When the bell arrived in Philadelphia in 1752, it cracked on its first test strike. Two local craftsmen, John Pass and John Stow, twice cast a new bell using metal from the cracked English bell. They also added more copper, to make the bell less brittle, and silver, to sweeten its tone. The recast behemoth weighed in at 2,000 pounds: 70 percent copper, 25 percent tin, and a scattering of lead, zinc, gold, silver, and arsenic.
There s no one widely accepted story for how the recast bell got its now-famous crack. One account asserts that the bell fractured during Revolutionary War hero Marquis de Lafayette s visit to the City of Brotherly Love in 1824. Another insists that it cracked while tolling a fire warning later that year. Craftsmen tried to prevent further damage by boring out hairline cracks on the bell, keeping them from expanding dangerously.
Two legends about the Liberty Bell s infamous fracture remain the most popular: one contends that the bell cracked during the 1835 funeral of Chief Justice John Marshall, though it may not be historically true Philly newspaper stories about the funeral don t mention the bell ringing.
The cause that stuck at least according to official city reports was that the Liberty Bell was irreparably damaged in 1846, when Philadelphia mayor John Swift ordered the bell rung to commemorate George Washington s birthday. The bell had been repaired earlier that year when a thin crack started throwing off the sound of the bell, but after it cracked again, it hasn t been rung since.
The old Independence Bell rang its last clear note on Monday last in honor of the birthday of Washington and now hangs in the great city steeple irreparably cracked and dumb. It had been cracked before but was set in order of that day by having the edges of the fracture filed so as not to vibrate against each other It gave out clear notes and loud, and appeared to be in excellent condition until noon, when it received a sort of compound fracture in a zig-zag direction through one of its sides which put it completely out of tune and left it a mere wreck of what it was.
Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you re not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right. Knowing, as you might, how easy it is to crack a WEP password, you probably secure your network using the more bulletproof WPA security protocol.
Here s the bad news: A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers current passwords with relative ease. Here s how to crack a WPA or WPA2 password, step by step, with Reaver and how to protect your network against Reaver attacks.
In the first section of this post, I ll walk through the steps required to crack a WPA password using Reaver. You can follow along with either the video or the text below. After that, I ll explain how Reaver works, and what you can do to protect your network against Reaver attacks.
The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that s filled to the brim with network testing tools, and while it s not strictly required to use Reaver, it s the easiest approach for most users. Download the Live DVD from BackTrack s download page and burn it to a DVD. You can alternately download a virtual machine image if you re using VMware, but if you don t know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R3 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU if you don t know which you have, 32 is a safe bet, ISO for image, and then download the ISO.A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn t have a full compatibility list, so no guarantees. You ll also need a DVD drive, since that s how you ll boot into BackTrack. I used a six-year-old MacBook Pro.A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I ll explain in more detail in the How Reaver Works section how WPS creates the security hole that makes WPA cracking possible.A little patience. This is a 4-step process, and while it s not terribly difficult to crack a WPA password with Reaver, it s a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.
In order to use Reaver, you need to get your wireless card s interface name, the BSSID of the router you re attempting to crack the BSSID is a unique series of letters and numbers that identifies a router, and you need to make sure your wireless card is in monitor mode. So let s do all that.
Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you re attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:
When you see the network you want, press Ctrl C to stop the list from refreshing, then copy that network s BSSID it s the series of letters, numbers, and colons on the far left. The network should have WPA or WPA2 listed under the ENC column. If it s WEP, use our previous guide to cracking WEP passwords.
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver s cracking has completed, it ll look like this:
A few important factors to consider: Reaver worked exactly as advertised in my test, but it won t necessarily work on all routers see more below. Also, the router you re cracking needs to have a relatively strong signal, so if you re hardly in range of a router, you ll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.
Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS or, even better, if your router doesn t support it in the first place. Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router s settings, Reaver was still able to crack his password.
I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there s yet another reason to love the free router-booster. If that s got you interested in DD-WRT, check their supported devices list to see if your router s supported. It s a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your 60 router into a 600 router.
Reddit user jagermo who I also spoke with briefly while researching Reaver has created a public spreadsheat intended to build a list of vulnerable devices so you can check to see if your router is susceptible to a Reaver crack.
This tutorial walks you through cracking WPA/WPA2 networks which use pre-shared keys. I recommend you do some background reading to better understand what WPA/WPA2 is. The Wiki links page has a WPA/WPA2 section. The best document describing WPA is Wi-Fi Security - WEP, WPA and WPA2. This is the link to download the PDF directly. The WPA Packet Capture Explained tutorial is a companion to this tutorial.
WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, don t bother trying to crack it.
There is another important difference between cracking WPA/WPA2 and WEP. This is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. That is, because the key is not static, so collecting IVs like when cracking WEP encryption, does not speed up the attack. The only thing that does give the information to start an attack is the handshake between client and AP. Handshaking is done when the client connects to the network.
Although not absolutely true, for the purposes of this tutorial, consider it true. Since the pre-shared key can be from 8 to 63 characters in length, it effectively becomes impossible to crack the pre-shared key.
The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols.
This can be done either actively or passively. Actively means you will accelerate the process by deauthenticating an existing wireless client. Passively means you simply wait for a wireless client to authenticate to the WPA/WPA2 network. The advantage of passive is that you don t actually need injection capability and thus the Windows version of aircrack-ng can be used.
The presence of a phy0 tag at the end of the driver name is an indicator for mac80211, so the Broadcom card is using a mac80211 driver. Note that mac80211 is supported only since aircrack-ng v1.0-rc1, and it won t work with v0.9.1. 153554b96e