ROAW NEWS

Second, to connect to a WLAN you need to find it’s AP (access point), more specifically the SSID of the AP in question. This is usually a dedicated device that receives and transmit signals to and from the clients, but it can also be a normal computer doing the same function. There are various tools/software to scan for AP’s, such as NetStumbler, WIFI-radar, Kismet and Kismac; they will tell you if there is any AP withing range, how strong the signal is and what encryption (if any) is being used. If the WLAN doesn’t use any encryption to protect the wireless transmissions then you can connect to the network without having to use a key. There might still be issues connecting surround MAC filtering but we’ll get to that later.

Now if the network is secured by encryption you will need to get a key to be able to connect. Getting a hold of this key varies in difficulty with the encryption method in use on the network. The basic method behind every software mentioned is to sniff for certain packets being sent by the AP and it’s clients and use a program can calculate/crack the key based on those packets.

WEP encryption is fairly old and can be cracked with a number of different applications, such as aircrack, airsnort, KisMac, Wepcrack, Auditor security collection liveCD and many others, google is good for finding an application that works on your platform. What these applications do is collect the most relevant frames and with enough frames the program can break the encryption and calculate the key. Some of these applications use injection methods to produce more traffic from the AP’s which results in more packets being sent and more frames being collected. This lowers the time it takes for the software to find the key. Injection simply refers to the act of sending out packets from your machine to the AP in order to incite the AP to reply and thus, send more packets flying through the air.

WPA is a more advanced form of encryption and can’t be cracked in the same way as WEP encryption. WPA uses instead a Pre-Shared Key that is sent when a client connects to the network. Applications such as coWPATTY, Aircrack and KisMAC can collect the encrypted key and use offline dictionary/bruteforce attacks to try and break the encryption. This is different then how WEP is crack in that WEP has obvious flaws in it’s implementation that are used to find the key. With the WPA methods described, the key is attacked with traditional encryption breaking techniques, not a flaw in the implementation.

We are currently looking for any information regarding WPA2 cracking.[/b]

It should also be noted that while some chipsets support rfmon mode, they don’t allow for packet injection, which is a real bummer if you’re planning on doing a lot of WEP cracking on low-activity APs.