How to Crack a Wi-Fi Network’s WEP Password with BackTrack
You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.How to Crack a Wi-Fi Network’s WEP Password with BackTrack
Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise.
Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here's how it goes.
What You'll Need
Unless you're a computer security and networking ninja, chances are you don't have all the tools on hand to get this job done. Here's what you'll need:
A compatible wireless adapter—This is the biggest requirement. You'll need a wireless adapter that's capable of packet injection, and chances are the one in your computer is not. After consulting with my friendly neighborhood security expert, I purchased an Alfa AWUS050NH USB adapter, pictured here, and it set me back about $50 on Amazon.Update: Don't do what I did. Get the Alfa AWUS036H, not the US050NH, instead.The guy in this video below is using a $12 model he bought on Ebay (and is even selling his router of choice). There are plenty of resources on getting aircrack-compatible adapters out there.
A BackTrack 3 Live CD. We already took you on a full screenshot tour of how to install and use BackTrack 3, the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started. (I tried the BackTrack 4 pre-release, and it didn't work as well as BT3. Do yourself a favor and stick with BackTrack 3 for now.)
A nearby WEP-enabled Wi-Fi network. The signal should be strong and ideally people are using it, connecting and disconnecting their devices from it. The more use it gets while you collect the data you need to run your crack, the better your chances of success.
Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.
Crack That WEP
To crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there on the taskbar in the lower left corner, second button to the right. Now, the commands.
First run the following to get a list of your network interfaces:
The only one I've got there is labeled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface).
Now, run the following four commands. See the output that I got for them in the screenshot below.
If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully "faked" a new MAC address on your network interface, 00:11:22:33:44:55.
Now it's time to pick your network. Run:
To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take note of two things: its BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else.
Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.
Now we're going to watch what's going on with that network you chose and capture that information to a file. Run:
Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.
You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)
Here the ESSID is the access point's SSID name, which in my case is yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face.
Here we're creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while this was going on.) Here's the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the "#Data" column—you want it to go above 10,000. (Pictured below it's only at 854.)
Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the yoyo AP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 10k, though—because the crack won't work if it doesn't. In fact, you may need more than 10k, though that seems to be a working threshold for many.
Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected:
aircrack-ng -b (bssid) (file name-01.cap)
Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension.
If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:
The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network.
Problems Along the Way
With this article I set out to prove that cracking WEP is a relatively "easy" process for someone determined and willing to get the hardware and software going. I still think that's true, but unlike the guy in the video below, I had several difficulties along the way. In fact, you'll notice that the last screenshot up there doesn't look like the others—it's because it's not mine. Even though the AP which I was cracking was my own and in the same room as my Alfa, the power reading on the signal was always around -30, and so the data collection was very slow, and BackTrack would consistently crash before it was complete. After about half a dozen attempts (and trying BackTrack on both my Mac and PC, as a live CD and a virtual machine), I still haven't captured enough data for aircrack to decrypt the key.
So while this process is easy in theory, your mileage may vary depending on your hardware, proximity to the AP point, and the way the planets are aligned. Oh yeah, and if you're on deadline—Murphy's Law almost guarantees it won't work if you're on deadline.
To see the video version of these exact instructions, check out this dude's YouTube video.
Got any experience with the WEP cracking courtesy of BackTrack? What do you have to say about it? Give it up in the comments.
How To – Create Your Own Custom ROM for Android, Part 2 – Creating Your First ROM
I. Before You Begin
1. We are assuming you have already setup the Android kitchen. If not, use our How To Setup The Kitchen procedure and then come back to this one when done.
2. We are also assuming you have already done our How To Root and How To Load a Custom ROM for your phone and have a custom recovery image.
2. This ONLY works for HTC Android devices at the moment, later versions might support others (check here for an update when it does).
3. Open the Kitchen in your Ubuntu Virtual Machine we created in the Kitchen Setup procedure by typing ./menu in the Terminal window in Ubuntu. Leave it open.
4. All of this is done INSIDE THE UBUNTU VIRTUAL MACHINE (that includes when I say “save to your computer” anywhere in here, means save to you Ubuntu Virtual Machine)!
II. Find a ROM to Dissect
There are two kinds of ROMs you can dissect to create your own custom ROM; Stock ROMs and Custom/Cooked ROMs. DsiXDA, creator of the ROM kitchen we are using, has put together a list of places to get stock ROMs for different devices and a quick how to load them into the kitchen:
From a Cooked ROM (Easiest Method):
1. Copy the update.zip (or equivalent ZIP file) to the original_update folder in the kitchen
2. Type the number for the option “Setup Working Folder from ROM” and hit enter in the Kitchen to create your working folder. (So if its number is 1, type 1 then hit enter).
From a Shipped ROM:
1. Find the shipped ROM for your device, usually from htc.com or from searching xda-developers (check the Wiki or sticky posts under your device’s sub-forum). The links below may help:
2a. If the shipped ROM is in a .ZIP format, then simply extract the system.img and boot.img.
2b. If the shipped ROM is in .EXE format, then do the following:
A. In Windows, run the shipped ROM’s .EXE file till it gets to the first dialog. Stop there but don’t close the window yet. B. Go to Start->Run and type: %TEMP% C. When the folder opens, search for Rom.zip. Then, open it with an unzip tool. If you get errorstrying to open the ZIP file with WinZip or the default Windows unzip program, then use 7Zip (download from here) to extract it. D. Extract only two files from Rom.zip: system.img and boot.img
3.Â Copy the two .IMG files to your kitchen’s img_files folder in your Ubuntu Virtual Machine.
4. In the Terminal window that you opened in Section I, type 1 and hit enter to create a working folder from the two .img files.
Now, that you have either the update.zip in the original_update folder of the kitchen OR the system.img and boot.img of a shipped ROM in the img_files folder of the kitchen, you are ready to play with the ROM to make it your own.
III. Tweaking the Imported ROM Using the Automated Options in the Kitchen
So this is a basic kitchen, but you can do things like, add Root support, add/remove apps from the ROM, enable saving apps to the sd card, enabling Wifi tethering, do some automatic optimizations, and a few other things automatically just by selecting the option and hitting enter. It even allows you to put in your own scripts for the ROM to run (but that’s for more advanced users who know how to create scripts of course).
1. After importing a ROM using section II, select the options you want to do to the ROM (by typing the number of the option you want into the terminal/kitchen window and hitting enter. They are all pretty self explanatory.)
2. Continue this until you have all the automated options you want in the new ROM.
IV. Adding/Removing Applications from the ROM
1. In your Ubuntu Virtual Machine, goto Places at the top. Then click on Home Folder, then the WORKING folder that was created in section II when you dissected the original ROM or img files. Then goto system > app. (Also check Data > App as .apks can be put in there as well).
2. In the app folder you will see all the .apk files for all the applications you have currently in the ROM. Simply delete the ones you do not want to remove them from the ROM.
3. To add applications, simply copy any .apk file for the applications you want to add into the app folder.
V. Repackage the ROM so it can be Flashed onto a Phone
1. Once you have done whatever changes you want, you just need to type 99 and hit enter in the kitchen/terminal for the kitchen to take the working folder you have been messing with and compile it into a flashable update.zip ROM.
2. Once it is done compiling the ROM, we can transfer it to our phone.
VIa. Setup Ubuntu to See Your Phone via USB
1. In the Virtual Box windows with Ubuntu in it, click on Devices at the top then click Install Guest Additions. (It should autostart, if it doesn’t, click on the CD that appeared on the desktop in Ubuntu and then click on Autostart.sh. It will ask you for your password you created when setting up Ubuntu, put that in and let it install).
2. Once the Guest Additions are installed, close the Virtual Box Ubuntu Window (choose to Power Down the Machine).
3. Now, open Virtual Box itself (not Ubuntu) and highlight the Ubuntu machine, then click on Settings at the top.
4. Click on USB and make sure Enable USB Controller and Enable USB 2.0 are both enabled.
5. Now plug in your Android phone (do NOT mount the SD card, just plug it in).
6. Now in the USB menu of Virtual Box, click the + symbol on the right and then select your Android Device (name may be different).
7. Once that is installed, unplug your phone.
8. Now, Start your Ubuntu Virtual Box.
9. Once Ubuntu boots up, plug in your Android phone (do not mount the memory card yet) and look for the USB symbol at the bottom (fourth icon from the left) and hover over it and wait for it to say USB Device detected and display your phone. Once that happens, mount the sd card by pulling down the notification bar on your phone and clicking mount.
10. Ubuntu should pop up your SD card on the desktop (if any prompts come up just select do nothing and click ok). We can now transfer files to the memory card of our phone.
VIb. Use RapidShare to Transfer the File from Ubuntu to Windows (if Section VIa was giving you trouble)
1. If you can’t get the USB to work in Ubuntu, then simply open a Firefox browser window, goto Rapidshare.com and upload the ROM to there.
2.Once it is done uploading, ON YOUR WINDOWS COMPUTER NOT UBUNTU, put in the link it gave you when you finished uploading it, to download it to your Windows computer so we can transfer it to your phone.
VII. Flash the ROM
5. Copy the .zip file to the root of your SD card (NOT in any folders, just on the SD card itself).
6. Unplug the phone and turn it off.
7. Turn it back on by holding down home and power (do not let go until the recovery screen comes up) to get to recovery mode (you must have a custom recovery screen to do this, if you don’t find out How To Root and Load a ROM procedure for your phone and do those first).
8. Now select Nandroid Backup to create a backup before we flash the new ROM.
9. Once the backup is done, select Wipe Data / Factory Reset in recovery mode.
10. Select flash zip from sd card and select the ROM you just put on the sd card.
11. Once it is done flashing, click reboot. Enjoy!
Enjoy! Will update this as we add more things for you to tweak Feel free to suggest some in the meantime.
Want to Flash a New Splash Screen on Your 320×480 Resolution Android Device?Here’s how.