Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:
  • Monitoring: Packet capture and export of data to text files for further processing by third party tools.
  • Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
  • Testing: Checking WiFi cards and driver capabilities (capture and injection).
  • Cracking: WEP and WPA PSK (WPA 1 and 2).
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.

Aircrack-ng 1.4

It focuses a lot on code quality and adds a few visible features:

  • PMKID cracking
  • Crack 802.11w capture files
  • Speed and memory usage improvement when loading (large) files with Aircrack-ng and Airdecap-ng
  • Packages for Linux distributions and Windows
  • Fix building on various platforms
  • Improved and tweaked our CI/CD processes
  • Using new CI/CD tools for our buildbots and packaging, PyDeployer
  • Almost doubled the amount of tests

PMKID

On routers with 802.11i/p/r, the AP can cache an “ID” for the connection so roaming clients don’t have to waste frames reauthenticating and just use the PMKID, which helps decrease a bit the latency (from 6 frames to only 2).

Calculation is of the PMKID is done this way:

PMKID = HMAC-SHA1-128(PMK, "PMK Name" | BSSID | STA MAC)

A big advantage here is that this PMKID is present in the first EAPoL frame of the 4-way handshake.

A few caveats about this attack:

  • Sometimes APs send empty PMKID
  • It doesn’t work on WPA/WPA2 Enterprise networks

When loading a PCAP, Aircrack-ng will detect if it contains a PMKID. In the following screenshot, it is present for the network ogogo, notice the “with PMKID” on the same line:

When selecting the network, it will use it as if it were a regular PCAP with a handshake (and thus the wordlist requirement applies).

If you’d like to test, two capture files with PMKID are available this test files:

More details about the attack itself can be found in this post.

More info: https://aircrack-ng.blogspot.com/2018/09/aircrack-ng-14.html

Install

git clone https://github.com/aircrack-ng/aircrack-ng
cd aircrack-ng
./autogen.sh
make
make install
cd src/
aircrack-ng