May 27, 2008

Cracking Hotspots and Boosting Laptop Wi-Fi: Part 1
Miami Beach, United States

It's going on two weeks now that I've been without Internet access here in my hotel room. The lack of Internet or the act of visiting the local library (or slyly sitting in the lobby of a nearby hotel) for access every so often isn't bothering me—I'm use to having to visit Internet cafés—what's killing me is the 15-pound anchor named Aidric that keeps me tethered to my hotel room for 20+ hours a day.

Posing with my Mini Me

I'm a broken man. I've been burned by too many failed attempts to take my son out. I'm no longer in the state of mind to gather all his gear and attempt to keep him happy and entertained and work online at the same time. His temperament is simply too unpredictable and disruptive to let my attention focus elsewhere.

Since I'm charged minding my son most mornings and evenings, I've come to conclusion that I really need Internet access in this hotel room to stay sane. Local news and repeating movies on HBO just aren't going to cut it. I'm feeling so isolated.

I've taken a look into getting a dial-up Internet access, but paying $5/week for unlimited outgoing phone calls from this hotel room on top of the monthly service fee (of at least $10/month) turned me right off of the notion. The thought of spending thirty-something dollars a month for modem access when I spent less than that for a broadband connection to my apartment (back in day) just rubs me the wrong way. I'd rather spend that money on something tangible, something that might continue to benefit me long after the outlay of cash.

I honestly think I have the same problems with buying food and booze. I really don't like spending money on these things because the benefit seems so short-lived. My perfect price for a meal is about $1.50, and $3 for a bottle of wine. (Particularly tasty wine can easily be had for this price in Chile and Argentina) …but I digress.

So I really got to thinking about what I can do about the wireless access points that are eluding me because of the signal, and the access points that are available, but locking me out.

Access-restricted Wi-Fi is the thorn in foot for any frugal traveler with a laptop (or similar device) in tow. If your accommodations are considerate enough to make one available, finding that specific room in the hotel that offers up the best wireless connection can be challenging enough (let alone dealing with technologically inept staffers that have no idea what the wireless password is set to). Countless times I've frowned at picking up a locked connection from the comfort of my bed, yet was forced to deal with the unpredictably of an Internet café computer instead.

WEP and WPA

WEP (Wired Equivalent Privacy) is a mechanism used to provide data security in wireless networks. WEP allows the administrator to define a set of keys (or just one key) for the wireless network. These keys are shared among the clients and access points and are used for encrypting data before it is transmitted.

WPA (Wi-Fi Protected Access) came as a replacement for the less secure WEP standard. WPA addresses many of WEP's security and privacy concerns, significantly increasing the level of data protection and access control for wireless networks. Unlike WEP, WPA is a dynamic encryption system that uses rekeying, unique per-station keys, and a number of other measures to improve security.

Both methodologies can be cracked ("audited") by a third party with enough time—some WEP keys can be obtained in only a matter of minutes. This process typically entails monitoring/capturing information sent during the client initialization or key exchange phase.

It should be noted that accessing a person's wireless network without permission—especially ones that require authentication—is a big no-no in the United States (yep, illegal), as well as in many other countries.

I've never owned a laptop before this one, and never had a need for Wi-Fi in the home (I've been cutting and crimping my own Ethernet cable and running the stuff through walls for well over a decade). So I suppose I'm finally getting around to learning about some of finer details of this stuff now—writing it down here so that I remember and reference it later.

Cracking WEP and WPA: Windows Woes

The bad news for Windows users is that most of the software tools and wireless cards out there don't jive with your (and my) operating system. Worse yet, due to a network card and SD memory card reader integrated into my laptop, the system apparently refuses to boot into any flavor Linux or Linux-based boot utility (a documented problem with the Twinhead H12Y, and its rebranded sister models).

As you might've guessed, Linux is the free, open-source operating system of choice for most of the people developing these auditing tools, thus the lack of my ability to run said OS puts a real damper on my capability to effectively access WEP or WPA protected access points.

For those who are able to run Linux (probably the majority), a free pre-compiled CD available for download called Backtrack (currently in version 3) gives you all the tools you'll need on a nifty bootable CD—no need to install anything on your hard drive or drop your installation of Windows. Just read or print out these (excellent) instructions, toss in the CD, and have at it.

And for us poor souls who are locked into Windows, only a few options appear to exist:

  • Aircrack-ng—The software suite that provides foundation for Linux-based access point auditing comes in an generally unsupported flavor for Windows.
  • CommView for WiFi—A pretty application that gathers information and decodes the analyzed data in one package. Looks like the top choice if your wireless card is on their short list of compatible adapters.
  • Airowizard—A friendly looking program that seems to have never gotten past "beta 1.0 revision 250". If you can find it (and it's still current enough to work for you), it looks to provide the visual interface that the current Aircrack-ng suite lacks. Note: only runs with cards running CommView drivers (see short list above, card testing utility found here).

Software drivers connect the operating system to the hardware, and regardless of which application you end up selecting, it's practically mandatory that you'll have to replace the currently installed Windows wireless card drivers with one tailored to allow the auditing application to properly manipulate the wireless adapter.

Cracking WEP and WPA: Hardware Compatibility Nightmare

Getting off the ground with all this seems to be a bit of a nightmare. Not only are there physical hardware compatibility limitations, but software limitations to consider as well.

Firstly, if you're using a wireless adapter that plugs into your USB port: Forget it—won't work.

It's important to find out the specifications of the wireless chipset inside the branded Wi-Fi card in your system (or that wish to purchase). The brand of the add-on card you buy might be a Linksys, but manufacturer of the wireless chip that runs the card is often shared by competing companies. Knowing the wireless chipset manufacturer allows you to determine which software drivers you need, and what limitations are associated with them. Search for and install the appropriate driver, depending on the auditing application you're going to be using.

Note: CommView favors drivers with an Atheros chipset. Very few drivers are written for use with wireless chipsets running under Windows with Aircrack-ng. If you don't have an Atheros chipset in your existing system and you're using Windows, you're pretty much out of luck (unless you want to purchase a new wireless adapter for your laptop).

The wireless card inside my Twinhead H12Y

Since the driver for my wireless card nondescriptly states "802.11g Mini Card Wireless Adapter" in the Windows device manager, I had to pop the bottom off my laptop and pull out the card to figure out what exactly was in my system. It turns out that the card is an MSI MG54G and runs on the Ralink RT73 chipset.

This is actually not that bad of a card, and would be good news if my system ran Linux, but it's totally unsupported by the current offering of Windows WEP/WPA auditing applications. This means that I probably won't be cracking any keys with the stock wireless card in my system.

Visit the driver compatibility section of the Aircrack-ng Web site to get a better overview of what chipsets work where and what drivers to use with the Aircrack-ng application suite.

Continue reading: Part 2

Comments:

The United States

Erik

May 29th, 2008

Have you tried Hardy Heron or anything else on that link you posted? Blacklisting the SDHCI which was my first thought - completely ignore the device.

-Download and burn the Alternate Install CD
-Boot it and choose your language
-Press F6 and add "sdhci.blacklist=yes" to the prompt.
-Install it and get a working Ubuntu installation.

Oh, and I believe Hardy Heron allows you to actually run the Linux environment from within Windows now, using Wubi. Kind of like running a virtual machine, basically.

The United States

Craig | travelvice.com

May 29th, 2008

Interesting. I saw that resolution to the network card (completed since I last tried Ubuntu) and SDHCI (memory card reader) workaround — finally — but was under the impression that the Ubuntu alternate CD was one that required an install on the HDD (not a Live CD).

Never heard of Wubi before — I'll have to give it a whirl and see what happens! Thanks Erik.

The United States

Erik

May 30th, 2008

You could do the Ubuntu install if you're willing - it will let you chop off a chunk of free space to make a new partition and will automatically install the Grub bootloader and add your Windows partition to the list. Another option is to install to a flash drive.

As for Wubi, you should be able to pop the LiveCD in with Windows and pick that option. Otherwise, just download it. This is probably your best option to start with until you're more comfortable with Linux and able to recover if you accidentally brick it. No need to mess with partitioning and MBR's.

Note: Comments are open to everyone. To reduce spam and reward regular contributors, only submissions from first-time commenters and/or those containing hyperlinks are moderated, and will appear after approval. Hateful or off-topic remarks are subject to pruning. Your e-mail address will never be publicly disclosed or abused.