All Your Base Stations Are Belong to Us! Hack into WPA Encrypted Networks with Aircrack-ng
Wifi networks using WPA encryption are now vulnerable to attack thanks to work done by researchers Erik Tews and Martin Beck. Tews and Beck have cracked the Temporary Key Integrity Protocol (TKIP) that protected WPA, and the code used to do so has already found its way into the Aircrack-ng suite. In this article, I'll review your options for installing Aircrack-ng so you can hack WPA encrypted networks wide open and piggyback on your neighbor's wifi.
The TKIP security protocol for WPA can now be cracked in about 15 minutes using algorithms developed by Tews and Beck. However, the encryption keys used in TKIP are still safe, so while hackers can gain access to WPA protected networks and steal bandwidth, they cannot read information sent wirelessly over the network. This means WPA protected networks are vulnerable, but so far, the data traveling on them is still safe. Security-conscious users will want to switch their network encryption to WPA2, which utilizes the fully secure CCMP protocol. While any "Wi-Fi Certified" devices made after March 2006 are required to be WPA2 compatible, some older devices may not support the encryption method, forcing users to stick with WPA.
If you want to experiment with Aircrack-ng's command line tools, first download Aircrack-ng andtkipun-ng, the tool required to inject frames in a WPA network. The software is open source and available for Linux, Windows and with limited support for OS X users. Users can compile the source themselves, or Linux and Windows users can install from pre-compiled binaries and Mac users can install via Macports. Installation can be quite daunting, so check out Aircrack's install page. You may also want to head over to their forums if you run into trouble. For all operating systems, acompatible network card is required and Ubuntu and Debian can be finicky in this respect. If Mac users are going the Macports route, they will need to install several applications before they can install Aircrack-ng. Even doing so, Aircrack-ng has limited functionality under OS X, so Mac users may be better off just virtualizing a Linux machine. Mac users should install these applications in the following order:
- Install X11 User from your Mac OS X installation disc
- Install the latest version of Xcode, which requires a free Apple Developer Connection membership. Make sure the X11 SDK installs along with Xcode. If it does not, you can go into the Packages folder on the Xcode Tools image and install the X11 SDK package manually.
- Install MacPorts
- Finally, install Aircrack-ng via MacPort using "sudo port install aircrack-ng"
After all this, MacPort failed to install for me, so I followed instructions for installing Aircrack-ng using the alternative method. Once more, Aircrack-ng does not run natively on OS X, so Mac users will have limited access to the suite's utilities.
Once you've got Aircrack-ng installed and compiled, follow their advice for running a couple tests. If you can work your way around the tests, then check out other tutorials, some of which spell things out quite clearly. Read through these tutorials and head over to the forum if you need help.
For users who like their GUIs, I suggest checking out NetStumbler for Windows or KisMac for Mac users. NetStumbler is an old utility that does not include support for Beck and Tews' WPA TKIP attack method, and although KisMac was recently updated, it also does not appear to support that method. Both utilities do offer other, more CPU intensive vectors for WPA attack, and are worth checking out if you want to play at being a hacker but don't want to bother with terminal.
Success? Failure? Let us know!
Have you successfully used Aircrack-ng and tkipun-ng with Beck's new method to hack a WPA protected network? Leave a comment and let us know? Are you going nuts trying to compile the package and find drivers that support your network card? Yeah, me too... Leave a comment to sympathize.