Air crack

From version 0.8 the number of packages could be reduced to a fraction thanks to the PTW attack by the Technical University of Darmstadt . Now, for example, a number of 50,000 packets is sufficient for a 50 percent chance of calculating a 128-bit key, with special packets with ARP requests being necessary for this. Of course, this also increases the chances of a 64-bit key dramatically. Success is not guaranteed and depends on a variety of other factors.

Aircrack is now implementing modern attacks such as the KoreK attack . Furthermore, the attack can be supplemented with active methods in order to be able to record a large number of packets more quickly. In this way, a network secured by WEP can be broken into within a few minutes. In a study by the TU Darmstadt, researchers managed to break into a 128-bit encrypted WEP WLAN (key length 104 bit) using the PTW attack in less than 60 seconds.

Networks encrypted with WPA or WPA2 can be attacked by Aircrack using a dictionary attack by reading the four-way handshake of a WPA connection that is taking place during connection establishment and then attempting to decrypt it. A four-way handshake can also be enforced by de-authentication of a client that is already logged on.

Individual partial programs (not complete)

aircrack-ng

calculates WEP keys (brute force) and WPA keys (dictionary attack)

airodump-ng

Packet sniffer : records data traffic in pcap or IVs files and shows information about networks

aireplay-ng

smuggles self-generated packets into networks

airdecap-ng

decrypts recorded encrypted WEP or WPA data using an already known key

airmon-ng

puts WLAN cards in monitor mode under Linux

airtun-ng

creates virtual tunnels

airolib-ng

saves and manages ESSID and password lists (for calculating WPA keys)

wesside-ng

automatically calculates the WEP key of found networks (unstable)

airdriver-ng

builds and installs WLAN drivers under Linux

airbase-ng

simulates access points based on received SSID scans from end devices and thus enables WEP or WPA keys to be intercepted in the absence of the access point by attacking the end device

airserv-ng

enables the use of a WLAN card that is not locally connected via a TCP connection (wireless card server)

Operating systems

Aircrack is available in the source code and basically runs on Linux , macOS and Windows . Windows requires additional drivers that are not included with Aircrack. These drivers, or more precisely the files peek5.sys and peek.dll , are supplied by the manufacturer of the WLAN software WildPackets in its OmniPeek Personal software . However, due to driver problems and lack of support from the developers, the Aircrack suite on Windows does not have the same functionality as on Linux. However, it is possible to access WLAN sticks in a virtual machine with Linux.

Programs comparable to Airodump are Airsnort , Kismet and NetStumbler .

Web links

• Official Website of aircrack-ng (English)
• Freshmeat page (English)
• heise online - WEP encryption for WLANs cracked in less than a minute . ( online [accessed February 7, 2008]). 
• Aircrack-PTW of the TU Darmstadt ( Memento from February 8, 2010 in the Internet Archive ) (English)
• heise online - New versions of the WLAN security suite Aircrack-ng released . ( online [accessed February 7, 2008]). 

Individual evidence

1. ↑ Release 1.6 . January 25, 2020 (accessed January 25, 2020).
2. ↑ simple_wep_crack [Aircrack-ng] . Aircrack-ng.org. Retrieved September 10, 2010.