0 in buffer). All ESSID processed. | 
| KEY FOUND! [ 12345678 ] | KEY FOUND! [ 12345678 ] | 
|  |  | 
| Another way to test for yourself is to download a pre-made database called [[http://download.aircrack-ng.org/wiki-files/other/passphrases.db|passphrases.db]].  Then try this database with the two test WPA/WPA2 files supplied in the test directory of the aircrack-ng sources.  The WPA/WPA2 test files are called "wpa.cap" and "wpa2.eapol.cap". |  | 
|  |  | 
|  | ==== Using a sample pre-made database ==== | 
|  |  | 
|  | Another way to test for yourself is to download a pre-made database called [[http://download.aircrack-ng.org/wiki-files/other/passphrases.db|passphrases.db]].  This  file is also located in the test directory of the aircrack-ng sources. Then try this database with the two test WPA/WPA2 files supplied in the test directory of the aircrack-ng sources.  The WPA/WPA2 test files are called "wpa.cap" and "wpa2.eapol.cap". | 
|  |  | 
| The commands are either of: | The commands are either of: | 
|  |  | 
| aircrack-ng -r passphrase.db wpa.cap | aircrack-ng -r passphrases.db wpa.cap | 
| aircrack-ng -r passphrase.db wpa2.eapol.cap | aircrack-ng -r passphrases.db wpa2.eapol.cap | 
|  |  | 
| This should give you the passphase.  Success indicates that your setup is working correctly. | This should give you the passphase.  Success indicates that your setup is working correctly. | 
|  |  | 
|  |  | 
| ===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | 
|  |  | 
|  |  | 
| ==== Enabling Airolib-ng ==== | ==== Enabling Airolib-ng ==== | 
| Airolib-ng is not compiled by default.  To enable compiling, do "make SQLITE=true" and "make sqlite=true install". | Airolib-ng is not compiled by default.  To enable compiling, do "make sqlite=true" and "make sqlite=true install". | 
|  |  | 
| ==== Compile Error ==== | ==== Compile Error ==== | 
| Although this is not a usage troublshooting tip, it is a common problem during the compilation of the 1.0dev version.  As a reminder, SQLite must be version 3.3.13 or above.  This is the compile error you receive when your version of SQLite is less then the requirement: | Although this is not a usage troubleshooting tip, it is a common problem during the compilation of the 1.0dev version.  As a reminder, SQLite must be version 3.3.13 or above.  This is the compile error you receive when your version of SQLite is less then the requirement: | 
|  |  | 
| gcc -g -W -Wall -Werror -O3 -D_FILE_OFFSET_BITS=64 -D_REVISION=`../evalrev` -I/usr/local/include -Iinclude -DHAVE_SQLITE   -c -o airolib-ng.o airolib-ng.c | gcc -g -W -Wall -Werror -O3 -D_FILE_OFFSET_BITS=64 -D_REVISION=`../evalrev` -I/usr/local/include -Iinclude -DHAVE_SQLITE   -c -o airolib-ng.o airolib-ng.c | 
| ==== "invalid lines ignored" error message ==== | ==== "invalid lines ignored" error message ==== | 
|  |  | 
| This error message can occur when importing passwords or ESSIDs.   It is the number of records with invalid passwords or ESSIDs lengths.  The valid lengths are: | This error message may occur when importing passwords or ESSIDs.   It is the number of records with invalid passwords or ESSIDs lengths.  The valid lengths are: | 
|  |  | 
| * Passwords must have a length of 8 through 63 characters | * Passwords must have a length of 8 through 63 characters |