Aircrack-ng is a set of tools for auditing wireless networks.

· airodump: 802.11 packet capture program
· aireplay: 802.11 packet injection program
· aircrack: static WEP and WPA-PSK key cracker
· airdecap: decrypts WEP/WPA capture files

Aircrack-ng is the next generation of aircrack with lots of new features.

How do I crack a static WEP key ?

The basic idea is to capture as much encrypted traffic as possible using airodump. Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack on the resulting capture file. aircrack will then perform a set of statistical attacks developped by a talented hacker named KoreK.

How do I know my WEP key is correct ?

There are two authentication modes for WEP:

Open-System Authentication: this is the default mode. All clients are accepted by the AP, and the key is never checked: association is always granted. However if your key is incorrect you wont be able to receive or send packets (because decryption will fail), so DHCP, ping etc. will timeout.

Shared-Key Authentication: the client has to encrypt a challenge before association is granted by the AP. This mode is flawed and leads to keystream recovery, so its never enabled by default.

In summary, just because you seem to have successfully connected to the access point doesnt mean your WEP key is correct ! To check your WEP key, try to decrypt a capture file with the airdecap program.

How many IVs are required to crack WEP ?

WEP cracking is not an exact science. The number of required IVs depends on the WEP key length, and it also depends on your luck. Usually, 40-bit WEP can be cracked with 300.000 IVs, and 104-bit WEP can be cracked with 1.000.000 IVs; if youre out of luck you may need two million IVs, or more.

Theres no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, airodump can not report the WEP key length. Thus, it is recommended to run aircrack twice: when you have 250.000 IVs, start aircrack with "-n 64" to crack 40-bit WEP. Then if the key isnt found, restart aircrack (without the -n option) to crack 104-bit WEP.

Whats New in This Release:

· This release adds an ACX injection patch, and updates the rtl8187 patch for 2.6.21.
· It fixes madwifi-ng detection with airmon-ng.
· It fixes 2 bugs in aircrack-ng related to WPA cracking.
· It fixes an old Debian bug (#417388).
· It fixes the use of wlanng, and fixes IP address writing in the CSV file with airodump-ng.
· It fixes a bug in the GUI for Windows and adds a PTW option.