The highest form of ignorance is when you reject something you don't know anything about.

Wayne Dyer (b 1940)

Long Range WIFI

Long Range WIFI

If you are the type to use your laptop within 3 inches of your router, this article is not for you.  On the other hand, if you want a better connection anywhere in the house, or from house to house, or even for RV's, Boating, Camping, Trekking, then take a look: You are going to be surprised at what you can do for less than $50.  

After reading this article, never complain again that you have a "bad connection"  ;-)
So, before we start,   Take a quick look a this ...
Do you see the dot on the left of the horizon? 
 
This one....
How far is that?   Would you like to make a wild guess?

 
Yes, That one ... on the detail
3km? 5km? 8km?????
Well... 
That is 13.5 km away,  or about 8.4 miles  (44,352 ft)
And guess what?  This is one of the "shortest" long range we've measured!


Now that we have your attention .....

We can put that in perspective ....
The red line on the right: The 2 points are 9.58 miles apart, or 15.4 km
To add a little to the bragging rights,  this one is Out Of Line Of Sight and Out Of Fresnel Zone.
All data has been GPS/WiGle Verified. 
All of that, with out of the shelf products, stating at $35.   

Ready?
The specs:
Location
An fairly open location, on a hillside overlooking the city.  Please note the trees on the left and right, and what you can not see: Hills on the left and right, and continuing behind us. This gave us a ~60deg opening,  Not a 360.    
Elevation 344ft (104m)
The leftmost target is the Prudential Tower, max absolute elevation 755ft (230m) 
Top Of The Hub is the name of the restaurant ...on the top... 
The rightmost target is Logan Int'l Airport,  Altitude 13 ft (3.5m) 
The Gear
When you reach those distances, size starts to matter but we remained into the "low tech" 
We've made 2 tests, 7 days apart, and interchanged the material in order to avoid a NFTL moment (Neutrinos Faster Than Light) and tested up, down, left and right. 
- All the Tech lingo and tips are at the end.   Don't read it!  Because if you do, you'll learn that using the wrong cable can cut your performances by a factor of 10.

GPS
A GPS for the position, verified as well with Google Earth and WiGle 
The GPS is a USB GlobalSat, KisMAC compatible. And Waterproof ;-)

Antennas: 
Alfa 5 dBi Dipole
Alfa 9 dBi Dipole
Cantenna  (given for) 12dBi 
Magnetic mount (for Dipole Antenna)

USB 
regular USB and Active USB 16ft /5M

Cards
Alfa AWUS036H                   1000mW  802.11 b/g     (OSX 10.6)
Alfa AWUS036NH                 2000mW  802.11 b/g/n  (OSX 10.6)
Alfa AWUS036NHR              2000mW  802.11 b/g/n (OSX 10.7, 10.8)
Alfa Tube-U (G)  (Waterproof)    500mW  802.11 b/g      (OSX 10.6)
  
Test #1 
Alfa AWUS036H + 5 dBi Antenna 
We plugged the trusted Alfa AWUS036H and fired KisMAC, to our surprise, we got contacts!
the Alfa had a little 5 dBi antenna, and we were sitting on a table, with the wall in front of us:  Far away from "Perfect Conditions"  I would have never expected to get a signal with this configuration
 The SNR was 21, hence not the best for a real link. Still: contact with no effort.

Test #2
Alfa AWUS036H + 9 dBi Antenna
As you can see, the antenna is a size up, but it's still an omnidirectional.
The number of contact point increased, as well as the SNR (Signal to Noise Ratio) (The higher the better)  We got between 21 to 27 dB SNR with the 9dBi @ 13,500 m 
A signal of 15-to 25 dB SNR would be about the equivalent of a "2 bar" : link is possible
  
Test #3

The Fresnel Zone dictates that, based on a set of complex and boring laws of physics, if you are close to the ground, it ain't going to work well.  Hence, you need altitude.... 
Mr. Fresnel was right, proof is that you'll often find Telecommunication satellites in orbit, and rarely on the ground. 
As we are immensely wealthy, have little imagination, and never recycle or reuse,  and hate DYI, we came up with this Hyper-High-Tech-WIFI-Tower:  An aluminum pole with some tape.
All you need after that are few nice assistants to hold the pole. 
Thanks to the Wifettes for the help :-)
Then we got 3 contacts @ SNR 32dB.  That's equivalent to 3 bar
One thing to mention: Distance= 15.4km / 9.8miles :-)))
The Card was on a USB ACTIVE extension, length 5m.  Doing the same on Coaxial cable would have almost "ruined" the test.  @ 5 meters and above, an Active USB is beginning to be mandatory. 

Test #4
This time, we used a Cantenna, it's a directional Antenna, (beam ~30 degrees ) and attached to it , a Tube-U (G). 
The Tube-U is an Outdoor Waterproof version of the Alfa AWUS036H.  The difference resides mainly in N-Connector and the Waterproofing. The design is made to be used for the outside, On RV's , Boats, of simply left outside.  
The N-Connector allows to plug bigger antenna or to use Coaxial cable.  
I don't like Coaxial cables: They are expensive and generate losses of signal. You'd rather buy a 20meters long Active USB than a Low-Loss Coaxial.  As for the Ultra-Low-Loss...pffff. 
In this pic you see that we plugged the Tube-U directly to the Cantenna. 
This Cantenna was purchased at a yard sale for $3.  In my opinion, it's worth less.  

 After aiming at the target for a while, we got the following results: 
As you can see , EnGenius 1-2-3 dropped from 32dB to 26.5dB
dB (decibel) are ....logarithmic. Going from 32dB to 26dB is a downgrade by a factor of 4. 
We were not able to test the Tube-U with the 9dBi Dipole as the we were missing a Gozinta. (Connector. Please don't Google "Gozinta" )  So I can't blame the Cantenna for sure, but I'll keep an eye on it.  In any case, I would not recommend a Cantenna:  I can achieve the same result with a disposable aluminum pan, and the Cantenna size is only working for a specific frequency. You would need a different one on a 802.11 /n. 
If you need a directional Antenna , go with a Flat Panel, a Yagi, or even better, a Parabolic.  
As soon as I have the right connector, or the right antenna to fit the Tube-U, I'll post an update.
For you guys, I'll even try with the cover of my barbecue: I would not be surprised if it could beat the Cantenna.


WIFI 101 for Dummies, or how to extend your WIFI coverage

RF   Radio Frequencies
Another very simple subject... 
A WIFI is basically a two way radio adapted for computers. 
 That was the "Radio" part.  Now comes "Frequencies"

2.4 GHz or 5GHz?  
Well, 5GHz of course, because the higher the better, no? 
- Nope! 
- It's a trade off between speed and distance:  The lowest the frequency, the greater the distance.  The higher the frequency, the greater the amount of information you can carry (speed), but the lower the distance.
When you put that into numbers, the results are the following: 
For a theoretical setting using the same parameters,  Theoretical Distance Achievable:
1220 MHz   30,800 m
2440 MHz   15,400 m
5000 MHz     7,500 m

Channels  
The 2.4 GHz /g band has 14 channels, 22 MHz wide, each separated by 5MHz, but Ch14 who is separated by 12MHz.   
Wait!  that's not possible!  only if they overlap! 
Yes, they do overlap.  A little drawing will help ...
Only Ch 1, 6 and 11 do not overlap, that's why they are less likely to have "noise" or "pollution"  But as they the most used, well.... they can be "noisy"
When 10 of your neighbors are using the same #6 channel, it's a bit like have 10 people having a -different- conversation in the same room: The noise pollution increases and you start to have issues hearing correctly. 


Fresnel Zone
The Fresnel Zone dictates that, based on a set of complex and boring laws of physics, if you are close to the ground, it ain't going to work well.  Hence, you need altitude.... and Mr. Fresnel was right, proof is that you'll often find Telecommunication satellites in orbit, and rarely on the ground.  
One of the best way to clarify the Fresnel Zone is for you to imagine that your WIFI,  both transmitter (Tx) and receiver (Rx) are light bulbs: If too close to the ground or next to an obstacle, the light is going to rebound or being absorbed. 
The further away, the greater the height (altitude) is needed for a good Tx & Rx. 

 


Source unknown


Power

dBm for Dummies:
dBm ( decibels relative to isotropic radiator) is the gain of an antenna.  It is also logarithmic.  Hence a gain of 3dBm is equivalent to doubling the power, 6dBm quadrupling it, as well,  it is also valid for a loss:  3dBm loss and you lose 50%. 
The power of a device and its antenna are nowadays often expressed in mW (milliwatts)  This purpose is purely marketing oriented: claiming a gain from 33dBm to 36dBm does not have the same "marketing impact" as saying 1000mW to 2000mW.   



Please note that you have to add the antenna gain to those values. 
The legal limit values are theoretically including the antenna gain


36 dBm     4.00 Watts     <-- Maximum EIRP* allowed by FCC in U.S.
33 dBm     2.00 Watts     <-- Tx  Alfa AWUS036NHR and AWUS036NH
30 dBm     1.00 Watts     <-- Tx  Alfa AWUS036H   1000mW version
27 dBm     500 mW         <-- Tx  Alfa AWUS036H   500mW version
26 dBm     400 mW    
25 dBm     320 mW     
21 dBm     130 mW    
20 dBm     100 mW        <-- Maximum EIRP* allowed by E.T.S.I. In Europe.
                                            Apple Airport Extreme Nominal Output
15 dBm     32 mW    
10 dBm     10 mW     
1 dBm       1.3 mW    
0 dBm       1.0 mW    
-1 dBm      0.8 mW     
-10 dBm    0.1 mW    
-20 dBm    0.01 mW     
-40 dBm    0.0001 mW     
-60 dBm    0.000001 mW    
-70 dBm    0.0000001 mW    
-80 dBm    0.00000001 mW        <-- Receive threshold for most WLAN devices
-91 dBm    0.00000000080 mW  <-- Min  Rx  Alfa AWUS036H
-92 dBm    0.00000000063 mW  <-- Min  Rx  Alfa AWUS036NH
-96 dBm    0.00000000025 mW  <-- Min Rx  Alfa AWUS036NHR

* EIRP = Effective Isotropic Radiated Power

Hence,  as per the specs, an Alfa AWUS036NHR / AWUS036NH has up to 20x times the transmit power of an Apple Airport Extreme, the Alfa AWUS036H up to 10x times. 
The sensitivity of both the H, NH and NHR are really impressive 
For the sensitivity, (Rx) the lower the dBm, the better.  


WIFI Distance Calculator
http://www.afar.net/rf-link-budget-calculator/

http://www.afar.net/fresnel-zone-calculator/

Rainbow Tables

READ THIS:
As of June 9, 2016  we are no longer accepting Paypal
We will update this page and change the payment methods.
if you have any question, drop us an email at kismac.x at gmail dot com

Thank you for you patience.

Rainbow Tables / Precomputed Tables
Rainbow Tables are precomputed tables that allow you to attempt to crack a WPA key at Astonishing Speed:


39,847,344 PMK/ Second  (Pairwise Master Key)

Pyrit-CUDA + Precomputed Tables         39,847,344 PMKs/S  (Instant Reading)
Pyrit-CUDA + Precomputed Tables           1,576,213 PMKs/S  (Averaged)
Pyrit-CUDA                                                    ~ 2,700 PMKs/S  
Aircrack-ng 1.1                                               ~ 1,500 PMKs/S 
KisMAC 0.3.3                                                   ~ 600  PMKs/S

In Short:
What I do in 10 sec with Precomputed tables,  you'll it do in 18 hours on Aircrack-ng and 40 hours on KisMAC, Or about  2.75 million % Faster than Aircrack-ng

Precomputed Tables, Rainbow Tables, Space-Time Trade Off :  FYI, It's the same thing!


Why Rainbow Tables? 
Rainbow Tables are "pre-chewed" Pairwise Master Key (4096 Rounds of SHA-1 per PSWD), hence you just have to "compare" Vs. recalculating everything, everytime, for each password tested.   
The example above shows a speed of almost 40 millions Pairwise Master Keys per Second
In simple terms, this is 2.5 millions times faster than KisMAC.









With the Precomputed Rainbow Tables & Pyrit you can:
- Crack a WPA at least 110,000% faster than with Aircrack-ng
- Add Passwords to an existing Table without having to re-compute the entire database of Precomputed PMKs
- Add or Delete ESSID's  in few seconds
- Import unique passwords, ensuring no duplicates
- Create your own and add new passwords
- Re-compute newly added SSID's or Passwords without re-computing everything.

Premium Pyrit CUDA Precomputed WPA Tables

What's included? 
-  A Set of Precomputed Tables ~16,000,000 Passwords From the Master Passwords Attack Dictionary precomputed for the most used 10 SSIDs,    That's about 3.5 GB of data  ( We have a limit on how much we can put on Dropbox and how much you can download per day)

Premium Pyrit CUDA precomputed Tables:  $ 24.99  $14.99


Premium Pyrit Rainbow Table + Crackium Suite
- All of the above plus the Crackium Suite
- about 1 billion passwords, and the ways to turn that into 400 billions if you want to.
A $38 value for $24.99  


 Includes:
  • A "How-To" to expand , modify and tweak your Wordlists
  • Monster Dictionary, a statistical compilation of 50+ passwords heist:  220M passwords
  • Monster lite, for WPA, John The Ripper, Aircrack, KisMAC, HashCat and Crowbar
  • MasterPasswords  Version 7.99  ~25 millions real passwords, plus variations of the most used.
  • All numbers 8ch long  100,000,000 Pwsd. 
  • Ilove.txt    over 1 million most used first name with 22 permutations of  “I love you”  i.e  iluv, ILove, etc    25,523,113 Pwsd
  • A full set of signs !@#$%^&* , 8 ch long , 214,358,888 passwords
  • A full set of SSN #  000-00-0000 to 099-99-9999, modifiable:  100,000,000 Pwsd.
  • A set of most used First names, sorted by occurrence (most used first) 4,347,600 Pwsd
  • A set of most used Last names, sorted by occurrence (most used first) 5,369,400 Pwsd
  • A set of the most used Fnames and Lnames, formatted lower, Proper, UPPER. 
  • A full set of phone numbers,   pre-made to easily create your own list in minutes:  1 Format   (XXX) 00-0000 to (XXX) 99-9999      8,960,000 Pwsd + 1 Format    XXX 00-0000 to  XXX 99-9999         8,960,000 Pwsd +  1 file with all phone numbers, all areas for NY (NYPH.txt)  116,480,011 Pwsd,  modifiable to all areas.
With  the How-To PDF,  you can create all formats needed with all correct prefixes for your area.
Note: This is 2 different downloads, one download for the Precomputed Tables, One Download for the Crakium Suite. 


Why use Precomputed Tables? 
Bruteforcing a WPA is a long process: Each time you perform an attack you re-compute the same pairwise mater keys over and over again; in simple terms, you rebuild the entire house each time you ring the bell.
Attacking WPA by brute-force is pushing the equivalent 1 megabyte of data per PMK trough the CPU.
1500 PMKs/second  is equivalent of hashing 1,572,864,000 bytes per seconds. And you wondered why the CPU was churning @ 100% capacity?  That's 1.46 GB per second.... on a DualCore...
With Precomputed Tables, all the tedious work has been done before, now you're feeding "pure" pre-hashed data... that's like Turbo Warp Mode:  10 Seconds to go trough 15 million passwords instead of 18 hrs.
An UberGeek has linked 16 GeForce 8800 GT and reached about 749 Gigabit of data processed every second. The speed on non-precomputed tables ("regular crack") was 89,300PMK/S, hence we can estimate a speed of about 100,000,000 PMKs/s on precomputed tables


FAQ & RFAQ
  
Cracking Speed Achievable (Sustained & Averaged)
 -  Dual Core 2.5 GhZ + Nvidia GeForce  8600M GT + Precomputed Tables
1,500,000 PMKs/S    ( about 110000% faster than Aircrack )
- Quad Core 2.5 GhZ + Nvidia GeForce  GeForce GT 330M + Precomputed Tables
 2,750,000 PMKs/S

Cracking Speed Achievable (Instant Reading)
-  Dual Core 2.5 GhZ + Nvidia GeForce  8600M GT + Precomputed Tables
 39,847,344 PMKs/S  ( about 2,500,000% faster than Aircrack )
 - Quad Core 2.5 GhZ + Nvidia GeForce  GeForce GT 330M + Precomputed Tables
 53,662,947 PMKs/S  

You NEED Pyrit or Pyrit-CUDA to achieve those speeds, You can install Pyrit (free) as explained here: http://easymactips.blogspot.com/2011/07/how-to-install-pyrit-cuda-on-mac.html

Pyrit-CUDA will consume 100% of your resources, don't attempt to surf the web or play a game while running Pyrit-CUDA, Nevertheless: As the running speed of Pyrit CUDA on Precomputed Tables is so short, you should not have to wait more than 5 minutes for an answer.





Alfa Drivers For Mac

Alfa AWUS036H    

Pro: 
- The 036H is an excellent card, great sensitivity with a great power.
- Can be also used with KisMAC from OSX 10.5 to OSX 10.8.  Please not that you'll need KisMAC R407 to use it on 64 bit.  
- Multi Antenna 
- Can capture a signal at up to 15km 
Con: 
- The Realtek Driver is no longer supported after 10.6.8

A test/benchmark of this card is available here, including test on long range WIFI. 

Mac Drivers Download for the Alfa AWUS036H

15km / 9.4 miles Alfa 036H + 9 dbi antenna
 

KisMAC and OS X Lion 10.7, The Solution

KisMAC and OS X Lion 10.7, The Solution
How To make KisMAC Work under OS X Lion

Update August 2012

KisMAC Trunk r407 has been released
This trunk fixes some of the issues with Lion 10.7+ and 10.8
Airport Passive Mode is still not working but you may/can use an USB adapter with it (WLAN)
this is a temporary fix and you use KisMAC r407 at your own risk(s)
Please report to Kismac-ng for any other info.
If you still need/want to use your Alfa 036h/Realtek without KisMAC, then keep on reading...


Apple has changed the API again, hence there will be a flotation time until KisMAC is truly updated for Lion.  In the mean time, if you have tried, you'll have probably noticed a freeze under Passive mode. 
Here is a solution to make KisMAC work under Lion without too much fuss. 
Before we go in highly technical details,  you can give us some luv on FB... yes, you can ... 


So, to make it work, you'll need either some serious Terminal capabilities or the Kali App
The (a) second solution, is to create a bootable USB as explained here:  You have paid for Snow Leopard, keeping a bootable copy on hand can be very useful , i.e you crash your Lion HDD and need to get some files or make a fix.   or use KisMAC ...


WARNING! 
Do NOT install the Drivers of the card (Realtek.app) unless you have the Kali App
If you install without Kali App,  the drivers will prevent KisMAC to be able to load its own. 

 

 Kali App.






*WLAN:  also know as USB cards, etc.  DO NOT buy any type or you'll be sorry.  You NEED a specific one.   The best one is here
Also, as a warning: eBay is full of knock off of this card, they look the same, but if you get one shipped "from the US by a Chinese vendor in HK" You will be sorry. By experience, I only recommend a few handful of vendors. Why?  Because I can connect one mile away. Yes, that's 1,6 km. 
You can also use the card as a second wifi, the signal compared to Airport is about 60% better.  Just that, it makes worth every cents of it.



Comments, The New Rules:
- Don't use "Anonymous" use "name/url"  instead. Even a fake name one will do.  If If you insist on using anonymous, you'll get a "Who are you?" for sole answer. 
- Check this page before asking!
- If your question has been asked before, it's probably answered.  if it has been answered before, you'll get the link above a second time.  If you do not wish to read or need personalized help, check the donate page or the KisMAC School.




.

How To Install Alfa AWUS036 NHR on Mac OS Lion 10.7

  Alfa AWUS036 NHR  Drivers for Mac OSX 10.7



This is going to be a very short post.....














Very simple...
Extremely simple ...

How To Install Alfa AWUS036NHR on Mac OS Lion 10.7?

Like that:

Alfa AWUS036NHR Mac Drivers For Lion 10.7


Voila!

That was easy, huh?

Now something more important:
The Realtek Uninstaller provided with this package does not close "sudo" after use.  As per Apple Dev. this could leave a security hole.  Close sudo by opening terminal and type "sudo -k".  -Without quotes, you silly!


.

How To Install Pyrit CUDA on Mac



Pyrit CUDA:  Release the Kraken!



How To Install Pyrit CUDA on a Mac







We hope that you have not landed here randomly, Pyrit CUDA is not for the faint of heart, But your patience will be rewarded.  Highly rewarded.

CUDA stands for Compute Unified Device Architecture. It uses or unleash the power of your GPU(s) to compute a bit faster things like .... WPA key Recovery.
Pyrit CUDA is not a magic bullet, it's just a much, much bigger caliber.

Why Pyrit CUDA?
On my "Old MBP", Pyrit CUDA is 45% faster than Aircrack-ng without a sweat,  If you have a "New Mac" with a much faster Graphic Card, you can expect 50-200% faster. 
45% means than instead of running for 10hrs, you'll do the job in 5.5hrs,  Some monsters claim 89,000 PMKs/S.  With a little tweak, you can go 300% faster, see example under "tips"

Pyrit also allows you to create database of pre-computed PMKs, also known as Rainbow Tables, and here, it starts to go really really really fast ...

Engage Warp Speed and Release The Kraken... 









There you have it!  

39,847,344 PMKs per second....
27,481 times faster than Aircrack-ng, or a 2,747,993% increase in speed
Yes, that's almost 2.75 million %
It simply means that, what you do in 18 hours, I'll do in about 10 seconds :)


Pyrit Precomputed Tables are here.


Back to the install ...

I went to Pyrit after finagling wayyyyy to much with Aircrack-CUDA.  Using Backtrack5 on VMware, Aircrack-CUDA was the straw that broke the camel back: The time needed for the install and fixing the issues was longer than trying Aircrack the regular way.  So, here is Pyrit, native on a Mac.
Pyrit also allows you to create database of pre-computed PMK, also known as Rainbow Tables, and here, it starts to go really fast ... 


How To Install Pyrit CUDA on a Mac, OSX 10.6.8
For OSX 10.7 Lion, almost the same, but read the help first

Prerequisite 
Xcode must be installed! 
To check, Open Terminal and type "gcc"
If the answer is as described below, you have Xcode installed. If Not,  >> App Store >> Xcode (free)






10.8 Mountain Lion  
Apple has, by default, removed the CLT, For Mountain Lion you must install the Command Line Tools
Preferences  -> Downloads -> Install command line tools


1)    Click  > About this Mac > More Info > Graphics/Display to check your Card model #
1a)  Verify that you have a CUDA supported graphic card, if not, you are good for trying Open CL
2)     Follow the steps exactly in the order they are mentioned.
3)     You need to have Admin Rights or the Admin Password
4)     You should be Terminal Savvy. If not read the tips at the end first 
5)     You need to type the commands verbatim.  A space too much and you're out ....
6)     You can click on the pictures to enlarge them. It could help....
7)     There is a list of warnings at the end, read them!
8)     Verify that you have verified the verifications

The full install takes about 30~45 min.

Ready?

Download,  in a easily accessible folder the following , do NOT install yet

Nvidia CUDA drivers for Mac:
http://developer.nvidia.com/cuda/cuda-downloads





Download 1 and 2

Select  "CUDA Toolkit" under Mac OS For Older Version (10.6.6 and under)

NOTE: 
If you have an "old" Nvidia card, try the "older version" first, you'll save a lot a space. 
the "old version" is half the size of the new one, and you can always upgrade later 


Libnet
http://libdnet.googlecode.com/files/libdnet-1.12.tgz
pylibpcap
http://dfn.dl.sourceforge.net/sourceforge/pylibpcap/pylibpcap-0.6.2.tar.gz  
Scapy
http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz

You should now,  have something looking like that:







Install  Nvidia Driver for Mac
Click on the DMG, etc ..

This install is going to take few minutes..

Install  Nvidia CUDA TOOLKIT for Mac
Click on the DMG, etc 














Install  Nvidia CUDA drivers for Mac
Click on the DMG, install, etc 
i.e:  cudadriver-5.0.17-macos.dmg




Open Terminal and start the installation of libnet
"Path to"  refers to the path to the file. i.e /Users/MyName/Downloads/
Example:
-->
tar -xzf  /Users/MyName/Downloads/libdnet-1.12.tgz

Instead of typing the full path by hand,  drag and drop the file into Terminal, that will save you some typing and errors

Install
-->
tar -xzf  “Path to” libdnet-1.12.tgz
cd libdnet-1.12
./configure
make
sudo make install
cd python
sudo python setup.py install

Now we install Pylibpcap 
-->
tar -xzf “Path to” pylibpcap-0.6.2.tar.gz
cd pylibpcap-0.6.2
sudo python setup.py install

Scapy Install
-->
tar -xzf "Path to" scapy-latest.tar.gz
cd scapy-2.1.0
sudo python setup.py install
 
* double check the "scapy latest" and scapy2.1.0  the names may have changed.



Now the prerequisites are done, we can go in the hearth of the subject.
From the Terminal Window, Download Pyrit
-->
svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit-read-only

Build and install Pyrit
-->
cd pyrit-read-only
cd pyrit
sudo python setup.py install


Last step, Pyrit CUDA
-->
cd ..
cd ..
cd pyrit-read-only
cd cpyrit_cuda
sudo LDFLAGS=-L/usr/local/cuda/lib python setup.py install
* cpyrit  not "pyrit"  cd cpyrit_cuda


Now we need to check if all of that was worth it
Check if Pyrit CUDA is working 
-->
pyrit list_cores



You should see a list of your cores and a list of your GPU(s)
Something like









Once done, let's Benchmark it and see if we can Release The Kraken
-->
pyrit benchmark











(Recommended)    Kill SUDO by typing   sudo -K   (yes, uppercase K )




*I have installed Pyrit on an old machine, the "good ones" are "reserved" for work. :-)
  Leave a comment either here or on FB with your Config and the Benchmark Results. 
 Who has a monster?



GTK, FAQ, RFAQ, TIPS, Help

GTK!  AKA "Good To Know"

Bruteforcing is time consuming, so you need to go as fast as possible, and also AS SMART AS POSSIBLE:   Bruteforcing in blind mode, aka starting @ "00000000" and going all the way up, trying each alphanumerical combination is just a pure waste of your (limited) time, you silly mortal, and your electricity bill will go up a bit.  Go smart, use a statistically sorted Attack Dictionary: Most used password first:  If the password to discover is "password" running an incremental attack will take you few months: The first set of numbers is 100,000,000 long, then for each set of letters, add 110,075,314,176. You have 24 sets, hence 2,641,807,540,224 passwords.  Then repeat with upper cap... then mingle all of that ... a0a0a0a0
Your brain has now stopped perceiving the true value of those numbers.  Mine too.
But that's not it! 
Mr. WPA is a tedious little man:  Each password has 4096 round of hash, salted with the BSSID.  It means in clear that your CPU/GPU will crunch about 1 Megabytes (byte, not bit) of data for each PMK (Pairwise Master Key)  , Each Password is "about" 4 PMK
2500 PMK/second and you'll have 2.44 Gigabytes of data being pushed trough per second...
The first set of numbers, 8ch long, will boils down to about a billion megabytes of data being crunched. 
So, Act like a ninja, and think like Einstein: Go smart!

Tips

If you are here, you should know it:  Don't play too much with the sudo command: it's an unforgiving command.  sudo does not give any warning,  sudo is "Das Terminator
Long paths
Avoid typing long path with spaces or weird names:
1) Download in a easily accessible folder
2) Type your command, i.e "tar -xzf" then drag the file from Finder to Terminal; the path will automagically appears correctly.
3) Use the arrow up to call back a previous command
4) copy and paste the command instead of re-typing them:
"cd cpyrit" just looks like "cd pyrit"  ( "C"pyrit )
(The first one that will comment about cd not working will get seriously flamed)

CUDA use 
When using Pyrit CUDA, quit all applications, including Anti-virus, Browser etc, I mean everything: Dropbox, Airport, etc. Anything that use a single %. Kill all processes but the vital ones: The performances will improve significantly.
For the best results, don't even use a screen saver:  quit everything and let the screen go black. Remember? CUDA is using your GPUs.  Following those tips you'll see the performance increasing  significantly:




We are now 279% (Two-hundred-seventy-nine ) faster than Aircrack-ng 1.1 and  600% faster than KisMAC 0.3.3 .  Yes, 600%.  But, that's not it!  Can you go faster than that?

Temperature:
If you crunch for hours, don't forget that  Pyrit CUDA will try to use 100% of your CPUs and 100% of your GPUs: The Temperature is going to go up a bit. If you have a laptop, I'll suggest to elevate it on the four corners and leave at least 1/2 inch of free space under. 

FAQ, RFAQ, SFQRFA

- My card is not supported!
  Bummer! check OpenCL
- How do you crack a WEP on Pyrit?
  You don't!  Pyrit is WPA only.
- kan't crack the pazwords!
  Probable Cause
- it doz not workz!
  Probable Cause
- It's not working on Windows
  Did you pass the test? (successfully?)
- I want to crack my girlfriend password
  Talk to those guys
- I overclocked my GPU and my computer shut down
  Told ya!  Try not to go over 200F / 93C.  If you insist, you may be able to fry an egg on your Mac, please send us the picture.  For a "runny-sunny side up" you can start at 66C.
- Please help
  It's just below. on more line...  

Pyrit help
For more help type "pyrit -h [command]"  i.e  "pyrit -h attack_ passtrough"

Highly recommended reading: 
http://pyrit.wordpress.com/
About Pyrit
http://pyrit.wordpress.com/about/

Pyrit on OSX Lion 10.7 
"Many people have problems compiling Pyrit on OSX Lion. The version of GCC distributed with the latest XCode no longer supports creating binary code for the PPC-architecture and Python’s setup.py does not know about that; you can get an error message like the following:"

assembler (/usr/bin/../libexec/gcc/darwin/ppc/as or /usr/bin/../local/libexec/gcc/darwin/ppc/as) for architecture ppc not installed

You can solve this situation by forcing GCC to only compile code for the i386- and the x86_64-architecture. To do this, put the following into your .bash_profile:

export ARCHFLAGS=”-arch i386 –arch x86_64”

Source: http://pyrit.wordpress.com/
Retrieved Aug 2, 2011

Pyrit Mountain Lion 10.8 + MBP Retina

Pyrit  CUDA_ERROR_OUT_OF_MEMORY
This Error seems specific to MBP's Retina and is easily solved by a single click.
Click To Enlarge

1) Open System Preference
2) Go to Energy Saver
3) box "Automatic Graphics Switching"
4) Uncheck the tick box











Many Thanks to Xander Clark for solving the issue and sharing with us.
Ditto to Christian T. for "Distant Lending" us his Beloved  MBP Retina while vacationing in Greece. ;)


Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Usage: pyrit [options] command

Recognized options:
  -b               : Filters AccessPoint by BSSID
  -e               : Filters AccessPoint by ESSID
  -h               : Print help for a certain command
  -i               : Filename for input ('-' is stdin)
  -o               : Filename for output ('-' is stdout)
  -r               : Packet capture source in pcap-format
  -u               : URL of the storage-system to use
  --all-handshakes : Use all handshakes instead of the best one

Recognized commands:
  analyze                 : Analyze a packet-capture file
  attack_batch            : Attack a handshake with PMKs/passwords from the db
  attack_cowpatty         : Attack a handshake with PMKs from a cowpatty-file
  attack_db               : Attack a handshake with PMKs from the db
  attack_passthrough      : Attack a handshake with passwords from a file
  batch                   : Batchprocess the database
  benchmark               : Determine performance of available cores
  benchmark_long          : Longer and more accurate version of benchmark (~10 minutes)
  check_db                : Check the database for errors
  create_essid            : Create a new ESSID
  delete_essid            : Delete a ESSID from the database
  eval                    : Count the available passwords and matching results
  export_cowpatty         : Export results to a new cowpatty file
  export_hashdb           : Export results to an airolib database
  export_passwords        : Export passwords to a file
  help                    : Print general help
  import_passwords        : Import passwords from a file-like source
  import_unique_passwords : Import unique passwords from a file-like source
  list_cores              : List available cores
  list_essids             : List all ESSIDs but don't count matching results
  passthrough             : Compute PMKs and write results to a file
  relay                   : Relay a storage-url via RPC
  selftest                : Test hardware to ensure it computes correct results
  serve                   : Serve local hardware to other Pyrit clients
  strip                   : Strip packet-capture files to the relevant packets
  stripLive               : Capture relevant packets from a live capture-source
  verify                  : Verify 10% of the results by recomputation

More help
http://code.google.com/p/pyrit/

Basic Command lines
  -->
pyrit  -h attack_passthrough
The -h option gives a more detailed help on an option, here help on "Attack_Passthrough" -h should be used profusely.

-->
pyrit benchmark
Does a Quick Benchmark

-->
pyrit benchmark_long
Does a long Benchmark

-->
pyrit -r test.pcap -b 00:de:ad:be:ef:00 -i words attack_passthrough
Regular attack on a specific ESSID via Dictionary

-->
pyrit -r test.pcap -b 00:de:ad:c0:de:00 -o passwd.txt attack_batch
  "Pairwise Master Keys that have been computed and stored in the
database previously are taken from there; all other passwords are
translated into their respective Pairwise Master Keys and added to
the database for later re-use. ESSIDs are created automatically in
the database if necessary." 
Note:  .PCAP, .CAP or Dumplogs are the same

Overclocking
You can overclock, but: 
As much as you will be tempted, let me remind you that if you have a laptop, things may get hot.  Really hot!  Even SMCFan Control may not be enough.
Frying your GPU will not be a good thing.  Overclock at your own risk(s) : Pyrit does not have a GPU watchdog

Little hidden gem:
because you've read so far, you deserve a little bonus:
Release the Kraken !

Comments:
Please read this before commenting


.


.