Cracking WEP Networks with KisMAC+aircrack-ng on Mac OS X Lion
UPDATE 12-5-12: Thanks to a reader (see comments below), I've gotten my
hands on a version of KisMAC that works on Mac OS X Mountain Lion! While
it may be a beta version, it does at least run and collect unique IVs
from my Airport Extreme card, and I'm able to use the data in
aircrack-ng. Download it here: https://s3.amazonaws.com/kismac2/KisMac2.zip
Your situation: You've spent endless hours researching/experimenting with cracking your own personal WEP encrypted wireless network and you just can't seem to get it accomplished. You don't necessarily have state-of-the-art equipment (other than your super fine Macbook/Macbook Pro), and you can't run other alternatives such as Backtrack 5. You're stuck with KisMAC although it's outdated software. It just so happens you're still in luck. All you need are a couple extra tools and some tips that aren't usually discussed anywhere else.
What you need: Go ahead and install KisMAC and MacPorts (standard installation with defaults is fine). You may need to see the MacPorts installation instructions if you don't already have Apple's developer tools installed. Once MacPorts is installed, you can install the last piece of the puzzle (and most important): aircrack-ng. Just run this command in terminal:
sudo port install aircrack-ngIf you get an error, you may need to update your MacPorts sources:
sudo port selfupdateOnce aircrack-ng is installed, you're ready to go. You should already be familiar with basic KisMAC usage, so if you're not, refer to some beginner tutorials on it first. This guide is targeted at some of the "gotchas" of using KisMAC and aircrack-ng. To briefly get KisMAC set up:
- Open KisMAC
- Go to Preferences -> Driver
- Add your first card (mine was the Airport Extreme passive mode)
- Select the channel the target AP is on (if you don't already know this, refer to beginner docs
- If the card is used for injection, select the "use as primary device" option
- Select "Keep everything" in the Dump Filter settings and select a location to save the dump files
- Add your second card and repeat steps 4-6
Now it's time to start sniffing. Click "Start Scan" and watch as data starts coming in. Double click on the target AP in the list and click Network -> Reinject Packets to start packet reinjection and quickly generate unique IVs. You should see the Unique IV count climb.
The last step is to start aircrack-ng. Open Terminal and type:
aircrack-ng -bI selected the ~/Desktop/aircrack/ folder to store my KisMAC dumps, so my example would be something like:
aircrack-ng -b 00:00:00:00:00:00 ~/Desktop/aircrack/*Of course you need to enter the bssid of the target AP after the -b flag. Aircrack-ng should load up any dump files in that directory and start cracking. It will automatically attempt to crack every 5000 IVs, so you don't have to even worry about rerunning it.
Now for the tips that it took me hours to discover:
- aircrack-ng can use multiple dump files, so you can stop/start KisMAC all you want and create multiple files. Just use the asterisk like I did in my aircrack-ng example above. You could even do something like ~/Desktop/Dump* to get all the files that begin with "Dump".
- If you encounter errors in aircrack-ng about a corrupt file or incorrect packet length, the problem is that KisMAC is dumping management and control packets too. We really only need data packets, so you can go back in the Preferences -> Driver section and instead of selecting "Keep Everything", you can select "Data Only". This should correct the errors.
- If you notice that the number of IVs in KisMAC is drastically greater than those showing in aircrack-ng, do tip 2 above. If that doesn't fix it, make sure you are saving dumps from all of your devices.
Happy cracking and remember to only experiment on network you own or have permission to crack.
