Documentation, tutorials, ... can be found on http://www.aircrack-ng.org See also manpages and the forum. Installing ========== This version now requires more libraries than 0.X versions to be compiled. See INSTALLING file for more information OpenWrt Devices =============== You can use airodump-ng on OpenWrt devices. You'll have to use specify prism0 as interface. Airodump-ng will automatically create it. Rq: Aireplay DOESN'T work on OpenWrt (2.4 kernel) with broadcom chipset since the driver doesn't support injection. It *may* work with 2.6 kernels >= 2.6.24 (kamikaze 8.09+ custom-built). Known bugs: =========== Drivers ------- Madwifi-ng ---------- The cause of most of these problems (1, 2 and 3) is that Madwifi-ng cannot easily change the rate in monitor mode. Technically, when changing rate while in monitor mode, the raw socket gets invalidated and we have to get it again. Madwifi-ng is getting replaced by several drivers: ath5k, ath9k and ar9170. Problem 1: No client can associate to an airbase soft AP. Solution: Use a more recent driver. Madwifi-ng has been deprecated for years. Problem 2: When changing rate while you are capturing packet makes airodump-ng stall Solution 2: Restart airodump-ng or change rate before starting it. Problem 3: After some time it stops capturing packets and you're really sure no network manager are running at all. Solution 3: That's a known bug in the driver, it may happen at any time (the time before it fails can vary a lot: from 5 minutes to 50 or even more). Try (as root) unloading completely the driver with 'madwifi-unload' and then run 'modprobe ath_pci autocreate=monitor'. Problem 4: When creating a new VAP airodump-ng takes up to 10-15 seconds to see the first packet Solution 4: It's the behaviour of madwifi-ng, don't worry (... be happy ;)). Orinoco ------- Problem: BSSID is not reported correctly or is 00:00:00:00:00:00 or signal is not reported correctly. Solution: None. Consider replacing your card, orinoco is really really old. Aircrack-ng ----------- Aireplay-ng ----------- Problem: Fakeauth on a WRT54G with WEP (shared authentication) doesn't work. Solution: None at this time (we'll try to fix it in an upcoming release). Airolib-ng ---------- Problem: On windows only, opening/creating a database doesn't work when airolib-ng is in directories containing special characters like 'ç', 'é', 'è', 'à', ... (directories containing spaces are not affected). Reason: It's a SQLite issue. Solution: Rename the directory or move the database into another directory. Airodump-ng ----------- Problem: Airodump-ng stop working after some time. Solution 1: You may have a network manager running that puts back the card in managed mode. You'll have to disable it (the fastest solution is killing the process) then restart airodump-ng. Solution 2: See Problem 3 of Madwifi-ng. Problem: On windows, it doesn't display a list of adapters like the old 0.X Solution: It requires you to develop your own DLL. Problem: Handshake is not captured/detected Reason: You might be too far and your signal is bad (or too close with a signal too strong). Another possibility is that Airodump-ng didn't detect the handshake properly due to being far apart in the capture. Solution 1: Check out our tutorial 'WPA Packet Capture Explained' in the wiki. Solution 2: Try running Aircrack-ng on your capture, it might detect the capture. Solution 3: Check out our wpaclean tool. Note: It will be fixed in an upcoming release. Cygwin ------ Problem: Aircrack-ng doesn't build on Cygwin64 Solution: None at this time. Build it using 32 bit cygwin. Problem: /usr/include/sys/reent.h:14:20: fatal error: stddef.h: No such file or directory Solution: It happens because the gcc and g++ version are different. Make sure they are the same. Sample files ============ wep.open.system.authentication.cap: It show a connexion (authentication then association) to a WEP network (open authentication). wep.shared.key.authentication.cap: It shows a connexion (authentication then association to a WEP network (shared authentication). The difference with open authentication is that the client has to encrypt a challenge text and send it back (encrypted) to the AP to prove it has the right key. wpa.cap: This is a sample file with a WPA handshake. It is located in the test/ directory of the install files. The passphrase is 'biscotte'. Use the password file (password.lst) which is in the same directory. wpa2.eapol.cap: This is a sample file with a WPA2 handshake. It is located in the test/ directory of the install files. The passphrase is '12345678'. Use the password file (password.lst) which is in the same directory. test.ivs (http://download.aircrack-ng.org/wiki-files/other/test.ivs): This is a 128 bit WEP key file. The key is AE:5B:7F:3A:03:D0:AF:9B:F6:8D:A5:E2:C7. ptw.cap (http://dl.aircrack-ng.org/ptw.cap): This is a 64 bit WEP key file suitable for the PTW method. The key is '1F:1F:1F:1F:1F'. wpa-psk-linksys.cap: This is a sample file with a WPA1 handshake along with some encrypted packets. Useful for testing with airdecap-ng. The password is 'dictionary'. wpa2-psk-linksys.cap: This is a sample file with a WPA2 handshake along with some encrypted packets. Useful for testing with airdecap-ng. The password is 'dictionary'. password.lst This is a sample wordlist for WPA key cracking. More wordlists can be found at http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists password.db This is a sample airolib-ng database for WPA key cracking. pingreply.c Replies to all ping requests. Useful for testing sniffing/injecting packets with airtun-ng. Chinese-SSID-Name.pcap Contains a beacon with an SSID displayed in Chinese. verify_inject.py Testing DNS requests using airtun-ng.