Hacking WEP (on an Orange Livebox)
Hack WEP using Backtrack 5 and gerix
So, you forgot your WEP key and you can’t recover it or you simply wanna hack into your neighbor’s WiFi :P. In short the situation is – your terminal can detect the “secured” WiFi network but it can’t connect to it because you need the key. WEP (and WPA too) has already been hacked long ago, yet people still use it! There already exists tons of ways on how to do it, just google it. I am just going to explain the way i did, which i found to be the simplest one yet. All you need is to download BackTrack 5. You can install it on your PC, but it is simpler to just create a bootable Live USB using UNetbootin. I assume you booted Backtrack 5 (from USB or otherwise) successfully at this point.
The following worked for an Orange MyT livebox that has WEP enabled.
Unfortunately i could not take screenshot in the live cd mode…
1. Launch gerix (Applications -> BackTrack -> Exploitation tools -> Wireless exploitation -> WLAN exploitation -> gerix-wif-cracker-ng)
2. Click on configuration tab, click on your interface then click on Enable/Disable monitor mode button. This will create a new interface. Select it.
3. Click on rescan networks button. The victim’s network should show up in the list. Select it.
4. Click on WEP tab. Click on start sniffing and logging. (This will open up a terminal).
5. Click on WEP Attacks (no-client). You will see 2 types: ChopChop attack and fragmentation. Fragmentation did not work for me because of poor signal strength. Chop chop is best for low signal, so i used it.
6. Click on “start false access point authentication on victim” button.
7. Click on “start ChopChop attack” button. A new terminal will show up, type y. Wait for it to become 100%.
8. Click on “Create the ARP packet to be injected …” button.
9. Click on “Inject the created packet on victim access point”. A new terminal will show up, type y. You will see ‘Sent [a number] packets’. Wait till you reach about 10,000 packets.
10. Now in gerix, click on the Cracking tab. Click on Aircrack-ng – Decrypt WEP password button.
11. You should see the WEP key! It will be something like HI:G4:I9:…. It was 38 in length for me. Actually when you enter the WEP key (i tried it on windows XP), drop all the “:”.
Voila. Now you can access the “secured” wireless network. Enjoy! 🙂
//roshans89
Roshan's Blog 
niiiiiceeee! 😀
if only mo ban voisin ti ena myT! XD
1 sans li simple selman! rofl
gud job 🙂 keep it up 😀
ty lol.. wey mari simple r sa 🙂
nice article 😀
the backtrack 5 does not detect my wifi card :S too bad for me…
Any suggestion?
@Anooj try to look here: http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers
mo p trv ena 1ta noob ki pa kne hack livebox dan sa maurice la.
Best Regards,
Hackerpunk1
filtrage mac activé par défaut pour bne LB..;
@lol, pas pou tro dificil contourne sa probleme la. Simple raison: Kan to sniff packet to pou truV ki MAC address la pas encrypted. Mne blier lakel command sa but li facil gagne MAC address Access Point la ek MAC tou man users ki authenticated a network la. Lerla app la pou fer 1 truk apel “MAC Spoofing” ki pou ’emulate’ MAC address 1 user dja authenticate ladan pou gagne access.
Edit: command la sudo airodump-ng [-c] [–bssid] [-w] wifi0
kot -c, -w etc man parametres to bizin supply, mo laisse tw al roD ki man parametres la fer ;).
Btw, mne remarK ki man nuvo livebox la pna filtrage MAC enabled
yo mate a real linux blog , nice stuff on bt5 indeed .. ek mo nouvo dans open source .mo trouve bien interessant ..pena personn ki pe faire reverse engineering ? on linux emmbeded device ..mais the post about grunge in the nineties was coool …punk is not dead ….take it easy 🙂
Thanks for the great comment mate 🙂 Reverse engineering lor linux embedded na :O mo pna knowledge lor sa, wud love to si gagne 1 leten.. i’m far from being an expert on linux lol.
Thankksss mo pas vraiment listen punk… 1 2 kumsa xD
Mon, 27 Jun 2011
Unbelievable statements in GPL related case in the Supreme Court of Mauritius
I’ve recently received some documents regarding a court case at the Supreme Court of Mauritius.
The plaintiff is a company called Linux Solutions Ltd. in Mauritius. It seems to be covering an alleged breach of an NDA between a contracted freelancing developer and a company in Mauritius. That contractor (the defendant) has apparently published some of the work he had done while contracting for the plaintiff.
While none of that seems to be clearly connected with the GPL, what is extremely disturbing is the sworn affidavit / oath by one of the executives of the plaintiff. It says things like:
5. Licenses of open-source software like “Linux” and “Asterisk” have no copyright restrictions which in effect puts no restrictions on their use or distribution. As a consequence, any work which is derived from the open source software as conceptualized, created, installed and managed, by the Applicant becomes the ownership of the Applicant.
6. In the light of the above, therefore, the applications, configuration files and features so developed by the Applicant are the sole property of the Applicant, make up the knowledge base of the Applicant, make the basis of its business operations, and are highly confident in nature. The applications, configurations and features have been built and acquired by the Applicant through important capital investments and manpower over a period of time.
So let me phrase this more clearly: Somebody, under oath is stating at the Supreme Court, that GPL-Licensed software (which the Linux kernel definitely is), has no copyright restrictions? And that any derived work is the sole property of whoever created the derivative? What kind of pot are they smoking in Mauritius?
If there’s anyone in the Free Software legal community interested in filing some kind of legal document to the Supreme Court of Mauritius to clarify this issue, feel free to contact me for more details on the case. No matter whether the defendant has broken some NDA, I think it’s unacceptable to see such ridiculous claims being made at a Supreme Court.
In case you don’t believe it, here are some scanned samples:
mauritian al court pou corruption dan election, scandal lier ar politik or camera ki p fer zot paye tro contravension la list la long.. lepep admirab!
http://rudymauritius.wikispaces.com/
Nice stuff there dude. Looking forward to some posts in it 😛
Please give me aplication livebox crack wifi
What about wpa? Can it also be hacked? I’ve changed my key to wpa and was wandering how safe it was.
Also what about the fact that we have to press the reg key on the livebox to be able to join a wireless network?
ps: I didn’t try the hack
WPA has also been cracked, as well as WPA2. But WPA has a better protection than WEP for sure- In WEP the keys are not hashed, WPA rotate the key on a per-packet basis. I don’t know the complexity of cracking WPA, the gerix-wif-cracker-ng has WPA crack also, but i haven’t tried it myself.
About pressing the key, this is not necessary if do what i said in the post 😉
I see.
Can BT5 work on windows? I managed to get BT5 to work using VMware Player however it doesn’t detect my network card since am on a laptop.From what I’ve read so far BT5 only supports usb adapters.If that’s the case I’ll have to give up.
Scratch that.
I created a bootable usb and bt5 did detect my wireless card. Now am going to try my own network.
Okay 🙂 How did it go?
Get ready for it because your not gonna like it. Ya know..I Hate All You Computer Geek Mother Fuckers, You Post All this Misleading Useless information that You All know is not gonna do what You Claim. I guess its some kinda club, because You All do the same shit, You Assholes think this shits cute when people download all this crap and study and learn commands and use up time of their life clock that they’ll never get back not to mention the expense when you suggest purchase this and that. Well… I hope You All get Cancer and Die from All the Radiation You expose Yourselves to from all that gear you sit around day in and day out and Burn in Hell !!! Thank You for Nothing…Sorry..But Somebody Had to Say it…… (I hope this dosn’t get deleted (Tho i know it will) Just so People know Somebody’s got the Guts to Tell You M Effers about Yourselves !!!) Oh…And dont worry…You wont be the only one to get one of these …Believe Me !!!!
Cool story, bro. Guess what.. i did not thrash your comment. Thank u for the lulz! If you think all this is just waste of time then good for you, its not for me. All these is one of my passion. And this one, which empowers one to the pwn most of the “secure” wifi in existence lol. Everyone has stuff they like… if you think just using the Internet for facebook, trolling, chat, etc then good for you.. and if you reflect on what you do on the Internet (eg. the comment itself) you will notice you are wasting you own time of your life. FYI, i don’t just sit behind my PC all day.. i am probably more active than you are. 🙂
My neighbour have an unsecured wifi livebox, Im unable to connect his wifi. I think that I must assaciate his wifi by pressing the ‘reg’ key in his livebox. Is there any method to by-pass it and connect (associate) automatically with bt5 or win7? Roshans89 or anyone can you please help me to solve that issue?
Well i looked into this.. probably when i carried my experiment, my neighbor livebox was already in pairing mode or it was always on i don’t really know..
check this out http://assistance.orange.fr/put-your-livebox-in-pairing-mode-4729.php. Not all liveboxes need the pairing (REG) button pressed. Try fiddling with BT5, i think it can be bypassed with some sort of MAC Spoofing (?) ..
This link will also be interesting – http://en.kioskea.net/forum/affich-28541-wifi-to-livebox-problem
Thanks for ur reply bro. U r right, maybe u have been lucky enough to crack ur neighbours livebox, cause livebox (orange) is the most difficult to crack. Unfortunatly we have only livebox orange in Mauritius. I have so many friends who have abandon the project of wep/wpa cracking.
Yeah that is probably true 🙂 It’s not easy i admit, u need lot of time and patience to be able to discover something people haven’t really done before (livebox hacking).
Maybe also the MAC Filter was not activated on that livebox… That livebox did really have poor security config lol. And now i see more and more of WPA2 being used!
What if you want to crack a WEP key ( ur neighbor’s 😀 ) using ur Android phone?
..Then you will need a method other than what i explained. A notebook will be fine 😀
If you absolutely need an Android app then google “android app to crack wep” you will see lots of results, even youtube tutorials. Good luck! 🙂
Someone has any info on “uncapping Cable Modem”…….
how to hack wifi on android mobile
what i can tell you all, this did not work for me, as i did all the above, booted it from my usb from the iso file, results in some command program like linux, didnt have option such as scan or air cracking or anything related to that. theres not GENIX OR APPLICATION WHATSOEVER, next time explain us step by step what needs to be done. this tutorial isnt very helpful, if you can’t take screenshot take them with a camera! cheers.
The default root name for Backtrack is “root” and the password is “toor”. After typing in the root username and password, you will come back to the Backtrack shell. Type “startx” to enter the GUI desktop.
The shell is started by default and you need type startx, it even says so in the console… can’t you read what’s written on the console? Its a guide on cracking WEP, not a guide on basic linux usage! But as i am a good guy guide here is a head start for you: http://backtracktutorials.com/how-to-install-backtrack-5/
Cheers! 🙂
Redownloading now, will tell you how it went, ty.
Okayy! so here i am with the results, i tried the following and yes i finally got into the gui desktop, and manage to do what u told, but with no luck it did not work whenever i try to “Inject the created packet on victim access point” i get the error saying “Open Failed: no such file or directory” … so yeh thats basically it, got any tips for me on that?
pou gagne myT so ban chaine…..obliger ena sa smartcard la ceki activer…mo fin essaye ene smartcard desactivée (mais ene message paret: re-inserer la carte)…. kiso role sa smartcard la…??? repond mwa svp
hi, please can someone tell me how can i disable my mac address filter on H108N/ZTE modem of orange my-t
how to hack mt decoder to play all channel and more
Hello, is there a way to hack an orange livebox? Backtrack5 is no longer available. Thanks