An Interesting Take On WEP Cracking

[Ben Kurtz] is doing a little WEP cracking but in a bit of a different way than we’re used to. WEP cracking makes us think of war driving; driving around with your laptop open, looking for WiFi access points, and stopping to run some software when you find them. [Ben’s] way is similar but different in one key way, he’s using an iPhone as the frontend.

This started as a way to find a use for some leftover equipment. He threw together a Linux box and loaded up Aircrack-ng, the software we often see used in penetration testing. To remove himself from shady-looking activities in public he coded a web interface using the Python package Turbogears. It uses screen, a program often used with SSH to run services concurrently in different terminals, with the option to disconnect without stopping the processes. Now it’s just a matter of parking the hardware near an AP, and doing the work in a browser on your mobile device. You can check out the script he wrote, as well as installation instructions, in his post linked above.

[Thanks Tech B.]

[Note: Banner image not directly related to this post]

19 thoughts on “An Interesting Take On WEP Cracking

  1. I used to do something similiar before the iPhone came out. Had a symbian phone with Wifi.and use putty for symbian. Would set up a ad-hoc network with another wireless card in my laptop. So the main wifi card was free to do what you wish.

    The ubiquity of SSH!

  2. 404Usernotfound knows the real deal: do everything straight from the iPod, no laptop required.
    On that note, does anybody know of a similar setup for Android devices? All I see are a lot of “it would work but nobody ever compiled it” posts.

  3. So, what, the computer system is the one doing the actual wireless data gathering from the AP? Seems a little useless to me, honestly. I mean, do people really think twice about someone on a laptop in a car? I know I wouldn’t.

    It is interesting, though.

  4. yep its retarded

    especially the newcommers who believe its gunna work by just loading up some tool

    if you dont have amplifiers and good antennas all you gonna capture is trash, fragments

    not to mention that for doing deauth attacks you have 2be close to the ap as well

  5. Google and now Apple already do this.

    Every Android device – well, a significant majority of them – is already setup to do something similar. Well, I’m exaggerating a bit, but you’d still be interested.

    When you use the data capacity of your phone, your phones equivalent of a mac address, along with your GPS coordinates AND a list of all the ESSIDs of the visible wifi networks in the area are uploaded regularly.

    It used to be that only the cellphone providers had this data. Now google and apple have it.

    If GPS isn’t available, the cell tower triangulation algorithms are used. As a distant third, they can use already mapped ESSIDs – and since this has been going on for a while, that map is already pretty darned complete.

    Why is this important? Because now google (and to a lesser extent but pulling up into the #2 spot in a hurry) has THE BEST AND MOST COMPLETE universal database of ip address to actual location mapping in the world.

    Oh, and your real identity information, even though that isn’t being openly sold. Yet.

    Rest assured – you’re already tagged, bagged and about to be slagged. I don’t actually know what slagging is, but for my purposes it means that you and all your relationships and interactions with other people will be available for instant recall and cross-reference.

    Is that totally cool, or what?
    The future is pretty damned rad!

  6. VNC client, ssh client, or native aircrack tools do this better, easier, and faster and have a higher coolness factor because you dont look like the chump that poorly reinvented the wheel poorly.

Leave a Reply to MaaveCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.