#121227 - _JSR_ - Sat Mar 10, 2007 5:04 pm
Aireplay NDS *Early Build*
by JSR
Notes :
------------------------------------
Aireplay is a Wifi Packet injection software, well known for Wifi Hacking.
I decided to port it to NDS as most of the new Wifi Chipset allow only Packet Capture and Aireplay is only available on Linux. Having a mobile wifi hacking solution is also a good idea...
In this build, the only activated function is the Broadcast Deauthentification module which allow to deauthenticate every user connected to a specific Access Point. It's useful for capturing ARP Request or flooding the wifi trafic.
*SPECIAL NOTES*
Most of Aireplay Linux functions are ported but not included. The NDS Wifi Driver allow only capture of packet sended at 1/2mbit rate. As all the function, unless the one included in this build, require capturing some packet from client side, you can't use them as the Client send them at over 2mbit rate(11mbit...).
I have no solution for this problem. If you have an idea/solution to set/slowdown the traffic rate to 2mbit, send me an email here : jsr(.)exp(@)gmail(.)com.
I will implement your solution and release a full build.
Usage :
------------------------------------
AireplayNDS_EarlyBuild.nds for NDS Cart (Slot-1)
AireplayNDS_EarlyBuild.ds.gba for GBA Cart (Slot-2)
Thanks to :
------------------------------------
Sgstair and Liranuna for their support.
M3 Team and DS-X Team for their homebrew contribution.
Link :
here
Update : WifiLib updated to 0.3d (Now working with new DS Lite)
#121230 - Dan2552 - Sat Mar 10, 2007 5:26 pm
_JSR_ wrote:
AireplayNDS_EarlyBuild.nds for NDS Cart (Slot-1)
AireplayNDS_EarlyBuild.ds.gba for GBA Cart (Slot-2)
.nds existed before Slot-1 cards existed, they're not just for slot-1 cards
#121231 - _JSR_ - Sat Mar 10, 2007 5:33 pm
Yeah i know, this explanation is just for usage.
#121239 - tepples - Sat Mar 10, 2007 7:05 pm
It's still more confusing than you intended. Likely complaint: "So what should I use with a GBA Movie Player (which fits in SLOT-2 and has GBA in its name)?" GBA Movie Player that isn't M3 uses .nds.
#121247 - pas - Sat Mar 10, 2007 8:01 pm
@_JSR_: About your implementing problem:
1. Long time ago I heard tht the DS was locked down to 2 Mbits cause of the powerconsumption an 11 Mbit transfer rate would cause, so if this would be true, you could try to "unlock" it and then try to implement the other features.
2. Whats about this crazy idea ? :
Send so much packages to the AP until the trafic is that high so you can use that other tools you currently don?t have implemented.
Sorryif these "Ideas" are totally nonsense, I just thought it "might maybe" help...
Greets:
Pas
#121265 - _JSR_ - Sat Mar 10, 2007 9:59 pm
Thanks for the idea pas. I already tried a flooding test to see if the rate would lower (or stay at a lower rate). But it never happen with an NDS :(.
I have no idea if the nds wifi rate is unlockable... sgstair didn't say something like that so it's unlikely possible.
#121295 - HyperHacker - Sun Mar 11, 2007 9:14 am
Well this is cool, but what's with the interface? It's just asking me to enter an AP number, without listing which AP is which.
#121298 - _JSR_ - Sun Mar 11, 2007 9:40 am
Oh ok, it's not clear. When you see the (growing) number of AP present in the area, this number also corresponds to the specific AP listed at the same moment.
#121432 - Oliv5400 - Mon Mar 12, 2007 12:19 pm
It dont work on my DS Lite : wifi chipset pb ?
#121435 - jester - Mon Mar 12, 2007 12:55 pm
What possiblities can this program produce? Wifi Tunneling?
#121439 - pas - Mon Mar 12, 2007 2:18 pm
@_JSR_: I got a new Idea:
Saving an ammount of the packages the AP sended out/responded to the CF/SD (DLDI compatible of course ^^ ) Card and then check them afterwards to be able to crack/hack things as we like.
Is this understandable English ?
@Jester:
Sorry Mate, but what are you talking about ? This is a Wifi Package INJECTION Hack Software which currently can only flood networks... tunneling is something VERY different .
#121456 - jester - Mon Mar 12, 2007 3:22 pm
oh i see what thanks but what can flooding networks do?
#121516 - pas - Mon Mar 12, 2007 9:54 pm
Flooding networks is good for being able to start a hacker attack e.g. get the trafic high and then crack the WEP / WPA Key using the responded packages.
Thats atleast the way I think it works ^^ .
@_JSR_: Couldn?t you just port Aircrack, Kismet and Airdump instead of this or do they have the same limitations ?
#121593 - _JSR_ - Tue Mar 13, 2007 10:04 am
Thank you for your interest :)
Saving an ammount of the packages the AP sended out/responded to the CF/SD (DLDI compatible of course ^^ ) Card and then check them afterwards to be able to crack/hack things as we like.
This is what i want to do when my program is able to capture data sended by various client at over 2mbit/s
All wifi capture program that can be ported on NDS are stuck with this problem.
Porting Aircrack is useless as the NDS cpu is too slow for things like that and you can use a computer for it instead.
I hope someone have the magical fix for this problem. Because when i got it, we could have a complete solution for wifi hacking !
#121594 - HyperHacker - Tue Mar 13, 2007 10:07 am
Speaking of wifi, is the DS capable of WPA?
#121608 - pas - Tue Mar 13, 2007 2:43 pm
@HyperHacker:
Normally the DS only supports WEP, but there is a guy around which claims to have a DS firmwarepatch to fix this "issue":
http://geekboy.ca/wifi/?cat=2
In his website he only posts a in that should work with Ez4, sadly I own just a Gbamp ;( .
I wished someonecould make a DLDI Version out of it...
@_JSR_: Hope this soon gets resolved, I?m really intrestet in this ^^ !
Say, what could Airplay do if someone woud "magically" fix this (whats about Infantile Paralyser or Chisihm ? Darkfader maybe aswell ?) ?
Greets:
Pas
_________________
Starcraft DS ?
#121643 - TheYak - Tue Mar 13, 2007 5:51 pm
From what I understand it doesn't have the processing power for WPA. Even if you could get it to work, wouldn't it be so slow in authenticating that it'd be implausible?
#121702 - m2pt5 - Wed Mar 14, 2007 2:57 am
On R4, this gets to "Debug-Print" and stops. Buttons do nothing, nor does touch screen.
_________________
Don't sign your posts, it's dumb.
#121722 - _JSR_ - Wed Mar 14, 2007 8:35 am
So with this magical fix, Aireplay NDS will become a useful app for speeding up the process of capturing data packet . But it still need a computer for capturing data packet and cracking.
After i will try to port Airodump and then we will have a stand-alone solution for wifi hacking.
Note : This build was made with wifi-lib 3b so it might not work on latest nds.
#121738 - Jonny9797 - Wed Mar 14, 2007 12:50 pm
I just had to sign up to say THANK YOU for working on this. I've hoping that someone with more skills than me would port one of the wifi hacking programs. I sincerely hope you continue development.
#121810 - pas - Thu Mar 15, 2007 12:16 am
I hope we will be able to use this WITHOUT PC one day.... That would make me happy ! This is nearly the most anticipated hombrew I can think of, so I hope you get it done !
_________________
Starcraft DS ?
#121861 - _JSR_ - Thu Mar 15, 2007 10:07 am
Don't worry, i'm continously looking for a solution.
In the same time, i have a side project that is going good : a NDS SIP (Phone) Client.
So i'm not loosing my time.
#121919 - pas - Thu Mar 15, 2007 6:29 pm
Wow !?! A Phone Client ? Did you already make a post about it somewhere ?
How does that Online Phone Client work ? And whats about the Costs ?
_________________
Starcraft DS ?
#121922 - _JSR_ - Thu Mar 15, 2007 6:52 pm
No, i didn't made any post about it.
I make test with the sip account that my isp offer. In my case, i can call for free 45 countries in the world. So it could be useful to have some sort of cellphone on nds.
I'm making my own sip lib from scratch so it will take some time as lib available are not lightweight (and "understandable" and "portable").
Last edited by _JSR_ on Thu Apr 26, 2007 3:44 pm; edited 1 time in total
#121965 - pas - Fri Mar 16, 2007 12:19 am
sounds good ! Be sure to inform us if you make progress with either AireplayDS or your Phone App.
_________________
Starcraft DS ?
#122651 - Jonny9797 - Tue Mar 20, 2007 11:42 pm
Any luck on finding anything? If there's anything I can do to help, let me know! :)
#122791 - quadomatic - Thu Mar 22, 2007 3:03 am
after i hit a to stop scanning it asks to choose Access Point number. How can I tell which access point is which?
#123012 - _JSR_ - Sat Mar 24, 2007 2:56 pm
No solution for the moment. I'm still looking for it...
#123847 - pas - Sat Mar 31, 2007 8:49 pm
@JSR: I saw that DS Blue:http://forum.gbadev.org/viewtopic.php?t=11233&highlight=dsblue
has a Wifi Packet Spy. Whats about using this, saving the packages on the card and then crack them from there without being connected to the AP anymore ?
_________________
Starcraft DS ?
#126784 - _JSR_ - Thu Apr 26, 2007 3:42 pm
Expect a new topic soon... (No comment about it, look at one of my post)
#128169 - darky_mtp - Wed May 09, 2007 8:58 am
Hello
| Code: |
AireplayNDS 'Early Build' by JRS
-----------Debug-Print----------
|
Nothing else.
The WiFi led is not blinking.
Is it normal ?
#128185 - _JSR_ - Wed May 09, 2007 2:15 pm
It's because i used an old version of the wifi lib (not working with new DS Lite). I will make a new build if you want.
#128193 - darky_mtp - Wed May 09, 2007 3:36 pm
Yes, please.
Thank you very much !
#128196 - _JSR_ - Wed May 09, 2007 4:04 pm
Updated :)
#128197 - Tikker - Wed May 09, 2007 4:11 pm
cool, I'm looking forward to checking this out. The SIP phone idea sounded really good too
crack an AP, then make some phone calls
#128198 - darky_mtp - Wed May 09, 2007 4:29 pm
It works !
What is the meaning of "Choose AP Number" since it is broadcasting ?
#128269 - 9th_Sage - Thu May 10, 2007 4:16 am
| pas wrote: |
@HyperHacker:
Normally the DS only supports WEP, but there is a guy around which claims to have a DS firmwarepatch to fix this "issue":
http://geekboy.ca/wifi/?cat=2 |
Is this possible? Has anyone tried this? I thought that the WFC Config app was a part of the games that needed it...hm, Loopy'd know for sure probably.
_________________
----
Now 10% more Old Man from Zelda 1 than ever before!
#128275 - dantheman - Thu May 10, 2007 6:39 am
Tepples confirmed that to be a fake, unfortunately.
#128327 - 9th_Sage - Thu May 10, 2007 5:30 pm
| dantheman wrote: |
| Tepples confirmed that to be a fake, unfortunately. |
Aah, I thought perhaps that was the case. It didn't really make any sense to me... I wonder if it actually does anything?
_________________
----
Now 10% more Old Man from Zelda 1 than ever before!
#128798 - Kamu - Tue May 15, 2007 10:56 am
Can this save packets to the file system, in an airsnort fashion?
#128809 - _JSR_ - Tue May 15, 2007 1:24 pm
There is only one function enabled (it's written ! it's because of the limitation of the nds wifi) : It's broadcast deauth so there is no need for capturing packet.
_________________
DSiP - VoIP for Nintendo DS Blog
#128838 - pas - Tue May 15, 2007 9:12 pm
why not save the packages in raw data ? on card ? then analyze. I don't get what interferes your from implementing this :( .
Too long wait to have a useable package count ?
_________________
Starcraft DS ?
#128870 - _JSR_ - Wed May 16, 2007 4:48 am
For the moment, i'm focusing on DSiP . Sorry guys.
But this summer, i will have a look at it.
_________________
DSiP - VoIP for Nintendo DS Blog
#128890 - pas - Wed May 16, 2007 2:54 pm
good luck with both projects their promising !
_________________
Starcraft DS ?
#131767 - Enira - Tue Jun 19, 2007 11:59 pm
Maybe an idea: Let the cracking be done by your computer.
Perhaps let aircrack-ng do all the work. (Altough I don't know how it handles its captured packet files)
So your app can flood and store the packages on the card and you can then use aircrack-ng.
#132397 - pas - Tue Jun 26, 2007 1:01 pm
I you need a PC for this, then whats the point of this anyway ? If you only got your DS then this would be useless.
It?s better to have it working without a PC, or with a php file stored on a server.
_________________
Starcraft DS ?
#138667 - RenegadeXwarS - Mon Aug 27, 2007 3:37 pm
Wow, I cant believe suach a program like this even exist!
_________________
Im Lovin' It