User Tools

Site Tools


airolib-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
airolib-ng [2007/07/10 15:36]
darkaudax redid page due to major format error
airolib-ng [2013/03/18 13:32] (current)
jano Change the external link --> "churchofwifi.org/Project" because it no longer exists
Line 1: Line 1:
 ====== Airolib-ng ====== ====== Airolib-ng ======
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
- 
-This functionality will be available in a future release. It is NOT available currently. 
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
  
 ===== Description ===== ===== Description =====
  
-Airolib-ng is a tool for the aircrack-ng suite to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking. ​ The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms. ​ The SQLite3 database was selected taking in consideration platform availability plus management, memory and disk overhead.+Airolib-ng is an aircrack-ng suite tool designed ​to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking. ​ The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms. ​ The SQLite3 database was selected taking in consideration platform availability plus management, memory and disk overhead.
  
 WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived. ​  Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet'​s thus the PTK was correct therefore the PMK was correct as well. WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived. ​  Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet'​s thus the PTK was correct therefore the PMK was correct as well.
  
-Calculating the PMK is very slow since it uses the pbkdf2 algorithm. ​ Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake. ​ Tests on have shown that using this technique in [[aircrack-ng]] can check more than 30,000 passwords per second using pre-computed PMK tables.+Calculating the PMK is very slow since it uses the pbkdf2 algorithm. ​ Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake. ​ Tests have shown that using this technique in [[aircrack-ng]] can check more than 50 000 passwords per second using pre-computed PMK tables.
  
 Computing the PMK is still required, yet we can: Computing the PMK is still required, yet we can:
Line 30: Line 20:
 To learn more about coWPAtty: To learn more about coWPAtty:
  
-  * [[http://​www.churchofwifi.org/default.asp?​PageLink=Project_Display.asp?PID=95|Church of Wifi CoWPAtty]]+  * [[http://​www.willhackforsushi.com/?page_id=50|Will Hack For SUSHI > CoWPAtty]]
   * [[http://​www.wirelessdefence.org/​Contents/​coWPAttyMain.htm|Wireless Defense CoWPAtty writeup]]   * [[http://​www.wirelessdefence.org/​Contents/​coWPAttyMain.htm|Wireless Defense CoWPAtty writeup]]
  
Line 48: Line 38:
 Here are the valid operations: Here are the valid operations:
  
-  * init  ​ ​Create a new database file and it's table layout. +  * - -stats  -  Output some information about the database. 
-  * stats  -  Output some information about the database. +  * - -sql {sql}  - Execute the specified SQL statement. 
-  * sql {sql}  - Execute the specified SQL statement. +  * - -clean [all]  -  Perform steps to clean the database from old junk. The option '​all'​ will also reduce file size if possible and run an integrity check. 
-  * clean [all]  -  Perform steps to clean the database from old junk. The option '​all'​ will also reduce file size if possible and run an integrity check. +  * - -batch  - Start batch-processing all combinations of ESSIDs and passwords. ​ This must be run prior to using the database within [[aircrack-ng]] or after you have added additional SSIDs or passwords. 
-  * batch  - Start batch-processing all combinations of ESSIDs and passwords. ​ This must be run prior to using the database within [[aircrack-ng]] or after you have added additional SSIDs or passwords. +  * - -verify [all]  - Verify a set of randomly chosen PMKs. If the option '​all'​ is given, all(!) PMKs in the database are verified and the incorrect ones are deleted. 
-  * verify [all]  - Verify a set of randomly chosen PMKs. If the option '​all'​ is given, all(!) PMKs in the database are verified and the incorrect ones are deleted. +  * - -export cowpatty {essid} {file} ​ -  Export to a cowpatty file. 
-  * export cowpatty {essid} {file} ​ -  Export to a cowpatty file. +  * - -import cowpatty {file} ​ -  Import a cowpatty file and create the database if it does not exist
-  * import cowpatty {file} ​ -  Import a cowpatty file. +  * - -import {essid|passwd} {file} ​ -  Import a text flat file as a list of either ESSIDs or passwords ​and create the database if it does not exist. ​ This file must contain one essid or password per line.  Lines should be terminated with line feeds. ​ Meaning press "​enter"​ at the end of each line when entering the values.
-  * import ​ascii {essid|passwd} {file} ​ -  Import a flatfile ​as a list of either ESSIDs or passwords. +
  
 ===== Usage Examples ===== ===== Usage Examples =====
  
 Here are usage examples for each operation. Here are usage examples for each operation.
- 
-==== Init Operation ==== 
- 
-You must be in the directory where you want the database created or specify the fully qualified path name. 
- 
-Enter: 
- 
-   ​airolib-ng testdb init 
- 
-Where: 
- 
-  * testdb is the name of the database to be created. 
-  * init is the operation to be performed. 
- 
-The system does not respond with any output. ​ You can verify the database was created by doing a directly listing. 
- 
  
 ==== Status Operation ==== ==== Status Operation ====
Line 83: Line 55:
 Enter: Enter:
  
-   ​airolib-ng testdb stats+   ​airolib-ng testdb ​--stats
  
 Where: Where:
  
   * testdb is the name of the database to be created.   * testdb is the name of the database to be created.
-  * stats is the operation to be performed.+  * - -stats is the operation to be performed.
  
 The system responds: The system responds:
Line 97: Line 69:
    ​Harkonen ​       64      100.0    ​Harkonen ​       64      100.0
    ​teddy ​  ​64 ​     100.0    ​teddy ​  ​64 ​     100.0
- 
  
 ==== SQL Operation ==== ==== SQL Operation ====
Line 105: Line 76:
 Enter: Enter:
  
-   ​airolib-ng testdb sql '​update essid set prio=(select min(prio)-1 from essid) where essid="​VeryImportantESSID";'​+   ​airolib-ng testdb ​--sql '​update essid set prio=(select min(prio)-1 from essid) where essid="​VeryImportantESSID";'​
  
 The system responds: The system responds:
Line 116: Line 87:
 Enter: Enter:
  
-   ​airolib-ng testdb sql '​select hex(pmk) from pmk where hex(pmk) like "​%DEADBEEF%"'​+   ​airolib-ng testdb ​--sql '​select hex(pmk) from pmk where hex(pmk) like "​%DEADBEEF%"'​
  
 The system responds: The system responds:
  
    ​hex(pmk) BF3F122D3CE9ED6C6E7E1D7D13505E0A41EC4C5A3DEADBEEFFEFF597387AFCE3    ​hex(pmk) BF3F122D3CE9ED6C6E7E1D7D13505E0A41EC4C5A3DEADBEEFFEFF597387AFCE3
- 
  
 ==== Clean Operation ==== ==== Clean Operation ====
Line 127: Line 97:
 To do a basic cleaning, enter: To do a basic cleaning, enter:
  
-   ​airolib-ng testdb clean+   ​airolib-ng testdb ​--clean
  
 The system responds: The system responds:
Line 139: Line 109:
 To do a basic cleaning, reduce the file size if possible and run an integrity check., enter: To do a basic cleaning, reduce the file size if possible and run an integrity check., enter:
  
-   ​airolib-ng testdb clean all+   ​airolib-ng testdb ​--clean all
  
 The system responds: The system responds:
Line 152: Line 122:
    Query done. 2 rows affected.    Query done. 2 rows affected.
    Done.    Done.
- 
  
 ==== Batch Operation ==== ==== Batch Operation ====
Line 158: Line 127:
 Enter: Enter:
  
-   ​airolib-ng testdb batch+   ​airolib-ng testdb ​--batch
  
 The system responds: The system responds:
  
    ​Computed 464 PMK in 10 seconds (46 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...    ​Computed 464 PMK in 10 seconds (46 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...
- 
-IMPORTANT: You must press control-C to terminate this program once it is finished or it will continue to run indefinitely. 
- 
- 
  
 ==== Verify Operation ==== ==== Verify Operation ====
Line 172: Line 137:
 To verify a 1000 random PMKs, enter: To verify a 1000 random PMKs, enter:
  
-   ​airolib-ng testdb verify+   ​airolib-ng testdb ​--verify
  
 The system responds: The system responds:
Line 184: Line 149:
 To verify all PMKs, enter: To verify all PMKs, enter:
  
-   ​airolib-ng testdb verify all+   ​airolib-ng testdb ​--verify all
  
 The system responds: The system responds:
Line 192: Line 157:
  
  
-==== Export ​cowpatty ​Operation ====+==== Cowpatty table Export Operation ====
  
 Enter: Enter:
  
-   ​airolib-ng testdb export cowpatty test cowexportoftest+   ​airolib-ng testdb ​--export cowpatty test cowexportoftest
  
 The system responds: The system responds:
Line 204: Line 169:
  
  
-==== Import ​cowpatty ​Operation ====+==== Import Operation ====
  
-Enter:+=== SSID === 
 +To import an ascii list of SSIDs and create the database if it does not exist, enter:
  
-   ​airolib-ng testdb ​import cowpatty ​ cowexportoftest ​              +   ​airolib-ng testdb --import essid ssidlist.txt
- +
-The system responds: +
- +
-   ​importReading header... +
-   ​Reading... +
-   ​Updating references... +
-   ​Writing... +
- +
- +
-==== Import ascii Operation ==== +
- +
-To import an ascii list of SSIDs, enter: +
- +
-   ​airolib-ng testdb ​import ​ascii essid ssidlist.txt+
  
 Where: Where:
  
-  * testdb is the name of the database to be updated and this must already ​exist. +  * testdb is the name of the database to be updated and it will be created if it does not exist. 
-  * import ​ascii is the operation to be performed.+  * - -import is the operation to be performed.
   * essid indicates it is a list of SSIDs.   * essid indicates it is a list of SSIDs.
   * ssidlist.txt is the file name containing the SSIDs. ​ One per line.  It can optionally be fully qualified.   * ssidlist.txt is the file name containing the SSIDs. ​ One per line.  It can optionally be fully qualified.
Line 237: Line 189:
    Done.    Done.
  
 +=== Passwords ===
 +To import an ascii list of passwords and create the database if it does not exist, enter:
  
-To import an ascii list of passwords, enter: +   airolib-ng testdb ​--import passwd password.lst
- +
-   airolib-ng testdb import ​ascii passwd password.lst+
  
 Where: Where:
  
-  * testdb is the name of the database to be updated and this must already ​exist. +  * testdb is the name of the database to be updated and it will be created if it does not exist. 
-  * import ​ascii is the operation to be performed.+  * - -import is the operation to be performed.
   * passwd indicates it is a list of passwords.   * passwd indicates it is a list of passwords.
-  * password.list is the file name.  One per line.  It can optionally be fully qualified.+  * password.list is the file name. One per line. It can optionally be fully qualified.
  
 The system responds: The system responds:
Line 254: Line 206:
    ​Writing... read, 1814 invalid lines ignored.    ​Writing... read, 1814 invalid lines ignored.
    Done.    Done.
 +
 +=== Cowpatty tables ===
 +
 +Imports a cowpatty table and create the database if it does not exist, enter:
 +
 +   ​airolib-ng testdb --import cowpatty ​ cowexportoftest
 +
 +Where:
 +
 +  * testdb is the name of the database to be updated and it will be created if it does not exist.
 +  * - -import is the operation to be performed.
 +  * cowpatty indicates it is a cowpatty table.
 +  * cowexportoftest is the file name. One per line. It can optionally be fully qualified.
 +
 +The system responds:
 +
 +   ​importReading header...
 +   ​Reading...
 +   ​Updating references...
 +   ​Writing...
  
  
Line 274: Line 246:
  
 ===== Usage Tips ===== ===== Usage Tips =====
 +
 +==== Creating your own database example ====
  
 To test the tool yourself... To test the tool yourself...
  
-  * get yourself the sqlite3 library and headers+  * get yourself the sqlite3 library and headers ​(latest version is recommended)
   * get yourself the 1.0dev version of the aircrack-ng suite   * get yourself the 1.0dev version of the aircrack-ng suite
-  ​* create a new database file with "​airolib-ng testdb init"​ +  * import ​an essid, e.g. "echo Harkonen | airolib-ng testdb ​--import essid -" 
-  ​* import ​some essid, e.g. "echo Harkonen | airolib-ng testdb import ​ascii essid -" + 
-  * import ​some passwords, e.g. "echo 12345678 | airolib-ng testdb import ​ascii passwd -" +   ​Database <​testdb>​ does not already exist, creating it... 
-  * start the batch process ("​airolib-ng testdb batch"​),​ wait for it to run out of work, kill it +   ​Database <​testdb>​ sucessfully created 
-  * crack your WPA/WPA2 handshake, e.g. "​aircrack-ng -r testdb -e Harkonen -wpa2.eapol.cap"​+   ​Reading file... 
 +   ​Writing... 
 +   ​Done. 
 + 
 +  * import ​a password, e.g. "echo 12345678 | airolib-ng testdb ​--import passwd -" 
 + 
 +   ​Reading file... 
 +   ​Writing... 
 +   ​Done. 
 + 
 +  * start the batch process ("​airolib-ng testdb ​--batch"​),​ wait for it to run out of work, kill it 
 + 
 +   ​Computed 1 PMK in 0 seconds (1 PMK/s, 0 in buffer). All ESSID processed. 
 + 
 +  * Check the database to confirm everything has been computed ("​airolib-ng testdb --stats"​) 
 + 
 +   There are 1 ESSIDs and 1 passwords in the database. 1 out of 1 possible combinations have been computed (100%). 
 +    
 +   ​ESSID ​  ​Priority ​       Done 
 +   ​Harkonen ​       64      100.0 
 + 
 +  * crack your WPA/WPA2 handshake, e.g. "​aircrack-ng -r testdb -e Harkonen ​wpa2.eapol.cap"​ 
 + 
 +   KEY FOUND! [ 12345678 ] 
 + 
 + 
 + 
 +==== Using a sample pre-made database ==== 
 + 
 +Another way to test for yourself is to download a pre-made database called [[http://​download.aircrack-ng.org/​wiki-files/​other/​passphrases.db|passphrases.db]]. ​ This  file is also located in the test directory of the aircrack-ng sources. Then try this database with the two test WPA/WPA2 files supplied in the test directory of the aircrack-ng sources. ​ The WPA/WPA2 test files are called "​wpa.cap"​ and "wpa2.eapol.cap"​
 + 
 +The commands are either of: 
 + 
 +   ​aircrack-ng -r passphrases.db wpa.cap 
 +   ​aircrack-ng -r passphrases.db wpa2.eapol.cap 
 + 
 +This should give you the passphase. ​ Success indicates that your setup is working correctly.
  
  
 ===== Usage Troubleshooting ===== ===== Usage Troubleshooting =====
  
-None at this time. 
  
 +==== Enabling Airolib-ng ====
 +Airolib-ng is not compiled by default. ​ To enable compiling, do "make sqlite=true"​ and "make sqlite=true install"​.
 +
 +==== Compile Error ====
 +Although this is not a usage troubleshooting tip, it is a common problem during the compilation of the 1.0dev version. ​ As a reminder, SQLite must be version 3.3.13 or above. ​ This is the compile error you receive when your version of SQLite is less then the requirement:​
 +
 +  gcc -g -W -Wall -Werror -O3 -D_FILE_OFFSET_BITS=64 -D_REVISION=`../​evalrev` -I/​usr/​local/​include -Iinclude -DHAVE_SQLITE ​  -c -o airolib-ng.o airolib-ng.c
 +  airolib-ng.c:​ In function `sql_prepare':​
 +  airolib-ng.c:​129:​ warning: implicit declaration of function `sqlite3_prepare_v2'​
 +  make[1]: *** [airolib-ng.o] Error 1
 +  make[1]: Leaving directory `/​root/​1.0-dev/​src'​
 +  make: *** [all] Error 2
 +  ​
 +==== When is the SQLite patch needed? ====
 +
 +The SQLite patch included with aircrack-ng sources is only needed when compiling under Windows. ​ It is required to remove some elements which will not compile under windows and are not required.
 +
 +It is not required for linux installations.
 +
 +==== Airolib-ng fails to open or create the database ====
 +
 +On windows only, opening/​creating a database doesn'​t work when airolib-ng is in directories containing special characters like '​ç',​ '​é',​ '​è',​ '​à',​ ... (directories containing spaces are not affected).
 +
 +The solution is to move airolib-ng and its database in another directory without these special characters.
 +
 +==== "​invalid lines ignored"​ error message ====
 +
 +This error message may occur when importing passwords or ESSIDs. ​  It is the number of records with invalid passwords or ESSIDs lengths. ​ The valid lengths are:
 +
 +  * Passwords must have a length of 8 through 63 characters
 +  * ESSIDs must have a length of 1 through 32 characters
 +
 +==== "​Quitting aircrack-ng..."​ error message ====
 +
 +If you subsequently run aircrack-ng and only receive "​Quitting aircrack-ng..."​ then the ESSID is missing from the database. ​ You need to load it plus rerun the batch option.
  
airolib-ng.1184074598.txt.gz · Last modified: 2007/07/10 15:36 by darkaudax