Cleven

(System Configuration Dialog)
(update of stable version)
 
(9 intermediate revisions not shown)
Line 1: Line 1:
 +
''NOTE: This page is currently being updated to reflect the latest stable version. Some information here might be out of date.
 +
 +
--[[User:saturn|saturn]] 19:05, 20 August 2012 (UTC)
 +
 +
----
 +
The Cleven application is a user interface to the aircrack-ng for the [[Nokia N900|N900]] device.  
The Cleven application is a user interface to the aircrack-ng for the [[Nokia N900|N900]] device.  
Line 30: Line 36:
In order to load the bleeding edge drivers it expects a kernel that can support it.  
In order to load the bleeding edge drivers it expects a kernel that can support it.  
-
The application on startup checks and reports possible inability of correct function if one of the following power kernels are not used:
+
The application on startup checks and reports possible inability of correct function if one of the following power kernels (KP) are not used:
* 46-wl1
* 46-wl1
Line 36: Line 42:
* 48 (unconfirmed; same issues with the drivers have been reported)
* 48 (unconfirmed; same issues with the drivers have been reported)
* 49
* 49
 +
* 50
 +
 +
Note: the version in [[extras-devel]] will check and expect KP51 or higher. Due to the large amount of changes in the latest KP series, the support of older versions has been dropped.
====Suggested====
====Suggested====
-
The application optionally supports the Reaver and Walsh implementations of the WPS attack.
+
The application optionally supports the Reaver and Wash implementations of the WPS attack.
Quote: ''Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in [http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf viehboeck_wps.pdf].''
Quote: ''Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in [http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf viehboeck_wps.pdf].''
Line 46: Line 55:
* reaver  
* reaver  
-
* walsh
+
* wash
 +
 
 +
(atm the support is for ''versions 1.4'' as of [http://code.google.com/p/reaver-wps/downloads/detail?name=reaver-1.4.tar.gz&can=2&q= reaver-wps]; read also the release changelog for additional info).
 +
 
-
(atm the support is for versions 1.4 as of [http://code.google.com/p/reaver-wps/downloads/detail?name=reaver-1.4.tar.gz&can=2&q= reaver-wps]; read also the release changelog for additional info).
+
'''INSTRUCTIONS''' for adding ''reaver'' and ''wash'' support in the application:
 +
Copy <code>reaver</code>, <code>reaven.db</code> and <code>wash</code> binaries in <code>/home/user/.reaver/</code> and re-start Cleven for the links to be created.
==Key features==
==Key features==
Line 144: Line 157:
==Versions==
==Versions==
 +
<!--
 +
'''([http://maemo.org/packages/package_instance/view/fremantle_extras-devel_free_armel/cleven/2.4-8/ Development])'''===
 +
 +
'''([http://maemo.org/packages/package_instance/view/fremantle_extras-testing_free_armel/cleven/2.5-2/ Testing])'''
 +
-->
 +
 +
---------------------------------------------
 +
===4.1-1 '''([http://maemo.org/packages/package_instance/view/fremantle_extras-devel_free_armel/cleven/4.1-1/ Development])'''===
 +
NEW: Added dependency to the newly distributed reaver package.
 +
CHANGE: Removed earlier workaround code to copy and configure reaver binaries.
 +
CHANGE: Modified the postintall and postremove scripts to remove workarounds in the setup.
 +
CHANGE: Modified calls to execute reaver and wash binaries.
 +
NEW: Added Pali in the credits. Thanks.
 +
 
 +
INSTRUCTIONS:
 +
* To override the autodiscovery of the drivers location and use the default, create an empty file in /home/user/.cleven/skipKernelCheck
 +
* To skip the kernel check in the startup, create an empty file in /home/user/.cleven/skipVersionCheck
 +
 +
===3.3-1===
 +
CHANGE: Update of recommended kernel - KP51 is expected.
 +
CHANGE: Removed the dependency on the wlan drivers - KP51 comes with them.
 +
 +
INSTRUCTIONS:
 +
* To override the autodiscovery of the drivers location and use the default, create an empty file in /home/user/.cleven/skipKernelCheck
 +
* To skip the kernel check in the startup, create an empty file in /home/user/.cleven/skipVersionCheck
 +
 +
===3.2-1===
 +
NEW: Additions in the load.sh script for checking the new driver files existence before unloading the default ones.
 +
NEW: Addition of a check to skip the startup kernel check (and thus avoid error message for those with custom working setups).
 +
NEW: Addition of a check to skip the autodiscovery of kernel version (and set it manually).
 +
NEW: Added freemangordon in the about/thanks section of the application.
 +
 +
INSTRUCTIONS:
 +
* To override the autodiscovery of the drivers location and use the default, create an empty file in /home/user/.cleven/skipKernelCheck
 +
* To skip the kernel check in the startup, create an empty file in /home/user/.cleven/skipVersionCheck
 +
 +
===3.1-1===
 +
WARNING: This version will work only with Kernel-Power version 50 and above.
 +
CHANGE: Modified reaver to accept the spoofed mac address (contributor: Goran see: http://talk.maemo.org/showpost.php?p=1203232&postcount=592)
 +
 
 +
===3.0-1===
 +
WARNING: This version will work only with Kernel-Power version 50 and above.
 +
NEW: Added dependency to linux-backports-modules-power package.
 +
NEW: removed all binaries of the bleeding edge wireless drivers.
 +
CHANGE: Modified load.sh script for the new drivers selection.
 +
 +
===2.5-2 '''([http://maemo.org/downloads/product/Maemo5/cleven/ Stable])'''===
 +
 +
NEW: Added support for KP50.
 +
NEW: Include binaries of version 0.2 of the bleeding edge wireless drivers.
 +
CHANGE: Moved load.sh and unload.sh scripts to main folder.
 +
CHANGE: Modified load.sh to accept options for the driver selection.
 +
CHANGE: Updated the sudoers file for the new location of the load/unload scripts.
-
===2.4-8 '''([http://maemo.org/packages/package_instance/view/fremantle_extras-devel_free_armel/cleven/2.4-8/ Development])'''===
+
===2.4-8 ===
  CHANGE: Support for the latest wash (> r100) output file readout.
  CHANGE: Support for the latest wash (> r100) output file readout.
Line 263: Line 329:
  * Addition to store only IVs when in WEP capture (and save space).
  * Addition to store only IVs when in WEP capture (and save space).
-
===1.10-1 '''([http://maemo.org/downloads/product/Maemo5/cleven/ stable])''' ===
+
===1.10-1 '''Previous stable version''' ===
  * Workarournd for WAP authentication to accept spaces in network names.
  * Workarournd for WAP authentication to accept spaces in network names.

Latest revision as of 19:05, 20 August 2012

NOTE: This page is currently being updated to reflect the latest stable version. Some information here might be out of date.

--saturn 19:05, 20 August 2012 (UTC)


The Cleven application is a user interface to the aircrack-ng for the N900 device.

It provides the ability to easily configure the injection drivers, scan for surrounding stations, and, using injection and authentication or deauthentication, capture Identification Vector keys.

In addition, it provides interfaces to decrypt the captured files and manage the successful attacks.

It has been created with PyQT (PyQt v4.7.5 for Python v2.6) and the functionality is provided by Python.

Contents

[edit] Installation

The application can be installed directly by the Application Manager (HAM) from the Extras repositories (check here for its status).

[edit] Dependencies

[edit] Included

The application depends on:

  • python2.5
  • python2.5-qt4-gui
  • python2.5-qt4-core
  • python2.5-qt4-maemo5
  • aircrack-ng
  • macchanger
  • libpcap0.8

[edit] Expected

In order to load the bleeding edge drivers it expects a kernel that can support it. The application on startup checks and reports possible inability of correct function if one of the following power kernels (KP) are not used:

  • 46-wl1
  • 47
  • 48 (unconfirmed; same issues with the drivers have been reported)
  • 49
  • 50

Note: the version in extras-devel will check and expect KP51 or higher. Due to the large amount of changes in the latest KP series, the support of older versions has been dropped.

[edit] Suggested

The application optionally supports the Reaver and Wash implementations of the WPS attack.

Quote: Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in viehboeck_wps.pdf.

The following binaries need to be available for relevant options to become visible:

  • reaver
  • wash

(atm the support is for versions 1.4 as of reaver-wps; read also the release changelog for additional info).


INSTRUCTIONS for adding reaver and wash support in the application: Copy reaver, reaven.db and wash binaries in /home/user/.reaver/ and re-start Cleven for the links to be created.

[edit] Key features

  • Includes the injection drivers (courtesy of lxp; see here for more info and if you like it consider donating to him.).
  • Original MAC is stored and restored on drivers load/unload.
  • Handles correctly spaces and special characters in the Network names
  • The Network names are sorted by name (note: hidden APs are not supported/shown).
  • Decryption can be done for data captured over multiple sessions.
  • Successful decrypted keys are stored in a separate folder.
  • Supports Reaver and Walsh WPS attacks.

[edit] Usage

[edit] Startup Dialog

Starting the application shows a splash screen.

Application start-up

In the background, a check is been made if the kernel available supports the injection drivers. In the error case, a warning message is displayed for the incompatibility.

Kernel Error

After all checks and the loading completes the main window appears that provides all available options.

Application Main Window

[edit] Drivers Configuration Dialog

As soon as the application starts the System Configuration dialog is shown.

It is recommended to set the Internet Connection Setting to ASK so that the system does not try to connect while the system tries to use the monitor mode.

The next steps will be to load the injection drivers and enable the monitor mode.

The MAC address can be also changed to a random one or in the case of MAC filtering by the Access Point to an already connected by typing the value and pressing SET.

Note 1: The same configuration dialog can be accessed at the end of the session (i.e. from the Drop down menu) to revert the settings.

Note 2: The default system MAC address will be restored automatically when the drivers get unloaded.

[edit] Scan Window

[edit] Decryption Window

The "Decryption Window" sorts files alphabetically and by security type.

Using the "All Common" button it instructs the decryption to consider all files captured from the same network on different sessions.

When the WPA security type is chosen then also a button for selecting a dictionary appears.

Pressing this button a dialog appears that shows the dictionaries stored in
/home/user/.cleven/dictionaries
and allows the selection of the dictionary to be used for the decryption.


[edit] Deletion of files

From the Decryption window, pressing the menubar will provide the option to enable the "Deletion Mode". While in this mode, pressing the menubar again will give the opposite option, i.e. exit from the mode.

The "Deletion Mode" keeps the same appearance as the parent window and sorts files alphabetically and by security type.

Using the "All Common" button it is possible to delete all files captured from the same network.

[edit] Keys Management Window


[edit] About

In the about window one can find the version of the application running as well as buttons to connect to additional documentation (like all the rest of the windows it supports rotation).

[edit] Versions


[edit] 4.1-1 (Development)

NEW: Added dependency to the newly distributed reaver package.
CHANGE: Removed earlier workaround code to copy and configure reaver binaries.
CHANGE: Modified the postintall and postremove scripts to remove workarounds in the setup.
CHANGE: Modified calls to execute reaver and wash binaries.
NEW: Added Pali in the credits. Thanks.
 
INSTRUCTIONS:
* To override the autodiscovery of the drivers location and use the default, create an empty file in /home/user/.cleven/skipKernelCheck
* To skip the kernel check in the startup, create an empty file in /home/user/.cleven/skipVersionCheck

[edit] 3.3-1

CHANGE: Update of recommended kernel - KP51 is expected.
CHANGE: Removed the dependency on the wlan drivers - KP51 comes with them.

INSTRUCTIONS:
* To override the autodiscovery of the drivers location and use the default, create an empty file in /home/user/.cleven/skipKernelCheck
* To skip the kernel check in the startup, create an empty file in /home/user/.cleven/skipVersionCheck

[edit] 3.2-1

NEW: Additions in the load.sh script for checking the new driver files existence before unloading the default ones.
NEW: Addition of a check to skip the startup kernel check (and thus avoid error message for those with custom working setups).
NEW: Addition of a check to skip the autodiscovery of kernel version (and set it manually).
NEW: Added freemangordon in the about/thanks section of the application.

INSTRUCTIONS:
* To override the autodiscovery of the drivers location and use the default, create an empty file in /home/user/.cleven/skipKernelCheck
* To skip the kernel check in the startup, create an empty file in /home/user/.cleven/skipVersionCheck

[edit] 3.1-1

WARNING: This version will work only with Kernel-Power version 50 and above.
CHANGE: Modified reaver to accept the spoofed mac address (contributor: Goran see: http://talk.maemo.org/showpost.php?p=1203232&postcount=592)
 

[edit] 3.0-1

WARNING: This version will work only with Kernel-Power version 50 and above.
NEW: Added dependency to linux-backports-modules-power package.
NEW: removed all binaries of the bleeding edge wireless drivers.
CHANGE: Modified load.sh script for the new drivers selection.

[edit] 2.5-2 (Stable)

NEW: Added support for KP50.
NEW: Include binaries of version 0.2 of the bleeding edge wireless drivers.
CHANGE: Moved load.sh and unload.sh scripts to main folder.
CHANGE: Modified load.sh to accept options for the driver selection.
CHANGE: Updated the sudoers file for the new location of the load/unload scripts.

[edit] 2.4-8

CHANGE: Support for the latest wash (> r100) output file readout.
NEW: Added reaver option "--dh-small"; seems to help not overloading/crashing some AP too fast.
CHANGE: Removed reaver option "--essid"; avoid problem with special characters in the name.
CHANGE: Replaced reaver option "-vv" with the less verbose "-v".
CHANGE: Redone keys window; new logic:
 - Added "Delete" and "Copy" buttons, i.e. file remove and copy to clipboard.
 - Removed "Read Keys" button; action is triggered automatically.
NEW: Removed menu items; the About is accessible from the main window through a new button.
CHANGE: Modification of labels in the main window.
CHANGE: Modification of the About window text; added few words on reaver.
NEW: Added option and rules for the deletion of the "replay_arp" leftover files.
** INSTRUCTIONS for new features:
Add reaver, reaven.db and wash binaries in /home/user/.reaver/ and re-start Cleven for the links to be created.
This version of Cleven was designed to work with versions up to release r100 of reaver and wash.	

[edit] 2.4-7

FIX: Dialog with keys was closing too fast.
CHANGE: Removed channel option from the reaver call.
** INSTRUCTIONS for new features:
Add reaver, reaven.db and wash binaries in /home/user/.reaver/ and re-start Cleven for the links to be created.
This version of Cleven was designed to work with versions up to release r90 of reaver and wash.

[edit] 2.4-6

FIX: Authentication command mismatch between the UI and script.
FIX: Capture could fail in some cases if initiated from the WPS selection.
NEW: Added detection on AP names for the single and double quote characters as well as a few more symbols like brackets etc.
** INSTRUCTIONS for new features:
Add reaver, reaven.db and wash binaries in /home/user/.reaver/ and re-start Cleven for the links to be created.
This version of Cleven was designed to work with versions up to release r90 of reaver and wash.

[edit] 2.4-5

CHANGE:  Added logging for the Authentication and Capture command in /tmp/cleven.log
CHANGE:  Removed the -essid option from the authentication (credits: StefanL, g0r)
CHANGE:  Update for latest (r90) of reaven and wash; walsh has been deprecated.
NEW:     Added reaven.db support

[edit] 2.4-3

FIX: Further correction in the creation of the symbolic links for reaver and walsh.
FIX: walsh output file would persist; now it is removed explicitly after each scan.
CHANGE: Added build number in main and about windows.

** INSTRUCTIONS for new features:
Add reaver and walsh binaries in /home/user/.reaver/ and re-start Cleven for the links to be created.
This version of Cleven was designed to work with up to version 1.3 of reaver and walsh.

[edit] 2.4-2

FIX: Correction for missing symbolic links creation for reaver and walsh.
** INSTRUCTIONS for new features:
Add reaver and walsh binaries in /home/user/.reaver/ and re-start Cleven for the links to be created.

[edit] 2.4-1

** Merge with EXPERIMENTAL version of Cleven.
CHANGE: Removed wpscrack.py and related dependencies.
CHANGE: Removed connect_reaver.sh; not needed any more.
NEW: If during installation, upgrade or start up of the application it finds reaver and/or walsh in the folder /home/user/.reaver then it makes copies and links them with the program.
CHANGE: Added in the call for reaver option "-a"; it will restore previous session automatically.
CHANGE: Modification of the Capture UI.
NEW: Addition of a WPS button; the option will become available if walsh is operational, otherwise the option will be hidden.
NEW: If walsh is available it will be used to sort WPS compliant APs only;
NEW: If reaver is available and operational the option to test AP with will become visible.
** INSTRUCTIONS for new features:
Add reaver and walsh binaries in /home/user/.reaver/ and re-start Cleven for the links to be created.	

[edit] 2.2-1

NEW: Information on the power of an AP.
CHANGE: Modification in the main window (minor).
CHANGE: Update and cleanup of the debian install scripts.	

[edit] 2.1-4

* Added preinstall script to clean up old files.
* Fix in the start-up window.
* Modification in the main window to give better names to the buttons.
* Update in the disclaimer.

[edit] ...some version logs missing...

[edit] 2.1-1

* New Main window to provide faster and easier access to features.
* Modifications of classes to be called from the main window.
* Deprecation of "Delete captured files" menu option.
* Fix in the WPA deauthentication.
* Refactoring and code cleanup in multiple places.

Issues

* WPA deauthentication does not collect client's MAC.

[edit] 1.12-6

* Fix several regression issues introduced in version 1.12-5 due to mishandling of move and merge commands in SVN.

[edit] 1.12-5

* Fix in the filename manipulations (avoid errors when AP names include "-" characters). [patch from mikemorrison]
* improved the startup screen.
* fix in the About window.
* addition of kernel-power v49 as a valid configuration.

[edit] 1.11-2

* Fix (proper) for WAP authentication to accept spaces in network names.
* Addition to store only IVs when in WEP capture (and save space).

[edit] 1.10-1 Previous stable version

* Workarournd for WAP authentication to accept spaces in network names.

Issues

* WPA deauthentication does not collect client's MAC.

[edit] 1.9-1

* Fixed check for the compatible kernel versions.
* Redesign of the decryption window. Added new dialog and button for selecting the dictionary for the WPA decryption.	

Issues

* WAP authentication do not accept spaces in network names.
* WPA deauthentication does not collect client's MAC.

[edit] 1.8-2

* Fixed check for the compatible kernel versions.	

[edit] 1.8-1

* Added skip button for the intro page.
* Added check for compatible kernel version.	

[edit] 1.7-1

First public release...

Key dependencies and features:
* The package depends on aircrack-ng, macchanger and expects power kernel >= 46.
* Includes the injection drivers (courtesy of lxp)
* Original MAC is stored and restored on exit.
* Handles correctly spaces and special characters in the ESSID names
* The ESSID names are sorted and the hidden are not shown.
* Decryption can be done for data captured over multiple sessions.
* Successful decrypted keys are stored in a seperate folder.
* Management of captured files.

[edit] License

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 only.

[edit] Disclaimer

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Also, the application provided is to be used for educational purposes only. The application creator is in no way responsible for any misuse of the information provided. All of the information in this application is meant to help develop a hacker defence attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word "Hack" or "Hacking" should be regarded as "Ethical Hack" or "Ethical Hacking" respectively. You implement the information given at your own risk.