User Tools

Site Tools


airdecloak-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
airdecloak-ng [2008/12/26 18:40] – Doestoying the managed interface is only needed for madwifi-ng - stop people from killing their wlan0 interfaces on mac80211 drivers. netrolller3dairdecloak-ng [2023/01/17 09:58] (current) – [Options] add note about typo in --disable-base_filter gemesa
Line 13: Line 13:
 ===== Usage ===== ===== Usage =====
  
-  Airdecloak-ng 1.0 rc1 r1193 - (C) 2008 Thomas d'Otreppe +  Airdecloak-ng 1.7  - (C) 2008-2022 Thomas d'Otreppe 
-  http://www.aircrack-ng.org+  https://www.aircrack-ng.org
      
   usage: airdecloak-ng [options]   usage: airdecloak-ng [options]
Line 27: Line 27:
      
    Optional:    Optional:
 +     -o <file>             : Output packets (valid) file (default: <src>-filtered.pcap)
 +     -c <file>             : Output packets (cloaked) file (default: <src>-cloaked.pcap)
 +     -u <file>             : Output packets (unknown/ignored) file (default: invalid_status.pcap)
      --filters <filters>   : Apply filters (separated by a comma). Filters:      --filters <filters>   : Apply filters (separated by a comma). Filters:
            signal:               Try to filter based on signal.            signal:               Try to filter based on signal.
Line 47: Line 50:
      
      --help                : Displays this usage screen      --help                : Displays this usage screen
 +
  
 ==== Options ==== ==== Options ====
  
-^Option^Explanation+^Option^Param.^Description
-|-i <input file>|Path to the capture file.| +|-i|input file|Path to the capture file.| 
-|--bssid <BSSID>|BSSID of the network to filter.| +|--bssid|BSSID|BSSID of the network to filter.| 
-|--ssid <ESSID>|ESSID of the network to filter (not yet implemented).| +|--ssid|ESSID|ESSID of the network to filter (not yet implemented).| 
-|--filters <filters>|Apply theses filters in this specific order. They have to be separated by a ','. \\ **Example**: --filters signal,consecutive_sn| +|--filters|filters|Apply theses filters in this specific order. They have to be separated by a ','. \\ **Example**: --filters signal,consecutive_sn| 
-|--null-packets|Assume that null packets can be cloaked (not yet implemented).| +|--null-packets|-|Assume that null packets can be cloaked (not yet implemented).| 
-|--disable-base_filter|Disable the base filter.| +|--disable-base_filter|-|Disable the base filter. (Note: there is a typo in the usage info, the correct option is: --disable-base-filter)
-|--drop-frag|Drop all fragmented packets. In most networks, fragmentation is not needed.|+|--drop-frag|-|Drop all fragmented packets. In most networks, fragmentation is not needed.|
  
  
Line 82: Line 86:
  
 === Trying to crack the WEP key === === Trying to crack the WEP key ===
-  aircrack-ng.exe wep_cloaking_full_speed_dl.pcap -b 00:12:BF:12:32:29 -K -n 64 -d 1F:1F:1F+  aircrack-ng wep_cloaking_full_speed_dl.pcap -b 00:12:BF:12:32:29 -K -n 64 -d 1F:1F:1F
      
 {{http://www.aircrack-ng.org/wep_cloaking/crack_without_filter.jpg}} {{http://www.aircrack-ng.org/wep_cloaking/crack_without_filter.jpg}}
Line 197: Line 201:
 === Timing === === Timing ===
  
-The time needed to receive a cloaked frame could be analysed; compared to its uncloaked equivalent since the sensor receive the real frame then forge a wep cloaked frame with the informations of the real one.+The time needed to receive a cloaked frame could be analyzed; compared to its uncloaked equivalent since the sensor receives the real frame then forge a wep cloaked frame with the informations of the real one.
  
 For this, 2 packets are needed (one real and one cloaked) and we have to make sure the "cloaking" status of both packets is accurate (and that the cloaked packet is forged against the real one we have). For this, 2 packets are needed (one real and one cloaked) and we have to make sure the "cloaking" status of both packets is accurate (and that the cloaked packet is forged against the real one we have).
Line 227: Line 231:
 {{http://www.aircrack-ng.org/wep_cloaking/low_traffic.jpg}} {{http://www.aircrack-ng.org/wep_cloaking/low_traffic.jpg}}
  
-There'a few possibilites to filter out the cloaked packet for 7509/7510:+There are a few possibilities to filter out the cloaked packet for 7509/7510:
 - both packets can be discarded since they have the same sequence number. - both packets can be discarded since they have the same sequence number.
 - use signal/timing to find the cloaked packet. - use signal/timing to find the cloaked packet.
  
  
-For packet 7538/7539, it will be easier, it's easy to find out which one is cloaked, a beacon has the same sequence number as packet 7539; 7539 is cloaked:+For packet 7538/7539, it will be easier, it's easy to find out which one is cloaked, a beacon has the same sequence numbers as packet 7539; 7539 is cloaked:
  
  
Line 247: Line 251:
  
 ... so other ways have to be used. Beacon will still be used but in another way: since 1319 is a valid sequence number, the previous (1318) and the next (1320) sequence numbers of valid packets are known. It's getting more complicated, these sequence number are both used more than once ;) \\ ... so other ways have to be used. Beacon will still be used but in another way: since 1319 is a valid sequence number, the previous (1318) and the next (1320) sequence numbers of valid packets are known. It's getting more complicated, these sequence number are both used more than once ;) \\
-Since it is known that wep cloaking copy the attributes (including frame size) of its equivalent real frame, wep cloaked packets can be easily found:+Since it is known that wep cloaking copies the attributes (including frame size) of its equivalent real frame, wep cloaked packets can be easily found:
  
 ^Position^Uncloaked^Cloaked^Frame size^Reason| ^Position^Uncloaked^Cloaked^Frame size^Reason|
Line 317: Line 321:
 Remove all duplicate sequence numbers for both the AP and the client (that are close to each other). Remove all duplicate sequence numbers for both the AP and the client (that are close to each other).
  
-Basically it apply ''duplicate_sn_ap'' and ''duplicate_sn_client'' filters+Basically it applies ''duplicate_sn_ap'' and ''duplicate_sn_client'' filters
  
 == consecutive_sn == == consecutive_sn ==
Line 363: Line 367:
 ===== Thanks ===== ===== Thanks =====
  
-Thanks to Alex Hernandez aka alt3kx from [[http://sybsecurity.com|sybsecurity.com]] for the hardware+Thanks to Alex Hernandez aka alt3kx from [[http://sybsecurity.com|sybsecurity.com]] for the hardware.
airdecloak-ng.1230313231.txt.gz · Last modified: 2008/12/26 18:40 by netrolller3d