Tutorial: How to Crack WEP on a Mac


cc photo by sara b.

UPDATE (01/26/09 @ 8:03 pm):
For Windows instructions, see this comment.

On an earlier post, I mentioned I recently cracked a WEP protected network. There are many tutorials on this topic. Here’s a method that worked for me which doesn’t require you to use the command line.

For this tutorial, I’ll be using a MacBook. It’s a MB062LL/A running Mac OS X 10.5.5 to be exact, but this method should work with any x86 Mac running Leopard with an AirPort card.

Overview

  1. Find Available Wireless Networks
  2. Get Gear
  3. Boot Backtrack
  4. Use kismet
  5. Use SpoonWep

Find Available Wireless Networks

To find available wireless networks…

  1. Click the AirPort Icon
  2. Click each network that has a lock icon next to it
  3. Make note of the networks that require a WEP password

If you don’t see any WEP networks, try moving your computer to a different location for more networks to scan until you find one.

Get Gear

You will need the following…

You can download BackTrack here. I downloaded the CD Image named “bt3-final.iso” and burned it to a CD.

To Burn the BackTrack 3 ISO File…

  1. In Finder, right-click the downloaded “bt3-final.iso” file
  2. Choose “Open With”
  3. Click “Disk Utility”
  4. In Disk Utility, click “bt3-final.iso”
  5. Click the “Burn” icon
  6. Insert a blank CD and wait for it to be recognized
  7. Click “Burn”

You should now have a BackTrack 3 live CD.

The MacBook’s Airport Card that I’m using can’t be used with BackTrack to crack WEP. Instead, I used a USB WiFi adapter. You can find a list of compatible ones here.

I chose the Hawking HWUG1.

Boot BackTrack

  1. Insert BackTrack 3 Live CD
  2. Restart Mac
  3. When you hear the chime, hold down the “c” key until BackTrack starts to automatically boot. It’ll play a sound when it’s done loading.
  4. Connect the USB WiFi Adapter

Use kismet

  1. Click the blue KDE icon on the bottom-left of the screen
  2. Choose “Backtrack” then “Radio Network Analysis” then “80211” then “All” then click “Kismet”
  3. Select network device (“rausb0″ for the Hawking HWUG1) and click “OK”.
  4. After kismet lists available networks, press the “s” key then the “w” key to group the WEP networks together. You should see the WEP networks you noted earlier.
  5. Navigate to the WEP network you want to crack first and press “enter”. You should now see the network’s details.

Use SpoonWEP

  1. Click the KDE icon again then choose “Backtrack” then “Radio Network Analysis” then “80211” then “All” then click “SPoonWep”
  2. You should now have both the kismet and SpoonWep windows showing
  3. In SpoonWep, enter the “Victim Mac” by typing the “BSSID” address you see from the kismet window
  4. Click “CHOOSE A CARD”
  5. Click your card (“RAUSB0″ for the Hawking HWUG1)
  6. Check the “Ath” box
  7. Match the “Channel” with the one from the kismet window
  8. Set the “Inj Rate” to “1000”
  9. Click “LAUNCH”
  10. “Currently” should say “Nothing” then “ASSOCIATING” then “ATTACKING then “GATHERING ARP”. After “Captured” reaches “20000 IV S” it should say “Cracking WEP”
  11. Make note of the resulting WEP Key for that particular network
  12. In kismet, press the “q” key to get back to the network list. Repeat the steps for as many WEP protected networks you want.
  13. Disconnect the USB WiFi Adapter
  14. Restart the comptuer

Congratulations, now you can enter the WEP key (without the colons) as the password for the wireless networks.

Some WEP protected networks take less than 5 minutes to crack. If the first WEP network you try takes too long, try moving on to another one.

Please comment if this method worked for you, or if you know an easier way. At a later date, I’ll try to put up a video tutorial.

~~~~

- More of my tutorials (feed)
Alpha Nerd (feed)

About these ads
This entry was posted in jorel314 and tagged , , , , , , , , , , , , . Bookmark the permalink.

72 Responses to Tutorial: How to Crack WEP on a Mac

  1. Pingback: House Call: WEP Cracking « jorel314

  2. sara b. says:

    thank you for choosing my picture! And thank you for citing my name!

    sara

  3. andy says:

    does laptop works out? i need a laptop hacking programme..! pls inform me

  4. jorel314 says:

    @andy

    I’m not sure I understand your question. Could you please rephrase?

  5. Rick says:

    none of the compatible wireless adapters in the list say theyre compatible with MAC..

    how can i know if they will work or not?

  6. jorel314 says:

    Using the BackTrack LiveCD, you are bypassing Mac OS X, so the wireless adapter you choose needs only to be compatible with Linux which the LiveCD is based on. Hope that helps.

  7. vinod says:

    Any tutorail on windows xp

  8. jorel314 says:

    @vinod

    To find available wireless networks on Windows, you can click the wireless network icon on the bottom right of the screen. It should bring up a list of wireless networks in range, so you can see which ones are WEP protected.

    After you download the BackTrack ISO file, you can burn it to a CD using InfraRecorder. You can find instructions for burning an ISO with InfraRecorder here…

    https://help.ubuntu.com/community/BurningIsoHowto

    Booting from a CD differs on different Windows computers. Some will boot up the CD automatically. Others, you have to change a setting in the BIOS to boot from a CD. Check your computers manual on how to enter the BIOS settings.

    After you get the BackTrack live CD to boot, the instructions are exactly the same as the rest of the tutorial.

  9. MattDC says:

    Was wondering if you knew what might be causing my wsdunp window not to initialize. I’m running the same hardware as you, and I can’t find anything about that specific problem. Thanks.

  10. jorel314 says:

    @MattDC

    Are you booting up the live CD with the USB adapter already plugged in? I remember it would only work if I let BackTrack boot up all the way, and then plug the USB adapter in afterwards.

    I also tried using the .iso within virtualbox, so I wouldn’t need a physical CD, but that wasn’t working for me either.

    Other than that, I’m not too sure what the problem might be.

  11. shroom911 says:

    please help …
    in trying to load the bt3 iso from restart .
    i’ve copyed the iso to dvd ,left it in the computer, restarted , held down the ‘c’ key after the chime an all it dose is nothing ,,,,,? i really dont under stand why its not starting up the bt3 iso …

  12. jorel314 says:

    @shroom911

    My guess would be…

    1) You burnt the .iso as a data disc instead of creating an exact copy of the bootable disc.

    or

    2) The Mac you are using is a PowerPC instead of an Intel.

    or

    3) There are errors on the disc. Try burning it at a lower speed.

  13. shroom911 says:

    you were right i burned a data copy ..
    but now i have a new problem . after bt3 loads it asks me to login with a password … it say up top to use ( root ) then for the password use some other word that i cant remember .. but they dont work ?? am i doing some thing wrong ?
    thx for ur help

  14. jorel314 says:

    @shroom911

    When I load the BackTrack CD, it doesn’t ask for a password.

    It sounds like it’s loading into a command line instead of the KDE desktop.

    In the screen where you can select the mode it boots into, try selecting “BT3 Graphics mode (VESA KDE)” instead of the default.

  15. Nyia says:

    hello i was wondering if anyone knows how to hack wi-fi on an ipod touch if anyone finds out my email is nyia_kiuan@yahoo.com thank your help is greatly appreciated

  16. Dan says:

    @shroom911: login name is root, pw is toor. After type startx to get into the shell.

    @jorel314: followed your instructions but cannot get spoonwep to work – it just says “Gathering ARP” forever. everything works fine in terminal though.

  17. Dan says:

    Actually, I just now got it working if you issue the following after you obtain the bssid & channel from airodump-ng:

    ifconfig rausb0 down
    modprobe -r rt73
    modprobe rt73

    Hope this helps!

  18. andrew says:

    Thanks for the tips.

    I can’t get kismet to launch.

    I get the following error:
    Please configure at least one packet source. Kismet will not function if no packet sources are defined in kismet.conf or on the command line.

    I am not advanced enough to figure out which commands to use to get it launched. Any advice and do you know why you didn’t run into this problem?

  19. Dan says:

    @Andrew – not 100% sure. Kismet automatically recognized my usb adapter (RT73). If you run “ifconfig” from a terminal window do you see your wireless adapter listed?

  20. bala says:

    how i will creck wep key pls help me iam useing windows xp

  21. Johan says:

    Does not work, can not boot gives error

  22. jorel314 says:

    @Nyia
    I don’t think it’s currently possible to receive packets from a secured network to crack WEP on an iPod touch.

    @Dan
    Thanks for your helpful comments.

    @Andrew
    If you are using a USB adapter, make sure you plug it in after BackTrack fully starts. Kismet won’t see the USB adapter if your USB adapter is already plugged in when you boot from the CD.

    @bala
    See this comment for Windows instructions…

    http://jorel314.wordpress.com/2008/12/13/tutorial-how-to-crack-wep-on-a-mac/#comment-325

    @Johan
    I’m thinking you burnt the .iso file as a data file which wouldn’t create a bootable disc. Try using ISO Recorder to burn the .iso correctly.

    http://isorecorder.alexfeinman.com/isorecorder.htm

  23. rubuncrack says:

    hi
    everthing seems to work right up to the point where in spoonwep, i press launch is ays nothing, then attacking then gathering arp but never seems to get past this point. does it normally take a long time to get to the next command which is captured?

  24. jorel314 says:

    @rubuncrack

    It usually goes rather quickly. When it doesn’t seem to go, it’s usually because I’m too far from the access point I’m trying to crack. Try cracking your own router first to make sure your setup is functioning correctly.

  25. rubuncrack says:

    hi jorel
    this doesnt seem to be working either. it still gets stuck at the gathering arp point. is there another program like spoonwep i could use? on bt3 there are numerous “cracking” programs like airsnort etc… also, i have a new macbook pro but when the cd boots, it run goes through a lot of code on screen then says there was an error. it says im using an invalid boot device eg ssci (or something like that) i have had the same cd working on my pc laptop. is it a certain version of bt3 for mac? u=you said that you had it running on yours. i downloaded from the link you supplied at the top of this thread.

  26. jorel314 says:

    @rubuncrack

    It works fine on my macbook. I just used it the other day.

    I don’t know of any other tools that are as easy to use as spoonwep.

    Here are some tutorials that may help you out though…

    http://www.aircrack-ng.org/doku.php?id=tutorial

  27. Johan says:

    Still not working getting this error: Fatal Error BT3 data not found, this should never happen press ctrl+alt+delete to reboot,
    I burned the backtrack.iso as described, have intel mac??

  28. rubucrack says:

    im getting the same message as johan. fatal error etc… did you burn the iso onto a dvd? keeps telling me im using a wrong boot device on my mac.

  29. jorel314 says:

    I’ve burned the iso to a cd-r and also a dvd-r. They both work.

    Try reading this thread…

    http://forums.remote-exploit.org/showthread.php?t=18570&highlight=Fatal+Error

    Looks like others are having similar problems. They say running the vmware version works fine in fusion. You can get fusion here…

    http://thepiratebay.org/torrent/4398730/VMWare_Fusion_2.0_Final

  30. rubuncrack says:

    @ johan,
    i managed to get bt3 booted on my mac book pro osx. first burn the image to a disk, the get a usb flash drive, download the bt3 usb file, install on flash drive. boot mac from cd, with usb stick in the usb port. when it get to the “fatal error” part it should boot from usb drive. my problem now is that my new macbook pro has its two usb ports right next to each other, not allowing two wide usb devices to be plugged in at the same time, and you need to have both usb stick and usb wireless stick in at the same time!!! bloody problems driving me mad!! maybe a usb multi port is the solution…… let me know if you have any luck.

    @jorel
    on your mac are you using a usb wireless stick or did you manage to get the built in card from your mac to work in bt3?

  31. jorel314 says:

    @rubuncrack

    I’m using a Hawking HWUG1 wirless usb adapter.

  32. aldoala says:

    I have a big problem with backtrack. I was able to get into it and login but I have absolutly no access to the internet. I am using linksy router with wpa encryption. Please tell me if i need to change it to wep. I do not know how to access the internet and its been very frustrating. I am using an atheros AR5007 card in my vaio laptop. Please HeLP

  33. aldoala says:

    Sorry forgot to add that when I type ifconfig in the konsole it says i have local loopback with address of 127.0.0.1 and mask 255.0.0.0. UP LOOPBACK RUNNING MTU: 16436

  34. zomfghaxx says:

    hey guys, first time poster, im a nub. Though i could help tho with the problem of how it keeps sayin “gathering arp”. have u tried pressing the deauth button? I think it can deauthenticate and issue a new arp request, resulting in a return arp (the packet you need). give it a shot.

  35. Madmax says:

    Hi guys,
    same for me, can’t pass the “gathering arp” step, tried several things to get through, no way, if anyone finds something satisfying…

    cya

  36. Pingback: Am I doing it right? « jorel314

  37. gabol says:

    how long is too long? when should i move on to the next network(so to speak)?

  38. jorel314 says:

    @gabol

    I usually move on to the next network if it takes longer than 20 minutes.

  39. Pingback: Weekly Digest for August 22nd | The WebZappr

  40. Eric says:

    The fact that it freezes on GATHERING ARP is very annoying. I have tried all the steps suggested here in the comments, but no luck. I am running Backtrack3. I’ve heard that there is a Backtrack4 out. Have there been any relevant changes in that one ?

  41. Michaele334 says:

    Here is the new version from backtrack, it is backtrack 4 pre, i found a very god install howto.
    look here:

    http://backtrack.1rss.de

    i hope you can read this one, the have screenshots and a pdf file, so you can download this one.
    the works perfekt for me.
    i hope you like it.

    Ciao

  42. jorel314 says:

    I’ve heard of another automated WEP cracking tool. It’s called WEPBuster. I haven’t tried it myself though.

    http://code.google.com/p/wepbuster/

  43. Krestic says:

    Hi. What if start few windows of spoonWep? Let say 2. Will it find the key double slower? Or it will work just fine with many windows running at the same time?

  44. Krestic says:

    Or where can I see how much is processor loaded?

  45. jorel314 says:

    @Krestic

    You’ll need more than one compatible wifi device to be able to run multiple sessions of spoonwep at the same time I believe.

  46. OSX.4 says:

    do you know how to do it with OSX.4 or any version earlier than leopard

  47. jorel314 says:

    @OSX.4

    You should be able to boot from the BackTrack LiveCD from any intel based Mac.

  48. tiro04 says:

    Hi guys, I have a problem. I followed all the instructions concerning the CD burning and downladed the right file (i think so at least…) (bt3-final.iso). I burned it according your instruction.

    Then restart my computer, press c, get a first screen, then a lot of lines going on and then i get a message like “Fatal error occured – BT3 data not found” they tell me I might be using a old pcmcia tool or something..

    I’m really not a crack in computers so I don’t understand what could be wrong.. Any help would be great :)!

    As for my computer, I have a MacBook (1st aluminium generation, from October 2008) – Mac OS X 10.5.8 (9L31a)

    I have Bootcamp installed and Windows Vista as well, I had to install it for school, so it might be because of that? or not?

    Thank you very much for your time and help!

  49. jorel314 says:

    @tiro04

    I haven’t seen an error like that before. Maybe, try redownloading and burning the iso again. Or test it on another computer to see if it’s the disc or your computer causing the error.

  50. joe smith says:

    Please can you help me.
    I have used Backtrak3 and cracked the wep kep at 100% but when the i put in the key without colons it connects but with limited access. I have changed my mac address to one that is on the list but still the same “connected with limited access” I cannot access the router to configure it. But i thought that as long as i have the allowed mac address on the router and the 100% correct wep key i should be fine. Please tell m what else i can do. I have tried to crack other wep enabled connections and so far have 40% sucess. ie. cracked 2 so far

  51. jorel314 says:

    @joe smith

    Maybe whomever’s router you are connected to didn’t pay their internet bill.

  52. R J says:

    Let’s say your notebook is registered on one network – a university student network, for instance – and there’s another network that belongs to staff that is infinitely faster and doesn’t block certain webpages.

    Is there any risk of the IT department of this hypothetical university tracking one down – that is, is there any risk in doing this?

  53. jorel314 says:

    In the network log, it’ll show your computers IP, Mac Address, Computer Name, and visited websites. I’d suggest spoofing your mac address, changing your computer name to something generic like “laptop”, and connecting to a VPN to browse the web.

  54. thanks, very nice info. i use kubuntu and windows xp to try this and its work just fine.

  55. michael says:

    i use windows 7 and this program works great

  56. Adnan says:

    I’m working on windows vista but this error occurs “Fatal error occured – BT3 data not found”. How I can solve it?

  57. Rafeeq says:

    Dear friend,

    I have a laptop with windows 7. now i getting more wi-fi signals. But all are prottected. How i can hack. I can use internet on the windows 7. or i need to install linux.

    if i follow the above steps.. i get the password/access.

    i want to use internet in my windows 7. if possible pls replay

    regards,
    Rafeeq

  58. windowsrules says:

    is there a windows one? NOBODY has mac anymore

  59. windowsucks says:

    @windowsrules

    is there a windows one? NOBODY has mac anymore

    Thats pretty funny. Mac’s numbers are actually stronger than ever and it is a far superior OS over windows according to the majority of IT Professionals but I digress.

    There does not need to be a windows one. This goes for all of those who have asked if there is one for whatever OS. This tutorial is not OS Specific, it is hardware specific.

    As long as you have a computer (Mac or PC) with an Intel Processor that can boot from the Optical Disk (CDROM, DVDROM) and you have a wireless card capable of packet injection under tools like Back Track (which uses aireplay-ng) then you can use this tutorial.

  60. Randy says:

    I try this on Win7, it works great. Thank You very much

    At first it got stuck at “GATHERING ARP” for a few minutes, change to a different connection and it worked. Then I try the first connection and it’s working

  61. vincent says:

    I need the software for hacking wireless network and the tutorials in addition.I am using windows xp. i’ll be glad if i get this software and very thankful to u.

  62. krugur says:

    anyone looking to crack wep keys or anyone need the fully working cd for craking wep keys, contact me.
    krugur@live.com

  63. RStew says:

    @jorel314 lol, well done. You’ve probably responded to about 50 comments. Thats all I wanted to say :P

  64. lost_soul says:

    dear frens, i have no prob running bt3 final at any windows flatform, but the prob is in my powermac G5, i’m not able to run my live iso cd there, although using unetbootin or vmware i’m still not able to run the bt3. guys pls help me coz i’m new with mac.

    powermac G5
    mac os x 10.4

  65. Anonymous says:

    @windowsrules

    srsly?

  66. zuhudfm says:

    just give one info : good tool to use Nmap as network scanner. u can download in http://adf.ly/2E5aN
    salam dari http://www.delavega.blogspot.com, semoga mempermudah hidup anda.

  67. Martin says:

    Please help me on hacking wlan with symbian phone guidline.Please help me on hacking wlan with symbian phone guidline.

  68. kumkum says:

    I write WEP Crack tutorial using ubuntu, but your one looks easier :D

    http://colekcolek.com/2012/01/20/crack-wep-hotspot-password-ubuntu/

  69. abdul says:

    hi chap, thanks for writting this, is bootable option is mendatory ? can i install back trak 3 and kismet on my window7 , will it works? please help

  70. jorel314 says:

    @abdul I’ve tried backtrack running in a virtual machine via virtualbox, and it works fine. Using virtualbox, you won’t need to burn a physical disc to boot from. You just boot the virtual machine using the .iso image file of backtrack.

  71. Glenn says:

    hi there its not working at all for me i cant seem to find backtrack 3 only 5 and when i burnt it to cd and restart and help c butten does nothing iv red over and over all these posts about help and still cant work out a solution im running mac os x 10.5.8…is it still possible to do on this and any addition help would be much appreciated….cheers
    Glenn

  72. jorel314 says:

    @Glenn

    My new method is to use SpoonWEP2 which is included with nUbuntu.

    http://thepiratebay.se/torrent/5576475/nUbuntu_8.12_Beta

    I create a virtual machine using VirtualBox and boot from nUbuntu, so no need to burn any discs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s