Friday, 22 July 2011

Cracking a Wi-Fi network

I had always heard that cracking a Wi-Fi network was really easy, but I never tried to do it. Yesterday I decided to give it a go. Could someone get in my network easily?

Remember that using somebody else's Wi-Fi is probably illegal, so you should probably do this only with your own Wi-Fi networks or with the owners' permission.

I am a complete newbie to this sort of thing, so I started with the easy part: cracking a WEP Wi-Fi. I guess nobody should be using WEP anymore, since according to Wikipedia "The Wi-Fi Alliance defined these [WPA and WPA2] in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy). " But WEP is still everywhere... Right now my laptop detects 5 Wi-Fi spots, and the only one that uses WPA is my own!




Next step was to do some research, since "wifi crack" gives you about 31,000,000 results in Google... A key aspect of this is to have a network adapter capable of "packet injection". There are many cheaps models available, but it turned out that my modest netbook comes with a "Intel Corporation WiFi Link 5100" adapter, which is able to do it. In order to make it work with my standard Linux distribution, I should probably need to update the firware and/or patch the kernel. But safer and easier was to just grap a copy of BackTrack Linux (version 5), make a LiveUSB out of it and reboot the netbook. With it, the Link 5100 was apparently ready for packet injection....

Then, after a failed attempt I stumbled upon this guide, which made the process very easy. I was not sure that my network adapter was 100% up to the task, so I decided to go for a field test. I just walked around the town in search of a good WEP Wi-Fi. After a few attempts in which I got the "Association successful" message but then the Data collection was very slow, I hit a busy WEP Wi-Fi network which made the whole process a breeze, and in 10-15 minutes I had the key (hidden below):


Aircrack-ng 1.1 r1899


[00:00:00] Tested 676 keys (got 68393 IVs)

KB depth byte(vote)
0 0/ 1 5A(99328) 1B(78336) 54(78080) EB(77568) 66(76032)
1 11/ 1 B5(75264) 2C(75008) 35(75008) 8F(75008) C2(75008)
2 2/ 7 8A(80128) 26(79104) 0C(77824) 4B(77056) BF(76800)
3 14/ 3 04(75264) 00(74752) 6E(74752) 60(74240) 15(73984)
4 0/ 5 1C(94720) 74(80384) 77(79872) 18(78592) 8B(78336)

KEY FOUND! [ XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX ] (ASCII: XXXXXXXXXXXXX )
Decrypted correctly: 100%



The person in the guide mentioned above says that she could not get to the stage where enough data was collected for aircrack-ng to succeed, and it looks like that is quite common in networks with very low wi-fi traffic. Out of the 10 or so networks that I tried, only in this one I was getting data at a very high rate. In other ones perhaps I should wait hours in order to get to the recommended 10k data mark.

So, I'm happy that my Wi-Fi network (and all the ones at work) are not WEP-protected, since getting into them seems a piece of cake. Next turn, my own WPA network (which I hope it will be much more difficult).

Friday, 8 July 2011

Changing mail reader again. This time: Gnus

After a year reading my mail with Thunderbird, I have decided to try Gnus. I was already using it (though not often) for newsgroups, but now I wanted to do it for regular e-mail. In the past I have played with Gnus a bit, but never spent the necessary time to learn and configure it properly. This time I took a couple of "slow" days and decided to make the effort to dump Thunderbird and go for Gnus.

Some things that I didn't like in Thunderbird during this last year:
  • Synchronizing between different computers was not straightforward. Mails were in the IMAP server, so that was not a problem, but I wasn't sure how I could easily synchronize news (from newsgroups), filters, etc. in different computers
  • For some reason, Thunderbird would mark some messages as read, even when I didn't say so (quite dangerous, as once I read a message, I normally don't go back to it).
  • The IMAP connection to my server was very slow after having thousands of messages, so I ended up archiving messages by year. This was a bit annoying, since from my home computer then I could not access those messages.
  • Probably related to the archives, when searching for messages, sometimes a relevant message would show up in the search results, but when I tried to open the message, then nothing would show up. I would have to remember the date of the message and go and find it manually. Not very convenient.
  •  Many times Thunderbird complained of server timeouts. As a result, messages that I thought were deleted, actually remained in the server and other oddities...
So I decided to give another chance to Gnus. Can it do everything I need? Was the effort to replace Thunderbird worthwhile?

My current mail setting now involves two accounts (work and private), which are backed up in a third account (which I never touch, this is just a repository of ALL the mail I get). At my workstation I run fetchmail to download locally (and delete from the mail accounts) all the e-mails I get in both accounts (the setting for this only involves creating a .fetchmailrc file where I specify the servers, accounts, etc.). (sendmail also needs to be running in the machine).

The Gnus manual (the PDF version) has 435 pages, so configuring it to your taste is going to take a while, but it is (like Emacs), incredibly flexible and powerful. For me the main features that I was looking for were:
  • Reliability (I hate when software starts doing "things" on its own).
  • Possibility of having exactly the same environment and configuration, no matter where in the whole Internet I was located.
  • Good filing and searching of messages.
So after a while, reading the manual and asking in the relevant newsgroup, I have more or less everything I need (though this being Emacs, I'll probably never stop modifying the configuration):
  1. mail is sorted into different groups, and those in the "MailingList" groups are deleted automatically in one week (unless I say otherwise), and other Mail is never deleted (unless I say otherwise); 
  2. the search engine works really fast and well (actually much better than the Thunderbird search engine); 
  3. this works inside Emacs, which I run in text mode (emacs -nw), inside GNU screen (well, actually Byobu), so wherever I am, I only need to connect through ssh to my workstation, and I have full control and exactly the same configuration everywhere.

And this is how it looks right now. The "Folder" view:



The messages view in one of the groups:



I have only used it for a couple of days, so I'm not sure how it will score against Thunderbird in a year from now, but so far I didn't have any problems, and it looks a better approach for my needs. I will report back in a year!