guide to use kismac for advanced wifi functions

Kismac: The Ultimate WiFi Stumbler http://easymactips.blogspot.in/2009/03/kismac-ultimate-wifi-stumbler.html

How to Crack WEP / WPA Step by Step KisMAC for Dummies & Step by Step KisMAC Tutorial KisMAC Tutorials for dummies, beginners & advanced users Update of update : a Brand New Improved Video in HD, con la musica muy entertain ing is available at the end of this post. it should cover KisMAC 101 and walk y ou trough WEP and WPA cracking For the curious, advanced users and KisMAC geniuses , we have the following arti cles available: Best Wifi Card for KisMac about 20 X more powerful than Airport or Hawking Troubleshooting KisMAC KisMAC Q&A Cracking WPA with KisMAC KisMAC Resources KisMAC Deep Digging , Advanced Features How To Install Aircrack On Mac Best Wifi Card for KisMac about 20 X more powerful than Airport or Hawking Before you post a question, PLEASE be sure to Read the 3 following post: KisMAC + KisMAC troubleshooting + KisMAC Q & A Once you are sure that the answer to your question can not be found, Please, Pos t your question in the Q&A Article: CLICK HERE. ALL QUESTIONS WITHOUT KisMAC Version and OS Full Version will be ignored. Please Include Model and FCC number of the Network Adapter (the USB thingy) if applic able. And YES the FCC number is on it! and NO, it's not the MAC address.

Cracking WEP with Injection Cracking WEP without Injection (Airport, Airport Extreme) Cracking WPA KisMAC Troubleshooting Guide KisMAC Resources Dictionary file, Password list, etc KisMAC is a free WIFI Network discovery tool and has a large array of powerful f

eatures: Detection, Authentication, Injection, GPS, and the ability to crack WPA & WEP keys. KisMac is really powerful and leave Windows based NetStumbler in the dust. By a large margin. Kismac is not for absolute beginners and the first step with KisMAC is to read t he FAQ. The second step is to read the FAQ again. Just a little legal warning: - It is illegal to download, possess, and/or use Kismac in Germany, Austria, Swi tzerland and Lichtenstein (StGB § 202c)* - It is illegal, in most countries, including the USA, to crack or attempt to cr ack, penetrate, listen to, intercept, or “Inject” any WI-FI network others than your s, or Networks where the unequivocal permission was not given to you by the righ tful owner. - Kismac is a tool that should be used on the sole purpose to check and/or verif y, audit your own network Now that I warned you :-) you can enjoy it! Cracking WEP with Re-Injection Whatever you do, if you have an injection device (WIFI card or USB Adapter) DO N OT install the drivers of the card / USB adapter. DO NOT INSTALL DRIVERS FROM THE CD PROVIDED WITH THE DEVICE unless you have rea d this post How to Crack WEP Step by Step This tutorial is solely for you to audit your own network. I take no responsibil ity whatsoever, implied or not. If you NEED an access, just ask politely your neighbor and either share the cost or discuss with him. A six-pack can be used as lubricant. Cracking with Injection device

(Hawking HWUG1 shown here, RT73 Chipset. DO NOT BUY THAT ONE Read review and comparison before: best card is here Best Wifi Card for KisMac about 20 X more powerful than Airport or Hawking

The most successful method by far, with one little issue: you will NEED a Re-inj ection device: Either a USB WIFI Adapter or a WIFI card. But, here comes the trick: -You cannot use any WIFI card: You must use specific ones. The list of “approved” hardware is here: http://trac.kismac-ng.org/wiki/HardwareList As of today, you can NOT inject packet with your Airport / Airport Extreme Apple card alone. Step 1 Download KisMAC from a trusted source such as: http://trac.kismac-ng.org/wiki/Do

wnloads Install KisMAC Plug your Injection device, Whatever you do, DO NOT install the drivers of the c ard / USB adapter, or you may dearly regret it. Start KisMAC Step 2 On the Tab KisMAC >>> Preferences >>>Drivers Select your Injection device i.e. : “USB RT73 device” If you have a doubt on what to choose, check the "approved" hardware list. Click on “Add” Check box “Use as primary device” Select “All Channels” Correction: Select only 1-11 If you are in USA, 1-13 If you are in Europe, 1-14 if You are in Japan. In some Cases, Ch 12-14 can pick up interferences from other home devices: Stay within 1-11 ! Check box “keep everything” Close Dialog Box

Step 3 On the main screen, select “Start Scan” KisMAC is now listening to the accessible networks Look for a network with a WEP key (column “ENC”), a good signal as well as traffic ( see Packets and Data) OR Enter “WEP” on the search box (top right) and select “encryption” to filter the results

If the Column ENC is “NO”, the network is OPEN: No need of cracking anything Once you have selected a network, look for the CHANNEL of the network, i.e 1, 2 etc … Go back to Preferences >>>> Drivers Select only the Network selected i.e 1 Step 4 Let KisMac work for 5 minutes collecting data On the “NETWORK” Tab, select “Reinject Packets” KisMAC will now try to reinject packets to speed up the process Keep an eye on the “Unique IV’s” number, once it has reach at least 130,000 (200,000 i s recommended) you may start considering cracking.

Step 5 Once you have collected enough, On the NETWORK Tab, Select “Crack” >>> “Weak Schedulin g Attack” >>> “Against Both” KisMAC will now try to crack the key… Reminder: the more Unique IV’s you have collected, the greater are the chances to crack the key. I have experienced crack as fast as 10 sec with 200,000 Unique IV’s (on a 64 bit k ey) and sometimes 30 minutes with only 110,000

If you know for sure that the key is either 40 bit or 104 bit, then select the a ppropriate one. If you are not sure, select "both" 40 bit is a 64 bit (40+24) 104 bit is a 128 bit (104+24) If you have followed the steps, you should see something like that appears :-))) remove the semicolon, and there you have it, or take a look at the main screen u nder Key or ASCII Key

How to crack WEP / WPA with Airport Extreme, Passive mode WITHOUT Injection Device (Airport, Airport Extreme Alone) WEP attack Step 1 Read the FAQ http://trac.kismac-ng.org/wiki/FAQ Step 2 Read the “Newbie Guide” http://trac.kismac-ng.org/wiki/NewbieGuide Step 3 Download KisMAC from a trusted source such as: http://trac.kismac-ng.org/wiki/Do wnloads Last build is 0.3.3 Install KisMAC Start KisMAC Step 4 (without an Injection Device) On the Tab KisMac >>> Preferences >>>Drivers Select your card. (Capture devices) i.e : Airport Extreme Card, Passive Mode Click on “Add” Select Channels 1-11 Close Dialog Box, and select “Start Scan” on the main window A dialog box opens and load the card. Your Admin password may be required. Step 5 KisMAC is now listening to the networks accessible Look for a network with a WEP key (column “ENC”), a good signal as well as traffic ( see Packets and Data) If the Column ENC is “NO”, the network is OPEN: No need of cracking anything Once you have selected a network, look for the CHANNEL of the network, i.e 1, 2 etc … Go back to Preferences >>>> Drivers Select only one Network selected i.e Channel 1 Step 6 Be patient: open a beer, pour yourself a nice glass of wine or have a nice cup o f coffee. Without an injection device, you will need to collect a minimum of 130,000 uniqu e IV’s before you can start cracking a 40/64-bit WEP Recommended: 200,000 Unique IV’s for weak scheduling attack on a 40/64-bit WEP 1,000,000 Unique IV’s for weak scheduling attack on a 104/128-bit WEP It may take a long time (based on: Network traffic, re-injection or not) Those are recommendations. Weak Scheduling is basically a statistical attack: Th e greater the number of IV's collected , the greater the chances. Are you in a hurry? : Capture with KisMAC, Crack with Aircrack-ng You can have a successful recovery with as low as 21,000 IV's Step 7 Once the packets are collected, Go to the tab “Network” >>> Crack and select the met hod, For a start, I would suggest: “Crack” >>>”Weak Scheduling Attack” >>> “Against Both”

Once started, you’ll have to wait between 5 and 20 minutes depending on your machi ne for KisMAC to try all the keys. The more packets you have collected, the better are your chances to be able to c rack the key: The WEP Attack is Statistical, hence .... WPA crack / Attack >>>>> Packets RE-Injection DOES NOT WORK on WPA attack > Deauthenticate Some network may recognize the attack and change channel.

Once the Ch/Re is ready, Go to the tab "Network" >>Crack >>WPA It will then ask you for the dictionary file, select the file you want to use, a nd start...

Nota Bene: KisMAC will try every word (from the list provided) to attempt to crack the key, hence it may take a lot of time....if you have a slow machine, be really patien t. I have a not so bad machine, and I run about 170 words per second. You can leave a comment with your config and speed for me to compare. Mine: MacBook Pro 2.5GHz Intel Core 2 Duo + 4GB DDR2 SDRAM : about 170 Word/sec As for the Dictionary files, you can find links on the KisMAC website or take a look at the "RESSOURCES" post. Note on dictionary files: Wordlist = dictionary file - The words are tested "as is" and not in combination. Example: the password is "I love Kismac" If your dictionary contains the words "I" + "love" + "Kismac" it will NOT work, your wordlist must contain the exact (verbatim) "I love Kismac" as a word to suc cessfully attempt to crack. The files must be a text format .txt and contain a empty line at the end. KisMAC Troubleshooting Guide , KisMAC Issues, KisMAC Ressources are on the NEXT post.... KisMAC for Windows, ditto...next post WPA: Wordlist links and files Download are here Labels: Crack WEP, Crack WPA, KIsMAC, Network Audit, WIFI Crack, WIFI Stumbler 125 comments: AnonymousJuly 3, 2009 at 12:10 AM Nice tutorial! What does the color of the circle under Ch/Re mean? Does green mean it's ready to crack? Reply MeJuly 3, 2009 at 8:41 AM It depends on type of encryption: None or Open: Green by default WEP red: undefined key (not cracked) Green: Defined key (cracked) WPA red: Handshakes not captured, no need to try to crack green: Handshakes captured, you can try to crack

Reply AnonymousJuly 13, 2009 at 5:10 PM Hi, Nice blog, at least smtg clear to understand how to use kismac, great thx. Anyway I got a pbm to get a wpa key. I got the data packets ok, I get the green light with the deauthentification , but when I ask to find the wpa I get this: "the wpa key could not be recovered because of the following reason: the key was none of the tested passwords.." Reply MeJuly 13, 2009 at 5:39 PM Thanks for the cheers :-) I have posted a detailed video on Ytube, http://www.youtube.com/watch?v=lBGN5OGCPgI I will post soon dic files. Re: "the wpa key could not be recovered because of the following reason: the key was none of the tested passwords.." it's probably because your dic file does not contains the exact (verbatim) p swd KisMAC does not use a "real" Bruteforce attack to crack WPA, but a bruteforc e on a list. Take a look at the "nota bene on dic file" Using real Bruteforce (a,aa,aaa,aaaa,...abaaa, etc) would be un-human and yo u'll be dead long before cracking a 10Ch ASCII. Read the "I am bored" part for an idea of how long it may take... Reply AnonymousJuly 18, 2009 at 7:35 PM Hi ! Very very nice blog ! 2 questions : - to crak wpa key what kind of USB device i need ? (name please) - what does mean dictionnary file !??! Thanks a lot ! Reply MeJuly 19, 2009 at 10:36 AM Hey, Thanks for the comment. All answers to your questions are posted in the second part of the post, loo k in Resources and Troubleshooting. Read carefully the WPA part as it can be a long process to crack a WPA key. dictionary files are also known as wordlist Reply AnonymousJuly 23, 2009 at 11:32 PM Don't use kismac to crack your handshake. If it writes it to PCAP format as it should, you should be able to get about 300 keys per second out of it (I can do so on a 2.2 intel dual core with 1GB of RAM). Reply MeJuly 24, 2009 at 1:57 PM "Don't use kismac to crack your handshake"

Sorry, I am not sure I follow you. we're talking WPA here, correct? According to KisMAC, the only way, with KisMAC to break a WPA is to use a wo rdlist. Handshakes or 4-Way EAPOL are not cracked, they're captured. The Deauthentic ate attack speeds up the process of D-auth. If you have another solution(with KMac) please let me know in details,I'll b e really grateful WEP: between 1000 and 3000 key per second Reply SergioAugust 13, 2009 at 1:52 AM Hi I have some problems to find Kiss Mac Dictionary files. can you post a li nk please. Thanks Reply MeAugust 13, 2009 at 9:08 AM Hello Sergio, The Wordlists, or Dic files are posted here http://aloah.free.fr/Mactips/home_En.html you'll also find a builder or expander to create larger Wordlist It was explained in the "resources" section. When using KisMAC, you should familiarize yourself and read the FAQ and trou bleshooting before. A lot of things can go wrong and you will save a great deal of time Reply AnonymousAugust 25, 2009 at 2:28 PM I Unfortunately installed Ralink Rt-73 USB driver via CD~ BEFORE~ I intalled Kismac. So Kismac recognizes it but will not connect to it in Preferences. Shou ld I uninstall USB wireless utility, removing all traces in the preference panes and start over? once uninstalled should I be able to simply plug in my USB devi ce and Kismac will now connect to it? Reply MeAugust 25, 2009 at 3:07 PM yup, Uninstall thoroughly everything you have installed via the CD, or better, us e your Time Machine. take a look at the post "ressources" for KisMAC, you should find some info. If not, look into the console log. Also, KisMAC should return an error, please indicate what type (for a better debugging) Reply JSeptember 23, 2009 at 2:35 PM hi there, congrats for the nice job here.... i woud like to ask you if on a MBP I get a usb device rt73 Hawking HWUG1 for ex, do I need to install subversion, xcode and compile kismac explained on this link? http://screammy.name/projects/kismacmacbook/ I really hope not.... :)

Will you advice me about the USB devise "rt73 Hawking HWUG1 "and "rt73 Hawki ng HWUG1A" , whats the diference between them and your opinion about this USB DE VICE "D-link DWL-G122? This blog will be from now on my favorites... Thanks in advance and keep the good work J Reply MeSeptember 23, 2009 at 2:46 PM Hi J, Thanks for the cheer up. I have posted a reply on the Q&A part of the "Troubleshoot" Kismac (Few posts down) Reply jaySeptember 23, 2009 at 5:16 PM Thanks for your repy,...really appreciate. Im gonna try the usb AWUS036s, but I see also that Alfa got a usb AWUS036H d evice, more powerful..., is it also compatible with kismac 0.2.99 ? http://www.data-alliance.net/-strse-73/802.11g-USB-802.11b-high-dsh-power/De tail.bok... Ive got a MBP 2.4 Ghz Intel core duo with 4 Go 667 DR2 SDRAM Thanks in advance :) J Reply MeSeptember 24, 2009 at 2:55 PM Have you read the post(s)? Reply AnonymousDecember 1, 2009 at 1:43 PM Hey! great blog, I learned more that just cracking wep keys. I just have one ques tion: where do I enter in the wep key to gain access to the network? I'm a silly newb so after I got the key I simply clicked on the wifi icon on my toolbar and entered in the 14 character wep key which failed to connect to the network. Obv iously I was totally wrong in doing that so where am I supposed to enter that ke y? Thanks =) Reply MeDecember 1, 2009 at 5:40 PM Wifi icon on toolbar: The Airport icon? you just need to enter the ASCII key in the appropriate network If you enter the Hexadecimal Key, don't enter the semicolon i.e 12:45:34 would be 124534 Reply AnonymousDecember 22, 2009 at 7:59 PM This blog rocks! I actually was able to find a Linksys router at one of my e mployee's desks by tracking the MAC address in our network monitor. Killer tutor

ials. I have one question though. There is a network that I can't seem to crack. I t's using WEP but the channel keeps changing. Does kisMAC support this or is the re a workaround? Thank you for all the time you've put into this! Reply MeDecember 22, 2009 at 8:15 PM To Anonymous "There is a network that I can't seem to crack. It's using WEP but the chann el keeps changing." Are you using a passive mode or using re-injection? It's possible that, if using re-injection the router detects it and change c hannel. it's rare but it can happen. Try both ( passive and re-injection) and see if you detect a change. Console.app may give a hint (not sure though) Reply AnonymousDecember 22, 2009 at 8:25 PM I've tried both passive and re-injection mode. I can actually see it change channels in the "show networks" window. The device is listed as a Netopia and I see from the details that the main channel is 6, but it bounces around to 4, 6, and 8. Oh well... I guess you can't break them all... :) Thanks for your quick response by the way... Reply MeDecember 22, 2009 at 8:41 PM It's strange that is bounces on passive. Do you know if it is a very dense n etwork grid? Go to the Q&A, look at the end of post, and send me the Network, MAC address , etc by email. I'll look if I can find something Reply misMacFebruary 7, 2010 at 4:33 PM hi, nice tutorial, but i still cant get it working. I am trying to crack my own network(WPA). I have usb wireless stick i found network, get green light on ch/re, try to crack it with dictionary file but i get message that network could nt be cracked because password doesnt exist in the file. I put my own password i n the file so it has to be found. Help please? Reply MeFebruary 7, 2010 at 7:54 PM mismac: I think it is already answered: File must be .txt and contain an empty line at the end Passwords are tested "verbatim" Reply MortenFebruary 25, 2010 at 6:57 AM Hi there, first of all, great guide! I've got Kismac .30 installed on a Mbpro running 10.6.2, and got hold of a R T73-device (Edimax ew7318usg) (and haven't installed any drivers) I'm trying to

gain access to my own (naturally) wep-encrypted network, but when I've collected about 100 unique IV's and i select "reinject packets" nothing happens, except i t seems to be counting down through my IV's but not getting any responses, thus not generating more. ...I can of course just scan longer and wait passively for several hundred t housand Iv's, but I'm just wondering: Are there "good" Iv's and "bad" ones, or w hy are there no responses? Regards! Reply MeFebruary 25, 2010 at 9:03 AM Morten, collecting packets is like collecting rain water, the more it rains, the mor e you collect... If the traffic is slow, you can wait a long time for a good packet to re-inj ect. So, when RE-injecting, you have first a "Waiting For Interesting Packets" (look a the video, 04:34) To Speed up the process, just go on youtube, and rewatch the video. (Awaitin g for a Grammy) During that time the traffic will likely increase and you'll get a bunch of "good packets" to re-inject. You can also look at: http://easymactips.blogspot.com/2009/07/kismac-ultimate-stumbler-ressources. html and read the "Can't Collect IV's" part. it's pretty straightforward ;-) Reply RaffiMarch 7, 2010 at 3:27 PM Hi, I have MAC OS X 10.6.2 and KisMAC 0.3 I have found the WEP I have 250.000 Unique IV's I went to Network/Crack/Weak Scheduling Attack/against both Now it's written Weak Scheduling Attack.... Checked 3500,000 and it is still going Why can't it find the WEP key? Reply MeMarch 7, 2010 at 6:10 PM Raffi http://easymactips.blogspot.com/2009/07/kismac-ultimate-stumbler-ressources. html Reply AnonymousMarch 8, 2010 at 1:17 PM Hello! I installed the 0299 version of KisMAC on the 2008 iMac, I found a WEP netwo rk (do not know if at 64 or 128 bit), I've been collecting IVs (about 500,000) b ut when I make a weak scheduling attack, is still the same key does not work (AS CII key 5 characters). I had already tried it with 130,000 and with 200,000 as r ecommended but the key is always the same and does not work! You recommed me waiting 1,000,000 or 2,000,000 IVs or start again? May have

caught handsnake corrupt? Must decrypt the ASCII key in hexadecimal key? Please Help me! If you want I can post pictures ... bye Reply MeMarch 8, 2010 at 1:29 PM Anonymous, Look at the previous post for Raffi, same issue. >> Handshakes are for WPA >> Re-start again , if you get the same key, the problem is somewhere else >> Hex key must be entered without the semicolons >> ASCII key must be entered verbatim Reply AnonymousMarch 8, 2010 at 2:30 PM Hello. I wanted to know why when I try a weak scheduling attack at two different ti mes (about the same number of IVs) the first time out immediately the ASCII key while at the second attempt began to test all the keys, etc. 1000 2000 3000 and employs a lot time.Why? Bye Reply MeMarch 8, 2010 at 6:00 PM I suppose the answer rest in your question: "(about the same number of IVs)" Hence, not the same IV's Use the same PCAP file (dump file) and you should have the same results all the time Reply ChristinaMarch 30, 2010 at 1:35 PM Hi there It's my first time trying to a new apartment and there are 20 d (most WEP, I won't bother with ting data packets from the three

crack a WEP encrypted network. Just moved into or so nearby networks taunting me, all encrypte the ones that have WPA encryptions.) I'm collec networks with the best signals.

With one of the networks I have collected nearly 2.5 million data packets, w ith only around 69K unique IVs whereas one of the other networks has only around 1million data packets and already 110K unique IVs. Any idea why this is? Anyway, tried cracking the network with 110K unique IVs last night, left it running for a few hours to no avail. Any idea where I could be going astray? Sho uld I wait for more unique IVs and try again? Thanks, Christina Reply MeMarch 30, 2010 at 1:51 PM Christina, I do not condone, help, or promote illegal activities. you seriously need to read the legal disclaimer: cracking an "unauthorized" network is a crime, and by helping you, I would be also under the long arm of th

e law. I suppose you would not appreciate your neighbors doing to same to you. If I were to crack your network and penetrate your computer, you'll probably be furious against me. Nevertheless, if you want to succeed, read the part that mention: "If you NEED an internet connection because you just moved, are in a new pla ce, can't afford the monthly overpriced FIOS or UberDuper connection, then you'l l need a SA-6p, SA-12PSA or SA-24PO" it's right here in this blog, under Troubleshooting' Good luck Reply ChristinaMarch 30, 2010 at 1:57 PM Oops, I'm sorry- too much information, I should have known. But thanks for t he tip. Reply Michael ScherMay 14, 2010 at 5:02 PM Hi. I have followed all of the instructions, but I can't seem to get KisMAC to scan in passive mode. I have a new MBP6,2 with Core i7 and AirPort Extreme (0 x14E4, 0x93) Firmware Version:Broadcom BCM43xx 1.0 (5.10.131.14.7). When I hit t he scan button, I am asked for my password, which I enter, but after that, nothi ng happens (ie - no scanning). Thoughts on this? Thanks. Reply MeMay 14, 2010 at 5:24 PM New MBP 6.2 ??? You need to send me that beast ASAP (for me to conduct some scientific test, research purpose only :-) a ) check that video , step by step http://www.youtube.com/watch?v=Pyiz2Mct6dk be sure to hit "scan" and to have the proper settings for your Airport = Pas sive mode Also , KisMAC 0.3??? First Install? Let me know .... Reply Michael ScherMay 14, 2010 at 9:39 PM Yep, doesn't work. Nothing. I hit Start Scan, and it responds (ie- the butto n IS pressed, but then nothing. No scanning, no info gathered,nothing.) I'm not a newbie, so I'd like to think I can troubleshoot, but not on this problem. I fe el it must be obvious, I'm just missing it. BTW, 0.3 was my first install. Reply MeMay 14, 2010 at 10:11 PM Check the Console.app for any weird message. If you have growl, you should see a message "KisMAC Scan Started" If you have correctly selected the capture device , Apple Airport Passive Mo de" and it's not working, then the last before calling god is iChat + Screen Con trol. Shoot me an email ...

Reply MeMay 14, 2010 at 10:12 PM email link is in http://www.google.com/recaptcha/mailhide/d?k=01UYrcOb9KW7S1kLXrqN6IKw==&c=Kc RwiSDknB1ieUnMh8dINA== Reply b_baslerMay 27, 2010 at 2:18 PM Hey just writing on the blog like you asked ;) Yes this is my first install with KisMac 0.3 there was no .plist in the prefences folder related to kismac an d I am correcting what i said to you before... There is no crashing I am able to scan except it is extremely slow almost to slow that the program is impossible to use and the thinking wheel is constantly spinning. Here is my information aga in... Snow Leopard - 10.6.3 KisMac - 0.3 Network Chipset - Card Type: AirPort Extreme (0x14E4, 0x8D) Firmware Version: Broadcom BCM43xx 1.0 (5.10.91.27) And here is what I pulled from the console...same errosr over and over again until I quit.. 10-05-27 7:45:10 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] 1_ERROR_DOMAIN Code=-3900 "The operation couldn\u2019t be completed. (APPLE80211_ERROR_DOMAIN e rror -3900.)" 10-05-27 7:45:12 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] Error Domain=AP PLE 10-05-27 7:45:12 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] 80211_ERROR_DOM AIN Code=-3900 "The operation couldn\u2019t be completed. (APPLE80211_ERROR_DOMA IN error -3900.)" 10-05-27 7:45:16 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] Error Domain=AP PLE8021 10-05-27 7:45:16 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] 1_ERROR_DOMAIN Code=-3900 "The operation couldn\u2019 10-05-27 7:45:16 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] t be completed. (APPLE80211_ERROR_DOMAIN error -3900.)" 10-05-27 7:45:16 AM KisMAC[1136] DEAUTH ALL 0 Reply MeMay 27, 2010 at 2:59 PM b_basler Seriously, have you looked for any info on this page? Try a Command + F or Google your error "80211 ERROR DOMAIN Code=-3900", that will return : http://easymactips.blogspot.com/2009/07/kismac-ultimate-stumbler-ressources. html Why do I see DEAUTH, are you trying to DE-authenticate? Are you in your kitchen or in a dense WIFI Area? Once you have thoroughly read the previous answers, If that does not work, I need full config, including Mac, memory, apps running, etc If you run kisMAC with no memory left on a G5, I can't guess it. Reply b_baslerMay 27, 2010 at 8:04 PM

Heh ya I did read that and I didn't choose channels 12 13 14 and what do you know it works :) I don't understand why having those selected would cause it to slow and freeze at times. No, im not in my kitchen im in my basement so not a d ense wifi area. Thanks for your support! Reply MeMay 27, 2010 at 8:37 PM Channels 12,13,14 are not used in the US. Only Japan uses 14 On those ranges, you are close to the range of Micro Waves Oven, Baby Monito rs or cordless phones, they can "pollute" your WIFI connection. When in dense WI FI area, the same can happen when too many are on the same channel. So I guess, I was not sure before if it was the cause, now it's getting clos er. Reply HanJune 14, 2010 at 12:17 AM Sorry, im just a newbie. 1. Using your tutorial how to crack WEP with injection device (in this case im using Asus WL-167G v2) RT73 chipset. I was curious, what for we doing reinjec t packet? When i was using reinject packet, theres something written on it "got a valid packet" injecting... and the right place theres a number or response. Th e question is, how long should i wait for the injection finish? you said that "KisMAC will now try to reinject packets to speed up the proce ss" but the question is, when i reinject packet, how come it speed up the proces s but the injecting never finish/done (question 1), OR it can FINISH? but in my case, i have waiting the reinject packets finish, but over 6 hours the reinject packet still there, not finish/done. 3. is reinject packet has affect with the unique IV? 4. just said that i have collected enough unique IV about 200.000, should i turned the scanning off for doing the next step (against both). 5. if i collected unique IV without injecting, still i doing crack WEP using RT73 and against both option? 6. What is different between 40bit with 104bit? 7. Which one cracking is the quick one? And why you said that quick? what re ason? 8. What for doing test injection if you already know that your tools can doi ng injection and the method you want to use is injection method 9. Sorry, im just curious. I already read the TSG (troubleshooting guide), F AQ etc but i cant find the answer OR i understand the meaning. sorry for my english. Im using MacBookPro 2009 earlier with SL 10.6.3, crack ing tools is Asus WL-167G V2. the methode i want to using is cracking WEP Reply MeJune 14, 2010 at 8:45 AM - The question is, how long should i wait for the injection finish? Until you reach a minimum of 130,000 IVs KisMAC will re-inject packets for as long as you keep re-injection active.

3. is reinject packet has affect with the unique IV? - Short answer: Yes. 4. >> yes 5. >> yes, it's called passive mode. 6. Length of the encryption. 104 is "more secure" 7. If the encryption is 104 and you try to crack it as 40: Good luck!!! 8. Test means "test". it's a "TEST", hence not mandatory 9. You can Google a little and read, it seems to me that you are very confus ed on what does what. i.e "cracking tools is Asus WL-167G V2" or even 40bits Vs 104. Your Asus is not a "cracking too" it's a Network Adapter" it only transmit data. Reply AnonymousJune 14, 2010 at 10:08 PM hello. You seem to be the man to talk to! i have a few questions for you.. hope you can help. i have a macbook 10.5.8 2.4 GHz intel Core 2 Duo 2GB 667 MHz DDR2 SDRAM loaded kismac 0.2.99- check preferences- Apple Airport extreme, passive-check scanning check correct channel picked -check dont have a external usb driver- so i'm doing it without injection. network signal is strong for particular WEP, data being received packets als o- the prob is no IVs-? it remains at zero.. now heres my question- can i crack network with just packets and (No) IVs !! ??? do they both have to be in the hundreds of thousands at the same time for th e crack to work like you wrote (read alot of your info..maybe i missed another b log)?.. also... getting the packets is tremendously slow and slow IVs on other n etworks.. been scanning for over a hr and only have 18,000 packets so far as a e xample of slow...IVs also still at zero...(is there a way to get the IVs going?) as it goes for most of the networks also.... on other networks that i see.the m ost IVs i got is less then a thousand as the highest out of all of them..and tha ts in one hr...if i need 150k to 200k as a average...then doing the math at this rate...150 hrs of collecting??? wow has to be a better way!! note- i noticed before the channel rapidly changing on the particular networ k..but now holding the same channel primarily at least for the last hour... any advice would be appreciated Reply MeJune 15, 2010 at 9:11 AM Your answer is here: http://easymactips.blogspot.com/2009/07/kismac-ultimate-stumbler-ressources. html Can't Collect IV's Can't Collect Packets Packets Collection is very slow Reply AnonymousJune 25, 2010 at 11:53 PM

I fear I am probably running into an ID: Ten-t error, but I have been readin g enough and not finding an answer so I am unsure that is all that it is. A friend of mine taking a class in Internet security and told me about kisma c, and I have learned much about how it works (and how often it doesn't) by play ing with it and reading the various faqs and tutorials. I have set up both a linksys and a 2wire routers, both with 40bit keys (and both on channel 11 so I can collect packets simutaniously). But I have been unab le to get the packet reinjection to bear fruits. I am using an awus036H USB adap ter, and I can successfully do a test injection (the first 5 or so gems turn gre en) and I can seemingly inject packets, but I have yet to get a respose from eit her router. I also have a question about authetication floods. The best description I ha ve seen describes it as a flood of authentication requests, in the hopes of gett ing a responce that reveals part of the encryption key. If that is the case does that mean that this is another way of collecting unique IVs? Thanks for putting together such an awesome collection of information. I pla n on working my way through most of the rest of your blog over ne next week as t hings like this fasinates me. Reply MeJune 26, 2010 at 12:03 PM No ID10T error so far, but, try put yourself in my shoes: If I were to ask you a question such as "My car does not work, what should I do?" What would be your first question back to me? Make? Model? Same here. Otherwise I can assume that you have Win95 and KisMAC Trunk 0.01 The Second thing is: try to ask your question in the Questions and Answers A rticle : http://easymactips.blogspot.com/2009/09/kismac-q.html Thanks Reply BrandonJuly 4, 2010 at 2:32 AM Dude props, this is the best unofficial user guide i have ever read. Q: up to how long would a weak scheduling attack take with 200,000 unique iv s, using the HWUG1A, os x 10.6.4? Reply MeJuly 4, 2010 at 9:32 AM Brandon: Answer & proof documented here: http://www.youtube.com/watch?v=qHHLI__xhY0 Reply AnonymousJuly 12, 2010 at 8:21 AM Private tutorial ? thanks Reply MeJuly 12, 2010 at 5:17 PM Private tutorial:

Contact me here for details: http://www.google.com/recaptcha/mailhide/d?k=01UYrcOb9KW7S1kLXrqN6IKw==&c=Kc RwiSDknB1ieUnMh8dINA== Reply huleiDecember 5, 2010 at 2:16 PM I try to find the proper place to post my response but I could not find it, therefore I need some help on how to work my adapter with KisMac. I recently bou ght a HWUG1 Hawking USB adapter with antenna from an ebayer, the problem is, whe n I try to work this thing with Kismac I select the RT73 preference for USB, but it gave me an error showing the following: KisMAC was able to load the driver backend for USB RT73 device, but it was u nable to create an interface. Make sure your capture device is properly plugged in. If you think everything is correct, you can try to restart your computer. Ma ybe your console.log and system.log show more details. How do I fix this? I am using Snow Leopard 10.6 OS X, in brief the >$2000 17 -Inch Macbook Pro. Dang this computer is supposed to be good but what the heck? The main goal I am trying to do is WEP cracking, I saw videos on youtube but they don't have the specific case in which I have. Anyone can help that would b e much appreciated. Thanks Reply MeDecember 6, 2010 at 10:48 AM Hulei, As indicated in this article, in regards to the Hawking: "(Hawking HWUG1 shown here, RT73 Chipset. DO NOT BUY THAT ONE" The solution to your issue is here: http://tinyurl.com/37x6bhv Reply MattDecember 27, 2010 at 4:57 AM Would there be a reason that I am not collecting any Injection Packets? It a lways stays at 0, so I can not reinject them to get more unique IV's. Any help would well..... help :-) Reply GrasshopperJanuary 5, 2011 at 8:58 PM has anyone tried to use Parallels or Vmware fusion running on OSX to try all of the Linux WIFI-crack tools. Is it doable o not? Reply fadiyFebruary 11, 2011 at 5:20 PM Hello, I have Macbook pro 2.4 GHz Interl Core 2 Duo with Snow leopard 10.6.6 I bought the HAWKING HWUN3 " white " for mac , at the begining I installed t he driver that comes with the HAWKING, then I saw your video and I removed the d river with the uninstall utility that comes in the CD. I download all versions of KisMac and none worked for me, your help is highl y appropriated . Reply

MeFebruary 11, 2011 at 5:31 PM Fadyi, You NEED to read a bit more. it's explained 10 times on this blog that you M UST NOT INSTALL THE DRIVERS. Un-install the Hawking drivers, and retry. Also, if you can return the hawking, do it now. it's a piece of junk. Read this article: http://kismaxx.blogspot.com/2008/11/kismac-best-compatibl e-wifi-card-re.html Reply fadiyFebruary 11, 2011 at 5:43 PM The problem I found out about your blog , after I did the installation . I m anaged to uninstall the drivers. It will cost me more to return the Hawking card, the funny thing is that thi s card was recommended on another site to be used with Macbook and Kismac. Reply MeFebruary 11, 2011 at 6:01 PM Fadiy, Which website? The white hawking is the same as the grey one. Chipset is the same, spec are the same. The only difference is the software, that you can not use(!) The Card that I recomend is cheaper than the Hawking and has 8 times more ju ice. If you can get a signal 3000ft away with the Hawking, I'll buy you a drink. it's explained in details here: http://kismaxx.blogspot.com/ If your drivers are properly un-installed, KisMAC should be running with no issues. Reply alMarch 29, 2011 at 10:13 AM Im using KISMAC 0.3.3 and TL-WN321G on RT73 device. Everything looks correct , but I CAN´T reinject packets because appears NO SSID or HIDDEN SSID. Reply MeMarch 29, 2011 at 10:18 AM question already answered Reply jVirusMay 22, 2011 at 1:56 AM What of Adapters that function also in the "n" networks? Reply AnonymousJune 10, 2011 at 12:36 PM Hi everybody, this blog it's great!! I'm just a beginner on KisMAC and I'm trying to crack my own network with WP A... but I've a question that I've no read in the Q&A: how long it takes for a d eauthentication attack? I mean how many hours, more or less. Because after 3/4 h ours the handshake dot is still red... Thanks for any help!

Reply AdminJune 10, 2011 at 5:19 PM between 5 sec and eternity. "Step 1: Capture the 4way Handshake Before doing anything, you need to capture the handshake between the AP (Acc ess Point) and the Client. The handshake is sent when a client connects to the A P. This process of "listening" to the AP-Client can take some time. In order to speed up this process you can use a Deauthentication Attack. The Deauthenticatio n is a bit like a Ddos and will simulate a "kick out"and force the AP to respond ." Reply AnonymousJune 10, 2011 at 6:45 PM ...got it! it seems that I'll have to be more patient ;) thank you so much Reply AdminJune 10, 2011 at 7:15 PM if you make a connection, the handshakes will be sent again. use airport .. Reply AnonymousJune 13, 2011 at 10:52 AM Hi everybody, I'm still the last "anonymous"... first of all, thankyou so much for your he lp! But now... 2 more questions! 1. Once I get the handshake and launched the wordlist attack, kM suddently c rash/stop after few seconds. Why did it happen? (worlist are .txt and with empty line at the end) 2. May be due to the fact that I've to stop scanning before launching wordli st attack? I think to have read something, but I don't find it anymore! kM 0.3.3- MB 2.2 Ghz - Mac OS X 10.6.3 - AWUS036H Any help will be appreciated!! Reply AdminJune 13, 2011 at 4:26 PM => A bug in KisMAC 0.3.3 prevents from using a wordlist on a WPA key recover y while on 64-bit Either, Select the 32-bit option on "Get Info" on the KisMAC.app (Finder >> Applications Folder >> KisMAC.app >> Get Info) Or use KisMAC 0.3.2, 0.3.1 , or even better: Aircrack-ng => http://easymactips.blogspot.com/2010/10/how-to-install-aircrack-on-mac.ht ml Yup, a lot of anynymous, you guys should use pseudos: that will make the com ments more readable :D Reply AnonymousJuly 7, 2011 at 9:26 AM Good morning, I bought the ALFA AWUS036NEH 150Mbps and when I plug it to my

MacBook Pro 10.6 Snow leopard, it does not recognize it. I install the driver ON LINE due to the fact that the box came with a mini DVD and MAC do not like these , as they get stuck in the DVD device, so I went to the ALFA site and download t he correct driver for 10.6 NOTHING!!! Still not recognizing the drive or the chipset when plugged in, I am trying to use Kismac and I always get error messages like: Could not instantiate Driver. KisMAC was able to load the driver backend for USB Prism2 device, but it was unable to create an interface. Make sure your capture device is properly plugge d in. If you think everything is correct, you can try to restart your computer. Maybe your console.log and system.log show more details.KisMAC was able to load the driver backend for USB Prism2 device, but it was unable to create an interfa ce. Make sure your capture device is properly plugged in. If you think everythin g is correct, you can try to restart your computer. Maybe your console.log and s ystem.log show more details. No injection driver. You have no primary injection driver chosen, please select one in the prefer ences dialog. Please help !!! Thanks... Reply AdminJuly 7, 2011 at 9:42 AM Dear anonymous, It's the morning here. I was having a nice cup of Joe when I read your post: I almost barfed the coffee on the screen! Presently my co-worker is banging his head on the desk. You have *OBVIOUSLY* failed to read ONE single line of this blog. You can't possibly have tried. If you need personal tailored assistance, for any reason, including because you do not want to be bothered and wish to be able to use KisMAC like a pro, We have the KisMAC School. It's the best help you can get. it's here: http://easymactips.blogspot.com/2009/11/kismac-school.html Reply AnonymousJuly 10, 2011 at 12:37 PM Admin, Kisma 0.3.3, Alfa awus036h, mac osx 10.6.8. Trying to reinject on my wep. 1) I am really just wondering, when i do a test injection it just hangs and waits, nothing populates in the boxes is this normal for a slow network? Also wh en I actually perform a re-injection on the wep network, it just creeps along. I s this truly just due to the lack of activity on the wep network? 2) Also I thought re-injection sped up this process regardless of traffic on the targeted wep network, or am I misunderstanding. 3) Finally, does re-injection only speed up when there is normal traffic and not when there is hardly any? Thanks for answering the questions, I have been reading the blog, and saw th at this takes time, I also checked everything on the AWUS usb and it is a legit model.

Thanks again, Vincent Reply AdminJuly 10, 2011 at 1:11 PM Vince, 1) "is this normal for a slow network?" No, Slow or not, the injection TEST should work. It tells you that everythin g is in order to work, and the (actual) speed of the network. 2) "Is this truly just due to the lack of activity on the wep network?" -Mostly. Try to open multiple youtube video to maximize the traffic on the n etwork. You should see the data flying up. Then Re-inject. 3) "only speed up when there is normal traffic and not when there is hardly any?" Re-injection is made to artificially increase the # of IV's. Once Re-injecti on has started, the amount of traffic will have very little impact. Reply AnonymousJuly 11, 2011 at 7:20 AM Admin, Thanks for the quick response. In reference to my first question any thoughts on why injection/reinjection wouldn't be responsive for the test? And i begin an authentication flood, not sure if this increases traffic, and next begin re-injection after i have some iv's and packets, when i am re-inject ing i do get 200 or so responses, it just seems minimal to other examples online , including yours, I have seen. Any other additional feedback is appreciated. Thanks again, Vincent Reply AdminJuly 11, 2011 at 8:49 AM Why use a DE-authentication? the network is not hidden, is it? As previously explained in the blog, de-hauthentication forces the AP to re send the authentication frames, hence de-cloaking. it may (possibly, sometimes, not sure, it depends) force an ARP , but that would depend on the router. http://easymactips.blogspot.com/search?q=deauthentication On the top of that, when using deauth, you leave the cover of stealth and be come visible. FYI, I could detect you, counter your attack, and locate you very precisely. " do get 200 or so responses, it just seems minimal to other examples online " the pop-up window says "received 200 responses, re-injecting" ? In that case, re-injection is working. Working very well as a matter of fact . You just need to let KisMAC re-inject enough IVs. Re-injection is NOT instanta neous. Reply

AnonymousJuly 11, 2011 at 12:40 PM Admin, Thanks again for the feedback. It was my misunderstanding of the flood as a de-authentication technique. I understand your statement now. Also for the reinjection I was just puzzled why the test woulf fail, then wh en I would try the normal reinjection I come back with responses. I have roughly gained 40k ivs over 3+ hours of listening and reinjection. Finally I guess my questions stem from whether this timeframe is normal when trying to snap a wep with little traffic in your experience. Again, truly do appreciate the feedback and help with learning this tool, so rry any perceived ignorance I display. Thanks again, Vince Reply AdminJuly 11, 2011 at 1:07 PM "I was just puzzled why the test woulf fail," That, I need to see in details. i.e Quicktime. + Console log. "..timeframe is normal when trying to snap a wep with little traffic in your experience" Yes, but as it is your network, I clearly stated to open multiple YT to boos t the traffic. The more traffic, the better. "Again, truly do appreciate the feedback" No problems, everyone has to learn one day. It's just when people show a strong belief of entitlement coupled with ruden ess and the spelling capabilities of a lolcat, then, I must admit that the answe r is not that... nice. have a good one. Reply AnonymousJuly 11, 2011 at 8:41 PM Admin, One last quick question, what is your preferred loadout, which version of Ki smac do you utilize or is it a combo of aircrack and kismac? Thanks again, Vince Reply AdminJuly 12, 2011 at 10:47 AM KisMAC 0.3.3 in 32 bit mode + Aircrack-ng 1.1 Reply AnonymousJuly 13, 2011 at 8:58 AM

can't install kismac please help Reply AdminJuly 13, 2011 at 1:53 PM Sure... Are you trying to install kismac on a fridge? Reply AnonymousJuly 16, 2011 at 7:22 AM no its a brand new HP pc with 7 home premium. .dmg is doing nothing? ihave tried 10 time fucking fedup Reply AdminJuly 18, 2011 at 8:00 AM Ah, Windows 7, ok... Do You have an error when you try to install? Something like Err Id 10 T Probably the DMG on Win7. Try with KisMAC.exe Reply AnonymousAugust 26, 2011 at 11:33 AM Hi, i tried, and i recover 140.000 uniques, but i try and fail, i forget "ke ep everything" now im trying again, i have a mac, SL, with only airport express so no reinjects avaliable. some tip? Reply AnonymousSeptember 22, 2011 at 7:43 AM Hey there, Should I stop scanning the available networks while running a weak schedulin g attack (both), or just let it continue to run? It's taking forever; OS Snow Leopard, Airport Extreme Passive mode, with ove r 2,000,000 packets collected. I've had weak scheduling going for over 24 hours and no luck. Would turning off the scan help at all or am I destined to wait for ever? Thanks in advance for any advice! -J Reply AdminSeptember 22, 2011 at 10:53 AM -J nothing personal, but: read step 4 again, and the first paragraph again. "Before you post a question, PLEASE be sure to Read the 3 following post: KisMAC + KisMAC troubleshooting + KisMAC Q & A Once you are sure that the answer to your question can not be found, Please, Post your question in the Q&A Article: CLICK HERE. ALL QUESTIONS WITHOUT KisMAC Version and OS Full Version will be ignored. Pl ease Include Model and FCC number of the Network Adapter (the USB thingy) if app licable. And YES the FCC number is on it! and NO, it's not the MAC address. " Reply rhSeptember 28, 2011 at 6:44 PM mbp osx 10.7 2.3ghz quad core i7 kismac 0.3.3 alfa awus036h fcc id : UQ2AWUS

036H i feel as though my mbp is not running wordlists (for wpa crack) as fast as it could be, according to activity monitor, I'm using 13-15%. and thats with saf ari and pages and several other things running too. also, kismac says its runnin g 0.02/sec as far as words go, yet the counter is jumping in 500 word intervals every ~2 seconds. can i get it to go faster and how? would having more packets h elp? i have the hand shake. the last time i did a weak scheduling attack on a we p network i was using ~80 % cpu if memory serves. thanks Reply AdminSeptember 28, 2011 at 8:15 PM Rh, first, Thanks for posting your specs. "kismac says its running 0.02/sec as far as words go" yup, it's a bug... "I'm using 13-15%." weird, I would try a "open in 32-bit" as stated in troubleshooting "would having more packets help?" Packets are worth NOTHING for WPA (as stated in troubleshooting....) "can i get it to go faster and how?" How fast do you want it to go? 10% or 5,000,000% faster? Because I can run 100,000,000 passwords in 40 seconds, and it's explained in the blog.... Reply MBPmanOctober 30, 2011 at 1:42 AM Hello, I'm trying to crack a WPA2 network with my built-in Airport Extreme Broadcom BCM43xx chipset in my MBP. Is it possible to capture 4-way handshakes with this chipset using Kismac? O r do I need a card that supports injection? Please help me! Reply AdminOctober 30, 2011 at 5:48 AM Dear, Your question has Nothing personal, ertheless, Thanks for Reply MBPmanOctober 30,

been answered multiple times. but your post will be removed for the sake of clarity. Nev reminding me to do some dusting. 2011 at 12:28 PM

Hi, I understand your frustration answering the same questions over and over. Ho wever, I have searched and searched for an answer that to this question and ther e is none. Lot's of info about injection and deauthenticating, more about purchasing ch ipsets off amazon and ebay. Nothing about HOW TO capture a handshake without dea

uthentication. Reply AdminOctober 30, 2011 at 2:05 PM What's passive mode then? Reply MBPmanOctober 30, 2011 at 2:18 PM From what I can see passive mode is for collecting packets and unique IV's f or WEP cracking. Can't see anything that says it collects handshakes for WPA enc ryption. Are you suggesting that by scanning in passive mode, it will collect handsha kes? Reply AdminOctober 30, 2011 at 2:36 PM the process is the same: rfmon without a "Chipset" You'll just need the patience of Buddhist monk Quoted "How to crack WEP / WPA with Airport Extreme, Passive mode WITHOUT Injection Device (Airport, Airport Extreme Alone)" Reply MBPmanOctober 30, 2011 at 4:20 PM Ok, enough said. I've ordered an Alfa AWUS036H and in the meantime I will te st my patience. Thank you! Reply AdminOctober 30, 2011 at 5:27 PM Joking aside, your comments are showing that you do not grasp completely the concept behind the handshakes, what is a deauth or a flood. Capturing it is the easy part. Then comes the Encryption .... I would highly suggest that you read about the handshakes, deauth and flood before attempting to crack the encryption. I will delete your posts and mine as they are redundant. good luck Reply J the Best!November 23, 2011 at 6:30 PM ---- Step 5 If the Column ENC is “NO”, the network is OPEN: No need of cracking anything --I attempted to join an open network by selecting "Join Network" under the Ne twork tab. Why isn't this working ? Reply J the Best!November 23, 2011 at 6:44 PM Also, all of the networks my airport picks up (without using Kismac) say a W PA password is required... the option of joining an open network from the airpor t alone is not an option. Reply MichelNovember 25, 2011 at 9:22 PM Hi all, I have two questions regarding the WEP cracking. It is taking a long time to collect IV's. If I quote this tutorial :

"500,000 packets for weak scheduling attack on a 40/64-bit WEP" Is this mean that I don't need a lot of IV's and I just stay focus on the number of normal p acket ? 500K to 2000K ? From my calculation, it will take 2 days to have 1000K packets and 20 to hav e the150K IV's that is why I wanted to know if with just the packets it will wor k My other question is that the WEP network is changing the channel every 4 da ys (goes Channel 6 to Channel 11 and go back to Channel 6 ...) Do I have to star t over each time the channel is changing ? Thank you everyone and have a good day Reply AdminNovember 26, 2011 at 6:32 AM "500,000 packets for weak scheduling attack" Well, we have to change that. it's too confusing for people. Only IV's are needed. The number of Iv's you can collect depends on the traffic and if you are reinjecting or not. 2 days seems an awful lot to me. A weak scheduling is basically a statistical attack. the more Iv's the great er the chance. "Do I have to start over each time the channel is changing ?" No. Reply RAADecember 30, 2011 at 9:17 AM Hi! I have EXACTELY the same issue of a guy here in the blog : "Im using KIS MAC 0.3.3 and TL-WN321G on RT73 device. Everything looks correct, but I CAN´T rein ject packets because appears NO SSID or HIDDEN SSID. " but you said that the que stion was already answered. Could you please tell me what were the question? Tha nk you for your time.. Reply AdminDecember 30, 2011 at 9:38 AM Are you on Windows? -2 questions left. Reply RAADecember 31, 2011 at 7:35 AM I'm on 10.7.2 Lion 64 bit. I have a WN321G v. 2 device. Do you need other ad ditional information? Reply AdminJanuary 2, 2012 at 8:28 AM It's in troubleshooting Reply guidomixJanuary 14, 2012 at 2:25 PM sorry man.....one question....i'm trying to crack MY wpa with an external us b wireless card that have the chip rtl8187L with my mac....i go to preferences-d rivers...i added my usb wifi card and i check all the boxes that you explain in your video....then i go to the main page of kismac....i click on start scan but nothing appear! no one wifi lan! Where is the error? how can i solve this issue? ?? My card is not right to do this? have i to install particular drivers before start trying to crack???have to install some drivers??? Reply

Vinícius K-MaxAugust 3, 2012 at 7:09 PM fucking love this blog! keep up the good work, Admin! Reply AdminAugust 3, 2012 at 9:20 PM Thank you fucking buckets! :) Reply HKairpostSeptember 5, 2012 at 10:30 AM I don't get it I have like 700,000 unique IVs gathered at once on a WEP sign al, but when I do “Weak Scheduling Attack” >>> “Against Both” after less than a minute k ismac tells me that cracking was unsuccessful. I already had this message on other signal but it was with fewer IVs and aft er a long time of calculation. Can someone help? Reply AdminSeptember 5, 2012 at 11:07 AM ALL QUESTIONS WITHOUT KisMAC Version and OS Full Version will be ignored. Pl ease Include Model and FCC number of the Network Adapter (the USB thingy) if app licable. And YES the FCC number is on it! and NO, it's not the MAC address. Reply HKairpostSeptember 5, 2012 at 8:39 PM Oops sorry here are the missing info from my previous question: OS: 10.7.4 FCC ID: UQ2AWUS036H Kismac: 0.3.3 Reply AdminSeptember 6, 2012 at 7:12 AM HK, There is always the possibility that your dump is corrupted. Second, I am extremely sad to say so, but KisMAC is getting old. I would encourage people to use KisMAC for the GUI, GPS, etc, but the crack itself should be conducted with Aircrack-ng (for WEP) see the post on this blog. If you still can't figure it out, send me the dumpfile, I'll take a look at it. Dropbox is preferred. Reply LiquidMarch 4, 2013 at 1:41 PM I have a rosewill n600ube can i inject with this? I dont have the mac disc e ither. How can i make aircrack work? Emaol me at [email protected] please. Reply Replies AdminMarch 4, 2013 at 1:54 PM Seriously? Reply MikeMarch 5, 2014 at 6:08 PM Hi, whenever I get a sufficient amount of packets and IVs that would allow me to crack a WEP network, I click on Weak Scheduling Attack against both and nothing happens. Nothing loads, just nothing. It just keeps scanning as if I had not cl icked on anything. What might be the problem?

OS: 10.9.2 KisMAC: 0.3.4 Reply Replies AdminMarch 5, 2014 at 7:24 PM Mike, that's a though one as I don't know what you have captured. Logic would be that even if the .kismac file was corrupted, you should load something. I would take a wild guess and blame 10.9 with KisMAC altogether Zip and Upload your file on Dropbox and send me the link . It will NOT b e published. I'll take a look at it. Reply NonasolMay 6, 2014 at 9:23 PM I'm now running KisMAC version 0.3.3, with OSX Mavericks 10.9.2. When I open ed up KisMACS the second time (first time worked perfectly), nothing comes up wh en I hit the "Start Scan" button. I've already deleted "org.kismac-ng.kismac.pli st" from my preferences folder, which the KisMAC FAQ stated was the problem. How ever, it's still not working. What did I do wrong? Reply Replies AdminMay 6, 2014 at 10:10 PM use kismac 0.3.4 NonasolMay 7, 2014 at 12:08 AM Thanks, that did help. However, now I'm having some more problems: 1. I can't seem to get KisMAC to export its files with a .pcap extension , only with a .kismac extension. I've already checked the driver preferences for the "save everything" option. 2. Scanning constantly brings up repetitive copies of the same network. (eg. linksys appearing multiple times on the list) Is this normal? AdminMay 7, 2014 at 8:09 AM 1) Have you tried to simply rename the file and change the extension? 1a) There is a search box on the top left. Try "PCAP". Then you can use command-F to find "PCAP" within the page(s). 2) is it the same same same network? i.e identical "SSID" and "BSSID". I see a lot of Toyota on the road, but they don't have all the same license plate . ;-) Reply NonasolMay 7, 2014 at 3:28 PM 1) Yes, renaming my saved .kismac file and using it in aircrack doesn't work , since it states that it is in an unsupported file format. 1a) Do you mean the search box on the top left of KisMAC? If so, nothing sho ws up when I type PCAP. (Or when I search in Finder). 1b) When looking in my folders, I found that my dumplogs were somehow saved in my user folder. *facepalm* Do I change the save location in the preferences -> driver ---> "save dump at"? What's the difference between the contents of a . kismac and a dumplog file? 2) Same network name, different BSSID. My home network (whose name is unique ) is repeated, along with some other neighboring networks (which show up in the regular wifi settings) and new ones that only appear in KisMAC. Also, extra copi es of the network have far less packets than the first ones to show up.

Thanks for helping! Reply Replies AdminMay 7, 2014 at 5:11 PM 1) I am going to need proof of that, since that's what I have been doing that since 2007. 1a) nope, I mean search the blog. My apologies for the lack of clarifica tion. 1b) "*facepalm*" Welcome to the club. :) the ~ (tilde) indicates home fo lder, it's a convention. You better read about Unix and terminal, or you'll have some surprises. Have you tried to drag a file into the Terminal window? No? try it. 1b #2) close to none. the extension is different, that's pretty much it. you can open the file the file with Wireshark and dig into it. 1b #3) Search PCAP in blog. 2) mmmm... I would need a copy of that file. Are you on passive mode? So me routers have "protection" and will skip channels if they receive Dehauth fram es or injection, and that could be a (far fetched) possibility. It could also be a bug. NonasolMay 12, 2014 at 9:52 PM Sorry for not replying sooner. 1) Not sure how I should prove it, but here's the terminal output: User1:~ user1$ aircrack-ng /Users/User1/Downloads/KisMAC/dumplog.pcap Opening /Users/User1/Downloads/KisMAC/dumplog.pcap Unsupported file format (not a pcap or IVs file). Read 0 packets. No networks found, exiting. Quitting aircrack-ng... Note: The dumplog.pcap was the file I renamed. 2) Here's a screenshot for KisMAC, if it helps: http://tinypic.com/r/2qimcnm/8 Yes, I was on passive mode. I don't have an injection device, only Airpo rt Extreme. AdminMay 13, 2014 at 7:10 PM As per your DumpLog provided: You are not using a packet dump, but you are renaming a .kismac file. Th at's why it's going haywire. just use the DumpLog file