Gentoo Pulls the Plug after Getting Pwned » « Voting Machines Lose to Hackers Again 
aircrack-ptw – Fast WEP Cracking Tool for Wireless Hacking
Darknet spilled these bits on September 25th 2007 @ 8:14 pm

WEP is a protocol for securing wireless LANs. WEP stands for “Wired Equivalent Privacy” which means it should provide the level of protection a wired LAN has. WEP therefore uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key (called the root key or WEP key) of a length of 40 or 104 bit.

A history of WEP and RC4

WEP was previously known to be insecure. In 2001 Scott Fluhrer, Itsik Mantin, and Adi Shamir published an analysis of the RC4 stream cipher. Some time later, it was shown that this attack can be applied to WEP and the secret key can be recovered from about 4,000,000 to 6,000,000 captured data packets. In 2004 a hacker named KoReK improved the attack: the complexity of recovering a 104 bit secret key was reduced to 500,000 to 2,000,000 captured packets.

In 2005, Andreas Klein presented another analysis of the RC4 stream cipher. Klein showed that there are more correlations between the RC4 keystream and the key than the ones found by Fluhrer, Mantin, and Shamir which can additionally be used to break WEP in WEP like usage modes.

The aircrack-ptw attack

The aircrack team were able to extend Klein’s attack and optimize it for usage against WEP. Using this version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.

Countermeasures

We believe that WEP should not be used anymore in sensitive environments. Most wireless equipment vendors provide support for TKIP (as known as WPA1) and CCMP (also known as WPA2) which provides a much higher security level. All users should switch to WPA1 or even better WPA2.

You can download aircrack-ptw here:

aircrack-ptw-1.0.0.tar.gz

Or read more here.

Find an aircrack-ptw How To here.

Please note aircrack-ptw should be used together with the aircrack-ng toolsuite.

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to StumbleUpon

Tags:  ,  ,  ,  ,  ,  ,  ,  ,  ,  ,  ,  

rss Subscribe to Darknet RSS Feed rss

Stored in: Hacking Tools, Wireless Hacking

Related Posts:
- aircrack-ng – WEP and WPA-PSK Key Cracking Program
- WEPBuster – Wireless Security Assessment Tool – WEP Cracking
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking
- WPA Wi-Fi Encryption Scheme Partially Cracked
- Super Mega Wi-Fi Hacking Machine – Janus Project
- Old Darknet Pages – Links List, Secure Win2k etc.

| 86,069 views |

comments are closed
  1. aircrack-ng - WEP and WPA-PSK Key Cracking Program | Darknet - The Darkside
    pingback

    [...] Remember you need this to use aircrack-ptw – the fast WEP cracking tool. [...]

  2. IT Security » Blog Archive » Why WEP is Insecure –Fast Hacks on Wireless Networks
    pingback

    [...] Darknet has a post today on why you don’t want to use the WEP (Wired Equivalent Privacy) protocol to secure a wireless network. In under a minute, hackers can capture 40,000 packets, and have a 50% probability of being able to recover the 104 bit WEP key, using techniques like deauth and ARP re-injection. For 40 bit keys, there’s an even higher success rate. [...]

  3. guide to get rich fast
    February 7th, 2008 | 11:41 pm

    Is amazing info. Don’t have to pay for internet anymore. Thank you.

  4. eM3rC
    February 8th, 2008 | 3:32 am

    Awesome program!

    Neighbors T2 line here I come :)

  5. Pantagruel
    February 8th, 2008 | 12:07 pm

    Mind you, in some countries (UK, Nl, Ger) there are laws regarding ‘piggy-backing’ and the punishment received may depend on what the abuse was about.
    One could of course argue that stupidity should be made punishable. If you have an open (or badly locked down) AP yo are asking for it and regarding the amount of pc magazine having spend tutorial on how-to lock down you wireless setup you could argue for neglect on part of the AP owner.

  6. eM3rC
    February 9th, 2008 | 8:33 am

    Although it is questionable to mooch off of other peoples wireless internet, its not illegal where I live (well not yet at least). I think using it for my basic surfing is fine although I wont be using anything like torrents which could call the persons service into question or bog down their internet connection.

  7. bob
    February 26th, 2008 | 6:29 pm

    please i have laptop toshiba 105 with vista and didn’t understand nething how to install it…i really need ur help…send the links and the way to install it and use it plzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

  8. Bogwitch
    February 26th, 2008 | 6:48 pm

    Bob, you’ve entered a dark place.
    This software is very difficult to install. It would be best for you to give me your email address and your password and I’ll send you the easy installer.

  9. eM3rC
    February 26th, 2008 | 11:01 pm

    Hey Bogwitch what about credit card information and social security numbers? That would make the install even easier!

  10. Pantagruel
    February 27th, 2008 | 11:03 am

    @Bogwitch & eM3rC

    LOL,
    Wire some money to my off-shore cayman account and it will all magically start working ;)

  11. Poonam
    May 28th, 2008 | 7:03 am

    hi Bogwitch…please email me the EASY installer. this is my third time trying to install aircrack-ng suite but i can never even get pass through anything…please..thanks..

    here is my email address: poonam_kaler@yahoo.com

  12. Bogwitch
    May 28th, 2008 | 12:36 pm

    Maybe I forgot the tags.

    Poonam, as above, you need to send the password to your email account in order for it to work. As eM3rC hinted, you get the deluxe version if you give me your credit card numbers.

  13. jolly_roger
    January 4th, 2009 | 8:15 am

    i cant find anny of these that work for vista

  14. goodpeople
    January 5th, 2009 | 12:58 pm

    WOOHAHAHAHAHA

    Bogwitch, hilarious!

  15. Jebus
    January 12th, 2009 | 1:29 am

    Any chance you can get picked up after hack?? also send me any updates and that to my address let me know if anyting is better

  16. Bogwitch
    January 12th, 2009 | 5:27 pm

    Yes, that’s why you only hack with written permission from the system owner.
    As for updates, you’re connected to thee Internet – it’s a fantastic resource for finding out information, particularly concerning computer software. If you can’t do your own research, you should not be seeking penetration testing assignments.

    tl;dr: You’re a moron.

  17. Darion
    January 13th, 2009 | 9:23 am

    I have to agree with Goodpeople.

    This is just too funny to be true!

  18. Bogwitch
    March 3rd, 2009 | 1:44 am

    @James,
    We will need your email password to send it to you….

  19. navin
    March 3rd, 2009 | 10:06 am

    @ Bogwitch….he asked for the easy installer……..email password is only for the l337 h@X0r installer…..the easy installer will also need your credit card number along with the email password (for verification purposes :) )

  20. Bogwitch
    March 3rd, 2009 | 6:35 pm

    How silly of me to forget. My bad. What Navin said…

  21. FUCK3R
    March 5th, 2009 | 8:20 am

    You guys are suppose to help those who don’t and not to tease him BOB u can download it from here http://uploading.com/files/P978UYQZ/aircrack_2.1_PrisonMan.rar.html

  22. BrackenKeith
    March 8th, 2009 | 6:59 pm

    I need richard hammond version of this.

Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This