Ah, yes. Hacking is one of the penultimate pastimes of newbie HakZ0Rz wannabies. 🙂

Still, it is something that you (the WiFi person on-the-go) need to realize… as the ease with which one CAN crack your WiFi password should cause you some fear and trepidation… (but, it comes with some caveats.)

If you are using WEP for your WiFi security, let me simply tell you that you should quit it. STOP! Switch to WPA/WPA2. Now. Understand? No? Well, switch to WPA/WPA2 NOW! Don’t even bother reading the rest of this article until you have. OK? Cool. Really? You did? Awesome…

When it comes to WiFi security, WEP is already known for its “insecurity”. Still, it is used quite often as it still works across-the-board for nearly every WiFi enabled PC/Laptop/Mobile Device. There are still a handful of laptops that are unable to upgrade their WiFi cards to the latest version of WPA/WPA2, leaving them unable to connect to anything less than a WEP or older WPA-only secured wireless APs (Access Point). This is (in of itself) is one of the main reasons why WEP is still utilized amongst the plethora of Wireless Enabled Cafes.

Still. It is a bad habit.

However, this post is NOT about WEP, but WPA/WPA2… and how easily it can be cracked with a laptop using Apple’s OSX (well, at least 10.5).


KisMAC is a well-regarded Mac OSX WiFi “stumbler”, with the ability to not only log nearby WiFi Access Points, but their MAC Address (BSSID), their Encoding Type (WEP, WPA or WPA2), and the 4-Way “Handshake” to decode the AP’s password.


Aircrack-ng is a collection of tools with which one can digest the KisMAC logs and successfully spit-out the AP’s password. Aircrack-ng does not run “natively” on Mac OSX 10.5 (it’s a Linux application), so their are a few pieces that need uploaded/installed in order to get it to work properly.

Let Us Start

The KEY to all of this will be to grab a “4-Way Handshake” from KisMAC and utilize Aircrack-ng to decode the Pre-Shared Key (PSK). Rather than “Actively” garnering a “4-Way Handshake”, I’ve chosen to do so in “Passive” Mode… waiting for a “4-Way Handshake”… rather than forcing it to happen. 🙂 How Nice of me. 🙂 Besides, it would require two quality wireless cards to be installed… and I don’t want to buy another single-purpose USB WiFi device. Blech! 🙁

Aircrack-ng & Pre-Shared Key

Now that we have a full “4-Way Handshake”, we’ll need to start Aircrack-ng to decode the key.

We start with this:

  1. Start a Terminal application.
  2. We’ll need a good “dictionary” file to brute-force the WPA/WPA2 key.
  3. Make sure that the “dictionary” file and the kisMAC log file are in the SAME directory.
  4. Do yourself a favor and rename the kisMAC log file to something like… IDK… “DumpFileX”… where “X” is a numeric value. Why fluster yourself withing typing a rather large filename at the Terminal? Know What I Mean?
  5. If you are smart, your terminal typing will look something like this:
  6. aircrack-ng -w password.txt -b CC:1B:59:86:53:A4 -e belkin.999 DumpLog9
  7. DumpLog3 and password.txt HAVE to be in the same directory. Just do it. OK?
  8. password.txt MUST contain the password for the WiFi WPA/WPA2 enabled Access Point. Each line must be seperate… I suggest using UTF-8 as the final text format.
    For this example: Dumplog3 MUST contain a “4-Way Handshake” for the AP you wish to crack.
  9. The
    -b CC:1B:59:86:53:94

    option MUST contain the MAC Address of the device you wish to crack. Alter as necessary.

  10. The
    -e belkin.999

    option MUST contain the SSID of the device you wish to crack. Alter as necessary.

Simple, eh?

What everyone needs to realize is that in order to crack WPA/WPA2… you MUST have the correct password in your “password.txt” file… else Aircrack-ng will simply fail.

Did you catch that? This is a brute-force attack. One simply cannot generate a short list of passwords to try and exepct that they’ll be surfing FREE on their neighbors WiFi internect connection. 🙂

Here’s the math: Given an 8-charachter password (lower, upper and numeric) AND you can check passwords at 500k/second… it will take you 15 years to go through ALL iterations. If you choose a 9-character password… it grows to 871 years. Not to mention the size of your dictionary file. Oh, It’ll be larger than a few Gigabyes. Hope you’ve got something else to do to pass the time. 🙂

Don’t ask me HOW to use KisMAC. There are already a bunch of tutorials online. For more information on Aircrack-ng, again… do a Google Search. There’s plenty on it as well.

So, if you are worried about someone hacking your home WiFi, use WPA/WPA2 and choose a sizable password (between 9 and 64 characters). If you notice your neighbor growing a rather lengthy beard… I wouldn’t worry. You’ll probably move before he cracks your WiFi password. 🙂