How to Install Aircrack on Mac

 How to Install Aircrack on Mac  in 3 Easy Steps

Installing Aircrack-ng can be a little confusing if you don't understand the lingo. 

Let me guide you trough those steps and you'll have Aircrack running natively in no time and almost no effort. 

Why Use Aircrack? 

Aircrack-ng is about up to 5 to 10 times faster than KisMAC when it comes to cracking WPA or WEP password.

KisMAC has an old Aircrack Engine and, honestly, it needs an update...

 

Aircrack-ng 1.1 churns about 1500 "WPA" keys per Second, or about 360 Passphrase/second  when KisMAC is left behind at 160/Sec on a dual core.
Aircrack-ng was tested on a MacPro at 1,800 passphrases/sec or 6,100 keys/ sec

Aircrack-ng can recover keys for WEP and WPA.  If you are interested in WPA only and want to use the NTWHM (Nukular Turbo Warp Hyperdrive Mode)  We would then suggest you to check this post and this post.  As a repeat, it's WPA only, but the speed is nothing short of phenomenal:

Yes, it's 1,576,213 PMK/S.
It means 1082.5 times faster than Aircrack.

Back to Aircrack:
On WEP, the difference is extremely noticeable, especially on low IV's captures. Aircrack-ng can work as low as ~23,000 IV's on a 64 bit WEP, and this in matter of seconds. KisMAC will churn for 10 min before giving you the "unable to find the key"
(Update: Success @ 20,566 IV's ;- )
Example here: 3 seconds with 22,566 IV's. Only 753 used. 

 

For Airport users, once decrypted, you have to enter the key without semicolons and space.
Example:    70:61:62:6C:6F  will be entered as 7061626C6F or 7061626c6f
If the key was entered as ASCII, Aircrack will also give you the ASCII value

If you are not familiar with the lingo, or wonder what does what, I would suggest reading the FAQ first.

There is multiple ways to install Aircrack-ng, this is one is the most straightforward way (that I am aware of.  Suggestions are welcomed in the comment section)

Installing Aircrack-ng on OS X

Gather what you need:  The Mise En Place 

You'll need:

• The DVD or CD install that came with your Mac
• A Copy of Aircrack-ng 1.1 (just download, Do NOT unzip)
• A Copy of Macports, (OPTIONAL for Install #2)  you can download either directly from the website or choose between the following two:
• MacPorts for OS X 10.6 (Snow Leopard)
• MacPorts for OS X 10.5 (Leopard)
• The Admin rights on your Mac, or at least the Admin Password. 
• In Most Cases you will a Network Adapter to either Re-Inject packets, Flood or Dehauthenticate. You can do without, but you'll need a lot of patience.  I only recommend one specific one. If you already have one, well..too bad. if you are going to buy one, you better use the one recommended: Better Value and beat the shit out of the competition

The Installation 

Put the Snow Leopard DVD in, and select Optional Installs

Select "Install Xcode " and continue. 

When Xcode is fully installed, Remove the DVD and continue with MacPorts

  

Click on the previously downloaded MacPorts dmg file and let it mount

Select "Standard Install" if asked, and click to continue. 

It may take more than 5 minutes to install, don't panic! 

While waiting, read the FAQ! 

when done, go to the next step

Open Terminal 

Go to the folder where Aircrack-ng was downloaded, i.e "Downloads"
Note: Avoid the use of folder names with spaces or you'll make it difficult with Terminal 

cd Downloads

sudo port install aircrack-ng  

Enter your password as requested, then hit Enter, and let it run.... 

Voila! 

FAQ & RFAQ

Why use Aircrack and not KisMAC alone?
Aircrack-ng can churn 10 x faster than KisMAC alone for Key Recovery.

Can I dump KisMAC now? 

No! Aircrack alone can not re-inject or Monitor Wifi. "Mind you, airodump-ng and aireplay-ng are linux only and will not work under OSX native, so for reinjecting and sniffing you will have to use other means."   And that's from Aircrack-ng itself.  Hence, I'll advise to keep KisMAC.   Other tools are provided with the Aircrack-ng suite, but not the ones needed to re-inject. See list at the end.

I cannot find a .cap file 

.cap .pcap or dumplog are the same thing. KisMAC exports the file without an extension and Aircrack does not care. KisMAC let you choose the name of the file under  Preferences >> Drivers

The format by default is  ~/Dumplog year month day hours minutes

Select your options based on your preferences or make your own.

Can I merge Dumplogs / PCAP  / CAP  files?
Yes, You may use Wireshark ➟ File ➟ Merge

Can I convert Dumplogs / PCAP / CAP files?
 Yes, You may use ivstools, provided with Aircrack.
 ivstools --convert

Can I Merge IVS files?
 Yes, use --merge with ivstools:    ivstools --merge

Can I Open Multiple  Dumplogs / PCAP / CAP files? 
Yes, just use an asterisk (star) (*) with Aircrack
Example:  Aircrack-ng Dump*

-->

I can't has a krack! I can has a pazwort?

The subject was previously discussed, here again:  sudo make user -now RTFM&STFW.   Or box the Mac and ship to me: I'll deal with it.

Aircrack-ng options

Just type Aircrack-ng or Aircrack-ng --help  You'll have the whole list  

How do I start? 

Just start by a simple:  aircrack-ng dumplog (dumplog being the name of the capture file, with path if necessary)
Or, if you have opted for very long dumplogs names, with spaces, just drag the file into the Terminal window, and add "Aircrack-ng" before the path.  please don't type the quotes....

You'll see a list of APs, enter the network number, ... after that it's pretty straightforward.... 

Aircrack-ng Command Lines

usage: aircrack-ng [options] <.cap / .ivs file(s)>

Assuming that: 
dumplog  being the name of your dump file
dicfile.txt being the name of your dictionary files or wordlists , with path if necessary

WEP
aircrack-ng dumplog 
Select the number of the AP, then press Enter 

WPA 
aircrack-ng dumplog -w dicfile.txt
Select the number of the AP, then press Enter 

Aircrack-ng Opening Multiple DumpLogs, PCAP, CAP files,  on a single network, with automatic key recovery

Aircrack-ng -e   dump*

Please note that "dumplog" & "Dumplog" are different. -for aircrack-.   

It's easier to "regroup" your files in one directory than typing path long as your arm. 
Also, don't hesitate to rename the dumplogs / cap files: "dumplog" is easier to type than "DumpLog-11-02-17-17/40.pcap"
 aircrack-ng ~/Desktop/dumplog -w ~/Desktop/Dicfile.txt

If you have located your dumplog in a far far away folder, or have used spaces in your folder name, read again the previous paragraph.
If you decide against that advice, you'll need to include quotes in the file name, or use a backslash BEFORE the space.
Example with the folder Air Crack, the command line would be the following:
~/Desktop/Air\ Crack/Dicfile.txt


Examples:
Aircrack-ng Opening Multiple DumpLogs, PCAP, CAP files,  on a single network, with automatic key recovery

-->

Aircrack-ng -e   dump*

To Pause Aircrack-ng
Hold your horses! There is no real pause when running a Wordlist on Aircrack-ng
One solution is to stop Aircrack, note carefully the name of the last key checked, and edit your Wordlist few keys before, save under a temp name and restart when ready. 
To Stop, just do a CTRL-Z. 

To Quit Aircrack-ng  CTRL-C 

I have multiple Macs, can I speed up the key recovery? 
yes,  copy the Dumplog and the Dictionary(ies) and use as many as you want. It's called a distributed attack.  I would split the Dic in two and reverse one (start from bottom up) or use multiple dictionaries. - Your call.

What about Precomputed Tables?

Yes but no,
The precomputed PMK (Pairwise Master Key) has pros and cons.
The SSID is used as "salt" in the hash, hence you'll have to precompute a different one for each SSID. If you spend your days assessing networks, that, maybe, could be useful with SSIDs such as "Linksys"  etc ...   but you'll spend a lot of time computing. It is only worth it if you know that you are going to reuse the precomputed table over and over again.
The most used SSIDs are the following.
After many years, Dlink has started assigning different SSIDs to their router (Dlink.1234)
Nevertheless, they are still using very short default password. Thank you D-Link.  

no ssid	2110760	6.571%
linksys	2065356	6.429%
NETGEAR	678943	2.113%
default	595090	1.852%
Belkin54g	276667	0.861%
hpsetup	232518	0.723%
Wireless	225838	0.703%
no_ssid	211360	0.658%
DLINK	199668	0.621%
WLAN	120117	0.373%
home	107110	0.333%

Source: WiGLE

Aircrack-ng / KisMAC Speed Test
Test files of 100,000 lines were used:
One with 8 numerical digit, from 00000000 to 99999999
One with complex passphrase of 50 printable characters:  !@#$%....ABC....99999
One with 50,000 less than 8 ch and 50,000 more than 8 ch long 

Tests were done on a Intel Dual Core 2.5GHz, 4GB RAM

 



Aircrack Speed: 
100,000 Passphrases in 04' 42", or 354.61 Pswd/sec
~1450 K/s

Is Aircrack-ng slowed down by complex passphrase?
100,000 Passphrases in 04' 43", or 353.3 Pswd/sec
Result: difference is negligible:  1 sec overall

Is Aircrack-ng testing less than 8ch passwords?
No, the file containing 50% less than 8ch long passwords was done in 2'12

KisMAC Speed:
100,000 Passphrases in 10' 18", or 161.8  Pswd/sec
2.2 times slower

Is KisMAC testing less than 8ch passwords?
No, the file containing 50% less than 8ch long passwords was done in 4' 27"

Is KisMAC slowed down by complex passphrase?
No, here again, results are almost the same. 



Common Aircrack-ng options:

      -a : force attack mode (1/WEP, 2/WPA-PSK)
      -e : target selection: network identifier
      -b : target selection: access point's MAC
      -p : # of CPU to use  (default: all CPUs)
      -q         : enable quiet mode (no status output)
      -C   : merge the given APs to a virtual one
      -l   : write key to file

  Static WEP cracking options:

      -c         : search alpha-numeric characters only
      -t         : search binary coded decimal chr only
      -h         : search the numeric key for Fritz!BOX
      -d   : use masking of the key (A1:XX:CF:YY)
      -m : MAC address to filter usable packets
      -n : WEP key length :  64/128/152/256/512
      -i : WEP key index (1 to 4), default: any
      -f : bruteforce fudge factor,  default: 2
      -k : disable one attack method  (1 to 17)
      -x or -x0  : disable bruteforce for last keybytes
      -x1        : last keybyte bruteforcing  (default)
      -x2        : enable last  2 keybytes bruteforcing
      -X         : disable  bruteforce   multithreading
      -y         : experimental  single bruteforce mode
      -K         : use only old KoreK attacks (pre-PTW)
      -s         : show the key in ASCII while cracking
      -M    : specify maximum number of IVs to use
      -D         : WEP decloak, skips broken keystreams
      -P    : PTW debug:  1: disable Klein, 2: PTW
      -1         : run only 1 try to crack key with PTW

  WEP and WPA-PSK cracking options:
        -w : path to wordlist(s) filename(s) 

Other Tools provided with the Aircrack-ng Suite

Ivstools-ng :  Merge and convert IV's 

Airbase-ng : "Airbase-ng is multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself. Since it is so versatile and flexible, summarizing it is a challenge"

Airdecloak-ng : "Airdecloak-ng is a tool that removes wep cloaking from a pcap file. Some WIPS (actually one) actively “prevent” cracking a WEP key by inserting chaff (fake wep frames) in the air to fool aircrack-ng. In some rare cases, cloaking fails and the key can be recovered without removing this chaff. In the cases where the key cannot be recovered, use this tool to filter out chaff. "
Source: Aircrack-ng.org.  Please refer to it for any information related to the Aircrack-ng Suite. 


New Rules for Comments:

• Update:  Some people can read, some others can't:  Your time is precious, so is ours:  If your question has been previously answered, you'll be asked for a $5 donation. Otherwise, just re-read again. 
• Please use a name other than "Anonymous"  See Name/url . Any name, even Max the Cat will do.  Will do only once.
• Please State your OS, Version, etc. Don't forget to state your OS.
• Max 3 questions. If we need to ask you what is your OS, that will be one, 2 left. 
•