The highest form of ignorance is when you reject something you don't know anything about.

Wayne Dyer (b 1940)

KisMAC and OS X Lion 10.7, The Solution

KisMAC and OS X Lion 10.7, The Solution
How To make KisMAC Work under OS X Lion

Update August 2012

KisMAC Trunk r407 has been released
This trunk fixes some of the issues with Lion 10.7+ and 10.8
Airport Passive Mode is still not working but you may/can use an USB adapter with it (WLAN)
this is a temporary fix and you use KisMAC r407 at your own risk(s)
Please report to Kismac-ng for any other info.
If you still need/want to use your Alfa 036h/Realtek without KisMAC, then keep on reading...

Apple has changed the API again, hence there will be a flotation time until KisMAC is truly updated for Lion.  In the mean time, if you have tried, you'll have probably noticed a freeze under Passive mode. 
Here is a solution to make KisMAC work under Lion without too much fuss. 
Before we go in highly technical details,  you can give us some luv on FB... yes, you can ... 

So, to make it work, you'll need either some serious Terminal capabilities or the Kali App
The (a) second solution, is to create a bootable USB as explained here:  You have paid for Snow Leopard, keeping a bootable copy on hand can be very useful , i.e you crash your Lion HDD and need to get some files or make a fix.   or use KisMAC ...

Do NOT install the Drivers of the card ( unless you have the Kali App
If you install without Kali App,  the drivers will prevent KisMAC to be able to load its own. 


 Kali App.

*WLAN:  also know as USB cards, etc.  DO NOT buy any type or you'll be sorry.  You NEED a specific one.   The best one is here
Also, as a warning: eBay is full of knock off of this card, they look the same, but if you get one shipped "from the US by a Chinese vendor in HK" You will be sorry. By experience, I only recommend a few handful of vendors. Why?  Because I can connect one mile away. Yes, that's 1,6 km. 
You can also use the card as a second wifi, the signal compared to Airport is about 60% better.  Just that, it makes worth every cents of it.

Comments, The New Rules:
- Don't use "Anonymous" use "name/url"  instead. Even a fake name one will do.  If If you insist on using anonymous, you'll get a "Who are you?" for sole answer. 
- Check this page before asking!
- If your question has been asked before, it's probably answered.  if it has been answered before, you'll get the link above a second time.  If you do not wish to read or need personalized help, check the donate page or the KisMAC School.


How To Install Alfa AWUS036 NHR on Mac OS Lion 10.7

  Alfa AWUS036 NHR  Drivers for Mac OSX 10.7

This is going to be a very short post.....

Very simple...
Extremely simple ...

How To Install Alfa AWUS036NHR on Mac OS Lion 10.7?

Like that:

Alfa AWUS036NHR Mac Drivers For Lion 10.7


That was easy, huh?

Now something more important:
The Realtek Uninstaller provided with this package does not close "sudo" after use.  As per Apple Dev. this could leave a security hole.  Close sudo by opening terminal and type "sudo -k".  -Without quotes, you silly!


How To Install Pyrit CUDA on Mac

Pyrit CUDA:  Release the Kraken!

How To Install Pyrit CUDA on a Mac

We hope that you have not landed here randomly, Pyrit CUDA is not for the faint of heart, But your patience will be rewarded.  Highly rewarded.

CUDA stands for Compute Unified Device Architecture. It uses or unleash the power of your GPU(s) to compute a bit faster things like .... WPA key Recovery.
Pyrit CUDA is not a magic bullet, it's just a much, much bigger caliber.

Why Pyrit CUDA?
On my "Old MBP", Pyrit CUDA is 45% faster than Aircrack-ng without a sweat,  If you have a "New Mac" with a much faster Graphic Card, you can expect 50-200% faster. 
45% means than instead of running for 10hrs, you'll do the job in 5.5hrs,  Some monsters claim 89,000 PMKs/S.  With a little tweak, you can go 300% faster, see example under "tips"

Pyrit also allows you to create database of pre-computed PMKs, also known as Rainbow Tables, and here, it starts to go really really really fast ...

Engage Warp Speed and Release The Kraken... 

There you have it!  

39,847,344 PMKs per second....
27,481 times faster than Aircrack-ng, or a 2,747,993% increase in speed
Yes, that's almost 2.75 million %
It simply means that, what you do in 18 hours, I'll do in about 10 seconds :)

Pyrit Precomputed Tables are here.

Back to the install ...

I went to Pyrit after finagling wayyyyy to much with Aircrack-CUDA.  Using Backtrack5 on VMware, Aircrack-CUDA was the straw that broke the camel back: The time needed for the install and fixing the issues was longer than trying Aircrack the regular way.  So, here is Pyrit, native on a Mac.
Pyrit also allows you to create database of pre-computed PMK, also known as Rainbow Tables, and here, it starts to go really fast ... 

How To Install Pyrit CUDA on a Mac, OSX 10.6.8
For OSX 10.7 Lion, almost the same, but read the help first

Xcode must be installed! 
To check, Open Terminal and type "gcc"
If the answer is as described below, you have Xcode installed. If Not,  >> App Store >> Xcode (free)

10.8 Mountain Lion  
Apple has, by default, removed the CLT, For Mountain Lion you must install the Command Line Tools
Preferences  -> Downloads -> Install command line tools

1)    Click  > About this Mac > More Info > Graphics/Display to check your Card model #
1a)  Verify that you have a CUDA supported graphic card, if not, you are good for trying Open CL
2)     Follow the steps exactly in the order they are mentioned.
3)     You need to have Admin Rights or the Admin Password
4)     You should be Terminal Savvy. If not read the tips at the end first 
5)     You need to type the commands verbatim.  A space too much and you're out ....
6)     You can click on the pictures to enlarge them. It could help....
7)     There is a list of warnings at the end, read them!
8)     Verify that you have verified the verifications

The full install takes about 30~45 min.


Download,  in a easily accessible folder the following , do NOT install yet

Nvidia CUDA drivers for Mac:

Download 1 and 2

Select  "CUDA Toolkit" under Mac OS For Older Version (10.6.6 and under)

If you have an "old" Nvidia card, try the "older version" first, you'll save a lot a space. 
the "old version" is half the size of the new one, and you can always upgrade later 


You should now,  have something looking like that:

Install  Nvidia Driver for Mac
Click on the DMG, etc ..

This install is going to take few minutes..

Install  Nvidia CUDA TOOLKIT for Mac
Click on the DMG, etc 

Install  Nvidia CUDA drivers for Mac
Click on the DMG, install, etc 
i.e:  cudadriver-5.0.17-macos.dmg

Open Terminal and start the installation of libnet
"Path to"  refers to the path to the file. i.e /Users/MyName/Downloads/
tar -xzf  /Users/MyName/Downloads/libdnet-1.12.tgz

Instead of typing the full path by hand,  drag and drop the file into Terminal, that will save you some typing and errors

tar -xzf  “Path to” libdnet-1.12.tgz
cd libdnet-1.12
sudo make install
cd python
sudo python install

Now we install Pylibpcap 
tar -xzf “Path to” pylibpcap-0.6.2.tar.gz
cd pylibpcap-0.6.2
sudo python install

Scapy Install
tar -xzf "Path to" scapy-latest.tar.gz
cd scapy-2.1.0
sudo python install
* double check the "scapy latest" and scapy2.1.0  the names may have changed.

Now the prerequisites are done, we can go in the hearth of the subject.
From the Terminal Window, Download Pyrit
svn checkout pyrit-read-only

Build and install Pyrit
cd pyrit-read-only
cd pyrit
sudo python install

Last step, Pyrit CUDA
cd ..
cd ..
cd pyrit-read-only
cd cpyrit_cuda
sudo LDFLAGS=-L/usr/local/cuda/lib python install
* cpyrit  not "pyrit"  cd cpyrit_cuda

Now we need to check if all of that was worth it
Check if Pyrit CUDA is working 
pyrit list_cores

You should see a list of your cores and a list of your GPU(s)
Something like

Once done, let's Benchmark it and see if we can Release The Kraken
pyrit benchmark

(Recommended)    Kill SUDO by typing   sudo -K   (yes, uppercase K )

*I have installed Pyrit on an old machine, the "good ones" are "reserved" for work. :-)
  Leave a comment either here or on FB with your Config and the Benchmark Results. 
 Who has a monster?


GTK!  AKA "Good To Know"

Bruteforcing is time consuming, so you need to go as fast as possible, and also AS SMART AS POSSIBLE:   Bruteforcing in blind mode, aka starting @ "00000000" and going all the way up, trying each alphanumerical combination is just a pure waste of your (limited) time, you silly mortal, and your electricity bill will go up a bit.  Go smart, use a statistically sorted Attack Dictionary: Most used password first:  If the password to discover is "password" running an incremental attack will take you few months: The first set of numbers is 100,000,000 long, then for each set of letters, add 110,075,314,176. You have 24 sets, hence 2,641,807,540,224 passwords.  Then repeat with upper cap... then mingle all of that ... a0a0a0a0
Your brain has now stopped perceiving the true value of those numbers.  Mine too.
But that's not it! 
Mr. WPA is a tedious little man:  Each password has 4096 round of hash, salted with the BSSID.  It means in clear that your CPU/GPU will crunch about 1 Megabytes (byte, not bit) of data for each PMK (Pairwise Master Key)  , Each Password is "about" 4 PMK
2500 PMK/second and you'll have 2.44 Gigabytes of data being pushed trough per second...
The first set of numbers, 8ch long, will boils down to about a billion megabytes of data being crunched. 
So, Act like a ninja, and think like Einstein: Go smart!


If you are here, you should know it:  Don't play too much with the sudo command: it's an unforgiving command.  sudo does not give any warning,  sudo is "Das Terminator
Long paths
Avoid typing long path with spaces or weird names:
1) Download in a easily accessible folder
2) Type your command, i.e "tar -xzf" then drag the file from Finder to Terminal; the path will automagically appears correctly.
3) Use the arrow up to call back a previous command
4) copy and paste the command instead of re-typing them:
"cd cpyrit" just looks like "cd pyrit"  ( "C"pyrit )
(The first one that will comment about cd not working will get seriously flamed)

CUDA use 
When using Pyrit CUDA, quit all applications, including Anti-virus, Browser etc, I mean everything: Dropbox, Airport, etc. Anything that use a single %. Kill all processes but the vital ones: The performances will improve significantly.
For the best results, don't even use a screen saver:  quit everything and let the screen go black. Remember? CUDA is using your GPUs.  Following those tips you'll see the performance increasing  significantly:

We are now 279% (Two-hundred-seventy-nine ) faster than Aircrack-ng 1.1 and  600% faster than KisMAC 0.3.3 .  Yes, 600%.  But, that's not it!  Can you go faster than that?

If you crunch for hours, don't forget that  Pyrit CUDA will try to use 100% of your CPUs and 100% of your GPUs: The Temperature is going to go up a bit. If you have a laptop, I'll suggest to elevate it on the four corners and leave at least 1/2 inch of free space under. 


- My card is not supported!
  Bummer! check OpenCL
- How do you crack a WEP on Pyrit?
  You don't!  Pyrit is WPA only.
- kan't crack the pazwords!
  Probable Cause
- it doz not workz!
  Probable Cause
- It's not working on Windows
  Did you pass the test? (successfully?)
- I want to crack my girlfriend password
  Talk to those guys
- I overclocked my GPU and my computer shut down
  Told ya!  Try not to go over 200F / 93C.  If you insist, you may be able to fry an egg on your Mac, please send us the picture.  For a "runny-sunny side up" you can start at 66C.
- Please help
  It's just below. on more line...  

Pyrit help
For more help type "pyrit -h [command]"  i.e  "pyrit -h attack_ passtrough"

Highly recommended reading:
About Pyrit

Pyrit on OSX Lion 10.7 
"Many people have problems compiling Pyrit on OSX Lion. The version of GCC distributed with the latest XCode no longer supports creating binary code for the PPC-architecture and Python’s does not know about that; you can get an error message like the following:"

assembler (/usr/bin/../libexec/gcc/darwin/ppc/as or /usr/bin/../local/libexec/gcc/darwin/ppc/as) for architecture ppc not installed

You can solve this situation by forcing GCC to only compile code for the i386- and the x86_64-architecture. To do this, put the following into your .bash_profile:

export ARCHFLAGS=”-arch i386 –arch x86_64”

Retrieved Aug 2, 2011

Pyrit Mountain Lion 10.8 + MBP Retina

This Error seems specific to MBP's Retina and is easily solved by a single click.
Click To Enlarge

1) Open System Preference
2) Go to Energy Saver
3) box "Automatic Graphics Switching"
4) Uncheck the tick box

Many Thanks to Xander Clark for solving the issue and sharing with us.
Ditto to Christian T. for "Distant Lending" us his Beloved  MBP Retina while vacationing in Greece. ;)

Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg
This code is distributed under the GNU General Public License v3+

Usage: pyrit [options] command

Recognized options:
  -b               : Filters AccessPoint by BSSID
  -e               : Filters AccessPoint by ESSID
  -h               : Print help for a certain command
  -i               : Filename for input ('-' is stdin)
  -o               : Filename for output ('-' is stdout)
  -r               : Packet capture source in pcap-format
  -u               : URL of the storage-system to use
  --all-handshakes : Use all handshakes instead of the best one

Recognized commands:
  analyze                 : Analyze a packet-capture file
  attack_batch            : Attack a handshake with PMKs/passwords from the db
  attack_cowpatty         : Attack a handshake with PMKs from a cowpatty-file
  attack_db               : Attack a handshake with PMKs from the db
  attack_passthrough      : Attack a handshake with passwords from a file
  batch                   : Batchprocess the database
  benchmark               : Determine performance of available cores
  benchmark_long          : Longer and more accurate version of benchmark (~10 minutes)
  check_db                : Check the database for errors
  create_essid            : Create a new ESSID
  delete_essid            : Delete a ESSID from the database
  eval                    : Count the available passwords and matching results
  export_cowpatty         : Export results to a new cowpatty file
  export_hashdb           : Export results to an airolib database
  export_passwords        : Export passwords to a file
  help                    : Print general help
  import_passwords        : Import passwords from a file-like source
  import_unique_passwords : Import unique passwords from a file-like source
  list_cores              : List available cores
  list_essids             : List all ESSIDs but don't count matching results
  passthrough             : Compute PMKs and write results to a file
  relay                   : Relay a storage-url via RPC
  selftest                : Test hardware to ensure it computes correct results
  serve                   : Serve local hardware to other Pyrit clients
  strip                   : Strip packet-capture files to the relevant packets
  stripLive               : Capture relevant packets from a live capture-source
  verify                  : Verify 10% of the results by recomputation

More help

Basic Command lines
pyrit  -h attack_passthrough
The -h option gives a more detailed help on an option, here help on "Attack_Passthrough" -h should be used profusely.

pyrit benchmark
Does a Quick Benchmark

pyrit benchmark_long
Does a long Benchmark

pyrit -r test.pcap -b 00:de:ad:be:ef:00 -i words attack_passthrough
Regular attack on a specific ESSID via Dictionary

pyrit -r test.pcap -b 00:de:ad:c0:de:00 -o passwd.txt attack_batch
  "Pairwise Master Keys that have been computed and stored in the
database previously are taken from there; all other passwords are
translated into their respective Pairwise Master Keys and added to
the database for later re-use. ESSIDs are created automatically in
the database if necessary." 
Note:  .PCAP, .CAP or Dumplogs are the same

You can overclock, but: 
As much as you will be tempted, let me remind you that if you have a laptop, things may get hot.  Really hot!  Even SMCFan Control may not be enough.
Frying your GPU will not be a good thing.  Overclock at your own risk(s) : Pyrit does not have a GPU watchdog

Little hidden gem:
because you've read so far, you deserve a little bonus:
Release the Kraken !

Please read this before commenting