Home / Hacking / Generate WiFi IVS dump with makeivs-ng on Kali Linux

Generate WiFi IVS dump with makeivs-ng on Kali Linux

makeivs-ng is part of the aircrack-ng package and is used to generate an IVS dump file with a given WEP key. The aim of the tool is to provide a way to create dumps with a known encryption key for testing.

makeivs-ng – generate a dummy IVS dump file with a specific WEP key

root@kali:~# makeivs-ng --help

makeivs-ng 1.2 rc4 - (C) 2006-2015 Thomas d'Otreppe
http://www.aircrack-ng.org

usage: makeivs-ng [options]

Common options:
-b <bssid> : Set access point MAC address
-f <num>   : Number of first IV
-k <key>   : Target network WEP key in hex
-s <num>   : Seed used to setup random generator
-w <file>  : Filename to write IVs into
-c <num>   : Number of IVs to generate
-d <num>   : Percentage of dupe IVs
-e <num>   : Percentage of erroneous keystreams
-l <num>   : Length of keystreams
-n         : Ignores ignores weak IVs
-p         : Uses prng algorithm to generate IVs

--help     : Displays this usage screen

makeivs-ng Usage Example

Specify a BSSID (-b de:ad:be:ef:ca:fe), WEP key (-k 123456789ABCDEF123456789AB), and output filename (-w makeivs.ivs).

root@kali:~# makeivs-ng -b de:ad:be:ef:ca:fe -k 123456789ABCDEF123456789AB -w makeivs.ivs
Creating 100000 IVs with 16 bytes of keystream each.
Estimated filesize: 2.29 MB
Using fake BSSID DE:AD:BE:EF:CA:FE
Done.
root@kali:~# aircrack-ng makeivs.ivs
Opening makeivs.ivs
Read 100001 packets.

#  BSSID              ESSID                     Encryption

1  DE:AD:BE:EF:CA:FE                            WEP (100000 IVs)

Choosing first network as target.

Opening makeivs.ivs
Attack will be restarted every 5000 captured ivs.
Starting PTW attack with 100000 ivs.

Aircrack-ng 1.2 rc4

[00:00:00] Tested 621 keys (got 100000 IVs)

KB    depth   byte(vote)
0    1/  2   76(113152) 1E(111104) 48(109824) 1C(109568) A6(109568)
1    1/  3   F5(112640) 06(111616) 33(111616) F4(111616) 05(111104)
2    0/  2   31(137216) F9(113664) 76(113152) DC(110336) B9(109568)
3   10/  3   E1(108800) 0A(108544) 34(108032) 3E(108032) 48(108032)
4    9/  4   7D(109312) BA(109056) 5E(108800) D6(108800) 11(108288)

KEY FOUND! [ 12:34:56:78:9A:BC:DE:F1:23:45:67:89:AB ]
Decrypted correctly: 100%

Source:

Author: Thomas d’Otreppe, Original work: Christophe Devine

License: GPLv2

Check Also

Unicornscan

SecLists – Security Tester’s Companion

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used …

Unicornscan

Forging ARP, UDP, ICMP or custom packets with packetforge-ng

The purpose of packetforge-ng is to create encrypted packets that can subsequently be used for …

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed)

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.