Friday, 3 August 2007

Using the aircrack-ng suite on the Nokia N800

Aircrack-ng is a suite of applications that together can crack most WEP keys. (In fact it can be used as part of a WPA attack too, but that's another matter.)

The main problem with the aircrack-ng suite on the N800 is that you can't do packet injection. This means that to crack a WEP key you have to wait around until enough traffic passes over the WEP protected link to crack the WEP key. If injection did work, you could effectively create the traffic you need yourself in a few minutes.

But you can use the suite on the N800 to crack WEP. Try this after installing aircrack-ng and wirelesstools. You can also get both (and possibly more up to date versions) from Collin Mulliner's repository, which you can get details of at

1. Start Xterm, and become root.

Then enter:
airodump-ng wlan0

This will show you what networks are around, and the MAC addresses of the access points and computers which are connected, and what channels they are operating on. Make a note of the channel of the access point you want to test (ie your own one)

(Note: A fault somewhere in the N800 - perhaps the wifi driver? - means that you'll also see some phantom access points that don't exist, and you may see access points mis-described as having WPA2 when in fact they are using WEP. Nothing you can do about that though. I think this is less of a problem or does not happen at all on the N770 but I have never tried it so I don't know for sure. )

2. Now quit airodump-ng by doing a control c , then restart it by typing

airodump-ng -c X -w mycapture --ivs wlan0

but change the X for the channel number of your access point. This will start capturing data which you will use to crack the WEP key, in a file called mycapture-01.ivs in your home directory

3. Now you have to wait for a while, till you have captured enough data to crack the WEP key. If the access point is busy then you might not have to wait too long.

Anyway, after an hour or so, you can try cracking it.


aircrack-ng mycapture-01.ivs

and hope for the best. Aircrack will try to crack the key, and if you have enough data captured it should crack the key eventually. If not, it will keep trying, as you gather more and more data, until you are successful (or never if you are unlucky, or if there is not enough traffic on the network)

The latest version of aircrack-ng (0.9.1) has been compiled for the N770 / N800 and this includes the new PTW wep attack. The PTW attack, which you activate by using the -z option when you use aircrack-ng, can crack keys with far far less captured traffic than the default attacks that aircrack-ng uses without the -z option, but sadly it only works on traffic captured as a result of a certain method of packet injection, and as the Nokias don't support packet injection you can't use it.

(If you want to test it on the N800, use a capture file generated by traffic injection using aireplay-ng, part of the aircrack-ng suite, from another computer. If you have such a capture file, say injection.cap, you can transfer it to the Nokia tablet and test it by typing:

aircrack-ng -z injection.cap

and you should get the key very swiftly indeed. The easiest way to do traffic injection is to get a laptop with a suitable wifi card, and then download the BackTrack2 iso, which you can burn onto a CD and run as a LiveCD. It has drivers patched for packet injection so it should work with supported cards "out of the box")

One more thing: think very hard before cracking someone else's access point as this probably illegal and could get you in trouble in many countries. Best stick to your own AP. You don't want to end up in chokey now do you?


Marlboro said...

hi, i tried but i couldnt do it , could you mind send me more information. iam a newbi in this man plz.

mahsun74 said...
This comment has been removed by a blog administrator.
Anonymous said...

Thank you, it is so usful for me.

David said...

I can't find airodump. :-( I install the 2 packages, but airodump-ng is not found.

Anonymous said...

Is using others' wifi illegal in the USA? I mean, as long as you're not dooing illegal things on it?

Paul Rubens said...

I have no idea if it is illegal in the USA or not. I expect is though - most things are...

© Copyright 2007-2008