User Tools

Site Tools


airolib-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
airolib-ng [2007/11/14 22:26]
darkaudax Added "When is the SQLite patch needed?"
airolib-ng [2019/03/30 23:01]
mister_x [Creating your own database example] Document control-C with batch
Line 1: Line 1:
 ====== Airolib-ng ====== ====== Airolib-ng ======
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
- 
-This functionality will be available in a future release. It is NOT available currently. 
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
  
 ===== Description ===== ===== Description =====
  
-Airolib-ng is a tool for the aircrack-ng suite to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking. ​ The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms. ​ The SQLite3 database was selected taking in consideration platform availability plus management, memory and disk overhead.+Airolib-ng is an aircrack-ng suite tool designed ​to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking. ​ The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms. ​ The SQLite3 database was selected taking in consideration platform availability plus management, memory and disk overhead.
  
 WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived. ​  Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet'​s thus the PTK was correct therefore the PMK was correct as well. WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived. ​  Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet'​s thus the PTK was correct therefore the PMK was correct as well.
  
-Calculating the PMK is very slow since it uses the pbkdf2 algorithm. ​ Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake. ​ Tests on have shown that using this technique in [[aircrack-ng]] can check more than 30,000 passwords per second using pre-computed PMK tables.+Calculating the PMK is very slow since it uses the pbkdf2 algorithm. ​ Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake. ​ Tests have shown that using this technique in [[aircrack-ng]] can check more than 50 000 passwords per second using pre-computed PMK tables.
  
 Computing the PMK is still required, yet we can: Computing the PMK is still required, yet we can:
Line 30: Line 20:
 To learn more about coWPAtty: To learn more about coWPAtty:
  
-  * [[http://​www.churchofwifi.org/default.asp?​PageLink=Project_Display.asp?PID=95|Church of Wifi CoWPAtty]]+  * [[http://​www.willhackforsushi.com/?page_id=50|Will Hack For SUSHI > CoWPAtty]]
   * [[http://​www.wirelessdefence.org/​Contents/​coWPAttyMain.htm|Wireless Defense CoWPAtty writeup]]   * [[http://​www.wirelessdefence.org/​Contents/​coWPAttyMain.htm|Wireless Defense CoWPAtty writeup]]
  
Line 48: Line 38:
 Here are the valid operations: Here are the valid operations:
  
-  * init  ​ ​Create a new database file and it's table layout. +  * - -stats  -  Output some information about the database. 
-  * stats  -  Output some information about the database. +  * - -sql {sql}  - Execute the specified SQL statement. 
-  * sql {sql}  - Execute the specified SQL statement. +  * - -clean [all]  -  Perform steps to clean the database from old junk. The option '​all'​ will also reduce file size if possible and run an integrity check. 
-  * clean [all]  -  Perform steps to clean the database from old junk. The option '​all'​ will also reduce file size if possible and run an integrity check. +  * - -batch  - Start batch-processing all combinations of ESSIDs and passwords. ​ This must be run prior to using the database within [[aircrack-ng]] or after you have added additional SSIDs or passwords. 
-  * batch  - Start batch-processing all combinations of ESSIDs and passwords. ​ This must be run prior to using the database within [[aircrack-ng]] or after you have added additional SSIDs or passwords. +  * - -verify [all]  - Verify a set of randomly chosen PMKs. If the option '​all'​ is given, all(!) PMKs in the database are verified and the incorrect ones are deleted. 
-  * verify [all]  - Verify a set of randomly chosen PMKs. If the option '​all'​ is given, all(!) PMKs in the database are verified and the incorrect ones are deleted. +  * - -export cowpatty {essid} {file} ​ -  Export to a cowpatty file. 
-  * export cowpatty {essid} {file} ​ -  Export to a cowpatty file. +  * - -import cowpatty {file} ​ -  Import a cowpatty file and create the database if it does not exist
-  * import cowpatty {file} ​ -  Import a cowpatty file. +  * - -import {essid|passwd} {file} ​ -  Import a text flat file as a list of either ESSIDs or passwords ​and create the database if it does not exist.  This file must contain one essid or password per line.  Lines should be terminated with line feeds. ​ Meaning press "​enter"​ at the end of each line when entering the values.
-  * import ​ascii {essid|passwd} {file} ​ -  Import a text flat file as a list of either ESSIDs or passwords. ​ This file must contain one essid or password per line.  Lines should be terminated with line feeds. ​ Meaning press "​enter"​ at the end of each line when entering the values. +
  
 ===== Usage Examples ===== ===== Usage Examples =====
  
 Here are usage examples for each operation. Here are usage examples for each operation.
- 
-==== Init Operation ==== 
- 
-You must be in the directory where you want the database created or specify the fully qualified path name. 
- 
-Enter: 
- 
-   ​airolib-ng testdb init 
- 
-Where: 
- 
-  * testdb is the name of the database to be created. 
-  * init is the operation to be performed. 
- 
-The system does not respond with any output. ​ You can verify the database was created by doing a directly listing. 
- 
  
 ==== Status Operation ==== ==== Status Operation ====
Line 83: Line 55:
 Enter: Enter:
  
-   ​airolib-ng testdb stats+   ​airolib-ng testdb ​--stats
  
 Where: Where:
  
   * testdb is the name of the database to be created.   * testdb is the name of the database to be created.
-  * stats is the operation to be performed.+  * - -stats is the operation to be performed.
  
 The system responds: The system responds:
Line 97: Line 69:
    ​Harkonen ​       64      100.0    ​Harkonen ​       64      100.0
    ​teddy ​  ​64 ​     100.0    ​teddy ​  ​64 ​     100.0
- 
  
 ==== SQL Operation ==== ==== SQL Operation ====
Line 105: Line 76:
 Enter: Enter:
  
-   ​airolib-ng testdb sql '​update essid set prio=(select min(prio)-1 from essid) where essid="​VeryImportantESSID";'​+   ​airolib-ng testdb ​--sql '​update essid set prio=(select min(prio)-1 from essid) where essid="​VeryImportantESSID";'​
  
 The system responds: The system responds:
Line 116: Line 87:
 Enter: Enter:
  
-   ​airolib-ng testdb sql '​select hex(pmk) from pmk where hex(pmk) like "​%DEADBEEF%"'​+   ​airolib-ng testdb ​--sql '​select hex(pmk) from pmk where hex(pmk) like "​%DEADBEEF%"'​
  
 The system responds: The system responds:
  
    ​hex(pmk) BF3F122D3CE9ED6C6E7E1D7D13505E0A41EC4C5A3DEADBEEFFEFF597387AFCE3    ​hex(pmk) BF3F122D3CE9ED6C6E7E1D7D13505E0A41EC4C5A3DEADBEEFFEFF597387AFCE3
- 
  
 ==== Clean Operation ==== ==== Clean Operation ====
Line 127: Line 97:
 To do a basic cleaning, enter: To do a basic cleaning, enter:
  
-   ​airolib-ng testdb clean+   ​airolib-ng testdb ​--clean
  
 The system responds: The system responds:
Line 139: Line 109:
 To do a basic cleaning, reduce the file size if possible and run an integrity check., enter: To do a basic cleaning, reduce the file size if possible and run an integrity check., enter:
  
-   ​airolib-ng testdb clean all+   ​airolib-ng testdb ​--clean all
  
 The system responds: The system responds:
Line 152: Line 122:
    Query done. 2 rows affected.    Query done. 2 rows affected.
    Done.    Done.
- 
  
 ==== Batch Operation ==== ==== Batch Operation ====
Line 158: Line 127:
 Enter: Enter:
  
-   ​airolib-ng testdb batch+   ​airolib-ng testdb ​--batch
  
 The system responds: The system responds:
  
    ​Computed 464 PMK in 10 seconds (46 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...    ​Computed 464 PMK in 10 seconds (46 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...
- 
-IMPORTANT: You must press control-C to terminate this program once it is finished or it will continue to run indefinitely. 
- 
- 
  
 ==== Verify Operation ==== ==== Verify Operation ====
Line 172: Line 137:
 To verify a 1000 random PMKs, enter: To verify a 1000 random PMKs, enter:
  
-   ​airolib-ng testdb verify+   ​airolib-ng testdb ​--verify
  
 The system responds: The system responds:
Line 184: Line 149:
 To verify all PMKs, enter: To verify all PMKs, enter:
  
-   ​airolib-ng testdb verify all+   ​airolib-ng testdb ​--verify all
  
 The system responds: The system responds:
Line 192: Line 157:
  
  
-==== Export ​cowpatty ​Operation ====+==== Cowpatty table Export Operation ====
  
 Enter: Enter:
  
-   ​airolib-ng testdb export cowpatty test cowexportoftest+   ​airolib-ng testdb ​--export cowpatty test cowexportoftest
  
 The system responds: The system responds:
Line 204: Line 169:
  
  
-==== Import ​cowpatty ​Operation ====+==== Import Operation ====
  
-Enter: +=== SSID === 
- +To import an ascii list of SSIDs and create the database if it does not exist, enter:
-   ​airolib-ng testdb import cowpatty ​ cowexportoftest ​              +
- +
-The system responds: +
- +
-   ​importReading header... +
-   ​Reading... +
-   ​Updating references... +
-   ​Writing... +
- +
- +
-==== Import ascii Operation ​==== +
- +
-To import an ascii list of SSIDs, enter:+
  
-   ​airolib-ng testdb import ​ascii essid ssidlist.txt+   ​airolib-ng testdb ​--import essid ssidlist.txt
  
 Where: Where:
  
-  * testdb is the name of the database to be updated and this must already ​exist. +  * testdb is the name of the database to be updated and it will be created if it does not exist. 
-  * import ​ascii is the operation to be performed.+  * - -import is the operation to be performed.
   * essid indicates it is a list of SSIDs.   * essid indicates it is a list of SSIDs.
   * ssidlist.txt is the file name containing the SSIDs. ​ One per line.  It can optionally be fully qualified.   * ssidlist.txt is the file name containing the SSIDs. ​ One per line.  It can optionally be fully qualified.
Line 237: Line 189:
    Done.    Done.
  
 +=== Passwords ===
 +To import an ascii list of passwords and create the database if it does not exist, enter:
  
-To import an ascii list of passwords, enter: +   airolib-ng testdb ​--import passwd password.lst
- +
-   airolib-ng testdb import ​ascii passwd password.lst+
  
 Where: Where:
  
-  * testdb is the name of the database to be updated and this must already ​exist. +  * testdb is the name of the database to be updated and it will be created if it does not exist. 
-  * import ​ascii is the operation to be performed.+  * - -import is the operation to be performed.
   * passwd indicates it is a list of passwords.   * passwd indicates it is a list of passwords.
-  * password.list is the file name.  One per line.  It can optionally be fully qualified.+  * password.list is the file name. One per line. It can optionally be fully qualified.
  
 The system responds: The system responds:
Line 254: Line 206:
    ​Writing... read, 1814 invalid lines ignored.    ​Writing... read, 1814 invalid lines ignored.
    Done.    Done.
 +
 +=== Cowpatty tables ===
 +
 +Imports a cowpatty table and create the database if it does not exist, enter:
 +
 +   ​airolib-ng testdb --import cowpatty ​ cowexportoftest
 +
 +Where:
 +
 +  * testdb is the name of the database to be updated and it will be created if it does not exist.
 +  * - -import is the operation to be performed.
 +  * cowpatty indicates it is a cowpatty table.
 +  * cowexportoftest is the file name. One per line. It can optionally be fully qualified.
 +
 +The system responds:
 +
 +   ​importReading header...
 +   ​Reading...
 +   ​Updating references...
 +   ​Writing...
  
  
Line 274: Line 246:
  
 ===== Usage Tips ===== ===== Usage Tips =====
 +
 +==== Creating your own database example ====
  
 To test the tool yourself... To test the tool yourself...
  
-  * get yourself the sqlite3 library and headers+  * get yourself the sqlite3 library and headers ​(latest version is recommended)
   * get yourself the 1.0dev version of the aircrack-ng suite   * get yourself the 1.0dev version of the aircrack-ng suite
-  ​* create a new database file with "​airolib-ng testdb init"​ +  * import ​an essid, e.g. "echo Harkonen | airolib-ng testdb --import ​essid -"
-  ​* import ​some essid, e.g. "echo Harkonen | airolib-ng testdb ​import ascii essid -+
-  * import some passwords, e.g. "echo 12345678 | airolib-ng testdb ​import ​ascii passwd ​-+
-  * start the batch process ("​airolib-ng testdb batch"​),​ wait for it to run out of work, kill it +
-  * crack your WPA/WPA2 handshake, e.g. "​aircrack-ng -r testdb -e Harkonen -q wpa2.eapol.cap"+
  
 +   ​Database <​testdb>​ does not already exist, creating it...
 +   ​Database <​testdb>​ sucessfully created
 +   ​Reading file...
 +   ​Writing...
 +   Done.
 +
 +  * import a password, e.g. "echo 12345678 | airolib-ng testdb --import passwd -"
 +
 +   ​Reading file...
 +   ​Writing...
 +   Done.
 +
 +  * start the batch process ("​airolib-ng testdb --batch"​),​ wait for it to run out of work or pause it with Ctrl-C
 +
 +   ​Computed 1 PMK in 0 seconds (1 PMK/s, 0 in buffer). All ESSID processed.
 +
 +  * Check the database to confirm everything has been computed ("​airolib-ng testdb --stats"​)
 +
 +   There are 1 ESSIDs and 1 passwords in the database. 1 out of 1 possible combinations have been computed (100%).
 +   
 +   ​ESSID ​  ​Priority ​       Done
 +   ​Harkonen ​       64      100.0
 +
 +  * crack your WPA/WPA2 handshake, e.g. "​aircrack-ng -r testdb -e Harkonen wpa2.eapol.cap"​
 +
 +   KEY FOUND! [ 12345678 ]
 +
 +
 +
 +==== Using a sample pre-made database ====
 +
 +Another way to test for yourself is to download a pre-made database called [[http://​download.aircrack-ng.org/​wiki-files/​other/​passphrases.db|passphrases.db]]. ​ This  file is also located in the test directory of the aircrack-ng sources. Then try this database with the two test WPA/WPA2 files supplied in the test directory of the aircrack-ng sources. ​ The WPA/WPA2 test files are called "​wpa.cap"​ and "​wpa2.eapol.cap"​.
 +
 +The commands are either of:
 +
 +   ​aircrack-ng -r passphrases.db wpa.cap
 +   ​aircrack-ng -r passphrases.db wpa2.eapol.cap
 +
 +This should give you the passphase. ​ Success indicates that your setup is working correctly.
  
  
 ===== Usage Troubleshooting ===== ===== Usage Troubleshooting =====
 +
  
 ==== Enabling Airolib-ng ==== ==== Enabling Airolib-ng ====
-Airolib-ng is not compiled by default. ​ To enable compiling, do "​make ​SQLITE=true"​. +Airolib-ng is not compiled by default. ​ To enable compiling, do "​make ​sqlite=true" and "make sqlite=true install".
  
 ==== Compile Error ==== ==== Compile Error ====
-Although this is not a usage troublshooting ​tip, it is a common problem during the compilation of the 1.0dev version. ​ As a reminder, SQLite must be version 3.3.13 or above. ​ This is the compile error you receive when your version of SQLite is less then the requirement:​+Although this is not a usage troubleshooting ​tip, it is a common problem during the compilation of the 1.0dev version. ​ As a reminder, SQLite must be version 3.3.13 or above. ​ This is the compile error you receive when your version of SQLite is less then the requirement:​
  
   gcc -g -W -Wall -Werror -O3 -D_FILE_OFFSET_BITS=64 -D_REVISION=`../​evalrev` -I/​usr/​local/​include -Iinclude -DHAVE_SQLITE ​  -c -o airolib-ng.o airolib-ng.c   gcc -g -W -Wall -Werror -O3 -D_FILE_OFFSET_BITS=64 -D_REVISION=`../​evalrev` -I/​usr/​local/​include -Iinclude -DHAVE_SQLITE ​  -c -o airolib-ng.o airolib-ng.c
Line 303: Line 312:
   make: *** [all] Error 2   make: *** [all] Error 2
   ​   ​
- 
 ==== When is the SQLite patch needed? ==== ==== When is the SQLite patch needed? ====
  
-The SQLite patch included with aircrack-ng sources is only needed when compiling under Windows. ​ It is required to remove some elements which will not compile under windows and  are not required.+The SQLite patch included with aircrack-ng sources is only needed when compiling under Windows. ​ It is required to remove some elements which will not compile under windows and are not required.
  
 It is not required for linux installations. It is not required for linux installations.
  
 +==== Airolib-ng fails to open or create the database ====
 +
 +On windows only, opening/​creating a database doesn'​t work when airolib-ng is in directories containing special characters like '​ç',​ '​é',​ '​è',​ '​à',​ ... (directories containing spaces are not affected).
 +
 +The solution is to move airolib-ng and its database in another directory without these special characters.
 +
 +==== "​invalid lines ignored"​ error message ====
 +
 +This error message may occur when importing passwords or ESSIDs. ​  It is the number of records with invalid passwords or ESSIDs lengths. ​ The valid lengths are:
 +
 +  * Passwords must have a length of 8 through 63 characters
 +  * ESSIDs must have a length of 1 through 32 characters
 +
 +==== "​Quitting aircrack-ng..."​ error message ====
  
 +If you subsequently run aircrack-ng and only receive "​Quitting aircrack-ng..."​ then the ESSID is missing from the database. ​ You need to load it plus rerun the batch option.
  
airolib-ng.txt · Last modified: 2019/04/15 19:07 by mister_x