The WPA Migration Mode patches for the Aircrack-ng suite (aircrack-ng.org) are a set of patches that do the following to the standard Aircrack-ng suite:
- Adds an attack mode (-W or --migmode) to aireplay-ng (for details see the publications detailed below) that targets access points configured in WPA Migration Mode.
- Adds an option (-Q) to aireplay-ng fake authentication attack mode (-1 option), that sends reassociation requests instead of performing a complete authentication and association after each delay period.
- Changes aircrack-ng so that when an attack mode is forced (-a option), frames encrypted with a different encryption scheme than that specified are disregarded for the cryptanalysis phase.
- Adds logic to aircrack-ng to determine if a WEP-encapsulated frame is a WLCCP packet based on its characteristic size.
- Integrated into aircrack-ng the ability to use for cryptanalytic purposes WLCCP WEP-encapsulated frames as part of the PTW cryptanalytic attack.
The patches are based on Aircrack-ng 1.1 version. To apply the patches run the following command inside aircrack-ng’s src directory:
patch –p0 < /path/to/aircrack-ng/patch/file
The WPA Migration Mode patches for the Kismet (kismetwireless.net) are a set of patches that adds the following to the standard Kismet tool:
- Adds the ability to distinguish access points configured in WPA Migration Mode (by analyzing the encryption schemes supported by the access point in Beacon frames), detailing this fact in the access point’s encryption settings and saved in dump files. Furthermore, access points configured in WPA Migration Mode are marked in red as WEP access points as the level of security offered is the same.
The patches are based on Kismet-2010-07-R1 version. To apply the patches run the following command inside Kismet’s directory:
patch –p0 < /path/to/kismet/patch/file
Release date 07-28-2010
Researcher Diego Sor