fyi i heard about this a while back... some one out there checked the byte count on an arp?*cant recollect exactly* request copied it and from another card spammed the ap with it in order to get a response from the ap and create "traffic" to help speed up the process of cracking.. but they needed 2 "nodes" one listening and one spaming... fyi ya might wana look into that to help ya speed things up a bit..

Quote:

Originally Posted by Binary100100

It also depends on how much traffic that is being processed through that network as well. My roommates keep changing the damn wep key because they think that they are being hacked. And me... being that I work nights often come home and see that my computer can't be online. I through on an Atheros driver, start aircrack and because they don't have any computers online at the moment it takes me about 2 hours to crack their basic 64 bit encryption! Then when I ask them why they changed it from one of their phone numbers to "0000000001" because it was a stupid password (even brute force wise) they got scared because they realized how stupid it actually was. So the next day it was set to 128 bit wep. So I tested that and it took me about 6 hours (again with little internet traffic). I tested again while on peak hours (one roommate was on XML, one was playing online poker, another.... who knows... there was a total of 6 connected-5 wireless) and I was able to crack 128bit in less then an hour!

But... to say that you just want to see the power of Android by using a WEP cracker... that's like saying I want to test out the power of my new dvd rom drive by copying dvd's. Yeah... it doesn't fly.

oh man

---

I would be very interested if any work was done on this. Cracking WPA with known ESSIDs would be very doable from android(assuming you had a WPA hashtable database). But the only thing you would really need is to capture the 3way TKIP handshake or w/e. A good rainbow table database though is 50+ gigs so good luck getting that on your SD card.. and getting the initial handshake would still require promiscuous mode

Even if you can't do injection it would be nice if there was a tool to capture initial vectors or handshakes for use later. Even if you couldn't run a PTW cracker on your IV capture file it would be cool if you could run it and bring it back to your PC and crack it.


Is it possible to get iwconfig working? That would be a good first step. I'd imagine by default though you would not be able to do this with the stock driver.

Wouldn't it be nice.. iwconfig wlan0 mode monitor..


I have tried running those type of commands from debian linux on my G1, but it recognizes your wifi card as a LAN adapter so you can't run low level commands on it to set it's mode.


If someone could get the aircrack-ng suite running on android i would LOVE you!

I don't understand why people think that cracking wep on your phone would be useless/only for bad reasons. Half of the people you meet don't even know their own linksys wrt54g wifi password and being able to retrieve that in a couple minutes is beautiful.



I wonder if getting an ARP poisoning MITM tool on android would be more doable? ettercap-ng command line would be very fun!

The aircrack-ng suite has an armel port, some one jsust needs to cross compile it into android using the ndk. Also the ndk does not allow for pure c(+) programs only some backend stuff. So a program written with the sdk can call it. But cannot run on its own.

However from my experiences using the aircrack-ng suite, you need to be using at least 4 windows at the same time, for best results. Terminal on android doesnot allow for muliple instences. Also they pause when focus is lost.

"airodump-ng" to collect logs
"Aireplay-ng -1 0" for the association
"Aireplay-ng -3" for the injection
"Aircrack-ng -s" actually craking the key

Unless we can get a program the uses a gui to do all this, it won't work for now. Minus the inability to inject packets or get monitor mode.

Just my 2 cents from a computer tech who white hats for money, and black hats for fun.

Cracking wep would not be an issues for the g1 hardware.

Cracking wpa on the g1 would be almost pointless without the salted hash tables. My monster desktop didn't even make it through the 0******* to 1******* (a-z + A+Z +0-9) overnight without using salted hash.

I do however like the idea of being able to capture the 4 way hand shake so it can be used later. That would be really nifty

Quote:

Originally Posted by ubernicholi

The aircrack-ng suite has an armel port, some one jsust needs to cross compile it into android using the ndk. Also the ndk does not allow for pure c(+) programs only some backend stuff. So a program written with the sdk can call it. But cannot run on its own.

Or a pure terminal program...

Quote:

However from my experiences using the aircrack-ng suite, you need to be using at least 4 windows at the same time, for best results. Terminal on android doesnot allow for muliple instences. Also they pause when focus is lost.

"airodump-ng" to collect logs
"Aireplay-ng -1 0" for the association
"Aireplay-ng -3" for the injection
"Aircrack-ng -s" actually craking the key

Unless we can get a program the uses a gui to do all this, it won't work for now. Minus the inability to inject packets or get monitor mode.

Ever heard of running a background process? Yes, this is NOT applephone, it DOES multitask.

I know that android supports multitaking, however I donot know of a way to make terminal programs run in the background.

Quote:

Originally Posted by ubernicholi

I know that android supports multitaking, however I donot know of a way to make terminal programs run in the background.

Someone should compile screen for android also.

Quote:

Originally Posted by ubernicholi

I know that android supports multitaking, however I donot know of a way to make terminal programs run in the background.

first thing that comes to mind is debian
runs in the background parallel to android

I've got aircrack-ng running in debian, just need drivers to support it.

yup i dont know much about the programming aspect of it all but i know once we get those drivers on the g1 and get monitor mode up. id be happy.
injection would make me even happier. =]