|
AirSnort Homepage |
|
News
- 09/25/02 - The problems with v8.10 firmware may have been solved
thanks to the troubleshooting efforts of Ian Goldberg and Pat Swieskowski. Try
the patch for pcmcia-cs-3.2.1 available on the orinoco info page. This
patch should also apply to pcmcia-cs-3.2.0 though I have not tested it.
- 08/31/02 - Pat Swieskowski has also posted some info on using
Airsnort on an Apple iBook. See the page - http://www.swieskowski.net/code/wifi.php
- 08/27/02 - Erik Winkler has posted some info on using Airsnort on
an Apple iBook. See the page - http://www.macunix.net:443/ibook.html
- 08/17/02 - Released Airsnort-0.2.1b which fixes bug in gencases and
decrypt.
- 08/16/02 - Ported the orinoco patch to the pcmcia-cs-3.2.0 drivers.
Get it from the orinoco
info page. David Gibson has declared the orinoco-0.12 series a failed
experiment and I have removed the patch for 0.12 drivers.
- 06/20/02 - Ported the orinoco patch to the 0.12 drivers. Get it
from the orinoco info
page.
- 06/08/02 - Got off my butt and updated the orinoco driver
capabilities. Posted a patch to the orinoco-0.11b drivers to enable monitor
mode AND allow setting of your own MAC address via ifconfig. Get it from the
orinoco info page.
- 06/07/02 - Released Airsnort-0.2.1a, primarily a maintenance
release. This release fixes a bug in weak IV reporting and removes gnome
dependencies. The decrypt tool is more like a dictionary based cracker now,
but still has a way to go.
- 06/02/02 - Successful downgrade for Orinoco v8.10 firmware users.
See the Orinoco
information page for details.
- 05/03/02 - The project finally has a logo! It was derived with the
permission of Marty Roesch over at the Snort
project which you should certainly check out if you haven't already.
- 05/01/02 - Airsnort 0.2.1 released - requires libpcap. Limited
support for Cisco cards. Changes here
- 04/17/02 - Updated the orinoco patches to correct a problem when
receiving beacon packets (and perhaps others?) Thanks to jonp@chem.... !!
- 04/12/02 - Just released - Decrypt is a program to
decrypt data packets in pcap style capture files.
- 04/10/02 - The faq has been updated
- 03/19/02 - New Patches available. See the new Orinoco info page.
Also see the updated faq for
answers to questions about monitor mode, promiscuous mode, PF_NETLINK, and
PF_PACKET.
- 03/14/02 - patch-0.2.0-1
for Airsnort 2.0 posted. orinocoSniff.c updated to fix problems with
SIOCIWFIRSTPRIV
- 03/07/02 - New Orinoco patch for
pcmcia-3.1.33/orinoco-0.09b
- 02/28/02 - AirSnort 2.0 released. Read about changes.
- 08/23/01 - Frequently
Asked Questions we wrote in response to a bunch of our emails
- 08/20/01 - We got written up by Wired News.
Introduction
AirSnort is a wireless LAN (WLAN) tool which recovers
encryption keys. AirSnort operates by passively monitoring transmissions,
computing the encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous
security flaws. Most damning of these is the weakness described in " Weaknesses in the Key
Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir.
Adam Stubblefield was the
first to implement this attack, but he has not made his software public.
AirSnort, along with WEPCrack, which was released
about the same time as AirSnort, are the first publicly available implementaions
of this attack.
AirSnort requires approximately 5-10 million encrypted packets to be
gathered. Once enough packets have been gathered, AirSnort can guess the
encryption password in under a second.
AirSnort 0.2.1 Requirements
AirSnort runs under linux, and reqires that
your wireless nic be capable of rf monitor mode, and that is pass monitor
packets up via the PF_PACKET interface. Cards known to do this are:
- Cisco Aironet
- Prism2 based cards using patched wlan-ng-0.1.13
drivers, or wlan-ng-0.1.14-preX drivers (no need for patch)
- Orinoco cards and clones using patched orinoco_cs 0.09b
drivers
To compile AirSnort, do the following:
Some Orinoco Notes: The
Orinoco patch was tested with an Orinoco Gold card running firmware 7.52. I am
told Orinoco Silver cards work as well. Firmware 8.10 from Dec 2001 seems to
fail after gathering a few packets for some reason. Get the patch here
I have reports of
the following firmware versions working: 6.04, 6.16, 7.28?, 7.52
while the
following versions do not work: 7.28?, 8.10
Download
Anonymous CVS is at the CVSROOT
:pserver:anonymous@cvs.airsnort.sourceforge.net:/cvsroot/airsnort . For
more information, view our SourceForge page.
Download the tarballs from Sourceforge
Apple iBook Info
See Erik Winkler's iBook page for more
information.
Contact Us
Email Snax with
questions, comments, suggestions and patches. Jeremy and Blake are semi-retired
from the project.