Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master

README

Documentation, tutorials, ... can be found on http://www.aircrack-ng.org
See also manpages and the forum.

Installing
==========

This version now requires more libraries than 0.X versions to be compiled. 
See INSTALLING file for more information

OpenWrt Devices
===============

You can use airodump-ng on OpenWrt devices. You'll have to use specify
prism0 as interface. Airodump-ng will automatically create it.
Rq: Aireplay DOESN'T work on OpenWrt (2.4 kernel) with broadcom chipset since the driver doesn't support injection. It *may* work with 2.6 kernels >= 2.6.24 (kamikaze 8.09+ custom-built).


Known bugs:
===========

Drivers
-------

	Madwifi-ng
	----------
	
	The cause of most of these problems (1, 2 and 3) is that Madwifi-ng cannot easily change the rate in monitor mode.
	Technically, when changing rate while in monitor mode, the raw socket gets invalidated and we have to get it again.
	Madwifi-ng is getting replaced by several drivers: ath5k, ath9k and ar9170.
	
	
	Problem 1: No client can associate to an airbase soft AP.
	Solution 1: None at this time.
	
	
	Problem 2: When changing rate while you are capturing packet makes airodump-ng stall
	Solution 2: Restart airodump-ng or change rate before starting it.
	
	Problem 3: After some time it stops capturing packets and you're really sure no network manager are running at all.
	Solution 3: That's a known bug in the driver, it may happen at any time (the time before it fails can vary a lot: 
	            from 5 minutes to 50 or even more). Try (as root) unloading completely the driver with 'madwifi-unload'
	            and then run 'modprobe ath_pci autocreate=monitor'.
		  
	
	Problem 4: When creating a new VAP airodump-ng takes up to 10-15 seconds to see the first packet
	Solution 4: It's the behaviour of madwifi-ng, don't worry (... be happy ;)).


	Orinoco
	-------

	Problem: BSSID is not reported correctly or is 00:00:00:00:00:00 or signal is not reported correctly.
	Solution: None. Consider replacing your card, orinoco is really really old.


Aircrack-ng
-----------

	Aireplay-ng
	-----------

	Problem: Fakeauth on a WRT54G with WEP (shared authentication) doesn't work.
	Solution: None at this time (we'll try to fix it for next release).


	Airolib-ng
	----------

	Problem: On windows only, opening/creating a database doesn't work when airolib-ng is in directories containing
	         special characters like 'ç', 'é', 'è', 'à', ... (directories containing spaces are not affected).
	Reason: It's a SQLite issue.
	Solution: Rename the directory or move the database into another directory.


	Airbase-ng
	----------

	Problem: SSID are not displayed correctly (when scanning for networks) when using airbase-ng with r8187 driver.
	Reason: Beacons are truncated (the beginning is missing) when sent in the air.
	Solution: None at this time (we'll try to fix it for next release)

	Airodump-ng
	-----------

	Problem: Airodump-ng stop working after some time.
	Solution 1: You may have a network manager running that puts back the card in managed mode. 
	            You'll have to disable it (the fastest solution is killing the process) then restart airodump-ng.
	Solution 2: See Problem 3 of Madwifi-ng.

	Problem: Airodump-ng corrupts pcap file when using GPSd (--gpsd).
	Solution: None at this time (will be fixed in next release).
	
	Problem: On windows, it doesn't display a list of adapters like the old 0.X
	Solution: It requires you to develop your own DLL.

	Aircrack-ng
	-----------
	
	Problem: Aircrack-ng can't use dictionnaries/wordlists bigger than 2GB
	Solution: Split your files. Cleaning can also help because WPA only use passphrases of 8 to 63 characters.
	
Sample files
============

wep.open.system.authentication.cap:
    It show a connexion (authentication then association) to a WEP network (open authentication).

wep.shared.key.authentication.cap:
    It shows a connexion (authentication then association to a WEP network (shared authentication).
    The difference with open authentication is that the client has to encrypt a challenge text
    and send it back (encrypted) to the AP to prove it has the right key.

wpa.cap:
    This is a sample file with a WPA handshake. It is located in the test/ directory of the install files. 
    The passphrase is 'biscotte'. Use the password file (password.lst) which is in the same directory.

wpa2.eapol.cap: 
    This is a sample file with a WPA2 handshake. 
    It is located in the test/ directory of the install files. 
    The passphrase is '12345678'. Use the password file (password.lst) which is in the same directory.

test.ivs (http://download.aircrack-ng.org/wiki-files/other/test.ivs): 
    This is a 128 bit WEP key file.
    The key is AE:5B:7F:3A:03:D0:AF:9B:F6:8D:A5:E2:C7.

ptw.cap (http://dl.aircrack-ng.org/ptw.cap): 
    This is a 64 bit WEP key file suitable for the PTW method.
    The key is '1F:1F:1F:1F:1F'.

password.lst
    This is a sample wordlist for WPA key cracking. More wordlists can be found at
    http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists

password.db
    This is a sample airolib-ng database for WPA key cracking.
Something went wrong with that request. Please try again.