Aircrack-ng

Source: Wikipedia, the free encyclopedia.
aircrack-ng
Original author(s)Christophe Devine
Developer(s)Thomas d'Otreppe de Bouvette
Stable release
1.7 / May 10, 2022 (2022-05-10)[1]
Cross-platform
TypePacket sniffer and injector; WEP, WPA, WPA2 key recovery
LicenseGPL
Websitewww.aircrack-ng.org

Aircrack-ng is a network software suite consisting of a detector,

802.11g traffic. Packages are released for Linux and Windows.[2]

Aircrack-ng is a

Parrot Security OS,[3] which share common attributes as they are developed under the same project (Debian).[4]

Development

Aircrack was originally developed by French security researcher

Christophe Devine,[5] its main goal was to recover 802.11 wireless networks WEP keys using an implementation of the Fluhrer, Mantin and Shamir (FMS) attack alongside the ones shared by a hacker named KoreK.[6][7][8]

Aircrack was forked by Thomas D'Otreppe in February 2006 and released as Aircrack-ng (Aircrack Next Generation).[9]

Wi-Fi security history

Further information: Wireless security

WEP

Basic WEP encryption: RC4 keystream XORed with plaintext.

Wired Equivalent Privacy was the first security algorithm to be released, with the intention of providing data confidentiality comparable to that of a traditional wired network.[10] It was introduced in 1997 as part of the IEEE 802.11 technical standard and based on the RC4 cipher and the CRC-32 checksum algorithm for integrity.[11]

Due to U.S. restrictions on the export of cryptographic algorithms, WEP was effectively limited to 64-bit encryption.[12] Of this, 40 bits were allocated to the key and 24 bits to the initialization vector (IV), to form the RC4 key. After the restrictions were lifted, versions of WEP with a stronger encryption were released with 128 bits: 104 bits for the key size and 24 bits for the initialization vector, known as WEP2.[13][14]

The initialization vector works as a

key-scheduling algorithm (KSA), the seed is used to initialize the RC4 cipher's state. The output of RC4's pseudo random generation algorithm (PRGA) follows a XOR operation in combination with the plaintext, and produces the ciphertext.[15]

The IV is constrained to 24 bits, which means that its maximum values are 16,777,216 (224), regardless of the key size.[16] Since the IV values will eventually be reused and collide (given enough packets and time), WEP is vulnerable to statistical attacks.[17] William Arbaugh notes that a 50% chance of a collision exists after 4823 packets.[18]

In 2003, the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE declared that both WEP and WEP2 have been deprecated.[19]

WPA

Wi-Fi Protected Access (WPA) was designed to be implemented through firmware updates rather than requiring dedicated hardware.[20] While still using RC4 at its core, it introduced significant improvements over its predecessor. WPA included two modes: WPA-PSK (WPA Personal) and WPA Enterprise.

WPA-PSK (Wi-Fi Protected Access Pre-Shared Key), also known as WPA Personal, used a variant of the Temporal Key Integrity Protocol (TKIP) encryption protocol. It improved security by implementing the following features:

TKIP allocated 48 bits to the IV compared to the 24 bits of WEP, so the maximum number is 281,474,976,710,656 (248).[22]

In WPA-PSK, each packet was individually encrypted using the IV information, the MAC address, and the pre-shared key as inputs. The RC4 cipher was used to encrypt the packet content with the derived encryption key.[22]

Additionally, WPA introduced WPA Enterprise, which provided enhanced security for enterprise-level networks. WPA Enterprise employed a more robust authentication mechanism known as Extensible Authentication Protocol (EAP). This mode required the use of an Authentication Server (AS) such as RADIUS (Remote Authentication Dial-In User Service) to validate user credentials and grant access to the network.

In 2015, the Wi-Fi Alliance recommended in a technical note that network administrators should discourage the use of WPA and that vendors should remove support for it and rely instead on the newer WPA2 standard.[24]

WPA2

WPA2 (Wi-Fi Protected Access 2) was developed as an upgrade to the original WPA standard and ratified in 2004, and became mandatory for Wi-Fi certified products in 2006.[25] Like WPA, WPA2 provides two modes: WPA2-PSK (WPA2 Personal) and WPA2 Enterprise.[26]

Unlike WPA, WPA2-PSK uses the more secure Advanced Encryption Standard (AES) in CCM mode (Counter-Mode-CBC-MAC Protocol), instead of TKIP.[21] AES provides stronger authentication, encryption and is less vulnerable to attacks.[27][28] A backward compatible version, called WPA/WPA2 (Personal) still made use of TKIP.[29]

WPA2-PSK replaces the message integrity code Michael with CCMP.[21]

Timeline of the attacks

WEP

In 1995, before the WEP standard was available, computer scientist David Wagner of the Princeton University discussed a potential vulnerability in RC4.[15]

In March 2000, a presentation by Dan Simon, Bernard Aboba, and Tim Moore of Microsoft provided a summary of 802.11 vulnerabilities. They noted that denial of service deauthentication attacks are possible because the messages are unauthenticated and unencrypted (later implemented by the aireplay-ng tool).[30] In addition, they wrote that because some implementations of WEP derive the key from a password, dictionary attacks are easier than pure brute force.[31][17]

In May 2001, William A. Arbaugh of the University of Maryland presented his inductive chosen-plaintext attack against WEP with the conclusion that the protocol is vulnerable to packet forgery.[18]

In July 2001, Borisov et al. published a comprehensive paper on the status of WEP and its various vulnerabilities.[17]

In August 2001, in the paper Weaknesses in the Key Scheduling Algorithm of RC4, authors Scott Fluhrer, Itsik Mantin, and Adi Shamir performed a cryptoanalysis of the KSA, citing Wagner among others. They stated that they had not conducted an attack against WEP, and therefore couldn't claim that WEP was vulnerable.[32] However, other researchers implemented the attack and were able to demonstrate the protocol's insecurity.[33][13]

In 2004, a hacker using the pseudonym KoreK posted a series of attacks on the NetStumbler.org forum, which were incorporated into the original aircrack 1.2 by

Christophe Devine.[34][35] That same month, aircrack began supporting replay attacks against WEP, which use ARP requests to generate more IVs and make key recovery easier.[36]

Later that year, KoreK released the Chopchop attack, an active packet injector for WEP.[37] The name of the attack derives from its inherent working: a packet is intercepted, "chops" off a part of it and sends a modified version to the Access Point, who will drop it if not valid. By repeatedly trying multiple values, the message can gradually be decrypted.[38][39][40] The Chopchop attack was later improved by independent researchers.[41]

In 2005, security researcher Andrea Bittau presented the paper The Fragmentation Attack in Practice. The homonymous attack exploits the fact that WEP splits the data into smaller fragments, which are reassembled by the receiver. Taking advantage of the fact that at least part of the plaintext of some packets may be known, and that the fragments may have the same IV, data can be injected at will, flooding the network to statistically increase the chances of recovering the key. [15]

In April 2007 a team at the Darmstadt University of Technology in Germany presented a new attack, named "PTW" (from the researchers' names, Pyshkin, Tews, Weinmann). It decreased the number of initialization vectors or IVs needed to decrypt a WEP key and has been included in the aircrack-ng suite since the 0.9 release.[42][43]

Evolution of the attacks/vulnerabilities
Date Author/s Attack name/type Packets needed Implemented in Source
2001 A. Stubblefield et al. FMS: Passive partial key exposure attack 1,000,000 (optimized from 5,000,000-6,000,000) - [33][44]
2001 W. Arbaugh Inductive chosen plaintext - [18]
2002 David Hulton Practical Exploitation of RC4 Weaknesses in WEP Environments 500,000-2,000,000 - [45]
2003 Andrea Bittau Expansion of FMS classes - [46]
2004 KoreK FMS: Passive partial key exposure attack 700,000 (about 50% success probability) aircrack 1.2 [47]
2004 KoreK Chopchop aircrack 2.2-beta1 [37][35]
2006 A. Klein Attacks on the RC4 stream cipher - [48]
2007 Tews, Weinmann, Pyshkin PTW 35,000 to 40,000 (about 50% success probability) aircrack-ng 0.9 [47]
2007 S. Vaudenay and M. Vuagnoux VX: Passive key recovery 45'000 - [49]

WPA

The first known attack on WPA was described by Martin Beck and Erik Tews in November 2008. They described an attack against TKIP in the paper Practical Attacks Against WEP and WPA. The proof of concept resulted in the creation of tkiptun-ng.[47] In 2009, their attack was improved and demonstrated by a research group from Norway.[50]

Features

The aircrack-ng software suite includes:

aircrack-ng

aircrack-ng supports

WPA3 (introduced in 2018), it has been used successfully in combination with a downgrade attack.[52]

airbase-ng

airbase-ng incorporates techniques for attacking clients, instead of Access Points. Some of its features include an implementation of the Caffe Latte attack (developed by security researcher Vivek Ramachandran)[53] and the Hirte attack (developed by Martin Beck).[54] The WEP Hirte attack is a method of creating an Access Point with the same SSID of the network to be exploited (similar to an evil twin attack).[55] If a client (that was previously connected to the victim's access point) is configured to automatically reconnect, it will try the rogue AP. At this point, ARP packets are sent in the process of obtaining a local IP address, and airbase-ng can collect IVs that can later be used by aircrack-ng to recover the key.[56]

Execution of a fragmentation attack against WEP with aireplay-ng.

aireplay-ng

Further information:
802.11_Frame_Types, Rogue_access_point, and Wi-Fi_deauthentication_attack

aireplay-ng is an injector and frame replay tool.[51][57] Deauthentication attacks are supported.[30] Deauthentication refers to a feature of IEEE 802.11 which is described as "sanctioned technique to inform a rogue station that they have been disconnected from the network".[58] Since this management frame doesn't need to be encrypted and can be generated knowing only the client's MAC address, aireplay-ng can force a client to disconnect and capture the handshake (or to perform a Denial of service attack). In addition, a client deauthentication and subsequent reconnection will reveal a hidden SSID.[30]

Other features include the ability to perform fake authentification, ARP request replay, fragmentation attack, the Caffe Latte and Chopchop attacks.[59]

airmon-ng

airmon-ng can place supported wireless cards in monitor mode.[51] Monitor mode refers to a provision in the IEEE 802.11 standard for auditing and design purposes,[60] in which a wireless card can capture packets in air range.[61] It is able to detect potential programs that could interfere with proper operation and kill them.[citation needed]

A Linux terminal shows the airmon-ng command running twice. The first time to show the available adapters, and the second time to set the monitor mode with the correct interface name.
Setting monitor mode using airmon-ng.

airodump-ng

A Linux terminal shows the airodump-ng command running. It shows a single Access Point named Wikimedia_Commons_Demo.
A network scan is performed using airodump-ng.

airodump-ng is a packet sniffer.[51] It can store information in various formats, making it compatible with software other than the aircrack-ng suite. It supports channel-hopping.[62]

airserv-ng

airserv-ng is a wireless card server, which allows multiple wireless programs to use a card independently.[63]

airtun-ng

Virtual tunnel interface creator. Its main uses are monitoring the traffic as an intrusion detection system, and inject arbitrary traffic in a network.[64]

besside-ng

A tool to automatize WEP cracking and logging of WPA handshakes.

easside-ng

easside-ng is an automated tool which attempts connection to a WEP Access Point without knowing the

encryption key. It uses the fragmentation attack and a remote server (which can be hosted with the tool buddy-ng) in the attempt to recover an encrypted packet, exploiting the AP which will decrypt it for the attacker.[65]

tkiptun-ng

tkiptun-ng is a WPA/TKIP attack tool developed by Martin Beck.

wesside-ng

wesside-ng is a proof of concept based on the tool wesside, originally written by Andrea Bittau to demonstrate his fragmentation attack. It is a tool designed to automate the process of recovering a WEP key.[15]

airdecap-ng

airdecap-ng decrypts WEP or WPA encrypted capture files with known key.[36] It was formally known as airunwep and 802ether.[35]

airdecloak-ng

airdecloak-ng can remove WEP cloaked frames from pcap files. Cloaking refers to a technique for use by wireless intrusion prevention systems (which rely on WEP encryption) to inject packets encrypted with random keys into the air, in the attempt to make cracking more difficult.[66]

airolib-ng

airolib-ng can create a database of

Pairwise Master Keys (PMK) captured during the 4-way handshaking process.[67] In WPA and WPA2, the PMK are derived from the password selected by the user, the SSID name, its length, the number of hashing iterations, and the key length.[68][6] During the 4-way handshaking process, the PMK is used, among other parameters, to generate a Pairwise Transient Key (PTK), which is used to encrypt data between the client and Access Point.[69][70]

The hash tables can be reused, provided the SSID is the same.[71] Pre-computed tables for the most common SSIDs are available online.[72]

besside-ng-crawler is seen filtering files in a directory.

besside-ng-crawler

Performs operations on a directory to search for pcap files and filter out relevant data.

buddy-ng

buddy-ng is a tool used in conjunction with the tool easside-ng, running on a remote computer. It is the receiving end that allows a packet decrypted by the access point to be captured.[65]

ivstools

ivstools can extract initialization vectors from a capture file (.cap).

kstats

kstats is a tool for displaying the Fluhrer, Mantin and Shamir attack algorithm votes[note 1] for an IVS dump with a given WEP key.

makeivs-ng

makeivs-ng is a testing tool used to generate an IVS file with a given WEP key.

packetforge-ng

wpaclean in use.

packetforge-ng can create and modify packets for injection. It supports packets such as arp requests, UDP, ICMP and custom packets.[73] It was originally written by Martin Beck.[74]

wpaclean

wpaclean reduces the contents of the capture file (generated by airodump-ng) by keeping only what is related to the 4-way handshake and a beacon. The former refers to a cryptographic process that establishes encryption without publicly revealing the key.[75] Meanwhile, the beacon frame is sent by the Access Point to announce its presence and other information to nearby clients.[76][77]

airventriloquist-ng

airventriloquist-ng is a tool that can perform injection on encrypted packets.

Version history

Aircrack changelog[35]
Version Date Notable changes
1.0 July 29, 2004
1.1 August 11, 2004 Implementation of ARP replay attack.
1.2 August 17, 2004 First implementation of KoreK attacks.
1.3 August 19, 2004
1.4 August 26, 2004
2.0 September 3, 2004
2.0.1 September 21, 2004
2.0.2 September 24, 2004
2.1 October 1, 2004 Added support for longer WEP keys (256 and 512 bit).
2.2-beta1 June 22, 2005 Chopchop attack is implemented. WPA-PSK support is added.
2.2-beta2 June 27, 2005 The aireplay tool implements automated replay, deauthentication attacks, and fake authentication.
2.2-beta3 June 28, 2005
2.2-beta4 July 3, 2005
2.2-beta5 July 10, 2005 WPA2 support is added.
2.2-beta6 July 12, 2005
2.2-beta7 July 14, 2005
2.2-beta8 and 2.2-beta9 July 21, 2005
2.2-beta10 July 23, 2005
2.2-beta11 July 27, 2005
2.2-beta12 July 30, 2005
2.2 August 3, 2005
2.21 August 9, 2005
2.22 August 14, 2005
2.23 August 28, 2005
2.4 November 12, 2005
2.41 November 22, 2005
Aircrack-ng changelog[74]
Version Date Notable changes
0.1 Unknown Forked from aircrack 2.41.
0.2 March 19, 2006
0.2.1 March 20, 2006
0.3 March 30, 2006 The tool ivstools is introduced, merged from two other software.
0.4 April 16, 2006
0.4.1 April 19, 2006
0.4.2 April 20, 2006
0.4.3 and 0.4.4 April 24, 2006
0.5 May 5, 2006 Further optimization of the Chopchop code.
0.6 June 23, 2006
0.6.1 August 27, 2006
0.6.2 October 1, 2006 packetforge-ng is introduced.
0.7 January 20, 2007
0.8 April 25, 2007
0.9 April 13, 2007 First implementation of PTW attack.
0.9.1 June 25, 2007
1.0-beta1 October 1, 2007 PTW attack supersedes KoreK attack as the default. The tools airdriver-ng, wesside-ng, easside-ng, buddy-ng, airserv-ng and airolib-ng are introduced.
1.0-beta2 February 1, 2008 Reduced number of packets needed for WPA attacks.
0.9.2 February 5, 2008
0.9.3 February 24, 2008
1.0-rc1 June 9, 2008 airbase-ng is introduced. Caffe latte and CFrag attacks are implemented.
1.0-rc2 January 22, 2009 tkip-tun is introduced.
1.0-rc3 March 26, 2009
1.0-rc4 July 27, 2009
1.0 September 8, 2009
1.1 April 24, 2010 airdrop-ng is introduced.
1.2-beta1 May 25, 2013 wpaclean is introduced. Migration mode attack is added in aireplay-ng.
1.2-beta2 November 30, 2013
1.2-beta3 March 31, 2014
1.2-rc1 October 31, 2014
1.2-rc2 April 10, 2015
1.2-rc3 November 21, 2015
1.2-rc4 February 14, 2016
1.2-rc5 April 3, 2018 airventriloquist-ng is introduced.
1.2 April 15, 2018
1.3 July 10, 2018
1.4 September 29, 2018
1.5.2 December 9, 2018
1.6 January 25, 2020 airodump-ng supports viewing WPA3 networks.
1.7 May 10, 2022

See also

Notes

  1. ^ In the context of the FMS algorithm, votes represent the number of successful attempts made by the algorithm to decrypt the encrypted data.

References

  1. ^ "Aircrack-ng 1.7". Aircrack-ng - Official Aircrack-ng blog (Blog). 2022-05-10. Retrieved 2022-04-08.
  2. ^ Robb, Drew (2023-04-06). "24 Top Open-Source Penetration Testing Tools". eSecurity Planet. Retrieved 2023-10-06.
  3. doi:10.7939/r3-pcre-7v35. Archived
    from the original on 2023-08-14. Retrieved 2023-08-10.
  4. S2CID 213755656
    .
  5. ^ MacMichael, John L. (2005-07-21). "Auditing Wi-Fi Protected Access (WPA) Pre-Shared Key Mode". Archived from the original on 2023-08-14. Retrieved 2023-08-10.
  6. ^
    doi:10.5120/ijca2020920365
    .
  7. ^ Nykvist, Gustav; Larsson, Johannes (2008). "Practical WLAN security, spring 2008". Archived from the original on 2023-08-14. Retrieved 2023-08-10.
  8. ^ Chaabouni, Rafik (2006). "Break WEP Faster with Statistical Analysis". epfl.ch. Retrieved 2023-09-08.
  9. ISBN 9781785280856
    .
  10. ISBN 978-0-7381-3044-6
    .
  11. S2CID 20721020
    .
  12. S2CID 259859998
    .
  13. ^
    S2CID 1493765
    .
  14. S2CID 28833101
    .
  15. ^ a b c d Bittau, Andrea (2005). The fragmentation attack in practice (PDF). IEEE Symposium on Security and Privacy.
  16. S2CID 19153960
    .
  17. ^
    S2CID 216758
    .
  18. ^ a b c Arbaugh, William A. "An Inductive Chosen Plaintext Attack against WEP/WEP2". www.cs.umd.edu. Archived from the original on 2023-08-24. Retrieved 2023-08-24.
  19. ISBN 978-3-319-73697-6
    .
  20. ^ Kumkar, Vishal; Tiwari, Akhil; Tiwari, Pawan; Gupta, Ashish; Shrawne, Seema (2012). "WPA Exploitation In The World Of Wireless Network". International Journal of Advanced Research in Computer Engineering & Technology. 1 (2).
  21. ^
    S2CID 12691855
    .
  22. ^
    S2CID 26431268
    .
  23. ISBN 978-3-642-54525-2
    .
  24. ^ "Technical Note Removal of TKIP from Wi-Fi® Devices" (PDF). wi-fi.org. 2015-03-16. Retrieved 2023-09-08.
  25. ^ "WPA2™ Security Now Mandatory for Wi-Fi CERTIFIED™ Products | Wi-Fi Alliance". www.wi-fi.org. Retrieved 2023-09-08.
  26. ^ Opio, Joe. "WPA2 Residential - An extension of 802.11i WPA2 Personal" (PDF). Retrieved 2023-09-08.
  27. S2CID 108686720
    .
  28. S2CID 3132937
    .
  29. S2CID 25011403
    .
  30. ^ a b c Noman, Haitham Ameen; Abdullah, Shahidan M.; Mohammed, Haydar Imad (2015). "An Automated Approach to Detect Deauthentication and Disassociation Dos Attacks on Wireless 802.11 Networks". IJCSI International Journal of Computer Science Issues. 12 (4): 108 – via ResearchGate.
  31. ^ Simon, Dan; Aboba, Bernard; Moore, Tim (2000). "IEEE 802.11 Security and 802.1X" (PDF). free.fr. Retrieved 2023-08-24.
  32. ^ Fluhrer, Scott; Mantin, Itsik; Shamir, Adi (2001). "Weaknesses in the Key Scheduling Algorithm of RC4" (PDF).
  33. ^ a b Stubblefield, Adam; Ioannidis, John; Rubin, Aviel D. (2001-08-21). "Using the Fluhrer, Mantin, and Shamir Attack to Break WEP" (PDF). Retrieved 2023-09-01.
  34. ^ Chaabouni, Rafik (2006). Break WEP Faster with Statistical Analysis (Technical report).
  35. ^ a b c d "changelog_aircrack [Aircrack-ng]". www.aircrack-ng.org. Retrieved 2023-08-12.
  36. ^
    S2CID 179367
    .
  37. ^ a b "chopchop (Experimental WEP attacks) : Unix/Linux". netstumbler.org. Retrieved 2023-08-24.
  38. ^ "chopchop (Experimental WEP attacks) : Unix/Linux". netstumbler.org. Retrieved 2023-08-24.
  39. S2CID 2936140
    .
  40. ISBN 978-3-642-04765-7
    , retrieved 2023-08-12
  41. ISBN 978-1-4471-4847-0
    .
  42. ^ Tews, Erik (2007-12-15). "Diploma thesis Fachgebiet Theoretische Informatik" (PDF). Retrieved 2023-08-10.
  43. ISBN 978-3-540-77535-5
    .
  44. S2CID 1493765
    .
  45. ^ Hulton, David (2022-02-22). "Practical Exploitation of RC4 Weaknesses in WEP Environments". Retrieved 2023-09-07.
  46. ^ Bittau, Andrea (2003-09-12). "Additional weak IV classes for the FMS attack". Archived from the original on 2007-09-30. Retrieved 2023-09-01.
  47. ^
    S2CID 775144
    .
  48. ISBN 978-3-642-04766-4
    .
  49. ISBN 978-3-540-77360-3
    .
  50. ISBN 978-3-642-04766-4
    .
  51. ^ a b c d Kumbar, Vishal; Tiwari, Akhil; Tiwari, Pawan; Gupta, Ashish; Shrawne, Seema (2012). "Vulnerabilities of Wireless Security protocols (WEP and WPA2)". International Journal of Advanced Research in Computer Engineering & Technology. 1 (2): 35.
  52. S2CID 233990683
    .
  53. ISBN 978-1849515580
    .
  54. ISBN 978-8575224830
    .
  55. S2CID 16163079
    .
  56. ^ Administrator. (2015-02-03). "Hirte Attack". Penetration Testing Lab. Retrieved 2023-08-24.
  57. S2CID 5468669
    .
  58. S2CID 169566536
    .
  59. eISSN 2395-0056
    .
  60. S2CID 2819887
    .
  61. S2CID 243967156
    .
  62. ISSN 2212-0173
    .
  63. ^ Kacic, Matej. "New Approach in Wireless Intrusion Detection System". Retrieved 2023-08-12.
  64. S2CID 5468669
    .
  65. ^
    S2CID 17323665
    .
  66. ^ Gupta, Deepak; Ramachandran, Vivek. "The Emperor Has No Cloak - WEP Cloaking Exposed" (PDF). Retrieved 2023-08-15.
  67. ISBN 978-1785280856
    .
  68. S2CID 18573212
    .
  69. S2CID 10595698
    .
  70. S2CID 61811881
    .
  71. S2CID 11965972
    .
  72. ^ Phifer, Lisa. "WPA PSK Crackers: Loose Lips Sink Ships" (PDF). Retrieved 2023-08-26.
  73. doi:10.1002/sec.1079
    .
  74. ^ a b "changelog [Aircrack-ng]". www.aircrack-ng.org. Retrieved 2023-08-12.
  75. ISSN 1687-1499
    .
  76. S2CID 255131564
    .
  77. S2CID 203836275
    .

External links
Retrieved from "https://en.wikipedia.org/w/index.php?title=Aircrack-ng&oldid=1220122412"