I am doing a little demonstration on the inscurities of WEP where I work. (We have a problem with people adding their own wireless devices to our network and we need to put a kabosh on it quickly).

I have a laptop and a desktop with all the tools I standardly use but I wanted to find out if I can aslo add a PPC into the mix as well. You know their small form factor would make this demonstration a bit more effective (as not many people come into our building with a laptop in tow but EVERYONE walks in with PDA"s and new phone devices).

Things I need to know 1) name of the program 2) What Wireless NIC's the programs work with and 3) can it inject packets or is it simply passive? (lets me know if this can be done during a meeting timeframe or if I have to set this one up befhorehand)

I just downloaded mini-stumbler a week ago as I use Netstumbler on my own PC based devices. Any thoughts on some good programs along this line as well?

Here the jist of the demonstration. At the beginning of the meeting I am going to have 3 halfway techonlogy savy people turn on 3 different routers and place them around the building. I am going to have them all implement any non WPA based security they want (mac address filtering, disabling SSID broadcasts, and adding WEP). I am then going to use the devices during the meeting to gather the data to then at the end of the session I am going to show everyone the data.

I don't think there are any PPC based crackers out there, though I am certainly not sure of that. I'd expect they just don't have the processing power to do the work in any reasonable amount of time. As you apperantly know there are numerous sniffers, as in find access points, programs around. Some are exceptionally easy to use. "Hey, I found an AP, wanna connect to it?" Socket's, while not free, is said to be quite nice.

I think the greater concern with folks walking in with PDAs will be the totally unsecured rouge AP. Actually I've even run across a few unsecured APs in businesses, where their contract IP support failed to add that layer of protection :roll:

Kind of nice of you to try to explain and demonstrate the point behind the company policies. Most places just fire the violator. One or two tends to deter the rest.

We actually have 24 different sites in a large (hundreds of miles) radius from each other that I have to go to all the sites from time to time. Anytime I get a meeting where they all come together I like to put a few technology concerns on their plate.

I think I am going to go this route then - 1) router I configure as unsecure though I'll have the SSID hidden and make one of them change it to osmething else and I'll use the PDA to find the SSID 2) Use the PC and the Laptop with the tools I currently use to show how the encryption can be easily broke.

I didn't think processing would be the limitation since most packets are not that large and injecting on my laptop doesn't even use a fraction of its CPU. I thought if anything it may be something that was not able to be done by the Win Mobile platform (kind of like how Windows I have yet to find an application that will inject packets (though Linux I have 2 I choose from)

As far as being nice I actually am being required to do this by our HR department because we have 1 offender that now has had 3 wireless routers removed from the premisis (2 of which were unsecured and the third he "secured" with WEP after I told him they were a security concern).

In all I need them to see that while wireless can be a tool to use it has to be implmented by someone with systems knowledge and this has to be some kind of project based setup we just can't run out to 24 sites tossing in any kind of wireless device we choose.

Thanks for thinking about this and if anyone has any suggestions in the next 3 weeks before my meeting give a holler.

As far as being nice I actually am being required to do this by our HR department because we have 1 offender that now has had 3 wireless routers removed from the premisisMust be an indispensable individual. Not sure he would have lasted past the first one in the places I've worked.

...will be the totally unsecured rouge AP.

Man, I *hate* rouge AP's. I prefer teal or ocean blue ones. :lol:

...will be the totally unsecured rouge AP.

Man, I *hate* rouge AP's. I prefer teal or ocean blue ones. :lol:

Go ahead, poke fun at my digital dyslexia.

Hahaha I knew what you meant and yeah its one of the higherups. He is also pushing for the new facility we are about to open to have Wi-Fi added into it but they also don't want any kind of budget addition (meaning he wants to put a standard SOHO solution onto a company network).

Ugh all the problems with him and wireless I mean he has good intentions... just really doesn't think things through.

I want to see the first time his open Wireless at a site brings down our accounting/access system and see how red his face gets when we said if they had the bandwidth it would have worked just fine :)

Well, Cisco owns Linksys now, so it's the same thing...right?

I just downloaded mini-stumbler a week ago as I use Netstumbler on my own PC based devices. Any thoughts on some good programs along this line as well?


Unfortunately, "real" PPC wireless "cracker" apps like Kismet don't have PPC ports. They have, however, Zaurus ports as they're Linux. For example, for the well-known Kismet, see http://www.killefiz.de/zaurus/showdetail.php?app=116 . Therefore, if you oinstall Linux on your PDA (in, say, a multiboot environment), you may be able to make it work.

For your demo I would use 2 tools.

WifiFofum - This I would use as your wireless sniffer. It has a great Radar like GUI that shows your proximity and bearing from APs. So as you move you can see if you are closer, further away, to the left or right of the AP.

The 2nd tool I would use is - Retina Wifi (retininawifipoc)
If you do a google search you may find it as the vendor has very recently
withdrawn it - http://www.eeye.com/html/resources/downloads/wifi/RetinaWiFipoc.html

This has a AP scanner and a brute force WEP cracker built in.

To build up the brute force dictionary you can use this link:

http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php

This will give you the default login IDs and passwords or most wifi APs.

If you cant find retina, I can e-mail it to you. There are mixed results with it as it likes some PPC wifi cards and not others. I think its something to do with Zeroconfig wifi.

Here's the PPC version of Retina (http://derfaust.com/files/RetinaWiFiPoc.exe)

(Found the URL here (http://forum.xda-developers.com/viewtopic.php?t=20419))

Here's the PPC version of Retina (http://derfaust.com/files/RetinaWiFiPoc.exe)

(Found the URL here (http://forum.xda-developers.com/viewtopic.php?t=20419))

It has been removed in the meantime; fortunately, I've saved it and could, therefore, upload it to http://www.winmobiletech.com/sekalaiset/RetinaWiFiPoc.rar