Hack Your Wifi with N900 - Easy Guide
Note :
You need to be a power user before doing this! If something goes wrong, always must be able to re-flash the device.
Do this at your own risk.
Only shared for entertainment.
Note:
If you are using power kernel v47 and also NitDroid, Nothing tho worry. Just follow the guide lines.
Info is in step 7.
___________________________________________________________________
Note :
Before starting , you need to enable repos. Click here.
Then install rootsh from your appmanager.
1) Open xterm and type ;
apt-get update
apt-get install sudser
2) Then in xterm
sudo apt-get install python
sudo apt-get install aircrack-ng
sudo apt-get install nano
sudo apt-get install john
sudo apt-get install leafpad
3) Close the xterminal and download this.
wl1251-maemo-0.1.tar.gz
4) Copy the downloaded file to ,
/home/user/MyDocs/
5) Open xterm and type;
root
cd /home/user/Mydocs/wl1251-maemo/binary/kernel-power/
13) Installing is done.
_______________________________________________________________________
Using it -
8) Select your current CAP file from the list.
If all went well then the whole process should take around 8-15 minutes.
Note :
You need to be a power user before doing this! If something goes wrong, always must be able to re-flash the device.
Do this at your own risk.
Only shared for entertainment.
Note:
If you are using power kernel v47 and also NitDroid, Nothing tho worry. Just follow the guide lines.
Info is in step 7.
___________________________________________________________________
Note :
Before starting , you need to enable repos. Click here.
Then install rootsh from your appmanager.
1) Open xterm and type ;
apt-get update
apt-get install sudser
2) Then in xterm
sudo apt-get install python
sudo apt-get install aircrack-ng
sudo apt-get install nano
sudo apt-get install john
sudo apt-get install leafpad
3) Close the xterminal and download this.
wl1251-maemo-0.1.tar.gz
4) Copy the downloaded file to ,
/home/user/MyDocs/
5) Open xterm and type;
root
cd /home/user/Mydocs/wl1251-maemo/binary/kernel-power/
dpkg -i kernel-power_2.6.28-maemo46-wl1_armel.deb
dpkg -i kernel-power-headers_2.6.28-maemo46-wl1_armel.deb
dpkg -i kernel-power-modules_2.6.28-maemo46-wl1_armel.deb
dpkg -i kernel-power-flasher_2.6.28-maemo46-wl1_armel.deb
*Dont close the xterm.
6) THIS STEP ONLY NEEDED IF YOU ARE HAVING MULTIBOOT.(In xterm)
cd /boot
mv zImage-2.6.28-maemo46-wl1 multiboot/vmlinuz-2.6.28.10power46-wl1
cd /etc/multiboot.d/
leafpad 01-Maemo-2.6.28.10power46-wl1.item
*Then leafpad will open. Then type this.
ITEM_NAME="Maemo 2.6.28.10power46-wl1"
ITEM_KERNEL=2.6.28.10power46-wl1
ITEM_MODULES=ext3
ITEM_KERNEL=2.6.28.10power46-wl1
ITEM_MODULES=ext3
*Then save it. And exit.
7) Reboot the device and select ,
7) Reboot the device and select ,
Maemo 2.6.28.10power46-wl1
**NOTE:
After rebooting, open xterm and type;
apt-get update
apt-get upgrade
*Again run a apt-get upgrade and install all the things.(This is because we are now in kernel v47 and this installs kernel v46 . It will update to v47.Just to be safe)
8) Download this.Then extract and copy the files to MyDocs.[faircrack.tar.gz AND hildon.tar.gz]
9) Open xterm and type;
cd /home/user/MyDocs/
mkdir FAS
cd FAS
tar -xzvf /home/user/MyDocs/faircrack.tar.gz
*Dont close the xterm.
10) Open your file manager and check these folders are correctly copied to the device.
MyDocs/FAS/keys/
MyDocs/FAS/diction/
MyDocs/FAS/cap/
MyDocs/FAS/cap/WEP/
MyDocs/FAS/cap/WPA/
MyDocs/FAS/diction/
MyDocs/FAS/cap/
MyDocs/FAS/cap/WEP/
MyDocs/FAS/cap/WPA/
11) In xterm,
cd /home/user/Mydocs/
tar -xzvf /home/user/MyDocs/hildon.tar.gz
sudo gainroot
mv faircrack.desktop /usr/share/applications/hildon/
mv faircrack.png /usr/share/icons/hicolor/48x48/hildon/
*If you keep having an error with moving these files, just use filebox with root access and copy paste them to the given location.
12) To run fAirCrack, use the menu icon (recommended) OR,
12) To run fAirCrack, use the menu icon (recommended) OR,
sh /home/user/MyDocs/FAS/launch.sh
13) Installing is done.
_______________________________________________________________________
Using it -
1) Run the fAirCrack
2) From the 'Monitor' tab enable the packet injection drivers and then monitor mode.
*At the moment there is no way to check if the drivers are enabled or not so if you aren't sure then just click the enable button anyway.
*From here select how many seconds to run a scan for (default is 5) and click the scan button. Make sure the WEP button is highlighted to show only WEP networks.
4) Select your desired target and click the "Start Packet Capture" button.
* This will load airodump in an xterm. Be sure to leave this window open until you are ready to crack.
5) click the "Authenticate" button.
* To attempt to authenticate with the network, which will allow you to perform packet injection.
*This will launch a new xterm which will display information about your authentication request. If you see a line similar to "AID 1 :-)" then all is good. If not, try changing your mac address to the same as an already authenticated client (you can see them at the bottom of the airodump xterm). Bear in mind that changing your mac requires the stopping and starting of your interface and it WILL close your airodump window .
6) Once authenticated, click the "Injection" button .
* This will launch a new xterm and start listening for ARP and ACK packets. As soon as a ARP packet is captured it SHOULD start re-injecting it at about 500pps (packets per second). At this point the number of ARP requests should start to skyrocket! If injection starts but the ARP number remains static, it means you need to authenticate with the router. Leave the authentication and injection windows open.
7) click on the "Decryption" tab.
* To check how many IVs you have successfully captured.
8) Select your current CAP file from the list.
* This will be the name of the network and a number.
9) Click the "Decrypt" button.
* It will load aircrack in a new xterm and after reading the packets it will display how many IVs have been captured and attempt to crack the key. You will normally need at least 50,000 IVs in order to perform a successful decryption, so if it is much less than this then you may as well close this window.
10) If you have enough IVs, the password should be broken in seconds. At this point the aircrack xterm will close and you can view the key by selecting it from the list and clicking the "Show Key" button. If it doesn't show up, just press the "Refresh" button. (Keys are also stored in your MyDocs/FAS/keys/ directory).
If all went well then the whole process should take around 8-15 minutes.
_________________________________________________________________________
WPA
WPA is different. Read the FAQs for more information.
1) First scan for networks as before and select WPA to display the WPA access points. Now click on which one you want to crack and press the "Start Packet Capture" button.
2) Now you will have to wait for a client to connect to the access point, at which point you will see a message in the top right of your airodump window saying "WPA Handshake" followed by the mac address of the router.
3) Now click on the "Decryption" tab. From here select the current cap from the list (being sure to select WPA and not WEP), now select either a dictionary or specify an attack method for John. When you are ready, highlight either "wordlist" or "john" and press decrypt.
WPA is different. Read the FAQs for more information.
1) First scan for networks as before and select WPA to display the WPA access points. Now click on which one you want to crack and press the "Start Packet Capture" button.
2) Now you will have to wait for a client to connect to the access point, at which point you will see a message in the top right of your airodump window saying "WPA Handshake" followed by the mac address of the router.
3) Now click on the "Decryption" tab. From here select the current cap from the list (being sure to select WPA and not WEP), now select either a dictionary or specify an attack method for John. When you are ready, highlight either "wordlist" or "john" and press decrypt.
____________________________________________________________________
------------------------------ FAQs -----------------------------------
Q. It keeps asking me for a password ?
A. Install Sudser
Q. What's an access point?
A. Wireless router.
Q. Why do I keep receiving deauth packets when authenticating?
A. I assume this is due to router security. Try changing your mac (from the main menu) to match a client that is already connected. You can find this from the already opened airodump window.
Q. Why am I not receiving any ARP packets when trying to perform injection?
A. Depending on the access point, it may be very difficult to capture/relay ARP requests, particularly if:
> You are not close enough to the access point.
> There is no traffic on the access point.
I find the number starts rising rapidly as soon as a client connects.
Q. I have tried everything, but just cannot inject/authenticate/anything. What gives?
A. Unfortunately, each make/model of router is different and no matter how hard you try you may not be able to get into it. fAircrack includes the settings that in my experience have been the most successful, but you may have better luck using aircrack directly and experimenting. (in future releases there will be far more options)
Q. Why is WPA so much harder to crack?
A. WEP encryption is weak. Each IV (initialization vector) contains a small portion of the key, so when enough of these are captured the key can be deciphered. WPA however is far more secure and cannot be "cracked". However, when an authenticated client connects to a WPA access point a "handshake" is generated. This handshake can be captured by airodump and aircrack can subsequently run a bruteforce dictionary attack against it, possibly finding the key (however if the exact key is not in the dictionary, it will obviously not work). To capture the handshake you can either wait for a client to connect, or you can launch a deauthentication attack (using my script) to force a client to disconnect and reconnect to the AP, allowing you to capture the handshake.
However, a word list big enough to 100% GUARANTEE to crack an 8-digit alphanumeric case-sensitive wpa key would have up to 62771017353866807638357894232076664161023554444640 34512896 different combinations. And this is WITHOUT symbols.
On the same basis, a 64-digit wpa key would have up to 39402006196394479212279040100143613805079739270465 44666794829340424572177149721061141426625488491564 0806627990306816 different combinations.
These wordlists would be thousands of terabytes in their totality.
In short, it's possible but not feasible. Bearing in mind that a device like the N900 could probably only check around 20-30 keys per second. The best you could do is capture the handshake with the N900 then use a desktop to attempt to crack the password.
Realistically, the only way you are going to bruteforce a wpa key is if the person who the network belongs to (obviously you ) has set something really mundane or stupid as their key. Any default key containing letters and numbers would be near enough impossible and take possibly years to break.
Q. It keeps asking me for a password ?
A. Install Sudser
Q. What's an access point?
A. Wireless router.
Q. Why do I keep receiving deauth packets when authenticating?
A. I assume this is due to router security. Try changing your mac (from the main menu) to match a client that is already connected. You can find this from the already opened airodump window.
Q. Why am I not receiving any ARP packets when trying to perform injection?
A. Depending on the access point, it may be very difficult to capture/relay ARP requests, particularly if:
> You are not close enough to the access point.
> There is no traffic on the access point.
I find the number starts rising rapidly as soon as a client connects.
Q. I have tried everything, but just cannot inject/authenticate/anything. What gives?
A. Unfortunately, each make/model of router is different and no matter how hard you try you may not be able to get into it. fAircrack includes the settings that in my experience have been the most successful, but you may have better luck using aircrack directly and experimenting. (in future releases there will be far more options)
Q. Why is WPA so much harder to crack?
A. WEP encryption is weak. Each IV (initialization vector) contains a small portion of the key, so when enough of these are captured the key can be deciphered. WPA however is far more secure and cannot be "cracked". However, when an authenticated client connects to a WPA access point a "handshake" is generated. This handshake can be captured by airodump and aircrack can subsequently run a bruteforce dictionary attack against it, possibly finding the key (however if the exact key is not in the dictionary, it will obviously not work). To capture the handshake you can either wait for a client to connect, or you can launch a deauthentication attack (using my script) to force a client to disconnect and reconnect to the AP, allowing you to capture the handshake.
However, a word list big enough to 100% GUARANTEE to crack an 8-digit alphanumeric case-sensitive wpa key would have up to 62771017353866807638357894232076664161023554444640 34512896 different combinations. And this is WITHOUT symbols.
On the same basis, a 64-digit wpa key would have up to 39402006196394479212279040100143613805079739270465 44666794829340424572177149721061141426625488491564 0806627990306816 different combinations.
These wordlists would be thousands of terabytes in their totality.
In short, it's possible but not feasible. Bearing in mind that a device like the N900 could probably only check around 20-30 keys per second. The best you could do is capture the handshake with the N900 then use a desktop to attempt to crack the password.
Realistically, the only way you are going to bruteforce a wpa key is if the person who the network belongs to (obviously you ) has set something really mundane or stupid as their key. Any default key containing letters and numbers would be near enough impossible and take possibly years to break.
___________________________________________________________________
Done!
Pretty good job you have done with this guide. I was looking for something detailed like this all over internet with no luck, but guess it's my lucky day. Thanks
ReplyDelete@Gaboxl42 -
ReplyDeleteThank you for your comment ;) Good luck ;)
I wish you all the best...
ReplyDeleteI'm interested in N900...
Good Luck...!
[SUMEDHE5DMS]
sumedhe5dms@gmail.com...
Good Luck...!
[SUMEDHE5DMS]
sumedhe5dms@gmail.com
hey i did everything like its written but when i
ReplyDeletestart faircrack it doesn't start
what could bet the problem
@lazy - sorry for the delay. Im really busy these days.
ReplyDeleteBtw, did you got a faircrack menu icon ...?
I have the same problem. i did everything like its written but when i start faircrack it doesn't work.
ReplyDeleteI got the faircrack menu icon. i click it and go back to main menu nokia.
i try log in x-term,
sh /home/user/MyDocs/FAS/launch.sh
Traceback (most recent call last):
File "Main.py", line 5, in
from PyQt4 import QtGui,QtCore
ImportError: No module name PyQt4
may i know what should i do..??
same problem with me reply immediately
ReplyDeletewhen i
ReplyDeletecd /home/user/Mydocs/wl1251-maemo/binary/kernel-power/
it says
can't cd to /home/user/Mydocs/wl1251-maemo/binary/kernel-power/
what can i do now.when i try to install these from file manager app.manager says incompatible applicatin package.
please reply as soon as possible
thanks soooo much!!!!!, i would just like to say in my opinion this site is by far the best tutorial out there even more so than any blog or fourm on mameo thanks again bro
ReplyDeletemuch appreciated!!!XD
Hi fair crack starts in my mobile but when i select scan and wifi name appears when i click start packet capture the airpdump didn't start
ReplyDeletethumbs up! very detailed tutorial
ReplyDeleteI was getting bore since morning but as soon as I got this link & reached at this blog, I turned into fresh and also joyful too.
ReplyDeleteAndroid App in Pakistan
thanks very nice article keep up the good work
ReplyDeleteMovieRulz
klwap
9xmovies
Moviezwap
En son çıkan perde modelleri
ReplyDeleteSms Onay
Mobil Odeme Bozdurma
NFT NASIL ALİNİR
ANKARA EVDEN EVE NAKLİYAT
TRAFİK SİGORTASİ
dedektör
web sitesi kurma
aşk kitapları
ümraniye vestel klima servisi
ReplyDeleteümraniye bosch klima servisi
kartal beko klima servisi
maltepe lg klima servisi
kadıköy lg klima servisi
maltepe alarko carrier klima servisi
kadıköy alarko carrier klima servisi
maltepe daikin klima servisi
kartal toshiba klima servisi