The highest form of ignorance is when you reject something you don't know anything about.

Wayne Dyer (b 1940)

Long Range WIFI

Long Range WIFI

If you are the type to use your laptop within 3 inches of your router, this article is not for you.  On the other hand, if you want a better connection anywhere in the house, or from house to house, or even for RV's, Boating, Camping, Trekking, then take a look: You are going to be surprised at what you can do for less than $50.  

After reading this article, never complain again that you have a "bad connection"  ;-)
So, before we start,   Take a quick look a this ...
Do you see the dot on the left of the horizon? 
This one....
How far is that?   Would you like to make a wild guess?

Yes, That one ... on the detail
3km? 5km? 8km?????
That is 13.5 km away,  or about 8.4 miles  (44,352 ft)
And guess what?  This is one of the "shortest" long range we've measured!

Now that we have your attention .....

We can put that in perspective ....
The red line on the right: The 2 points are 9.58 miles apart, or 15.4 km
To add a little to the bragging rights,  this one is Out Of Line Of Sight and Out Of Fresnel Zone.
All data has been GPS/WiGle Verified. 
All of that, with out of the shelf products, stating at $35.   

The specs:
An fairly open location, on a hillside overlooking the city.  Please note the trees on the left and right, and what you can not see: Hills on the left and right, and continuing behind us. This gave us a ~60deg opening,  Not a 360.    
Elevation 344ft (104m)
The leftmost target is the Prudential Tower, max absolute elevation 755ft (230m) 
Top Of The Hub is the name of the restaurant ...on the top... 
The rightmost target is Logan Int'l Airport,  Altitude 13 ft (3.5m) 
The Gear
When you reach those distances, size starts to matter but we remained into the "low tech" 
We've made 2 tests, 7 days apart, and interchanged the material in order to avoid a NFTL moment (Neutrinos Faster Than Light) and tested up, down, left and right. 
- All the Tech lingo and tips are at the end.   Don't read it!  Because if you do, you'll learn that using the wrong cable can cut your performances by a factor of 10.

A GPS for the position, verified as well with Google Earth and WiGle 
The GPS is a USB GlobalSat, KisMAC compatible. And Waterproof ;-)

Alfa 5 dBi Dipole
Alfa 9 dBi Dipole
Cantenna  (given for) 12dBi 
Magnetic mount (for Dipole Antenna)

regular USB and Active USB 16ft /5M

Alfa AWUS036H                   1000mW  802.11 b/g     (OSX 10.6)
Alfa AWUS036NH                 2000mW  802.11 b/g/n  (OSX 10.6)
Alfa AWUS036NHR              2000mW  802.11 b/g/n (OSX 10.7, 10.8)
Alfa Tube-U (G)  (Waterproof)    500mW  802.11 b/g      (OSX 10.6)
Test #1 
Alfa AWUS036H + 5 dBi Antenna 
We plugged the trusted Alfa AWUS036H and fired KisMAC, to our surprise, we got contacts!
the Alfa had a little 5 dBi antenna, and we were sitting on a table, with the wall in front of us:  Far away from "Perfect Conditions"  I would have never expected to get a signal with this configuration
 The SNR was 21, hence not the best for a real link. Still: contact with no effort.

Test #2
Alfa AWUS036H + 9 dBi Antenna
As you can see, the antenna is a size up, but it's still an omnidirectional.
The number of contact point increased, as well as the SNR (Signal to Noise Ratio) (The higher the better)  We got between 21 to 27 dB SNR with the 9dBi @ 13,500 m 
A signal of 15-to 25 dB SNR would be about the equivalent of a "2 bar" : link is possible
Test #3

The Fresnel Zone dictates that, based on a set of complex and boring laws of physics, if you are close to the ground, it ain't going to work well.  Hence, you need altitude.... 
Mr. Fresnel was right, proof is that you'll often find Telecommunication satellites in orbit, and rarely on the ground. 
As we are immensely wealthy, have little imagination, and never recycle or reuse,  and hate DYI, we came up with this Hyper-High-Tech-WIFI-Tower:  An aluminum pole with some tape.
All you need after that are few nice assistants to hold the pole. 
Thanks to the Wifettes for the help :-)
Then we got 3 contacts @ SNR 32dB.  That's equivalent to 3 bar
One thing to mention: Distance= 15.4km / 9.8miles :-)))
The Card was on a USB ACTIVE extension, length 5m.  Doing the same on Coaxial cable would have almost "ruined" the test.  @ 5 meters and above, an Active USB is beginning to be mandatory. 

Test #4
This time, we used a Cantenna, it's a directional Antenna, (beam ~30 degrees ) and attached to it , a Tube-U (G). 
The Tube-U is an Outdoor Waterproof version of the Alfa AWUS036H.  The difference resides mainly in N-Connector and the Waterproofing. The design is made to be used for the outside, On RV's , Boats, of simply left outside.  
The N-Connector allows to plug bigger antenna or to use Coaxial cable.  
I don't like Coaxial cables: They are expensive and generate losses of signal. You'd rather buy a 20meters long Active USB than a Low-Loss Coaxial.  As for the Ultra-Low-Loss...pffff. 
In this pic you see that we plugged the Tube-U directly to the Cantenna. 
This Cantenna was purchased at a yard sale for $3.  In my opinion, it's worth less.  

 After aiming at the target for a while, we got the following results: 
As you can see , EnGenius 1-2-3 dropped from 32dB to 26.5dB
dB (decibel) are ....logarithmic. Going from 32dB to 26dB is a downgrade by a factor of 4. 
We were not able to test the Tube-U with the 9dBi Dipole as the we were missing a Gozinta. (Connector. Please don't Google "Gozinta" )  So I can't blame the Cantenna for sure, but I'll keep an eye on it.  In any case, I would not recommend a Cantenna:  I can achieve the same result with a disposable aluminum pan, and the Cantenna size is only working for a specific frequency. You would need a different one on a 802.11 /n. 
If you need a directional Antenna , go with a Flat Panel, a Yagi, or even better, a Parabolic.  
As soon as I have the right connector, or the right antenna to fit the Tube-U, I'll post an update.
For you guys, I'll even try with the cover of my barbecue: I would not be surprised if it could beat the Cantenna.

WIFI 101 for Dummies, or how to extend your WIFI coverage

RF   Radio Frequencies
Another very simple subject... 
A WIFI is basically a two way radio adapted for computers. 
 That was the "Radio" part.  Now comes "Frequencies"

2.4 GHz or 5GHz?  
Well, 5GHz of course, because the higher the better, no? 
- Nope! 
- It's a trade off between speed and distance:  The lowest the frequency, the greater the distance.  The higher the frequency, the greater the amount of information you can carry (speed), but the lower the distance.
When you put that into numbers, the results are the following: 
For a theoretical setting using the same parameters,  Theoretical Distance Achievable:
1220 MHz   30,800 m
2440 MHz   15,400 m
5000 MHz     7,500 m

The 2.4 GHz /g band has 14 channels, 22 MHz wide, each separated by 5MHz, but Ch14 who is separated by 12MHz.   
Wait!  that's not possible!  only if they overlap! 
Yes, they do overlap.  A little drawing will help ...
Only Ch 1, 6 and 11 do not overlap, that's why they are less likely to have "noise" or "pollution"  But as they the most used, well.... they can be "noisy"
When 10 of your neighbors are using the same #6 channel, it's a bit like have 10 people having a -different- conversation in the same room: The noise pollution increases and you start to have issues hearing correctly. 

Fresnel Zone
The Fresnel Zone dictates that, based on a set of complex and boring laws of physics, if you are close to the ground, it ain't going to work well.  Hence, you need altitude.... and Mr. Fresnel was right, proof is that you'll often find Telecommunication satellites in orbit, and rarely on the ground.  
One of the best way to clarify the Fresnel Zone is for you to imagine that your WIFI,  both transmitter (Tx) and receiver (Rx) are light bulbs: If too close to the ground or next to an obstacle, the light is going to rebound or being absorbed. 
The further away, the greater the height (altitude) is needed for a good Tx & Rx. 


Source unknown


dBm for Dummies:
dBm ( decibels relative to isotropic radiator) is the gain of an antenna.  It is also logarithmic.  Hence a gain of 3dBm is equivalent to doubling the power, 6dBm quadrupling it, as well,  it is also valid for a loss:  3dBm loss and you lose 50%. 
The power of a device and its antenna are nowadays often expressed in mW (milliwatts)  This purpose is purely marketing oriented: claiming a gain from 33dBm to 36dBm does not have the same "marketing impact" as saying 1000mW to 2000mW.   

Please note that you have to add the antenna gain to those values. 
The legal limit values are theoretically including the antenna gain

36 dBm     4.00 Watts     <-- Maximum EIRP* allowed by FCC in U.S.
33 dBm     2.00 Watts     <-- Tx  Alfa AWUS036NHR and AWUS036NH
30 dBm     1.00 Watts     <-- Tx  Alfa AWUS036H   1000mW version
27 dBm     500 mW         <-- Tx  Alfa AWUS036H   500mW version
26 dBm     400 mW    
25 dBm     320 mW     
21 dBm     130 mW    
20 dBm     100 mW        <-- Maximum EIRP* allowed by E.T.S.I. In Europe.
                                            Apple Airport Extreme Nominal Output
15 dBm     32 mW    
10 dBm     10 mW     
1 dBm       1.3 mW    
0 dBm       1.0 mW    
-1 dBm      0.8 mW     
-10 dBm    0.1 mW    
-20 dBm    0.01 mW     
-40 dBm    0.0001 mW     
-60 dBm    0.000001 mW    
-70 dBm    0.0000001 mW    
-80 dBm    0.00000001 mW        <-- Receive threshold for most WLAN devices
-91 dBm    0.00000000080 mW  <-- Min  Rx  Alfa AWUS036H
-92 dBm    0.00000000063 mW  <-- Min  Rx  Alfa AWUS036NH
-96 dBm    0.00000000025 mW  <-- Min Rx  Alfa AWUS036NHR

* EIRP = Effective Isotropic Radiated Power

Hence,  as per the specs, an Alfa AWUS036NHR / AWUS036NH has up to 20x times the transmit power of an Apple Airport Extreme, the Alfa AWUS036H up to 10x times. 
The sensitivity of both the H, NH and NHR are really impressive 
For the sensitivity, (Rx) the lower the dBm, the better.  

WIFI Distance Calculator

Rainbow Tables

As of June 9, 2016  we are no longer accepting Paypal
We will update this page and change the payment methods.
if you have any question, drop us an email at kismac.x at gmail dot com

Thank you for you patience.

Rainbow Tables / Precomputed Tables
Rainbow Tables are precomputed tables that allow you to attempt to crack a WPA key at Astonishing Speed:

39,847,344 PMK/ Second  (Pairwise Master Key)

Pyrit-CUDA + Precomputed Tables         39,847,344 PMKs/S  (Instant Reading)
Pyrit-CUDA + Precomputed Tables           1,576,213 PMKs/S  (Averaged)
Pyrit-CUDA                                                    ~ 2,700 PMKs/S  
Aircrack-ng 1.1                                               ~ 1,500 PMKs/S 
KisMAC 0.3.3                                                   ~ 600  PMKs/S

In Short:
What I do in 10 sec with Precomputed tables,  you'll it do in 18 hours on Aircrack-ng and 40 hours on KisMAC, Or about  2.75 million % Faster than Aircrack-ng

Precomputed Tables, Rainbow Tables, Space-Time Trade Off :  FYI, It's the same thing!

Why Rainbow Tables? 
Rainbow Tables are "pre-chewed" Pairwise Master Key (4096 Rounds of SHA-1 per PSWD), hence you just have to "compare" Vs. recalculating everything, everytime, for each password tested.   
The example above shows a speed of almost 40 millions Pairwise Master Keys per Second
In simple terms, this is 2.5 millions times faster than KisMAC.

With the Precomputed Rainbow Tables & Pyrit you can:
- Crack a WPA at least 110,000% faster than with Aircrack-ng
- Add Passwords to an existing Table without having to re-compute the entire database of Precomputed PMKs
- Add or Delete ESSID's  in few seconds
- Import unique passwords, ensuring no duplicates
- Create your own and add new passwords
- Re-compute newly added SSID's or Passwords without re-computing everything.

Premium Pyrit CUDA Precomputed WPA Tables

What's included? 
-  A Set of Precomputed Tables ~16,000,000 Passwords From the Master Passwords Attack Dictionary precomputed for the most used 10 SSIDs,    That's about 3.5 GB of data  ( We have a limit on how much we can put on Dropbox and how much you can download per day)

Premium Pyrit CUDA precomputed Tables:  $ 24.99  $14.99

Premium Pyrit Rainbow Table + Crackium Suite
- All of the above plus the Crackium Suite
- about 1 billion passwords, and the ways to turn that into 400 billions if you want to.
A $38 value for $24.99  

  • A "How-To" to expand , modify and tweak your Wordlists
  • Monster Dictionary, a statistical compilation of 50+ passwords heist:  220M passwords
  • Monster lite, for WPA, John The Ripper, Aircrack, KisMAC, HashCat and Crowbar
  • MasterPasswords  Version 7.99  ~25 millions real passwords, plus variations of the most used.
  • All numbers 8ch long  100,000,000 Pwsd. 
  • Ilove.txt    over 1 million most used first name with 22 permutations of  “I love you”  i.e  iluv, ILove, etc    25,523,113 Pwsd
  • A full set of signs !@#$%^&* , 8 ch long , 214,358,888 passwords
  • A full set of SSN #  000-00-0000 to 099-99-9999, modifiable:  100,000,000 Pwsd.
  • A set of most used First names, sorted by occurrence (most used first) 4,347,600 Pwsd
  • A set of most used Last names, sorted by occurrence (most used first) 5,369,400 Pwsd
  • A set of the most used Fnames and Lnames, formatted lower, Proper, UPPER. 
  • A full set of phone numbers,   pre-made to easily create your own list in minutes:  1 Format   (XXX) 00-0000 to (XXX) 99-9999      8,960,000 Pwsd + 1 Format    XXX 00-0000 to  XXX 99-9999         8,960,000 Pwsd +  1 file with all phone numbers, all areas for NY (NYPH.txt)  116,480,011 Pwsd,  modifiable to all areas.
With  the How-To PDF,  you can create all formats needed with all correct prefixes for your area.
Note: This is 2 different downloads, one download for the Precomputed Tables, One Download for the Crakium Suite. 

Why use Precomputed Tables? 
Bruteforcing a WPA is a long process: Each time you perform an attack you re-compute the same pairwise mater keys over and over again; in simple terms, you rebuild the entire house each time you ring the bell.
Attacking WPA by brute-force is pushing the equivalent 1 megabyte of data per PMK trough the CPU.
1500 PMKs/second  is equivalent of hashing 1,572,864,000 bytes per seconds. And you wondered why the CPU was churning @ 100% capacity?  That's 1.46 GB per second.... on a DualCore...
With Precomputed Tables, all the tedious work has been done before, now you're feeding "pure" pre-hashed data... that's like Turbo Warp Mode:  10 Seconds to go trough 15 million passwords instead of 18 hrs.
An UberGeek has linked 16 GeForce 8800 GT and reached about 749 Gigabit of data processed every second. The speed on non-precomputed tables ("regular crack") was 89,300PMK/S, hence we can estimate a speed of about 100,000,000 PMKs/s on precomputed tables

Cracking Speed Achievable (Sustained & Averaged)
 -  Dual Core 2.5 GhZ + Nvidia GeForce  8600M GT + Precomputed Tables
1,500,000 PMKs/S    ( about 110000% faster than Aircrack )
- Quad Core 2.5 GhZ + Nvidia GeForce  GeForce GT 330M + Precomputed Tables
 2,750,000 PMKs/S

Cracking Speed Achievable (Instant Reading)
-  Dual Core 2.5 GhZ + Nvidia GeForce  8600M GT + Precomputed Tables
 39,847,344 PMKs/S  ( about 2,500,000% faster than Aircrack )
 - Quad Core 2.5 GhZ + Nvidia GeForce  GeForce GT 330M + Precomputed Tables
 53,662,947 PMKs/S  

You NEED Pyrit or Pyrit-CUDA to achieve those speeds, You can install Pyrit (free) as explained here:

Pyrit-CUDA will consume 100% of your resources, don't attempt to surf the web or play a game while running Pyrit-CUDA, Nevertheless: As the running speed of Pyrit CUDA on Precomputed Tables is so short, you should not have to wait more than 5 minutes for an answer.

Alfa Drivers For Mac

Alfa AWUS036H    

- The 036H is an excellent card, great sensitivity with a great power.
- Can be also used with KisMAC from OSX 10.5 to OSX 10.8.  Please not that you'll need KisMAC R407 to use it on 64 bit.  
- Multi Antenna 
- Can capture a signal at up to 15km 
- The Realtek Driver is no longer supported after 10.6.8

A test/benchmark of this card is available here, including test on long range WIFI. 

Mac Drivers Download for the Alfa AWUS036H

15km / 9.4 miles Alfa 036H + 9 dbi antenna