Cracking WPA/WPA2 with KisMAC and Aircrack-ng

Posted January 11th, 2013 in Featured, Technology by Dennis

Ah, yes. Hacking is one of the penultimate pastimes of newbie HakZ0Rz wannabies. :)

Still, it is something that you (the WiFi person on-the-go) need to realize… as the ease with which one CAN crack your WiFi password should cause you some fear and trepidation… (but, it comes with some caveats.)

If you are using WEP for your WiFi security, let me simply tell you that you should quit it. STOP! Switch to WPA/WPA2. Now. Understand? No? Well, switch to WPA/WPA2 NOW! Don’t even bother reading the rest of this article until you have. OK? Cool. Really? You did? Awesome…

When it comes to WiFi security, WEP is already known for its “insecurity”. Still, it is used quite often as it still works across-the-board for nearly every WiFi enabled PC/Laptop/Mobile Device. There are still a handful of laptops that are unable to upgrade their WiFi cards to the latest version of WPA/WPA2, leaving them unable to connect to anything less than a WEP or older WPA-only secured wireless APs (Access Point). This is (in of itself) is one of the main reasons why WEP is still utilized amongst the plethora of Wireless Enabled Cafes.

Still. It is a bad habit.

However, this post is NOT about WEP, but WPA/WPA2… and how easily it can be cracked with a laptop using Apple’s OSX (well, at least 10.5).

KisMAC

KisMAC is a well-regarded Mac OSX WiFi “stumbler”, with the ability to not only log nearby WiFi Access Points, but their MAC Address (BSSID), their Encoding Type (WEP, WPA or WPA2), and the 4-Way “Handshake” to decode the AP’s password.

Aircrack-ng

Aircrack-ng is a collection of tools with which one can digest the KisMAC logs and successfully spit-out the AP’s password. Aircrack-ng does not run “natively” on Mac OSX 10.5 (it’s a Linux application), so their are a few pieces that need uploaded/installed in order to get it to work properly.

Let Us Start

The KEY to all of this will be to grab a “4-Way Handshake” from KisMAC and utilize Aircrack-ng to decode the Pre-Shared Key (PSK). Rather than “Actively” garnering a “4-Way Handshake”, I’ve chosen to do so in “Passive” Mode… waiting for a “4-Way Handshake”… rather than forcing it to happen. :) How Nice of me. :) Besides, it would require two quality wireless cards to be installed… and I don’t want to buy another single-purpose USB WiFi device. Blech! :(

Aircrack-ng & Pre-Shared Key

Now that we have a full “4-Way Handshake”, we’ll need to start Aircrack-ng to decode the key.

We start with this:

  1. Start a Terminal application.
  2. We’ll need a good “dictionary” file to brute-force the WPA/WPA2 key.
  3. Make sure that the “dictionary” file and the kisMAC log file are in the SAME directory.
  4. Do yourself a favor and rename the kisMAC log file to something like… IDK… “DumpFileX”… where “X” is a numeric value. Why fluster yourself withing typing a rather large filename at the Terminal? Know What I Mean?
  5. If you are smart, your terminal typing will look something like this:
  6. aircrack-ng -w password.txt -b CC:1B:59:86:53:A4 -e belkin.999 DumpLog9
  7. DumpLog3 and password.txt HAVE to be in the same directory. Just do it. OK?
  8. password.txt MUST contain the password for the WiFi WPA/WPA2 enabled Access Point. Each line must be seperate… I suggest using UTF-8 as the final text format.
    For this example: Dumplog3 MUST contain a “4-Way Handshake” for the AP you wish to crack.
  9. The
    -b CC:1B:59:86:53:94

    option MUST contain the MAC Address of the device you wish to crack. Alter as necessary.

  10. The
    -e belkin.999

    option MUST contain the SSID of the device you wish to crack. Alter as necessary.

Simple, eh?

What everyone needs to realize is that in order to crack WPA/WPA2… you MUST have the correct password in your “password.txt” file… else Aircrack-ng will simply fail.

Did you catch that? This is a brute-force attack. One simply cannot generate a short list of passwords to try and exepct that they’ll be surfing FREE on their neighbors WiFi internect connection. :)

Here’s the math: Given an 8-charachter password (lower, upper and numeric) AND you can check passwords at 500k/second… it will take you 15 years to go through ALL iterations. If you choose a 9-character password… it grows to 871 years. Not to mention the size of your dictionary file. Oh, It’ll be larger than a few Gigabyes. Hope you’ve got something else to do to pass the time. :)

Don’t ask me HOW to use KisMAC. There are already a bunch of tutorials online. For more information on Aircrack-ng, again… do a Google Search. There’s plenty on it as well.

So, if you are worried about someone hacking your home WiFi, use WPA/WPA2 and choose a sizable password (between 9 and 64 characters). If you notice your neighbor growing a rather lengthy beard… I wouldn’t worry. You’ll probably move before he cracks your WiFi password. :)

A Review of the Verizon iPhone 4

Posted April 7th, 2011 in News, Technology by Dennis
iPhone4

iPhone4

Yeah, I drank the Kool-Aid. :)

So, I buy the phone…

In my defense, for all you Android fans, I’ve been among the Motorola camp for many years:  switching my Nokia “brick” for the Moto RAZR and then the RAZR2 & its fabulous camera (a cellphone which VZW dropped mere months after I switched… still not sure what THAT was about.)

Alas, I’ve been limping along on the RAZR2′s ORIGINAL battery for 3 years before Apples’s iPhone4 was finally relinquished to Verizon’s expansive network of CDMA towers. Yes, it won’t do data AND voice at the same time… but, neither did the original iPhone… until the iPhone 3G was released. So… Bite Me!

I’ve been impressed so far. Of course, there’s been a bit of a learning curve, but much of that has been setting the phone up to work for me: setting Alarms, Ringtones (which there aren’t many built-in), and organizing my Contacts list. The actual “swap” at the Verizon Store from my Moto RAZR2 to the iPhone 4 was fairly straight-forward. It took some time to finally Activate it, but I suspect it had much to do with the number of Verizon customers doing the very same thing as I that Saturday afternoon.

I had waited a couple weeks before making the switch; I really don’t consider myself an “early adopter”. I watched the multiple Gawker sites and kept a close eye on Engadget to read the general reaction. I read about the similar “Grip of Death” that plagued the AT&T version, but knew that if I picked up a decent case… I wouldn’t be having those issues. Spent some cash on a package of Pure-Gear “Display Protectors” and was impressed with the amount of thought that went into assisting the user on how to best apply the “cover friendly” scratch-guard. The fact that they included a screen wipe (the same I find when purchasing high-end SLR camera lens’s) was most impressive.  Now, I know why they cost $15 for 3 protectors.

As soon as I got it home, I immediately sync’d it to my Windows XP desktop. Even though iTunes can be a little buggy & bloated, it sync’d with no problems and quickly began scarfing my tunes. With that finished, I quickly began downloading applications from the iTunes Store: Find my Phone, PS Express, Labelbox, IMDb, Facebook, Twitter, Remote, Skype, NPR News, CNN, RedLaser, Mint, eBay, Craigslist, SoundHound and as many Free Angry Birds games as possible.

The REAL standouts are:

  • Find my Phone – Reports back your phone’s GPS coordinates & will locate your lost/stolen phone
  • Remote – Remotely control iTunes from your WiFi Access Point
  • RedLaser – Scans barcodes using the camera, identifies the item, how much it costs and where it can be found.
  • SoundHound – Hum a few bars or record audio from the radio and it will tell you the name of that song that’s been nagging you all day.

These are really “niche” applications, but they really show the capabilities of the iPhone 4 and how easy it can be to integrate all the gizmo’s inside.

6 Months Later…

Now, I’ve had this phone for 6 months and it’s still running like a champ. I did manage to crack the backside glass shell, though. I’m not sure why Apple decided to surround the iPhone4 in Gorilla Glass, but it was a pretty bad move. My old Nokia or Motorola RAZR would have shrugged-off that waist-high plummet to the concrete with aplomb. The iPhone? Not so much. I’m keeping most of the shards intact by pasting a section of Clear Packing Tape to the back shell.

Obviously, my next case will something a bit more durable than a silicone rubber sock. Although, I enjoyed the anti-slip feature when I placed the iPhone on the dash of my Mercedes. Fortunately for me, replacing the back glass is rather cheap: $20 – $40 bucks on eBay, including tools.

I can count on one hand, the number of times a single charge did NOT last me the entire day. In addition, I’m suprised I didn’t break the glass sooner, as I typically carry the iPhone4 in my back pocket. After all those hours sitting at my desk or driving between Iowa City and Cedar Rapids… I’m amazed I hadn’t bent the thing in half.

I’m also impressed with the fact that I’ve yet to replace the initial screen-protector. Yeah, it’s developed a few tiny bubbles… but, they’ve never impeded the scrolling features. :) Win!

My ONLY complaint: The front-facing camera sucks. Oh, GAWD, does it suck. I’ve retired my personal digital camera for the iPhone4′s back camera, with built-in HDR recording capabilities. But, that front-facing camera? GAG!

Conclusion

All-in-all… this is one solid phone with more features than I suspect I’ll ever really use. The cell-phone has finally matured.

 

Sr. Design Project referenced on Instructables

Posted April 26th, 2010 in News, University of Iowa College of Engineering by Dennis

instructablesMost of the traffic to my website appear to come from people interested in my Senior Design RFID Project that I finished back in 2008 to graduate from the University of Iowa Engineering Department.

They search fairly typical keywords: RFID, manchester, decoding, hid, hack, spoof,  125kHz or other basic parameters of RFID technology.

These key-word searches increase during the middle of the semester, when I surmise the students are scrambling to figure out how to make their OWN RFID Senior Design projects work.

It’s cool.

Recently, some guy going by sketchsk3tch on Instructables referenced my senior design project. It was VERY kind of him to add my project to his list of references, but wasn’t to happy with what he mentioned in reference to my project, stating, “School project, cool ideas, missing some details though.”

Missing some details? Like what? The entire schematic is up on that page! What more does this guy need?

Which brought me to another issue: Why didn’t he ask me for those missing details? Because, I would not have provided the REAL missing piece: The Arduino Code. Yeah, he would have “stolen” the Arduino code (the Java-like code that instructs the Atmega168 PIC we used for the project). Well, maybe he wouldn’t have “stolen” it, but I’m confident any bits he used would NOT have been attributed properly.

…and that is precisely the reason the entire RFID project is NOT up on my website. I hate leachers. Period.

As much attention my Senior Design Project seems to get from across the globe, I refrain from providing some of the critical pieces to make the entire project work. It’s self preservation.

So, to those seriously interested in my project, skim through my website and have fun. It’s for the community to enjoy. Ask me questions! I’ll answer, but don’t be surprised if I make you work at it. How else are you really going to learn?

Skype API and Chat Bots

Posted January 1st, 2010 in Technology by Dennis

Skype

Over the last few weeks, I have been working on a chat-bot that acts much more than a simple echo server. With the plethora of Instant Message clients on the market (Yahoo, AIM, GTalk, Pidgin, Adium, etc.), it was difficult to determine which IM client suited my needs. First, the client needed to be available across several platforms (Windows, Windows Mobile 6, Linux, OS X). Second, their needed be an existing publicly available API in order to write the chat-bot code. Third, it was imperative that the API was actively being deployed and developed. Why mess around with an IM client that nobody was using?

Continue Reading »

Only a GEEK Could Figure This One Out

Posted October 15th, 2009 in Comedy, News, Technology, University of Iowa College of Engineering by Dennis
 Rockwell Automation

Rockwell Automation

It’s no secret that I spent several years in the Engineering Labs of Rockwell Collins in Cedar Rapids, who I owe much of my enthusiasm for doing so to my father.

Continue Reading »

Tales of The Odd

Posted October 28th, 2008 in News by Dennis

Monday started off with a series of emails regarding a morning talkshow that, quite frankly, I never watch. However, I would killed somebody or given someone a a couple of quarters, to have the chance to watch one particular episode of “The Morning Show with Mike and Juliet.” Apparently, while taping the show, someone in the studio booth pressed the wrong button which caused a picture of a cat eating spaghetti to be displayed briefly over the airwaves. It was so quick, that barely anyone noticed, except for the guys on “The Soup.” Here’s what “The Soup” had to report:

YouTube Preview Image

On a more technical note (and even creepily funnier), somebody has gone and done the impossible: Create a wearable PC. No. I’m not talking about strapping a PDA to one’s arm. I’m talking a full-blown Personal Computer. Check this out:

The Wearable Personal Computer

The Wearable Personal Computer

Please insert your own caption. For more on this engineering feat, check it out here on Engadget.

Mythbusters and RFID

Posted September 3rd, 2008 in Technology by Dennis

I ran across this article on one of my favorite geek-sites, Engadget. Being a huge fan of Mythbusters (along with the rest of my family), I was struck by how frustrated and animated Jamie became when discussing a squashed episode involving them taking a closer look at how hack-able RFID technology can be when not implemented properly.

Being as I now work in the RFID business and that my senior design project involved hacking an RFID tag, I am still astonished that large corporations can put the ‘kabosh’ on a story that needs to be told in order for us in the engineering business to work to make it [RFID] better.

YouTube Preview Image